Don't like this style? Click here to change it! blue.css
Welcome .... Click here to logout
Alright what are our goals?
Healthy Heap Goals:
- Let's understand dynamic memory (you know memory for when the compiler can't predict your needs)
- How to recycle memory
- How to avoid defragmentation
- Singly Linked Lists (called fast bins and tcache bins in this class)
- Doubly Linked Lists (called unsorted bins, small bins, and large bins)
- What's the
- Generate a memory leak (from the heap segment and from glibc)
- Trick the recyclers into giving you an address you provided (a write-what-where)
- Taking control of the intruction pointer (old targets: GOT, the stack; new targets: free_hook, malloc_hook, FSOP)
Watching the Heap Grow and Shrink
https://github.com/pwndbg/pwndbg should be available in your pwndockers but
in the other environments you'll need to install it.
OK let's just make a program to call
free and see what happens.
Inspecting the heap with
heap. 1) Let's write a program, 2) Let's use
gdb with pwndbg and 3) Let's
start and step through.
Now let's look at a typical CTF style Heap setup:
This sort of state-machine menu is classic CTF exploit stuff, and is actually surprisingly easy to inspect/debug/work with.