/* * Coded by Rodrigo Rubira Branco * * the %ecx register contains the size of assembly code (shellcode). * * pushl $0x01 * ^^ * size of assembly code (shellcode) * * subb $0x00,(%esi) * ^^ * number to sub */ jmp label3 label1: popl %esi pushl $0x00 /* <-- size of assembly code (shellcode) */ popl %ecx label2: subb $0x00,(%esi) /* <-- number to sub */ incl %esi loop label2 jmp label4 label3: call label1 label4: /* assembly code (shellcode) goes here */