By Chris Valasek @nudehaberdasher
The zip file contains:
- heapLib2_test.html => Example usage of some of the functionality that is available in heapLib2
- html_spray.html => An example of a file created with html_spray.py
- get_elements.py => An IDA Python script that will retrieve information about each DOM element with regards to memory allocation in Internet Explorer. Use this Python script when reversing mshtml.dll. Yes, this is really bad. I’m no good at IDAPython. Make sure to check the ‘start_addr’ and ‘end_addr’ variables in the .py file. If you are having trouble finding the right address do a text search in IDA for “<APPLET>” and follow the cross reference. You should see similar data structure listings for HTML tags. The ‘start_addr’ should be the address above the reference to the string “A” (anchor tag).
- demangler.py => Certainly the worst C++ name demangler you’ll ever see.
If anyone would like my IDBs or poorly taken notes, just let me know and I’ll send them off. With all that said, I hope at least one person enjoys the library: http://illmatics.com/heapLib2.zip
I’d love feedback, comments, suggestions, etc. If you use this library, feel free to buy me a beer if and when you see me .