将参数char作为ASCII代码获取

Question

I'm working on my school project "ROP on ARM vs x86"

i've done my work on x86 and trying 'ret2zp' on ARM right now and i need help.

please help such a linux newbie.

---

I'm following easy and neat example on ARM 'A Short Guid on ARM Exploitation' by Kumar & Gupta

On page 41, (my reputation is lack to post img..sorry)

there is a line
(gdb) r 'printf "AAAABBBBCCCCDDDD\\x38\\x84"

so Kumar & Gupta was trying to put char array AAAABBBBCCCCDDDD&„ (with extended ascii code. nothing on simple ascii code)

and i can't put my char array on argument for my code with 'printf' command;

here's my simple code to use 'printf'.

buffer_overflow.c

#include <stdio.h>
#include <stdlib.h>

void IShouldNeverBeCalled(){
    puts("I should never be called");
    exit(0);
}

void Vulnerable(char *arg){
    char buff[10];
    strcpy(buff, arg);
}

int main(int argc, char **argv){
    Vulnerable(argv[1]);
    puts(argv[1]);
    return(0);
}

and it works as

root@linaro:~# ./buffer_overflow AAAABBBB
AAAABBBB

root@linaro:~# ./buffer_overflow 'printf "A"' 
printf "A"

so printf isn't working as i expected.

how can i use 'printf' as Kumar & Gupta said so??

how can my program get argument "A" when i put "'printf "\\x41"'"?

and what is that printf? is it function on python something? or is it program integrated with ubuntu?

oh my ubuntu is

root@linaro:~# cat /etc/issue
Ubuntu natty (development branch) \n \l

thank you for helping me .

Answer 1

You're using apostrophe ' instead of backtick ` . Additionally, the doc is missing the terminating backtick.

Instead of using backticks, though, you should use the better $() and quote properly:

./buffer_overflow "$(printf "AAAABBBBCCCCDDDD\x38\x84")"

Also note that they're doing this in gdb, not in a shell.