This is the code:
char *command, *buffer;
command = (char *) malloc(200);
bzero(command, 200);
strcpy(command, "./notesearch \'");
buffer = command + strlen(command);
for(int i=0; i < 160; i+=4) {
*((unsigned int *)(buffer+i)) = ret; // What does this syntax mean?
}
You can get the full code here => https://raw.githubusercontent.com/intere/hacking/master/booksrc/exploit_notesearch.c
Please help me I'm a beginner.
Read it from the inner part to the outer. Here we must suppose that buffer
is a pointer to some memory area or array element. You have:
buffer + 1
==> address to next memory position or next array element (unsigned int *)(buffer+i)
==> cast of resulting pointer to a pointer of type unsigned int
. *((unsigned int *)(buffer+i))
==> dereference the unsigned int
pointed out (get the value). *((unsigned int *)(buffer+i)) = ret;
==> assign the value to the variable ret
. In C, when evaluating expressions, always go from the inside to the outer.
This writes the unsigned int
ret
to the address buffer+i
*((unsigned int *)(buffer+i)) = ret
buffer+i
is a char*
(pointer to char
) (unsigned int *)
in (unsigned int *)(buffer+i)
transforms the pointer to char into an pointer to unsigned int
. This is called a cast .*
dereferences this pointer to unsigned int
and writes ret
to that address.Be aware that depending on the architecture of your hardware this may fail because of alignement issues.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.