我也许不应该为你做你的功课。但基本上是：

I probably shouldn't do your homework for you. But the basically:

您需要的地方获得一个字符缓冲区的内存来存储要执行的字符串。很明显，你可以做到这一点，你所得到的其他函数调用（即你把文字堆栈上为好）以同样的方式。之后你有写的，你需要写一个指向它在该shell_ code函数期望找到它的参数的位置堆栈。

You need to get a character buffer somewhere in memory to store the string you want to execute. Obviously, you can do this the same way you are getting the other functions called (i.e. you put the text on the stack as well). After you have that written, you need to write a pointer to it on to the stack in the location that the shell_code function expects to find its arguments.

要算出这个没有我的工作做的所有的你是写下你的筹码/存储器中的内容在一张纸/白板的***途径。写下怎么会看，如果你从程序中调用shell_ code正常。然后记下栈是什么样子的内部victum_func并找出哪些事情来改变让它看起来像它看起来自然（记航向保持有些事情是无关之类的返回地址）。

The best way to figure this out without me doing all of the work for you is to write down your stack/memory contents on a piece of paper/whiteboard. Write down how it would look if you called shell_code normally from inside the program. Then write down what the stack looks like inside victum_func and figure out which things to change to get it to look like it would look "naturally" (of course keeping in mind some things are "don't cares" like the return address).

这就是你会从我这里得到今天的慈善机构！ :-P

That's all the charity you're gonna get from me today! :-P