diff --git a/doc/3.3.6_heap_exploit_1.md b/doc/3.3.6_heap_exploit_1.md index 4888081..4f730af 100644 --- a/doc/3.3.6_heap_exploit_1.md +++ b/doc/3.3.6_heap_exploit_1.md @@ -622,7 +622,7 @@ BK->fd = FD ``` chunk0_ptr = P = P->fd ``` -成功地修改了 chunk0_ptr,这时 `chunk0_ptr` 和 `chunk0_ptr[3]` 实际上就是同一东西: +成功地修改了 chunk0_ptr,这时 `chunk0_ptr[0]` 和 `chunk0_ptr[3]` 实际上就是同一东西: ``` gef➤ x/40gx 0x602010-0x10 0x602000: 0x0000000000000000 0x0000000000000091 <-- chunk 0