FunctionDescriptionfreeList(arg, count)Adds blocks of the specified size to the free list and makes sure they arenot coalesced. The heap must be defragmented before calling this function. Ifthe size of the memory blocks is less than 1024, you have to make sure that thelookaside is full.
Arguments:
- arg - size of the new block in bytes, or a string to strdup
- count - how many free blocks to add to the list (defaults to 1)
Example:
heap.freeList("BBBBB", 5) // adds 5 blocks containing the // string "BBBBB" to the free listlookaside()Adds blocks of the specified size to the lookaside. The lookaside must beempty before calling this function.
Arguments:
- arg - size of the new block in bytes, or a string to strdup
- count - how many blocks to add to the lookaside (defaults to 1)
Example:
heap.lookaside("BBBBB", 5) // puts 5 blocks containing the // string "BBBBB" on the lookasidelookasideAddr()Return the address of the head of the lookaside linked list for blocks ofa specified size. Uses the
heapBase parameter from the
heapLib.ieconstructor.
Arguments:
- arg - size of the new block in bytes, or a string to strdup
Example:
heap.lookasideAddr("BBBBB") // returns 0x150718vtable(shellcode, jmpecx, size)Returns a fake vtable that contains shellcode. The caller should free thevtable to the lookaside and use the address of the lookaside head as an objectpointer. When the vtable is used, the address of the object must be in eax andthe pointer to the vtable must be in ecx. Any virtual function call through thevtable from ecx+8 to ecx+0x80 will result in shellcode execution. This function uses the heap.
Arguments:
- shellcode - shellcode string
- jmpecx - address of a jmp ecx or equivalent instruction
- size - size of the vtable to generate (defaults to 1008 bytes)
Example:
heap.vtable(shellcode, 0x4058b5) // generates a 1008 byte vtable // with pointers to shellcode
本站仅提供存储服务,所有内容均由用户发布,如发现有害或侵权内容,请
点击举报。
