You can put the argv array onto the stack and load the address of it into rsi. The first member of argv is a pointer to the program name, so we can use the same address that we load into rdi. xor edx, edx ; Load NULL to be used both as the third ; … Read more
The author simply assumes that the C compiler will place the stacks of those two programs at the same (or very similar) virtual addresses and that the operating system will not perform address randomization (ASLR). This means that the stack frames of both main functions will be roughly at the same location, enabling this exploit. … Read more
When you inject this shellcode, you don’t know what is at message: mov ecx, message in the injected process, it can be anything but it will not be “Hello world!\r\n” since it is in the data section while you are dumping only the text section. You can see that your shellcode doesn’t have “Hello world!\r\n”: … Read more
int (*ret)() = (int(*)())code; ~~~~~~~~~~~~ ~~~~~~~~~~~~~~ 1 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3 It defines ret as a pointer to a function which has no parameter () and returns int. So, Those () indicates the definition of parameters of a function. It’s for casting code to a pointer to a function which has no parameter () and returns … Read more