前置知识Tcache头插头取，FILOtcache_perthread_struct 1234567891011121314/* There is one of these for each thread, which contains the per-thread cache (hence "tcache_perthread_struct"). Keeping ...

堆堆块（Chunk）堆块（Chunk）的结构： 1234567891011121314chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Size of previous chunk, if unallocated (P clear) | /...

0x01安装docker desktop 因本人尝试在kali安装docker未成功, 故最后使用傻瓜式安装的docker desktop 打开 docker官网 (访问本网站需要magic 能看到我文章的应该都会magic吧) 下载docker desktop并安装 1.1给docker换源将如下代码复制到docker engine中 1234567891011121314151617...

malloc流程重要的数据结构1.malloc_state首先便是我们经常接触的arena 123456789101112131415161718192021222324252627282930313233343536373839struct malloc_state{ /* Serialize access. */ mutex_t mutex; /* Flags (for...

0x01 堆常见泄露方式首先main_arena是一个存在于libc上的结构体,上面维护了一些指针,如下图(以64位为例): 黄色的部分是 fastbins 单链表,每个链表存储特定大小的 chunk , LIFO后进先出 绿色的部分是 topchunk ,存储着 topchunk 的 chunk 首地址 紫色的部分是 last_remainder ,存储着 melloc 时切割剩余的部...

Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, you can find the answer in troubleshooting or you can ask me on GitHub. Qu...