mirror of
https://github.com/nganhkhoa/CTF-All-In-One.git
synced 2024-12-24 19:21:15 +07:00
fix back
This commit is contained in:
parent
663ff89121
commit
61348864dd
@ -622,7 +622,7 @@ BK->fd = FD
|
|||||||
```
|
```
|
||||||
chunk0_ptr = P = P->fd
|
chunk0_ptr = P = P->fd
|
||||||
```
|
```
|
||||||
成功地修改了 chunk0_ptr,这时 `chunk0_ptr[0]` 和 `chunk0_ptr[3]` 实际上就是同一东西:
|
成功地修改了 chunk0_ptr,这时 `chunk0_ptr` 和 `chunk0_ptr[3]` 实际上就是同一东西。这里可能会有疑惑为什么这两个东西是一样的,因为 `chunk0_ptr` 指针在是放在数据段上的,地址在 `0x601070`,指向 `0x601058`,而 `chunk0_ptr[3]` 的意思是从 `chunk0_ptr` 指向的地方开始数 3 个单位,所以 `0x601058+0x08*3=0x601070`:
|
||||||
```
|
```
|
||||||
gef➤ x/40gx 0x602010-0x10
|
gef➤ x/40gx 0x602010-0x10
|
||||||
0x602000: 0x0000000000000000 0x0000000000000091 <-- chunk 0
|
0x602000: 0x0000000000000000 0x0000000000000091 <-- chunk 0
|
||||||
|
Loading…
Reference in New Issue
Block a user