Skip to content

Source code for paper 'Automatic Heap Layout Manipulation for Exploitation'

Notifications You must be signed in to change notification settings


Folders and files

Last commit message
Last commit date

Latest commit



35 Commits

Repository files navigation


Here you will find the source code related to my paper titled Automatic Heap Layout Manipulation for Exploitation, published at USENIX Security 2018. The code in this repository is not exactly that which was used to generate the results in that paper. I have since fixed a few bugs, and made some other improvements. However, it should produce essentially the same results.

The most recent version of the paper can be found in this repository as usenix18-heelan.pdf, and a recording of the presentation and the slides can be found on the USENIX website.

The Sieve subdirectory contains the source code for SIEVE, a framework for evaluating heap layout manipulation algorithms on synthetic benchmarks.

The Shrike subdirectory contains the source code for SHRIKE, a proof-of-concept template-based exploit generation system, targeting the PHP language interpreter. SHRIKE allows you to write an exploit containing 'holes' where heap layout manipulation needs to take place. This partial exploit is then taken by SHRIKE and completed. The strength of this approach is that it allows a human exploit developer to focus on the creative part of the exploit development process, while letting the machine use its raw reasoning power to solve the complex but tedious task of heap layout manipulation.


If you wish to cite this work the BibTeX is as follows:

@inproceedings {HeelanUSENIX2018,
author = {Sean Heelan and Tom Melham and Daniel Kroening},
title = {Automatic Heap Layout Manipulation for Exploitation},
booktitle = {27th {USENIX} Security Symposium ({USENIX} Security 18)},
year = {2018},
isbn = {978-1-931971-46-1},
address = {Baltimore, MD},
pages = {763--779},
url = {},
publisher = {{USENIX} Association},


If you have any questions regarding the paper or the code I can be reached via


Source code for paper 'Automatic Heap Layout Manipulation for Exploitation'






No releases published


No packages published