运行时动态伪造vsprintf的va_list
#include <stdio.h>
int main() {
char* m = (char*) malloc(sizeof(int)*2 + sizeof(char*)); /* prepare enough memory*/
void* bm = m; /* copies the pointer */
char* string = "I am a string!!"; /* an example string */
(*(int*)m) = 10; /*puts the first value */
m += sizeof(int); /* move forward the pointer to the next element */
(*(char**)m) = string; /* puts the next value */
m += sizeof(char*); /* move forward again*/
(*(int*)m) = 20; /* puts the third element */
m += sizeof(int); /* unneeded, but here for clarity. */
vprintf("%d %s %d
", bm); /* the deep magic starts here...*/
free(bm);
}