heap-exploitation
  • Preface
  • Author
  • Introduction
  • Heap Memory
  • Diving into glibc heap
    • malloc_chunk
    • malloc_state
    • Bins and Chunks
    • Internal Functions
    • Core Functions
    • Security Checks
  • Heap Exploitation
    • First Fit
    • Double Free
    • Forging chunks
    • Unlink Exploit
    • Shrinking Free Chunks
    • House of Spirit
    • House of Lore
    • House of Force
    • House of Einherjar
  • Secure Coding Guidelines
Powered by GitBook
On this page

Was this helpful?

Last updated 2 years ago

This short book is written for people who want to understand the internals of 'heap memory', particularly the implementation of glibc's 'malloc' and 'free' procedures, and also for security researchers who want to get started in the field of heap exploitation.

The first section of the book covers an in-depth, yet concise, description about heap internals. The second section covers some of the most famous attacks. It is assumed that the reader is unfamiliar with this topic. For experienced readers, this text might be good for a quick revision.

  • This is not the final version and will keep on updating. For contributing see .

  • The source code for the book can be found on .

  • The canonical URL for the book is .

  • You can subscribe for updates on .

(recommended) or download the or or editions.

Citing heap-exploitation

If you use this book in your research, please use the following BibTex entry:

This work is licensed under a .

this
GitHub
https://heap-exploitation.dhavalkapil.com
the book website
Read for free online
PDF
ePUB
Mobi/Kindle
@software{dhaval_kapil_2022_6450612,
  author       = {Dhaval Kapil},
  title        = {DhavalKapil/heap-exploitation},
  month        = apr,
  year         = 2022,
  publisher    = {Zenodo},
  version      = {v1.0.0},
  doi          = {10.5281/zenodo.6450612},
  url          = {https://doi.org/10.5281/zenodo.6450612}
}
Creative Commons Attribution-ShareAlike 4.0 International License
NextAuthor

Preface

Creative Commons License