Malloc Maleficarum复盘
1.hos复盘
hos即伪造堆块,free栈上地址,然后下一个malloc去分配一个fastbin(栈上),包含返回地址。
代码来源
他这个我直接复现有问题,咨询了joker师傅,应该是gcc版本问题,导致局部变量位置不同。所以我直接gdb里暴力set去搞,反正就是个demo,学习下原理就好。
# muhe @ ubuntu in ~/Desktop/study [2:54:31]
$ ls
hos hos.c
# muhe @ ubuntu in ~/Desktop/study [2:54:33]
$ cat hos.c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void fvuln(char *str1, int age)
{
char *ptr1;
int local_age;
char name[32];
char *ptr2;
local_age = age;
ptr1 = (char *) malloc(256);
printf("\nPTR1 = [ %p ]", ptr1);
strcpy(name, str1);
printf("\nPTR1 = [ %p ]\n", ptr1);
free(ptr1);
ptr2 = (char *) malloc(40);
snprintf(ptr2, 40-1, "%s is %d years old", name, local_age);
printf("\n%s\n", ptr2);
}
int main(int argc, char *argv[])
{
int pad[10] = {0, 0, 0, 0, 0, 0, 0, 10, 0, 0};
if (argc == 3)
fvuln(argv[1], atoi(argv[2]));
return 0;
}
# muhe @ ubuntu in ~/Desktop/study [2:54:35]
$ gcc hos.c -m32 -fno-stack-protector -mpreferred-stack-boundary=2 -mno-accumulate-outgoing-args -z execstack -o hos -g
# muhe @ ubuntu in ~/Desktop/study [2:54:45]
$ gdb ./hos -q
Reading symbols from ./hos...done.
gdb-peda$ pdisass fvuln
Dump of assembler code for function fvuln:
0x080484fb <+0>: push ebp
0x080484fc <+1>: mov ebp,esp
0x080484fe <+3>: sub esp,0x2c
0x08048501 <+6>: mov eax,DWORD PTR [ebp+0xc]
0x08048504 <+9>: mov DWORD PTR [ebp-0x4],eax
0x08048507 <+12>: push 0x100
0x0804850c <+17>: call 0x80483b0 <malloc@plt>
0x08048511 <+22>: add esp,0x4
0x08048514 <+25>: mov DWORD PTR [ebp-0x8],eax
0x08048517 <+28>: push DWORD PTR [ebp-0x8]
0x0804851a <+31>: push 0x8048660
0x0804851f <+36>: call 0x8048380 <printf@plt>
0x08048524 <+41>: add esp,0x8
0x08048527 <+44>: push DWORD PTR [ebp+0x8]
0x0804852a <+47>: lea eax,[ebp-0x2c]
0x0804852d <+50>: push eax
0x0804852e <+51>: call 0x80483a0 <strcpy@plt>
0x08048533 <+56>: add esp,0x8
0x08048536 <+59>: push DWORD PTR [ebp-0x8]
0x08048539 <+62>: push 0x804866f
0x0804853e <+67>: call 0x8048380 <printf@plt>
0x08048543 <+72>: add esp,0x8
0x08048546 <+75>: push DWORD PTR [ebp-0x8]
0x08048549 <+78>: call 0x8048390 <free@plt>
0x0804854e <+83>: add esp,0x4
0x08048551 <+86>: push 0x28
0x08048553 <+88>: call 0x80483b0 <malloc@plt>
0x08048558 <+93>: add esp,0x4
0x0804855b <+96>: mov DWORD PTR [ebp-0xc],eax
0x0804855e <+99>: push DWORD PTR [ebp-0x4]
0x08048561 <+102>: lea eax,[ebp-0x2c]
0x08048564 <+105>: push eax
0x08048565 <+106>: push 0x804867f
0x0804856a <+111>: push 0x27
0x0804856c <+113>: push DWORD PTR [ebp-0xc]
0x0804856f <+116>: call 0x80483d0 <snprintf@plt>
0x08048574 <+121>: add esp,0x14
0x08048577 <+124>: push DWORD PTR [ebp-0xc]
0x0804857a <+127>: push 0x8048692
0x0804857f <+132>: call 0x8048380 <printf@plt>
0x08048584 <+137>: add esp,0x8
0x08048587 <+140>: nop
0x08048588 <+141>: leave
0x08048589 <+142>: ret
End of assembler dump.
gdb-peda$ b *0x0804850c
Breakpoint 1 at 0x804850c: file hos.c, line 14.
gdb-peda$ b *0x0804852e
Breakpoint 2 at 0x804852e: file hos.c, line 16.
gdb-peda$ b *0x08048549
Breakpoint 3 at 0x8048549: file hos.c, line 19.
gdb-peda$ b *0x08048553
Breakpoint 4 at 0x8048553: file hos.c, line 21.
gdb-peda$ r aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbcccc 20
Starting program: /home/muhe/Desktop/study/hos aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbcccc 20
[----------------------------------registers-----------------------------------]
EAX: 0x14
EBX: 0x0
ECX: 0x0
EDX: 0x14
ESI: 0xf7fb9000 --> 0x1aedb0
EDI: 0xffffd584 --> 0xf7fb9000 --> 0x1aedb0
EBP: 0xffffd54c --> 0xffffd588 --> 0x0
ESP: 0xffffd51c --> 0x100
EIP: 0x804850c (<fvuln+17>: call 0x80483b0 <malloc@plt>)
EFLAGS: 0x282 (carry parity adjust zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x8048501 <fvuln+6>: mov eax,DWORD PTR [ebp+0xc]
0x8048504 <fvuln+9>: mov DWORD PTR [ebp-0x4],eax
0x8048507 <fvuln+12>: push 0x100
=> 0x804850c <fvuln+17>: call 0x80483b0 <malloc@plt>
0x8048511 <fvuln+22>: add esp,0x4
0x8048514 <fvuln+25>: mov DWORD PTR [ebp-0x8],eax
0x8048517 <fvuln+28>: push DWORD PTR [ebp-0x8]
0x804851a <fvuln+31>: push 0x8048660
Guessed arguments:
arg[0]: 0x100
arg[1]: 0x0
[------------------------------------stack-------------------------------------]
0000| 0xffffd51c --> 0x100
0004| 0xffffd520 --> 0x0
0008| 0xffffd524 --> 0xffffd5c4 --> 0x61b64d7e
0012| 0xffffd528 --> 0xf7fe76db (add esi,0x15925)
0016| 0xffffd52c --> 0x0
0020| 0xffffd530 --> 0xf7e39c45 (<strtol+5>: add eax,0x17f3bb)
0024| 0xffffd534 --> 0xf7e37040 (<atoi+16>: add esp,0x1c)
0028| 0xffffd538 --> 0xffffd851 --> 0x58003032 ('20')
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Breakpoint 1, 0x0804850c in fvuln (str1=0xffffd828 'a' <repeats 32 times>, "bbbbcccc", age=0x14) at hos.c:14
14 ptr1 = (char *) malloc(256);
gdb-peda$ c
Continuing.
[----------------------------------registers-----------------------------------]
EAX: 0xffffd520 --> 0x0
EBX: 0x0
ECX: 0x7fffffec
EDX: 0xf7fba870 --> 0x0
ESI: 0xf7fb9000 --> 0x1aedb0
EDI: 0xffffd584 --> 0xf7fb9000 --> 0x1aedb0
EBP: 0xffffd54c --> 0xffffd588 --> 0x0
ESP: 0xffffd518 --> 0xffffd520 --> 0x0
EIP: 0x804852e (<fvuln+51>: call 0x80483a0 <strcpy@plt>)
EFLAGS: 0x292 (carry parity ADJUST zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x8048527 <fvuln+44>: push DWORD PTR [ebp+0x8]
0x804852a <fvuln+47>: lea eax,[ebp-0x2c]
0x804852d <fvuln+50>: push eax
=> 0x804852e <fvuln+51>: call 0x80483a0 <strcpy@plt>
0x8048533 <fvuln+56>: add esp,0x8
0x8048536 <fvuln+59>: push DWORD PTR [ebp-0x8]
0x8048539 <fvuln+62>: push 0x804866f
0x804853e <fvuln+67>: call 0x8048380 <printf@plt>
Guessed arguments:
arg[0]: 0xffffd520 --> 0x0
arg[1]: 0xffffd828 ('a' <repeats 32 times>, "bbbbcccc")
[------------------------------------stack-------------------------------------]
0000| 0xffffd518 --> 0xffffd520 --> 0x0
0004| 0xffffd51c --> 0xffffd828 ('a' <repeats 32 times>, "bbbbcccc")
0008| 0xffffd520 --> 0x0
0012| 0xffffd524 --> 0xffffd5c4 --> 0x61b64d7e
0016| 0xffffd528 --> 0xf7fe76db (add esi,0x15925)
0020| 0xffffd52c --> 0x0
0024| 0xffffd530 --> 0xf7e39c45 (<strtol+5>: add eax,0x17f3bb)
0028| 0xffffd534 --> 0xf7e37040 (<atoi+16>: add esp,0x1c)
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Breakpoint 2, 0x0804852e in fvuln (str1=0xffffd828 'a' <repeats 32 times>, "bbbbcccc", age=0x14) at hos.c:16
16 strcpy(name, str1);
gdb-peda$ c
Continuing.
PTR1 = [ 0x804b008 ]
PTR1 = [ 0x63636363 ]
[----------------------------------registers-----------------------------------]
EAX: 0x17
EBX: 0x0
ECX: 0x7fffffeb
EDX: 0xf7fba870 --> 0x0
ESI: 0xf7fb9000 --> 0x1aedb0
EDI: 0xffffd584 --> 0xf7fb9000 --> 0x1aedb0
EBP: 0xffffd54c --> 0xffffd588 --> 0x0
ESP: 0xffffd51c ("cccc", 'a' <repeats 32 times>, "bbbbcccc")
EIP: 0x8048549 (<fvuln+78>: call 0x8048390 <free@plt>)
EFLAGS: 0x292 (carry parity ADJUST zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x804853e <fvuln+67>: call 0x8048380 <printf@plt>
0x8048543 <fvuln+72>: add esp,0x8
0x8048546 <fvuln+75>: push DWORD PTR [ebp-0x8]
=> 0x8048549 <fvuln+78>: call 0x8048390 <free@plt>
0x804854e <fvuln+83>: add esp,0x4
0x8048551 <fvuln+86>: push 0x28
0x8048553 <fvuln+88>: call 0x80483b0 <malloc@plt>
0x8048558 <fvuln+93>: add esp,0x4
Guessed arguments:
arg[0]: 0x63636363 ('cccc')
[------------------------------------stack-------------------------------------]
0000| 0xffffd51c ("cccc", 'a' <repeats 32 times>, "bbbbcccc")
0004| 0xffffd520 ('a' <repeats 32 times>, "bbbbcccc")
0008| 0xffffd524 ('a' <repeats 28 times>, "bbbbcccc")
0012| 0xffffd528 ('a' <repeats 24 times>, "bbbbcccc")
0016| 0xffffd52c ('a' <repeats 20 times>, "bbbbcccc")
0020| 0xffffd530 ('a' <repeats 16 times>, "bbbbcccc")
0024| 0xffffd534 ('a' <repeats 12 times>, "bbbbcccc")
0028| 0xffffd538 ("aaaaaaaabbbbcccc")
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Breakpoint 3, 0x08048549 in fvuln (str1=0xffffd828 'a' <repeats 32 times>, "bbbbcccc", age=0x14) at hos.c:19
19 free(ptr1);
gdb-peda$ x/10wx $esp
0xffffd51c: 0x63636363 0x61616161 0x61616161 0x61616161
0xffffd52c: 0x61616161 0x61616161 0x61616161 0x61616161
0xffffd53c: 0x61616161 0x62626262
gdb-peda$ set *(int*)0xffffd51c = 0xffffd530
gdb-peda$ x/10wx 0xffffd530 - 8
0xffffd528: 0x61616161 0x61616161 0x61616161 0x61616161
0xffffd538: 0x61616161 0x61616161 0x62626262 0x63636363
0xffffd548: 0x00000000 0xffffd588
gdb-peda$ set *(int*)0xffffd528=0x0
gdb-peda$ set *(int*)0xffffd52c=0x31
gdb-peda$ x/10wx 0xffffd530 - 8 + 0x30
0xffffd558: 0x00000014 0x00000000 0x00000000 0x00000000
0xffffd568: 0x00000000 0x00000000 0x00000000 0x00000000
0xffffd578: 0x0000000a 0x00000000
gdb-peda$ set *(int*)0xffffd558 = 0x31
gdb-peda$ set *(int*)0xffffd55c = 0x30
gdb-peda$ ni
[----------------------------------registers-----------------------------------]
EAX: 0x0
EBX: 0x0
ECX: 0xf7fb9000 --> 0x1aedb0
EDX: 0x0
ESI: 0xf7fb9000 --> 0x1aedb0
EDI: 0xffffd584 --> 0xf7fb9000 --> 0x1aedb0
EBP: 0xffffd54c --> 0xffffd588 --> 0x0
ESP: 0xffffd51c --> 0xffffd530 --> 0x0
EIP: 0x804854e (<fvuln+83>: add esp,0x4)
EFLAGS: 0x292 (carry parity ADJUST zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x8048543 <fvuln+72>: add esp,0x8
0x8048546 <fvuln+75>: push DWORD PTR [ebp-0x8]
0x8048549 <fvuln+78>: call 0x8048390 <free@plt>
=> 0x804854e <fvuln+83>: add esp,0x4
0x8048551 <fvuln+86>: push 0x28
0x8048553 <fvuln+88>: call 0x80483b0 <malloc@plt>
0x8048558 <fvuln+93>: add esp,0x4
0x804855b <fvuln+96>: mov DWORD PTR [ebp-0xc],eax
[------------------------------------stack-------------------------------------]
0000| 0xffffd51c --> 0xffffd530 --> 0x0
0004| 0xffffd520 ("aaaaaaaa")
0008| 0xffffd524 ("aaaa")
0012| 0xffffd528 --> 0x0
0016| 0xffffd52c --> 0x31 ('1')
0020| 0xffffd530 --> 0x0
0024| 0xffffd534 ('a' <repeats 12 times>, "bbbbcccc")
0028| 0xffffd538 ("aaaaaaaabbbbcccc")
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
0x0804854e 19 free(ptr1);
gdb-peda$ ni
[----------------------------------registers-----------------------------------]
EAX: 0x0
EBX: 0x0
ECX: 0xf7fb9000 --> 0x1aedb0
EDX: 0x0
ESI: 0xf7fb9000 --> 0x1aedb0
EDI: 0xffffd584 --> 0xf7fb9000 --> 0x1aedb0
EBP: 0xffffd54c --> 0xffffd588 --> 0x0
ESP: 0xffffd520 ("aaaaaaaa")
EIP: 0x8048551 (<fvuln+86>: push 0x28)
EFLAGS: 0x292 (carry parity ADJUST zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x8048546 <fvuln+75>: push DWORD PTR [ebp-0x8]
0x8048549 <fvuln+78>: call 0x8048390 <free@plt>
0x804854e <fvuln+83>: add esp,0x4
=> 0x8048551 <fvuln+86>: push 0x28
0x8048553 <fvuln+88>: call 0x80483b0 <malloc@plt>
0x8048558 <fvuln+93>: add esp,0x4
0x804855b <fvuln+96>: mov DWORD PTR [ebp-0xc],eax
0x804855e <fvuln+99>: push DWORD PTR [ebp-0x4]
[------------------------------------stack-------------------------------------]
0000| 0xffffd520 ("aaaaaaaa")
0004| 0xffffd524 ("aaaa")
0008| 0xffffd528 --> 0x0
0012| 0xffffd52c --> 0x31 ('1')
0016| 0xffffd530 --> 0x0
0020| 0xffffd534 ('a' <repeats 12 times>, "bbbbcccc")
0024| 0xffffd538 ("aaaaaaaabbbbcccc")
0028| 0xffffd53c ("aaaabbbbcccc")
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
21 ptr2 = (char *) malloc(40);
gdb-peda$ ni
[----------------------------------registers-----------------------------------]
EAX: 0x0
EBX: 0x0
ECX: 0xf7fb9000 --> 0x1aedb0
EDX: 0x0
ESI: 0xf7fb9000 --> 0x1aedb0
EDI: 0xffffd584 --> 0xf7fb9000 --> 0x1aedb0
EBP: 0xffffd54c --> 0xffffd588 --> 0x0
ESP: 0xffffd51c --> 0x28 ('(')
EIP: 0x8048553 (<fvuln+88>: call 0x80483b0 <malloc@plt>)
EFLAGS: 0x292 (carry parity ADJUST zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x8048549 <fvuln+78>: call 0x8048390 <free@plt>
0x804854e <fvuln+83>: add esp,0x4
0x8048551 <fvuln+86>: push 0x28
=> 0x8048553 <fvuln+88>: call 0x80483b0 <malloc@plt>
0x8048558 <fvuln+93>: add esp,0x4
0x804855b <fvuln+96>: mov DWORD PTR [ebp-0xc],eax
0x804855e <fvuln+99>: push DWORD PTR [ebp-0x4]
0x8048561 <fvuln+102>: lea eax,[ebp-0x2c]
Guessed arguments:
arg[0]: 0x28 ('(')
[------------------------------------stack-------------------------------------]
0000| 0xffffd51c --> 0x28 ('(')
0004| 0xffffd520 ("aaaaaaaa")
0008| 0xffffd524 ("aaaa")
0012| 0xffffd528 --> 0x0
0016| 0xffffd52c --> 0x31 ('1')
0020| 0xffffd530 --> 0x0
0024| 0xffffd534 ('a' <repeats 12 times>, "bbbbcccc")
0028| 0xffffd538 ("aaaaaaaabbbbcccc")
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Breakpoint 4, 0x08048553 in fvuln (str1=0xffffd828 'a' <repeats 32 times>, "bbbbcccc", age=0x31) at hos.c:21
21 ptr2 = (char *) malloc(40);
gdb-peda$ ni
[----------------------------------registers-----------------------------------]
EAX: 0xffffd530 --> 0x0
EBX: 0x0
ECX: 0xf7fb9780 --> 0x0
EDX: 0xffffd530 --> 0x0
ESI: 0xf7fb9000 --> 0x1aedb0
EDI: 0xffffd584 --> 0xf7fb9000 --> 0x1aedb0
EBP: 0xffffd54c --> 0xffffd588 --> 0x0
ESP: 0xffffd51c --> 0x28 ('(')
EIP: 0x8048558 (<fvuln+93>: add esp,0x4)
EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x804854e <fvuln+83>: add esp,0x4
0x8048551 <fvuln+86>: push 0x28
0x8048553 <fvuln+88>: call 0x80483b0 <malloc@plt>
=> 0x8048558 <fvuln+93>: add esp,0x4
0x804855b <fvuln+96>: mov DWORD PTR [ebp-0xc],eax
0x804855e <fvuln+99>: push DWORD PTR [ebp-0x4]
0x8048561 <fvuln+102>: lea eax,[ebp-0x2c]
0x8048564 <fvuln+105>: push eax
[------------------------------------stack-------------------------------------]
0000| 0xffffd51c --> 0x28 ('(')
0004| 0xffffd520 ("aaaaaaaa")
0008| 0xffffd524 ("aaaa")
0012| 0xffffd528 --> 0x0
0016| 0xffffd52c --> 0x31 ('1')
0020| 0xffffd530 --> 0x0
0024| 0xffffd534 ('a' <repeats 12 times>, "bbbbcccc")
0028| 0xffffd538 ("aaaaaaaabbbbcccc")
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
0x08048558 21 ptr2 = (char *) malloc(40);
gdb-peda$ ni
[----------------------------------registers-----------------------------------]
EAX: 0xffffd530 --> 0x0
EBX: 0x0
ECX: 0xf7fb9780 --> 0x0
EDX: 0xffffd530 --> 0x0
ESI: 0xf7fb9000 --> 0x1aedb0
EDI: 0xffffd584 --> 0xf7fb9000 --> 0x1aedb0
EBP: 0xffffd54c --> 0xffffd588 --> 0x0
ESP: 0xffffd520 ("aaaaaaaa")
EIP: 0x804855b (<fvuln+96>: mov DWORD PTR [ebp-0xc],eax)
EFLAGS: 0x292 (carry parity ADJUST zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x8048551 <fvuln+86>: push 0x28
0x8048553 <fvuln+88>: call 0x80483b0 <malloc@plt>
0x8048558 <fvuln+93>: add esp,0x4
=> 0x804855b <fvuln+96>: mov DWORD PTR [ebp-0xc],eax
0x804855e <fvuln+99>: push DWORD PTR [ebp-0x4]
0x8048561 <fvuln+102>: lea eax,[ebp-0x2c]
0x8048564 <fvuln+105>: push eax
0x8048565 <fvuln+106>: push 0x804867f
[------------------------------------stack-------------------------------------]
0000| 0xffffd520 ("aaaaaaaa")
0004| 0xffffd524 ("aaaa")
0008| 0xffffd528 --> 0x0
0012| 0xffffd52c --> 0x31 ('1')
0016| 0xffffd530 --> 0x0
0020| 0xffffd534 ('a' <repeats 12 times>, "bbbbcccc")
0024| 0xffffd538 ("aaaaaaaabbbbcccc")
0028| 0xffffd53c ("aaaabbbbcccc")
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
0x0804855b 21 ptr2 = (char *) malloc(40);
gdb-peda$
2.hop TBU
3.hom TBU
4.hof TBU
5.hol TBU
6.hoc TBU
Malloc Maleficarum复盘的更多相关文章
- 胖哈勃杯Pwn400、Pwn500详解
概述 这次的胖哈博杯我出了Pwn400.Pwn500两道题目,这里讲一下出题和解题的思路.我个人感觉前两年的Pwn题更多的是考察单一的利用技巧,比我这有个洞怎么利用它拿到权限.但是我研究了一些最近的题 ...
- how2heap 源码及输出
备个份,慢慢写总结 1 first_fit #include <stdio.h> #include <stdlib.h> #include <string.h> i ...
- ApacheCN 网络安全译文集 20211025 更新
Android 渗透测试学习手册 中文版 第一章 Android 安全入门 第二章 准备实验环境 第三章 Android 应用的逆向和审计 第四章 对 Android 设备进行流量分析 第五章 And ...
- malloc 与 free函数详解<转载>
malloc和free函数详解 本文介绍malloc和free函数的内容. 在C中,对内存的管理是相当重要.下面开始介绍这两个函数: 一.malloc()和free()的基本概念以及基本用法: 1 ...
- C 语言中 malloc、calloc、realloc 和free 函数的使用方法
C标准函数库中,常见的堆上内存管理函数有malloc(), calloc(), recalloc(), free(). 之所以使用堆,是因为栈只能用来保存临时变量.局部变量和函数参数.在函数返回时,自 ...
- 以冒泡排序为例--malloc/free 重定向stdin stdout
esort.c 代码如下,可关注下mallloc/free,freopen重定向的用法,排序为每轮将最小的数放在最前面: #include<stdio.h> #include<mal ...
- 内存动态分配之realloc(),malloc(),calloc()与new运算符
1,malloc与free是C/C++的标准库函数,new/delete是C++的运算符,是C++面向对象的特征,它们都可用于申请动态内存和释放内存.2,对于非内部数据类型的对象而言,光用maloc/ ...
- 在dll里malloc/new/cvCreate分配内存,在exe里free/Releases释放内存时会出错。
写了个程序,在DLL中用malloc分配了一块内存,但是在exe程序中释放,结果程序crash,原因就是:其原因可能是堆被损坏,这也说明 TestMySticker.exe 中或它所加载的任何 DLL ...
- Linux C 堆内存管理函数malloc()、calloc()、realloc()、free()详解
C 编程中,经常需要操作的内存可分为下面几个类别: 堆栈区(stack):由编译器自动分配与释放,存放函数的参数值,局部变量,临时变量等等,它们获取的方式都是由编译器自动执行的 堆区(heap):一般 ...
随机推荐
- MFC控件使用大全
https://blog.csdn.net/daoming1112/article/details/54698113
- 从入门到自闭之Python--Redis
什么是Redis Redis是由意大利人Salvatore Sanfilippo(网名:antirez)开发的一款内存高速缓存数据库.Redis全称为:Remote Dictionary Server ...
- 高性能MySQL3_笔记0
该书2015年5月出版的,实际上已经有些老了,但是经典的东西还是经典. 该书一共16章 1.Mysql的架构与历史 2.Mysql基准测试 3.服务器性能剖析 4.Schema与数据类型优化 5.创建 ...
- MYSQL 增加语句(数据)
增加数据 如果你失忆了,希望你能想起曾经为了追求梦想的你. 前一节我们学习了查询语句 SELECT,这节课,我们学习增加 INSERT INTO **** VALUES ****,基 ...
- mint-ui下拉加载min和上拉刷新(demo实例)
<template> <div class="share"> <div class="header"> <div cl ...
- ORM简单增删改查
namespace ORM { class Program { static void Main(string[] args) { //AddPetStore();//添加 UpdatePetStor ...
- U盘被识别但不显示盘符怎么样才能解决?
很多朋友在将U盘插入电脑后,会发现右下角的任务栏虽然出现了U盘的图标,但是在我的电脑中并没有显示出U盘的盘符,也就无法继续对U盘进行操作.遇到这种情况该怎么办呢?下面好系统U盘启动就告诉大家相应的解决 ...
- python list按字典的key值排序
方法1: result_list = sorted(origin_list, key=lambda e: e.__getitem__('order_key')) 方法2: import operato ...
- Oracle笔记(三) Scott用户的表结构
在Oracle的学习之中,重点使用的是SQL语句,而所有的SQL语句都要在scott用户下完成,这个用户下一共有四张表,可以使用: SELECT * FROM tab; 查看所有的数据表的名称,如果现 ...
- 蓝牙App漏洞系列分析之三CVE-2017-0645
蓝牙App漏洞系列分析之三CVE-2017-0645 0x01 漏洞简介 Android 6月的安全公告,同时还修复了我们发现的一个蓝牙 App 提权中危漏洞,该漏洞允许手机本地无权限的恶意程序构造一 ...