setcontext利用

前言:

利用setcontext函数从*ctf 2019的heap_master就有了,之前比较忙就没有研究,抽时间看了下是如何利用的.

参考了:
https://blog.csdn.net/mrpre/article/details/78699865
http://blog.eonew.cn/archives/1000#i-5
https://n132.github.io/2019/05/10/2019-05-08-Startctf2019-Heap-master/#setcontext
https://github.com/sixstars/starctf2019/blob/master/pwn-heap_master/readMe.Md

setcontext:

手册上是这样描述的:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
SYNOPSIS
#include <ucontext.h>
int getcontext(ucontext_t *ucp);
int setcontext(const ucontext_t *ucp);
DESCRIPTION
In a System V-like environment, one has the two types mcontext_t and ucontext_t defined in <ucontext.h>
and the four functions getcontext(), setcontext(), makecontext(3), and swapcontext(3)
that allow user-level context switching between multiple threads of control within a process.
The mcontext_t type is machine-dependent and opaque. The ucontext_t type is a structure that has at least the following fields:

typedef struct ucontext {
struct ucontext *uc_link;
sigset_t uc_sigmask;
stack_t uc_stack;
mcontext_t uc_mcontext;
...
} ucontext_t;

这几个函数允许