The Heap

Alright what are our goals?

Healthy Heap Goals:

• Let's understand dynamic memory (you know memory for when the compiler can't predict your needs)
• malloc and free
• How to recycle memory
• How to avoid defragmentation
• Singly Linked Lists (called fast bins and tcache bins in this class)
• Doubly Linked Lists (called unsorted bins, small bins, and large bins)
• What's the main_arena?

Hacker Goals:

• Generate a memory leak (from the heap segment and from glibc)
• Trick the recyclers into giving you an address you provided (a write-what-where)
• Taking control of the intruction pointer (old targets: GOT, the stack; new targets: free_hook, malloc_hook, FSOP)

Watching the Heap Grow and Shrink

AKA: pwndbg

https://github.com/pwndbg/pwndbg should be available in your pwndockers but in the other environments you'll need to install it.

OK let's just make a program to call malloc and free and see what happens.

Inspecting the heap with vis bins and heap. 1) Let's write a program, 2) Let's use gdb with pwndbg and 3) Let's start and step through.

Now let's look at a typical CTF style Heap setup:

This sort of state-machine menu is classic CTF exploit stuff, and is actually surprisingly easy to inspect/debug/work with.