Differences
This shows you the differences between two versions of the page.
|
cns:labs:lab-10 [2021/01/10 21:27] mihai.dumitru2201 |
cns:labs:lab-10 [2021/01/11 16:59] (current) mihai.dumitru2201 [C++ objects memory layout] |
||
|---|---|---|---|
| Line 190: | Line 190: | ||
| </code> | </code> | ||
| - | The ''post_action_msg'' buffer is //conveniently// conveniently allocated to a size similar to that | + | The ''post_action_msg'' buffer is //conveniently// allocated to a size similar to that |
| of ''struct person'' and ''fgets'' is used to read something in the newly allocated buffer. | of ''struct person'' and ''fgets'' is used to read something in the newly allocated buffer. | ||
| Line 310: | Line 310: | ||
| class B { | class B { | ||
| int a, b; | int a, b; | ||
| + | public: | ||
| virtual void f(void); | virtual void f(void); | ||
| }; | }; | ||
| Line 315: | Line 316: | ||
| class B1 { | class B1 { | ||
| int x, y; | int x, y; | ||
| + | public: | ||
| virtual void z(void); | virtual void z(void); | ||
| }; | }; | ||
| - | class D: B, B1 { | + | class D: public B, public B1 { |
| int c, d; | int c, d; | ||
| + | public: | ||
| void f(void); | void f(void); | ||
| void z(void); | void z(void); | ||
| }; | }; | ||
| - | D objD; B1 * ptrB1; | + | int main() |
| - | ptrB1 = &objD; | + | { |
| - | ptrB1->f(); | + | D objD; B1 * ptrB1; |
| + | ptrB1 = &objD; | ||
| + | ptrB1->z(); | ||
| + | } | ||
| </code> | </code> | ||
| Line 346: | Line 352: | ||
| We can also use the compiler to see the data layout. Copy the code above into | We can also use the compiler to see the data layout. Copy the code above into | ||
| - | a file ''dummy.cpp'' and add a main function to make it a valid program: | + | a file ''dummy.cpp''. |
| - | <code cpp> | + | |
| - | int main() { return sizeof(D); } | + | |
| - | </code> | + | |
| Then run: | Then run: | ||
| Line 560: | Line 563: | ||
| * [[https://github.com/lattera/glibc/blob/master/malloc/malloc.c |malloc.c]] | * [[https://github.com/lattera/glibc/blob/master/malloc/malloc.c |malloc.c]] | ||
| * [[http://security.cs.rpi.edu/courses/binexp-spring2015/lectures/17/10_lecture.pdf |Heap Exploitation lecture - Markus Gaaseedelen, CSCI 4968, Sprint 2015]] | * [[http://security.cs.rpi.edu/courses/binexp-spring2015/lectures/17/10_lecture.pdf |Heap Exploitation lecture - Markus Gaaseedelen, CSCI 4968, Sprint 2015]] | ||
| + | * [[https://devel0pment.de/?p=688#basic|Heap Exploitation: Off-By-One / Poison Null Byte]] | ||
| * [[https://www.geeksforgeeks.org/virtual-function-cpp/ |Virtual functions]] | * [[https://www.geeksforgeeks.org/virtual-function-cpp/ |Virtual functions]] | ||
| * [[https://en.wikipedia.org/wiki/Virtual_method_table |Virtual Method Table]] | * [[https://en.wikipedia.org/wiki/Virtual_method_table |Virtual Method Table]] | ||
| * [[https://stackoverflow.com/a/2392656/4804196|Why Do We Need Virtual Functions in C++]] | * [[https://stackoverflow.com/a/2392656/4804196|Why Do We Need Virtual Functions in C++]] | ||
