Get argument char as ASCII code

Question

I'm working on my school project "ROP on ARM vs x86"

i've done my work on x86 and trying 'ret2zp' on ARM right now and i need help.

please help such a linux newbie.

---

I'm following easy and neat example on ARM 'A Short Guid on ARM Exploitation' by Kumar & Gupta

On page 41, (my reputation is lack to post img..sorry)

there is a line
(gdb) r 'printf "AAAABBBBCCCCDDDD\\x38\\x84"

so Kumar & Gupta was trying to put char array AAAABBBBCCCCDDDD&„ (with extended ascii code. nothing on simple ascii code)

and i can't put my char array on argument for my code with 'printf' command;

here's my simple code to use 'printf'.

buffer_overflow.c

#include <stdio.h>
#include <stdlib.h>

void IShouldNeverBeCalled(){
    puts("I should never be called");
    exit(0);
}

void Vulnerable(char *arg){
    char buff[10];
    strcpy(buff, arg);
}

int main(int argc, char **argv){
    Vulnerable(argv[1]);
    puts(argv[1]);
    return(0);
}

and it works as

root@linaro:~# ./buffer_overflow AAAABBBB
AAAABBBB

root@linaro:~# ./buffer_overflow 'printf "A"' 
printf "A"

so printf isn't working as i expected.

how can i use 'printf' as Kumar & Gupta said so??

how can my program get argument "A" when i put "'printf "\\x41"'"?

and what is that printf? is it function on python something? or is it program integrated with ubuntu?

oh my ubuntu is

root@linaro:~# cat /etc/issue
Ubuntu natty (development branch) \n \l

thank you for helping me .

Answer 1

You're using apostrophe ' instead of backtick ` . Additionally, the doc is missing the terminating backtick.

Instead of using backticks, though, you should use the better $() and quote properly:

./buffer_overflow "$(printf "AAAABBBBCCCCDDDD\x38\x84")"

Also note that they're doing this in gdb, not in a shell.