湖湘杯 wp

HackNote和NameSystem的wp

巅峰极客 ichunqiu wp

Snote和Pwn的wp

RoarCTF wp

easypwn和realloc_magic的wp

overlap方法小结

本文不考虑和top合并, 并且大小非fastbin。实际做题的时候得要考虑top。 free时overlappoison_null_byteP(P是size被null的块)|Q 需要构造的点: 1231. chunksize(P) == prev_size (next_chunk(P)) //因为offbyone...

xman wp

weapon store/curse note/1000levels的wp

ByteCtf note_five两种解法

heap ; offbyone ; chuck size 0x8f ~ 0x400 ; no show

ida打patch学习

ida打patch

pwnable-201906

练习[fd][col][flag][random][unlink][passcode][leg][shellshock]