• Stars
    star
    166
  • Rank 227,748 (Top 5 %)
  • Language
    C
  • License
    MIT License
  • Created over 7 years ago
  • Updated over 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A shared (dynamic) library that can be transparently injected into different processes to detect memory corruption in glibc heap

libdheap

A shared (dynamic) library that can be transparently injected into different processes to detect memory corruption in glibc heap.

It works by intercepting and wrapping over libc's malloc() and free() while maintaining information about various chunks in an intermediate data storage (also on the heap). Also, canaries are added before and after heap chunks to detect overflows.

+------------------+                               +---------------------+
|                  |       malloc(), free()        |                     |
|      User        | ----------------------------> |      libdheap       |
|     Process      | <---------------------------- | (injected library)  |
|                  |         intercepted           |                     |
+------------------+                               +---------------------+
       | ^                                                   | ^
       | |                               __libc_**           | |
       | |                          +------------------------+ |
       | |                          | +------------------------+
       | |                          | |
       | |                          v |
       | |                   +---------------+               +------------+-----------+
       | |  printf(), etc.   |               |    chunks     |            |           |
       | +------------------ |     glibc     | ------------> |  user      | libdheap  |
       +-------------------> |    library    | <------------ |  data      |   data    |
                             |               |               |            |           |
                             +---------------+               +------------+-----------+
                                    ^ |                             Heap Memory
                                    | |
                                    | | brk(), mmap()
                                    | |
     -------------------------------------------------------------------------
                                    | |                Operating System
                                    | v
                             +---------------+
                             |               |
                             |    kernel     |
                             |               |
                             +---------------+

Features

  • Runs directly on compiled code. Ideal for detecting errors in programs whose source code is unavailable
  • Detects invalid frees including double frees
  • Detects if malloc returns a chunk which overlaps with an already allocated chunk
  • Detects any kind of buffer based overflow or underflow. This also detects many 'use after free' vulnerabilities
  • Dynamic library, can be attached to any process (provided required permissions are available)
  • Displays the stack trace (the function call history) on detecting any of the above errors

Installation

This library is not portable and works only with glibc.

To install, clone this repository and cd to it:

git clone https://github.com/DhavalKapil/libdheap

Run make:

make

The shared library will be generated: libdheap.so

Usage

To run any program with libdheap, load the library using LD_PRELOAD environment variable.

LD_PRELOAD=/path/to/libdheap.so gedit

libdheap will output any error/log to standard error by default. You might want to redirect the output to some external file.

[LIBDHEAP LOG] : Freeing non allocated chunk!
[LIBDHEAP LOG] : Printing Stack Trace ====>
[LIBDHEAP LOG] :    0x400604
[LIBDHEAP LOG] :    0x2b3b8016ff45
[LIBDHEAP LOG] : <==== End of Stack Trace

libdheap allows setting two configuration options (through environment variables) as follow:

  1. LIBDHEAP_DEBUG: If 1, will output debugging statements along with errors and logs.
  2. LIBDHEAP_EXIT_ON_ERROR: If 1, will exit the instant it detects any memory corruption error.

By default, both are set to 0. Use the following command to configure:

LD_PRELOAD=/path/to/libdheap.so LIBDHEAP_DEBUG=1 gedit

Note: If debugging is enabled, it is advised to redirect output to an external file (libdheap outputs a lot of things). Also, this library is not developed for using in production, since it slows the application by approximately 5 times.

Implementation details

  • Uses a custom stack tracer (by jumping around the memory using the frame pointer). Existing stack tracers don't work as they are themselves dependent upon 'malloc', 'free', etc.
  • Uses AVL trees for storing chunks as non overlapping sorted intervals.

Contribution

Feel free to file issues and submit pull requests – contributions are welcome.

License

libdheap is licensed under the MIT license.

More Repositories

1

icmptunnel

Transparently tunnel your IP traffic through ICMP echo and reply packets.
C
3,093
star
2

heap-exploitation

This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.
C
1,241
star
3

luaver

Lua Version Manager - Managing and switching between different versions of Lua, LuaJIT and Luarocks made easy
Shell
267
star
4

elasticsearch-lua

Lua client for Elasticsearch
Lua
150
star
5

image-uploader

A simple and elegant PHP library for securely uploading images
PHP
62
star
6

dns-validator

Security tool to detect dns poisoning attacks
JavaScript
48
star
7

network-monitor

Tool to analyze and monitor network traffic
JavaScript
44
star
8

stack-guard

A toy implementation of 'Stack Guard' on top of the LLVM compiler toolchain
C++
24
star
9

ctf-writeups

Python
21
star
10

MusicComposer

A music generator that makes pleasing music based on western music theory
Java
12
star
11

dhavalkapil.github.io

My Jekyll Blog website
CSS
9
star
12

viewer

A client/server java application to transmit changes on files on the client side to the server side immediately.
Java
9
star
13

exploits

Java
8
star
14

xss-auditor-analysis

Python
7
star
15

harley

Daily activity center for autistic children developed for Microsoft Code.Fun.Do
C#
5
star
16

FileTransferer

A socket based program to send a file over the network after dividing it into parts and sending each part separately
Java
4
star
17

pwnfox-gdb

Python
4
star
18

digit-recognition

MNIST handwritten digit recognition using Deep Learning
Python
2
star
19

pwnfox-js

JavaScript
2
star
20

Chat

A chatting software implemented in java
2
star
21

arp-analysis

Python
2
star
22

Captcha

An image based customizable CAPTCHA generator written in PHP.
PHP
1
star
23

arp-simulations

Java
1
star
24

IITRVirusRemover

A simple program to remove a particular type of virus found in computers of ICC in IIT Roorkee
Java
1
star
25

ForwardingServer

A server program that accepts input from one client and forwards it to all the clients connected to it
1
star