这是什么缓冲功能在做什么？ [英] What is this buffer function doing?

问题描述

我有一些code具有以下功能：

I have some code that has the following function in:

//some code before
// buf is a char[] containing shellcode

((void(*)( ))buf)( ); //Not sure how this works

谁能描述一下上面的函数实际上做又如何？

在语法上也是相当混乱！

Can anyone describe what the above function actually does and how?
Syntactically it is also rather confusing!

满code执行的壳code 的，是一个众所周知的，广泛使用的安全模块 *，应该要查看完整的源代码。如果这有什么差别 GCC -z execstack 用于在它的汇编。

The full code executes a shellcode and is part of a well known and widely used Security module*, should you wish to view the full source. If it makes any difference gcc -z execstack is used during it's compilation.

感谢。

*（第3页来源）

推荐答案

这是铸造 BUF 成一个功能，并运行它，如果它是一个返回函数无效和不带任何参数。从本质上运行的shell code。

It is casting buf into a function and running it as if it was a function that returns void and takes no arguments. Essentially running the shellcode.

从文章中​​源$ C ​​$ C：

From the source code in the article:

#include <stdlib.h>
#include <stdio.h>

const char code[] =
"\x31\xc0" /* Line 1: xorl %eax,%eax */
"\x50" /* Line 2: pushl %eax */
"\x68""//sh" /* Line 3: pushl $0x68732f2f */
"\x68""/bin" /* Line 4: pushl $0x6e69622f */
"\x89\xe3" /* Line 5: movl %esp,%ebx */
"\x50" /* Line 6: pushl %eax */
"\x53" /* Line 7: pushl %ebx */
"\x89\xe1" /* Line 8: movl %esp,%ecx */
"\x99" /* Line 9: cdql */
"\xb0\x0b" /* Line 10: movb $0x0b,%al */
"\xcd\x80" /* Line 11: int $0x80 */
;
int main(int argc, char **argv)
{
   char buf[sizeof(code)];
   strcpy(buf, code);
   ((void(*)( ))buf)( );
} 

它复制 code 的内容到 BUF ，铺设了顺序。前几行设置函数序言（设置栈等）。它看起来的机器那样的话，该code在 BUF 奠定了一样会看，如果它实际上是一个功能。铸造时，编译器可以让你真正的呼叫的功能开始 BUF 。 pretty令人称奇的是不是？但它的概念很简单。

It copies the contents of code into buf, laying it out sequentially. The first few lines set up the function prologue(setting up the stack etc). It looks to the machine as if, that the code laid out in buf is same it would look if it was actually a function. When casted, the compiler allows you to actually call the function starting at buf. Pretty amazing isn't it? But it is conceptually simple.

这篇关于这是什么缓冲功能在做什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！