Philippe Laulheret

WORKSHOP: Visualizing memory allocations with WinDbg and p5.js

Ever wondered what the memory looks like when a heap spraying attack is ongoing? Or maybe you’d like to learn how to leverage WinDbg to instrument a binary and log useful data? Or you yearn for making pretty graphics inspired by code? Well then you’re in luck, because that’s what this workshop is about. We’ll go over how to use WinDbg’s conditional breakpoints to trigger JS callbacks in order to track memory allocations and feed the data into a graphic library to enjoy a real-time view of what’s going on.

In this workshop attendees will be provided with a script to track memory allocation via WinDbg, and send the data over Websockets to a p5.js script so as to visualize how memory is changing over time. The workshop will be split between going over the various components provided and some hands on exercise to solidify these concepts. If you want to do the exercise along the way, please come with a working Windows VM with WinDbg installed. Having a disassembler/decompiler installed is also recommended.

Philippe Laulheret is a Senior Vulnerability Researcher at Cisco Talos specializing in Reverse Engineering and Vulnerability Research. Philippe uses his background in Embedded Security and Software Engineering to poke at complex systems and get them to behave in interesting ways. Philippe presented multiple projects covering hardware hacking, reverse engineering and exploitation at DEF CON, Hardwear.io and Ekoparty. In his spare time, Philippe enjoys playing CTFs, immersing himself in the beauty of the Pacific Northwest, and exploring the realm of Creative Coding. Philippe holds a MSc in Computer Science from Georgia Tech and a MSc in Electrical and Computer Engineering from Supélec (France).