11 repository-uri
Tools specifically designed to visualize and analyze memory allocation metadata for different heap allocators.
Distinguishing note: Candidates refer to the data structure (heap) or the allocator itself, not the analysis tool for those allocators.
Explore 11 awesome GitHub repositories matching operating systems & systems programming · Heap Analyzers. Refine with filters or upvote what's useful.
Matrix is a suite of mobile application performance management and analysis tools. It provides a plugin-based monitoring system for capturing crashes, lags, and memory leaks, alongside a static binary auditor for reducing installation package size and a bytecode instrumentation tool for performance tracking. The project distinguishes itself through native memory debugging and a SQLite query linter that identifies inefficient database patterns. It employs native interception techniques to detect memory leaks and heap corruption without requiring source code recompilation, and uses a custom run
Identifies heap memory access overlaps, use-after-free, and double-free issues using memory sanitizers.
pwndbg is a GDB plugin and binary analysis framework designed for reverse engineering, exploit development, and low-level program analysis. It extends the core functionality of the debugger to provide advanced memory inspection and automation tools. The project distinguishes itself with specialized capabilities for heap analysis across glibc, jemalloc, and musl, as well as a comprehensive kernel debugging toolkit for inspecting Linux kernel tasks and slab allocators. It includes an integrated ROP gadget searcher for constructing exploit chains and an LLM-powered debugging assistant that provi
Detects double frees and use-after-free vulnerabilities by monitoring the GLibc heap.
gperftools is a collection of specialized tools for profiling CPU usage, detecting memory errors, and providing high-performance memory allocation. It provides a memory profiling toolkit for C++ applications, including a sampling CPU profiler and a heap profiler for analyzing consumption patterns. The project includes a high-performance memory allocator designed as a multi-threaded replacement for standard allocation to reduce contention and improve execution speed. It further provides a memory debugger to identify illegal memory access and double frees. The toolkit covers broad diagnostic c
Provides a tool that tracks memory allocations to identify leaks and analyze heap consumption patterns.
how2heap is an educational resource and technical testbed for learning heap-based vulnerabilities and memory allocator internals. It provides a collection of source code examples and binaries that serve as a laboratory for studying memory corruption techniques specifically targeting the glibc malloc implementation. The project focuses on the development of exploit primitives, such as tcache poisoning and double frees, to redirect program execution. It includes a suite of implementations for bypassing memory protections and manipulating heap metadata to achieve arbitrary memory writes. The fr
Implements practical techniques for bypassing memory protections and manipulating heap metadata for arbitrary writes.
GEF is a Python-based extension for GDB that serves as a framework for binary analysis, exploit development, and low-level debugging. It functions as a dynamic analysis extension designed to assist in reverse engineering workflows and malware analysis by enhancing the debugger's ability to inspect process state and memory. The project is distinguished by its specialized heap analysis tools, which allow for the inspection of glibc heap arenas, bins, and chunks to detect memory corruption. It also provides a dedicated toolkit for exploit development, including cyclic pattern generation for offs
Tracks memory allocations and frees to detect double-frees and heap overlap corruption.
SpringBootVulExploit este o colecție de instrumente de scanare și audit concepute pentru a identifica vulnerabilități, scurgeri de informații și vectori de execuție în cadrul framework-urilor de aplicații Java, vizând în mod specific aplicațiile Spring Boot. Oferă o suită de tehnici de exploatare, payload-uri și liste de verificare de securitate pentru efectuarea analizei de vulnerabilități. Proiectul oferă capabilități pentru declanșarea execuției de cod la distanță (RCE) prin vectori de injecție, payload-uri de deserializare și fișiere de configurare malițioase. Include un scanner pentru detectarea variabilelor de mediu expuse și a detaliilor de rutare internă cauzate de endpoint-uri configurate greșit, precum și metode pentru extragerea datelor sensibile și a secretelor în text clar prin analiza heap dump-urilor. Setul de instrumente suportă evaluări de securitate de tip black-box și analiza vulnerabilităților framework-ului, inclusiv maparea versiunilor de dependențe pentru a identifica ferestrele potențiale de vulnerabilitate.
Extracts plaintext passwords and secrets by inspecting the raw memory state of a running Java virtual machine.
This is an open-source, crowd-sourced wiki textbook that teaches Linux system programming in C. It covers the core operating system concepts of process management through the fork-exec-wait model, dynamic memory allocation using implicit free list heap allocators, inode-based file systems, inter-process communication via pipes and shared memory, POSIX threads with synchronization primitives, signal-based asynchronous notification, virtual memory with page table translation, and runtime diagnostics using Valgrind and GDB. The textbook distinguishes itself by providing practical, implementation
Covers double-free prevention as part of heap corruption detection and safe memory practices.
Perfetto is a platform for system-level performance tracing and analysis on Linux and Android. It combines a high-throughput trace recorder, a SQL-based query engine, and a browser-based visualizer into a single toolchain. The platform covers CPU scheduling and call-stack profiling, native and Java heap memory allocation tracking, GPU and graphics events, and system-wide counters such as CPU frequency and power consumption. The architecture decouples trace recording from offline analysis, using a compact protobuf format for event encoding and columnar storage for efficient SQL queries. The we
Captures snapshots of the Java object graph to analyze object references and memory usage.
This project is an Android bootloader unlock tool designed to bypass account binding restrictions on devices running Xiaomi HyperOS. It functions as an exploit that circumvents the community account requirements typically necessary to unlock the bootloader. The tool serves as a prerequisite for device rooting and system modification. By removing manufacturer bootloader locks, it enables the installation of custom recoveries, kernels, and modified operating systems. The project achieves these results through vulnerability-based account bypass and memory-corruption exploits to intercept the ve
Utilizes memory-corruption primitives to trigger an unplanned state that skips boot-time validation checks.
LoadLibrary is a binary instrumentation framework that loads and executes Windows PE/COFF DLLs natively within Linux processes. It provides a cross-platform binary execution layer that maps Windows portable executable files into Linux memory, resolving imports and relocations so that exported functions can be called as if they were native Linux library routines. The framework enables runtime interception and modification of Windows DLL function behavior, including redirecting API calls to Linux-native implementations through a binary patching hook engine. It includes a code coverage auditor t
Runs loaded Windows DLLs under ASAN and Valgrind to detect heap overflows, use-after-free, and memory corruption bugs.
Meltdown este un set de utilitare software concepute pentru a ocoli randomizarea adreselor de kernel și a face dump la memoria fizică pentru a exploata vulnerabilități de securitate la nivel hardware. Servește drept dovadă de concept pentru vulnerabilitatea hardware Meltdown, permițând citirea memoriei protejate a kernel-ului pe procesoarele afectate. Instrumentul oferă capabilități pentru a identifica offset-ul secret de randomizare al hărții fizice directe pentru a localiza memoria kernel-ului. De asemenea, include funcționalitatea de a exporta segmente mari de memorie fizică în format hexdump pentru recuperarea șirurilor și parolelor sensibile. Proiectul acoperă analiza memoriei prin calcularea offset-ului de kernel și scurgerea memoriei fizice. Include, de asemenea, capacitatea de a măsura acuratețea și consistența datelor scurse din memoria fizică pentru a verifica fiabilitatea vulnerabilității hardware.
Provides capabilities to identify secret randomization offsets of the direct physical map to locate kernel memory.