Using sophisticated heap overflow when, ltrace is the best tool to encounter more complex heap overflow when the several important steps must undergo
(1) standardize. This means that if the process of generating and calls execve, then simply connect to the process; if a local attacker will use execve () to start this process, it is important to understand how the stack is initialized
(2) heap to attack settings. This refers to the correct size and sequence, by calling function malloc connection with meaningless, so as to set the corresponding stack smooth attack.
(3) one or more blocks overflow. The process by calling a malloc function to rewrite one or more words. Then make this program you execute a function pointer rewrite
We recognize that different heap overflow have different methods of use are more important, because for the attacker heap overflow, each attack has a unique corresponding environment, depending on the operational status of the program
Before triggering the error, your actions have a direct impact on the stability of success will be whether the program targets and attack code
What rewrite:
1) a function pointer overwrite
2) can be rewritten to write a piece of code in the section
Method 3) If the word can be written, then the first write the code, a function pointer and then write the code so the carton, further, a logical variable may rewrite the program flow change