mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-24 21:53:54 +00:00
Fix
This commit is contained in:
parent
5332d9f994
commit
44c8081009
2 changed files with 2 additions and 2 deletions
|
@ -590,7 +590,7 @@ int main(void)
|
|||
}
|
||||
```
|
||||
|
||||
After compiling and debugging it with a break point in the `ret` opcode of main I saw that the malloc returned the address `0xaaaaaaac12a0` and these are the chunks:
|
||||
After compiling and debugging it with a break point in the `ret` opcode of `main` I saw that the malloc returned the address `0xaaaaaaac12a0` and these are the chunks:
|
||||
|
||||
```bash
|
||||
gef➤ heap chunks
|
||||
|
|
|
@ -29,7 +29,7 @@ Other ways to support HackTricks:
|
|||
|
||||
* Create a fake chunk when we want to allocate a chunk:
|
||||
* Set pointers to point to itself to bypass sanity checks
|
||||
* One-byte overflow with a null byte over from one chunk to another to modify the `PREV_INUSE` flag.
|
||||
* One-byte overflow with a null byte from one chunk to the next one to modify the `PREV_INUSE` flag.
|
||||
* Indicate in the `prev_size` of the off-by-null abused chunk the difference between itself and the fake chunk
|
||||
* The fake chunk size must also have been set the same size to bypass sanity checks
|
||||
* For constructing these chunks, you will need a heap leak.
|
||||
|
|
Loading…
Reference in a new issue