easy shellcoding was abusing the ljmp instruction to switch to x64 and then you can just win lol!!!!!!
template.elf: ELF 32-bit LSB executable, Intel 80386, invalid version (SYSV), statically linked, no section header
Only these 10 instructions are allowed: Key system call instructions such as syscall, int 0x80, call, ret, etc. are excluded. All jumps must target valid instruction boundaries. This prevents jumping to the middle of instructions to execute hidden code. The initial execution environment is in 32-bit mode. The shellcode length cannot exceed 4096 bytes.
During checking: The shellcode is inspected using a 32-bit disassembler (CS_MODE_32)
During execution: The same bytecode is executed after switching to 64-bit mode via ljmp.
we first create the some routine operations first, put '/bin/sh' on the stack
we can know ```it = cs.disasm(shellcode, 0x1337000)``` it will begin at 0x1337000, and then we count the number of bytes used when preparing before, 0x27, do not forget the ```b"\xbc\x00\x70\x76\x06"```.
for sure we use ljmp to escape that check for x86
and now come to another point, To make the program perceive our instructions as legitimate, we need to use whitelisted instructions. However, how can we make it appear as a new instruction after switching to x64 mode? We therefore thought of using dec, which can be interpreted both as dec and as movabs when the context changes.
