• Welcome to Valhalla Legends Archive.
 

Help with C pointers -- Nevermind, fixed. Don't bother replying.

Started by mynameistmp, November 12, 2005, 04:31 PM

Previous topic - Next topic
Print
|
Go Down Pages1
User actions

mynameistmp

November 12, 2005, 04:31 PM Last Edit: November 14, 2005, 01:58 AM by mynameistmp
I found this brief piece of code that I don't really understand. Obviously there is some major concept that I am missing. I was hoping someone here could explain it a little bit. This guy stores shellcode in a char array then executes the shellcode. If you run the program it works, but I don't understand why. Here is the code:

Code Select

char shellcode[] = "blahblah";

int main()
{
      int *ret;
      ret = (int *)&ret + 2;
      (*ret) = (int)shellcode;
}


I don't really understand how that results in the shellcode being executed. Thanks in advance.
"This idea is so odd, it is hard to know where to begin in challenging it." - Martin Barker, British scholar

Kp

#1
November 12, 2005, 05:12 PM
I can't tell from your title whether you still want this answered.  This works by chance (and requires that the program not be built with -fomit-frame-pointer).  After setting up local variables, main's stack has: return address, old ebp, and ret in that order.  So (int*)&ret + 2 takes the address of ret, steps up two, and is thus pointing at the return address.  Writing to ret then clobbers the return address and points it at the shellcode.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!
Print
|
Go Up Pages1
User actions