I just tried the following code snippet for shellcode testing purposes:-
#include<iostream>
using namespace std;
char sc[] = ""; #i've removed the shellcode
int main() {
int (*func)();
func = (int(*)())sc;
(int)(*func)();
}
I get a build error on compilation :-
------ Build started: Project: shellcoderunner, Configuration: Debug Win32 ------
Build started 10/15/2011 12:51:16 PM.
InitializeBuildStatus:
Touching "Debug\shellcoderunner.unsuccessfulbuild".
ClCompile:
blah.cpp
c:\users\reverser\documents\visual studio 2010\projects\shellcoderunner\shellcoderunner\blah.cpp(7): error C2440: 'type cast' : cannot convert from 'char [149]' to 'int (__cdecl *)(void)'
There is no context in which this conversion is possible
Build FAILED.
Time Ela开发者_如何学编程psed 00:00:01.99
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========
Something obvious that I'm doing wrong?
To execute a shellcode in your C/C++ program with VS, the simplest way is embedding an Assembly code like this example below:
char* buffer="blah blah blah";
int main() {
__asm{
lea eax, buffer
call eax
}
}
Hope this help!
[
At the time I am answering the question is about why compilation fails for …
#include<iostream>
using namespace std;
char sc[] = ""; #i've removed the shellcode
int main() {
int (*func)();
func = (int(*)())sc;
(int)(*func)();
}
This code is an attempt to execute data bytes as machine code. However, the OP calls this a “code snippet for shellcode testing purposes”, which is unrelated. And so I am including this original context.
]
You may have success using a void*
as intermediary.
In the formal even that should not compile, because in the formal a data pointer cannot be converted to a function pointer or vice versa.
However, reportedly Posix requires the ability to do that conversion, and it's old existing practice, so I believe most if not all compilers support it.
Note that you are in UB-land as regarding effects.
Also, note that anti-virus software and page level execute permission checking may disagree a bit with trying to execute the bytes in a string as machine code, so at that higher level yes you're doing something obviously wrong. ;-)
By the way, if what you are trying to achieve is to execute a shell script, then look into the system
function.
What command to pass in the system
call would depend on your system, so if you change your question be sure to include information about that.
Cheers & hth.,
I think the following should work:
char sc[] = ""; // i've removed the shellcode
int main()
{
int (*func)() = (int(*)())sc; // C++
int (*func)() = sc; /* C */
func();
}
It's technically undefined behaviour, but then again that's the whole point of shellcode.
You cannot cast an array to a function pointer. You have to first acquire a pointer to the array, which then can be cast:
func = (int(*)())≻
精彩评论