Heap Spraying 101: Because Who Needs Memory Safety, Anyway?

Welcome, aspiring security expert, to the world of heap spraying! Where the goal is to fill a process's memory with a custom heap, because who needs the OS to do its job?

A simple example of how to spray a heap:

1. Create a process with a small memory limit
2. Find the process's memory address space
3. Allocate a large block of memory at that address
4. Fill that block with your custom data

Why do it, you ask?

For the lulz, of course! And maybe, just maybe, to escape those pesky ASLRs. But don't try this at home, kids!

Related Subpages:

• Heap Spray Examples: Because Who Needs Code Quality?
• Heap Spraying Gotchas: Don't Say We Didn't Warn You
• Heap Spraying Theory: It's Not Just About Filling a Hole