twd2/dhop

Discover Heap OPeration

DHOP: Discover Heap OPerations

Features

• Discover inputs that trigger heap operations in a binary program.
• Find inputs to achieve the desired heap layout.

Prerequisites

• Python 3
• GCC (sudo apt install gcc g++ make)
• Capstone Engine (sudo apt install libcapstone-dev)
• cmake (sudo apt install cmake)
• LLVM (sudo apt install llvm-dev)
• zlib (sudo apt install zlib1g-dev)

It finds the main loop by analyzing the LLVM IR code, which is lifted from the binary. Users can use either RetDec or McSema as the lifter, and the prerequisites are as follows, respectively.

Prerequisites for Using RetDec

• RetDec

Prerequisites for Using McSema

• McSema

..., and a disassembler required by McSema, like:

• IDA Pro

Usage

make
./tracer.py -o results/naive/tracer test/naive
./solver.py -o results/naive -s random results/naive/tracer/spec.py test/naive
./solver.py -o results/naive/simple -a allocator/simplemalloc/simplemalloc.so -s random results/naive/tracer/spec.py test/naive