Skip to content

Instantly share code, notes, and snippets.

@hhc0null

hhc0null/jackshit.c

Last active August 29, 2015 14:19
Show Gist options
  • Save hhc0null/5e0b8035faa5dab3b2bf to your computer and use it in GitHub Desktop.
Save hhc0null/5e0b8035faa5dab3b2bf to your computer and use it in GitHub Desktop.
Download ZIP
[PlaidCTF2014 Pwnables200] jackshit
Raw
jackshit.c
int main(void)
{
// Local variables.
struct passwd *passwd;
gid_t ebp_d0h;
uid_t ebp_cch;
size_t ebp_bch;
int ebp_b8h;
struct sockaddr_in ebp_b4h;
struct sigaction ebp_a4h;
passwd = getpwnam("jack");
ebp_cch = passwd->pw_uid;
ebp_d0h = passwd->pw_gid;
sub_8048c3d();
memset(ebp_b4h, '\0', sizeof(struct sockaddr_in));
ebp_b4h.sin_family = AF_INET;
ebp_b4h.sin_port = htons(1282);
ebp_bch = sizeof(struct sockaddr_in);
sockfd = socket(AF_INET, SOCK_STREAM, IPPROT_TCP); sub_8048eb0(SCMP_SYS(socket));
if(sockfd < 0) {
goto failed;
}
ebp_b8h = 1;
setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &ebp_b8h, sizeof(ebp_b8h)); sub_8048eb0(SCMP_SYS(setsockopt));
if(bind(sockfd, &ebp_b4h, ebp_bch) != 0) {
goto failed;
}
sub_8048eb0(SCMP_SYS(bind));
listen(sockfd, 200);
sub_8048eb0(SCMP_SYS(listen));
ebp_a4h.sa_handler = SIG_IGN;
ebp_a4h.sa_flags = SA_NOCLDWAIT;
sigemptyset(&ebp_a4h.mask);
sigaction(SIGSEGV, &ebp_a4h, NULL);
sub_8048eb0(SCMP_SYS(sigaction));
while(true) {
s = accept(sockfd, &ebp_b4h, &ebp_bch, &ebp_a4h) ;
if(s > 0 && fork() == 0) {
sub_8048eb0(SCMP_SYS(listen));
sub_8048eb0(SCMP_SYS(socketcall));
sub_8048eb0(SCMP_SYS(clone));
close(sockfd);
alarm(60);
sub_8048eb0(SCMP_SYS(alarm));
setresuid(ebp_cch, ebp_cch, ebp_cch);
sub_8048eb0(SCMP_SYS(setresuid));
setresgid(ebp_d0h, ebp_d0h, ebp_d0h);
sub_8048eb0(SCMP_SYS(setresgid));
dup2(s, STDIN_FILENO);
dup2(s, STDOUT_FILENO);
sub_8048eb0(SCMP_SYS(dup2));
close(STDERR_FILENO);
close(s);
exit(sub_8049021());
}
close(s);
}
}
void sub_8048c3d()
{
// Local variables.
struct scmp_arg_cmp ebp_48h;
struct scmp_arg_cmp ebp_30h;
if((ctx = seccomp_init(SCMP_ACT_KILL)) == NULL) {
exit(-1);
}
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0) != 0) {
exit(-1);
}
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket) /* __PNR_socket */ , 0) != 0) {
exit(-1);
}
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socketcall), 0) != 0) {
exit(-1);
}
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(bind) /* __PNR_bind */, 0) != 0) {
exit(-1);
}
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(listen) /* __PNR_listen */, 0) != 0) {
exit(-1);
}
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigaction), 0) != 0) {
exit(-1);
}
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(accept) /* __PNR_accept */, 0) != 0) {
exit(-1);
}
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(clone), 0) != 0) {
exit(-1);
}
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setresuid32), 0) != 0) {
exit(-1);
}
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setresgid32), 0) != 0) {
exit(-1);
}
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(alarm), 0) != 0) {
exit(-1);
}
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup2), 0) != 0) {
exit(-1);
}
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0) != 0) {
exit(-1);
}
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 0) != 0) {
exit(-1);
}
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0) != 0) {
exit(-1);
}
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit_group), 0) != 0) {
exit(-1);
}
memset(ebp_48h, '\0', 0x18);
ebp_48h = {SCMP_A0(SCMP_CMP_EQ, 0x26)};
if(seccomp_rule_add_array(ctx, SCMP_ACT_ALLOW, SCMP_SYS(prctl), 1, ebp_48h) != 0) {
exit(-1);
}
memset(ebp_30h, '\0', 0x18);
ebp_30h = {SCMP_A0(SCMP_CMP_EQ, 0x16)};
if(seccomp_rule_add_array(ctx, SCMP_ACT_ALLOW, SCMP_SYS(prctl), 1, ebp_30h) != 0) {
exit(-1);
}
if(seccomp_load(ctx) != 0) {
exit(-1);
}
seccomp_release(ctx);
}
void sub_8048eb0(int arg0)
{
ctx = seccomp_init(SCMP_ACT_ALLOW);
if(seccomp_rule_add(ctx, SCMP_ACT_KILL, arg0, 0) != 0) {
goto failed;
}
if(seccomp_load(ctx) != 0) {
goto failed;
}
seccomp_release(ctx);
failed:
exit(-1);
}
bool bss_804b084h;
char bss_804b088h[4096];
int sub_8048f01(char *arg0, ...)
{
// Local variables.
int sum, len, wlen;
va_list args;
va_start(args, arg0);
len = vsnprintf(bss_804b088h, 4096, arg0, args);
va_end(args);
for(sum = wlen = 0; sum < len; sum += wlen) {
if((wlen = write(STDOUT_FILENO, bss_804b088h, len)) < 0) {
exit(-1);
} else if(wlen == 0) {
exit(EXIT_SUCCESS);
}
}
return len;
}
char *sub_8048f65(char *arg0)
{
int len;
for(char *itr = arg0; true; itr++) {
if((len = read(STDIN_FILENO, arg0, 1)) == 0) {
*itr = '\0';
break;
} else if(len < 0) {
break;
}
if(*itr == '\n') {
*(itr+1) = '\0';
break;
}
}
return arg0;
}
int sub_8048f9c(char *arg0)
{
if(!bss_804b084h) {
fd = open(arg0, O_RDONLY);
sub_8048eb0(SCMP_SYS(open));
if((len = read(fd, &bss_804b084h, 1023)) >= 0) {
bss_804b084h[len] = '\0';
}
close(fd);
sub_8048eb0(SCMP_SYS(close));
bss_804b084h = true;
return len;
}
return &bss_804b084h;
}
int sub_8049021()
{
// Local variables.
int money = 0;
bool ebp_2ah;
bool ebp_29h;
char ebp_28h[28];
sub_8048f01("%s%c", "Welcome to black jack!", 0xa);
ebp_29h = false;
ebp_2ah = true;
while(true) {
sub_8048f01("We've got %s%s%s%s.\n", ebp_2ah? "black jack": "", ebp_2ah && ebp_29h? " and ": "", ebp_29h? "hookers": "", !ebp_29h && !ebp_2ah? "jack shit": "");
if(money) {
sub_8048f01("You've got $%d\n", money);
} else {
sub_8048f01("You've got jack shit.\n");
}
sub_8048f01("\nwhu%snuduu%s", "duyugu", "butut?\n");
sub_8048f01("1. imma beat yo' ass.\n");
sub_8048f01("2. imma be yo' bitch.\n");
sub_8048f01("3. imma beimmaboobop.\n");
sub_8048f01("4. imma be or not 2b.\n");
switch(atoi(sub_8048f65(ebp_28h))) {
case 1:
if(!ebp_2ah) {
sub_8048f01("got no game, dis all I got:");
for(int i = 0; i < (t = atoi(ebp_28h[1])); i++) {
sub_8048f01("%c%02x", t % 16 ? ' ':'\n', ebp_28h[i]);
}
sub_8048f01("\n");
} else {
if(money == 0) {
sub_8048f01("You've got jack shit.\n");
break;
}
char u = ebp_8ch^ebp_24h^ebp_5ah^ebp_32h; // WHAT'S THIS??
if(u >= -11) {
money -= u;
sub_8048f01("deal with it.\n");
} else {
money -= u;
sub_8048f01("k\n");
sub_8048f01("what u want better game, write one for me:\n");
sub_8048f65(ebp_28h);
}
if(money >= 0x1000000) money = 0;
}
break;
case 2:
sub_8048f01("%s\n", (!ebp_29h)? (money += 10, "k"): "got one");
ebp_29h = true;
break;
case 3:
sub_8048f01("wololo\n");
money ^= (ebp_29h << 0x4) | (ebp_2ah << 0x5);
ebp_29h = !ebp_29h;
ebp_2ah = !ebp_2ah;
break;
case 4:
if(money <= 200) {
sub_8048f01("u wot m8?");
} else {
sub_8048f01("$ $ $ %d$$> ", money -= 200);
sub_8048f01(!strcmp(sub_8048f9c("../flag.txt")+25, sub_8048f65(ebp_28h))? "ding\n\n": "ring\n");
}
break;
default:
sub_8048f01("n-n-nope");
sub_8048eb0(SCMP_SYS(read));
sub_8048eb0(SCMP_SYS(write));
return 0;
}
}
}
Raw
jackshit.disasm
jackshit-277abfc0ddd476428bb6450313c58c1f: file format elf32-i386
Disassembly of section .init:
08048738 <_init>:
8048738: 53 push %ebx
8048739: 83 ec 08 sub $0x8,%esp
804873c: e8 2f 04 00 00 call 8048b70 <close@plt+0x260>
8048741: 81 c3 bf 28 00 00 add $0x28bf,%ebx
8048747: 8b 83 fc ff ff ff mov -0x4(%ebx),%eax
804874d: 85 c0 test %eax,%eax
804874f: 74 05 je 8048756 <_init+0x1e>
8048751: e8 da 00 00 00 call 8048830 <__gmon_start__@plt>
8048756: 83 c4 08 add $0x8,%esp
8048759: 5b pop %ebx
804875a: c3 ret
Disassembly of section .plt:
08048760 <setsockopt@plt-0x10>:
8048760: ff 35 04 b0 04 08 pushl 0x804b004
8048766: ff 25 08 b0 04 08 jmp *0x804b008
804876c: 00 00 add %al,(%eax)
...
08048770 <setsockopt@plt>:
8048770: ff 25 0c b0 04 08 jmp *0x804b00c
8048776: 68 00 00 00 00 push $0x0
804877b: e9 e0 ff ff ff jmp 8048760 <_init+0x28>
08048780 <getpwnam@plt>:
8048780: ff 25 10 b0 04 08 jmp *0x804b010
8048786: 68 08 00 00 00 push $0x8
804878b: e9 d0 ff ff ff jmp 8048760 <_init+0x28>
08048790 <dup2@plt>:
8048790: ff 25 14 b0 04 08 jmp *0x804b014
8048796: 68 10 00 00 00 push $0x10
804879b: e9 c0 ff ff ff jmp 8048760 <_init+0x28>
080487a0 <seccomp_init@plt>:
80487a0: ff 25 18 b0 04 08 jmp *0x804b018
80487a6: 68 18 00 00 00 push $0x18
80487ab: e9 b0 ff ff ff jmp 8048760 <_init+0x28>
080487b0 <strcmp@plt>:
80487b0: ff 25 1c b0 04 08 jmp *0x804b01c
80487b6: 68 20 00 00 00 push $0x20
80487bb: e9 a0 ff ff ff jmp 8048760 <_init+0x28>
080487c0 <setresuid@plt>:
80487c0: ff 25 20 b0 04 08 jmp *0x804b020
80487c6: 68 28 00 00 00 push $0x28
80487cb: e9 90 ff ff ff jmp 8048760 <_init+0x28>
080487d0 <read@plt>:
80487d0: ff 25 24 b0 04 08 jmp *0x804b024
80487d6: 68 30 00 00 00 push $0x30
80487db: e9 80 ff ff ff jmp 8048760 <_init+0x28>
080487e0 <seccomp_rule_add@plt>:
80487e0: ff 25 28 b0 04 08 jmp *0x804b028
80487e6: 68 38 00 00 00 push $0x38
80487eb: e9 70 ff ff ff jmp 8048760 <_init+0x28>
080487f0 <seccomp_load@plt>:
80487f0: ff 25 2c b0 04 08 jmp *0x804b02c
80487f6: 68 40 00 00 00 push $0x40
80487fb: e9 60 ff ff ff jmp 8048760 <_init+0x28>
08048800 <alarm@plt>:
8048800: ff 25 30 b0 04 08 jmp *0x804b030
8048806: 68 48 00 00 00 push $0x48
804880b: e9 50 ff ff ff jmp 8048760 <_init+0x28>
08048810 <seccomp_release@plt>:
8048810: ff 25 34 b0 04 08 jmp *0x804b034
8048816: 68 50 00 00 00 push $0x50
804881b: e9 40 ff ff ff jmp 8048760 <_init+0x28>
08048820 <accept@plt>:
8048820: ff 25 38 b0 04 08 jmp *0x804b038
8048826: 68 58 00 00 00 push $0x58
804882b: e9 30 ff ff ff jmp 8048760 <_init+0x28>
08048830 <__gmon_start__@plt>:
8048830: ff 25 3c b0 04 08 jmp *0x804b03c
8048836: 68 60 00 00 00 push $0x60
804883b: e9 20 ff ff ff jmp 8048760 <_init+0x28>
08048840 <exit@plt>:
8048840: ff 25 40 b0 04 08 jmp *0x804b040
8048846: 68 68 00 00 00 push $0x68
804884b: e9 10 ff ff ff jmp 8048760 <_init+0x28>
08048850 <open@plt>:
8048850: ff 25 44 b0 04 08 jmp *0x804b044
8048856: 68 70 00 00 00 push $0x70
804885b: e9 00 ff ff ff jmp 8048760 <_init+0x28>
08048860 <__libc_start_main@plt>:
8048860: ff 25 48 b0 04 08 jmp *0x804b048
8048866: 68 78 00 00 00 push $0x78
804886b: e9 f0 fe ff ff jmp 8048760 <_init+0x28>
08048870 <write@plt>:
8048870: ff 25 4c b0 04 08 jmp *0x804b04c
8048876: 68 80 00 00 00 push $0x80
804887b: e9 e0 fe ff ff jmp 8048760 <_init+0x28>
08048880 <bind@plt>:
8048880: ff 25 50 b0 04 08 jmp *0x804b050
8048886: 68 88 00 00 00 push $0x88
804888b: e9 d0 fe ff ff jmp 8048760 <_init+0x28>
08048890 <__vsnprintf_chk@plt>:
8048890: ff 25 54 b0 04 08 jmp *0x804b054
8048896: 68 90 00 00 00 push $0x90
804889b: e9 c0 fe ff ff jmp 8048760 <_init+0x28>
080488a0 <fork@plt>:
80488a0: ff 25 58 b0 04 08 jmp *0x804b058
80488a6: 68 98 00 00 00 push $0x98
80488ab: e9 b0 fe ff ff jmp 8048760 <_init+0x28>
080488b0 <sigemptyset@plt>:
80488b0: ff 25 5c b0 04 08 jmp *0x804b05c
80488b6: 68 a0 00 00 00 push $0xa0
80488bb: e9 a0 fe ff ff jmp 8048760 <_init+0x28>
080488c0 <listen@plt>:
80488c0: ff 25 60 b0 04 08 jmp *0x804b060
80488c6: 68 a8 00 00 00 push $0xa8
80488cb: e9 90 fe ff ff jmp 8048760 <_init+0x28>
080488d0 <atoi@plt>:
80488d0: ff 25 64 b0 04 08 jmp *0x804b064
80488d6: 68 b0 00 00 00 push $0xb0
80488db: e9 80 fe ff ff jmp 8048760 <_init+0x28>
080488e0 <socket@plt>:
80488e0: ff 25 68 b0 04 08 jmp *0x804b068
80488e6: 68 b8 00 00 00 push $0xb8
80488eb: e9 70 fe ff ff jmp 8048760 <_init+0x28>
080488f0 <setresgid@plt>:
80488f0: ff 25 6c b0 04 08 jmp *0x804b06c
80488f6: 68 c0 00 00 00 push $0xc0
80488fb: e9 60 fe ff ff jmp 8048760 <_init+0x28>
08048900 <sigaction@plt>:
8048900: ff 25 70 b0 04 08 jmp *0x804b070
8048906: 68 c8 00 00 00 push $0xc8
804890b: e9 50 fe ff ff jmp 8048760 <_init+0x28>
08048910 <close@plt>:
8048910: ff 25 74 b0 04 08 jmp *0x804b074
8048916: 68 d0 00 00 00 push $0xd0
804891b: e9 40 fe ff ff jmp 8048760 <_init+0x28>
Disassembly of section .text:
08048920 <.text>:
int main(void)
{
8048920: 8d 4c 24 04 lea 0x4(%esp),%ecx
8048924: 83 e4 f0 and $0xfffffff0,%esp
8048927: ff 71 fc pushl -0x4(%ecx)
804892a: 55 push %ebp
804892b: 89 e5 mov %esp,%ebp
804892d: 57 push %edi
804892e: 56 push %esi
804892f: 53 push %ebx
8048930: 51 push %ecx
8048931: 81 ec d4 00 00 00 sub $0xd4,%esp
// Local variables.
struct sockaddr_in ebp_b4h;
sigaction ebp_a4h;
8048937: 68 de 93 04 08 push $0x80493de
804893c: e8 3f fe ff ff call 8048780 <getpwnam@plt>
8048941: 8d bd 4c ff ff ff lea -0xb4(%ebp),%edi
passwd = getpwnam("jack");
8048947: 8b 50 08 mov 0x8(%eax),%edx
804894a: 8b 40 0c mov 0xc(%eax),%eax
804894d: 89 95 34 ff ff ff mov %edx,-0xcc(%ebp)
ebp_cch = passwd.pw_uid;
8048953: 89 85 30 ff ff ff mov %eax,-0xd0(%ebp)
ebp_d0h = passwd.pw_gid;
8048959: e8 df 02 00 00 call 8048c3d <close@plt+0x32d>
sub_8048c3d();
804895e: 83 c4 0c add $0xc,%esp
8048961: 31 c0 xor %eax,%eax
8048963: b9 04 00 00 00 mov $0x4,%ecx
8048968: f3 ab rep stos %eax,%es:(%edi)
memset(ebp_b4h, '\0', sizeof(struct sockaddr_in));
804896a: 8d bd 4c ff ff ff lea -0xb4(%ebp),%edi
8048970: 6a 06 push $0x6
8048972: 6a 01 push $0x1
8048974: 6a 02 push $0x2
8048976: 66 c7 85 4c ff ff ff movw $0x2,-0xb4(%ebp)
804897d: 02 00
ebp_b4h.sin_family = AF_INET;
804897f: 66 c7 85 4e ff ff ff movw $0x205,-0xb2(%ebp)
8048986: 05 02
ebp_b4h.sin_port = 0x205;
8048988: c7 85 44 ff ff ff 10 movl $0x10,-0xbc(%ebp)
ebp_bch = sizeof(struct sockaddr_in);
804898f: 00 00 00
8048992: e8 49 ff ff ff call 80488e0 <socket@plt>
sockfd = socket(AF_INET, SOCK_STREAM, /* TCP */ 6);
8048997: c7 04 24 9c ff ff ff movl $0xffffff9c,(%esp)
804899e: 89 c3 mov %eax,%ebx
80489a0: e8 0b 05 00 00 call 8048eb0 <close@plt+0x5a0>
80489a5: 83 c4 10 add $0x10,%esp
80489a8: 85 db test %ebx,%ebx
80489aa: 79 0a jns 80489b6 <close@plt+0xa6>
if(sockfd < 0) {
80489ac: 83 ec 0c sub $0xc,%esp
80489af: 6a ff push $0xffffffff
80489b1: e9 80 01 00 00 jmp 8048b36 <close@plt+0x226>
goto failed;
}
80489b6: 83 ec 0c sub $0xc,%esp
80489b9: 6a 04 push $0x4
80489bb: 8d 85 48 ff ff ff lea -0xb8(%ebp),%eax
80489c1: 50 push %eax
80489c2: 6a 02 push $0x2
80489c4: 6a 01 push $0x1
80489c6: 53 push %ebx
80489c7: c7 85 48 ff ff ff 01 movl $0x1,-0xb8(%ebp)
80489ce: 00 00 00
ebp_b8h = 1;
80489d1: e8 9a fd ff ff call 8048770 <setsockopt@plt>
setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &ebp_b8h, sizeof(ebp_b8h));
80489d6: 83 c4 1c add $0x1c,%esp
80489d9: ff b5 44 ff ff ff pushl -0xbc(%ebp)
80489df: 57 push %edi
80489e0: 53 push %ebx
80489e1: e8 9a fe ff ff call 8048880 <bind@plt>
80489e6: c7 04 24 9b ff ff ff movl $0xffffff9b,(%esp)
80489ed: 89 c6 mov %eax,%esi
80489ef: e8 bc 04 00 00 call 8048eb0 <close@plt+0x5a0>
80489f4: 83 c4 10 add $0x10,%esp
80489f7: 85 f6 test %esi,%esi
80489f9: 75 b1 jne 80489ac <close@plt+0x9c>
if(sub_8048eb0(-101), bind(sockfd, &ebp_b4h, ebp_bch) != 0) {
goto failed;
}
80489fb: 50 push %eax
80489fc: 50 push %eax
80489fd: 68 c8 00 00 00 push $0xc8
8048a02: 53 push %ebx
8048a03: e8 b8 fe ff ff call 80488c0 <listen@plt>
listen(sockfd, 0xc8);
8048a08: 8d b5 5c ff ff ff lea -0xa4(%ebp),%esi
8048a0e: c7 04 24 99 ff ff ff movl $0xffffff99,(%esp)
8048a15: e8 96 04 00 00 call 8048eb0 <close@plt+0x5a0>
sub_8048eb0(-103);
8048a1a: 8d 85 60 ff ff ff lea -0xa0(%ebp),%eax
8048a20: 89 04 24 mov %eax,(%esp)
8048a23: c7 85 5c ff ff ff 01 movl $0x1,-0xa4(%ebp)
8048a2a: 00 00 00
ebp_a4h.sa_handler = SIG_IGN;
8048a2d: c7 45 e0 02 00 00 00 movl $0x2,-0x20(%ebp)
ebp_20h = 2; // who are you?
8048a34: e8 77 fe ff ff call 80488b0 <sigemptyset@plt>
sigemptyset(&ebp_a4h);
8048a39: 83 c4 0c add $0xc,%esp
8048a3c: 6a 00 push $0x0
8048a3e: 56 push %esi
8048a3f: 6a 11 push $0x11
8048a41: e8 ba fe ff ff call 8048900 <sigaction@plt>
sigaction(SIGSEGV, &ebp_a4h, NULL);
8048a46: c7 04 24 ae 00 00 00 movl $0xae,(%esp)
8048a4d: e8 5e 04 00 00 call 8048eb0 <close@plt+0x5a0>
sub_8048eb0(0xae); // sigaction
while(true) {
8048a52: 83 c4 10 add $0x10,%esp
8048a55: 8d 85 44 ff ff ff lea -0xbc(%ebp),%eax
8048a5b: 56 push %esi
8048a5c: 50 push %eax
8048a5d: 57 push %edi
8048a5e: 53 push %ebx
8048a5f: e8 bc fd ff ff call 8048820 <accept@plt>
s = accept(sockfd, &ebp_b4h, &ebp_bch, &ebp_a4h) ;
8048a64: 83 c4 10 add $0x10,%esp
8048a67: 85 c0 test %eax,%eax
8048a69: 89 c6 mov %eax,%esi
8048a6b: 0f 8e ca 00 00 00 jle 8048b3b <close@plt+0x22b>
8048a71: e8 2a fe ff ff call 80488a0 <fork@plt>
8048a76: 85 c0 test %eax,%eax
8048a78: 0f 85 bd 00 00 00 jne 8048b3b <close@plt+0x22b>
if(s > 0 && fork() == 0) {
8048a7e: 83 ec 0c sub $0xc,%esp
8048a81: 6a 98 push $0xffffff98
8048a83: e8 28 04 00 00 call 8048eb0 <close@plt+0x5a0>
sub_8048eb0(-104);
8048a88: c7 04 24 66 00 00 00 movl $0x66,(%esp)
8048a8f: e8 1c 04 00 00 call 8048eb0 <close@plt+0x5a0>
sub_8048eb0(102); // socketcall
8048a94: c7 04 24 78 00 00 00 movl $0x78,(%esp)
8048a9b: e8 10 04 00 00 call 8048eb0 <close@plt+0x5a0>
sub_8048eb0(120); // clone
8048aa0: 89 1c 24 mov %ebx,(%esp)
8048aa3: e8 68 fe ff ff call 8048910 <close@plt>
close(sockfd);
8048aa8: c7 04 24 3c 00 00 00 movl $0x3c,(%esp)
8048aaf: e8 4c fd ff ff call 8048800 <alarm@plt>
alarm(0x3c);
8048ab4: c7 04 24 1b 00 00 00 movl $0x1b,(%esp)
8048abb: e8 f0 03 00 00 call 8048eb0 <close@plt+0x5a0>
sub_8048eb0(27); // alarm
8048ac0: 8b 85 34 ff ff ff mov -0xcc(%ebp),%eax
8048ac6: 83 c4 0c add $0xc,%esp
8048ac9: 50 push %eax
8048aca: 50 push %eax
8048acb: 50 push %eax
8048acc: e8 ef fc ff ff call 80487c0 <setresuid@plt>
setresuid(ebp_cch, ebp_cch, ebp_cch);
8048ad1: c7 04 24 a4 00 00 00 movl $0xa4,(%esp)
8048ad8: e8 d3 03 00 00 call 8048eb0 <close@plt+0x5a0>
sub_8048eb0(164); // setresuid
8048add: 8b 85 30 ff ff ff mov -0xd0(%ebp),%eax
8048ae3: 83 c4 0c add $0xc,%esp
8048ae6: 50 push %eax
8048ae7: 50 push %eax
8048ae8: 50 push %eax
8048ae9: e8 02 fe ff ff call 80488f0 <setresgid@plt>
setresgid(ebp_d0h, ebp_d0h, ebp_d0h);
8048aee: c7 04 24 aa 00 00 00 movl $0xaa,(%esp)
8048af5: e8 b6 03 00 00 call 8048eb0 <close@plt+0x5a0>
sub_8048eb0(170); // setresgid
8048afa: 58 pop %eax
8048afb: 5a pop %edx
8048afc: 6a 00 push $0x0
8048afe: 56 push %esi
8048aff: e8 8c fc ff ff call 8048790 <dup2@plt>
dup2(s, STDIN_FILENO);
8048b04: 59 pop %ecx
8048b05: 5b pop %ebx
8048b06: 6a 01 push $0x1
8048b08: 56 push %esi
8048b09: e8 82 fc ff ff call 8048790 <dup2@plt>
dup2(s, STDOUT_FILENO);
8048b0e: c7 04 24 3f 00 00 00 movl $0x3f,(%esp)
8048b15: e8 96 03 00 00 call 8048eb0 <close@plt+0x5a0>
sub_8048eb0(52); // dup2
8048b1a: c7 04 24 02 00 00 00 movl $0x2,(%esp)
8048b21: e8 ea fd ff ff call 8048910 <close@plt>
close(STDERR_FILENO);
8048b26: 89 34 24 mov %esi,(%esp)
8048b29: e8 e2 fd ff ff call 8048910 <close@plt>
close(s);
8048b2e: e8 ee 04 00 00 call 8049021 <close@plt+0x711>
8048b33: 89 04 24 mov %eax,(%esp)
8048b36: e8 05 fd ff ff call 8048840 <exit@plt>
exit(sub_8049021());
}
8048b3b: 83 ec 0c sub $0xc,%esp
8048b3e: 56 push %esi
8048b3f: e8 cc fd ff ff call 8048910 <close@plt>
close(s);
8048b44: e9 09 ff ff ff jmp 8048a52 <close@plt+0x142>
}
}
8048b49: 31 ed xor %ebp,%ebp
8048b4b: 5e pop %esi
8048b4c: 89 e1 mov %esp,%ecx
8048b4e: 83 e4 f0 and $0xfffffff0,%esp
8048b51: 50 push %eax
8048b52: 54 push %esp
8048b53: 52 push %edx
8048b54: 68 a0 93 04 08 push $0x80493a0
8048b59: 68 30 93 04 08 push $0x8049330
8048b5e: 51 push %ecx
8048b5f: 56 push %esi
8048b60: 68 20 89 04 08 push $0x8048920
8048b65: e8 f6 fc ff ff call 8048860 <__libc_start_main@plt>
8048b6a: f4 hlt
8048b6b: 66 90 xchg %ax,%ax
8048b6d: 66 90 xchg %ax,%ax
8048b6f: 90 nop
8048b70: 8b 1c 24 mov (%esp),%ebx
8048b73: c3 ret
8048b74: 66 90 xchg %ax,%ax
8048b76: 66 90 xchg %ax,%ax
8048b78: 66 90 xchg %ax,%ax
8048b7a: 66 90 xchg %ax,%ax
8048b7c: 66 90 xchg %ax,%ax
8048b7e: 66 90 xchg %ax,%ax
8048b80: b8 83 b0 04 08 mov $0x804b083,%eax
8048b85: 2d 80 b0 04 08 sub $0x804b080,%eax
8048b8a: 83 f8 06 cmp $0x6,%eax
8048b8d: 77 01 ja 8048b90 <close@plt+0x280>
8048b8f: c3 ret
8048b90: b8 00 00 00 00 mov $0x0,%eax
8048b95: 85 c0 test %eax,%eax
8048b97: 74 f6 je 8048b8f <close@plt+0x27f>
8048b99: 55 push %ebp
8048b9a: 89 e5 mov %esp,%ebp
8048b9c: 83 ec 18 sub $0x18,%esp
8048b9f: c7 04 24 80 b0 04 08 movl $0x804b080,(%esp)
8048ba6: ff d0 call *%eax
8048ba8: c9 leave
8048ba9: c3 ret
8048baa: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
8048bb0: b8 80 b0 04 08 mov $0x804b080,%eax
8048bb5: 2d 80 b0 04 08 sub $0x804b080,%eax
8048bba: c1 f8 02 sar $0x2,%eax
8048bbd: 89 c2 mov %eax,%edx
8048bbf: c1 ea 1f shr $0x1f,%edx
8048bc2: 01 d0 add %edx,%eax
8048bc4: d1 f8 sar %eax
8048bc6: 75 01 jne 8048bc9 <close@plt+0x2b9>
8048bc8: c3 ret
8048bc9: ba 00 00 00 00 mov $0x0,%edx
8048bce: 85 d2 test %edx,%edx
8048bd0: 74 f6 je 8048bc8 <close@plt+0x2b8>
8048bd2: 55 push %ebp
8048bd3: 89 e5 mov %esp,%ebp
8048bd5: 83 ec 18 sub $0x18,%esp
8048bd8: 89 44 24 04 mov %eax,0x4(%esp)
8048bdc: c7 04 24 80 b0 04 08 movl $0x804b080,(%esp)
8048be3: ff d2 call *%edx
8048be5: c9 leave
8048be6: c3 ret
8048be7: 89 f6 mov %esi,%esi
8048be9: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
8048bf0: 80 3d 80 b0 04 08 00 cmpb $0x0,0x804b080
8048bf7: 75 13 jne 8048c0c <close@plt+0x2fc>
8048bf9: 55 push %ebp
8048bfa: 89 e5 mov %esp,%ebp
8048bfc: 83 ec 08 sub $0x8,%esp
8048bff: e8 7c ff ff ff call 8048b80 <close@plt+0x270>
8048c04: c6 05 80 b0 04 08 01 movb $0x1,0x804b080
8048c0b: c9 leave
8048c0c: f3 c3 repz ret
8048c0e: 66 90 xchg %ax,%ax
8048c10: a1 08 af 04 08 mov 0x804af08,%eax
8048c15: 85 c0 test %eax,%eax
8048c17: 74 1f je 8048c38 <close@plt+0x328>
8048c19: b8 00 00 00 00 mov $0x0,%eax
8048c1e: 85 c0 test %eax,%eax
8048c20: 74 16 je 8048c38 <close@plt+0x328>
8048c22: 55 push %ebp
8048c23: 89 e5 mov %esp,%ebp
8048c25: 83 ec 18 sub $0x18,%esp
8048c28: c7 04 24 08 af 04 08 movl $0x804af08,(%esp)
8048c2f: ff d0 call *%eax
8048c31: c9 leave
8048c32: e9 79 ff ff ff jmp 8048bb0 <close@plt+0x2a0>
8048c37: 90 nop
8048c38: e9 73 ff ff ff jmp 8048bb0 <close@plt+0x2a0>
void sub_8048c3d()
{
8048c3d: 55 push %ebp
8048c3e: 89 e5 mov %esp,%ebp
8048c40: 57 push %edi
8048c41: 56 push %esi
8048c42: 53 push %ebx
8048c43: 83 ec 48 sub $0x48,%esp
// Local variables.
struct scmp_arg_cmp ebp_48h[];
struct scmp_arg_cmp ebp_30h[];
8048c46: 6a 00 push $0x0
8048c48: e8 53 fb ff ff call 80487a0 <seccomp_init@plt>
8048c4d: 83 c4 10 add $0x10,%esp
8048c50: 85 c0 test %eax,%eax
8048c52: 89 c3 mov %eax,%ebx
8048c54: 75 0a jne 8048c60 <close@plt+0x350>
if((ctx = seccomp_init(SCMP_ACT_KILL)) == NULL) {
8048c56: 83 ec 0c sub $0xc,%esp
8048c59: 6a ff push $0xffffffff
8048c5b: e8 e0 fb ff ff call 8048840 <exit@plt>
exit(-1);
}
8048c60: 6a 00 push $0x0
8048c62: 6a 05 push $0x5
8048c64: 68 00 00 ff 7f push $0x7fff0000
8048c69: 50 push %eax
8048c6a: e8 71 fb ff ff call 80487e0 <seccomp_rule_add@plt>
8048c6f: 83 c4 10 add $0x10,%esp
8048c72: 85 c0 test %eax,%eax
8048c74: 75 e0 jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0) != 0) {
exit(-1);
}
8048c76: 6a 00 push $0x0
8048c78: 6a 9c push $0xffffff9c
8048c7a: 68 00 00 ff 7f push $0x7fff0000
8048c7f: 53 push %ebx
8048c80: e8 5b fb ff ff call 80487e0 <seccomp_rule_add@plt>
8048c85: 83 c4 10 add $0x10,%esp
8048c88: 85 c0 test %eax,%eax
8048c8a: 75 ca jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(), 0) != 0) {
exit(-1);
}
8048c8c: 6a 00 push $0x0
8048c8e: 6a 66 push $0x66
8048c90: 68 00 00 ff 7f push $0x7fff0000
8048c95: 53 push %ebx
8048c96: e8 45 fb ff ff call 80487e0 <seccomp_rule_add@plt>
8048c9b: 83 c4 10 add $0x10,%esp
8048c9e: 85 c0 test %eax,%eax
8048ca0: 75 b4 jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socketcall), 0) != 0) {
exit(-1);
}
8048ca2: 6a 00 push $0x0
8048ca4: 6a 9b push $0xffffff9b
8048ca6: 68 00 00 ff 7f push $0x7fff0000
8048cab: 53 push %ebx
8048cac: e8 2f fb ff ff call 80487e0 <seccomp_rule_add@plt>
8048cb1: 83 c4 10 add $0x10,%esp
8048cb4: 85 c0 test %eax,%eax
8048cb6: 75 9e jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, __PNR_socket), 0) != 0) {
exit(-1);
}
8048cb8: 6a 00 push $0x0
8048cba: 6a 99 push $0xffffff99
8048cbc: 68 00 00 ff 7f push $0x7fff0000
8048cc1: 53 push %ebx
8048cc2: e8 19 fb ff ff call 80487e0 <seccomp_rule_add@plt>
8048cc7: 83 c4 10 add $0x10,%esp
8048cca: 85 c0 test %eax,%eax
8048ccc: 75 88 jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, __PNR_connect, 0) != 0) {
exit(-1);
}
8048cce: 6a 00 push $0x0
8048cd0: 68 ae 00 00 00 push $0xae
8048cd5: 68 00 00 ff 7f push $0x7fff0000
8048cda: 53 push %ebx
8048cdb: e8 00 fb ff ff call 80487e0 <seccomp_rule_add@plt>
8048ce0: 83 c4 10 add $0x10,%esp
8048ce3: 85 c0 test %eax,%eax
8048ce5: 0f 85 6b ff ff ff jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigaction), 0) != 0) {
exit(-1);
}
8048ceb: 6a 00 push $0x0
8048ced: 6a 98 push $0xffffff98
8048cef: 68 00 00 ff 7f push $0x7fff0000
8048cf4: 53 push %ebx
8048cf5: e8 e6 fa ff ff call 80487e0 <seccomp_rule_add@plt>
8048cfa: 83 c4 10 add $0x10,%esp
8048cfd: 85 c0 test %eax,%eax
8048cff: 0f 85 51 ff ff ff jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, __PNR_listen, 0) != 0) {
exit(-1);
}
8048d05: 6a 00 push $0x0
8048d07: 6a 78 push $0x78
8048d09: 68 00 00 ff 7f push $0x7fff0000
8048d0e: 53 push %ebx
8048d0f: e8 cc fa ff ff call 80487e0 <seccomp_rule_add@plt>
8048d14: 83 c4 10 add $0x10,%esp
8048d17: 85 c0 test %eax,%eax
8048d19: 0f 85 37 ff ff ff jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(clone), 0) != 0) {
exit(-1);
}
8048d1f: 6a 00 push $0x0
8048d21: 68 d0 00 00 00 push $0xd0
8048d26: 68 00 00 ff 7f push $0x7fff0000
8048d2b: 53 push %ebx
8048d2c: e8 af fa ff ff call 80487e0 <seccomp_rule_add@plt>
8048d31: 83 c4 10 add $0x10,%esp
8048d34: 85 c0 test %eax,%eax
8048d36: 0f 85 1a ff ff ff jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setresuid32), 0) != 0) {
exit(-1);
}
8048d3c: 6a 00 push $0x0
8048d3e: 68 d2 00 00 00 push $0xd2
8048d43: 68 00 00 ff 7f push $0x7fff0000
8048d48: 53 push %ebx
8048d49: e8 92 fa ff ff call 80487e0 <seccomp_rule_add@plt>
8048d4e: 83 c4 10 add $0x10,%esp
8048d51: 85 c0 test %eax,%eax
8048d53: 0f 85 fd fe ff ff jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setresgid32), 0) != 0) {
exit(-1);
}
8048d59: 6a 00 push $0x0
8048d5b: 6a 1b push $0x1b
8048d5d: 68 00 00 ff 7f push $0x7fff0000
8048d62: 53 push %ebx
8048d63: e8 78 fa ff ff call 80487e0 <seccomp_rule_add@plt>
8048d68: 83 c4 10 add $0x10,%esp
8048d6b: 85 c0 test %eax,%eax
8048d6d: 0f 85 e3 fe ff ff jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(alarm), 0) != 0) {
exit(-1);
}
8048d73: 6a 00 push $0x0
8048d75: 6a 3f push $0x3f
8048d77: 68 00 00 ff 7f push $0x7fff0000
8048d7c: 53 push %ebx
8048d7d: e8 5e fa ff ff call 80487e0 <seccomp_rule_add@plt>
8048d82: 83 c4 10 add $0x10,%esp
8048d85: 85 c0 test %eax,%eax
8048d87: 0f 85 c9 fe ff ff jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup2), 0) != 0) {
exit(-1);
}
8048d8d: 6a 00 push $0x0
8048d8f: 6a 06 push $0x6
8048d91: 68 00 00 ff 7f push $0x7fff0000
8048d96: 53 push %ebx
8048d97: e8 44 fa ff ff call 80487e0 <seccomp_rule_add@plt>
8048d9c: 83 c4 10 add $0x10,%esp
8048d9f: 85 c0 test %eax,%eax
8048da1: 0f 85 af fe ff ff jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0) != 0) {
exit(-1);
}
8048da7: 6a 00 push $0x0
8048da9: 6a 04 push $0x4
8048dab: 68 00 00 ff 7f push $0x7fff0000
8048db0: 53 push %ebx
8048db1: e8 2a fa ff ff call 80487e0 <seccomp_rule_add@plt>
8048db6: 83 c4 10 add $0x10,%esp
8048db9: 85 c0 test %eax,%eax
8048dbb: 0f 85 95 fe ff ff jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 0) != 0) {
exit(-1);
}
8048dc1: 6a 00 push $0x0
8048dc3: 6a 03 push $0x3
8048dc5: 68 00 00 ff 7f push $0x7fff0000
8048dca: 53 push %ebx
8048dcb: e8 10 fa ff ff call 80487e0 <seccomp_rule_add@plt>
8048dd0: 83 c4 10 add $0x10,%esp
8048dd3: 85 c0 test %eax,%eax
8048dd5: 0f 85 7b fe ff ff jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0) != 0) {
exit(-1);
}
8048ddb: 6a 00 push $0x0
8048ddd: 68 fc 00 00 00 push $0xfc
8048de2: 68 00 00 ff 7f push $0x7fff0000
8048de7: 53 push %ebx
8048de8: e8 f3 f9 ff ff call 80487e0 <seccomp_rule_add@plt>
8048ded: 83 c4 10 add $0x10,%esp
8048df0: 85 c0 test %eax,%eax
8048df2: 0f 85 5e fe ff ff jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit_group), 0) != 0) {
exit(-1);
}
8048df8: 8d 7d b8 lea -0x48(%ebp),%edi
8048dfb: b9 06 00 00 00 mov $0x6,%ecx
8048e00: f3 ab rep stos %eax,%es:(%edi)
memset(ebp_48h, '\0', 0x18);
8048e02: 83 ec 20 sub $0x20,%esp
8048e05: 89 e7 mov %esp,%edi
8048e07: c7 45 bc 04 00 00 00 movl $0x4,-0x44(%ebp)
8048e0e: 8d 75 b8 lea -0x48(%ebp),%esi
8048e11: c7 45 c0 26 00 00 00 movl $0x26,-0x40(%ebp)
8048e18: c7 45 c4 00 00 00 00 movl $0x0,-0x3c(%ebp)
ebp_48h = {SCMP_A0(SCMP_CMP_EQ, 0x26)};
8048e1f: b1 06 mov $0x6,%cl
8048e21: f3 a5 rep movsl %ds:(%esi),%es:(%edi)
8048e23: 6a 01 push $0x1
8048e25: 68 ac 00 00 00 push $0xac
8048e2a: 68 00 00 ff 7f push $0x7fff0000
8048e2f: 53 push %ebx
8048e30: e8 ab f9 ff ff call 80487e0 <seccomp_rule_add@plt>
8048e35: 83 c4 30 add $0x30,%esp
8048e38: 85 c0 test %eax,%eax
8048e3a: 0f 85 16 fe ff ff jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(prctl), 1, ebp_48h) != 0) {
exit(-1);
}
8048e40: 8d 7d d0 lea -0x30(%ebp),%edi
8048e43: b9 06 00 00 00 mov $0x6,%ecx
8048e48: f3 ab rep stos %eax,%es:(%edi)
memset(ebp_30h, '\0', 0x18);
8048e4a: 83 ec 20 sub $0x20,%esp
8048e4d: 89 e7 mov %esp,%edi
8048e4f: c7 45 d4 04 00 00 00 movl $0x4,-0x2c(%ebp)
8048e56: 8d 75 d0 lea -0x30(%ebp),%esi
8048e59: c7 45 d8 16 00 00 00 movl $0x16,-0x28(%ebp)
8048e60: c7 45 dc 00 00 00 00 movl $0x0,-0x24(%ebp)
ebp_30h = {SCMP_A0(SCMP_CMP_EQ, 0x16)};
8048e67: b1 06 mov $0x6,%cl
8048e69: f3 a5 rep movsl %ds:(%esi),%es:(%edi)
8048e6b: 6a 01 push $0x1
8048e6d: 68 ac 00 00 00 push $0xac
8048e72: 68 00 00 ff 7f push $0x7fff0000
8048e77: 53 push %ebx
8048e78: e8 63 f9 ff ff call 80487e0 <seccomp_rule_add@plt>
8048e7d: 83 c4 30 add $0x30,%esp
8048e80: 85 c0 test %eax,%eax
8048e82: 0f 85 ce fd ff ff jne 8048c56 <close@plt+0x346>
if(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(prctl), 1, ebp_30h) != 0) {
exit(-1);
}
8048e88: 83 ec 0c sub $0xc,%esp
8048e8b: 53 push %ebx
8048e8c: e8 5f f9 ff ff call 80487f0 <seccomp_load@plt>
8048e91: 83 c4 10 add $0x10,%esp
8048e94: 85 c0 test %eax,%eax
8048e96: 0f 85 ba fd ff ff jne 8048c56 <close@plt+0x346>
if(seccomp_load(ctx) != 0) {
exit(-1);
}
8048e9c: 83 ec 0c sub $0xc,%esp
8048e9f: 53 push %ebx
8048ea0: e8 6b f9 ff ff call 8048810 <seccomp_release@plt>
seccomp_release(ctx);
8048ea5: 83 c4 10 add $0x10,%esp
8048ea8: 8d 65 f4 lea -0xc(%ebp),%esp
8048eab: 5b pop %ebx
8048eac: 5e pop %esi
8048ead: 5f pop %edi
8048eae: 5d pop %ebp
8048eaf: c3 ret
}
void sub_8048eb0(int arg0)
{
8048eb0: 55 push %ebp
8048eb1: 89 e5 mov %esp,%ebp
8048eb3: 56 push %esi
8048eb4: 8b 75 08 mov 0x8(%ebp),%esi
8048eb7: 53 push %ebx
8048eb8: 83 ec 0c sub $0xc,%esp
8048ebb: 68 00 00 ff 7f push $0x7fff0000
8048ec0: e8 db f8 ff ff call 80487a0 <seccomp_init@plt>
ctx = seccomp_init(SCMP_ACT_ALLOW);
8048ec5: 6a 00 push $0x0
8048ec7: 56 push %esi
8048ec8: 6a 00 push $0x0
8048eca: 50 push %eax
8048ecb: 89 c3 mov %eax,%ebx
8048ecd: e8 0e f9 ff ff call 80487e0 <seccomp_rule_add@plt>
8048ed2: 83 c4 20 add $0x20,%esp
8048ed5: 85 c0 test %eax,%eax
8048ed7: 74 0a je 8048ee3 <close@plt+0x5d3>
if(seccomp_rule_add(ctx, SCMP_ACT_KILL, arg0, 0) != 0) {
8048ed9: 83 ec 0c sub $0xc,%esp
8048edc: 6a ff push $0xffffffff
8048ede: e8 5d f9 ff ff call 8048840 <exit@plt>
goto failed;
}
8048ee3: 83 ec 0c sub $0xc,%esp
8048ee6: 53 push %ebx
8048ee7: e8 04 f9 ff ff call 80487f0 <seccomp_load@plt>
8048eec: 83 c4 10 add $0x10,%esp
8048eef: 85 c0 test %eax,%eax
8048ef1: 75 e6 jne 8048ed9 <close@plt+0x5c9>
if(seccomp_load(ctx) != 0) {
goto failed;
}
8048ef3: 89 5d 08 mov %ebx,0x8(%ebp)
8048ef6: 8d 65 f8 lea -0x8(%ebp),%esp
8048ef9: 5b pop %ebx
8048efa: 5e pop %esi
8048efb: 5d pop %ebp
8048efc: e9 0f f9 ff ff jmp 8048810 <seccomp_release@plt>
seccomp_release(ctx);
}
int sub_8048f01(char *arg0, ...)
{
// Local variables.
int sum, len, wlen;
8048f01: 55 push %ebp
8048f02: 89 e5 mov %esp,%ebp
8048f04: 56 push %esi
8048f05: 31 f6 xor %esi,%esi
8048f07: 53 push %ebx
8048f08: 52 push %edx
8048f09: 52 push %edx
8048f0a: 8d 45 0c lea 0xc(%ebp),%eax
8048f0d: 50 push %eax
va_list args;
va_start(args, arg0);
8048f0e: ff 75 08 pushl 0x8(%ebp)
8048f11: 68 00 10 00 00 push $0x1000
8048f16: 6a 01 push $0x1
8048f18: 68 00 10 00 00 push $0x1000
8048f1d: 68 88 b4 04 08 push $0x804b488
8048f22: e8 69 f9 ff ff call 8048890 <__vsnprintf_chk@plt>
len = vsnprintf(bss_804b084h.offset_04h, 0x1000, arg0, args);
8048f27: 83 c4 20 add $0x20,%esp
va_end(args);
8048f2a: 89 c3 mov %eax,%ebx
for(sum = wlen = 0; sum < len; sum += wlen) {
8048f2c: 39 de cmp %ebx,%esi
8048f2e: 7d 2c jge 8048f5c <close@plt+0x64c>
8048f30: 50 push %eax
8048f31: 53 push %ebx
8048f32: 68 88 b4 04 08 push $0x804b488
8048f37: 6a 01 push $0x1
8048f39: e8 32 f9 ff ff call 8048870 <write@plt>
8048f3e: 83 c4 10 add $0x10,%esp
8048f41: 85 c0 test %eax,%eax
8048f43: 79 07 jns 8048f4c <close@plt+0x63c>
if((wlen = write(STDOUT_FILENO, bss_804b084h.offset_04h, len)) < 0) {
8048f45: 83 ec 0c sub $0xc,%esp
8048f48: 6a ff push $0xffffffff
8048f4a: eb 07 jmp 8048f53 <close@plt+0x643>
exit(-1);
8048f4c: 75 0a jne 8048f58 <close@plt+0x648>
} else if(wlen == 0) {
8048f4e: 83 ec 0c sub $0xc,%esp
8048f51: 6a 00 push $0x0
8048f53: e8 e8 f8 ff ff call 8048840 <exit@plt>
exit(EXIT_SUCCESS);
}
8048f58: 01 c6 add %eax,%esi
8048f5a: eb d0 jmp 8048f2c <close@plt+0x61c>
}
8048f5c: 8d 65 f8 lea -0x8(%ebp),%esp
8048f5f: 89 d8 mov %ebx,%eax
8048f61: 5b pop %ebx
8048f62: 5e pop %esi
8048f63: 5d pop %ebp
8048f64: c3 ret
return len;
}
sub_8048f65(char *arg0)
{
8048f65: 55 push %ebp
8048f66: 89 e5 mov %esp,%ebp
8048f68: 53 push %ebx
8048f69: 53 push %ebx
8048f6a: 8b 5d 08 mov 0x8(%ebp),%ebx
int len;
for(char *itr = arg0; true; itr += len) {
8048f6d: 51 push %ecx
8048f6e: 6a 01 push $0x1
8048f70: 53 push %ebx
8048f71: 6a 00 push $0x0
8048f73: e8 58 f8 ff ff call 80487d0 <read@plt>
8048f78: 83 c4 10 add $0x10,%esp
8048f7b: 85 c0 test %eax,%eax
8048f7d: 75 05 jne 8048f84 <close@plt+0x674>
if((len = read(STDIN_FILENO, arg0, 1)) == 0) {
8048f7f: c6 03 00 movb $0x0,(%ebx)
8048f82: eb 10 jmp 8048f94 <close@plt+0x684>
*itr = '\0';
break;
} else if(len < 0) {
8048f84: 78 0e js 8048f94 <close@plt+0x684>
break;
}
8048f86: 80 3b 0a cmpb $0xa,(%ebx)
8048f89: 75 06 jne 8048f91 <close@plt+0x681>
if(*itr == '\n') {
8048f8b: c6 43 01 00 movb $0x0,0x1(%ebx)
*itr = '\0';
8048f8f: eb 03 jmp 8048f94 <close@plt+0x684>
break;
}
8048f91: 43 inc %ebx
8048f92: eb d9 jmp 8048f6d <close@plt+0x65d>
}
8048f94: 8b 45 08 mov 0x8(%ebp),%eax
8048f97: 8b 5d fc mov -0x4(%ebp),%ebx
8048f9a: c9 leave
8048f9b: c3 ret
return arg0;
}
sub_8048f9c(char *arg0)
{
8048f9c: 83 3d 84 b4 04 08 00 cmpl $0x0,0x804b484
8048fa3: 75 76 jne 804901b <close@plt+0x70b>
if(bss_804b084h.offset_00h == 0) {
8048fa5: 55 push %ebp
8048fa6: 89 e5 mov %esp,%ebp
8048fa8: 56 push %esi
8048fa9: 53 push %ebx
8048faa: 56 push %esi
8048fab: 56 push %esi
8048fac: 6a 00 push $0x0
8048fae: ff 75 08 pushl 0x8(%ebp)
8048fb1: e8 9a f8 ff ff call 8048850 <open@plt>
fd = open(arg0, O_RDONLY);
8048fb6: c7 04 24 05 00 00 00 movl $0x5,(%esp)
8048fbd: 89 c6 mov %eax,%esi
8048fbf: e8 ec fe ff ff call 8048eb0 <close@plt+0x5a0>
sub_8048eb0(5); // open
8048fc4: 83 c4 0c add $0xc,%esp
8048fc7: 68 ff 03 00 00 push $0x3ff
8048fcc: 68 84 b0 04 08 push $0x804b084
8048fd1: 56 push %esi
8048fd2: e8 f9 f7 ff ff call 80487d0 <read@plt>
8048fd7: 83 c4 10 add $0x10,%esp
8048fda: 85 c0 test %eax,%eax
8048fdc: 89 c3 mov %eax,%ebx
8048fde: 78 07 js 8048fe7 <close@plt+0x6d7>
if((len = read(fd, &bss_804b084h, 1023)) >= 0) {
8048fe0: c6 80 84 b0 04 08 00 movb $0x0,0x804b084(%eax)
bss_804b084h[len] = '\0';
}
8048fe7: 83 ec 0c sub $0xc,%esp
8048fea: 56 push %esi
8048feb: e8 20 f9 ff ff call 8048910 <close@plt>
close(fd);
8048ff0: c7 04 24 06 00 00 00 movl $0x6,(%esp)
8048ff7: e8 b4 fe ff ff call 8048eb0 <close@plt+0x5a0>
sub_8048eb0(6); // close
8048ffc: 83 c4 10 add $0x10,%esp
8048fff: 85 db test %ebx,%ebx
8049001: c7 05 84 b4 04 08 01 movl $0x1,0x804b484
8049008: 00 00 00
bss_804b084h.offset_00h = 1;
804900b: b8 84 b0 04 08 mov $0x804b084,%eax
8049010: 79 02 jns 8049014 <close@plt+0x704>
8049012: 31 c0 xor %eax,%eax
8049014: 8d 65 f8 lea -0x8(%ebp),%esp
8049017: 5b pop %ebx
8049018: 5e pop %esi
8049019: 5d pop %ebp
804901a: c3 ret
return len;
}
804901b: b8 84 b0 04 08 mov $0x804b084,%eax
8049020: c3 ret
return &bss_804b084h;
}
int sub_8049021()
{
8049021: 55 push %ebp
8049022: 89 e5 mov %esp,%ebp
8049024: 57 push %edi
8049025: 56 push %esi
8049026: 53 push %ebx
8049027: 31 db xor %ebx,%ebx
x = 0;
8049029: 83 ec 30 sub $0x30,%esp
// Local variables.
804902c: 6a 0a push $0xa
804902e: 68 f8 93 04 08 push $0x80493f8
8049033: 68 0f 94 04 08 push $0x804940f
8049038: e8 c4 fe ff ff call 8048f01 <close@plt+0x5f1>
sub_8048f01("%s%c", "Welcome to black jack!", 0xa);
804903d: 83 c4 10 add $0x10,%esp
8049040: c6 45 d7 00 movb $0x0,-0x29(%ebp)
ebp_29h = 0;
8049044: c6 45 d6 01 movb $0x1,-0x2a(%ebp)
ebp_2ah = 1;
while(true) {
8049048: 8a 45 d6 mov -0x2a(%ebp),%al
804904b: 83 f0 01 xor $0x1,%eax
804904e: 88 45 d5 mov %al,-0x2b(%ebp)
8049051: 8a 45 d7 mov -0x29(%ebp),%al
8049054: 34 01 xor $0x1,%al
8049056: 88 45 d4 mov %al,-0x2c(%ebp)
8049059: 74 06 je 8049061 <close@plt+0x751>
804905b: 80 7d d5 00 cmpb $0x0,-0x2b(%ebp)
804905f: 75 13 jne 8049074 <close@plt+0x764>
if((ebp_2ch = ebp_29h ^ 1) == 0 || (ebp_2bh = ebp_2ah ^ 1) == 0) {
8049061: 80 7d d7 00 cmpb $0x0,-0x29(%ebp)
8049065: be f7 93 04 08 mov $0x80493f7,%esi
val0 = "";
804906a: b8 c0 93 04 08 mov $0x80493c0,%eax
804906f: 0f 44 c6 cmove %esi,%eax
val1 = (ebp_29h == '\0')? "": "hookers";
8049072: eb 0a jmp 804907e <close@plt+0x76e>
} else {
8049074: be c8 93 04 08 mov $0x80493c8,%esi
val0 = "jack shit";
8049079: b8 f7 93 04 08 mov $0x80493f7,%eax
val1 = "";
}
804907e: 0f b6 4d d7 movzbl -0x29(%ebp),%ecx
8049082: bf f7 93 04 08 mov $0x80493f7,%edi
8049087: 0f b6 55 d6 movzbl -0x2a(%ebp),%edx
804908b: 01 ca add %ecx,%edx
804908d: b9 d2 93 04 08 mov $0x80493d2,%ecx
8049092: 83 fa 02 cmp $0x2,%edx
8049095: ba d8 93 04 08 mov $0x80493d8,%edx
804909a: 0f 45 cf cmovne %edi,%ecx
val2 = (ebp_2ah + ebp_29h == 2)? " and ": "";
804909d: 80 7d d6 00 cmpb $0x0,-0x2a(%ebp)
80490a1: 0f 44 d7 cmove %edi,%edx
val3 = (ebp_2ah == '\0')? "": "black jack";
80490a4: 83 ec 0c sub $0xc,%esp
80490a7: 56 push %esi
80490a8: 50 push %eax
80490a9: 51 push %ecx
80490aa: 52 push %edx
80490ab: 68 14 94 04 08 push $0x8049414
80490b0: e8 4c fe ff ff call 8048f01 <close@plt+0x5f1>
sub_8048f01("We've got %s%s%s%s.\n", val3, val2, val1, val0);
80490b5: 83 c4 20 add $0x20,%esp
80490b8: 85 db test %ebx,%ebx
80490ba: 74 0a je 80490c6 <close@plt+0x7b6>
if(x != 0) {
80490bc: 57 push %edi
80490bd: 57 push %edi
80490be: 53 push %ebx
80490bf: 68 29 94 04 08 push $0x8049429
sub_8048f01("You've got $%d\n", x);
80490c4: eb 08 jmp 80490ce <close@plt+0x7be>
} else {
80490c6: 83 ec 0c sub $0xc,%esp
80490c9: 68 39 94 04 08 push $0x8049439
sub_8048f01("You've got jack shit.\n");
}
80490ce: e8 2e fe ff ff call 8048f01 <close@plt+0x5f1>
80490d3: 83 c4 10 add $0x10,%esp
80490d6: 56 push %esi
80490d7: 68 50 94 04 08 push $0x8049450
80490dc: 68 58 94 04 08 push $0x8049458
80490e1: 68 5f 94 04 08 push $0x804945f
80490e6: e8 16 fe ff ff call 8048f01 <close@plt+0x5f1>
sub_8048f01("\nwhu%snuduu%s", "duyugu", "butut?\n");
80490eb: c7 04 24 6d 94 04 08 movl $0x804946d,(%esp)
80490f2: e8 0a fe ff ff call 8048f01 <close@plt+0x5f1>
sub_8048f01("1. imma beat yo' ass.\n");
80490f7: c7 04 24 84 94 04 08 movl $0x8049484,(%esp)
80490fe: e8 fe fd ff ff call 8048f01 <close@plt+0x5f1>
sub_8048f01("2. imma be yo' bitch.\n");
8049103: c7 04 24 9b 94 04 08 movl $0x804949b,(%esp)
804910a: e8 f2 fd ff ff call 8048f01 <close@plt+0x5f1>
sub_8048f01("3. imma beimmaboobop.\n");
804910f: c7 04 24 b2 94 04 08 movl $0x80494b2,(%esp)
8049116: e8 e6 fd ff ff call 8048f01 <close@plt+0x5f1>
sub_8048f01("4. imma be or not 2b.\n");
804911b: 8d 45 d8 lea -0x28(%ebp),%eax
804911e: 89 04 24 mov %eax,(%esp)
8049121: e8 3f fe ff ff call 8048f65 <close@plt+0x655>
8049126: 89 04 24 mov %eax,(%esp)
8049129: e8 a2 f7 ff ff call 80488d0 <atoi@plt>
804912e: 83 c4 10 add $0x10,%esp
8049131: 83 f8 02 cmp $0x2,%eax
8049134: 0f 84 f3 00 00 00 je 804922d <close@plt+0x91d>
804913a: 7f 08 jg 8049144 <close@plt+0x834>
804913c: 48 dec %eax
804913d: 74 1c je 804915b <close@plt+0x84b>
804913f: e9 b1 01 00 00 jmp 80492f5 <close@plt+0x9e5>
8049144: 83 f8 03 cmp $0x3,%eax
8049147: 0f 84 0c 01 00 00 je 8049259 <close@plt+0x949>
804914d: 83 f8 04 cmp $0x4,%eax
8049150: 0f 84 36 01 00 00 je 804928c <close@plt+0x97c>
8049156: e9 9a 01 00 00 jmp 80492f5 <close@plt+0x9e5>
804915b: 80 7d d6 00 cmpb $0x0,-0x2a(%ebp)
804915f: 75 58 jne 80491b9 <close@plt+0x8a9>
switch(atoi(sub_8048f65(ebp_28h))) {
case 0:
8049161: 83 ec 0c sub $0xc,%esp
8049164: 31 ff xor %edi,%edi
8049166: 68 c9 94 04 08 push $0x80494c9
804916b: e8 91 fd ff ff call 8048f01 <close@plt+0x5f1>
sub_8048f01("got no game, dis all I got:");
8049170: 8d 45 d9 lea -0x27(%ebp),%eax
8049173: 89 04 24 mov %eax,(%esp)
8049176: e8 55 f7 ff ff call 80488d0 <atoi@plt>
804917b: 83 c4 10 add $0x10,%esp
804917e: 89 c6 mov %eax,%esi
for(int i = 0; i < atoi(ebp_27h); i++) {
8049180: 39 f7 cmp %esi,%edi
8049182: 7d 28 jge 80491ac <close@plt+0x89c>
8049184: 89 f8 mov %edi,%eax
8049186: 0f b6 54 2f d8 movzbl -0x28(%edi,%ebp,1),%edx
804918b: 83 e0 0f and $0xf,%eax
804918e: 83 f8 01 cmp $0x1,%eax
8049191: 19 c0 sbb %eax,%eax
8049193: 47 inc %edi
8049194: 51 push %ecx
8049195: 83 e0 ea and $0xffffffea,%eax
8049198: 52 push %edx
8049199: 83 c0 20 add $0x20,%eax
804919c: 50 push %eax
804919d: 68 e5 94 04 08 push $0x80494e5
80491a2: e8 5a fd ff ff call 8048f01 <close@plt+0x5f1>
sub_8048f01("%c%02x", (((eax & 0xf == 0)? -1: 0)&0xffffffea)+0x20, ebp_28h[i]);
80491a7: 83 c4 10 add $0x10,%esp
80491aa: eb d4 jmp 8049180 <close@plt+0x870>
}
80491ac: 83 ec 0c sub $0xc,%esp
80491af: 68 f6 93 04 08 push $0x80493f6
80491b4: e9 2f 01 00 00 jmp 80492e8 <close@plt+0x9d8>
sub_8048f01("\n");
continue;
case 1:
80491b9: 85 db test %ebx,%ebx
80491bb: 75 0d jne 80491ca <close@plt+0x8ba>
if(x == 0) {
80491bd: 83 ec 0c sub $0xc,%esp
80491c0: 68 39 94 04 08 push $0x8049439
80491c5: e9 1e 01 00 00 jmp 80492e8 <close@plt+0x9d8>
sub_8048f01("You've got jack shit.\n");
continue;
}
80491ca: 8a 85 74 ff ff ff mov -0x8c(%ebp),%al
80491d0: 33 45 dc xor -0x24(%ebp),%eax
80491d3: 32 45 a6 xor -0x5a(%ebp),%al
80491d6: 32 45 ce xor -0x32(%ebp),%al
80491d9: 3c f7 cmp $0xf7,%al
80491db: 0f be f0 movsbl %al,%esi
80491de: 7c 11 jl 80491f1 <close@plt+0x8e1>
if(ebp_8ch^ebp_24h^ebp_5ah^ebp_32h >= 0xf7) {
80491e0: 83 ec 0c sub $0xc,%esp
80491e3: 29 f3 sub %esi,%ebx
80491e5: 68 ec 94 04 08 push $0x80494ec
80491ea: e8 12 fd ff ff call 8048f01 <close@plt+0x5f1>
sub_8048f01("deal with it.\n");
80491ef: eb 26 jmp 8049217 <close@plt+0x907>
} else {
80491f1: 83 ec 0c sub $0xc,%esp
80491f4: 29 f3 sub %esi,%ebx
80491f6: 68 fb 94 04 08 push $0x80494fb
80491fb: e8 01 fd ff ff call 8048f01 <close@plt+0x5f1>
sub_8048f01("k\n");
8049200: c7 04 24 fe 94 04 08 movl $0x80494fe,(%esp)
8049207: e8 f5 fc ff ff call 8048f01 <close@plt+0x5f1>
sub_8048f01("what u want better game, write one for me:\n");
804920c: 8d 45 d8 lea -0x28(%ebp),%eax
804920f: 89 04 24 mov %eax,(%esp)
8049212: e8 4e fd ff ff call 8048f65 <close@plt+0x655>
sub_8048f65(ebp_28h);
}
8049217: 83 c4 10 add $0x10,%esp
804921a: b8 00 00 00 00 mov $0x0,%eax
804921f: 81 fb 00 00 00 01 cmp $0x1000000,%ebx
8049225: 0f 43 d8 cmovae %eax,%ebx
x = (x >= 0x1000000)? 0: x;
8049228: e9 1b fe ff ff jmp 8049048 <close@plt+0x738>
continue;
case 2:
804922d: 80 7d d7 00 cmpb $0x0,-0x29(%ebp)
8049231: b8 e3 93 04 08 mov $0x80493e3,%eax
8049236: 75 08 jne 8049240 <close@plt+0x930>
8049238: 83 c3 0a add $0xa,%ebx
804923b: b8 e1 93 04 08 mov $0x80493e1,%eax
8049240: 56 push %esi
8049241: 56 push %esi
8049242: 50 push %eax
8049243: 68 2a 95 04 08 push $0x804952a
8049248: e8 b4 fc ff ff call 8048f01 <close@plt+0x5f1>
sub_8048f01("%s\n", (ebp_29h == '\0')? "k": "got one");
804924d: 83 c4 10 add $0x10,%esp
8049250: c6 45 d7 01 movb $0x1,-0x29(%ebp)
ebp_29h = 1;
8049254: e9 ef fd ff ff jmp 8049048 <close@plt+0x738>
continue;
case 3:
8049259: 83 ec 0c sub $0xc,%esp
804925c: 68 2e 95 04 08 push $0x804952e
8049261: e8 9b fc ff ff call 8048f01 <close@plt+0x5f1>
sub_8048f01("wololo\n");
8049266: 0f b6 45 d7 movzbl -0x29(%ebp),%eax
804926a: 83 c4 10 add $0x10,%esp
804926d: 0f b6 55 d6 movzbl -0x2a(%ebp),%edx
8049271: c1 e0 04 shl $0x4,%eax
8049274: c1 e2 05 shl $0x5,%edx
8049277: 09 d0 or %edx,%eax
8049279: 31 c3 xor %eax,%ebx
x ^= (ebp_29h << 0x4) | (ebp_2ah << 0x5);
804927b: 8a 45 d4 mov -0x2c(%ebp),%al
804927e: 88 45 d7 mov %al,-0x29(%ebp)
ebp_29h = ebp_2ch;
8049281: 8a 45 d5 mov -0x2b(%ebp),%al
8049284: 88 45 d6 mov %al,-0x2a(%ebp)
ebp_2ah = ebp_2bh;
8049287: e9 bc fd ff ff jmp 8049048 <close@plt+0x738>
continue;
case 4:
804928c: 81 fb c7 00 00 00 cmp $0xc7,%ebx
8049292: 77 0a ja 804929e <close@plt+0x98e>
if(x <= 200) {
8049294: 83 ec 0c sub $0xc,%esp
8049297: 68 36 95 04 08 push $0x8049536
sub_8048f01("u wot m8?");
804929c: eb 4a jmp 80492e8 <close@plt+0x9d8>
} else {
804929e: 57 push %edi
804929f: 81 eb c8 00 00 00 sub $0xc8,%ebx
80492a5: 57 push %edi
80492a6: 53 push %ebx
80492a7: 68 40 95 04 08 push $0x8049540
80492ac: e8 50 fc ff ff call 8048f01 <close@plt+0x5f1>
sub_8048f01("$ $ $ %d$$> ", x - 0xc8);
80492b1: 8d 45 d8 lea -0x28(%ebp),%eax
80492b4: 89 04 24 mov %eax,(%esp)
80492b7: e8 a9 fc ff ff call 8048f65 <close@plt+0x655>
80492bc: c7 04 24 4d 95 04 08 movl $0x804954d,(%esp)
80492c3: 89 c6 mov %eax,%esi
80492c5: e8 d2 fc ff ff call 8048f9c <close@plt+0x68c>
80492ca: 5a pop %edx
80492cb: 59 pop %ecx
80492cc: 56 push %esi
80492cd: 83 c0 19 add $0x19,%eax
80492d0: 50 push %eax
80492d1: e8 da f4 ff ff call 80487b0 <strcmp@plt>
80492d6: ba eb 93 04 08 mov $0x80493eb,%edx
80492db: 85 c0 test %eax,%eax
80492dd: b8 f1 93 04 08 mov $0x80493f1,%eax
80492e2: 0f 44 d0 cmove %eax,%edx
80492e5: 89 14 24 mov %edx,(%esp)
sub_8048f01(strcmp(sub_8048f9c("../flag.txt")+0x19, sub_8048f65(&ebp_28h)) == 0? "ding\n\n": "ring\n");
}
80492e8: e8 14 fc ff ff call 8048f01 <close@plt+0x5f1>
80492ed: 83 c4 10 add $0x10,%esp
80492f0: e9 53 fd ff ff jmp 8049048 <close@plt+0x738>
default:
}
break;
}
80492f5: 83 ec 0c sub $0xc,%esp
80492f8: 68 58 95 04 08 push $0x8049558
80492fd: e8 ff fb ff ff call 8048f01 <close@plt+0x5f1>
sub_8048f01("n-n-nope");
8049302: c7 04 24 03 00 00 00 movl $0x3,(%esp)
8049309: e8 a2 fb ff ff call 8048eb0 <close@plt+0x5a0>
sub_8048eb0(3);
804930e: c7 04 24 04 00 00 00 movl $0x4,(%esp)
8049315: e8 96 fb ff ff call 8048eb0 <close@plt+0x5a0>
sub_8048eb0(4);
804931a: 8d 65 f4 lea -0xc(%ebp),%esp
804931d: 31 c0 xor %eax,%eax
804931f: 5b pop %ebx
8049320: 5e pop %esi
8049321: 5f pop %edi
8049322: 5d pop %ebp
8049323: c3 ret
return 0;
}
8049324: 66 90 xchg %ax,%ax
8049326: 66 90 xchg %ax,%ax
8049328: 66 90 xchg %ax,%ax
804932a: 66 90 xchg %ax,%ax
804932c: 66 90 xchg %ax,%ax
804932e: 66 90 xchg %ax,%ax
8049330: 55 push %ebp
8049331: 57 push %edi
8049332: 31 ff xor %edi,%edi
8049334: 56 push %esi
8049335: 53 push %ebx
8049336: e8 35 f8 ff ff call 8048b70 <close@plt+0x260>
804933b: 81 c3 c5 1c 00 00 add $0x1cc5,%ebx
8049341: 83 ec 1c sub $0x1c,%esp
8049344: 8b 6c 24 30 mov 0x30(%esp),%ebp
8049348: 8d b3 04 ff ff ff lea -0xfc(%ebx),%esi
804934e: e8 e5 f3 ff ff call 8048738 <_init>
8049353: 8d 83 00 ff ff ff lea -0x100(%ebx),%eax
8049359: 29 c6 sub %eax,%esi
804935b: c1 fe 02 sar $0x2,%esi
804935e: 85 f6 test %esi,%esi
8049360: 74 27 je 8049389 <close@plt+0xa79>
8049362: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
8049368: 8b 44 24 38 mov 0x38(%esp),%eax
804936c: 89 2c 24 mov %ebp,(%esp)
804936f: 89 44 24 08 mov %eax,0x8(%esp)
8049373: 8b 44 24 34 mov 0x34(%esp),%eax
8049377: 89 44 24 04 mov %eax,0x4(%esp)
804937b: ff 94 bb 00 ff ff ff call *-0x100(%ebx,%edi,4)
8049382: 83 c7 01 add $0x1,%edi
8049385: 39 f7 cmp %esi,%edi
8049387: 75 df jne 8049368 <close@plt+0xa58>
8049389: 83 c4 1c add $0x1c,%esp
804938c: 5b pop %ebx
804938d: 5e pop %esi
804938e: 5f pop %edi
804938f: 5d pop %ebp
8049390: c3 ret
8049391: eb 0d jmp 80493a0 <close@plt+0xa90>
8049393: 90 nop
8049394: 90 nop
8049395: 90 nop
8049396: 90 nop
8049397: 90 nop
8049398: 90 nop
8049399: 90 nop
804939a: 90 nop
804939b: 90 nop
804939c: 90 nop
804939d: 90 nop
804939e: 90 nop
804939f: 90 nop
80493a0: f3 c3 repz ret
Disassembly of section .fini:
080493a4 <_fini>:
80493a4: 53 push %ebx
80493a5: 83 ec 08 sub $0x8,%esp
80493a8: e8 c3 f7 ff ff call 8048b70 <close@plt+0x260>
80493ad: 81 c3 53 1c 00 00 add $0x1c53,%ebx
80493b3: 83 c4 08 add $0x8,%esp
80493b6: 5b pop %ebx
80493b7: c3 ret
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment