Questions tagged [heap]
The heap tag has no usage guidance.
19
questions
2
votes
0
answers
39
views
Please help with striped binary reverse
Not so long ago I was engaged in reverse and pwn, I came across such a task
This is a normal task with a vulnerability on the heap, but it is striped and I don’t understand where which functions are
I ...
5
votes
1
answer
181
views
Check if libc.so use tcache
I have ARM libc.so (GLIBC), How can I check if that libc.so used tcache, and what is the value of arena_max?
Can I check that information offline?
1
vote
1
answer
3k
views
How can I find out the size of heap allocations?
While I debug with GDB I see the address of a buffer that's located on the heap.
How can I know what is the size of this buffer? Or where (in the code) this buffer was originally allocated?
When I ...
2
votes
0
answers
89
views
How to find and read specific value in memory of running wine application?
How can I find and read specific values in memory of running WINE application?
I am experimenting with text editors, writing some string and trying to find it in the heap memory and changing it using ...
0
votes
0
answers
130
views
I found an arbitrary free, (free(<abitrary address>)), managed to locate a candidate address I wish to free, how do I proceed from here?
While doing my first code auditing as a novice vulnerability resarchers I managed to stumble upon
my first free() in my target.
I managed to find a candiate location where I can control this value and ...
1
vote
0
answers
131
views
How do I find Python data structures in Linux process memory using Volatility?
I have a Ubuntu 18.04 memory dump (entire RAM), and while I was acquiring it with LiME, I had a Python program running. Using Volatility, I want to recover its data structure values which are located ...
2
votes
2
answers
190
views
Modern methods of fuzzing/locating heap bugs and potential vulnerabilites
really glad I found this great learning resource.
I was wondering, is there any way to fuzz or automate heap vulnerability assesment? I know a lot of practical frameworks for stack based fuzzing in ...
1
vote
1
answer
408
views
Find out if address store in heap or stack
While dynamic debugging with ida and gdb-server on binary file running on linux , I saw address that store some value.
How can I know if this address allocated in stack or in heap?
2
votes
1
answer
2k
views
Explanation of heap shaping technique and how it is different from heap spraying
Recent RDP vulnerability and exploits have mentioned the use of heap shaping technique.
Can anyone please explain in details what is actually involved in using this tactic.
Thanks
1
vote
2
answers
845
views
How to identify if buffer allocate on stack or heap?
When I looking on Ida with static analyze I see that buffer pass to function/ function fill data in buffer.
How can I know if this buffer allocate in stack/ heap?
4
votes
1
answer
1k
views
Heap Chunk Structure Does Not Contain Previous Section Info
I'm reading Shellcoder's Handbook to learn more about exploitation and overflows. I reached the chapter on Heap Overflows. The book mentions that a heap is split into chunks where each chunk contains ...
1
vote
0
answers
212
views
Challenges to learn jemalloc exploitation on FreeBSD [closed]
I'm studying this phrack article: http://www.phrack.org/issues/68/10.html
Very interesting but the only valid way to be confident with an exploitation technique is an hands-on.
I'm searching for ...
2
votes
1
answer
2k
views
How can I see the heap data in ollydbg?
I have a C compiled binary that allocates an array of chars into the heap via HeapAlloc().
I would like to be able to see the allocated dynamic array in the heap using Ollydbg to be able to trace it ...
9
votes
1
answer
1k
views
Split view radare2 print heap
I recently start to use radare2 and I have a question
How can I print info about the heap with dmhb dmhf etc. while debugging ?
I would like to have the heap informations on the right and the ...
1
vote
0
answers
148
views
Using the AND operator to find a heap allocation size, Fermin's formula
I came across this technique, leveraging the HPA feature (Heap Page Allocator, known as PageHeap) in gflags from Windows debugging tools, to find the size of a heap allocation:
Lets say you have ...