FORMAT STRINGS 

NOTES:- 

• ASCII string to control representation of variable
• Variadic functions:- accept variable no of arguments
• printf()
•  fprintf()
• format specifiers are given to format the output
• %s,%d,%x are all common format specifiers 
•  THEORY : When a variadic function accepts only one input buffer, we supply  the buffer with a format specifier which makes it look above it inthe stack for the arguments needed this causes the program to print information it never meant to print , which in a sense is a kind of error which can be exploited.
•  
• Numbers can also be give before the specifier to format the no of bytes of the output like
• %5s
• %10d
• Direct parameter access
• These can be used to access the reuired parameter directly.
• syntax :: %5$d
•  Using Direct parameter access requires the use of python mostly 
• Using Python for printing the fifth address in the stack                                      python -c 'print "AAAA.%5$x"'| ./filename 
• Using Python for program with command line arguments                                 ./filename $( python -c 'print "AAAA.%5$x"')       
•