- /**
-
* Only available on 32-bit i686 machine
-
*/
-
-
#include <iostream>
-
using namespace::std;
-
int injection(int i)
-
{
-
cout << "injection" << " " << i << endl;
-
return 0;
-
}
-
int main()
-
{
-
int a;
-
// Save the proper return address of main().
-
unsigned int addr = *(&a + 2);
-
// Set return address of main to be first instruction of injection().
-
*(&a + 2) = (unsigned int)injection;
-
// Set return address of injection() to be that of main() so that
-
// main() will return properly.
-
*(&a + 3) = addr;
-
// Set the argument of injection().
-
*(&a + 4) = 99;
-
return 0;
- }
