Phoenix exploit education heap-zero

Phoenix heap zero Premier exercice heap de la suite Phoenix exploit education. Débordement de mémoire dans le tas. Le source struct data { char name[64]; }; struct fp { void (*fp)(); char __pad[64 - sizeof(unsigned long)]; }; void winner() { printf("Congratulations, you have passed this level\n"); } void nowinner() { printf( "level has not been passed - function pointer has not been " "overwritten\n"); } int main(int argc, char **argv) { struct data *d; struct fp *f; printf("%s\n", BANNER); if (argc < 2) { printf("Please specify an argument to copy :-)\n"); exit(1); } d = malloc(sizeof(struct data)); f = malloc(sizeof(struct fp)); f->fp = nowinner; strcpy(d->name, argv[1]); printf("data is at %p, fp is at %p, will be calling %p\n", d, f, f->fp); fflush(stdout); f->fp(); return 0; } Solution L’allocation de la structure data ayant eu lieu juste avant la structure fp les deux blocs mémoire doivent se suivre.