6

I'm taking a security course and am having trouble understanding this code due to a lack of understanding of the C programming language.

printf  ("%08x.%08x.%08x.%08x|%s|");

I was told that this code should move along the stack until a pointer to a function is found.

I thought the . was just an indicator of precision of output, so I don't know what this means in this context since there are indicators of precision?

Also, I don't understand what the | means, and I can't find it in the C documentation.

Improve this question
9
  • 8
    It doesn't mean anything. It just prints a . and a | respectively. Commented Jan 12, 2013 at 23:22
  • So, how does it know to print a . instead of using the special meaning for a .? Commented Jan 12, 2013 at 23:25
  • @user1330217 Bothered to read the answer of Neil? "since they are outside of a format specifier"... Commented Jan 12, 2013 at 23:28
  • 1
    Because by the time it reaches the . it knows it has parsed the specifier %08x completely, so until it sees another % everything is just a literal string to print. Commented Jan 12, 2013 at 23:28
  • 2
    @CarlNorum I think that is the source code. I think he is learning about printf vunerabilities Commented Jan 12, 2013 at 23:42

2 Answers 2

Reset to default
6

The symbols have no special meaning here since they are outside of a format specifier, they are simply output literally. Note however that you haven't provided all the arguments that printf expects so it will instead print 5 values that happen to be on the stack.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

So why is |%s| necessary at the end? What string would be printed?
@user1330217 Maybe this is supposed to print an additional string.
@user1330217 Just like the dots, the pipes mean nothing. They will simply cause a "|" characters to be printed on each side of the string.
@user1330217, your post didn't contain the variables passed as part of this printf statement, so that's impossible to answer. If you give us a complete example, Neil can update his answer for you.
It might print values in registers, too - it's going to be pretty ABI related.
2

In this string the . and | characters are just outputted. The dots acted as separators for hex strings and the pipes highlighting a string.

The dots are only considered an indicator of precession if they appear after the % sign and before the format specifier, for example %4.2f.

Improve this answer

3 Comments

How does it know to print a . instead of using the precision meaning of a dot?
@user1330217, because the letter x in your example ends the format specifier. Notice that the . comes before the f in Steve's example.
Because the . is not between a % and a g or f. So it is not "special", it's just like any other character that you may want to print with printf - when you do printf("Hello, World!\n"); H, e, l, l, o etc don't have any special meaning, right?

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.