Things one wants from a Heap Visualization Tool presented at Hashdays 2012

by Thomas Dullien,

Tags: Security

Summary : With the increased complexity of heap exploits and the slow disappearance of heap-metadata-based attacks, many security researchers have found themselves in situations where they struggled to understand what is happening on their heap.
As early as 2004, Gerardo Richarte used a greatly simplifying visualization for making sense of heap layout. In the following years many vulnerability researchers adopted his work and wrote ad-hoc tools implementing his techniques.
In spite of the great merits for debugging exploit unreliability and teaching heap manipulation, few to no public and usable tools exist. This talk will discuss what features I would like to see in a heap visualizer, and will discuss some case studies where such a visualization proved helpful.