Difference between revisions of "Heap Scanning"

From The Ghar Station Wiki
Jump to: navigation, search
(Created page with "Heap Scanning is the process of reading the details within RIFT memory space. The particulars of actually capturing the memory are not covered here, only discussion of the "H...")
 
Line 29: Line 29:
 
Allocator heap memory
 
Allocator heap memory
  
When an allocator is first created it creates a memory block that is 0x1E0 in size. This is the Heap header block and contains links to further heap blocks, sizes of heaps and other information.
+
When an allocator is first created it creates a memory entry that is 0x1E0 in size. This is the Heap header block and contains links to further heap blocks, sizes of heaps and other information.
  
This memory block is filled by the allocator with memory entries. When the block is full, a new memory block is allocated and a pointer stored in the heap header to a "heap footer".
+
The memory block is filled by the allocator with memory entries. When the block is full, a new memory block is allocated and a pointer stored in the heap header to a "heap footer".
  
 
Memory allocations are rounded to the next 8 bytes.
 
Memory allocations are rounded to the next 8 bytes.

Revision as of 02:37, 18 December 2018

Heap Scanning is the process of reading the details within RIFT memory space.

The particulars of actually capturing the memory are not covered here, only discussion of the "HoT" allocator.

RIFT uses two main methods to allocate memory.

1. Heaps 2. HotAllocators

The Heap is the standard C malloc heap. Generally this is only used by 3rd party libraries or other small functions.

The HotAllocator is a special allocator that manages it's own heap, also known as a "Tagged" heap.


HotAllocators

HotAllocators use the Win32 function VirtualAlloc to create memory.

RIFT creates two different types of Allocators, "General Purpose" and "Specialized".

The general purpose allocator is named "HoTAllocator" (where HoT stands for "Heroes of Telara" the original name of RIFT). The specialized Allocators use names like "Gamebryo" or "Audio" to indicate their purpose.

Linked List

Allocators are created and inserted into a global linked list. The first allocator is always "HotAllocator".


Allocator heap memory

When an allocator is first created it creates a memory entry that is 0x1E0 in size. This is the Heap header block and contains links to further heap blocks, sizes of heaps and other information.

The memory block is filled by the allocator with memory entries. When the block is full, a new memory block is allocated and a pointer stored in the heap header to a "heap footer".

Memory allocations are rounded to the next 8 bytes.

Heap footer

The heap footer is a structure that defines where a block of memory starts and how big it is. It also contains a pointer to the next heap memory block (and footer) if this footer is full.

Deleted blocks

It is unknown how blocks are tagged as deleted.

Memory Entries

Each memory entry is specific to it's purpose. There is no way specific way to determine what the memory block represents apart from guessing based on it's size of the allocation. Every ClientEntity block for example is always the same size.