Heap Overflow Exploits
As you recall from Chapter 6, the heap is an area of process memory that is allocated dynamically by request of the application. This is a key difference from other areas of memory, which are allocated by the kernel. On most systems, the heap grows from lower memory to higher memory, and is comprised of free and allocated chunks of contiguous memory as illustrated in Figure 8-2. The uppermost memory location is called the wilderness and is always free. The wilderness is the only chunk that can get bigger as needed. The fundamental rule of the heap is that no two adjacent chunks can be free.
As is seen in Figure 8-2, two adjacent chunks can be allocated and hold data. If a buffer overflow exists and the first chunk (lower) ...
Get Gray Hat Hacking, Second Edition, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
