Rendered at 18:22:31 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
dreamcompiler 1 days ago [-]
Why does the Windows heap obfuscate heap headers with that XOR stuff? If it's to try to keep malware from walking the heap it's obviously not very effective.
db48x 15 hours ago [-]
It’s not to keep malware from walking the heap, it’s just a simple protection against simple buffer overflow attacks. If a process running on your computer has a fixed–sized buffer allocated on the heap and I send too much data to fit in the buffer then part of what I send will overwrite whatever comes after that buffer in memory. Well, that means that it will overwrite the heap header objects that windows uses for memory management too. That can be an important step in exploiting the overflow bug.
But Windows picks a random number for each heap and XORs the heap header with it. This means that every time you run the program the headers have to be XORd with a different random number before Windows can understand them. I have no way of predicting what that number is, so the malicious data that I send won’t be XORd with the right number to fool Windows.
not_a9 21 hours ago [-]
Presumably for much the same reason glibc has all the heap protections?
pwdisswordfishq 1 days ago [-]
Way to make clickbait titles.
db48x 15 hours ago [-]
The title seems to describe exactly what the video is about. What made it seem like clickbait to you?
Luc 1 days ago [-]
“This video is restricted. Please check the Google Workspace administrator and/or the network administrator restrictions”
pitched 1 days ago [-]
No restricted for me, either on or off VPN. This might actually be an account issue on your side? Maybe a work account?
But Windows picks a random number for each heap and XORs the heap header with it. This means that every time you run the program the headers have to be XORd with a different random number before Windows can understand them. I have no way of predicting what that number is, so the malicious data that I send won’t be XORd with the right number to fool Windows.