File Structure Exploitation
The File structure
The file structure is a important component of that standard I/O library in C, representing a file stream.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
**struct** _IO_FILE
{
_int_ _flags; _/* High-order word is _IO_MAGIC; rest is flags. */_
_/* The following pointers correspond to the C++ streambuf protocol. */|
_char_ *_IO_read_ptr; _/* Current read pointer */_
_char_ *_IO_read_end; _/* End of get area. */_
_char_ *_IO_read_base; _/* Start of putback+get area. */_
_char_ *_IO_write_base; _/* Start of put area. */_
_char_ *_IO_write_ptr; _/* Current put pointer. */_
_char_ *_IO_write_end; _/* End of put area. */_
_char_ *_IO_buf_base; _/* Start of reserve area. */_
_char_ *_IO_buf_end; _/* End of reserve area. */_
_/* The following fields are used to support backing up and undo. */_
_char_ *_IO_save_base; _/* Pointer to start of non-current get area. */|
_char_ *_IO_backup_base; _/* Pointer to first valid character of backuparea */_|
_char_ *_IO_save_end; _/* Pointer to end of non-current get area. */_
**struct** [_IO_marker](https://codebrowser.dev/glibc/glibc/libio/libioh.html#_IO_marker "_IO_marker") *_markers;|
**struct** [_IO_FILE](https://codebrowser.dev/glibc/glibc/libio/bits/tyes/struct_FILE.h.html#_IO_FILE "_IO_FILE") *_chain;|
_int_ _fileno;
_int_ _flags2;
[__off_t](https://codebrowser.dev/glibc/glibc/posix/bits/types.h.html#_off_t "__off_t") _old_offset; _/* This used to be _offset but it's too small. */_|
_/* 1+column number of pbase(); 0 is unknown. */_
_unsigned_ _short_ _cur_column;
_signed_ _char_ _vtable_offset;
_char_ _shortbuf[1];
[_IO_lock_t](https://codebrowser.dev/glibc/glibc/libio/bits/types/struc_FILE.h.html#_IO_lock_t) *_lock;|
#ifdef _IO_USE_OLD_IO_FILE
};
**struct** _IO_FILE_complete
{
**struct** _IO_FILE _file;
#endif
[__off64_t](https://codebrowser.dev/glibc/glibc/posix/bits/types.h.html__off64_t "__off64_t") _offset;|
_/* Wide character stream stuff. */_
**struct** [_IO_codecvt](https://codebrowser.dev/glibc/glibc/libio/libi.h.html#_IO_codecvt "_IO_codecvt") *_codecvt;|
**struct** [_IO_wide_data](https://codebrowser.dev/glibc/glibc/libio/liio.h.html#_IO_wide_data "_IO_wide_data") *_wide_data;|
**struct** [_IO_FILE](https://codebrowser.dev/glibc/glibc/libio/bits/tyes/struct_FILE.h.html#_IO_FILE "_IO_FILE") *_freeres_list;|
_void_ *_freeres_buf;
size_t __pad5;
_int_ _mode;
_/* Make sure we don't get into trouble again. */_
_char_ _unused2[15 * **sizeof** (_int_) - 4 * **sizeof** (_void_ *) - *sizeof** (size_t)];|
};
This post is licensed under CC BY 4.0 by the author.