gh0s7/csapp2025
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
CGH0S7
2025-03-06 19:56:12 +08:00
commit 5b6db97133
47 changed files with 8549 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

560
buflab/bufbomb.txt Normal file
View File

@ -0,0 +1,560 @@
bufbomb_linux 文件格式 elf64-x86-64
Disassembly of section .init:
0000000000001000 <_init>:
1000: f3 0f 1e fa endbr64
1004: 48 83 ec 08 sub $0x8,%rsp
1008: 48 8b 05 c1 2f 00 00 mov 0x2fc1(%rip),%rax # 3fd0 <__gmon_start__@Base>
100f: 48 85 c0 test %rax,%rax
1012: 74 02 je 1016 <_init+0x16>
1014: ff d0 call *%rax
1016: 48 83 c4 08 add $0x8,%rsp
101a: c3 ret
Disassembly of section .plt:
0000000000001020 <puts@plt-0x10>:
1020: ff 35 ca 2f 00 00 push 0x2fca(%rip) # 3ff0 <_GLOBAL_OFFSET_TABLE_+0x8>
1026: ff 25 cc 2f 00 00 jmp *0x2fcc(%rip) # 3ff8 <_GLOBAL_OFFSET_TABLE_+0x10>
102c: 0f 1f 40 00 nopl 0x0(%rax)
0000000000001030 <puts@plt>:
1030: ff 25 ca 2f 00 00 jmp *0x2fca(%rip) # 4000 <puts@GLIBC_2.2.5>
1036: 68 00 00 00 00 push $0x0
103b: e9 e0 ff ff ff jmp 1020 <_init+0x20>
0000000000001040 <__stack_chk_fail@plt>:
1040: ff 25 c2 2f 00 00 jmp *0x2fc2(%rip) # 4008 <__stack_chk_fail@GLIBC_2.4>
1046: 68 01 00 00 00 push $0x1
104b: e9 d0 ff ff ff jmp 1020 <_init+0x20>
0000000000001050 <printf@plt>:
1050: ff 25 ba 2f 00 00 jmp *0x2fba(%rip) # 4010 <printf@GLIBC_2.2.5>
1056: 68 02 00 00 00 push $0x2
105b: e9 c0 ff ff ff jmp 1020 <_init+0x20>
0000000000001060 <getchar@plt>:
1060: ff 25 b2 2f 00 00 jmp *0x2fb2(%rip) # 4018 <getchar@GLIBC_2.2.5>
1066: 68 03 00 00 00 push $0x3
106b: e9 b0 ff ff ff jmp 1020 <_init+0x20>
0000000000001070 <atoi@plt>:
1070: ff 25 aa 2f 00 00 jmp *0x2faa(%rip) # 4020 <atoi@GLIBC_2.2.5>
1076: 68 04 00 00 00 push $0x4
107b: e9 a0 ff ff ff jmp 1020 <_init+0x20>
0000000000001080 <exit@plt>:
1080: ff 25 a2 2f 00 00 jmp *0x2fa2(%rip) # 4028 <exit@GLIBC_2.2.5>
1086: 68 05 00 00 00 push $0x5
108b: e9 90 ff ff ff jmp 1020 <_init+0x20>
0000000000001090 <__ctype_b_loc@plt>:
1090: ff 25 9a 2f 00 00 jmp *0x2f9a(%rip) # 4030 <__ctype_b_loc@GLIBC_2.3>
1096: 68 06 00 00 00 push $0x6
109b: e9 80 ff ff ff jmp 1020 <_init+0x20>
Disassembly of section .text:
00000000000010a0 <_start>:
10a0: f3 0f 1e fa endbr64
10a4: 31 ed xor %ebp,%ebp
10a6: 49 89 d1 mov %rdx,%r9
10a9: 5e pop %rsi
10aa: 48 89 e2 mov %rsp,%rdx
10ad: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
10b1: 50 push %rax
10b2: 54 push %rsp
10b3: 45 31 c0 xor %r8d,%r8d
10b6: 31 c9 xor %ecx,%ecx
10b8: 48 8d 3d 3a 05 00 00 lea 0x53a(%rip),%rdi # 15f9 <main>
10bf: ff 15 fb 2e 00 00 call *0x2efb(%rip) # 3fc0 <__libc_start_main@GLIBC_2.34>
10c5: f4 hlt
10c6: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
10cd: 00 00 00
10d0: 48 8d 3d 79 2f 00 00 lea 0x2f79(%rip),%rdi # 4050 <__TMC_END__>
10d7: 48 8d 05 72 2f 00 00 lea 0x2f72(%rip),%rax # 4050 <__TMC_END__>
10de: 48 39 f8 cmp %rdi,%rax
10e1: 74 1d je 1100 <_start+0x60>
10e3: 48 8b 05 de 2e 00 00 mov 0x2ede(%rip),%rax # 3fc8 <_ITM_deregisterTMCloneTable@Base>
10ea: 48 85 c0 test %rax,%rax
10ed: 74 11 je 1100 <_start+0x60>
10ef: ff e0 jmp *%rax
10f1: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1)
10f8: 00 00 00 00
10fc: 0f 1f 40 00 nopl 0x0(%rax)
1100: c3 ret
1101: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1)
1108: 00 00 00 00
110c: 0f 1f 40 00 nopl 0x0(%rax)
1110: 48 8d 3d 39 2f 00 00 lea 0x2f39(%rip),%rdi # 4050 <__TMC_END__>
1117: 48 8d 35 32 2f 00 00 lea 0x2f32(%rip),%rsi # 4050 <__TMC_END__>
111e: 48 29 fe sub %rdi,%rsi
1121: 48 89 f0 mov %rsi,%rax
1124: 48 c1 f8 03 sar $0x3,%rax
1128: 48 c1 ee 3f shr $0x3f,%rsi
112c: 48 01 c6 add %rax,%rsi
112f: 48 d1 fe sar $1,%rsi
1132: 74 1c je 1150 <_start+0xb0>
1134: 48 8b 05 9d 2e 00 00 mov 0x2e9d(%rip),%rax # 3fd8 <_ITM_registerTMCloneTable@Base>
113b: 48 85 c0 test %rax,%rax
113e: 74 10 je 1150 <_start+0xb0>
1140: ff e0 jmp *%rax
1142: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1)
1149: 00 00 00 00
114d: 0f 1f 00 nopl (%rax)
1150: c3 ret
1151: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1)
1158: 00 00 00 00
115c: 0f 1f 40 00 nopl 0x0(%rax)
1160: f3 0f 1e fa endbr64
1164: 80 3d e5 2e 00 00 00 cmpb $0x0,0x2ee5(%rip) # 4050 <__TMC_END__>
116b: 75 33 jne 11a0 <_start+0x100>
116d: 48 83 3d 6b 2e 00 00 cmpq $0x0,0x2e6b(%rip) # 3fe0 <__cxa_finalize@GLIBC_2.2.5>
1174: 00
1175: 55 push %rbp
1176: 48 89 e5 mov %rsp,%rbp
1179: 74 0d je 1188 <_start+0xe8>
117b: 48 8b 3d be 2e 00 00 mov 0x2ebe(%rip),%rdi # 4040 <__dso_handle>
1182: ff 15 58 2e 00 00 call *0x2e58(%rip) # 3fe0 <__cxa_finalize@GLIBC_2.2.5>
1188: e8 43 ff ff ff call 10d0 <_start+0x30>
118d: 5d pop %rbp
118e: c6 05 bb 2e 00 00 01 movb $0x1,0x2ebb(%rip) # 4050 <__TMC_END__>
1195: c3 ret
1196: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
119d: 00 00 00
11a0: c3 ret
11a1: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1)
11a8: 00 00 00 00
11ac: 0f 1f 40 00 nopl 0x0(%rax)
11b0: f3 0f 1e fa endbr64
11b4: e9 57 ff ff ff jmp 1110 <_start+0x70>
00000000000011b9 <GenerateRandomNumber>:
11b9: 55 push %rbp
11ba: 48 89 e5 mov %rsp,%rbp
11bd: 48 89 7d e8 mov %rdi,-0x18(%rbp)
11c1: 48 8b 05 90 2e 00 00 mov 0x2e90(%rip),%rax # 4058 <rand1_h>
11c8: 48 89 45 f8 mov %rax,-0x8(%rbp)
11cc: 48 8b 45 f8 mov -0x8(%rbp),%rax
11d0: 48 69 c0 c5 90 c6 6a imul $0x6ac690c5,%rax,%rax
11d7: 48 89 45 f8 mov %rax,-0x8(%rbp)
11db: 48 8b 55 f8 mov -0x8(%rbp),%rdx
11df: 48 8b 05 7a 2e 00 00 mov 0x2e7a(%rip),%rax # 4060 <rand1_l>
11e6: 48 01 d0 add %rdx,%rax
11e9: 48 89 45 f8 mov %rax,-0x8(%rbp)
11ed: 48 8b 45 f8 mov -0x8(%rbp),%rax
11f1: 48 89 05 60 2e 00 00 mov %rax,0x2e60(%rip) # 4058 <rand1_h>
11f8: 48 8b 45 f8 mov -0x8(%rbp),%rax
11fc: 48 c1 f8 20 sar $0x20,%rax
1200: 48 89 05 59 2e 00 00 mov %rax,0x2e59(%rip) # 4060 <rand1_l>
1207: 48 83 7d e8 00 cmpq $0x0,-0x18(%rbp)
120c: 74 1c je 122a <GenerateRandomNumber+0x71>
120e: 48 8b 05 43 2e 00 00 mov 0x2e43(%rip),%rax # 4058 <rand1_h>
1215: ba 00 00 00 00 mov $0x0,%edx
121a: 48 f7 75 e8 divq -0x18(%rbp)
121e: 48 89 d0 mov %rdx,%rax
1221: 48 89 05 40 2e 00 00 mov %rax,0x2e40(%rip) # 4068 <rand_div>
1228: eb 01 jmp 122b <GenerateRandomNumber+0x72>
122a: 90 nop
122b: 5d pop %rbp
122c: c3 ret
000000000000122d <getxs>:
122d: 55 push %rbp
122e: 48 89 e5 mov %rsp,%rbp
1231: 48 83 ec 30 sub $0x30,%rsp
1235: 48 89 7d d8 mov %rdi,-0x28(%rbp)
1239: c7 45 e8 01 00 00 00 movl $0x1,-0x18(%rbp)
1240: c7 45 ec 00 00 00 00 movl $0x0,-0x14(%rbp)
1247: 48 8b 45 d8 mov -0x28(%rbp),%rax
124b: 48 89 45 f8 mov %rax,-0x8(%rbp)
124f: e9 94 00 00 00 jmp 12e8 <getxs+0xbb>
1254: e8 37 fe ff ff call 1090 <__ctype_b_loc@plt>
1259: 48 8b 00 mov (%rax),%rax
125c: 8b 55 f4 mov -0xc(%rbp),%edx
125f: 48 63 d2 movslq %edx,%rdx
1262: 48 01 d2 add %rdx,%rdx
1265: 48 01 d0 add %rdx,%rax
1268: 0f b7 00 movzwl (%rax),%eax
126b: 0f b7 c0 movzwl %ax,%eax
126e: 25 00 10 00 00 and $0x1000,%eax
1273: 85 c0 test %eax,%eax
1275: 74 71 je 12e8 <getxs+0xbb>
1277: 83 7d f4 2f cmpl $0x2f,-0xc(%rbp)
127b: 7e 11 jle 128e <getxs+0x61>
127d: 83 7d f4 39 cmpl $0x39,-0xc(%rbp)
1281: 7f 0b jg 128e <getxs+0x61>
1283: 8b 45 f4 mov -0xc(%rbp),%eax
1286: 83 e8 30 sub $0x30,%eax
1289: 89 45 f0 mov %eax,-0x10(%rbp)
128c: eb 20 jmp 12ae <getxs+0x81>
128e: 83 7d f4 40 cmpl $0x40,-0xc(%rbp)
1292: 7e 11 jle 12a5 <getxs+0x78>
1294: 83 7d f4 46 cmpl $0x46,-0xc(%rbp)
1298: 7f 0b jg 12a5 <getxs+0x78>
129a: 8b 45 f4 mov -0xc(%rbp),%eax
129d: 83 e8 37 sub $0x37,%eax
12a0: 89 45 f0 mov %eax,-0x10(%rbp)
12a3: eb 09 jmp 12ae <getxs+0x81>
12a5: 8b 45 f4 mov -0xc(%rbp),%eax
12a8: 83 e8 57 sub $0x57,%eax
12ab: 89 45 f0 mov %eax,-0x10(%rbp)
12ae: 83 7d e8 00 cmpl $0x0,-0x18(%rbp)
12b2: 74 0f je 12c3 <getxs+0x96>
12b4: 8b 45 f0 mov -0x10(%rbp),%eax
12b7: 89 45 ec mov %eax,-0x14(%rbp)
12ba: c7 45 e8 00 00 00 00 movl $0x0,-0x18(%rbp)
12c1: eb 25 jmp 12e8 <getxs+0xbb>
12c3: 8b 45 ec mov -0x14(%rbp),%eax
12c6: c1 e0 04 shl $0x4,%eax
12c9: 89 c2 mov %eax,%edx
12cb: 8b 45 f0 mov -0x10(%rbp),%eax
12ce: 8d 0c 02 lea (%rdx,%rax,1),%ecx
12d1: 48 8b 45 f8 mov -0x8(%rbp),%rax
12d5: 48 8d 50 01 lea 0x1(%rax),%rdx
12d9: 48 89 55 f8 mov %rdx,-0x8(%rbp)
12dd: 89 ca mov %ecx,%edx
12df: 88 10 mov %dl,(%rax)
12e1: c7 45 e8 01 00 00 00 movl $0x1,-0x18(%rbp)
12e8: e8 73 fd ff ff call 1060 <getchar@plt>
12ed: 89 45 f4 mov %eax,-0xc(%rbp)
12f0: 83 7d f4 ff cmpl $0xffffffff,-0xc(%rbp)
12f4: 74 10 je 1306 <getxs+0xd9>
12f6: 83 7d f4 0a cmpl $0xa,-0xc(%rbp)
12fa: 74 0a je 1306 <getxs+0xd9>
12fc: 83 7d f4 0d cmpl $0xd,-0xc(%rbp)
1300: 0f 85 4e ff ff ff jne 1254 <getxs+0x27>
1306: 48 8b 45 f8 mov -0x8(%rbp),%rax
130a: 48 8d 50 01 lea 0x1(%rax),%rdx
130e: 48 89 55 f8 mov %rdx,-0x8(%rbp)
1312: c6 00 00 movb $0x0,(%rax)
1315: 48 8b 45 d8 mov -0x28(%rbp),%rax
1319: c9 leave
131a: c3 ret
000000000000131b <getbuf>:
131b: 55 push %rbp
131c: 48 89 e5 mov %rsp,%rbp
131f: 48 83 ec 20 sub $0x20,%rsp
1323: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
132a: 00 00
132c: 48 89 45 f8 mov %rax,-0x8(%rbp)
1330: 31 c0 xor %eax,%eax
1332: 48 8d 45 ec lea -0x14(%rbp),%rax
1336: 48 89 c7 mov %rax,%rdi
1339: e8 ef fe ff ff call 122d <getxs>
133e: b8 01 00 00 00 mov $0x1,%eax
1343: 48 8b 55 f8 mov -0x8(%rbp),%rdx
1347: 64 48 2b 14 25 28 00 sub %fs:0x28,%rdx
134e: 00 00
1350: 74 05 je 1357 <getbuf+0x3c>
1352: e8 e9 fc ff ff call 1040 <__stack_chk_fail@plt>
1357: c9 leave
1358: c3 ret
0000000000001359 <test>:
1359: 55 push %rbp
135a: 48 89 e5 mov %rsp,%rbp
135d: 48 83 ec 20 sub $0x20,%rsp
1361: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
1368: 00 00
136a: 48 89 45 f8 mov %rax,-0x8(%rbp)
136e: 31 c0 xor %eax,%eax
1370: c7 45 e8 ef be ad de movl $0xdeadbeef,-0x18(%rbp)
1377: bf 17 00 00 00 mov $0x17,%edi
137c: e8 38 fe ff ff call 11b9 <GenerateRandomNumber>
1381: 48 8b 05 e0 2c 00 00 mov 0x2ce0(%rip),%rax # 4068 <rand_div>
1388: 48 83 c0 01 add $0x1,%rax
138c: 48 8d 50 08 lea 0x8(%rax),%rdx
1390: b8 10 00 00 00 mov $0x10,%eax
1395: 48 83 e8 01 sub $0x1,%rax
1399: 48 01 d0 add %rdx,%rax
139c: b9 10 00 00 00 mov $0x10,%ecx
13a1: ba 00 00 00 00 mov $0x0,%edx
13a6: 48 f7 f1 div %rcx
13a9: 48 6b c0 10 imul $0x10,%rax,%rax
13ad: 48 29 c4 sub %rax,%rsp
13b0: 48 89 e0 mov %rsp,%rax
13b3: 48 83 c0 0f add $0xf,%rax
13b7: 48 c1 e8 04 shr $0x4,%rax
13bb: 48 c1 e0 04 shl $0x4,%rax
13bf: 48 89 45 f0 mov %rax,-0x10(%rbp)
13c3: 48 8b 45 f0 mov -0x10(%rbp),%rax
13c7: c6 00 6c movb $0x6c,(%rax)
13ca: e8 4c ff ff ff call 131b <getbuf>
13cf: 89 45 ec mov %eax,-0x14(%rbp)
13d2: 8b 45 e8 mov -0x18(%rbp),%eax
13d5: 3d ef be ad de cmp $0xdeadbeef,%eax
13da: 75 11 jne 13ed <test+0x94>
13dc: 48 8d 05 25 0c 00 00 lea 0xc25(%rip),%rax # 2008 <_IO_stdin_used+0x8>
13e3: 48 89 c7 mov %rax,%rdi
13e6: e8 45 fc ff ff call 1030 <puts@plt>
13eb: eb 0f jmp 13fc <test+0xa3>
13ed: 48 8d 05 24 0c 00 00 lea 0xc24(%rip),%rax # 2018 <_IO_stdin_used+0x18>
13f4: 48 89 c7 mov %rax,%rdi
13f7: e8 34 fc ff ff call 1030 <puts@plt>
13fc: 8b 05 46 2c 00 00 mov 0x2c46(%rip),%eax # 4048 <cookie>
1402: 39 45 ec cmp %eax,-0x14(%rbp)
1405: 75 1b jne 1422 <test+0xc9>
1407: 8b 45 ec mov -0x14(%rbp),%eax
140a: 89 c6 mov %eax,%esi
140c: 48 8d 05 3d 0c 00 00 lea 0xc3d(%rip),%rax # 2050 <_IO_stdin_used+0x50>
1413: 48 89 c7 mov %rax,%rdi
1416: b8 00 00 00 00 mov $0x0,%eax
141b: e8 30 fc ff ff call 1050 <printf@plt>
1420: eb 30 jmp 1452 <test+0xf9>
1422: 83 7d ec 01 cmpl $0x1,-0x14(%rbp)
1426: 75 11 jne 1439 <test+0xe0>
1428: 48 8d 05 61 0c 00 00 lea 0xc61(%rip),%rax # 2090 <_IO_stdin_used+0x90>
142f: 48 89 c7 mov %rax,%rdi
1432: e8 f9 fb ff ff call 1030 <puts@plt>
1437: eb 19 jmp 1452 <test+0xf9>
1439: 8b 45 ec mov -0x14(%rbp),%eax
143c: 89 c6 mov %eax,%esi
143e: 48 8d 05 83 0c 00 00 lea 0xc83(%rip),%rax # 20c8 <_IO_stdin_used+0xc8>
1445: 48 89 c7 mov %rax,%rdi
1448: b8 00 00 00 00 mov $0x0,%eax
144d: e8 fe fb ff ff call 1050 <printf@plt>
1452: 90 nop
1453: 48 8b 45 f8 mov -0x8(%rbp),%rax
1457: 64 48 2b 04 25 28 00 sub %fs:0x28,%rax
145e: 00 00
1460: 74 05 je 1467 <test+0x10e>
1462: e8 d9 fb ff ff call 1040 <__stack_chk_fail@plt>
1467: c9 leave
1468: c3 ret
0000000000001469 <Trojan1>:
1469: 55 push %rbp
146a: 48 89 e5 mov %rsp,%rbp
146d: 48 8d 05 9c 0c 00 00 lea 0xc9c(%rip),%rax # 2110 <_IO_stdin_used+0x110>
1474: 48 89 c7 mov %rax,%rdi
1477: e8 b4 fb ff ff call 1030 <puts@plt>
147c: 48 8d 05 c6 0c 00 00 lea 0xcc6(%rip),%rax # 2149 <_IO_stdin_used+0x149>
1483: 48 89 c7 mov %rax,%rdi
1486: e8 a5 fb ff ff call 1030 <puts@plt>
148b: bf 00 00 00 00 mov $0x0,%edi
1490: e8 eb fb ff ff call 1080 <exit@plt>
0000000000001495 <Trojan2>:
1495: 55 push %rbp
1496: 48 89 e5 mov %rsp,%rbp
1499: 48 83 ec 10 sub $0x10,%rsp
149d: 89 7d fc mov %edi,-0x4(%rbp)
14a0: 8b 05 a2 2b 00 00 mov 0x2ba2(%rip),%eax # 4048 <cookie>
14a6: 39 45 fc cmp %eax,-0x4(%rbp)
14a9: 75 1b jne 14c6 <Trojan2+0x31>
14ab: 8b 45 fc mov -0x4(%rbp),%eax
14ae: 89 c6 mov %eax,%esi
14b0: 48 8d 05 b1 0c 00 00 lea 0xcb1(%rip),%rax # 2168 <_IO_stdin_used+0x168>
14b7: 48 89 c7 mov %rax,%rdi
14ba: b8 00 00 00 00 mov $0x0,%eax
14bf: e8 8c fb ff ff call 1050 <printf@plt>
14c4: eb 19 jmp 14df <Trojan2+0x4a>
14c6: 8b 45 fc mov -0x4(%rbp),%eax
14c9: 89 c6 mov %eax,%esi
14cb: 48 8d 05 e6 0c 00 00 lea 0xce6(%rip),%rax # 21b8 <_IO_stdin_used+0x1b8>
14d2: 48 89 c7 mov %rax,%rdi
14d5: b8 00 00 00 00 mov $0x0,%eax
14da: e8 71 fb ff ff call 1050 <printf@plt>
14df: 8b 05 63 2b 00 00 mov 0x2b63(%rip),%eax # 4048 <cookie>
14e5: 39 45 fc cmp %eax,-0x4(%rbp)
14e8: 75 0f jne 14f9 <Trojan2+0x64>
14ea: 48 8d 05 23 0d 00 00 lea 0xd23(%rip),%rax # 2214 <_IO_stdin_used+0x214>
14f1: 48 89 c7 mov %rax,%rdi
14f4: e8 37 fb ff ff call 1030 <puts@plt>
14f9: bf 00 00 00 00 mov $0x0,%edi
14fe: e8 7d fb ff ff call 1080 <exit@plt>
0000000000001503 <Trojan3>:
1503: 55 push %rbp
1504: 48 89 e5 mov %rsp,%rbp
1507: 48 83 ec 10 sub $0x10,%rsp
150b: 89 7d fc mov %edi,-0x4(%rbp)
150e: 8b 15 5c 2b 00 00 mov 0x2b5c(%rip),%edx # 4070 <global_value>
1514: 8b 05 2e 2b 00 00 mov 0x2b2e(%rip),%eax # 4048 <cookie>
151a: 39 c2 cmp %eax,%edx
151c: 75 1e jne 153c <Trojan3+0x39>
151e: 8b 05 4c 2b 00 00 mov 0x2b4c(%rip),%eax # 4070 <global_value>
1524: 89 c6 mov %eax,%esi
1526: 48 8d 05 03 0d 00 00 lea 0xd03(%rip),%rax # 2230 <_IO_stdin_used+0x230>
152d: 48 89 c7 mov %rax,%rdi
1530: b8 00 00 00 00 mov $0x0,%eax
1535: e8 16 fb ff ff call 1050 <printf@plt>
153a: eb 1c jmp 1558 <Trojan3+0x55>
153c: 8b 05 2e 2b 00 00 mov 0x2b2e(%rip),%eax # 4070 <global_value>
1542: 89 c6 mov %eax,%esi
1544: 48 8d 05 45 0d 00 00 lea 0xd45(%rip),%rax # 2290 <_IO_stdin_used+0x290>
154b: 48 89 c7 mov %rax,%rdi
154e: b8 00 00 00 00 mov $0x0,%eax
1553: e8 f8 fa ff ff call 1050 <printf@plt>
1558: 8b 15 12 2b 00 00 mov 0x2b12(%rip),%edx # 4070 <global_value>
155e: 8b 05 e4 2a 00 00 mov 0x2ae4(%rip),%eax # 4048 <cookie>
1564: 39 c2 cmp %eax,%edx
1566: 75 0f jne 1577 <Trojan3+0x74>
1568: 48 8d 05 7e 0d 00 00 lea 0xd7e(%rip),%rax # 22ed <_IO_stdin_used+0x2ed>
156f: 48 89 c7 mov %rax,%rdi
1572: e8 b9 fa ff ff call 1030 <puts@plt>
1577: bf 00 00 00 00 mov $0x0,%edi
157c: e8 ff fa ff ff call 1080 <exit@plt>
0000000000001581 <Trojan4>:
1581: 55 push %rbp
1582: 48 89 e5 mov %rsp,%rbp
1585: 48 83 ec 10 sub $0x10,%rsp
1589: 89 7d fc mov %edi,-0x4(%rbp)
158c: 8b 15 de 2a 00 00 mov 0x2ade(%rip),%edx # 4070 <global_value>
1592: 8b 05 b0 2a 00 00 mov 0x2ab0(%rip),%eax # 4048 <cookie>
1598: 39 c2 cmp %eax,%edx
159a: 75 1e jne 15ba <Trojan4+0x39>
159c: 8b 05 ce 2a 00 00 mov 0x2ace(%rip),%eax # 4070 <global_value>
15a2: 89 c6 mov %eax,%esi
15a4: 48 8d 05 5d 0d 00 00 lea 0xd5d(%rip),%rax # 2308 <_IO_stdin_used+0x308>
15ab: 48 89 c7 mov %rax,%rdi
15ae: b8 00 00 00 00 mov $0x0,%eax
15b3: e8 98 fa ff ff call 1050 <printf@plt>
15b8: eb 1c jmp 15d6 <Trojan4+0x55>
15ba: 8b 05 b0 2a 00 00 mov 0x2ab0(%rip),%eax # 4070 <global_value>
15c0: 89 c6 mov %eax,%esi
15c2: 48 8d 05 9f 0d 00 00 lea 0xd9f(%rip),%rax # 2368 <_IO_stdin_used+0x368>
15c9: 48 89 c7 mov %rax,%rdi
15cc: b8 00 00 00 00 mov $0x0,%eax
15d1: e8 7a fa ff ff call 1050 <printf@plt>
15d6: 8b 15 94 2a 00 00 mov 0x2a94(%rip),%edx # 4070 <global_value>
15dc: 8b 05 66 2a 00 00 mov 0x2a66(%rip),%eax # 4048 <cookie>
15e2: 39 c2 cmp %eax,%edx
15e4: 75 10 jne 15f6 <Trojan4+0x75>
15e6: 48 8d 05 d2 0d 00 00 lea 0xdd2(%rip),%rax # 23bf <_IO_stdin_used+0x3bf>
15ed: 48 89 c7 mov %rax,%rdi
15f0: e8 3b fa ff ff call 1030 <puts@plt>
15f5: 90 nop
15f6: 90 nop
15f7: c9 leave
15f8: c3 ret
00000000000015f9 <main>:
15f9: 55 push %rbp
15fa: 48 89 e5 mov %rsp,%rbp
15fd: 48 83 ec 30 sub $0x30,%rsp
1601: 89 7d dc mov %edi,-0x24(%rbp)
1604: 48 89 75 d0 mov %rsi,-0x30(%rbp)
1608: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
160f: 00 00
1611: 48 89 45 f8 mov %rax,-0x8(%rbp)
1615: 31 c0 xor %eax,%eax
1617: 48 8d 05 c2 0d 00 00 lea 0xdc2(%rip),%rax # 23e0 <_IO_stdin_used+0x3e0>
161e: 48 89 c7 mov %rax,%rdi
1621: e8 0a fa ff ff call 1030 <puts@plt>
1626: 48 8d 05 dd 0d 00 00 lea 0xddd(%rip),%rax # 240a <_IO_stdin_used+0x40a>
162d: 48 89 c7 mov %rax,%rdi
1630: e8 fb f9 ff ff call 1030 <puts@plt>
1635: 83 7d dc 01 cmpl $0x1,-0x24(%rbp)
1639: 75 46 jne 1681 <main+0x88>
163b: 48 8b 45 d0 mov -0x30(%rbp),%rax
163f: 48 8b 00 mov (%rax),%rax
1642: 48 89 c6 mov %rax,%rsi
1645: 48 8d 05 dc 0d 00 00 lea 0xddc(%rip),%rax # 2428 <_IO_stdin_used+0x428>
164c: 48 89 c7 mov %rax,%rdi
164f: b8 00 00 00 00 mov $0x0,%eax
1654: e8 f7 f9 ff ff call 1050 <printf@plt>
1659: 48 8d 05 10 0e 00 00 lea 0xe10(%rip),%rax # 2470 <_IO_stdin_used+0x470>
1660: 48 89 c7 mov %rax,%rdi
1663: e8 c8 f9 ff ff call 1030 <puts@plt>
1668: 48 8d 05 59 0e 00 00 lea 0xe59(%rip),%rax # 24c8 <_IO_stdin_used+0x4c8>
166f: 48 89 c7 mov %rax,%rdi
1672: e8 b9 f9 ff ff call 1030 <puts@plt>
1677: b8 00 00 00 00 mov $0x0,%eax
167c: e9 43 01 00 00 jmp 17c4 <main+0x1cb>
1681: 48 8b 45 d0 mov -0x30(%rbp),%rax
1685: 48 83 c0 08 add $0x8,%rax
1689: 48 8b 00 mov (%rax),%rax
168c: 48 89 c6 mov %rax,%rsi
168f: 48 8d 05 7a 0e 00 00 lea 0xe7a(%rip),%rax # 2510 <_IO_stdin_used+0x510>
1696: 48 89 c7 mov %rax,%rdi
1699: b8 00 00 00 00 mov $0x0,%eax
169e: e8 ad f9 ff ff call 1050 <printf@plt>
16a3: 48 8b 45 d0 mov -0x30(%rbp),%rax
16a7: 48 83 c0 08 add $0x8,%rax
16ab: 48 8b 00 mov (%rax),%rax
16ae: 48 89 c7 mov %rax,%rdi
16b1: e8 ba f9 ff ff call 1070 <atoi@plt>
16b6: 48 98 cltq
16b8: 48 89 05 99 29 00 00 mov %rax,0x2999(%rip) # 4058 <rand1_h>
16bf: 48 c7 05 96 29 00 00 movq $0x29a,0x2996(%rip) # 4060 <rand1_l>
16c6: 9a 02 00 00
16ca: bf 00 00 00 00 mov $0x0,%edi
16cf: e8 e5 fa ff ff call 11b9 <GenerateRandomNumber>
16d4: c7 45 ec 02 00 00 00 movl $0x2,-0x14(%rbp)
16db: eb 36 jmp 1713 <main+0x11a>
16dd: 8b 45 ec mov -0x14(%rbp),%eax
16e0: 48 98 cltq
16e2: 48 8d 14 c5 00 00 00 lea 0x0(,%rax,8),%rdx
16e9: 00
16ea: 48 8b 45 d0 mov -0x30(%rbp),%rax
16ee: 48 01 d0 add %rdx,%rax
16f1: 48 8b 00 mov (%rax),%rax
16f4: 48 89 c7 mov %rax,%rdi
16f7: e8 74 f9 ff ff call 1070 <atoi@plt>
16fc: 48 98 cltq
16fe: 48 89 05 5b 29 00 00 mov %rax,0x295b(%rip) # 4060 <rand1_l>
1705: bf 00 00 00 00 mov $0x0,%edi
170a: e8 aa fa ff ff call 11b9 <GenerateRandomNumber>
170f: 83 45 ec 01 addl $0x1,-0x14(%rbp)
1713: 8b 45 ec mov -0x14(%rbp),%eax
1716: 3b 45 dc cmp -0x24(%rbp),%eax
1719: 7c c2 jl 16dd <main+0xe4>
171b: 48 8b 05 36 29 00 00 mov 0x2936(%rip),%rax # 4058 <rand1_h>
1722: 89 05 20 29 00 00 mov %eax,0x2920(%rip) # 4048 <cookie>
1728: 8b 05 1a 29 00 00 mov 0x291a(%rip),%eax # 4048 <cookie>
172e: 89 c6 mov %eax,%esi
1730: 48 8d 05 f7 0d 00 00 lea 0xdf7(%rip),%rax # 252e <_IO_stdin_used+0x52e>
1737: 48 89 c7 mov %rax,%rdi
173a: b8 00 00 00 00 mov $0x0,%eax
173f: e8 0c f9 ff ff call 1050 <printf@plt>
1744: 48 8d 05 bf 0c 00 00 lea 0xcbf(%rip),%rax # 240a <_IO_stdin_used+0x40a>
174b: 48 89 c7 mov %rax,%rdi
174e: e8 dd f8 ff ff call 1030 <puts@plt>
1753: 48 8d 05 f6 0d 00 00 lea 0xdf6(%rip),%rax # 2550 <_IO_stdin_used+0x550>
175a: 48 89 c7 mov %rax,%rdi
175d: b8 00 00 00 00 mov $0x0,%eax
1762: e8 e9 f8 ff ff call 1050 <printf@plt>
1767: bf 00 02 00 00 mov $0x200,%edi
176c: e8 48 fa ff ff call 11b9 <GenerateRandomNumber>
1771: 48 8b 05 f0 28 00 00 mov 0x28f0(%rip),%rax # 4068 <rand_div>
1778: 48 83 c0 01 add $0x1,%rax
177c: 48 8d 50 08 lea 0x8(%rax),%rdx
1780: b8 10 00 00 00 mov $0x10,%eax
1785: 48 83 e8 01 sub $0x1,%rax
1789: 48 01 d0 add %rdx,%rax
178c: b9 10 00 00 00 mov $0x10,%ecx
1791: ba 00 00 00 00 mov $0x0,%edx
1796: 48 f7 f1 div %rcx
1799: 48 6b c0 10 imul $0x10,%rax,%rax
179d: 48 29 c4 sub %rax,%rsp
17a0: 48 89 e0 mov %rsp,%rax
17a3: 48 83 c0 0f add $0xf,%rax
17a7: 48 c1 e8 04 shr $0x4,%rax
17ab: 48 c1 e0 04 shl $0x4,%rax
17af: 48 89 45 f0 mov %rax,-0x10(%rbp)
17b3: 48 8b 45 f0 mov -0x10(%rbp),%rax
17b7: c6 00 68 movb $0x68,(%rax)
17ba: e8 9a fb ff ff call 1359 <test>
17bf: b8 00 00 00 00 mov $0x0,%eax
17c4: 48 8b 55 f8 mov -0x8(%rbp),%rdx
17c8: 64 48 2b 14 25 28 00 sub %fs:0x28,%rdx
17cf: 00 00
17d1: 74 05 je 17d8 <main+0x1df>
17d3: e8 68 f8 ff ff call 1040 <__stack_chk_fail@plt>
17d8: c9 leave
17d9: c3 ret
Disassembly of section .fini:
00000000000017dc <_fini>:
17dc: f3 0f 1e fa endbr64
17e0: 48 83 ec 08 sub $0x8,%rsp
17e4: 48 83 c4 08 add $0x8,%rsp
17e8: c3 ret