I found this brief piece of code that I don't really understand. Obviously there is some major concept that I am missing. I was hoping someone here could explain it a little bit. This guy stores shellcode in a char array then executes the shellcode. If you run the program it works, but I don't understand why. Here is the code:

[code]
char shellcode[] = "blahblah";

int main()
{
      int *ret;
      ret = (int *)&ret + 2;
      (*ret) = (int)shellcode;
}
[/code]

I don't really understand how that results in the shellcode being executed. Thanks in advance.

I can't tell from your title whether you still want this answered.  This works by chance (and requires that the program not be built with -fomit-frame-pointer).  After setting up local variables, main's stack has: return address, old ebp, and ret in that order.  So (int*)&ret + 2 takes the address of ret, steps up two, and is thus pointing at the return address.  Writing to ret then clobbers the return address and points it at the shellcode.