堆&栈
堆&栈
0xwangliang
热爱可抵岁月漫长
QQ 1993250372 CPDD
展开
-
堆溢出 对HeapFree函数的详细调试
代码#include <windows.h>int main(){ HLOCAL h1,h2,h3,h4,h5,h6; HANDLE hp; hp = HeapCreate(0,0x1000,0x10000); _asm int 3 h1 = HeapAlloc(hp,HEAP_ZERO_MEMORY,3); h2 = HeapAlloc(hp,HEAP_ZERO_MEMORY,5); h3 = HeapAlloc(hp,HEAP_ZERO_MEMORY,6); h4原创 2020-09-23 18:28:51 · 1511 阅读 · 0 评论 -
堆溢出 对HeapAlloc函数的详细调试
代码#include <windows.h>int main(){ HLOCAL h1,h2,h3,h4,h5,h6; HANDLE hp; hp = HeapCreate(0,0x1000,0x10000); _asm int 3 h1 = HeapAlloc(hp,HEAP_ZERO_MEMORY,3); h2 = HeapAlloc(hp,HEAP_ZERO_MEMORY,5); h3 = HeapAlloc(hp,HEAP_ZERO_MEMORY,6); h4原创 2020-09-23 01:11:21 · 766 阅读 · 0 评论 -
栈溢出 狙击S.E.H
代码#include <windows.h>char shellcode[] = "\x90\x90\x90\x90……";DWORD MyExceptionhandler(void){printf("got an exception, press Enter to kill process!\n");getchar();ExitProcess(1);}void test(char * input){char buf[200];int zero=0;__asm int原创 2020-09-23 22:49:09 · 241 阅读 · 0 评论 -
堆溢出 代码植入 狙击RtlEnterCriticalSection()函数指针
代码#include <windows.h>char shellcode[]="\x90\x90\x90\x90\x90\x90\x90\x90……";int main(){ HLOCAL h1 = 0, h2 = 0; HANDLE hp; hp = HeapCreate(0,0x1000,0x10000); h1 = HeapAlloc(hp,HEAP_ZERO_MEMORY,200); __asm int 3 //used to break process memcpy原创 2020-09-20 21:37:56 · 2524 阅读 · 0 评论 -
栈溢出 利用jmp esp绕过栈帧移位
实验代码#include<stdio.h>#include<windows.h>#define PASSWORD "1234567"int verify_password(char *password){ int authenticated; char buffer[44]; authenticated = strcmp(password,PASSWORD); strcpy(buffer,password);//overflowed return authenti原创 2020-09-16 00:10:08 · 566 阅读 · 0 评论 -
栈溢出 代码植入
实验代码#include<stdio.h>#include<windows.h>#define PASSWORD "1234567"int verify_password(char *password){ int authenticated; char buffer[44]; authenticated = strcmp(password,PASSWORD); strcpy(buffer,password);//overflowed return authenti原创 2020-09-15 17:54:25 · 352 阅读 · 0 评论 -
栈溢出 控制程序的执行流程
实验代码#include<stdio.h>#include<string.h>#include<stdlib.h>#define PASSWORD "1234567"int verify_password (char *password){ int authenticated; char buffer[8]; authenticated=strcmp(password,PASSWORD); strcpy(buffer,password);//overf原创 2020-09-15 00:58:42 · 392 阅读 · 0 评论