/*
 * Linux x86 sys_write shellcode
 *
 * Calls sys_write to print a message to stdout before calling
 * sys_exit.  The message string goes at the end of the shellcode,
 * and is terminated with 0xFF.
 *
 * Author: Jonathan So [ jonny [ @ ] nop-art.net ]
 */

char shellcode[] =

	"\xeb\x1a"		//   jmp get_string
				// start:
	"\x59"			//   pop ecx
	"\x89\xce"		//   mov esi, ecx
	"\x31\xd2"		//   xor edx, edx
				// get_size:
	"\xac"			//   lodsb
	"\x3c\xff"		//   cmp al, 0xff
	"\x74\x03"		//   je continue
	"\x42"			//   inc edx
	"\xeb\xf8"		//   jmp get_size
				// continue:
	"\x31\xdb"		//   xor ebx, ebx
	"\x88\x1c\x11"		//   mov [ecx+edx], bl
	"\xb0\x04"		//   mov al, 0x04(sys_write)
	"\xcd\x80"		//   int 0x80
	"\xb0\x01"		//   mov al, 0x01(sys_exit)
	"\xcd\x80"		//   int 0x80
				// get_string:
	"\xe8\xe1\xff\xff\xff"	//   call start
	"Hello world" "\xff";	//