{"provider_name":"Hatena Blog","blog_url":"https://inaz2.hatenablog.com/","url":"https://inaz2.hatenablog.com/entry/2015/03/02/014252","author_name":"inaz2","title":" x64\u3067use-after-free\u304b\u3089\u306eC++ vtable overwrite\u3068heap spray\u306b\u3088\u308bASLR+DEP\u56de\u907f\u3092\u3084\u3063\u3066\u307f\u308b","type":"rich","version":"1.0","blog_title":"\u3082\u3082\u3044\u308d\u30c6\u30af\u30ce\u30ed\u30b8\u30fc","html":"","provider_url":"https://hatena.blog","author_url":"https://blog.hatena.ne.jp/inaz2/","height":"190","width":"100%","image_url":null,"published":"2015-03-02 01:42:52","description":"\u300cuse-after-free\u306b\u3088\u308bC++ vtable overwrite\u3092\u3084\u3063\u3066\u307f\u308b\u300d\u3067\u306f\u3001ASLR\u3092\u7121\u52b9\u306b\u3057\u305f\u6761\u4ef6\u4e0b\u3067\u30b7\u30a7\u30eb\u8d77\u52d5\u3092\u884c\u3063\u305f\u3002 ASLR\u304c\u6709\u52b9\u306e\u5834\u5408\u3001\u66f8\u304d\u63db\u3048\u308bvtable\u306e\u95a2\u6570\u30dd\u30a4\u30f3\u30bf\u304c\u6307\u3059\u30a2\u30c9\u30ec\u30b9\u304c\u63a8\u6e2c\u53ef\u80fd\u3067\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\u304c\u3001\u30d2\u30fc\u30d7\u9818\u57df\u306b\u4efb\u610f\u306e\u6570\u306e\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u3092\u751f\u6210\u3067\u304d\u308b\u72b6\u6cc1\u3067\u3042\u308c\u3070\u3001\u5927\u91cf\u306e\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u3067\u30d2\u30fc\u30d7\u9818\u57df\u3092\u57cb\u3081\u5c3d\u3059\u3053\u3068\u306b\u3088\u308aASLR\u3092\u5b9f\u8cea\u7121\u52b9\u5316\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3002 \u3053\u306e\u65b9\u6cd5\u306fheap spray\u3068\u3057\u3066\u77e5\u3089\u308c\u3066\u3044\u308b\u3002 \u3053\u3053\u3067\u306f\u3001use-after-free\u304b\u3089\u306eC++ vtable overwrite\u306b\u52a0\u3048heap spray\u3092\u884c\u3046\u3053\u3068\u3067\u3001ASLR\u304a\u3088\u3073DEP\u304c\u6709\u2026","categories":["Exploit"]}