壳牌code与C程序 [英] Shellcode in C program
问题描述
链接<一个href=\"http://hackoftheday.securitytube.net/2013/04/demystifying-execve-shell$c$c-stack.html\">http://hackoftheday.securitytube.net/2013/04/demystifying-execve-shell$c$c-stack.html
突出的方式来写一个execve的外壳code。
#包括LT&;&stdio.h中GT;
#包括LT&;&string.h中GT;unsigned char型code [] =
\"\\x31\\xc0\\x50\\x68\\x6e\\x2f\\x73\\x68\\x68\\x2f\\x2f\\x62\\x69\\x89\\xe3\\x50\\x89\\xe2\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80\";主要()
{ 的printf(壳牌code长度:%d个\\ N的strlen(code)); INT(* RET)()=(INT(*)())code; RET();
}
这是什么,行int (* RET)()=(INT(*)())code; 做
INT(* RET)()=(INT(*)())code;
~~~~~~~~~~~~ ~~~~~~~~~~~~~~
1 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3
-
它定义
RET作为一个指针指向一个函数,没有参数()并返回INT。所以,那些()表示的函数参数的定义。 -
这是用于铸造
code来的指针,它没有参数的函数()并返回INT。 -
强制类型转换
code作为一个函数,并将其分配给RET。之后,你可以调用RET();
&NBSP;
unsigned char型code [] =\\ X31 \\ XC0 \\ X50 \\ X68 \\ x6e \\ X2F \\ ...
这是机器指令序列重新用十六进制值psented $ P $。它将被注入到code作为一个函数。
The link http://hackoftheday.securitytube.net/2013/04/demystifying-execve-shellcode-stack.html highlights a way to write an execve shellcode.
#include<stdio.h>
#include<string.h>
unsigned char code[] =
"\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80";
main()
{
printf("Shellcode Length: %d\n", strlen(code));
int (*ret)() = (int(*)())code;
ret();
}
What does the line int (*ret)() = (int(*)())code; do?
int (*ret)() = (int(*)())code;
~~~~~~~~~~~~ ~~~~~~~~~~~~~~
1 2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3
It defines
retas a pointer to a function which has no parameter()and returnsint. So, Those()indicates the definition of parameters of a function.It's for casting
codeto a pointer to a function which has no parameter()and returnsint.Casts
codeas a function and assigns it toret. After that you can callret();.
unsigned char code[] = "\x31\xc0\x50\x68\x6e\x2f\...
It is a sequence of machine instructions represented by hex values. It will be injected to the code as a function.
这篇关于壳牌code与C程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
