Skip to content

Add cyclic pattern generation and offset calculation#9

Open
AO031 wants to merge 1 commit intoByzero512:masterfrom
AO031:add-cyclic
Open

Add cyclic pattern generation and offset calculation#9
AO031 wants to merge 1 commit intoByzero512:masterfrom
AO031:add-cyclic

Conversation

@AO031
Copy link
Copy Markdown

@AO031 AO031 commented Mar 29, 2026

This PR adds two utility functions to misc.py:

  • cyclic(length=None): generates a de Bruijn sequence pattern of 4‑byte tokens (aaaa, aaab, ..., zzzz) for buffer overflow testing. If length is given, returns the first length bytes.
  • cyclic_find(subseq): returns the byte offset of a 4‑byte token in the pattern. Accepts a 4‑character string or a little‑endian integer (e.g., from EIP). Returns -1 if the token is invalid.

These functions are commonly used in exploit development to quickly determine the exact offset to overwrite the return address. They are analogous to pwntools' cyclic and cyclic_find, but implemented natively in pure Python without external dependencies.

Usage example:

from winpwn import cyclic, cyclic_find

# Generate 200-byte pattern
pattern = cyclic(200)
# ... send pattern to target ...

# After crash, get EIP value (e.g., 0x64616161)
offset = cyclic_find(0x64616161)
print(f"Offset: {offset} bytes")   # Output: 12
OR
offset = cyclic_find("aaad")
print(f"Offset: {offset} bytes")   # Output: 12

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant