Skip to content

Instantly share code, notes, and snippets.

@ganesh-k13
Last active July 4, 2020 08:47
Show Gist options
  • Save ganesh-k13/c35a076bdce3439fbfef0bd87b783f4e to your computer and use it in GitHub Desktop.
Save ganesh-k13/c35a076bdce3439fbfef0bd87b783f4e to your computer and use it in GitHub Desktop.
Function hijacking in c
#include <stdio.h>
#include <stdlib.h>
int main() {
int *arr = malloc(sizeof(int)*10);
int i = 0;
for(; i < 10; ++i) {
arr[i] = i;
}
for(i = 0; i < 10; ++i) {
printf("%d \n", arr[i]);
}
free(arr);
return 0;
}
#include <stdlib.h>
#include <stdio.h>
void *memory[1000];
void *curr_head = memory;
void * cust_malloc(size_t size) {
printf("malloc called\n");
void *head_to_send = curr_head;
curr_head+=size;
return head_to_send;
}
void cust_free(void *ptr) {
printf("free called\n");
}
CHECK := $(shell which clang)
ifeq ($(CHECK),)
$(warning no clang found, consider apt-get install clang, using gcc now)
CC = gcc
else
$(info using clang over gcc)
CC = clang
endif
CFLAGS=-Dmalloc=cust_malloc -Dfree=cust_free
client: client.o hijack.o
$(CC) client.o hijack.o -o client
client.o: client.c
$(CC) $(CFLAGS) -c client.c
hijack.o: hijack.c
$(CC) -c hijack.c
clean:
rm -rf *.o
val: client
valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --verbose ./client
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment