查看保护措施,RelRO为Partial,即可以修改GOT表项
![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/283311e8b7b09e88f7523bb9fb8d1081.png)
用IDA分析一下
这个题目,定义了一种heap结构体,大概如下
struct heap
{
int size;
int content;
}
下面是main函数,定义了菜单选项,按选项调用相关函数。
int __cdecl main(int argc, const char **argv, const char **envp)
{
char buf;
unsigned __int64 v4;
v4 = __readfsqword(0x28u);
setvbuf(_bss_start, 0LL, 2, 0LL);
setvbuf(stdin, 0LL, 2, 0LL);
while ( 1 )
{
menu();
read(0, &buf, 4uLL);
switch ( atoi(&buf) )
{
case 1:
create_heap();
break;
case 2:
edit_heap();
break;
case 3:
show_heap();
break;
case 4:
delete_heap();
break;
case 5:
exit(0);
return;
default:
puts("Invalid Choice");
break;
}
}
}
create_heap函数,创建heap结构体
unsigned __int64 create_heap()
{
_QWORD *v0;
signed int i;
size_t size;
char buf;
unsigned __int64 v5;
v5 = __readfsqword(0x28u);
for ( i = 0; i <= 9; ++i )
{
if ( !heaparray[i] )
{
heaparray[i] = malloc(0x10uLL);
if ( !heaparray[i] )
{
puts("Allocate Error");
exit(1);
}
printf("Size of Heap : ");
read(0, &buf, 8uLL);
size = atoi(&buf);
v0 = heaparray[i];
v0[1] =