longld · lodi-g · May 7, 2017 · May 7, 2017 · May 7, 2017 · May 7, 2017
diff --git a/README.md b/README.md
@@ -12,6 +12,7 @@ PEDA - Python Exploit Development Assistance for GDB
   * `dumprop` -- Dump all ROP gadgets in specific memory range
   * `elfheader` -- Get headers information from debugged ELF file
   * `elfsymbol` -- Get non-debugging symbol information from an ELF file
+  * `heap` -- Print program's heap using less
   * `lookup` -- Search for all addresses/references to addresses which belong to a memory range
   * `patch` -- Patch memory start at an address with string/hexstring/int
   * `pattern` -- Generate, search, or write a cyclic pattern to memory

diff --git a/lib/utils.py b/lib/utils.py
@@ -244,6 +244,16 @@ def trim(docstring):
     # Return a single string:
     return '\n'.join(trimmed)
 
+def less(text):
+    """
+    Pipe output into less
+    """
+    from os import popen
+
+    pipe = popen("less -R", "w")
+    pipe.write(text)
+    pipe.close()
+
 def pager(text, pagesize=None):
     """
     Paging output, mimic external command less/more

diff --git a/peda.py b/peda.py
@@ -3146,6 +3146,30 @@ def help(self, *arg):
         return
     help.options = commands
 
+
+    def heap(self, *arg):
+        """
+        Prints the program's heap
+        Usage:
+            MYNAME
+        """
+
+        heap = peda.get_vmmap("[heap]")
+        if len(heap) != 1:
+            msg("No heap found.")
+            return
+
+        start = heap[0][0]
+        stop = heap[0][1]
+
+        msg("Heap goes from 0x%s to 0x%s." % (start, stop))
+        heap = peda.dumpmem(start, stop)
+
+        count = stop - start
+        self.hexdump(start, count, skip_zeroes=True)
+
+        return
+
     def pyhelp(self, *arg):
         """
         Wrapper for python built-in help
@@ -3357,7 +3381,7 @@ def hexprint(self, *arg):
 
         return
 
-    def hexdump(self, *arg):
+    def hexdump(self, *arg, skip_zeroes=False):
         """
         Display hex/ascii dump of data in memory
         Usage:
@@ -3387,16 +3411,24 @@ def ascii_char(ch):
             warning_msg("cannot retrieve memory content")
         else:
             linelen = 16 # display 16-bytes per line
-            i = 0
+            i = -1
             text = ""
+
             while bytes_:
                 buf = bytes_[:linelen]
+                i += 1
+                bytes_ = bytes_[linelen:]
+
+                if skip_zeroes and list(buf) == [0] * 16:
+                    if text[-2:] != "*\n": text += "*\n"
+                    continue
+
                 hexbytes = " ".join(["%02x" % ord(c) for c in bytes_iterator(buf)])
                 asciibytes = "".join([ascii_char(c) for c in bytes_iterator(buf)])
+
                 text += '%s : %s  %s\n' % (blue(to_address(address+i*linelen)), hexbytes.ljust(linelen*3), asciibytes)
-                bytes_ = bytes_[linelen:]
-                i += 1
-            pager(text)
+
+            less(text)
 
         return