Home/ Questions/Q 369071
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T13:53:04+00:00

Source: http://milw0rm.org/papers/145 #include <stdio.h> #include <stdlib.h> int main() { char scode[]=\x31\xc0\xb0\x01\x31\xdb\xcd\x80; (*(void(*) ()) scode)

  • 0

Source: http://milw0rm.org/papers/145

#include <stdio.h>
#include <stdlib.h>

int main()
{
 char scode[]="\x31\xc0\xb0\x01\x31\xdb\xcd\x80";
 (*(void(*) ()) scode) ();
}

This papers is tutorial about shellcode on Linux platform, however it did not explain how the following statement “(*(void(*) ()) scode) ();” works. I’m using the book “The C Language Programming Reference, 2ed by Brian.W.Kernighan, Dennis.M.Ritchie” to lookup for an answer but found no answer. May someone can point to the right directions, maybe a website, another C reference book where I can find an answer.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In C:

    (some_type) some_var

    casts some_var to be of type some_type.

    In your code sample “void(*) ()” is the some_type and is the signature for a function pointer that takes no arguments and returns nothing.
    “(void(*) ()) scode” casts scode to be a function pointer.
    “(*(void(*) ()) scode)” dereferences that function pointer.
    And the final () calls the function defined in scode.

    And the bytes in scode disassemble to the following i386 assembly:

       31 c0        xor    %eax,%eax
   b0 01        mov    $0x1,%al
   31 db        xor    %ebx,%ebx
   cd 80        int    $0x80
    • 0