Who Allocated My Memory? Detecting Custom Memory Allocators in C Binaries

Provided by: Vrije Universiteit
Topic: Storage
Format: PDF
Many reversing techniques for data structures rely on the knowledge of memory allocation routines. Typically, they interpose on the system's malloc and free functions, and track each chunk of memory thus allocated as a data structure. However, many performance-critical applications implement their own custom memory allocators. Examples include web servers, database management systems, and compilers like gcc and clang. As a result, current binary analysis techniques for tracking data structures fail on such binaries. The authors present MemBrush, a new tool to detect memory allocation and deallocation functions in stripped binaries with high accuracy.

Find By Topic