Control program execution flow¶
In the process of controlling the execution flow of the program, we can consider the following ways.
Direct control EIP¶
That is, control the return address on the program stack.
Here we can consider the following way
Common function pointers have
vtable, function table，如 IO_FILE 的 vtable，printf function table。
hook pointers, such as