如何从char缓冲区转换十六进制地址以写入内存

Question

So i got this function here, which is called from the main function:

void overflow(char *arg)
{
    char buf[1369];

    strcpy (buf, arg);

    printf ("Thank you for contacting customer service. You are so important to us that we wrote a program to serve you.\n");
    printf ("Please hold for %u minutes while I drop your call\n", (int)strlen(buf));

    return;
} 

The string *arg comes out of argv[1] .

And when i do something like:

./overflow1 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa29390408

the stack looks like this:

0xffffce80: 0x07    0x00    0x00    0x61    0x61    0x61    0x61    0x61
0xffffce88: 0x61    0x61    0x61    0x61    0x61    0x61    0x61    0x61
0xffffce90: 0x61    0x61    0x61    0x61    0x61    0x61    0x61    0x61
0xffffce98: 0x61    0x61    0x61    0x61    0x61    0x61    0x61    0x61
0xffffcea0: 0x61    0x61    0x61    0x61    0x61    0x61    0x61    0x61
0xffffcea8: 0x61    0x61    0x61    0x61    0x61    0x61    0x61    0x61
0xffffceb0: 0x61    0x61    0x61    0x61    0x61    0x61    0x61    0x61
0xffffceb8: 0x61    0x61    0x61    0x61    0x61    0x61    0x61    0x61
0xffffcec0: 0x61    0x61    0x32    0x39    0x33    0x39    0x30    0x34
0xffffcec8: 0x30    0x38

So how do i get:

0x32 0x39 0x33 0x39 0x30 0x34 0x30 0x38

to be:

29 39 04 08 ?

I do realise that this needs to be converted from actual hex values to alphanumeric values, for example 08 , but every string tool on the web gives me no result, because 08 is not a ascii/alphanumeric value.

Answer 1

If you want to send arbitrary bytes to a command as arguments, you'll have to escape them in your shell. In bash, for example, you can do:

echo $'a\x09b\x33c'

And it will show:

a       b3c

because bash interprets \\xHH (two hex digits) inside the $'' construct as single-byte hex values. 0x09 is a tab, 0x33 is the digit 3.