Security Basics mailing list archives

re: What does the code mean?

From: "Schieber, Daniel" <daniel.schieber () comco de>
Date: Tue, 2 Nov 2004 10:59:36 +0100

Hi Mccoy,

this is the standard header of an emf-file as the var-name suggests.
You can use the printf function to see the ASCII-presentation of it.

To learn more about this issue, have a look at the classic "Smashing the Stack for fun and profit" by Aleph One:
http://www.packetstormsecurity.org/docs/hack/smashstack.txt

There is a section that describes how a shellcode is built, which should explain your question thoroughly.

The hex coding initialises an emf file followed by the "picture" itself.
You might consider this as being nearly the same as opening an emf-file with a hex-editor. 

Greets,
Dan

-----Ursprüngliche Nachricht-----
Von: McCoy [mailto:mccoymun () yahoo com sg]
Gesendet: Freitag, 29. Oktober 2004 07:23
An: security-basics () securityfocus com
Betreff: What does the code mean?


Hi

I have read the code
http://www.k-otik.com/exploits/20041020.HOD-ms04032-emf-expl2.c.php but does
not understand \x...... portion. An example:

unsigned char emfheader[] =
"\x01\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"


May someone advise what does hex coding means? Any reference site for good
explanation?


Thank a million

Current thread:

What does the code mean? McCoy (Nov 02)
- <Possible follow-ups>
- RE: What does the code mean? Stephane Auger (Nov 02)
- re: What does the code mean? Schieber, Daniel (Nov 02)