Skip to content
Discover Heap OPeration
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
allocator
loop-finder
solver
spec
test
.gitignore
Makefile
README.md
allocator.py
benchmark.sh
benchmark_dry_run.sh
benchmark_parallel.sh
gather.sh
hook.s
initial_layout.c
loop_finder.py
opseq.py
opt_trace_+64.txt
opt_trace_-64.txt
server.py
slow_cat.py
solver.py
specgen.py
stat_header.csv
trace.py
tracer.py
utils.py
wrapper.c

README.md

DHOP: Discover Heap OPerations

Features

  • Discover inputs that trigger heap operations in a binary program.
  • Find inputs to achieve the desired heap layout.

Prerequisites

  • Python 3
  • GCC (sudo apt install gcc g++ make)
  • Capstone Engine (sudo apt install libcapstone-dev)
  • cmake (sudo apt install cmake)
  • LLVM (sudo apt install llvm-dev)
  • zlib (sudo apt install zlib1g-dev)

It finds the main loop by analyzing the LLVM IR code, which is lifted from the binary. Users can use either RetDec or McSema as the lifter, and the prerequisites are as follows, respectively.

Prerequisites for Using RetDec

Prerequisites for Using McSema

..., and a disassembler required by McSema, like:

Usage

make
./tracer.py -o results/naive/tracer test/naive
./solver.py -o results/naive -s random results/naive/tracer/spec.py test/naive
./solver.py -o results/naive/simple -a allocator/simplemalloc/simplemalloc.so -s random results/naive/tracer/spec.py test/naive
You can’t perform that action at this time.