『CTF』IO_FILE 利用入门

struct _IO_FILE {  int _flags;       /* High-order word is _IO_MAGIC; rest is flags. */#define _IO_file_flags _flags  /* The following pointers correspond to the C++ streambuf protocol. */  /* Note:  Tk uses the _IO_read_ptr and _IO_read_end fields directly. */  char* _IO_read_ptr;   /* Current read pointer */  char* _IO_read_end;   /* End of get area. */  char* _IO_read_base;  /* Start of putback+get area. */  char* _IO_write_base; /* Start of put area. */  char* _IO_write_ptr;  /* Current put pointer. */  char* _IO_write_end;  /* End of put area. */  char* _IO_buf_base;   /* Start of reserve area. */  char* _IO_buf_end;    /* End of reserve area. */  /* The following fields are used to support backing up and undo. */  char *_IO_save_base; /* Pointer to start of non-current get area. */  char *_IO_backup_base;  /* Pointer to first valid character of backup area */  char *_IO_save_end; /* Pointer to end of non-current get area. */  struct _IO_marker *_markers;  struct _IO_FILE *_chain;  int _fileno;#if 0  int _blksize;#else  int _flags2;#endif  _IO_off_t _old_offset; /* This used to be _offset but it's too small.  */#define __HAVE_COLUMN /* temporary */  /* 1+column number of pbase(); 0 is unknown. */  unsigned short _cur_column;  signed char _vtable_offset;  char _shortbuf[1];  /*  char* _save_gptr;  char* _save_egptr; */  _IO_lock_t *_lock;#ifdef _IO_USE_OLD_IO_FILE#endif#if defined _G_IO_IO_FILE_VERSION && _G_IO_IO_FILE_VERSION == 0x20001  _IO_off64_t _offset;# if defined _LIBC || defined _GLIBCPP_USE_WCHAR_T  /* Wide character stream stuff.  */  struct _IO_codecvt *_codecvt;  struct _IO_wide_data *_wide_data;  struct _IO_FILE *_freeres_list;  void *_freeres_buf;# else  void *__pad1;  void *__pad2;  void *__pad3;  void *__pad4;# endif  size_t __pad5;  int _mode;  /* Make sure we don't get into trouble again.  */  char _unused2[15 * sizeof (int) - 4 * sizeof (void *) - sizeof (size_t)];#endif};

extern struct _IO_FILE_plus *_IO_list_all;

struct _IO_FILE_plus{  FILE file;  const struct _IO_jump_t *vtable;};

FILE *stdin = (FILE *) &_IO_2_1_stdin_;FILE *stdout = (FILE *) &_IO_2_1_stdout_;FILE *stderr = (FILE *) &_IO_2_1_stderr_;

# define DEF_STDFILE(NAME, FD, CHAIN, FLAGS)   static _IO_lock_t _IO_stdfile_##FD##_lock = _IO_lock_initializer;  定义了一个锁，用于同步文件流的访问  static struct _IO_wide_data _IO_wide_data_##FD  定义了一个 _IO_wide_data结构体用于宽字符    = { ._wide_vtable = &_IO_wfile_jumps };  _IO_wfile_jumps 是一个函数指针表，用于宽字符操作的函数集合。  struct _IO_FILE_plus NAME     = {FILEBUF_LITERAL(CHAIN, FLAGS, FD, &_IO_wide_data_##FD),        &_IO_file_jumps}DEF_STDFILE(_IO_2_1_stdin_, 0, 0, _IO_NO_WRITES);DEF_STDFILE(_IO_2_1_stdout_, 1, &_IO_2_1_stdin_, _IO_NO_READS);DEF_STDFILE(_IO_2_1_stderr_, 2, &_IO_2_1_stdout_, _IO_NO_READS+_IO_UNBUFFERED);struct _IO_FILE_plus *_IO_list_all = &_IO_2_1_stderr_;libc_hidden_data_def (_IO_list_all)

#define libio_vtable __attribute__ ((section ("__libc_IO_vtables")))#define JUMP_INIT(NAME, VALUE) VALUE#define JUMP_INIT_DUMMY JUMP_INIT(dummy, 0), JUMP_INIT (dummy2, 0)const struct _IO_jump_t _IO_file_jumps libio_vtable ={  JUMP_INIT_DUMMY,  JUMP_INIT(finish, _IO_file_finish),  JUMP_INIT(overflow, _IO_file_overflow),  JUMP_INIT(underflow, _IO_file_underflow),  JUMP_INIT(uflow, _IO_default_uflow),  JUMP_INIT(pbackfail, _IO_default_pbackfail),  JUMP_INIT(xsputn, _IO_file_xsputn),  JUMP_INIT(xsgetn, _IO_file_xsgetn),  JUMP_INIT(seekoff, _IO_new_file_seekoff),  JUMP_INIT(seekpos, _IO_default_seekpos),  JUMP_INIT(setbuf, _IO_new_file_setbuf),  JUMP_INIT(sync, _IO_new_file_sync),  JUMP_INIT(doallocate, _IO_file_doallocate),  JUMP_INIT(read, _IO_file_read),  JUMP_INIT(write, _IO_new_file_write),  JUMP_INIT(seek, _IO_file_seek),  JUMP_INIT(close, _IO_file_close),  JUMP_INIT(stat, _IO_file_stat),  JUMP_INIT(showmanyc, _IO_default_showmanyc),  JUMP_INIT(imbue, _IO_default_imbue)};libc_hidden_data_def (_IO_file_jumps)