Memory Heap Corruption In Software – How Can It Open Security Holes?

There is a lot to learn about computers.

If you want to be able to seriously create interesting programs or learn how to dissect software then you must understand how the computer interacts with it.

You can get away with both without delving too deeply into how computers work but if you really want to be able to understand everything then you must start to learn about the innards of your system.

This especially includes the memory of your computer.

memory-heap-corruption

The memory can be a long and extensive topic to learn but once you do you will be able to figure out a lot of the problems that happen in your computer.

Through the years, the memory has become a vector of attack for a lot of malware out there; when the memory of the computer becomes corrupted then you are able to do so many things in the system that you are not supposed to.

Every piece of data that you computer sees goes through the memory before it gets to the CPU.

If you are able to change it there then you are able to make the CPU do what you want it to do.

In this article, I will show you how memory works, the system that it goes through to get to the CPU, and what is the difference between the heap corruption and the stack corruption of memory.

After we go through all of this then maybe you will be able to see how such a corruption in the memory of the computer is able to open security holes.

What Does The Memory Do?

The memory inside of the computer allows you to have a place for the data to be stored before it goes to the CPU.

The CPU takes the address of certain parts of the memory and with that it is able to see what part of the data needs to come after the data that it is processing right now.

This is why, when you run a program, it gets stored on the memory part of your computer.

This way it is able to be accessed by the CPU quickly.

The CPU calls up a certain section of the program and where that program tells the CPU to go next, it does.

On most modern systems the data is stored on the hard drive first.

The hard drive is really slow (because it is a mechanical device with moving parts) and it is awkward for the CPU to call up data from it directly but sometimes it has to.

This is called virtual memory and it is used only as a last resort but that doesn’t mean that it does not happen often.

So once the data gets off of the hard drive, as I said before, it goes to the memory.

From the memory it goes to L2 cache and then to the L1 cache.

From there it goes to what is called registers and then into the CPU.

After it gets to the CPU, the data is processed very quickly and then the next piece of data from the memory is requested.

So now that you know the process of how the data on your computer moves around, let’s see if I can explain how it becomes corrupted.

Corrupted Data

Now that I have explained how the memory system works let’s explain how the data is divided into stacks and heaps.

When a program is running it divides the memory up into different areas.

There are several areas that it divides it up into but I will focus on now the heap section and the stack section.

The heap section is the part of the memory where the data that is going to be used for the life of the program is stored (this is not true for all cases but for the most part it is).

The stack holds data that is going to be there for a short time.

It is called a stack because they data is piled into memory address on top of each other and then taken back off in that same way – it is a first in, last out proposition.

Now both the stack and the heap can become corrupted.

As a matter of fact stack corruption is the most popular way of attack but I am focusing on the heap corruption right now.

So on the heap, the attacker changes the address of some of the data that the heap is storing.

They then put new data into the old address and when the CPU comes looking for that data it gets an unexpected result.

This results leads to an attack on the system and your computer is now down for the count.

This is not an easy attack to pull off and it needs time and dedication to work but if you are an attacker and you are able to pull it off then you will be able to get a lot of power from the person’s computer you are attacking.

This is a big deal and it is a hard attack to catch.

For some people, attacking a computer like this is very old school stuff.

Heap corruptions are somewhat newer but just attacking the memory in general is very old school.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Trackbacks

  1. […] of what the stack does. There are two sections of memory when running a program, the stack and the heap. Objects that are going to be around for a long time in your memory are stacked on the heap. […]

  2. […] This post was mentioned on Twitter by Chad Choron, Lee. Lee said: Memory Heap Corruption In Software – How Can It Open Security Holes? http://bit.ly/ciBYnu […]

Speak Your Mind

*