Skip to content
Source code for paper 'Automatic Heap Layout Manipulation for Exploitation'
Branch: master
Clone or download
Latest commit c9e228f Oct 12, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.


Here you will find the source code related to my paper titled Automatic Heap Layout Manipulation for Exploitation, published at USENIX Security 2018.

The most recent version of the paper can be found in this repository as usenix18-heelan.pdf, and a recording of the presentation and the slides can be found on the USENIX website.

The Sieve subdirectory contains the source code for SIEVE, a framework for evaluating heap layout manipulation algorithms on synthetic benchmarks.

The Shrike subdirectory contains the source code for SHRIKE, a proof-of-concept template-based exploit generation system, targeting the PHP language interpreter. SHRIKE allows you to write an exploit containing 'holes' where heap layout manipulation needs to take place. This partial exploit is then taken by SHRIKE and completed. The strength of this approach is that it allows a human exploit developer to focus on the creative part of the exploit development process, while letting the machine use its raw reasoning power to solve the complex but tedious task of heap layout manipulation.


If you wish to cite this work the BibTeX is as follows:

@inproceedings {HeelanUSENIX2018,
author = {Sean Heelan and Tom Melham and Daniel Kroening},
title = {Automatic Heap Layout Manipulation for Exploitation},
booktitle = {27th {USENIX} Security Symposium ({USENIX} Security 18)},
year = {2018},
isbn = {978-1-931971-46-1},
address = {Baltimore, MD},
pages = {763--779},
url = {},
publisher = {{USENIX} Association},


If you have any questions regarding the paper or the code I can be reached via

You can’t perform that action at this time.