Exploitation | Windows Software Exploitation | Hacking library

You just need to combine 2 steps: convert from hex to a bytestring with bytes.fromhex, and to print a bytestring to stdout using sys.stdout.buffer.write. Putting it all together:

The book looks to be written for 32-bit code, but your system is 64-bit. So the pointers are 64 bits each. Try x/3xg arg_list, where the g is for "giant", gdb's size letter for an 8-byte object. This should give you three 64-bit values starting with 0x00007ffeefbffbb8 and then you can x/s 0x00007ffeefbffbb8.

(You may want to find a different book that matches your system better, or set up a 32-bit Linux VM for following along with it.)

sub esp,0x10

allocated 16 bytes (four registers worth) of space on the stack for variables and other stuff.

mov DWORD PTR [ebp-0xc],0x0

appears to be the first reference to slot ebp-0xc, and it's being initialized to zero. After looking at cmp DWORD PTR [ebp-0xc],0x9 at main+60 I'm certain this is i = 0 from the initialization section of the for loop.

The compiler can put variables where it will, and while deterministic it changes with patch versions of the compiler.

Replace:

Probably easiest to just build 32-bit executables so you can follow the book more closely, with gcc -m32. Don't try to port a tutorial to another OS or ISA while you're learning from it, that rarely goes well. (e.g. different calling conventions, not just different sizes.)

And in GDB, use set disassembly-flavor intel to get GAS .intel_syntax noprefix disassembly like your book shows, instead of the default AT&T syntax. For objdump, use objdump -drwC -Mintel. See also How to remove "noise" from GCC/clang assembly output? for more about looking at GCC ouptut.

(See https://stackoverflow.com/tags/att/info vs. https://stackoverflow.com/tags/intel_syntax/info).

Both instructions are a dword store of an immediate 0, to an offset of -4 relative to where the frame pointer is pointing. (This is how it implements i=0 because you compiled with optimization disabled.)

You can use the sort() method of the Array.

Open the file in binary mode and use write rather than print.

Put a b in front of the '\x90' to make it a byte string.

The instruction push rbp accomplishes the same as sub rsp, 8; mov QWORD PTR[rsp], rbp;. It first moves the stack pointer (rsp) up 8 bytes (this is because the size of a register in x86-64 is 8 bytes i.e. 64 bits), then moves the value of the register at the memory location pointed by it. Therefore, the value of rsp, which was 0x7fffffffdfc8, becomes 0x7fffffffdfc0, which is 8 less than before.

The requests library takes a strict approach to the decoding of web pages. On the other hand, BeautifulSoup has powerful tools for determining the encoding of text. So it's better to pass the raw response from the request to BeautifulSoup, and let BeautifulSoup try to determine the encoding.