Home/ Questions/Q 7407649
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T05:45:36+00:00

I was looking at this example w.r.t executing code in the stack: #include <stdio.h>

  • 0

I was looking at this example w.r.t executing code in the stack:

#include <stdio.h>
  #include <stdlib.h>
  #include <string.h>
  char shellcode[] = “\xeb\xfe”;
  int main(int argc, char *argv[]){
          void (*f)();
          char x[4];
          memcpy(x, shellcode, sizeof(shellcode));
          f = (void (*)()) x;
          f();
}

This causes a segmentation fault. My understanding this is because the shellcode runs out of memory for the rest of the bytes as x only has a size of 4 bytes. And this results in creating a write operation of copying to stack memory and that causes a seg. fault as stack memory is read only.
Is my understanding correct ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Precisely what OS are you running this on?

    To quote from the Mac Hacker’s Handbook:

    Leopard does not set the XD bit on any parts of memory besides the
    stack. It is unclear if this is a bug, an oversight, or intentional,
    but even if the software’s memory permissions are set to be
    nonexecutable, you can still execute anywhere except the stack. The
    following simple program illustrates that point.

    [ your snippet follows ]

    (Emphasis mine.)

    The code should segfault if permissions are set to nonexecutable (or if permissions are omitted altogether). It didn’t on Leopard, which even the author questions. What you observed is perfectly normal behavior for a modern OS.

    I would add: Try running it through a debugger. \xeb\xfe is an infinite loop but you technically shouldn’t even loop once. The OS should slap you on the wrist (which is apparently happening here).

    • 0