Dailydave mailing list archives
Understanding Windows Heap Overflows
From: Matt Conover <mconover () gmail com>
Date: Thu, 6 Oct 2005 22:47:37 -0700
Hi All, Ok I tried twice to send a reply about this Windows heap discussion! First it was bounced because I sent it an from an account not subscribed. Then because the message exceeded the 40KB limit. So now, I give up :) I just put my message here: http://www.cybertech.net/~sh0ksh0k/heap.txt I included the code I was originally using to do all of our heap exploitation testing in for our CanSecWest 2004 presentation. I don't think it was publicly released previously... at least I have no memory of it. But I thought by now someone would have written a really nice comprehensive paper on Windows heap exploitation... but to my surprise no one has yet :( I forget who said it, but someone in this thread called it the "Conover coalescing technique".... while I'm flattered of course, it's inaccurate. This technique was co-authored with Oded Horovitz. Oded is the one that originally taught me all his cool Windows tricks, so nothing would have been possible without his involvement. Speaking of Oded... he is a recent father, send him some greets and congrats :) Matt
Current thread:
- Re: Understanding Windows Heap Overflows, (continued)
- Message not available
- Re: Understanding Windows Heap Overflows pbb (Oct 04)
- Re: Understanding Windows Heap Overflows Dave Aitel (Oct 04)
- Re: Understanding Windows Heap Overflows pbb (Oct 04)
- RE: Understanding Windows Heap Overflows Brett Moore (Oct 04)
- RE: Understanding Windows Heap Overflows Ben Nagy (Oct 04)
- Re: Understanding Windows Heap Overflows pbb (Oct 05)
- RE: Understanding Windows Heap Overflows Brett Moore (Oct 05)
- Message not available
- RE: Understanding Windows Heap Overflows Dave Korn (Oct 19)
- Re: Understanding Windows Heap Overflows Matt Conover (Oct 19)
- RE: Understanding Windows Heap Overflows Dave Korn (Oct 20)
- Re: Understanding Windows Heap Overflows pbb (Oct 07)
- Re: Understanding Windows Heap Overflows Matt Conover (Oct 07)
- Re: Understanding Windows Heap Overflows Nicolas Waisman (Oct 07)
- Re: Understanding Windows Heap Overflows Dave Aitel (Oct 07)