Random Tidbits…
I seem to have a number of links open across the top of my browser that I had wanted to blog about. Since I didn't have time (I did manage to see 6 movies this weekend though) here's brief mentions with links to each.
First up is a tool from Nirsoft, called HeapMemView (via Grand Stream Dreams) which is a 'process heap memory viewer'. You fire up the tool, select the process and it dumps the memory. There's one version for 2K, XP, 2K3 and Vista and a second for Vista x64. It's not a bad little tool, it allows for a data preview (Hex or ASCII) and will dump the results to an nicely formatted HTML chart.
Up next is an interesting post from BillP over at Bits From Bill. He mentions a number of cases where DUI defendants have managed to win their court cases by requesting the source code for the breathalyzer. It's an interesting concept and I'd be interested to see if it's been attempted in countries outside the US that use the same tools.
The next is possibly the most interesting (via Vital Security). It seems that a number of websites are now blocking access to Firefox because the Ad Block Plus plugin is supported by Mozilla. It just goes to show you that some people are more concerned with making a buck than providing content. I've had the discussion before on people that plaster their websites and RSS feeds with ads, well this is taking it to a whole new level.
Lastly, Nmap 4.22 SOC 5 has been released. After some issues with Umit for Windows missing, a new package was put out. As this latest version isn't on the Nmap download page just yet, here are the links to grab it.
http://download.insecure.org/nmap/dist/nmap-4.22SOC5.tar.bz2
http://download.insecure.org/nmap/dist/nmap-4.22SOC5-setup.exe
http://download.insecure.org/nmap/dist/nmap-4.22SOC5-win32.zip
http://download.insecure.org/nmap/dist/nmap-4.22SOC5-1.src.rpm
http://download.insecure.org/nmap/dist/nmap-4.22SOC5-1.i386.rpm
http://download.insecure.org/nmap/dist/nmap-frontend-4.22SOC5-1.i386.rpm
http://download.insecure.org/nmap/dist/nmap-4.22SOC5-1.x86_64.rpm
http://download.insecure.org/nmap/dist/nmap-frontend-4.22SOC5-1.x86_64.rpm
http://download.insecure.org/nmap/dist/nmap-4.22SOC5.tgz
That's all... just some tidbits I wanted to share.
An even better solution to view the memory of a given process is a hex editor like HxD (free – http://mh-nexus.de/hxd/) or WinHex
@Cd-MaN
There are plenty of hex editors that view memory (Hackman is another one)… I like this software for it’s easy of use. You can drop it on a memory key and launch it on any computer, you can also very quickly dump the HTML chart which is very easy to follow along…