shellcode

I came across this piece of code: char code[] = "\xb0\x01\x31\xdb\xcd\x80"; int main(int argc, char **argv) { int (*func)(); func = (int (*)()) code; (int)(*func)(); } It is copied from Writing Shellcode for Linux and Windows Tutorial . Could someone explain that what this function invocation (int)(*func)(); is doing? Jean-Baptiste Yunès It calls a function whose machine code is in the array code . The string contains some machine-level instructions ((three I think, have a look at x86 instruction set). func is declared as a pointer to a function that takes no argument and returns an int . func

I was reading this book Art of Exploitation, which is kinda good book and I run across that example from exploit_notesearch.c file. Briefly author tries to overflow program from notesearch.c int main(int argc, char *argv[]) { int userid, printing=1, fd; char searchstring[100]; if(argc > 1) // If there is an arg strcpy(searchstring, argv[1]); else // otherwise, searchstring[0] = 0; The argument of the main function is copied to the searchstring array and if the argument is bigger than 100 bytes it will overflow the return address from the main function. The author prepares the shellcode in

I am new to x86_64 assembly programming. I was writing simple "Hello World" program in x86_64 assembly. Below is my code, which runs perfectly fine. global _start section .data msg: db "Hello to the world of SLAE64", 0x0a mlen equ $-msg section .text _start: mov rax, 1 mov rdi, 1 mov rsi, msg mov rdx, mlen syscall mov rax, 60 mov rdi, 4 syscall Now when I disassemble in gdb, it gives below output: (gdb) disas Dump of assembler code for function _start: => 0x00000000004000b0 <+0>: mov eax,0x1 0x00000000004000b5 <+5>: mov edi,0x1 0x00000000004000ba <+10>: movabs rsi,0x6000d8 0x00000000004000c4 <

I have the following working NASM code: global _start section .text _start: mov eax, 0x4 mov ebx, 0x1 mov ecx, message mov edx, 0xF int 0x80 mov eax, 0x1 mov ebx, 0x0 int 0x80 section .data message: db "Hello, World!", 0dh, 0ah which prints "Hello, World!\n" to the screen. I also have the following C wrapper which contains the previous NASM object code: char code[] = "\xb8\x04\x00\x00\x00" "\xbb\x01\x00\x00\x00" "\xb9\x00\x00\x00\x00" "\xba\x0f\x00\x00\x00" "\xcd\x80\xb8\x01\x00" "\x00\x00\xbb\x00\x00" "\x00\x00\xcd\x80"; int main(void) { (*(void(*)())code)(); } However when I run the code, it

In Demystifying the Execve Shellcode is explained a way to write an execve shellcode: #include<stdio.h> #include<string.h> unsigned char code[] = "\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80"; main() { printf("Shellcode Length: %d\n", strlen(code)); int (*ret)() = (int(*)())code; ret(); } What does the line int (*ret)() = (int(*)())code; do? int (*ret)() = (int(*)())code; ~~~~~~~~~~~~ ~~~~~~~~~~~~~~ 1 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3 It defines ret as a pointer to a function which has no parameter () and returns int . So, Those ()