Open b10s opened 1 year ago
Are you sure the bin is not really corrupted? Are you exploiting a buffer overflow or else?
Ehn.. its /bin/ls i doubt its corrupted or so. The problem is probably that glibc or musl or whatever lib is linking to is using a different heap data structures than the ones that was implemented in dmh
Are you sure the bin is not really corrupted? Are you exploiting a buffer overflow or else?
@gogo2464 the bin must be not corrupted, since I tested the standard /bin/ls
on a fresh VM.
I'm trying to explore heap via r2 - to look at bins, chunks, etc.
@b10s /bin/ls
does not have a heap setup at the start of main
do 40 dso
or something, works for me with latest version
~/code/r2heap >>> r2 -d /bin/ls
WARN: Relocs has not been applied. Please use `-e bin.relocs.apply=true` or `-e bin.cache=true` next time
[0x7f5693918b60]> dcu main
INFO: Continue until 0x5579c6de2050 using 1 bpsize
INFO: hit breakpoint at: 0x5579c6de2050
[0x5579c6de2050]> 40 dso
INFO: hit breakpoint at: 0x5579c6de209a
INFO: hit breakpoint at: 0x5579c6de2109
[0x5579c6de211a]> dmhb
INFO: libc version 2.39 identified from .rodata banner
WARN: Could not find main_arena via symbol or relocations
WARN: Found main_arena offset with pattern matching
Bins {
Bin 001:
double linked list unsorted bin {
0x7f56938aeb20->fd = 0x7f56938aeb20
0x7f56938aeb20->bk = 0x7f56938aeb20
}
Bin 002:
double linked list small bin {
0x7f56938aeb30->fd = 0x7f56938aeb30
0x7f56938aeb30->bk = 0x7f56938aeb30
}
[...]
Can we close this ticket? Maybe we can imrpove the parsing on corrupted heap chunks?
Environment
Description
dmhb
shows corrupted bins:also
dmhf
:I expect
dmhb
anddmhf
commands to work properly.Test