Testing a shellcode

0xab3d picture 0xab3d · May 9, 2010 · Viewed 8.3k times · Source

I have this piece of code to test a shellcode but I don't understand it so can anyone explain it to me?

Forget about the assembly shellcode, what I want to understand is the C code,

char shellcode[] = "...";

int main(int argc, char **argv)

{

int (*func)();

func = (int (*)()) shellcode;

(int)(*func)();

}

I mean everything, what are the empty (), please explain it as if you are explaining it to a beginner.

Answer

E.M. picture E.M. · May 9, 2010
int (*func)();

This is a declaration of a function pointer. A function pointer is essentially a variable that holds the address of a function. In this case, the type of function that func points to is a one that takes no arguments and returns an int. You can assign the address of a function to this variable like so:

func = foo;

Where foo is a function with the prototype int foo();.

Once a function has been assigned to this variable, you can call the function that func points to like so:

(*func)();

There is an alternate syntax (which is equivalent), which I think is more clear:

func();

So if foo was assigned to func, then both examples above would actually call the function foo.

You can also cast values to function pointers. In the code example

(int (*)())

is a cast to a function pointer that takes no arguments and returns an int. This is so the compiler won't complain about assigning what is essentially a char* to the function pointer func.

In the code you gave above, there is one last thing. After func is called, the result is (for some reason) cast to an int. As far as I can tell, this cast is totally unnecessary. So the last line

(int)(*func)();

could be replaced with

(*func)();