This is a typical format string vulnerability, where the user input is passed into `printf()` as a format string. Hence, we can use `%<position>$llx` to view the stack values.

[Full Writeup](https://zeyu2001.gitbook.io/ctfs/2021/bcactf-2.0/american-literature)

Original writeup (https://zeyu2001.gitbook.io/ctfs/2021/bcactf-2.0/american-literature).