Difference between revisions of "KHeapChunkHeader"

Revision as of 21:37, 27 September 2015

This is the header stored at the beginning of unused blocks of FCRAM memory. The kernel maintains these structures to keep a list of free blocks and their sizes.

By overwriting the pointers in instances of this struct (e.g. using an attack like gspwn) and then (de)allocating memory, one can achieve a controlled ARM11 kernel-mode write on system versions up to 9.2 (memchunkhax).

Size : 0xC bytes?

Offset	Type	Description
0x0	u32	Size in pages
0x4	KHeapHeader*	Next
0x8	KHeapHeader*	Prev

Revision as of 19:25, 27 September 2015 (edit) Bond697 (talk \| contribs) (Absolutely fucking not) ← Older edit		Revision as of 21:37, 27 September 2015 (edit) (undo) Yuriks (talk \| contribs) Newer edit →
Line 1:		Line 1:
−	This is the header stored in FCRAM ~~for each FCRAM heap chunk~~. The kernel maintains ~~this structure~~.	+	This is the header stored at the beginning of unused blocks of FCRAM memory. The kernel maintains these structures to keep a list of free blocks and their sizes.

−	An attack like gspwn can ~~be used to overwrite instances of this header in order to exploit the~~ ARM11 kernel on system versions ~~below~~ 9.3 ([[3DS_System_Flaws#Kernel11\|memchunkhax]]).	+	By overwriting the pointers in instances of this struct (e.g. using an attack like gspwn) and then (de)allocating memory, one can achieve a controlled ARM11 kernel-mode write on system versions up to 9.2 ([[3DS_System_Flaws#Kernel11\|memchunkhax]]).

Difference between revisions of "KHeapChunkHeader"

Revision as of 21:37, 27 September 2015

Navigation menu

Search