Главная
Study mode:
on
1
Intro
2
Agenda: Windows 10 Segment Heap
3
Architecture
4
Configuration
5
Edge Content Process Heaps
6
Backend Page Range Descriptors Example
7
Backend Free Tree
8
Variable Size (VS) Allocation
9
VS Subsegment
10
VS Block Header
11
VS Free Tree
12
VS Allocation and Freeing
13
Low Fragmentation Heap (LFH)
14
LFH Buckets
15
LFH Affinity Slots
16
LFH Block Bitmap
17
LFH Allocation and Freeing
18
Internals: Summary
19
Heap Address Randomization
20
Guard Pages
21
Function Pointer Encoding
22
VS Block Sizes Encoding
23
LFH Allocation Randomization
24
WinRT PDF: PostScript Operand Stack
25
Free Blocks Coalescing
26
Case Study: Summary
27
Conclusion
Description:
Explore the internals of Windows 10 Segment Heap in this 42-minute Black Hat conference talk by Mark Vincent Yason. Dive deep into the architecture, configuration, and security mechanisms of this native heap used in Windows app processes and Microsoft Edge. Learn about backend page range descriptors, variable size allocations, low fragmentation heap, and various security features like heap address randomization and guard pages. Gain insights into exploiting memory corruption vulnerabilities, demonstrated through a case study of the Microsoft WinRT PDF library (CVE-2016-0117). Understand the implications for reliable exploit development in Edge components and dependencies using Segment Heap.

Windows 10 Segment Heap Internals

Black Hat
Add to list
#Conference Talks #Black Hat #Programming #Software Development #Computer Science #Algorithms #Data Structures #Memory Management #Personal Development #Self Improvement #Digital Skills #Windows #Windows 10 #Microsoft Edge
1 of 27

Intro