Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Heap analysis #1785

Draft
wants to merge 181 commits into
base: dev
Choose a base branch
from
Draft

Heap analysis #1785

wants to merge 181 commits into from

Conversation

zer1t0
Copy link

@zer1t0 zer1t0 commented Feb 6, 2021
edited

heap module

This pull request includes:

  1. A MemoryMaps class (in pwnlib/util/proc) that allows to parse the memory
    maps of a process (/proc//maps)

  2. A heap module (in pwnlib/heap/) that allows to get the information of the arena.

The heap module includes:

  • The HeapExplorer class, that it is the main interface that
    allows to invoke the functionality of the rest of the module.

  • The malloc_state submodule to parse and obtain info from the malloc_state
    structure.

  • The heap submodule to get the info about the heaps of the process.

  • The bins submodule that allows to parse and manage the information about
    the bins of the arena. In includes modules/classes for each bin type:

    • Tcache
    • Fast bins
    • Unsorted bin
    • Small bins
    • Large bins

  • The arena submodule, that contains the Arena class that storages all the
    information about the arena: heap, malloc_state, and bins.

  • The ProcessInformer (heap/process_informer) class to obtain information
    about the process. Maybe its functionality should be provide by another module
    of pwntools.

Each class contains doc tests that provides examples of its use.

zer1t0 and others added 30 commits December 30, 2019 02:16
@zer1t0
added MemoryMap classes to util.proc
1c83fbb
@zer1t0
added maps method to process
3beff0d
@zer1t0
changed path access from process to MemoryAccess through proc module
5c434d0
@zer1t0
fixed test in process.maps with uncommon binary path
88fbc55
@zer1t0
added MemoryMaps instead of list of MemoryMap
18a689c
added heap module
e1d7340
added method to process to return the heap explorer
f558916
added construct dependency
56dc290
resolved heap import problems
66775af
added __str__ methods to heap items
3546228
added __str__ methods to heap items
1e89373
updated MemoryMaps
912a5ae
added rst file for heap module
fb89d38
added heap_explorer to heap.rst
028fd38
removed arguments from HeapExplorer in heap.rst
af2dda7
added malloc_chunk to heap documentation
3f63324
added heap class to heap documentation
9d75ac5
added malloc state to the documentation
7cb4eed
added property attributes to malloc_stat Bins docstring
9b8eab1
added bins classes to documentation
50b7d91
added override of bins type in bins documentation
9e68270
added explanation for non used types in bins entries
da01633
added the type of each bin entry for each bin type
804febc
added headers to separate each bin type
0077874
added documentation for the arena to the rst files
4dab1b3
added heap module use examples
91741c5
remove TODO comments
8111e59
@zer1t0
Merge branch 'dev' into process_maps
20c4215
fix test invalid syntax in proc.MemoryMap.is_in_range
9c88b7f
Merge branch 'process_maps' of https://github.com/Zer1t0/pwntools int…
3676de5 
…o process_maps
@zer1t0
use Timeout in _waitfor_libc
edeca4f
@zer1t0
format import in arena.py
36b90b6
@zer1t0
remove packing functions from glmalloc/utils
f965dc6
@zer1t0
pass ProcessInformer as argument to HeapExplorer
b3b5a48
@zer1t0
remove pid from MallocChunk
a33e276
@zer1t0
Created CoreFileInformer
9b9ce85
@zer1t0
get correct main heap from corefile in heap parser
aec1d10
@zer1t0
use corefile instead of process to read heap
d41ff5b
@zer1t0
move heap_explorer to Corefile
79d94df
@zer1t0
add corefile samples for heap explorer testing
1b20381
@zer1t0
add libc-2.32.so to samples
94a8e29
@zer1t0
add custom libc_path option to heap_explorer
7f3a2cb
@zer1t0
add corefile as import for tests
84d9ec0
@zer1t0
add fast bins corefile
ac28007
@zer1t0
put tests in methods
307a479
@zer1t0
remove maps from CoreFileInformer
1e52515
@zer1t0
move test samples to pwnlib.data.heap
ea696ca
@zer1t0
change process mappings for corefile mappings
c3d246a
@zer1t0
remove MemoryMaps
0ca2072
@zer1t0
use ProcessInformer to parse process memory
7817933
@zer1t0
change 126 number for constant
aedf3b8
@zer1t0
handle gracefully get_libc_version_from_name
32e0e1f
@zer1t0
add libc_version parameter to manually indicate the libc version
3ec9aff
@zer1t0
put elf.describe as an exclusive example
13d3555
@zer1t0
add corefile tests for all HeapExplorer public methods
72d99e4
@zer1t0 zer1t0 marked this pull request as ready for review June 13, 2021 20:51
@zer1t0 zer1t0 requested a review from heapcrash June 13, 2021 20:52
@zer1t0 zer1t0 marked this pull request as draft June 13, 2021 20:52
@zer1t0
Copy link
Author

zer1t0 commented Nov 11, 2021

any updates here?

@Arusekk
Copy link
Member

Arusekk commented Apr 19, 2022

I hate to be pessimistic, but I believe this would better belong to projects like pwndbg. As for the realistic stuff, there are several merge conflicts standing in the way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@heapcrash heapcrash Awaiting requested review from heapcrash

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@zer1t0 @Arusekk @heapcrash