|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Dailydave] Understanding Windows Heap Overflows
From: Matt Conover (mconover
gmail.com)
Date: Fri Oct 07 2005 - 00:47:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi All,
Ok I tried twice to send a reply about this Windows heap discussion! First
it was bounced because I sent it an from an account not subscribed. Then
because the message exceeded the 40KB limit. So now, I give up :) I just put
my message here:
http://www.cybertech.net/~sh0ksh0k/heap.txt
I included the code I was originally using to do all of our heap
exploitation testing in for our CanSecWest 2004 presentation. I don't think
it was publicly released previously... at
least I have no memory of it. But I thought by now someone would have
written a really nice comprehensive paper on Windows heap exploitation...
but to my surprise no one has yet :(
I forget who said it, but someone in this thread called it the "Conover
coalescing technique".... while I'm flattered of course, it's inaccurate.
This technique was co-authored with Oded Horovitz. Oded is the one that
originally taught me all his cool Windows tricks, so nothing would have been
possible without his involvement.
Speaking of Oded... he is a recent father, send him some greets and congrats
:)
Matt
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]