Heap Exploitation系列翻译-01 Heap Memory

| categories translations  | tags CTF  pwn  heap 

Heap memory

本文是对Dhaval Kapil的Heap Exploitation系列教程的译文

What is Heap?


Using dynamic memory

stdlib.h 提供了许多可供访问、修改和管理动态内存的标准库函数,常用的函数包括 malloc and free:

// Dynamically allocate 10 bytes
char *buffer = (char *)malloc(10);

strcpy(buffer, "hello");
printf("%s\n", buffer); // prints "hello"

// Frees/unallocates the dynamic memory allocated earlier

文档中 ‘malloc’ 和 ‘free’ 有如下说明:

  • malloc:

      malloc(size_t n)
      Returns a pointer to a newly allocated chunk of at least n
      bytes, or null if no space is available. Additionally, on
      failure, errno is set to ENOMEM on ANSI C systems.
      If n is zero, malloc returns a minimum-sized chunk. (The
      minimum size is 16 bytes on most 32bit systems, and 24 or 32
      bytes on 64bit systems.)  On most systems, size_t is an unsigned
      type, so calls with negative arguments are interpreted as
      requests for huge amounts of space, which will often fail. The
      maximum supported value of n differs across systems, but is in
      all cases less than the maximum representable value of a
  • free:

      free(void* p)
      Releases the chunk of memory pointed to by p, that had been
      previously allocated using malloc or a related routine such as
      realloc. It has no effect if p is null. It can have arbitrary
      (i.e., bad!) effects if p has already been freed.
      Unless disabled (using mallopt), freeing very large spaces will
      when possible, automatically trigger operations that give
      back unused memory to the system, thus reducing program


Previous     Next