# Preface

This short book is written for people who want to understand the internals of 'heap memory', particularly the implementation of glibc's 'malloc' and 'free' procedures, and also for security researchers who want to get started in the field of heap exploitation.

The first section of the book covers an in-depth, yet concise, description about heap internals. The second section covers some of the most famous attacks. It is assumed that the reader is unfamiliar with this topic. For experienced readers, this text might be good for a quick revision.

* This is not the final version and will keep on updating. For contributing see [this](https://github.com/DhavalKapil/heap-exploitation/blob/master/CONTRIBUTING.md).
* The source code for the book can be found on [GitHub](https://github.com/DhavalKapil/heap-exploitation).
* The canonical URL for the book is <https://heap-exploitation.dhavalkapil.com>.
* You can subscribe for updates on [the book website](https://www.gitbook.com/book/dhavalkapil/heap-exploitation/details).

[Read for free online](https://heap-exploitation.dhavalkapil.com/) (recommended) or download the [PDF](https://www.gitbook.com/download/pdf/book/dhavalkapil/heap-exploitation) or [ePUB](https://www.gitbook.com/download/epub/book/dhavalkapil/heap-exploitation) or [Mobi/Kindle](https://www.gitbook.com/download/mobi/book/dhavalkapil/heap-exploitation) editions.

### Citing heap-exploitation

If you use this book in your research, please use the following BibTex entry:

```
@software{dhaval_kapil_2022_6450612,
  author       = {Dhaval Kapil},
  title        = {DhavalKapil/heap-exploitation},
  month        = apr,
  year         = 2022,
  publisher    = {Zenodo},
  version      = {v1.0.0},
  doi          = {10.5281/zenodo.6450612},
  url          = {https://doi.org/10.5281/zenodo.6450612}
}
```

[![Creative Commons License](https://i.creativecommons.org/l/by-sa/4.0/88x31.png)](http://creativecommons.org/licenses/by-sa/4.0/)

This work is licensed under a [Creative Commons Attribution-ShareAlike 4.0 International License](http://creativecommons.org/licenses/by-sa/4.0/).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://heap-exploitation.dhavalkapil.com/readme.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.