Skip to content
De Mysteriis Dom jemalloc
Find file
New pull request
Latest commit e758876 @argp Comment fix
Failed to load latest commit information.
.gitignore Tested on 33.0
LICENSE Support for gdb 7.7 and python3
Makefile Version 0.8
README Markdown README Tested on 33.0
TODO Support for gdb 7.7 and python3 Support for gdb 7.7 and python3 Tested on 33.0 Comment fix

unmask_jemalloc - De Mysteriis Dom jemalloc

A gdb/Python extension to unmask and bring to light the internals of the various jemalloc flavors.

This new release of unmask_jemalloc specifically targets Mozilla Firefox and is a complete rewrite of the initial version of the utility as published in our Phrack paper on exploiting jemalloc:

The original slide deck from our Black USA 2012 presentation on the subject of exploiting Firefox/jemalloc is available at:

The updated slide deck is at:

We have extensively tested unmask_jemalloc with various versions of Mozilla Firefox (including the latest release at the time of this writing, 33.0) on OS X (x86_64) and Linux (both x86 and x86_64) with gdb 7.7 (which embeds Python3).

You can load unmask_jemalloc by including the following in your gdbinit (or issuing them at the gdb prompt):

python import sys
python sys.path.append("/path/to/unmask_jemalloc")
source /path/to/unmask_jemalloc/

Then from gdb use the jehelp command to get details on the commands provided by unmask_jemalloc:

gdb $ jehelp
[unmask_jemalloc] De Mysteriis Dom jemalloc
[unmask_jemalloc] v0.8

[unmask_jemalloc] available commands:
[unmask_jemalloc]   jechunks               : dump info on all available chunks
[unmask_jemalloc]   jearenas               : dump info on jemalloc arenas
[unmask_jemalloc]   jeruns [-c]            : dump info on jemalloc runs (-c for current runs only)
[unmask_jemalloc]   jebins                 : dump info on jemalloc bins
[unmask_jemalloc]   jeregions <size class> : dump all current regions of the given size class
[unmask_jemalloc]   jesearch [-c] <hex>    : search the heap for the given hex value (-c for current runs only)
[unmask_jemalloc]   jedump [filename]      : dump all available info to screen (default) or file
[unmask_jemalloc]   jeparse                : (re)parse jemalloc structures from memory
[unmask_jemalloc]   jeversion              : output version number
[unmask_jemalloc]   jehelp                 : this help message

The development of unmask_jemalloc will continue at:

Feel free to contribute!

argp & huku, Mon Oct 6 15:06:32 EEST 2014

Something went wrong with that request. Please try again.