源码
#include <stdlib.h>
const unsigned char shellcode[] = "\xeb\x19\x31\xc0\x31\xdb\x31\xc9\x31\xd2\xb0\x04"\
"\xb2\x0e\x59\xb3\x01\xcd\x80\x31\xc0\xb0\x01"\
"\x31\xdb\xcd\x80\xe8\xe2\xff\xff\xff"\
"\x48\x65\x6c\x6c\x6f\x2c\x20\x57\x6f\x72\x6c"\
"\x64\x21\x0a";
int main(int argc, char **argv) {
int (*ret)();
ret = (int(*)())shellcode;
(int)(*ret)();
exit(0);
}
[zhongyunde@linux-hcc3 ~]$gcc dd.c
[zhongyunde@linux-hcc3 ~]$./a.out
Segmentation fault
[zhongyunde@linux-hcc3 ~]$gcc dd.c -z execstack
[zhongyunde@linux-hcc3 ~]$./a.out
Hello, World!
说明:shellcode在这里应该是被当做一个函数(在内存中有执行的权限)吧,有自己的stack
1) link的时候必须指明可执行栈, 即选项-z execstack
2)shellcode 数据类型必须加上const ,因为有const才会放到text section
详见:http://stackoverflow.com/questions/1576489/where-are-constant-variables-stored-in-c