> For the complete documentation index, see [llms.txt](https://lightc.gitbook.io/pwn-gitbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://lightc.gitbook.io/pwn-gitbook/kpwn/kpwn-tricks.md).

# kpwn-tricks

- [swapgs与ROP](https://lightc.gitbook.io/pwn-gitbook/kpwn/kpwn-tricks/swapgs-yu-rop.md)
- [内核堆UAF](https://lightc.gitbook.io/pwn-gitbook/kpwn/kpwn-tricks/nei-he-dui-uaf.md)
- [Dirty-Pagetable原理](https://lightc.gitbook.io/pwn-gitbook/kpwn/kpwn-tricks/dirtypagetable-yuan-li.md)
- [文件结构与PTE利用](https://lightc.gitbook.io/pwn-gitbook/kpwn/kpwn-tricks/wen-jian-jie-gou-yu-pte-li-yong.md)
- [poll\_list容器逃逸](https://lightc.gitbook.io/pwn-gitbook/kpwn/kpwn-tricks/polllist-rong-qi-tao-yi.md)
- [完整利用代码](https://lightc.gitbook.io/pwn-gitbook/kpwn/kpwn-tricks/wan-zheng-li-yong-dai-ma.md)
- [IOP与SMAP绕过](https://lightc.gitbook.io/pwn-gitbook/kpwn/kpwn-tricks/iop-yu-smap-rao-guo.md)
- [CEA](https://lightc.gitbook.io/pwn-gitbook/kpwn/kpwn-tricks/cea.md)
- [QEMU-nday](https://lightc.gitbook.io/pwn-gitbook/kpwn/kpwn-tricks/qemu-nday.md)
- [CVE-2022-42703](https://lightc.gitbook.io/pwn-gitbook/kpwn/kpwn-tricks/cve-2022-42703.md)
- [some\_syscall](https://lightc.gitbook.io/pwn-gitbook/kpwn/kpwn-tricks/some-syscall.md)
- [io\_uring](https://lightc.gitbook.io/pwn-gitbook/kpwn/kpwn-tricks/io_uring.md)
