heap-exploitation
  • Preface
  • Author
  • Introduction
  • Heap Memory
  • Diving into glibc heap
    • malloc_chunk
    • malloc_state
    • Bins and Chunks
    • Internal Functions
    • Core Functions
    • Security Checks
  • Heap Exploitation
    • First Fit
    • Double Free
    • Forging chunks
    • Unlink Exploit
    • Shrinking Free Chunks
    • House of Spirit
    • House of Lore
    • House of Force
    • House of Einherjar
  • Secure Coding Guidelines
Powered by GitBook
On this page
  • Diving into glibc heap
  • Additional Resources

Was this helpful?

Diving into glibc heap

PreviousHeap MemoryNextmalloc_chunk

Last updated 4 years ago

Was this helpful?

Diving into glibc heap

In this section, implementation of glibc's heap management functions will be discussed in depth. The analysis was done on glibc's source code dated . The source is very well documented.

Apart from the source code, the matter presented is influenced by:

Before moving into the implementation, it is important to keep the following notes in mind:

  1. Instead of size_t, INTERNAL_SIZE_T is used internally (which by default is to size_t).

  2. Alignment is defined as 2 * (sizeof(size_t)).

  3. MORECORE is defined as the routine to call to obtain more memory. By default it is as sbrk.

Next, we shall study the different data types used internally, bins, chunks, and internals of the different functions used.

Additional Resources

  1. r2Con2016 Glibc Heap Analysis with radare2

27th March 2017
Understanding glibc malloc
Understanding the heap by breaking it
equal
defined
video