reverse instances shows that heap walker is buggy

trolldbois / python-haystack

Process heap analysis framework - Windows/Linux - record type inference and forensics

http://trolldbois.blogspot.com/search?q=python-haystack

GNU General Public License v3.0

94 stars 33 forks source link

reverse instances shows that heap walker is buggy #15

Closed trolldbois closed 8 years ago

trolldbois commented 8 years ago

zeus/vmem 856, on reverse instances all heaps.

File "/home/other/Compil/python-haystack/haystack/structures/win32/winheapwalker.py", line 55, in _set_chunk_lists myset = set([(addr + sublen, size - sublen) for addr, size in lst]) TypeError: 'struct__HEAP_VIRTUAL_ALLOC_ENTRY' object is not iterable