Could anybody help me explaining these lines of code?
char code[] = "paste your shellcode here";
int main(int argc, char **argv)
{
int (*func)();
func = (int (*)()) code;
(int)(*func)();
}
Could anybody help me explaining these lines of code?
char code[] = "paste your shellcode here";
int main(int argc, char **argv)
{
int (*func)();
func = (int (*)()) code;
(int)(*func)();
}
Have you tried Googling for "paste your shellcode here"? The
firstsecond (now that this question is first LOL) result returned is Corelan Team's Exploit writing tutorial part 9: Introduction to Win32 shellcoding where it's all explained:In a nutshell, it's merely a small utility C application to test shellcode that will be used later on in following parts of the tutorial for this same purpose. The rest is explained in the tutorial.
The code that you have here is an example of how to create a function pointer to an arbitrary slice of data and then call it.
In a very simple sense we are allocating an array of bytes (char []) into which the binary shellcode payload is pasted, typically as escaped hex values.
This line,
int (*func)();
, declares a function pointer that will return an integer. This is typical because most code will have some sort of integer based exit code returned in EAX.This line,
func = (int (*)()) code;
casts the byte array code to be a function pointer and assigns it to 'func', the previously defined function pointer.This line
(int)(*func)();
actually calls the shellcode, transferring execution to the first memory location in the byte array.This code is actually extremely useful. You wouldn't expect to find it used to exploit a system; instead this code is used to test out, debug and otherwise experiment with shellcode during development. Using it you can simply paste in the shellcode that you are trying to test and then execute it. This allows you to keep your shellcode very simple, excluding all of the typical requirements for a full standalone executable, yet still allowing you to test it without requiring that you identify a vulnerability to exploit. In this way you can know if the code works without being distracted by the various that arise when trying to exploit actual code.