Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
387 views
in Technique[技术] by (71.8m points)

shellcode - C code explanation

Could anybody help me explaining these lines of code?

char code[] = "paste your shellcode here";

int main(int argc, char **argv)
{
   int (*func)();
   func = (int (*)()) code;
   (int)(*func)();
}
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

The code that you have here is an example of how to create a function pointer to an arbitrary slice of data and then call it.

In a very simple sense we are allocating an array of bytes (char []) into which the binary shellcode payload is pasted, typically as escaped hex values.

This line, int (*func)();, declares a function pointer that will return an integer. This is typical because most code will have some sort of integer based exit code returned in EAX.

This line, func = (int (*)()) code; casts the byte array code to be a function pointer and assigns it to 'func', the previously defined function pointer.

This line (int)(*func)(); actually calls the shellcode, transferring execution to the first memory location in the byte array.

This code is actually extremely useful. You wouldn't expect to find it used to exploit a system; instead this code is used to test out, debug and otherwise experiment with shellcode during development. Using it you can simply paste in the shellcode that you are trying to test and then execute it. This allows you to keep your shellcode very simple, excluding all of the typical requirements for a full standalone executable, yet still allowing you to test it without requiring that you identify a vulnerability to exploit. In this way you can know if the code works without being distracted by the various that arise when trying to exploit actual code.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...