Reputation: 106012
What does this invocation of a char array cast as a function do?
I came across this piece of code:
char code[] = "\xb0\x01\x31\xdb\xcd\x80";
int main(int argc, char **argv)
{
int (*func)();
func = (int (*)()) code;
(int)(*func)();
}
It is copied from Writing Shellcode for Linux and Windows Tutorial.
Could someone explain that what this function invocation (int)(*func)(); is doing?
Upvotes: 3
Views: 318
Answers (1)
Reputation: 36401
It calls a function whose machine code is in the array code. The string contains some machine-level instructions ((three I think, have a look at x86 instruction set). func is declared as a pointer to a function that takes no argument and returns an int. func is then set to the address of the first byte of that string (machine instructions remember). Then func is called, so a function call to the first instruction of the string is made.
I don't now x86 instruction set very well, but it seems to make a system call (don't know which one); 0xcd 0x80 is a trap to the system.
As @etheranger said, it is a call to the _exit system call.
Beware that this is Linux-dependent, see What does "int 0x80" mean in assembly code?
A short explanation for this mechanism is available here: http://www.linfo.org/system_call_number.html
Upvotes: 3
Related Questions
- What explains the output for this C code?
- Not able to understand what this C function does
- What happens in this code? (Executing a char buffer)
- What does this piece of C code do ? [confusing with function body code]
- A piece of C code, that probably does something with memory
- Odd C syntax in pointer declaration and function call
- Trying to understand function pointer usage in this code
- What does this pointer do in the argument of this function?
- What is the explanation of the code?
- trying to understand C, does this set a function equal to a char[] to execute the char[]?