String - C - The %x Format Specifier - Stack Overflow

Just browsing Stack Overflow? Help us improve your experience. Sign up for research

1. 1. Home
   2. Questions
   3. Tags
   4. Users
   5. Companies
   6. Labs
   7. Jobs
   8. Discussions
   9. Collectives

   10. Communities for your favorite technologies. Explore all Collectives

2. Teams

   Ask questions, find answers and collaborate at work with Stack Overflow for Teams.

   Try Teams for free Explore Teams
3. Teams

4. Ask questions, find answers and collaborate at work with Stack Overflow for Teams. Explore Teams

Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Learn more about Collectives

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

Get early access and see previews of new features.

Learn more about Labs C - The %x format specifier Ask Question Asked 11 years, 9 months ago Modified 4 years, 3 months ago Viewed 351k times 101

I have a small question. I know that the %x format specifier can be used to read values from the stack in a format string attack.

I found the following code:

%08x%08x%08x%08x

What does the 08 mean? What is it doing exactly? Thanks :)

• c
• string
• security
• format

Share Improve this question Follow edited Feb 27, 2013 at 9:53 Grijesh Chauhan 58.2k2020 gold badges143143 silver badges213213 bronze badges asked Feb 27, 2013 at 9:50 MatthewMatthew 4,5672222 gold badges7171 silver badges9494 bronze badges 4

• 2 Field width of 8 characters, shorter numbers prefixed with leading zeros to match the field width, e.g. 000007ac or 0005ceef. – Hristo Iliev Commented Feb 27, 2013 at 9:53
• 2 Which function is this talking about? You say "read values", but all answers seem to assume printf() is being used. – unwind Commented Feb 27, 2013 at 10:10
• 1 @unwind good point. we all writing for printf. – Grijesh Chauhan Commented Feb 27, 2013 at 10:16
• 1 Silly me. Yes, I was referring to the use of this code within the printf function. – Matthew Commented Feb 27, 2013 at 10:33

Add a comment |

5 Answers 5

Sorted by: Reset to default Highest score (default) Trending (recent votes count more) Date modified (newest first) Date created (oldest first) 173

Break-down:

• 8 says that you want to show 8 digits
• 0 that you want to prefix with 0's instead of just blank spaces
• x that you want to print in lower-case hexadecimal.

Quick example (thanks to Grijesh Chauhan):

#include <stdio.h> int main() { int data = 29; printf("%x\n", data); // just print data printf("%0x\n", data); // just print data ('0' on its own has no effect) printf("%8x\n", data); // print in 8 width and pad with blank spaces printf("%08x\n", data); // print in 8 width and pad with 0's return 0; }

Output:

1d 1d 1d 0000001d

Also see http://www.cplusplus.com/reference/cstdio/printf/ for reference.

Share Improve this answer Follow edited Feb 27, 2013 at 10:11 answered Feb 27, 2013 at 9:53 sonicwavesonicwave 6,08222 gold badges3434 silver badges5050 bronze badges 4

• 9 Added an example hope you like. IF not you can revert back to your version – Grijesh Chauhan Commented Feb 27, 2013 at 10:01
• 2 @Matthew you should also try with %-8x and capital X. and observe the effect – Grijesh Chauhan Commented Feb 27, 2013 at 10:37
• 1 Even though 8 and 0 are both numbers (and thus identical parts of a grammar in the English language) they are different parts of the printf format grammar. 0 is a "flag" and 8 is a parameter to "width" (which can be <ε (no input)>, <d (any number greater than 0)>, or * (a literal asterisk)). It is a non-intuitive API for sure! But what can you say... that's all old-style C stuff, where memory was such a premium that you wanna save AS many chars in a program as possible - I agree with their decision given the constraints they faced! – Ari Sweedler Commented Nov 22, 2018 at 1:48
• 1 I do think it's an interesting question to ponder, though. How would you redesign the printf syntax? I love using % as the escape character, it's so unique and niche to string formatting. I think modifiers should be appended rather than prepended, though - that way you can read it left to right. Something like %<specifier>[%f<flags>][%-w<width>.<precision>]%, instead of %[flags][width][.precision][length]specifier. I chose a % between each field, as well as one to close (so you can still do %x%x - `%x%%x%) and allows for a multi-char specifier – Ari Sweedler Commented Nov 22, 2018 at 2:01

Add a comment | 8

%08x means that every number should be printed at least 8 characters wide with filling all missing digits with zeros, e.g. for '1' output will be 00000001

Share Improve this answer Follow answered Feb 27, 2013 at 9:53 VladimirVladimir 171k3636 gold badges391391 silver badges313313 bronze badges Add a comment | 4

The format string attack on printf you mentioned isn't specific to the "%x" formatting - in any case where printf has more formatting parameters than passed variables, it will read values from the stack that do not belong to it. You will get the same issue with %d for example. %x is useful when you want to see those values as hex.

As explained in previous answers, %08x will produce a 8 digits hex number, padded by preceding zeros.

Using the formatting in your code example in printf, with no additional parameters:

printf ("%08x %08x %08x %08x");

Will fetch 4 parameters from the stack and display them as 8-digits padded hex numbers.

Share Improve this answer Follow answered Apr 4, 2018 at 9:20 IamTheWalrusIamTheWalrus 60466 silver badges1414 bronze badges Add a comment | 2

That specifies the how many digits you want it to show.

integer value or * that specifies minimum field width. The result is padded with space characters (by default), if required, on the left when right-justified, or on the right if left-justified. In the case when * is used, the width is specified by an additional argument of type int. If the value of the argument is negative, it results with the - flag specified and positive field width.

Share Improve this answer Follow answered Feb 27, 2013 at 9:52 Tony The LionTony The Lion 63k6868 gold badges250250 silver badges423423 bronze badges Add a comment | 2

From http://en.wikipedia.org/wiki/Printf_format_string

use 0 instead of spaces to pad a field when the width option is specified. For example, printf("%2d", 3) results in " 3", while printf("%02d", 3) results in "03".

Share Improve this answer Follow answered Feb 27, 2013 at 9:54 David RanieriDavid Ranieri 41k88 gold badges5757 silver badges101101 bronze badges Add a comment |

Your Answer

Reminder: Answers generated by artificial intelligence tools are not allowed on Stack Overflow. Learn more

Thanks for contributing an answer to Stack Overflow!

• Please be sure to answer the question. Provide details and share your research!

But avoid …

• Asking for help, clarification, or responding to other answers.
• Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

Draft saved Draft discarded

Sign up or log in

Sign up using Google Sign up using Email and Password Submit

Post as a guest

Name Email

Required, but never shown

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged

• c
• string
• security
• format

or ask your own question.

• The Overflow Blog
• Your docs are your infrastructure
• Featured on Meta
• More network sites to see advertising test [updated with phase 2]
• We’re (finally!) going to the cloud!

Linked

53 Format specifier %02x 2 What refers to %04x in python unicode characteristics? -1 Why am I getting a character in output when my input is 5 or more than 5? It is pure mathematical equation. If anything is wrong please tell me

Related

5 Do you know about %#x, in C language format string 17 format string vulnerability - printf 2 Format String Attack in C 4 Format String vulnerability 2 string specifier ( %d , %f etc...) 5 C "%d" format specifier 2 Am I using %c wrong? 6 Format String Attack? 0 Format string attack, difference between %_$d and %d 1 How to exploit this string format vulnerability

Hot Network Questions

• Can Martial Characters use Spell Scrolls in D&D 2024?
• How to demystify why my degree took so long on my CV
• If the hard problem of consciousness is unanswerable, is it a hard problem or just a bad question?
• Is there evidence that Kurt Gödel took his proof of the existence of God to be conclusive?
• Are garbage-collection programming languages inherently unsafe for use in cryptography
• Is there a commonly used expression for adjusting a training or form of support to a person's specific situation and needs?
• Reducing wattage of a portable car heater
• How to delete faces that intersect an edge with geometry nodes?
• Can you see through a cannonball packing?
• Why does water vapor sometimes start to twirl above a pot of boiling water?
• Use of “12 m.” for noon and “12 p.m.” for midnight
• What does "Ganz wirklich ehrlich" mean in this context?
• will "brown aluminum" drip-edge suffer galvanic corrosion if it rests against fascia made of copper-treated lumber?
• Routing fastest route with weighted paths in QGIS
• What could be the potential risk of installing this "ATB" handlebar on a road bike?
• Will there be forgiveness in the age to come?
• Non-reflexive use of laisser without a direct object in « The Stranger » ?
• Most Efficient Glide: Pitch Up or Level Flight to Bleed Airspeed
• How to inherit material when using geometry nodes?
• Is it possible to use NAS hard drives in a desktop?
• Map or Thread operation for list
• When and how were nets and filters first shown to be equivalent?
• How do I remove a hat from my horse?
• The sum of multiple irrational numbers can be rational, even when they're not conjugates. Is this normal?

more hot questions Question feed Subscribe to RSS Question feed

To subscribe to this RSS feed, copy and paste this URL into your RSS reader.

lang-c