### shell1_32.s - Executes a shell by calling execve# Compile and Link:#

1. ##
2. # shell1_32.s - Executes a shell by calling execve
3. # Compile and Link:
4. # gcc -m32 -c shell1_32.s
5. # ld -o shell1_32 -melf_i386 shell1_32.o
6.  
7. # Starts the data section, this is where the program stores initialized
8. # variables, and it is in a separate memory space than the .text section
9. .data
10.  
11. # This is the location of the program we intend to execute
12. shell_name:
13. .asciz "/bin/sh"
14.  
15. # This is an argument we intend to pass to /bin/sh
16. shell_arg:
17. .asciz "-p"
18.  
19. # This starts the .text section of the code, or the code section
20. .text
21. .global _start
22.  
23. _start:
24. # function prolog
25. push %ebp
26. mov %esp, %ebp
27.  
28. # places a NULL pointer on the stack
29. xor %edi, %edi
30. push %edi
31.  
32. # place a pointer to "/bin/sh" on the stack
33. mov $shell_arg, %edi
34. push %edi
35.  
36. # place a pointer to the argument "-p" on the stack
37. mov $shell_name, %edi
38. push %edi
39.  
40. # move the pointer to "/bin/sh" into %ebx (the first argument to execve)
41. mov %edi, %ebx
42. # move a pointer to the argv list into %ecx
43. mov %esp, %ecx
44. # make the envp pointer NULL
45. xor %edx, %edx
46.  
47. # place 11 (execve systemcall number) into %eax
48. xor %eax, %eax
49. mov $0xb, %eax
50.  
51. # make the system call
52. int $0x80
53.  
54. # function epilog
55. pop %ebp
56. ret