Home/ Questions/Q 3331336
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T23:34:30+00:00

I’ve read two articles about heap-spraying: Wikiepdia and this blog post . I understand

  • 0

I’ve read two articles about heap-spraying: Wikiepdia and this blog post.
I understand how the shell code is introduced in to the program’s memory. But how the program is made to jump/call to the address memory located on heap?

What kind of crash makes a call to heap?

Does such attack needs to be conducted with a kind of buffer overflow attack?

Is there any golden rule like the one with buffer overflow ie use the n version of functions (strncpy instead strcpy)?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If I understand correctly,

    They commonly take advantage from the
    fact that these heap blocks will
    roughly be in the same location every
    time the heap spray is run. Execution
    flow can be redirected to the heap
    sprays via buffer overflow or heap
    overflow flaws.

    They’re talking about a situation like this:

    char buffer[10];
FuncPtr p;

    And when you read into buffer there’s no overflow protection, and you can write directly into the memory location for p. Later on when your code tries to call p, it will jump to where the attacker wants it to jump, presumably where they injected executable code into your app.

    Simple fix: Don’t use static buffers (prefer the std:: collection classes) and always check for overflows.

    • 0