Home Default 运行堆栈中的代码

运行堆栈中的代码

发表于 发表于 Default

一个有意思的测试

stack版

void stack_code(){
	unsigned char stack_fun[] = {
		0x55,0x89,0xe5,0xb8,0xef,0x00,0x00,0x00,0x5d,0xc3
	};// int fun() { return 0xef; }
	int stack_ret =(( int (*)())stack_fun)();
	printf("stack_ret = 0x%xn",stack_ret);
}

heap版

void heap_code(){
    int heap_ret;
    unsigned char stack_fun[] = {
        0x55,0x89,0xe5,0xb8,0xfe,0x00,0x00,0x00,0x5d,0xc3
    };// int fun() { return 0xfe; }
    unsigned char *heap_fun = malloc(sizeof(stack_fun));
    memcpy(heap_fun, stack_fun, sizeof(stack_fun));
    heap_ret = (*(( int (*)())heap_fun))();
    free(heap_fun);
    printf("heap_ret = 0x%xn",heap_ret);
}

WinXP上可运行(不开启DEP)

stack_code

Win7也可运行

Linux下则报出常见的Segmentation fault