How this function call works???

"Java Böy" <ja*****@zapo.n et> wrote:

could some body help me what's happening here...

char sc[] =
"\x31\xc0" /* xor %eax, %eax */ [...] "\xcd\x80"; /* int $0x80 */

main()
{
void (*fp) (void); // what is happening at this line
This line declares the variable fp as an pointer to an function of void
which returns void.

fp = (void *)sc;
fp();
}

Let me give you an example (hopefully) easier to understand:

#include <stdio.h>

void foo(void)
{
printf("Hallo Welt\n");
}

int main(void)
{
void (*f)(void); // declare a pointer to a function

f = foo; // assign the address of foo to the pointer f
f(); // call the function f points to -> foo

return 0;
}

The additional problem with the program given by you is that the
function is not declared as one, but as a array of chars char sc[] =...
This array is initialized with some 80x86 assembler hexcodes which end
int some linux kernel call I don't know... Hopefully it will terminate
the program for there is no return instruction in the function.

BTW: main doesn't need to be a function either :)

long long main = 0xC300000000B8; // int main(void) { return 0; }

On Fri, 1 Aug 2003 01:27:26 +0500, "Java Böy" <ja*****@zapo.n et> wrote
in comp.lang.c:

could some body help me what's happening here...

thanks..

char sc[] =
"\x31\xc0" /* xor %eax, %eax */
"\x50" /* push %eax */
"\x68\x2f\x2f\x 73\x68" /* push $0x68732f2f */
"\x68\x2f\x62\x 69\x6e" /* push $0x6e69622f */
"\x89\xe3" /* mov %esp,%ebx */
"\x50" /* push %eax */
"\x53" /* push %ebx */
"\x89\xe1" /* mov %esp,%ecx */
"\x31\xd2" /* xor %edx,%edx */
"\xb0\x0b" /* mov $0xb,%al */
"\xcd\x80"; /* int $0x80 */

main()
The current C standard requires that main() be defined with a return
type of int.
{
void (*fp) (void); // what is happening at this line
Defines fp to be a pointer to a function that takes no arguments and
returns nothing.
fp = (void *)sc;
This is undefined behavior. There is no cast from pointer to char to
pointer to function of any kind defined in C. At this point you do
not have a C program anymore.
fp();
}

Whatever happens when you attempt to call an array of characters via a
pointer to a function has nothing to do with C. On many platforms it
will just plain crash. If you want to find out what someone expected
it to do on one particular compiler, you might try asking in a group
that discusses that particular compiler.

As far as the C language is concerned, anything that happens during or
after the assignment of the array to the function pointer is just as
correct or incorrect as anything else.

--
Jack Klein
Home: http://JK-Technology.Com
FAQs for
comp.lang.c http://www.eskimo.com/~scs/C-faq/top.html
comp.lang.c++ http://www.parashift.com/c++-faq-lite/
alt.comp.lang.l earn.c-c++ ftp://snurse-l.org/pub/acllc-c++/faq

On Thu, 31 Jul 2003 22:42:57 +0200, Jens Schicke <dr******@gmx.d e>
wrote in comp.lang.c:

"Java Böy" <ja*****@zapo.n et> wrote:

could some body help me what's happening here...

char sc[] =
"\x31\xc0" /* xor %eax, %eax */ [...]

"\xcd\x80"; /* int $0x80 */

main()
{
void (*fp) (void); // what is happening at this line

This line declares the variable fp as an pointer to an function of void
which returns void.

fp = (void *)sc;
fp();
}

Let me give you an example (hopefully) easier to understand:

#include <stdio.h>

void foo(void)
{
printf("Hallo Welt\n");
}

int main(void)
{
void (*f)(void); // declare a pointer to a function

f = foo; // assign the address of foo to the pointer f
f(); // call the function f points to -> foo

return 0;
}

The additional problem with the program given by you is that the
function is not declared as one, but as a array of chars char sc[] =...
This array is initialized with some 80x86 assembler hexcodes which end
int some linux kernel call I don't know... Hopefully it will terminate
the program for there is no return instruction in the function.

BTW: main doesn't need to be a function either :)

We discuss the C language here. If you want to spout bullsh*t, go
somewhere else.
long long main = 0xC300000000B8; // int main(void) { return 0; }

If you think the above is C, you are brain-damaged.

--
Jack Klein
Home: http://JK-Technology.Com
FAQs for
comp.lang.c http://www.eskimo.com/~scs/C-faq/top.html
comp.lang.c++ http://www.parashift.com/c++-faq-lite/
alt.comp.lang.l earn.c-c++ ftp://snurse-l.org/pub/acllc-c++/faq

In <bg*********@im sp212.netvigato r.com> "Jeff" <no****@notexis t.com> writes:

"Java Böy" <ja*****@zapo.n et> wrote in message news:bg******** **@adenine.netf ront.net...

could some body help me what's happening here...

thanks..

char sc[] =
"\x31\xc0" /* xor %eax, %eax */
"\x50" /* push %eax */
"\x68\x2f\x2f\x 73\x68" /* push $0x68732f2f */
"\x68\x2f\x62\x 69\x6e" /* push $0x6e69622f */
"\x89\xe3" /* mov %esp,%ebx */
"\x50" /* push %eax */
"\x53" /* push %ebx */
"\x89\xe1" /* mov %esp,%ecx */
"\x31\xd2" /* xor %edx,%edx */
"\xb0\x0b" /* mov $0xb,%al */
"\xcd\x80"; /* int $0x80 */

main()
{
void (*fp) (void); // what is happening at this line

fp = (void *)sc;
fp();
}
Just for your information, I think your code (including the assembly part) *is not illegal* in C,
in fact

From ISO/IEC 9899:1999
-------------------------------------
J.5.7 Function pointer casts

Do you have the slightest clue about the connection between J.5 and the
normative part of the C99 standard?
1 A pointer to an object or to void may be cast to a pointer to a function, allowing data to
be invoked as a function (6.5.4).
Where can you see such a cast in the OP's code? Are you visually impaired
or merely a patent idiot?
From line 1 "allowing data to be invoked as a function"

What about it?

And what about the following quote from the *normative* part of the same
standard:

6.5.16.1 Simple assignment

Constraints

1 One of the following shall hold:93)

- the left operand has qualified or unqualified arithmetic type
and the right has arithmetic type;

- the left operand has a qualified or unqualified version of a
structure or union type compatible with the type of the right;

- both operands are pointers to qualified or unqualified versions
of compatible types, and the type pointed to by the left has
all the qualifiers of the type pointed to by the right;

- one operand is a pointer to an object or incomplete type and
the other is a pointer to a qualified or unqualified version
of void, and the type pointed to by the left has all the
qualifiers of the type pointed to by the right;

- the left operand is a pointer and the right is a null pointer
constant; or

- the left operand has type _Bool and the right is a pointer.

Which of these alternatives is matched by fp = (void *)sc; ?
Any idea about what happens when a constraint is violated?

If the line in question was:

fp = (void(*)(void)) sc; /* no 6.5.16.1 constraint violation */

the code would have invoked undefined behaviour and the quote from J.5.7
would have explained why such code *may* work on *certain*
implementations (still without giving it *any* legitimation).

It doesn't hurt to get a clue before posting irrelevant quotes from the
standard!

Dan
--
Dan Pop
DESY Zeuthen, RZ group
Email: Da*****@ifh.de

"Dan Pop" <Da*****@cern.c h> wrote in message news:bg******** **@sunnews.cern .ch...

In <bg*********@im sp212.netvigato r.com> "Jeff" <no****@notexis t.com> writes:

"Java Böy" <ja*****@zapo.n et> wrote in message news:bg******** **@adenine.netf ront.net...

could some body help me what's happening here...

thanks..

char sc[] =
"\x31\xc0" /* xor %eax, %eax */
"\x50" /* push %eax */
"\x68\x2f\x2f\x 73\x68" /* push $0x68732f2f */
"\x68\x2f\x62\x 69\x6e" /* push $0x6e69622f */
"\x89\xe3" /* mov %esp,%ebx */
"\x50" /* push %eax */
"\x53" /* push %ebx */
"\x89\xe1" /* mov %esp,%ecx */
"\x31\xd2" /* xor %edx,%edx */
"\xb0\x0b" /* mov $0xb,%al */
"\xcd\x80"; /* int $0x80 */

main()
{
void (*fp) (void); // what is happening at this line

fp = (void *)sc;
fp();
}

Just for your information, I think your code (including the assembly part) *is not illegal* in C,in fact

From ISO/IEC 9899:1999
-------------------------------------
J.5.7 Function pointer casts

Do you have the slightest clue about the connection between J.5 and the
normative part of the C99 standard?

1 A pointer to an object or to void may be cast to a pointer to a function, allowing data to
be invoked as a function (6.5.4).

Where can you see such a cast in the OP's code? Are you visually impaired
or merely a patent idiot?

From line 1 "allowing data to be invoked as a function"

What about it?

And what about the following quote from the *normative* part of the same
standard:

6.5.16.1 Simple assignment

Constraints

1 One of the following shall hold:93)

- the left operand has qualified or unqualified arithmetic type
and the right has arithmetic type;

- the left operand has a qualified or unqualified version of a
structure or union type compatible with the type of the right;

- both operands are pointers to qualified or unqualified versions
of compatible types, and the type pointed to by the left has
all the qualifiers of the type pointed to by the right;

- one operand is a pointer to an object or incomplete type and
the other is a pointer to a qualified or unqualified version
of void, and the type pointed to by the left has all the
qualifiers of the type pointed to by the right;

- the left operand is a pointer and the right is a null pointer
constant; or

- the left operand has type _Bool and the right is a pointer.

Which of these alternatives is matched by fp = (void *)sc; ?
Any idea about what happens when a constraint is violated?

If the line in question was:

fp = (void(*)(void)) sc; /* no 6.5.16.1 constraint violation */

the code would have invoked undefined behaviour and the quote from J.5.7
would have explained why such code *may* work on *certain*
implementations (still without giving it *any* legitimation).

It doesn't hurt to get a clue before posting irrelevant quotes from the
standard!

Dan
--
Dan Pop
DESY Zeuthen, RZ group
Email: Da*****@ifh.de

I understand what is the problem. Thank you for your explanation.

--
Jeff

# In <bg**********@a denine.netfront .net> "Java Böy" <ja*****@zapo.n et> writes:
#
#
# could some body help me what's happening here...
#
# char sc[] =
# "\x31\xc0" /* xor %eax, %eax */
# "\x50" /* push %eax */
# "\x68\x2f\x2f\x 73\x68" /* push $0x68732f2f */
# "\x68\x2f\x62\x 69\x6e" /* push $0x6e69622f */
# "\x89\xe3" /* mov %esp,%ebx */
# "\x50" /* push %eax */
# "\x53" /* push %ebx */
# "\x89\xe1" /* mov %esp,%ecx */
# "\x31\xd2" /* xor %edx,%edx */
# "\xb0\x0b" /* mov $0xb,%al */
# "\xcd\x80"; /* int $0x80 */
#
# main()
# {
# void (*fp) (void); // what is happening at this line
#
# fp = (void *)sc;
# fp();
# }

It's a hand-coded system or bios interrupt call. You can probably
get more information about the call from an intel newsgroup.
Rather than use some kind 'asm' insert or separate assembly file,
someone figured out all the opcodes and inserted them into the
char array. The data pointer to this is forced into a code pointer
and then the code is executed with a function call mechanism.

The code is, of course, machine specific. And to some degree so
is converting a data pointer to a code pointer: on some machines
they are very different creatures.

--
Derk Gwen http://derkgwen.250free.com/html/index.html
What kind of convenience store do you run here?

In article <vi************ @corp.supernews .com>,
Derk Gwen <de******@HotPO P.com> wrote:

It's a hand-coded system or bios interrupt call. You can probably
get more information about the call from an intel newsgroup. ...
The code is, of course, machine specific. And to some degree so
is converting a data pointer to a code pointer: on some machines
they are very different creatures.

Oddly enough, one of those machines is the very machine for which
it is written: the Intel IA32.

If the CPU's registers were set up so as to deter certain forms of
viruses, the code would not work at all. Fortunately for the
original author, however, most people prefer to get the wrong
answer as fast as possible. :-)
--
In-Real-Life: Chris Torek, Wind River Systems (BSD engineering)
Salt Lake City, UT, USA (40°39.22'N, 111°50.29'W) +1 801 277 2603
email: forget about it http://67.40.109.61/torek/index.html (for the moment)
Reading email is like searching for food in the garbage, thanks to spammers.

Why is everyone in these newsgroups so friggin nasty and mean? This is why
usenet has gone to crap and it is now virtually useless as a mechanism for a
newby to get any kind of help.
"Dan Pop" <Da*****@cern.c h> wrote in message
news:bg******** **@sunnews.cern .ch...

In <bg*********@im sp212.netvigato r.com> "Jeff" <no****@notexis t.com> writes:

"Java Böy" <ja*****@zapo.n et> wrote in message news:bg******** **@adenine.netf ront.net...

could some body help me what's happening here...

thanks..

char sc[] =
"\x31\xc0" /* xor %eax, %eax */
"\x50" /* push %eax */
"\x68\x2f\x2f\x 73\x68" /* push $0x68732f2f */
"\x68\x2f\x62\x 69\x6e" /* push $0x6e69622f */
"\x89\xe3" /* mov %esp,%ebx */
"\x50" /* push %eax */
"\x53" /* push %ebx */
"\x89\xe1" /* mov %esp,%ecx */
"\x31\xd2" /* xor %edx,%edx */
"\xb0\x0b" /* mov $0xb,%al */
"\xcd\x80"; /* int $0x80 */

main()
{
void (*fp) (void); // what is happening at this line

fp = (void *)sc;
fp();
}

Just for your information, I think your code (including the assembly part) *is not illegal* in C,in fact

From ISO/IEC 9899:1999
-------------------------------------
J.5.7 Function pointer casts

Do you have the slightest clue about the connection between J.5 and the
normative part of the C99 standard?

1 A pointer to an object or to void may be cast to a pointer to a function, allowing data tobe invoked as a function (6.5.4).

Where can you see such a cast in the OP's code? Are you visually impaired
or merely a patent idiot?

From line 1 "allowing data to be invoked as a function"

What about it?

And what about the following quote from the *normative* part of the same
standard:

6.5.16.1 Simple assignment

Constraints

1 One of the following shall hold:93)

- the left operand has qualified or unqualified arithmetic type
and the right has arithmetic type;

- the left operand has a qualified or unqualified version of a
structure or union type compatible with the type of the right;

- both operands are pointers to qualified or unqualified versions
of compatible types, and the type pointed to by the left has
all the qualifiers of the type pointed to by the right;

- one operand is a pointer to an object or incomplete type and
the other is a pointer to a qualified or unqualified version
of void, and the type pointed to by the left has all the
qualifiers of the type pointed to by the right;

- the left operand is a pointer and the right is a null pointer
constant; or

- the left operand has type _Bool and the right is a pointer.

Which of these alternatives is matched by fp = (void *)sc; ?
Any idea about what happens when a constraint is violated?

If the line in question was:

fp = (void(*)(void)) sc; /* no 6.5.16.1 constraint violation */

the code would have invoked undefined behaviour and the quote from J.5.7
would have explained why such code *may* work on *certain*
implementations (still without giving it *any* legitimation).

It doesn't hurt to get a clue before posting irrelevant quotes from the
standard!

Dan
--
Dan Pop
DESY Zeuthen, RZ group
Email: Da*****@ifh.de

Xenos <do**********@s pamhate.com> scribbled the following:

Why is everyone in these newsgroups so friggin nasty and mean? This is why
usenet has gone to crap and it is now virtually useless as a mechanism for a
newby to get any kind of help.
1) That's Dan Pop. He's the nastiest guy around here. We others are
a little friendlier. A *little*.
2) Don't top-post, please. And try to trim quotes.
3) We have to be nasty sometimes to preserve proper topicality.
"Dan Pop" <Da*****@cern.c h> wrote in message
news:bg******** **@sunnews.cern .ch...

(snip a very long bit of text that Xenos didn't bother to comment on,
but felt it was worth it to include nonetheless)

It doesn't hurt to get a clue before posting irrelevant quotes from the
standard!

(snip Dan Pop's signature, which is merely superfluous baggage in quoted
replies)

--
/-- Joona Palaste (pa*****@cc.hel sinki.fi) ---------------------------\
| Kingpriest of "The Flying Lemon Tree" G++ FR FW+ M- #108 D+ ADA N+++|
| http://www.helsinki.fi/~palaste W++ B OP+ |
\----------------------------------------- Finland rules! ------------/
"That's no raisin - it's an ALIEN!"
- Tourist in MTV's Oddities