This is the code:
char *command, *buffer;
command = (char *) malloc(200);
bzero(command, 200);
strcpy(command, "./notesearch \'");
buffer = command + strlen(command);
for(int i=0; i < 160; i+=4) {
*((unsigned int *)(buffer+i)) = ret; // What does this syntax mean?
}
You can get the full code here => https://raw.githubusercontent.com/intere/hacking/master/booksrc/exploit_notesearch.c
Please help me I'm a beginner.
On
This writes the unsigned int ret to the address buffer+i
*((unsigned int *)(buffer+i)) = ret
buffer+i is a char* (pointer to char)(unsigned int *) in (unsigned int *)(buffer+i) transforms the pointer to char into an pointer to unsigned int. This is called a cast.* dereferences this pointer to unsigned int and writes ret to that address.Be aware that depending on the architecture of your hardware this may fail because of alignement issues.
Read it from the inner part to the outer. Here we must suppose that
bufferis a pointer to some memory area or array element. You have:buffer + 1==> address to next memory position or next array element(unsigned int *)(buffer+i)==> cast of resulting pointer to a pointer of typeunsigned int.*((unsigned int *)(buffer+i))==> dereference theunsigned intpointed out (get the value).*((unsigned int *)(buffer+i)) = ret;==> assign the value to the variableret.In C, when evaluating expressions, always go from the inside to the outer.