https://stackoverflow.com/questions/17636540
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianThe code that you have here is an example of how to create a function pointer to an arbitrary slice of data and then call it.
In a very simple sense we are allocating an array of bytes (char []) into which the binary shellcode payload is pasted, typically as escaped hex values.
This line, int (*func)();, declares a function pointer that will return an integer. This is typical because most code will have some sort of integer based exit code returned in EAX.
This line, func = (int (*)()) code; casts the byte array code to be a function pointer and assigns it to 'func', the previously defined function pointer.
This line (int)(*func)(); actually calls the shellcode, transferring execution to the first memory location in the byte array.
This code is actually extremely useful. You wouldn't expect to find it used to exploit a system; instead this code is used to test out, debug and otherwise experiment with shellcode during development. Using it you can simply paste in the shellcode that you are trying to test and then execute it. This allows you to keep your shellcode very simple, excluding all of the typical requirements for a full standalone executable, yet still allowing you to test it without requiring that you identify a vulnerability to exploit. In this way you can know if the code works without being distracted by the various that arise when trying to exploit actual code.
