堆学习日记

vm-Pwn (2)

ByteCTF ezarch

vm-Pwn (1)

RoarCTF ez_op

安洵杯 MIPS

MIPS 环境搭建 wp

湖湘杯 wp

HackNote和NameSystem的wp

巅峰极客 ichunqiu wp

Snote和Pwn的wp

RoarCTF wp

easypwn和realloc_magic的wp

overlap方法小结

本文不考虑和top合并, 并且大小非fastbin。实际做题的时候得要考虑top。 free时overlappoison_null_byteP(P是size被null的块)|Q 需要构造的点: 1231. chunksize(P) == prev_size (next_chunk(P)) //因为offbyone...

xman wp

weapon store/curse note/1000levels的wp

ByteCtf note_five两种解法

heap ; offbyone ; chuck size 0x8f ~ 0x400 ; no show