/*
 * AIX PowerPC64 Shellcode Template
 *
 * Usage:
 *   1. Replace the shellcode array below with your shellcode bytes
 *   2. Update the shellcode_size if needed
 *   3. Compile: gcc -maix64 -o shellcode_test shellcode_template.c
 *   4. Run: ./shellcode_test
 *
 * The shellcode will be copied to executable memory and executed.
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>
#include <sys/utsname.h>

struct function_descriptor {
    void *entry_point;
    void *toc_pointer;
    void *environment;
};

unsigned long long get_toc(void) {
    unsigned long long toc;
    __asm__ volatile ("mr %0, 2" : "=r"(toc));
    return toc;
}

int main(void) {

    printf("AIX PowerPC64 Shellcode Test Template\n");

// ============  PASTE YOUR SHELLCODE BYTES HERE ============


// ============ END OF SHELLCODE ============

    size_t shellcode_size = sizeof(shellcode) - 1;  // -1 for null terminator

    printf("Shellcode Information:\n");
    printf("  Size: %zu bytes\n\n", shellcode_size);

    // Display shellcode in hex
    printf("Shellcode bytes (hex):\n");
    for (size_t i = 0; i < shellcode_size; i++) {
        if (i % 16 == 0) printf("  %04zx: ", i);
        printf("%02x ", shellcode[i]);
        if ((i + 1) % 16 == 0 || i == shellcode_size - 1) printf("\n");
    }
    printf("\n");

    // Allocate executable memory
    void *shellcode_mem = valloc(4096);
    if (!shellcode_mem) {
        perror("valloc");
        return 1;
    }

    // Copy shellcode to executable memory
    memcpy(shellcode_mem, shellcode, shellcode_size);

    // Make memory executable
    if (mprotect(shellcode_mem, 4096, PROT_READ | PROT_WRITE | PROT_EXEC) != 0) {
        perror("mprotect");
        return 1;
    }

    // Create function descriptor for PowerPC64
    struct function_descriptor *desc = valloc(sizeof(struct function_descriptor));
    if (!desc) {
        perror("valloc");
        return 1;
    }

    unsigned long long my_toc = get_toc();
    desc->entry_point = shellcode_mem;
    desc->toc_pointer = (void*)my_toc;
    desc->environment = NULL;

    printf("Execution Information:\n");
    printf("  Shellcode address: 0x%016llx\n", (unsigned long long)shellcode_mem);
    printf("  Descriptor address: 0x%016llx\n", (unsigned long long)desc);
    printf("  TOC pointer: 0x%016llx\n\n", my_toc);

    printf("Executing shellcode...\n");

    // Execute shellcode via function descriptor
    typedef void (*shellcode_func_t)(void);
    ((shellcode_func_t)desc)();

    printf("Shellcode execution completed\n");

    // Cleanup
    free(shellcode_mem);
    free(desc);

    return 0;
}