问题
I came across this piece of code:
char code[] = "\xb0\x01\x31\xdb\xcd\x80";
int main(int argc, char **argv)
{
int (*func)();
func = (int (*)()) code;
(int)(*func)();
}
It is copied from Writing Shellcode for Linux and Windows Tutorial.
Could someone explain that what this function invocation (int)(*func)(); is doing?
回答1:
It calls a function whose machine code is in the array code. The string contains some machine-level instructions ((three I think, have a look at x86 instruction set). func is declared as a pointer to a function that takes no argument and returns an int. func is then set to the address of the first byte of that string (machine instructions remember). Then func is called, so a function call to the first instruction of the string is made.
I don't now x86 instruction set very well, but it seems to make a system call (don't know which one); 0xcd 0x80 is a trap to the system.
As @etheranger said, it is a call to the _exit system call.
Beware that this is Linux-dependent, see What does "int 0x80" mean in assembly code?
A short explanation for this mechanism is available here: http://www.linfo.org/system_call_number.html
来源:https://stackoverflow.com/questions/28668138/what-does-this-invocation-of-a-char-array-cast-as-a-function-do