Sunday, November 15, 2009

Adventures in Heap Cloning

Heap seems to be a magic word. I never got download rates
like this for a paper. Since there was no feedback that
told me that I am completely wrong, I make it
available to a broader public now. A small chapter has been
added: 'Countermeasures'.
The paper is available here.
You probably know that I am not a memory-guy, so do not
expect much more research in this area by me.
I rather really enjoy developing code that hashes
like this:  
sha1: c60a0e1daff22c0d97eb03f509c7135d119d830b
md5: fcb19f8317449ad9f93a12fccb63c650.

1 comment:

huku said...

Excellent work :-) you can also measure the entropy of certain places in the heap before trying to find the SSL structures. I think this would reduce the number of the memory areas under suspicion.