This commit is contained in:
7Rocky 2024-07-11 15:17:24 +02:00
parent 5332d9f994
commit 44c8081009
2 changed files with 2 additions and 2 deletions

View file

@ -590,7 +590,7 @@ int main(void)
} }
``` ```
After compiling and debugging it with a break point in the `ret` opcode of main I saw that the malloc returned the address `0xaaaaaaac12a0` and these are the chunks: After compiling and debugging it with a break point in the `ret` opcode of `main` I saw that the malloc returned the address `0xaaaaaaac12a0` and these are the chunks:
```bash ```bash
gef➤ heap chunks gef➤ heap chunks

View file

@ -29,7 +29,7 @@ Other ways to support HackTricks:
* Create a fake chunk when we want to allocate a chunk: * Create a fake chunk when we want to allocate a chunk:
* Set pointers to point to itself to bypass sanity checks * Set pointers to point to itself to bypass sanity checks
* One-byte overflow with a null byte over from one chunk to another to modify the `PREV_INUSE` flag. * One-byte overflow with a null byte from one chunk to the next one to modify the `PREV_INUSE` flag.
* Indicate in the `prev_size` of the off-by-null abused chunk the difference between itself and the fake chunk * Indicate in the `prev_size` of the off-by-null abused chunk the difference between itself and the fake chunk
* The fake chunk size must also have been set the same size to bypass sanity checks * The fake chunk size must also have been set the same size to bypass sanity checks
* For constructing these chunks, you will need a heap leak. * For constructing these chunks, you will need a heap leak.