Thread: ((void (*)())char array)();

  1. #1
    INSANE INSIDE ekosix's Avatar
    Join Date
    May 2010
    Location
    Rio de Janeiro, Brazil
    Posts
    44

    Question ((void (*)())char array)();

    Hi guys..

    I've seen some sourcer around the web, and sometimes I've found this:
    ((void (*)())char array)();

    where "char array" was always an initialized one.

    How does that work?
    Is that some king of function call?

    Please, could you explain me?
    Thanks a lot.

  2. #2
    Lurking whiteflags's Avatar
    Join Date
    Apr 2006
    Location
    United States
    Posts
    9,613
    That's a syntax error. Looks like the parentheses are unbalanced.
    Code:
    ((void (*)())char array)();
    Code:
    C:\Documents and Settings\User>gcc -c a.c
    a.c:1:3: error: expected identifier or '(' before 'void'
    a.c:1:14: error: expected ')' before 'char'
    If you're typing this from memory I would advise against it. I can't even begin to parse something you make up.

  3. #3
    INSANE INSIDE ekosix's Avatar
    Join Date
    May 2010
    Location
    Rio de Janeiro, Brazil
    Posts
    44
    haha
    sorry...

    the "char array" is an array of type char...
    sorry, I separated them

    ((void (*)())char_array)();

  4. #4
    Lurking whiteflags's Avatar
    Join Date
    Apr 2006
    Location
    United States
    Posts
    9,613
    I don't know if you're being cute or what. That's the same number of parentheses. Go here - cdecl.org - Find out on whatever it really is your own.

  5. #5
    INSANE INSIDE ekosix's Avatar
    Join Date
    May 2010
    Location
    Rio de Janeiro, Brazil
    Posts
    44
    here:
    what is it exactly??
    Code:
    #include <stdio.h>
    #include <string.h>
    #include <stdlib.h>
     
    char code[] = "\x31\xc0\x31\xdb\x31\xc9\x31\xd2\xeb\x2a\x59\xbb\x04\x28\x96\x75\x51\xff\xd3\xeb\x2f\x59\x51\x50\xbb\xd7\x17\x96\x75\xff\xd3\xeb\x34\x59\x31\xd2\x52\x51\x51\x52\xff\xd0\x31\xd2\x50\xb8\x6f\x2a\x96\x75\xff\xd0\xe8\xd1\xff\xff\xff\x75\x73\x65\x72\x33\x32\x2e\x64\x6c\x6c\x00\xe8\xcc\xff\xff\xff\x4d\x65\x73\x73\x61\x67\x65\x42\x6f\x78\x41\x00\xe8\xc7\xff\xff\xff\x54\x65\x73\x65\x64\x20\x66\x6f\x72\x20\x48\x61\x63\x6b\x69\x6e\x67\x20\x77\x69\x6e\x37\x20\x2d\x20\x4d\x65\x73\x73\x61\x67\x65\x42\x6f\x78\x00";
     
    int main(int argc, char **argv)
    {
        ((void (*)())code)();
        printf("Printing MsgBox");
        return 0;
    }

  6. #6
    ATH0 quzah's Avatar
    Join Date
    Oct 2001
    Posts
    14,826
    Quote Originally Posted by ekosix View Post
    here:
    what is it exactly??
    Bad code.


    Quzah.
    Hope is the first step on the road to disappointment.

  7. #7
    INSANE INSIDE ekosix's Avatar
    Join Date
    May 2010
    Location
    Rio de Janeiro, Brazil
    Posts
    44
    Quote Originally Posted by quzah View Post
    Bad code.
    You mean, it does not work?

  8. #8
    - - - - - - - - oogabooga's Avatar
    Join Date
    Jan 2008
    Posts
    2,808
    We can't test it without more context. Post a link to where you found it.

    If it works at all then it might be from some obfuscated code. Maybe the char_array has bytes in it that can be interpreted as a function address. In that case it represents a cast and call on that address.

  9. #9
    ATH0 quzah's Avatar
    Join Date
    Oct 2001
    Posts
    14,826
    You can't typecast things to be function pointers. It's undefined behavior. There's some lengthy debate around some place on this topic amongst the thousands of threads here if you really care to look.


    Quzah.
    Hope is the first step on the road to disappointment.

  10. #10
    INSANE INSIDE ekosix's Avatar
    Join Date
    May 2010
    Location
    Rio de Janeiro, Brazil
    Posts
    44
    ok, thanks!

    oogabooga, I was browsing around Pastebin.

  11. #11
    - - - - - - - - oogabooga's Avatar
    Join Date
    Jan 2008
    Posts
    2,808
    You can't typecast things to be function pointers. It's undefined behavior.
    That sounds reasonable to me. I didn't mean to suggest that it was good code, but it might run somewhere! I'm not sure what the rules of obfuscated C contests are, whether or not they must conform to the standard or just run on a particular compiler. That stuff just gives me a headache anyway.

  12. #12
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    Another shellcode wannabe.
    There is nothing useful to learn from this.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  13. #13
    - - - - - - - - oogabooga's Avatar
    Join Date
    Jan 2008
    Posts
    2,808
    Ahhhh, okay. Now I get it.

  14. #14
    INSANE INSIDE ekosix's Avatar
    Join Date
    May 2010
    Location
    Rio de Janeiro, Brazil
    Posts
    44
    Quote Originally Posted by Salem View Post
    There is nothing useful to learn from this.
    Security.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Invalid conversion from void to char
    By askinne2 in forum C Programming
    Replies: 6
    Last Post: 10-02-2010, 10:41 AM
  2. void * to char *
    By Loukoulaylay in forum C Programming
    Replies: 11
    Last Post: 04-10-2009, 05:25 PM
  3. invalid conversion from (void *) to unsigned char
    By k0k33 in forum C Programming
    Replies: 1
    Last Post: 02-19-2009, 08:57 AM
  4. Replies: 3
    Last Post: 11-17-2008, 12:36 PM
  5. GlobalAlloc() conversion from void to char*
    By scwizzo in forum Windows Programming
    Replies: 6
    Last Post: 06-12-2007, 01:00 PM