printf 格式化漏洞,怎么计算偏移的。
比如xctf的 CGfsb这个题https://wwa.lanzouj.com/indAddthuuj
不知道计算的对不对,第一次是第10个位置。pwntools发送后我又看了下变第11了?
int __cdecl main(int argc, const char **argv, const char **envp)
{
int buf; //
int v5; //
__int16 v6; //
char s; //
unsigned int v8; //
v8 = __readgsdword(0x14u);
setbuf(stdin, 0);
setbuf(stdout, 0);
setbuf(stderr, 0);
buf = 0;
v5 = 0;
v6 = 0;
memset(&s, 0, 0x64u);
puts("please tell me your name:");
read(0, &buf, 0xAu);
puts("leave your message please:");
fgets(&s, 100, stdin);
printf("hello %s", &buf);
puts("your message is:");
printf(&s);
if ( pwnme == 8 )
{
puts("you pwned me, here is your flag:\n");
system("cat flag");
}
else
{
puts("Thank you!");
}
return 0;
} 唔。溢出的ctf?
printf_s{:301_1001:} #define _CRT_SECURE_NO_WARNINGS
页:
[1]