From 44c8081009a7e4bd509feaf5b924b404beae08b7 Mon Sep 17 00:00:00 2001 From: 7Rocky Date: Thu, 11 Jul 2024 15:17:24 +0200 Subject: [PATCH] Fix --- binary-exploitation/libc-heap/bins-and-memory-allocations.md | 2 +- binary-exploitation/libc-heap/house-of-einherjar.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/binary-exploitation/libc-heap/bins-and-memory-allocations.md b/binary-exploitation/libc-heap/bins-and-memory-allocations.md index b190e84b9..a41d38be1 100644 --- a/binary-exploitation/libc-heap/bins-and-memory-allocations.md +++ b/binary-exploitation/libc-heap/bins-and-memory-allocations.md @@ -590,7 +590,7 @@ int main(void) } ``` -After compiling and debugging it with a break point in the `ret` opcode of main I saw that the malloc returned the address `0xaaaaaaac12a0` and these are the chunks: +After compiling and debugging it with a break point in the `ret` opcode of `main` I saw that the malloc returned the address `0xaaaaaaac12a0` and these are the chunks: ```bash gef➤ heap chunks diff --git a/binary-exploitation/libc-heap/house-of-einherjar.md b/binary-exploitation/libc-heap/house-of-einherjar.md index b4a4edeca..21b9d90a5 100644 --- a/binary-exploitation/libc-heap/house-of-einherjar.md +++ b/binary-exploitation/libc-heap/house-of-einherjar.md @@ -29,7 +29,7 @@ Other ways to support HackTricks: * Create a fake chunk when we want to allocate a chunk: * Set pointers to point to itself to bypass sanity checks -* One-byte overflow with a null byte over from one chunk to another to modify the `PREV_INUSE` flag. +* One-byte overflow with a null byte from one chunk to the next one to modify the `PREV_INUSE` flag. * Indicate in the `prev_size` of the off-by-null abused chunk the difference between itself and the fake chunk * The fake chunk size must also have been set the same size to bypass sanity checks * For constructing these chunks, you will need a heap leak.