这个语法 *((unsigned int *)(buffer+i)) 在 C 中是什么意思

Question

This is the code:

char *command, *buffer;

command = (char *) malloc(200);
bzero(command, 200);

strcpy(command, "./notesearch \'");
buffer = command + strlen(command);
for(int i=0; i < 160; i+=4) {
    *((unsigned int *)(buffer+i)) = ret; // What does this syntax mean?
}

You can get the full code here => https://raw.githubusercontent.com/intere/hacking/master/booksrc/exploit_notesearch.c

Please help me I'm a beginner.

Answer 1

Read it from the inner part to the outer. Here we must suppose that buffer is a pointer to some memory area or array element. You have:

• buffer + 1 ==> address to next memory position or next array element
• (unsigned int *)(buffer+i) ==> cast of resulting pointer to a pointer of type unsigned int .
• *((unsigned int *)(buffer+i)) ==> dereference the unsigned int pointed out (get the value).
• *((unsigned int *)(buffer+i)) = ret; ==> assign the value to the variable ret .

In C, when evaluating expressions, always go from the inside to the outer.

Answer 2

This writes the unsigned int ret to the address buffer+i

*((unsigned int *)(buffer+i)) = ret

• buffer+i is a char* (pointer to char )
• the (unsigned int *) in (unsigned int *)(buffer+i) transforms the pointer to char into an pointer to unsigned int . This is called a cast .
• finally the * dereferences this pointer to unsigned int and writes ret to that address.

Be aware that depending on the architecture of your hardware this may fail because of alignement issues.