int (*ret)() = (int(*)())code;
  ~~~~~~~~~~~~   ~~~~~~~~~~~~~~
        1              2

  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
               3

1. It defines retas a pointer to a function which has no parameter ()and returns int. So, Those ()indicates the definition of parameters of a function.

2. It's for casting codeto a pointer to a function which has no parameter ()and returns int.

3. Casts codeas a function and assigns it to ret. After that you can call ret();.

1. 它定义ret为指向没有参数()并返回的函数的指针int。所以，那些()表示函数参数的定义。

2. 它用于转换code为指向没有参数()并返回的函数的指针int。

3. 转换code为函数并将其分配给ret. 之后就可以调用了ret();。

unsigned char code[] =  "\x31\xc0\x50\x68\x6e\x2f\...

It is a sequence of machine instructions represented by hex values. It will be injected to the code as a function.

它是由十六进制值表示的机器指令序列。它将作为函数注入到代码中。

    (*(void(*)())shellcode)()

==

==

    p = (void(*)()) shellcode;
    (*p)();

The int line declares the ret() function, by pointing to the code[] array; in other words, the function is mapped to the code[] binary instructions.

int 行通过指向 code[] 数组来声明 ret() 函数；换句话说，函数被映射到 code[] 二进制指令。

The \x construct is a safe way to embed hexadecimal characters in a string. You could for instance replace “\x31” by “1” as the character code of “1” is 49, or hexadecimal 31.

\x 构造是在字符串中嵌入十六进制字符的安全方法。例如，您可以将“\x31”替换为“1”，因为“1”的字符代码是 49，或十六进制 31。

Can this function pointer part be re-written in a simpler form?

这个函数指针部分可以用更简单的形式重写吗？

I don't know if you think this is simpler, but maybe:

我不知道你是否认为这更简单，但也许：

#include <stdio.h>
#include <string.h>

unsigned char code[] = 
"\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80";

typedef int(*shellcode_t)();

int main(int argc, char ** argv) {
    printf("Shellcode Length: %ld\n", strlen(code));

    shellcode_t ret = (shellcode_t)code;

    ret();
}