mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 04:33:28 +00:00
Fix
This commit is contained in:
parent
5332d9f994
commit
44c8081009
2 changed files with 2 additions and 2 deletions
|
@ -590,7 +590,7 @@ int main(void)
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
After compiling and debugging it with a break point in the `ret` opcode of main I saw that the malloc returned the address `0xaaaaaaac12a0` and these are the chunks:
|
After compiling and debugging it with a break point in the `ret` opcode of `main` I saw that the malloc returned the address `0xaaaaaaac12a0` and these are the chunks:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
gef➤ heap chunks
|
gef➤ heap chunks
|
||||||
|
|
|
@ -29,7 +29,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
* Create a fake chunk when we want to allocate a chunk:
|
* Create a fake chunk when we want to allocate a chunk:
|
||||||
* Set pointers to point to itself to bypass sanity checks
|
* Set pointers to point to itself to bypass sanity checks
|
||||||
* One-byte overflow with a null byte over from one chunk to another to modify the `PREV_INUSE` flag.
|
* One-byte overflow with a null byte from one chunk to the next one to modify the `PREV_INUSE` flag.
|
||||||
* Indicate in the `prev_size` of the off-by-null abused chunk the difference between itself and the fake chunk
|
* Indicate in the `prev_size` of the off-by-null abused chunk the difference between itself and the fake chunk
|
||||||
* The fake chunk size must also have been set the same size to bypass sanity checks
|
* The fake chunk size must also have been set the same size to bypass sanity checks
|
||||||
* For constructing these chunks, you will need a heap leak.
|
* For constructing these chunks, you will need a heap leak.
|
||||||
|
|
Loading…
Reference in a new issue