Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Windows 10 Segment Heap Internals

Black Hat via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the internals of Windows 10 Segment Heap in this 42-minute Black Hat conference talk by Mark Vincent Yason. Dive deep into the architecture, configuration, and security mechanisms of this native heap used in Windows app processes and Microsoft Edge. Learn about backend page range descriptors, variable size allocations, low fragmentation heap, and various security features like heap address randomization and guard pages. Gain insights into exploiting memory corruption vulnerabilities, demonstrated through a case study of the Microsoft WinRT PDF library (CVE-2016-0117). Understand the implications for reliable exploit development in Edge components and dependencies using Segment Heap.

Syllabus

Intro
Agenda: Windows 10 Segment Heap
Architecture
Configuration
Edge Content Process Heaps
Backend Page Range Descriptors Example
Backend Free Tree
Variable Size (VS) Allocation
VS Subsegment
VS Block Header
VS Free Tree
VS Allocation and Freeing
Low Fragmentation Heap (LFH)
LFH Buckets
LFH Affinity Slots
LFH Block Bitmap
LFH Allocation and Freeing
Internals: Summary
Heap Address Randomization
Guard Pages
Function Pointer Encoding
VS Block Sizes Encoding
LFH Allocation Randomization
WinRT PDF: PostScript Operand Stack
Free Blocks Coalescing
Case Study: Summary
Conclusion

Taught by

Black Hat

Reviews

Start your review of Windows 10 Segment Heap Internals

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.