Hi all,
just a quick question, Which is the fast way to recognize an heap overflow?, sorry for the noob question but i have some trouble to recognize if a buffer overflow is heap based or stack based.
To simplify.. What i should check with Immunity/olly debugger to recognize if a bof is heap or stack based?
BlowFrank
thanks

I can't answer the question, but I'll take the opportunity to post this, a lot of good links about the heap and heap exploits in general:

http://malwarereversing.wordpress.com/2011/05/15/heap-homework/

Kayaker

ehm ok,
probably if an application break (EIP) each time on ntdll.dll it should be heap based, but probably there are other cases.
someone has other suggestions?
thanks

Generally people will catch heap corruption within a 'fuzzing' situation of feeding mangled inputs into the program hoping to uncover heap corruption. There is a windows process gflags.exe that will allow you to monitor heap corruption on a per process level. Advanced Windows Debugging book also has an entire chapter dedicated to heaps (Chapter 6) I believe. If gflags is on (full options) and a heap goes out of it's bound it immediately raises an exception and produces a dump file.

Very very useful!!!, thanks a lot digdugg..