561 lines
29 KiB
Plaintext
561 lines
29 KiB
Plaintext
|
||
bufbomb_linux: 文件格式 elf64-x86-64
|
||
|
||
|
||
Disassembly of section .init:
|
||
|
||
0000000000001000 <_init>:
|
||
1000: f3 0f 1e fa endbr64
|
||
1004: 48 83 ec 08 sub $0x8,%rsp
|
||
1008: 48 8b 05 c1 2f 00 00 mov 0x2fc1(%rip),%rax # 3fd0 <__gmon_start__@Base>
|
||
100f: 48 85 c0 test %rax,%rax
|
||
1012: 74 02 je 1016 <_init+0x16>
|
||
1014: ff d0 call *%rax
|
||
1016: 48 83 c4 08 add $0x8,%rsp
|
||
101a: c3 ret
|
||
|
||
Disassembly of section .plt:
|
||
|
||
0000000000001020 <puts@plt-0x10>:
|
||
1020: ff 35 ca 2f 00 00 push 0x2fca(%rip) # 3ff0 <_GLOBAL_OFFSET_TABLE_+0x8>
|
||
1026: ff 25 cc 2f 00 00 jmp *0x2fcc(%rip) # 3ff8 <_GLOBAL_OFFSET_TABLE_+0x10>
|
||
102c: 0f 1f 40 00 nopl 0x0(%rax)
|
||
|
||
0000000000001030 <puts@plt>:
|
||
1030: ff 25 ca 2f 00 00 jmp *0x2fca(%rip) # 4000 <puts@GLIBC_2.2.5>
|
||
1036: 68 00 00 00 00 push $0x0
|
||
103b: e9 e0 ff ff ff jmp 1020 <_init+0x20>
|
||
|
||
0000000000001040 <__stack_chk_fail@plt>:
|
||
1040: ff 25 c2 2f 00 00 jmp *0x2fc2(%rip) # 4008 <__stack_chk_fail@GLIBC_2.4>
|
||
1046: 68 01 00 00 00 push $0x1
|
||
104b: e9 d0 ff ff ff jmp 1020 <_init+0x20>
|
||
|
||
0000000000001050 <printf@plt>:
|
||
1050: ff 25 ba 2f 00 00 jmp *0x2fba(%rip) # 4010 <printf@GLIBC_2.2.5>
|
||
1056: 68 02 00 00 00 push $0x2
|
||
105b: e9 c0 ff ff ff jmp 1020 <_init+0x20>
|
||
|
||
0000000000001060 <getchar@plt>:
|
||
1060: ff 25 b2 2f 00 00 jmp *0x2fb2(%rip) # 4018 <getchar@GLIBC_2.2.5>
|
||
1066: 68 03 00 00 00 push $0x3
|
||
106b: e9 b0 ff ff ff jmp 1020 <_init+0x20>
|
||
|
||
0000000000001070 <atoi@plt>:
|
||
1070: ff 25 aa 2f 00 00 jmp *0x2faa(%rip) # 4020 <atoi@GLIBC_2.2.5>
|
||
1076: 68 04 00 00 00 push $0x4
|
||
107b: e9 a0 ff ff ff jmp 1020 <_init+0x20>
|
||
|
||
0000000000001080 <exit@plt>:
|
||
1080: ff 25 a2 2f 00 00 jmp *0x2fa2(%rip) # 4028 <exit@GLIBC_2.2.5>
|
||
1086: 68 05 00 00 00 push $0x5
|
||
108b: e9 90 ff ff ff jmp 1020 <_init+0x20>
|
||
|
||
0000000000001090 <__ctype_b_loc@plt>:
|
||
1090: ff 25 9a 2f 00 00 jmp *0x2f9a(%rip) # 4030 <__ctype_b_loc@GLIBC_2.3>
|
||
1096: 68 06 00 00 00 push $0x6
|
||
109b: e9 80 ff ff ff jmp 1020 <_init+0x20>
|
||
|
||
Disassembly of section .text:
|
||
|
||
00000000000010a0 <_start>:
|
||
10a0: f3 0f 1e fa endbr64
|
||
10a4: 31 ed xor %ebp,%ebp
|
||
10a6: 49 89 d1 mov %rdx,%r9
|
||
10a9: 5e pop %rsi
|
||
10aa: 48 89 e2 mov %rsp,%rdx
|
||
10ad: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
|
||
10b1: 50 push %rax
|
||
10b2: 54 push %rsp
|
||
10b3: 45 31 c0 xor %r8d,%r8d
|
||
10b6: 31 c9 xor %ecx,%ecx
|
||
10b8: 48 8d 3d 3a 05 00 00 lea 0x53a(%rip),%rdi # 15f9 <main>
|
||
10bf: ff 15 fb 2e 00 00 call *0x2efb(%rip) # 3fc0 <__libc_start_main@GLIBC_2.34>
|
||
10c5: f4 hlt
|
||
10c6: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
|
||
10cd: 00 00 00
|
||
10d0: 48 8d 3d 79 2f 00 00 lea 0x2f79(%rip),%rdi # 4050 <__TMC_END__>
|
||
10d7: 48 8d 05 72 2f 00 00 lea 0x2f72(%rip),%rax # 4050 <__TMC_END__>
|
||
10de: 48 39 f8 cmp %rdi,%rax
|
||
10e1: 74 1d je 1100 <_start+0x60>
|
||
10e3: 48 8b 05 de 2e 00 00 mov 0x2ede(%rip),%rax # 3fc8 <_ITM_deregisterTMCloneTable@Base>
|
||
10ea: 48 85 c0 test %rax,%rax
|
||
10ed: 74 11 je 1100 <_start+0x60>
|
||
10ef: ff e0 jmp *%rax
|
||
10f1: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1)
|
||
10f8: 00 00 00 00
|
||
10fc: 0f 1f 40 00 nopl 0x0(%rax)
|
||
1100: c3 ret
|
||
1101: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1)
|
||
1108: 00 00 00 00
|
||
110c: 0f 1f 40 00 nopl 0x0(%rax)
|
||
1110: 48 8d 3d 39 2f 00 00 lea 0x2f39(%rip),%rdi # 4050 <__TMC_END__>
|
||
1117: 48 8d 35 32 2f 00 00 lea 0x2f32(%rip),%rsi # 4050 <__TMC_END__>
|
||
111e: 48 29 fe sub %rdi,%rsi
|
||
1121: 48 89 f0 mov %rsi,%rax
|
||
1124: 48 c1 f8 03 sar $0x3,%rax
|
||
1128: 48 c1 ee 3f shr $0x3f,%rsi
|
||
112c: 48 01 c6 add %rax,%rsi
|
||
112f: 48 d1 fe sar $1,%rsi
|
||
1132: 74 1c je 1150 <_start+0xb0>
|
||
1134: 48 8b 05 9d 2e 00 00 mov 0x2e9d(%rip),%rax # 3fd8 <_ITM_registerTMCloneTable@Base>
|
||
113b: 48 85 c0 test %rax,%rax
|
||
113e: 74 10 je 1150 <_start+0xb0>
|
||
1140: ff e0 jmp *%rax
|
||
1142: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1)
|
||
1149: 00 00 00 00
|
||
114d: 0f 1f 00 nopl (%rax)
|
||
1150: c3 ret
|
||
1151: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1)
|
||
1158: 00 00 00 00
|
||
115c: 0f 1f 40 00 nopl 0x0(%rax)
|
||
1160: f3 0f 1e fa endbr64
|
||
1164: 80 3d e5 2e 00 00 00 cmpb $0x0,0x2ee5(%rip) # 4050 <__TMC_END__>
|
||
116b: 75 33 jne 11a0 <_start+0x100>
|
||
116d: 48 83 3d 6b 2e 00 00 cmpq $0x0,0x2e6b(%rip) # 3fe0 <__cxa_finalize@GLIBC_2.2.5>
|
||
1174: 00
|
||
1175: 55 push %rbp
|
||
1176: 48 89 e5 mov %rsp,%rbp
|
||
1179: 74 0d je 1188 <_start+0xe8>
|
||
117b: 48 8b 3d be 2e 00 00 mov 0x2ebe(%rip),%rdi # 4040 <__dso_handle>
|
||
1182: ff 15 58 2e 00 00 call *0x2e58(%rip) # 3fe0 <__cxa_finalize@GLIBC_2.2.5>
|
||
1188: e8 43 ff ff ff call 10d0 <_start+0x30>
|
||
118d: 5d pop %rbp
|
||
118e: c6 05 bb 2e 00 00 01 movb $0x1,0x2ebb(%rip) # 4050 <__TMC_END__>
|
||
1195: c3 ret
|
||
1196: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
|
||
119d: 00 00 00
|
||
11a0: c3 ret
|
||
11a1: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1)
|
||
11a8: 00 00 00 00
|
||
11ac: 0f 1f 40 00 nopl 0x0(%rax)
|
||
11b0: f3 0f 1e fa endbr64
|
||
11b4: e9 57 ff ff ff jmp 1110 <_start+0x70>
|
||
|
||
00000000000011b9 <GenerateRandomNumber>:
|
||
11b9: 55 push %rbp
|
||
11ba: 48 89 e5 mov %rsp,%rbp
|
||
11bd: 48 89 7d e8 mov %rdi,-0x18(%rbp)
|
||
11c1: 48 8b 05 90 2e 00 00 mov 0x2e90(%rip),%rax # 4058 <rand1_h>
|
||
11c8: 48 89 45 f8 mov %rax,-0x8(%rbp)
|
||
11cc: 48 8b 45 f8 mov -0x8(%rbp),%rax
|
||
11d0: 48 69 c0 c5 90 c6 6a imul $0x6ac690c5,%rax,%rax
|
||
11d7: 48 89 45 f8 mov %rax,-0x8(%rbp)
|
||
11db: 48 8b 55 f8 mov -0x8(%rbp),%rdx
|
||
11df: 48 8b 05 7a 2e 00 00 mov 0x2e7a(%rip),%rax # 4060 <rand1_l>
|
||
11e6: 48 01 d0 add %rdx,%rax
|
||
11e9: 48 89 45 f8 mov %rax,-0x8(%rbp)
|
||
11ed: 48 8b 45 f8 mov -0x8(%rbp),%rax
|
||
11f1: 48 89 05 60 2e 00 00 mov %rax,0x2e60(%rip) # 4058 <rand1_h>
|
||
11f8: 48 8b 45 f8 mov -0x8(%rbp),%rax
|
||
11fc: 48 c1 f8 20 sar $0x20,%rax
|
||
1200: 48 89 05 59 2e 00 00 mov %rax,0x2e59(%rip) # 4060 <rand1_l>
|
||
1207: 48 83 7d e8 00 cmpq $0x0,-0x18(%rbp)
|
||
120c: 74 1c je 122a <GenerateRandomNumber+0x71>
|
||
120e: 48 8b 05 43 2e 00 00 mov 0x2e43(%rip),%rax # 4058 <rand1_h>
|
||
1215: ba 00 00 00 00 mov $0x0,%edx
|
||
121a: 48 f7 75 e8 divq -0x18(%rbp)
|
||
121e: 48 89 d0 mov %rdx,%rax
|
||
1221: 48 89 05 40 2e 00 00 mov %rax,0x2e40(%rip) # 4068 <rand_div>
|
||
1228: eb 01 jmp 122b <GenerateRandomNumber+0x72>
|
||
122a: 90 nop
|
||
122b: 5d pop %rbp
|
||
122c: c3 ret
|
||
|
||
000000000000122d <getxs>:
|
||
122d: 55 push %rbp
|
||
122e: 48 89 e5 mov %rsp,%rbp
|
||
1231: 48 83 ec 30 sub $0x30,%rsp
|
||
1235: 48 89 7d d8 mov %rdi,-0x28(%rbp)
|
||
1239: c7 45 e8 01 00 00 00 movl $0x1,-0x18(%rbp)
|
||
1240: c7 45 ec 00 00 00 00 movl $0x0,-0x14(%rbp)
|
||
1247: 48 8b 45 d8 mov -0x28(%rbp),%rax
|
||
124b: 48 89 45 f8 mov %rax,-0x8(%rbp)
|
||
124f: e9 94 00 00 00 jmp 12e8 <getxs+0xbb>
|
||
1254: e8 37 fe ff ff call 1090 <__ctype_b_loc@plt>
|
||
1259: 48 8b 00 mov (%rax),%rax
|
||
125c: 8b 55 f4 mov -0xc(%rbp),%edx
|
||
125f: 48 63 d2 movslq %edx,%rdx
|
||
1262: 48 01 d2 add %rdx,%rdx
|
||
1265: 48 01 d0 add %rdx,%rax
|
||
1268: 0f b7 00 movzwl (%rax),%eax
|
||
126b: 0f b7 c0 movzwl %ax,%eax
|
||
126e: 25 00 10 00 00 and $0x1000,%eax
|
||
1273: 85 c0 test %eax,%eax
|
||
1275: 74 71 je 12e8 <getxs+0xbb>
|
||
1277: 83 7d f4 2f cmpl $0x2f,-0xc(%rbp)
|
||
127b: 7e 11 jle 128e <getxs+0x61>
|
||
127d: 83 7d f4 39 cmpl $0x39,-0xc(%rbp)
|
||
1281: 7f 0b jg 128e <getxs+0x61>
|
||
1283: 8b 45 f4 mov -0xc(%rbp),%eax
|
||
1286: 83 e8 30 sub $0x30,%eax
|
||
1289: 89 45 f0 mov %eax,-0x10(%rbp)
|
||
128c: eb 20 jmp 12ae <getxs+0x81>
|
||
128e: 83 7d f4 40 cmpl $0x40,-0xc(%rbp)
|
||
1292: 7e 11 jle 12a5 <getxs+0x78>
|
||
1294: 83 7d f4 46 cmpl $0x46,-0xc(%rbp)
|
||
1298: 7f 0b jg 12a5 <getxs+0x78>
|
||
129a: 8b 45 f4 mov -0xc(%rbp),%eax
|
||
129d: 83 e8 37 sub $0x37,%eax
|
||
12a0: 89 45 f0 mov %eax,-0x10(%rbp)
|
||
12a3: eb 09 jmp 12ae <getxs+0x81>
|
||
12a5: 8b 45 f4 mov -0xc(%rbp),%eax
|
||
12a8: 83 e8 57 sub $0x57,%eax
|
||
12ab: 89 45 f0 mov %eax,-0x10(%rbp)
|
||
12ae: 83 7d e8 00 cmpl $0x0,-0x18(%rbp)
|
||
12b2: 74 0f je 12c3 <getxs+0x96>
|
||
12b4: 8b 45 f0 mov -0x10(%rbp),%eax
|
||
12b7: 89 45 ec mov %eax,-0x14(%rbp)
|
||
12ba: c7 45 e8 00 00 00 00 movl $0x0,-0x18(%rbp)
|
||
12c1: eb 25 jmp 12e8 <getxs+0xbb>
|
||
12c3: 8b 45 ec mov -0x14(%rbp),%eax
|
||
12c6: c1 e0 04 shl $0x4,%eax
|
||
12c9: 89 c2 mov %eax,%edx
|
||
12cb: 8b 45 f0 mov -0x10(%rbp),%eax
|
||
12ce: 8d 0c 02 lea (%rdx,%rax,1),%ecx
|
||
12d1: 48 8b 45 f8 mov -0x8(%rbp),%rax
|
||
12d5: 48 8d 50 01 lea 0x1(%rax),%rdx
|
||
12d9: 48 89 55 f8 mov %rdx,-0x8(%rbp)
|
||
12dd: 89 ca mov %ecx,%edx
|
||
12df: 88 10 mov %dl,(%rax)
|
||
12e1: c7 45 e8 01 00 00 00 movl $0x1,-0x18(%rbp)
|
||
12e8: e8 73 fd ff ff call 1060 <getchar@plt>
|
||
12ed: 89 45 f4 mov %eax,-0xc(%rbp)
|
||
12f0: 83 7d f4 ff cmpl $0xffffffff,-0xc(%rbp)
|
||
12f4: 74 10 je 1306 <getxs+0xd9>
|
||
12f6: 83 7d f4 0a cmpl $0xa,-0xc(%rbp)
|
||
12fa: 74 0a je 1306 <getxs+0xd9>
|
||
12fc: 83 7d f4 0d cmpl $0xd,-0xc(%rbp)
|
||
1300: 0f 85 4e ff ff ff jne 1254 <getxs+0x27>
|
||
1306: 48 8b 45 f8 mov -0x8(%rbp),%rax
|
||
130a: 48 8d 50 01 lea 0x1(%rax),%rdx
|
||
130e: 48 89 55 f8 mov %rdx,-0x8(%rbp)
|
||
1312: c6 00 00 movb $0x0,(%rax)
|
||
1315: 48 8b 45 d8 mov -0x28(%rbp),%rax
|
||
1319: c9 leave
|
||
131a: c3 ret
|
||
|
||
000000000000131b <getbuf>:
|
||
131b: 55 push %rbp
|
||
131c: 48 89 e5 mov %rsp,%rbp
|
||
131f: 48 83 ec 20 sub $0x20,%rsp
|
||
1323: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
|
||
132a: 00 00
|
||
132c: 48 89 45 f8 mov %rax,-0x8(%rbp)
|
||
1330: 31 c0 xor %eax,%eax
|
||
1332: 48 8d 45 ec lea -0x14(%rbp),%rax
|
||
1336: 48 89 c7 mov %rax,%rdi
|
||
1339: e8 ef fe ff ff call 122d <getxs>
|
||
133e: b8 01 00 00 00 mov $0x1,%eax
|
||
1343: 48 8b 55 f8 mov -0x8(%rbp),%rdx
|
||
1347: 64 48 2b 14 25 28 00 sub %fs:0x28,%rdx
|
||
134e: 00 00
|
||
1350: 74 05 je 1357 <getbuf+0x3c>
|
||
1352: e8 e9 fc ff ff call 1040 <__stack_chk_fail@plt>
|
||
1357: c9 leave
|
||
1358: c3 ret
|
||
|
||
0000000000001359 <test>:
|
||
1359: 55 push %rbp
|
||
135a: 48 89 e5 mov %rsp,%rbp
|
||
135d: 48 83 ec 20 sub $0x20,%rsp
|
||
1361: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
|
||
1368: 00 00
|
||
136a: 48 89 45 f8 mov %rax,-0x8(%rbp)
|
||
136e: 31 c0 xor %eax,%eax
|
||
1370: c7 45 e8 ef be ad de movl $0xdeadbeef,-0x18(%rbp)
|
||
1377: bf 17 00 00 00 mov $0x17,%edi
|
||
137c: e8 38 fe ff ff call 11b9 <GenerateRandomNumber>
|
||
1381: 48 8b 05 e0 2c 00 00 mov 0x2ce0(%rip),%rax # 4068 <rand_div>
|
||
1388: 48 83 c0 01 add $0x1,%rax
|
||
138c: 48 8d 50 08 lea 0x8(%rax),%rdx
|
||
1390: b8 10 00 00 00 mov $0x10,%eax
|
||
1395: 48 83 e8 01 sub $0x1,%rax
|
||
1399: 48 01 d0 add %rdx,%rax
|
||
139c: b9 10 00 00 00 mov $0x10,%ecx
|
||
13a1: ba 00 00 00 00 mov $0x0,%edx
|
||
13a6: 48 f7 f1 div %rcx
|
||
13a9: 48 6b c0 10 imul $0x10,%rax,%rax
|
||
13ad: 48 29 c4 sub %rax,%rsp
|
||
13b0: 48 89 e0 mov %rsp,%rax
|
||
13b3: 48 83 c0 0f add $0xf,%rax
|
||
13b7: 48 c1 e8 04 shr $0x4,%rax
|
||
13bb: 48 c1 e0 04 shl $0x4,%rax
|
||
13bf: 48 89 45 f0 mov %rax,-0x10(%rbp)
|
||
13c3: 48 8b 45 f0 mov -0x10(%rbp),%rax
|
||
13c7: c6 00 6c movb $0x6c,(%rax)
|
||
13ca: e8 4c ff ff ff call 131b <getbuf>
|
||
13cf: 89 45 ec mov %eax,-0x14(%rbp)
|
||
13d2: 8b 45 e8 mov -0x18(%rbp),%eax
|
||
13d5: 3d ef be ad de cmp $0xdeadbeef,%eax
|
||
13da: 75 11 jne 13ed <test+0x94>
|
||
13dc: 48 8d 05 25 0c 00 00 lea 0xc25(%rip),%rax # 2008 <_IO_stdin_used+0x8>
|
||
13e3: 48 89 c7 mov %rax,%rdi
|
||
13e6: e8 45 fc ff ff call 1030 <puts@plt>
|
||
13eb: eb 0f jmp 13fc <test+0xa3>
|
||
13ed: 48 8d 05 24 0c 00 00 lea 0xc24(%rip),%rax # 2018 <_IO_stdin_used+0x18>
|
||
13f4: 48 89 c7 mov %rax,%rdi
|
||
13f7: e8 34 fc ff ff call 1030 <puts@plt>
|
||
13fc: 8b 05 46 2c 00 00 mov 0x2c46(%rip),%eax # 4048 <cookie>
|
||
1402: 39 45 ec cmp %eax,-0x14(%rbp)
|
||
1405: 75 1b jne 1422 <test+0xc9>
|
||
1407: 8b 45 ec mov -0x14(%rbp),%eax
|
||
140a: 89 c6 mov %eax,%esi
|
||
140c: 48 8d 05 3d 0c 00 00 lea 0xc3d(%rip),%rax # 2050 <_IO_stdin_used+0x50>
|
||
1413: 48 89 c7 mov %rax,%rdi
|
||
1416: b8 00 00 00 00 mov $0x0,%eax
|
||
141b: e8 30 fc ff ff call 1050 <printf@plt>
|
||
1420: eb 30 jmp 1452 <test+0xf9>
|
||
1422: 83 7d ec 01 cmpl $0x1,-0x14(%rbp)
|
||
1426: 75 11 jne 1439 <test+0xe0>
|
||
1428: 48 8d 05 61 0c 00 00 lea 0xc61(%rip),%rax # 2090 <_IO_stdin_used+0x90>
|
||
142f: 48 89 c7 mov %rax,%rdi
|
||
1432: e8 f9 fb ff ff call 1030 <puts@plt>
|
||
1437: eb 19 jmp 1452 <test+0xf9>
|
||
1439: 8b 45 ec mov -0x14(%rbp),%eax
|
||
143c: 89 c6 mov %eax,%esi
|
||
143e: 48 8d 05 83 0c 00 00 lea 0xc83(%rip),%rax # 20c8 <_IO_stdin_used+0xc8>
|
||
1445: 48 89 c7 mov %rax,%rdi
|
||
1448: b8 00 00 00 00 mov $0x0,%eax
|
||
144d: e8 fe fb ff ff call 1050 <printf@plt>
|
||
1452: 90 nop
|
||
1453: 48 8b 45 f8 mov -0x8(%rbp),%rax
|
||
1457: 64 48 2b 04 25 28 00 sub %fs:0x28,%rax
|
||
145e: 00 00
|
||
1460: 74 05 je 1467 <test+0x10e>
|
||
1462: e8 d9 fb ff ff call 1040 <__stack_chk_fail@plt>
|
||
1467: c9 leave
|
||
1468: c3 ret
|
||
|
||
0000000000001469 <Trojan1>:
|
||
1469: 55 push %rbp
|
||
146a: 48 89 e5 mov %rsp,%rbp
|
||
146d: 48 8d 05 9c 0c 00 00 lea 0xc9c(%rip),%rax # 2110 <_IO_stdin_used+0x110>
|
||
1474: 48 89 c7 mov %rax,%rdi
|
||
1477: e8 b4 fb ff ff call 1030 <puts@plt>
|
||
147c: 48 8d 05 c6 0c 00 00 lea 0xcc6(%rip),%rax # 2149 <_IO_stdin_used+0x149>
|
||
1483: 48 89 c7 mov %rax,%rdi
|
||
1486: e8 a5 fb ff ff call 1030 <puts@plt>
|
||
148b: bf 00 00 00 00 mov $0x0,%edi
|
||
1490: e8 eb fb ff ff call 1080 <exit@plt>
|
||
|
||
0000000000001495 <Trojan2>:
|
||
1495: 55 push %rbp
|
||
1496: 48 89 e5 mov %rsp,%rbp
|
||
1499: 48 83 ec 10 sub $0x10,%rsp
|
||
149d: 89 7d fc mov %edi,-0x4(%rbp)
|
||
14a0: 8b 05 a2 2b 00 00 mov 0x2ba2(%rip),%eax # 4048 <cookie>
|
||
14a6: 39 45 fc cmp %eax,-0x4(%rbp)
|
||
14a9: 75 1b jne 14c6 <Trojan2+0x31>
|
||
14ab: 8b 45 fc mov -0x4(%rbp),%eax
|
||
14ae: 89 c6 mov %eax,%esi
|
||
14b0: 48 8d 05 b1 0c 00 00 lea 0xcb1(%rip),%rax # 2168 <_IO_stdin_used+0x168>
|
||
14b7: 48 89 c7 mov %rax,%rdi
|
||
14ba: b8 00 00 00 00 mov $0x0,%eax
|
||
14bf: e8 8c fb ff ff call 1050 <printf@plt>
|
||
14c4: eb 19 jmp 14df <Trojan2+0x4a>
|
||
14c6: 8b 45 fc mov -0x4(%rbp),%eax
|
||
14c9: 89 c6 mov %eax,%esi
|
||
14cb: 48 8d 05 e6 0c 00 00 lea 0xce6(%rip),%rax # 21b8 <_IO_stdin_used+0x1b8>
|
||
14d2: 48 89 c7 mov %rax,%rdi
|
||
14d5: b8 00 00 00 00 mov $0x0,%eax
|
||
14da: e8 71 fb ff ff call 1050 <printf@plt>
|
||
14df: 8b 05 63 2b 00 00 mov 0x2b63(%rip),%eax # 4048 <cookie>
|
||
14e5: 39 45 fc cmp %eax,-0x4(%rbp)
|
||
14e8: 75 0f jne 14f9 <Trojan2+0x64>
|
||
14ea: 48 8d 05 23 0d 00 00 lea 0xd23(%rip),%rax # 2214 <_IO_stdin_used+0x214>
|
||
14f1: 48 89 c7 mov %rax,%rdi
|
||
14f4: e8 37 fb ff ff call 1030 <puts@plt>
|
||
14f9: bf 00 00 00 00 mov $0x0,%edi
|
||
14fe: e8 7d fb ff ff call 1080 <exit@plt>
|
||
|
||
0000000000001503 <Trojan3>:
|
||
1503: 55 push %rbp
|
||
1504: 48 89 e5 mov %rsp,%rbp
|
||
1507: 48 83 ec 10 sub $0x10,%rsp
|
||
150b: 89 7d fc mov %edi,-0x4(%rbp)
|
||
150e: 8b 15 5c 2b 00 00 mov 0x2b5c(%rip),%edx # 4070 <global_value>
|
||
1514: 8b 05 2e 2b 00 00 mov 0x2b2e(%rip),%eax # 4048 <cookie>
|
||
151a: 39 c2 cmp %eax,%edx
|
||
151c: 75 1e jne 153c <Trojan3+0x39>
|
||
151e: 8b 05 4c 2b 00 00 mov 0x2b4c(%rip),%eax # 4070 <global_value>
|
||
1524: 89 c6 mov %eax,%esi
|
||
1526: 48 8d 05 03 0d 00 00 lea 0xd03(%rip),%rax # 2230 <_IO_stdin_used+0x230>
|
||
152d: 48 89 c7 mov %rax,%rdi
|
||
1530: b8 00 00 00 00 mov $0x0,%eax
|
||
1535: e8 16 fb ff ff call 1050 <printf@plt>
|
||
153a: eb 1c jmp 1558 <Trojan3+0x55>
|
||
153c: 8b 05 2e 2b 00 00 mov 0x2b2e(%rip),%eax # 4070 <global_value>
|
||
1542: 89 c6 mov %eax,%esi
|
||
1544: 48 8d 05 45 0d 00 00 lea 0xd45(%rip),%rax # 2290 <_IO_stdin_used+0x290>
|
||
154b: 48 89 c7 mov %rax,%rdi
|
||
154e: b8 00 00 00 00 mov $0x0,%eax
|
||
1553: e8 f8 fa ff ff call 1050 <printf@plt>
|
||
1558: 8b 15 12 2b 00 00 mov 0x2b12(%rip),%edx # 4070 <global_value>
|
||
155e: 8b 05 e4 2a 00 00 mov 0x2ae4(%rip),%eax # 4048 <cookie>
|
||
1564: 39 c2 cmp %eax,%edx
|
||
1566: 75 0f jne 1577 <Trojan3+0x74>
|
||
1568: 48 8d 05 7e 0d 00 00 lea 0xd7e(%rip),%rax # 22ed <_IO_stdin_used+0x2ed>
|
||
156f: 48 89 c7 mov %rax,%rdi
|
||
1572: e8 b9 fa ff ff call 1030 <puts@plt>
|
||
1577: bf 00 00 00 00 mov $0x0,%edi
|
||
157c: e8 ff fa ff ff call 1080 <exit@plt>
|
||
|
||
0000000000001581 <Trojan4>:
|
||
1581: 55 push %rbp
|
||
1582: 48 89 e5 mov %rsp,%rbp
|
||
1585: 48 83 ec 10 sub $0x10,%rsp
|
||
1589: 89 7d fc mov %edi,-0x4(%rbp)
|
||
158c: 8b 15 de 2a 00 00 mov 0x2ade(%rip),%edx # 4070 <global_value>
|
||
1592: 8b 05 b0 2a 00 00 mov 0x2ab0(%rip),%eax # 4048 <cookie>
|
||
1598: 39 c2 cmp %eax,%edx
|
||
159a: 75 1e jne 15ba <Trojan4+0x39>
|
||
159c: 8b 05 ce 2a 00 00 mov 0x2ace(%rip),%eax # 4070 <global_value>
|
||
15a2: 89 c6 mov %eax,%esi
|
||
15a4: 48 8d 05 5d 0d 00 00 lea 0xd5d(%rip),%rax # 2308 <_IO_stdin_used+0x308>
|
||
15ab: 48 89 c7 mov %rax,%rdi
|
||
15ae: b8 00 00 00 00 mov $0x0,%eax
|
||
15b3: e8 98 fa ff ff call 1050 <printf@plt>
|
||
15b8: eb 1c jmp 15d6 <Trojan4+0x55>
|
||
15ba: 8b 05 b0 2a 00 00 mov 0x2ab0(%rip),%eax # 4070 <global_value>
|
||
15c0: 89 c6 mov %eax,%esi
|
||
15c2: 48 8d 05 9f 0d 00 00 lea 0xd9f(%rip),%rax # 2368 <_IO_stdin_used+0x368>
|
||
15c9: 48 89 c7 mov %rax,%rdi
|
||
15cc: b8 00 00 00 00 mov $0x0,%eax
|
||
15d1: e8 7a fa ff ff call 1050 <printf@plt>
|
||
15d6: 8b 15 94 2a 00 00 mov 0x2a94(%rip),%edx # 4070 <global_value>
|
||
15dc: 8b 05 66 2a 00 00 mov 0x2a66(%rip),%eax # 4048 <cookie>
|
||
15e2: 39 c2 cmp %eax,%edx
|
||
15e4: 75 10 jne 15f6 <Trojan4+0x75>
|
||
15e6: 48 8d 05 d2 0d 00 00 lea 0xdd2(%rip),%rax # 23bf <_IO_stdin_used+0x3bf>
|
||
15ed: 48 89 c7 mov %rax,%rdi
|
||
15f0: e8 3b fa ff ff call 1030 <puts@plt>
|
||
15f5: 90 nop
|
||
15f6: 90 nop
|
||
15f7: c9 leave
|
||
15f8: c3 ret
|
||
|
||
00000000000015f9 <main>:
|
||
15f9: 55 push %rbp
|
||
15fa: 48 89 e5 mov %rsp,%rbp
|
||
15fd: 48 83 ec 30 sub $0x30,%rsp
|
||
1601: 89 7d dc mov %edi,-0x24(%rbp)
|
||
1604: 48 89 75 d0 mov %rsi,-0x30(%rbp)
|
||
1608: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
|
||
160f: 00 00
|
||
1611: 48 89 45 f8 mov %rax,-0x8(%rbp)
|
||
1615: 31 c0 xor %eax,%eax
|
||
1617: 48 8d 05 c2 0d 00 00 lea 0xdc2(%rip),%rax # 23e0 <_IO_stdin_used+0x3e0>
|
||
161e: 48 89 c7 mov %rax,%rdi
|
||
1621: e8 0a fa ff ff call 1030 <puts@plt>
|
||
1626: 48 8d 05 dd 0d 00 00 lea 0xddd(%rip),%rax # 240a <_IO_stdin_used+0x40a>
|
||
162d: 48 89 c7 mov %rax,%rdi
|
||
1630: e8 fb f9 ff ff call 1030 <puts@plt>
|
||
1635: 83 7d dc 01 cmpl $0x1,-0x24(%rbp)
|
||
1639: 75 46 jne 1681 <main+0x88>
|
||
163b: 48 8b 45 d0 mov -0x30(%rbp),%rax
|
||
163f: 48 8b 00 mov (%rax),%rax
|
||
1642: 48 89 c6 mov %rax,%rsi
|
||
1645: 48 8d 05 dc 0d 00 00 lea 0xddc(%rip),%rax # 2428 <_IO_stdin_used+0x428>
|
||
164c: 48 89 c7 mov %rax,%rdi
|
||
164f: b8 00 00 00 00 mov $0x0,%eax
|
||
1654: e8 f7 f9 ff ff call 1050 <printf@plt>
|
||
1659: 48 8d 05 10 0e 00 00 lea 0xe10(%rip),%rax # 2470 <_IO_stdin_used+0x470>
|
||
1660: 48 89 c7 mov %rax,%rdi
|
||
1663: e8 c8 f9 ff ff call 1030 <puts@plt>
|
||
1668: 48 8d 05 59 0e 00 00 lea 0xe59(%rip),%rax # 24c8 <_IO_stdin_used+0x4c8>
|
||
166f: 48 89 c7 mov %rax,%rdi
|
||
1672: e8 b9 f9 ff ff call 1030 <puts@plt>
|
||
1677: b8 00 00 00 00 mov $0x0,%eax
|
||
167c: e9 43 01 00 00 jmp 17c4 <main+0x1cb>
|
||
1681: 48 8b 45 d0 mov -0x30(%rbp),%rax
|
||
1685: 48 83 c0 08 add $0x8,%rax
|
||
1689: 48 8b 00 mov (%rax),%rax
|
||
168c: 48 89 c6 mov %rax,%rsi
|
||
168f: 48 8d 05 7a 0e 00 00 lea 0xe7a(%rip),%rax # 2510 <_IO_stdin_used+0x510>
|
||
1696: 48 89 c7 mov %rax,%rdi
|
||
1699: b8 00 00 00 00 mov $0x0,%eax
|
||
169e: e8 ad f9 ff ff call 1050 <printf@plt>
|
||
16a3: 48 8b 45 d0 mov -0x30(%rbp),%rax
|
||
16a7: 48 83 c0 08 add $0x8,%rax
|
||
16ab: 48 8b 00 mov (%rax),%rax
|
||
16ae: 48 89 c7 mov %rax,%rdi
|
||
16b1: e8 ba f9 ff ff call 1070 <atoi@plt>
|
||
16b6: 48 98 cltq
|
||
16b8: 48 89 05 99 29 00 00 mov %rax,0x2999(%rip) # 4058 <rand1_h>
|
||
16bf: 48 c7 05 96 29 00 00 movq $0x29a,0x2996(%rip) # 4060 <rand1_l>
|
||
16c6: 9a 02 00 00
|
||
16ca: bf 00 00 00 00 mov $0x0,%edi
|
||
16cf: e8 e5 fa ff ff call 11b9 <GenerateRandomNumber>
|
||
16d4: c7 45 ec 02 00 00 00 movl $0x2,-0x14(%rbp)
|
||
16db: eb 36 jmp 1713 <main+0x11a>
|
||
16dd: 8b 45 ec mov -0x14(%rbp),%eax
|
||
16e0: 48 98 cltq
|
||
16e2: 48 8d 14 c5 00 00 00 lea 0x0(,%rax,8),%rdx
|
||
16e9: 00
|
||
16ea: 48 8b 45 d0 mov -0x30(%rbp),%rax
|
||
16ee: 48 01 d0 add %rdx,%rax
|
||
16f1: 48 8b 00 mov (%rax),%rax
|
||
16f4: 48 89 c7 mov %rax,%rdi
|
||
16f7: e8 74 f9 ff ff call 1070 <atoi@plt>
|
||
16fc: 48 98 cltq
|
||
16fe: 48 89 05 5b 29 00 00 mov %rax,0x295b(%rip) # 4060 <rand1_l>
|
||
1705: bf 00 00 00 00 mov $0x0,%edi
|
||
170a: e8 aa fa ff ff call 11b9 <GenerateRandomNumber>
|
||
170f: 83 45 ec 01 addl $0x1,-0x14(%rbp)
|
||
1713: 8b 45 ec mov -0x14(%rbp),%eax
|
||
1716: 3b 45 dc cmp -0x24(%rbp),%eax
|
||
1719: 7c c2 jl 16dd <main+0xe4>
|
||
171b: 48 8b 05 36 29 00 00 mov 0x2936(%rip),%rax # 4058 <rand1_h>
|
||
1722: 89 05 20 29 00 00 mov %eax,0x2920(%rip) # 4048 <cookie>
|
||
1728: 8b 05 1a 29 00 00 mov 0x291a(%rip),%eax # 4048 <cookie>
|
||
172e: 89 c6 mov %eax,%esi
|
||
1730: 48 8d 05 f7 0d 00 00 lea 0xdf7(%rip),%rax # 252e <_IO_stdin_used+0x52e>
|
||
1737: 48 89 c7 mov %rax,%rdi
|
||
173a: b8 00 00 00 00 mov $0x0,%eax
|
||
173f: e8 0c f9 ff ff call 1050 <printf@plt>
|
||
1744: 48 8d 05 bf 0c 00 00 lea 0xcbf(%rip),%rax # 240a <_IO_stdin_used+0x40a>
|
||
174b: 48 89 c7 mov %rax,%rdi
|
||
174e: e8 dd f8 ff ff call 1030 <puts@plt>
|
||
1753: 48 8d 05 f6 0d 00 00 lea 0xdf6(%rip),%rax # 2550 <_IO_stdin_used+0x550>
|
||
175a: 48 89 c7 mov %rax,%rdi
|
||
175d: b8 00 00 00 00 mov $0x0,%eax
|
||
1762: e8 e9 f8 ff ff call 1050 <printf@plt>
|
||
1767: bf 00 02 00 00 mov $0x200,%edi
|
||
176c: e8 48 fa ff ff call 11b9 <GenerateRandomNumber>
|
||
1771: 48 8b 05 f0 28 00 00 mov 0x28f0(%rip),%rax # 4068 <rand_div>
|
||
1778: 48 83 c0 01 add $0x1,%rax
|
||
177c: 48 8d 50 08 lea 0x8(%rax),%rdx
|
||
1780: b8 10 00 00 00 mov $0x10,%eax
|
||
1785: 48 83 e8 01 sub $0x1,%rax
|
||
1789: 48 01 d0 add %rdx,%rax
|
||
178c: b9 10 00 00 00 mov $0x10,%ecx
|
||
1791: ba 00 00 00 00 mov $0x0,%edx
|
||
1796: 48 f7 f1 div %rcx
|
||
1799: 48 6b c0 10 imul $0x10,%rax,%rax
|
||
179d: 48 29 c4 sub %rax,%rsp
|
||
17a0: 48 89 e0 mov %rsp,%rax
|
||
17a3: 48 83 c0 0f add $0xf,%rax
|
||
17a7: 48 c1 e8 04 shr $0x4,%rax
|
||
17ab: 48 c1 e0 04 shl $0x4,%rax
|
||
17af: 48 89 45 f0 mov %rax,-0x10(%rbp)
|
||
17b3: 48 8b 45 f0 mov -0x10(%rbp),%rax
|
||
17b7: c6 00 68 movb $0x68,(%rax)
|
||
17ba: e8 9a fb ff ff call 1359 <test>
|
||
17bf: b8 00 00 00 00 mov $0x0,%eax
|
||
17c4: 48 8b 55 f8 mov -0x8(%rbp),%rdx
|
||
17c8: 64 48 2b 14 25 28 00 sub %fs:0x28,%rdx
|
||
17cf: 00 00
|
||
17d1: 74 05 je 17d8 <main+0x1df>
|
||
17d3: e8 68 f8 ff ff call 1040 <__stack_chk_fail@plt>
|
||
17d8: c9 leave
|
||
17d9: c3 ret
|
||
|
||
Disassembly of section .fini:
|
||
|
||
00000000000017dc <_fini>:
|
||
17dc: f3 0f 1e fa endbr64
|
||
17e0: 48 83 ec 08 sub $0x8,%rsp
|
||
17e4: 48 83 c4 08 add $0x8,%rsp
|
||
17e8: c3 ret
|