帮助我了解这个C code(*(无效(*)())S code)() [英] Help me understand this C code (*(void(*) ()) scode) ()
问题描述
来源: http://milw0rm.org/papers/145
#include <stdio.h>
#include <stdlib.h>
int main()
{
char scode[]="\x31\xc0\xb0\x01\x31\xdb\xcd\x80";
(*(void(*) ()) scode) ();
}
这论文是关于Linux平台的shell code教程,但它并没有解释如何在下面的语句(*(无效(*)())S code)( );
的作品。我使用的书C语言程序设计参考,以Brian.W.Kernighan,Dennis.M.Ritchie 2ED查找一个答案,但没有找到答案。可能有人能指向正确的方向,也许一个网站,另外C参考书在哪里可以找到答案。
This papers is tutorial about shellcode on Linux platform, however it did not explain how the following statement "(*(void(*) ()) scode) ();
" works. I'm using the book "The C Language Programming Reference, 2ed by Brian.W.Kernighan, Dennis.M.Ritchie" to lookup for an answer but found no answer. May someone can point to the right directions, maybe a website, another C reference book where I can find an answer.
推荐答案
在C:
(some_type) some_var
蒙上some_var为类型some_type的。
casts some_var to be of type some_type.
在您的code样品无效(*)()是some_type,是一个函数指针,它没有参数和返回任何签名。
(无效(*)())S code蒙上US code到是一个函数指针。
(*(无效(*)())S code)该函数指针引用。
和最后()调用以s code定义的功能。
In your code sample "void(*) ()" is the some_type and is the signature for a function pointer that takes no arguments and returns nothing. "(void(*) ()) scode" casts scode to be a function pointer. "(*(void(*) ()) scode)" dereferences that function pointer. And the final () calls the function defined in scode.
以s code中的字节拆解以下I386集:
And the bytes in scode disassemble to the following i386 assembly:
31 c0 xor %eax,%eax
b0 01 mov $0x1,%al
31 db xor %ebx,%ebx
cd 80 int $0x80
这篇关于帮助我了解这个C code(*(无效(*)())S code)()的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!