6.4. When printf(fmt) is executed, the stack (from low address to high address) contains the following values (4 bytes each), where the first number is the content of the variable fmt, which is a pointer pointing to a format string. If you can decide the content of the format string, what is the smallest number of format specifiers that you can use crash the program with a 100 percent probability? 0xAABBCCDD, 0xAABBDDFF, 0x22334455, 0x00000000, 0x99663322 6.5. A server program takes an input from a remote user, saves the input in a buffer allocated on the stack (Region in Figure 6.9). The address of this buffer is then stored in the local variable fmt, which is used in the following statement in the server program: printf(fmt); When the above statement is executed, the current stack layout is depicted in Figure 6.9. If you are a malicious attacker, can you construct the input, so when the input is fed into the server program, you can get the server program to execute your code? Please write down the actual content of the input (you do not need to provide the exact content of the code; just put malicious code in your answer, but you need to put it in the correct location). 6.6. If your answer to Problem 6.5. causes the server to print out more than a billion characters, it may take a while for your attack to succeed. Please revise your answer, so the total number of characters printed out is less than 60,000.