HackerLangs
TopNewTrendsCommentsPastAskShowJobs

Let's Decode the Mystery Bytes [video](youtube.com)

25 points·by surprisetalk·vor 17 Tagen·7 comments
youtube.com
Let's Decode the Mystery Bytes [video]

https://www.youtube.com/watch?v=GZqB4D_Do38

7 comments

dreamcompiler·vor 11 Tagen
Why does the Windows heap obfuscate heap headers with that XOR stuff? If it's to try to keep malware from walking the heap it's obviously not very effective.
db48x·vor 11 Tagen
It’s not to keep malware from walking the heap, it’s just a simple protection against simple buffer overflow attacks. If a process running on your computer has a fixed–sized buffer allocated on the heap and I send too much data to fit in the buffer then part of what I send will overwrite whatever comes after that buffer in memory. Well, that means that it will overwrite the heap header objects that windows uses for memory management too. That can be an important step in exploiting the overflow bug.

But Windows picks a random number for each heap and XORs the heap header with it. This means that every time you run the program the headers have to be XORd with a different random number before Windows can understand them. I have no way of predicting what that number is, so the malicious data that I send won’t be XORd with the right number to fool Windows.
not_a9·vor 11 Tagen
Presumably for much the same reason glibc has all the heap protections?
pwdisswordfishq·vor 12 Tagen
Way to make clickbait titles.
db48x·vor 11 Tagen
The title seems to describe exactly what the video is about. What made it seem like clickbait to you?
Luc·vor 12 Tagen
“This video is restricted. Please check the Google Workspace administrator and/or the network administrator restrictions”
pitched·vor 12 Tagen
No restricted for me, either on or off VPN. This might actually be an account issue on your side? Maybe a work account?