{"id":13538776,"url":"https://github.com/wapiflapi/villoc","last_synced_at":"2026-01-23T11:58:41.698Z","repository":{"id":30652494,"uuid":"34208124","full_name":"wapiflapi/villoc","owner":"wapiflapi","description":"Visualization of heap operations. ","archived":false,"fork":false,"pushed_at":"2024-12-05T10:57:58.000Z","size":52,"stargazers_count":607,"open_issues_count":5,"forks_count":71,"subscribers_count":32,"default_branch":"master","last_synced_at":"2025-04-02T05:44:12.691Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wapiflapi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-04-19T13:41:10.000Z","updated_at":"2025-03-28T19:44:42.000Z","dependencies_parsed_at":"2025-04-02T05:31:54.937Z","dependency_job_id":"29ecfd9c-823d-41d3-9edc-06eb30fe0541","html_url":"https://github.com/wapiflapi/villoc","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/wapiflapi/villoc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wapiflapi%2Fvilloc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wapiflapi%2Fvilloc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wapiflapi%2Fvilloc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wapiflapi%2Fvilloc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wapiflapi","download_url":"https://codeload.github.com/wapiflapi/villoc/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wapiflapi%2Fvilloc/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28690611,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-23T11:01:27.039Z","status":"ssl_error","status_checked_at":"2026-01-23T11:00:26.909Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T09:01:15.862Z","updated_at":"2026-01-23T11:58:41.683Z","avatar_url":"https://github.com/wapiflapi.png","language":"Python","readme":"# Villoc\n\nVilloc is a heap visualisation tool, it's a python script that renders a static\nhtml file. An example can be seen here: http://wapiflapi.github.io/villoc/, this\nis villoc running on an exploit of PlaidCTF 2015's challenge PlaidDB.\n\n## How to\n\nThe easiest way to use villoc is probably to run the following command and open\nout.html in a browser.\n\n```shell\nltrace ./target |\u0026 villoc.py - out.html;\n```\n\nIt is probably a good idea to disable ASLR for repeatable results and to use a\nfile to pass the ltrace to villoc because otherwise the target's error output\nwill be interleaved and might confuse villoc sometimes.\n\n```shell\nsetarch x86_64 -R ltrace -o trace ./target; villoc.py trace out.html;\n```\n\n## Using DynamoRIO\n\nThe problem with ltrace is that it doesn't track calls to malloc from\nother libraries or from within libc itself.\n\nPlease check https://github.com/wapiflapi/villoc/tree/master/tracers/dynamorio\nfor (easy!) instructions for using a DynamoRIO tool to achieve full tracing.\n\n\n## Annotations\n\nVilloc's input should look like ltrace's output, other tracers should output\ncompatible logs. Villoc also listens to annotations of the following form:\n\n``` text\n@villoc(comma separated annotations) = \u003cvoid\u003e`\n```\n\nWhen using this it's possible to mark certain block as being significant which\nmakes analyzing villoc's output that much easier.\n\n### Annotations from C code through DynamoRIO.\n\nWhen using the dynamorio tracer there is a hack to easily inject annotations\nfrom a target's source code:\n\n``` C\nsscanf(\"Format string %d %d, FOO %s\", \"@villoc\", 1, 2, \"BAR\");\n```\n\nWill inject `Format string 1 2` into villoc's log and add the `FOO`\nand `BAR` tags to the block affected by the next memory operation.\n\n![image](https://pbs.twimg.com/media/DxnUnRzWwAU4kcD?format=jpg\u0026name=large)\n\n\n## Which malloc\n\nThis has been made with glibc's dl_malloc in mind. But it should work for other\nimplementations, especially if you play with the `--header` and `--footer`\noptions to indicate how much overhead the targeted malloc adds to the user data.\n","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","Python","Secure Programming"],"sub_categories":["\u003ca id=\"605b1b2b6eeb5138cb4bc273a30b28a5\"\u003e\u003c/a\u003e漏洞开发","Tokens"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwapiflapi%2Fvilloc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwapiflapi%2Fvilloc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwapiflapi%2Fvilloc/lists"}