no longer existing hook

---
 man3/malloc_hook.3 | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/man3/malloc_hook.3 b/man3/malloc_hook.3
index 6d944003b..7b76bbc9b 100644
--- a/man3/malloc_hook.3
+++ b/man3/malloc_hook.3
@@ -11,7 +11,7 @@
 .SH NAME
 __malloc_hook, __malloc_initialize_hook,
 __memalign_hook, __free_hook, __realloc_hook,
-__after_morecore_hook \\- malloc debugging variables
+__after_morecore_hook \\- malloc debugging variables (DEPRECATED)
 .SH SYNOPSIS
 .nf
 .B "#include "
@@ -86,11 +86,18 @@ The use of these hook functions is not safe in multithreaded programs,
 and they are now deprecated.
 From glibc 2.24 onwards, the
 .B __malloc_initialize_hook
-variable has been removed from the API.
+variable has been removed from the API,
+and from glibc 2.34 onwards, all
+the hook variables have been removed from the API.
 .\\"<https://bugzilla.redhat.com/show_bug.cgi?id=450187>
 .\\"<http://sourceware.org/bugzilla/show_bug.cgi?id=9957>
 Programmers should instead preempt calls to the relevant functions
-by defining and exporting functions such as "malloc" and "free".
+by defining and exporting
+.BR malloc (),
+.BR free (),
+.BR realloc (),
+and
+.BR calloc ().
 .SH EXAMPLES
 Here is a short example of how to use these variables.
 .PP
--

2.21 → 검증 로직 없음

2.23 → 검증 로직 없음

2.27 → 검증 로직 있음, _IO_str_overflow 로 우회가능

*(glibc 2.27 3ubuntu 1.3 버전 diff —> str_overflow 에서 callback 포인터를 사용하지 않음 —> 더이상 이 방법은 사용하지 못함.)

2.31 → 검증 로직 있음, _IO_str_overflow 에서 더이상 함수 포인터를 사용하지 않음

new_buf= (char *) (*((_IO_strfile *)fp)->_s._allocate_buffer) (new_size);
---> new_buf = malloc (new_size); <--- 이걸로 대체

꿀팁 = gef → 구조체 보기

p {sturct name } &addr

sym[’stderr’] ≠ sym[’_IO*2_1_stderr*’]

stderr 가르키는 포인터의 주소

IO_2_1_stderr fd 주소

[ PWN Tech ] _IO_FILE vtable Overwrite & _IO_vtable_check bypass