YoVDO

Windows 10 Segment Heap Internals

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Software Development Courses Algorithms Courses Data Structures Courses Memory Management Courses Windows 10 Courses Microsoft Edge Courses

Course Description

Overview

Explore the internals of Windows 10 Segment Heap in this 42-minute Black Hat conference talk by Mark Vincent Yason. Dive deep into the architecture, configuration, and security mechanisms of this native heap used in Windows app processes and Microsoft Edge. Learn about backend page range descriptors, variable size allocations, low fragmentation heap, and various security features like heap address randomization and guard pages. Gain insights into exploiting memory corruption vulnerabilities, demonstrated through a case study of the Microsoft WinRT PDF library (CVE-2016-0117). Understand the implications for reliable exploit development in Edge components and dependencies using Segment Heap.

Syllabus

Intro
Agenda: Windows 10 Segment Heap
Architecture
Configuration
Edge Content Process Heaps
Backend Page Range Descriptors Example
Backend Free Tree
Variable Size (VS) Allocation
VS Subsegment
VS Block Header
VS Free Tree
VS Allocation and Freeing
Low Fragmentation Heap (LFH)
LFH Buckets
LFH Affinity Slots
LFH Block Bitmap
LFH Allocation and Freeing
Internals: Summary
Heap Address Randomization
Guard Pages
Function Pointer Encoding
VS Block Sizes Encoding
LFH Allocation Randomization
WinRT PDF: PostScript Operand Stack
Free Blocks Coalescing
Case Study: Summary
Conclusion


Taught by

Black Hat

Related Courses

Information Theory
The Chinese University of Hong Kong via Coursera Intro to Computer Science
University of Virginia via Udacity Analytic Combinatorics, Part I
Princeton University via Coursera Algorithms, Part I
Princeton University via Coursera Divide and Conquer, Sorting and Searching, and Randomized Algorithms
Stanford University via Coursera