Bash 'printf' equivalent for command prompt?

windows shell command-line powershell exploit

12,386

Solution 1

In PowerShell, you would do it this way:

"AAAAA{0}{1}{2}{3}" -f 0x86,0x08,0x04,0xed | ./program

Solution 2

I recently came up with the same question myself and decided that for someone developing Windows exploits it is worth installing cygwin :)

Otherwise one could build a small C program mimicking printf's functionality:

#include <string.h>

int main(int argc, char *argv[])
{
    int i;
    char tmp[3];

    tmp[2] = '\0';

    if (argc > 1) {
        for (i = 2; i < strlen(argv[1]); i += 4) {
            strncpy(tmp, argv[1]+i, 2);
            printf("%c", (char)strtol(tmp, NULL, 16));
        }
    }
    else {
        printf("USAGE: printf.exe SHELLCODE\n");
        return 1;
    }

    return 0;
}

The program only handles "\xAB\xCD" strings, but it shouldn't be difficult to extend it to handle "AAAAA\xAB\xCD" strings if one needs it.

12,386

Author by

Calum Murray

Updated on June 05, 2022

Comments

Calum Murray almost 2 years
I'm looking to pipe some String input to a small C program in Windows's command prompt. In bash I could use
```
$ printf "AAAAA\x86\x08\x04\xed" | ./program
```
Essentially, I need something to escape those hexadecimal numbers in command prompt.

Is there an equivalent or similar command for printf in command prompt/powershell?

Thanks
Rich about 13 years

\x08 would indeed be the escape for character 8 in bash, so the latter example is correct.
Calum Murray about 13 years

Yeah, think the second example is what I was looking for. Thanks Keith and Joey!