包含标签 heap 的文章

heap: chunks and bins

2023年2月9日
| pwn
chunks 在x86_64上chunk多加16字节的metadata,x86上多加8字节的meatadata metadata := prev size + size + flags(A,M,P) prev size: 前面相邻chunk被free,则代表前chunk大小 size:代表chunk大小 P(0x01): Previous in Use ,表示前面的chunk是否已分配在使用,P == 0,该chunk之前的chun……

阅读全文

use after free

2021年6月4日
| pwn
配置docker环境 ### pull ubuntu 16.04 image sudo docker pull ubuntu:16.04 ### 进入终端 sudo docker run -ti --rm ubuntu:16.04 /bin/bash ### 安装gcc apt update && apt install gcc ### gcc 版本 root@687e398bdbdb:/# gcc --version gcc (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0 20160609 Copyright (C) 2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ### 安装 radare2 apt install radare2 漏洞程序 #include <err.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> struct data { char name[64]; }; struct fp { void (*fp)(); char __pad[64 - sizeof(unsigned long)]; }; void winner() { printf("Congratulations, you have passed this level\n"); } void nowinner() { printf( "level has……

阅读全文