[英]Python3 print() Vs Python2 print
While working on a buffer overflow exploit I found something really strange.在处理缓冲区溢出漏洞时,我发现了一些非常奇怪的事情。 I have successfully found that I need to provide 32 characters before the proper address I want to jump to and that the proper address is
0x08048a37
.我已经成功地发现我需要在要跳转到的正确地址之前提供 32 个字符,并且正确的地址是
0x08048a37
。 When I executed当我执行
python -c "print '-'*32+'\x37\x8a\x04\x08'" | ./MyExecutable
the exploit resulted in a success.该漏洞利用取得了成功。 But, when I tried:
但是,当我尝试时:
python3 -c "print('-'*32+'\x37\x8a\x04\x08')" | ./MyExecutable
it didn't.它没有。 The executable simply resulted in a Segmentation Fault without jumping to the desired address.
可执行文件只是导致分段错误,而没有跳转到所需的地址。 In fact, executing
事实上,执行
python -c "print '-'*32+'\x37\x8a\x04\x08'"
and和
python3 -c "print('-'*32+'\x37\x8a\x04\x08')"
results in two different output on the console.在控制台上产生两种不同的输出。 The characters are, of course, not readable but they're visually different.
当然,这些字符是不可读的,但它们在视觉上是不同的。
I wonder why is this happening?我想知道为什么会这样?
The Python 2 code writes bytes , the Python 3 code writes text that is then encoded to bytes. Python 2 代码写入bytes ,Python 3 代码写入文本,然后将其编码为 bytes 。 The latter will thus not write the same output;
后者因此不会写入相同的输出; it depends on the codec configured for your pipe.
这取决于为您的管道配置的编解码器。
In Python 3, write bytes to the sys.stdout.buffer
object instead:在 Python 3 中,改为将字节写入
sys.stdout.buffer
对象:
python3 -c "import sys; sys.stdout.buffer.write(b'-'*32+b'\x37\x8a\x04\x08')"
You may want to manually add the \\n
newline that print
would add.您可能希望手动添加
print
将添加的\\n
换行符。
sys.stdout
is a io.TextIOBase
object , encoding data written to it to a given codec (usually based on your locale, but when using a pipe, often defaulting to ASCII), before passing it on to the underlying buffer object. sys.stdout
是一个io.TextIOBase
对象,将写入它的数据编码到给定的编解码器(通常基于您的语言环境,但在使用管道时,通常默认为 ASCII),然后再将其传递给底层缓冲区对象。 The TextIOBase.buffer
attribute gives you direct access to the underlying BufferedIOBase
object . TextIOBase.buffer
属性使您可以直接访问底层的BufferedIOBase
对象。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.