Why does the Windows heap obfuscate heap headers with that XOR stuff? If it's to try to keep malware from walking the heap it's obviously not very effective.
It’s not to keep malware from walking the heap, it’s just a simple protection against simple buffer overflow attacks. If a process running on your computer has a fixed–sized buffer allocated on the heap and I send too much data to fit in the buffer then part of what I send will overwrite whatever comes after that buffer in memory. Well, that means that it will overwrite the heap header objects that windows uses for memory management too. That can be an important step in exploiting the overflow bug.
But Windows picks a random number for each heap and XORs the heap header with it. This means that every time you run the program the headers have to be XORd with a different random number before Windows can understand them. I have no way of predicting what that number is, so the malicious data that I send won’t be XORd with the right number to fool Windows.
Why does the Windows heap obfuscate heap headers with that XOR stuff? If it's to try to keep malware from walking the heap it's obviously not very effective.
It’s not to keep malware from walking the heap, it’s just a simple protection against simple buffer overflow attacks. If a process running on your computer has a fixed–sized buffer allocated on the heap and I send too much data to fit in the buffer then part of what I send will overwrite whatever comes after that buffer in memory. Well, that means that it will overwrite the heap header objects that windows uses for memory management too. That can be an important step in exploiting the overflow bug.
But Windows picks a random number for each heap and XORs the heap header with it. This means that every time you run the program the headers have to be XORd with a different random number before Windows can understand them. I have no way of predicting what that number is, so the malicious data that I send won’t be XORd with the right number to fool Windows.
Presumably for much the same reason glibc has all the heap protections?
Way to make clickbait titles.
The title seems to describe exactly what the video is about. What made it seem like clickbait to you?
“This video is restricted. Please check the Google Workspace administrator and/or the network administrator restrictions”
No restricted for me, either on or off VPN. This might actually be an account issue on your side? Maybe a work account?