Java Böy said:
could some body help me what's happening here...
thanks..
char sc[] =
"\x31\xc0" /* xor %eax, %eax */
"\x50" /* push %eax */
"\x68\x2f\x2f\x73\x68" /* push $0x68732f2f */
"\x68\x2f\x62\x69\x6e" /* push $0x6e69622f */
"\x89\xe3" /* mov %esp,%ebx */
"\x50" /* push %eax */
"\x53" /* push %ebx */
"\x89\xe1" /* mov %esp,%ecx */
"\x31\xd2" /* xor %edx,%edx */
"\xb0\x0b" /* mov $0xb,%al */
"\xcd\x80"; /* int $0x80 */
main()
{
void (*fp) (void); // what is happening at this line
fp = (void *)sc;
fp();
}
Just for your information, I think your code (including the assembly part) *is not illegal* in C,
in fact
From ISO/IEC 9899:1999
Do you have the slightest clue about the connection between J.5 and the
normative part of the C99 standard?
1 A pointer to an object or to void may be cast to a pointer to a function, allowing data to
be invoked as a function (6.5.4).
Where can you see such a cast in the OP's code? Are you visually impaired
or merely a patent idiot?
From line 1 "allowing data to be invoked as a function"
What about it?
And what about the following quote from the *normative* part of the same
standard:
6.5.16.1 Simple assignment
Constraints
1 One of the following shall hold:93)
- the left operand has qualified or unqualified arithmetic type
and the right has arithmetic type;
- the left operand has a qualified or unqualified version of a
structure or union type compatible with the type of the right;
- both operands are pointers to qualified or unqualified versions
of compatible types, and the type pointed to by the left has
all the qualifiers of the type pointed to by the right;
- one operand is a pointer to an object or incomplete type and
the other is a pointer to a qualified or unqualified version
of void, and the type pointed to by the left has all the
qualifiers of the type pointed to by the right;
- the left operand is a pointer and the right is a null pointer
constant; or
- the left operand has type _Bool and the right is a pointer.
Which of these alternatives is matched by fp = (void *)sc; ?
Any idea about what happens when a constraint is violated?
If the line in question was:
fp = (void(*)(void))sc; /* no 6.5.16.1 constraint violation */
the code would have invoked undefined behaviour and the quote from J.5.7
would have explained why such code *may* work on *certain*
implementations (still without giving it *any* legitimation).
It doesn't hurt to get a clue before posting irrelevant quotes from the
standard!
Dan