is it possible to make a function execute code from a string on the stack?

Question

#include 

int main(int argc, char** argv)
{
    void (*p) (void);
    /* this obviously won\'t work, but what string could I put in 
       here (if          


        

Answer 1

Sure it is possible. Buffer Overflow exploits use it.

See Shellcode for what kind of strings you can place.

Basically what you can do it put machine code on the stack and jump to the address. This will cause execution (if the OS/machine allows it, see NX bit).

You could perhaps even try to do a memcpy from some function address onto a string on the stack and then try jumping to the address on the stack.