https://github.com/kraj/glibc/blob/master/malloc/malloc.c 몇 부분만 정리 void *__libc_malloc (size_t bytes){ mstate ar_ptr; void *victim; void *(*hook) (size_t, const void *) = atomic_forced_read (__malloc_hook); if (__builtin_expect (hook != NULL, 0)) return (*hook)(bytes, RETURN_ADDRESS (0));#if USE_TCACHE /* int_free also calls request2size, be careful to not pad twice. */ size_t tbytes; checked_re..
2018/08/24
Category : pwnable nc pwn03.grandprix.whitehatvn.com 2023file: material.grandprix.whitehatvn.com/pwn03Note: libc has been modified Summary : uninitialized variable leads to bof, redsled with vsyscall, modified libc (contains special gadget), close(0);close(1); Process(1) PoW 과정에서 stack 에 입력받는 데이터로 나중에 uninitialized variable를 control 가능.(2) uninitialized variable이 read의 size로 사용돼서 system(0) 호출시켜서..
