Labs 2025-09-30 Format Strings Lab ASCII Table Syscall Tables Register Uses Opcode lookup Instruction Lookup Intel Reference

Hex

• %08x -> 253038780a
• %s -> 25730a
• if inputting memory address into xxd, make sure reversed direction
• xxd -p -r attack.txt | tr -d '\n' > attack.hex - take hex in attack.txt and put as bytes in attack.hex, with no newlines

GDB

• x/40x $sp print 40 bytes of stack
• 0x90 is NOP
• info frame

Find EIP address with info frame, look at bottom. Find buffer address with p &buffer.

Overflow buffer to set EIP to &buffer.