an overview of the lfh
play

An overview of the LFH Mitigation Observations Conclusion Bruno - PowerPoint PPT Presentation

Dec 29, 2022 •166 likes •844 views

An overview of the LFH Bruno Pujos Introduction How it works Windows An overview of the LFH Mitigation Observations Conclusion Bruno Pujos July 20, 2014 Plan An overview of the LFH Bruno Pujos Introduction How it works Windows

  1. An overview of the LFH Bruno Pujos Introduction How it works Windows An overview of the LFH Mitigation Observations Conclusion Bruno Pujos July 20, 2014

  2. Plan An overview of the LFH Bruno Pujos Introduction How it works Windows Mitigation 1 Introduction Observations Conclusion

  3. The LFH? An overview of the LFH Bruno Pujos Introduction How it works Windows • Low Fragmentation Heap: Front End allocator Mitigation • Userland (sorry, no kernel this time. . . ) Observations Conclusion • Windows 8/8.1 32bit • Why talk about it? • Some details were left out to keep it simple

  4. General Memory Management An overview of the LFH Bruno Pujos Introduction How it works Windows Mitigation Observations Conclusion

  5. A little bit of history An overview of the LFH Bruno Pujos Introduction How it works • LFH released with Windows XP (2001) but not Windows Mitigation enabled by default Observations • The Look-Aside-List was another Front End allocator Conclusion at that time • Since Vista, no more LAL, and LFH is enabled by default

  6. Plan An overview of the LFH Bruno Pujos 1 Introduction Introduction How it works 2 How it works Windows Mitigation Structures Observations Allocation Conclusion Free Windows Mitigation 3 Observations 4 Conclusion 5

  7. Plan An overview of the LFH Bruno Pujos Introduction How it works Structures How it works 2 Allocation Free Structures Windows Allocation Mitigation Free Observations Conclusion

  8. Plan An overview of the LFH Bruno Pujos Introduction How it works Structures How it works 2 Allocation Free Structures Windows Allocation Mitigation Free Observations Conclusion

  9. General Overview An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  10. General Overview An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  11. _HEAP & _LFH_HEAP An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  12. General Overview An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  13. _HEAP_BUCKET An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  14. General Overview An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  15. _HEAP_LOCAL_SEGMENT_INFO An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  16. General Overview An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  17. Subsegment & UserBlocks An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  18. Plan An overview of the LFH Bruno Pujos Introduction How it works Structures How it works 2 Allocation Free Structures Windows Allocation Mitigation Free Observations Conclusion

  19. Allocation Workflow An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  20. LFH activation & Back-end An overview of the LFH Bruno Pujos Introduction How it works • RtlpAllocateHeap(_HEAP *Heap, int Flags, int Size, Structures Allocation unsigned int RoundedSize, _LIST_ENTRY *ListHint, Free int *RetCode) Windows Mitigation • HEAP_NO_SERIALIZE Observations • Heap->CompatibilityFlags & 0x20000000: activation Conclusion of the LFH needed • RtlpPerformHeapMaintenance(_HEAP *Heap)

  21. LFH activation & Back-end An overview of the LFH Allocation of size < 0x4000 Bruno Pujos • if the LFH is not activated: set the CompatibilityFlags Introduction • if the LFH is not activated for this size: How it works Structures • add 0x21 in the Heap->FrontEndHeapUsageData[] Allocation Free • if 0x10 consecutive allocations or Windows Heap->FrontEndHeapUsageData[] > 0xff00: activate Mitigation for the next allocation of the same size Observations Conclusion Activation for a given size • set Heap->FrontEndHeapUsageData[] to the BucketIndex • set Heap->FrontEndHeapStatusBitmap[] to 1 (activated)

  22. Allocation Workflow An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  23. LFH Allocation An overview of the LFH Bruno Pujos Introduction How it works Structures • size <= 0x4000 Allocation Free • HEAP_NO_SERIALIZE Windows Mitigation • Heap->FrontEndHeapStatusBitmap == 1 Observations • RtlpLowFragHeapAllocFromContext(_LFH_HEAP Conclusion *LFH, unsigned short BucketIndex, int Size, char Flags)

  24. LFH Allocation Workflow An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  25. LFH Initialisation An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  26. LFH Initialisation An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  27. LFH Initialisation An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  28. LFH Initialisation An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  29. LFH Randomization An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  30. LFH Randomization An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  31. LFH Randomization An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows • RtlpLowFragHeapRandomData Mitigation • LowFragHeapDataSlot (in the TEB) Observations Conclusion

  32. LFH Allocation An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  33. LFH Allocation An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  34. LFH Cache An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  35. LFH Cache An overview of the LFH Bruno Pujos Introduction How it works Structures • Check the cache Allocation Free • Try to allocate UserBlocks and/or Subsegment Windows Mitigation • Fail if RtlAllocateHeap fails Observations • Update RtlpLowFragHeapRandomData in Conclusion Subsegment allocation

  36. LFH Cache An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  37. LFH Allocation Workflow An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  38. Plan An overview of the LFH Bruno Pujos Introduction How it works Structures How it works 2 Allocation Free Structures Windows Allocation Mitigation Free Observations Conclusion

  39. Free Workflow An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  40. Free Back-end An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free • RtlpFreeHeap(_HEAP *Heap, int Flags, Windows _HEAP_ENTRY *Header, void *Chunk) Mitigation Observations • Decrement the counter in Conclusion Heap->FrontEndHeapUsageData[]

  41. Free Workflow An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  42. LFH Free An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation • No longer handled by RtlpLowFragHeapFree Free Windows • Same algorithm idea in Windows 8 and 8.1 Mitigation Observations • Header->UnusedBytes & 0x80 Conclusion • Always returns true

  43. LFH Free Workflow An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  44. LFH Free Initialisation An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

  45. LFH Free Initialisation An overview of the LFH Bruno Pujos Introduction How it works Structures Allocation Free Windows Mitigation Observations Conclusion

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 SF park overview OVERVIEW PRESENTATION / 2

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 SF park overview OVERVIEW PRESENTATION / 2

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 SF park overview OVERVIEW PRESENTATION / 2 Coin and card meters OVERVIEW PRESENTATION / 3 Making garages work better OVERVIEW PRESENTATION / 4 User interface and customer experience OVERVIEW

1.3k views • 24 slides
OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 Acknowledgements OVERVIEW PRESENTATION / 2 SF

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 Acknowledgements OVERVIEW PRESENTATION / 2 SF

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 Acknowledgements OVERVIEW PRESENTATION / 2 SF park overview OVERVIEW PRESENTATION / 3 Coin and card meters OVERVIEW PRESENTATION / 4 Improving the customer experience at garages OVERVIEW

567 views • 25 slides
GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin

GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin

National Taiwan University Department of Computer Science and Information Engineering GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin Phone Lin Ph.D. Ph.D. Email: plin@csie.ntu.edu.tw Email:

686 views • 41 slides
i c r o g u a r d s OVERVIEW The m i c r o g u a r d BIOFUELS s OVERVIEW

i c r o g u a r d s OVERVIEW The m i c r o g u a r d BIOFUELS s OVERVIEW

LGE UNICAMP The m i c r o g u a r d s OVERVIEW The m i c r o g u a r d BIOFUELS s OVERVIEW The m i c r o g u a r d ETHANOL s OVERVIEW The m i c Ideal conditions r o g Costs-benefits u a r d

1.39k views • 59 slides
Football First Aid: Football First Aid: An Overview An Overview Steven Richmond 95#

Football First Aid: Football First Aid: An Overview An Overview Steven Richmond 95#

Football First Aid: Football First Aid: An Overview An Overview Steven Richmond 95# Commissioner --BRYC Firefighter II, EMT-B, HTR &amp; HZMT Tech City of Alexandria Fire and EMS Overview Overview Hyperthermia (Heat Related Injuries)

2.61k views • 31 slides
1 Corporate Overview Transaction 1 Corporate Overview Overview of Libre Group Structure

1 Corporate Overview Transaction 1 Corporate Overview Overview of Libre Group Structure

1 Corporate Overview Transaction 1 Corporate Overview Overview of Libre Group Structure Industry Business Model Hotels Overview Disclaimer This presentation does not constitute, or form any part of any offer for sale or subscription

808 views • 32 slides
HabaPalooza T EA M HYPERION COM M 362 A PRIL 29 T H 201 2 Overview Team Overview

HabaPalooza T EA M HYPERION COM M 362 A PRIL 29 T H 201 2 Overview Team Overview

HabaPalooza T EA M HYPERION COM M 362 A PRIL 29 T H 201 2 Overview Team Overview Project Overview Analysis Active Experimentation Question &amp; Answer Team Overview Our Logo Our Tagline Our Mission Statement

1.09k views • 15 slides
Outbound Logistics Overview 1 Outbound Logistics Overview Outbound Overview Four

Outbound Logistics Overview 1 Outbound Logistics Overview Outbound Overview Four

Outbound Logistics Overview 1 Outbound Logistics Overview Outbound Overview Four Dedicated Outbound Carriers MPF Meijer Private Fleet 111 stores serviced in Michigan, northern Ohio, and Indiana. NTB Nationwide Truck

865 views • 15 slides
HabaPalooza T E A M H Y P E R I O N C O M M 3 6 2 A P R I L 2 9 TH 2 0 1 2 Overview Team

HabaPalooza T E A M H Y P E R I O N C O M M 3 6 2 A P R I L 2 9 TH 2 0 1 2 Overview Team

HabaPalooza T E A M H Y P E R I O N C O M M 3 6 2 A P R I L 2 9 TH 2 0 1 2 Overview Team Overview Project Overview Analysis Active Experimentation Question &amp; Answer Team Overview Our Logo Our Tagline Our

934 views • 15 slides
An overview to Maltese An overview to Maltese An overview to Maltese An overview to Maltese

An overview to Maltese An overview to Maltese An overview to Maltese An overview to Maltese

An overview to Maltese An overview to Maltese An overview to Maltese An overview to Maltese Agriculture Agriculture Agriculture characteristics S mall holdings L imited resources and L and Fragmentation. 2 Maltese agriculture in figures

1.04k views • 15 slides
Library Conversations: Talking with Users University of Rochester Overview Overview Used

Library Conversations: Talking with Users University of Rochester Overview Overview Used

Rebecca Bichel December 7, 2007 Library Conversations: Talking with Users University of Rochester Overview Overview Used anthropological &amp; ethnographic Overview Overview methods Guiding research question: What do students

941 views • 44 slides
.NET Overview Objectives Introduce .NET overview languages libraries

.NET Overview Objectives Introduce .NET overview languages libraries

.NET Overview Objectives Introduce .NET overview languages libraries development and execution model Examine simple C# program 2 .NET Overview .NET is a sweeping marketing term for a family of products

388 views • 23 slides
1 Overview Overview Regional demographic overview Regional demographic overview Workforce

1 Overview Overview Regional demographic overview Regional demographic overview Workforce

1 Overview Overview Regional demographic overview Regional demographic overview Workforce supply analysis Regional demand for workers i l d d f k Balancing supply and demand Reviewing key cluster trends Key challenges

533 views • 39 slides
EZ Overview EZ Overview The Rapid Development Platform p p Muse EZ is a

EZ Overview EZ Overview The Rapid Development Platform p p Muse EZ is a

EZ Overview EZ Overview The Rapid Development Platform p p Muse EZ is a registered trademark of Future Designs, Inc . 1 Overview What is EZ? EZ RTOS Engine EZ Four Tier Hierarchy Reusable HAL and Device

600 views • 32 slides
Overview of the Reconstruction Overview of the Reconstruction Overview of Some Legal Issues

Overview of the Reconstruction Overview of the Reconstruction Overview of Some Legal Issues

Overview of the Reconstruction Overview of the Reconstruction Overview of Some Legal Issues Related to Puerto Ricos Debt Restructuring by Sergio M. Marxuach Center for a New Economy February 25, 2020 CNE Puerto Ricos Think Tank

347 views • 13 slides
Overview &amp; Development Table of Contents 1 Simon Owen, CEO Business Overview

Overview &amp; Development Table of Contents 1 Simon Owen, CEO Business Overview

2018 Investor Tour INGENIA COMMUNITIES GROUP Overview &amp; Development Table of Contents 1 Simon Owen, CEO Business Overview Guidance Update Development Overview Latitude One Overview 2 Craig Shepherd, Project

247 views • 22 slides
Proportionally Fair Clustering Xingyu Chen, Brandon Fain , Liang Lyu, Kamesh Munagala Department

Proportionally Fair Clustering Xingyu Chen, Brandon Fain , Liang Lyu, Kamesh Munagala Department

Proportionally Fair Clustering Xingyu Chen, Brandon Fain , Liang Lyu, Kamesh Munagala Department of Computer Science, Duke University ICML 2019 Centroid Clustering Set N of n points Set M of m centers. (M=N is common) Want to choose a set X

554 views • 22 slides
Global Register Allocation - 3 Y N Srikant Computer Science and Automation Indian Institute of

Global Register Allocation - 3 Y N Srikant Computer Science and Automation Indian Institute of

Global Register Allocation - 3 Y N Srikant Computer Science and Automation Indian Institute of Science Bangalore 560012 NPTEL Course on Principles of Compiler Design Outline n Issues in Global Register Allocation (in part 1) n The

1.06k views • 47 slides
Computational Social Choice: Spring 2019 Ulle Endriss Institute for Logic, Language and

Computational Social Choice: Spring 2019 Ulle Endriss Institute for Logic, Language and

Algorithmics of Fair Allocation COMSOC 2019 Computational Social Choice: Spring 2019 Ulle Endriss Institute for Logic, Language and Computation University of Amsterdam Ulle Endriss 1 Algorithmics of Fair Allocation COMSOC 2019 Plan for

382 views • 24 slides
CS 101: Computer Programming and Utilization About These Slides Based on Chapter 21 of the book

CS 101: Computer Programming and Utilization About These Slides Based on Chapter 21 of the book

CS 101: Computer Programming and Utilization About These Slides Based on Chapter 21 of the book An Introduction to Programming Through C++ by Abhiram Ranade (Tata McGraw Hill, 2014) Original slides by Abhiram Ranade First update by

447 views • 34 slides
FDI PROMOTION AND ARBITRATION Prof. Dr. Jordi Paniagua University of Valencia 13 Februray 2018

FDI PROMOTION AND ARBITRATION Prof. Dr. Jordi Paniagua University of Valencia 13 Februray 2018

FDI PROMOTION AND ARBITRATION Prof. Dr. Jordi Paniagua University of Valencia 13 Februray 2018 Motivation Teaser If FDI were a country......FDI would be a big one GDP (billions of $) 1 United States 18,036 2 China 11,065 3 Japan 4,383

419 views • 24 slides
Friends, not Foes Synthesizing Existing Transport Strategies for Data Center Networks Ali

Friends, not Foes Synthesizing Existing Transport Strategies for Data Center Networks Ali

Friends, not Foes Synthesizing Existing Transport Strategies for Data Center Networks Ali Munir Michigan State University Michigan State University Ghufran Baig, Syed M. Irteza, Ihsan A. Qazi, Alex X. Liu, Fahad R. Dogar Data Center (DC)

1.34k views • 66 slides
Device I/O I/O architectures: busses 10A I/O Architectures 10B I/O Mechanisms CPU

Device I/O I/O architectures: busses 10A I/O Architectures 10B I/O Mechanisms CPU

Device I/O I/O architectures: busses 10A I/O Architectures 10B I/O Mechanisms CPU controller 10C Disks control address main bus 10D Low-Level I/O Techniques data interrupts 10E Higher Level I/O Techniques memory

493 views • 17 slides
ARBITRATION ENFORCEMENT: TORN BETWEEN TWO TREATIES Micula v. Romania [2020] UKSC 5; [2020] 1 WLR

ARBITRATION ENFORCEMENT: TORN BETWEEN TWO TREATIES Micula v. Romania [2020] UKSC 5; [2020] 1 WLR

ARBITRATION ENFORCEMENT: TORN BETWEEN TWO TREATIES Micula v. Romania [2020] UKSC 5; [2020] 1 WLR 1033 Marie Demetriou QC &amp; Gerard Rothschild brickcourt.co.uk +44(0)20 7379 3550 KEY CHRONOLOGY 1966: UK ratified ICSID Convention.

548 views • 7 slides

More recommend