It’s good enough to find one known function from libc in programs memory to mount the attack. Moreover, there are automated methods how to leak pointers to functions, etc., without having access to the binary itself.
It’s good enough to find one known function from libc in programs memory to mount the attack. Moreover, there are automated methods how to leak pointers to functions, etc., without having access to the binary itself.