Skip to content

Instantly share code, notes, and snippets.

@hhc0null

hhc0null/cryptoserv.c

Created April 18, 2015 17:34
Show Gist options
  • Save hhc0null/bca2eeabdab93df39f0d to your computer and use it in GitHub Desktop.
Save hhc0null/bca2eeabdab93df39f0d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cryptoserv.c
void reset_vm()
{
for(ebp_04h = 0; ebp_04h < 0x10; ebp_04h++) {
bss_804abc0h[ebp_04h] = 0;
}
bss_804ac00h = 0;
}
int opcode_valid(arg_0, arg_4)
{
if(arg_0[0] > 0xc) {
return 0;
}
if(arg_0[1] > 0xf) {
return 0;
}
if(arg_0[2] > 0xf) {
return 0;
}
if(arg_0[3] > 0xf) {
return 0;
}
if((arg_0[0] == '\n' || arg_0[0] == '\x0b') && arg_0[4] >= arg_4)) {
return 0;
}
if(arg_0[0] == '\t') {
if(arg_0[2] + bss_804abc0h[arg_0[3]] > 0xf) {
return 0;
}
}
return 1;
}
int run_vm(arg_0, arg_4, arg_8)
{
for(ebp_0ch = 0; ebp_0ch < 0x1000; ebp_0ch++) {
if(opcode_valid(arg_4[bss_804ac00h], arg_8) == 0) {
sendstr(arg_0, "Invalid instruction\n");
return -1;
}
if(bss_804ac00h >= arg_8) {
sendstr("Invalid instruction pointer\n");
return -1;
}
ebp_10h = arg_4[bss_804ac00h];
switch(*ebp_10h) {
case 0:
bss_804abc0h[ebp_10h[1]] = bss_804abc0h[ebp_10h[2]];
bss_804ac00h += 1;
break;
case 1:
bss_804abc0h[ebp_10h[1]] = ebp_10h[4];
bss_804ac00h += 1;
break;
case 2:
bss_804abc0h[ebp_10h[1]] = bss_804abc0h[ebp_10h[2]] + bss_804abc0h[ebp_10h[3]]
bss_804ac00h += 1;
break;
case 3:
bss_804abc0h[ebp_10h[1]] = bss_804abc0h[ebp_10h[2]] & bss_804abc0h[ebp_10h[3]]
case 4:
bss_804abc0h[ebp_10h[1]] = bss_804abc0h[ebp_10h[2]] | bss_804abc0h[ebp_10h[3]]
bss_804ac00h += 1;
break;
case 5:
bss_804abc0h[ebp_10h[1]] = bss_804abc0h[ebp_10h[2]] ^ bss_804abc0h[ebp_10h[3]]
bss_804ac00h += 1;
break;
case 6:
bss_804abc0h[ebp_10h[1]] = ~bss_804abc0h[ebp_10h[2]]
bss_804ac00h += 1;
break;
case 7:
bss_804abc0h[ebp_10h[1]] = bss_804abc0h[ebp_10h[2]] >> ebp_10h[4];
bss_804ac00h += 1;
break;
case 8:
bss_804abc0h[ebp_10h[1]] = bss_804abc0h[ebp_10h[2]] << ebp_10h[4];
bss_804ac00h += 1;
break;
case 9:
bss_804abc0h[ebp_10h[1]] = bss_804abc0h[ebp_10h[3]] + ebp_10h[2];
bss_804ac00h += 1;
break;
case 10:
if(bss_804abc0h[ebp_10h[2]] == bss_804abc0h[ebp_10h[3]]) {
bss_804ac00h = ebp_10h->offset_04h;
break;
}
bss_804ac00h += 1;
break;
case 11:
if(bss_804abc0h[ebp_10h[2]] < bss_804abc0h[ebp_10h[3]]) {
bss_804ac00h = ebp_10h->offset_04h;
break;
}
break;
case 12:
return 0;
defalut:
sendstr("Invalid opcode");
return -3;
}
}
sendstr(arg_0, "Timed out\n");
return -1;
}
int encipher_block(arg0, arg_4, arg_8, arg_c, arg_10, arg_14, arg_18)
{
// Local variables.
ebp_0ch = 0;
reset_vm();
bss_804abc0h[0] = arg_10->offset_00h;
bss_804abc0h[1] = arg_10->offset_04h;
bss_804abc0h[2] = arg_14->offset_00h;
bss_804abc0h[3] = arg_14->offset_04h;
bss_804abc0h[4] = arg_18->offset_00h;
bss_804abc0h[5] = arg_18->offset_04h;
bss_804abc0h[6] = arg_18->offset_08h;
bss_804abc0h[7] = arg_18->offset_0ch;
ebp_0ch = run_vm(arg_0, arg_4, arg_8);
if(ebp_0ch < 0) {
return ebp_0ch;
}
arg_c->offset_00h = bss_804abc0h[0];
arg_c->offset_00h = bss_804abc0h[1];
return ebp_0ch;
}
int encipher(arg_0, arg_4, arg_8)
{
// Local variables.
ebp_10h = 0;
ebp_1ch = arg_4[0x8];
ebp_18h = arg_4[0xc];
ebp_14h = arg_4[4]/8 + arg4[4]? 1: 0;
for(ebp_0ch = 0; ebp_0ch < ebp_14h; ebp_0ch++) {
ebp_24h = arg_4[ebp_0ch*2+0x204];
ebp_20h = arg_4[ebp_0ch*2+1];
ebp_10h = encipher_block(arg_0, &arg_4[0x10], &arg_8[ebp_0ch*8], ebp_1ch, ebp_24h, data_804ab78h);
if(ebp_10 < 0) {
return ebp_10h;
}
ebp_1ch = arg_8[ebp_0ch*8];
ebp_18h = arg_8[ebp_0ch*8+4]
}
return 0;
}
void handle(int arg_0)
{
// Local variables.
ebp_1828h;
ebp_18h;
ebp_14h;
ebp_10h;
ebp_0ch;
memset(ebp_1828h, '\0', 0x1810);
recvlen(arg_0, &ebp_1828h->offset_00h, 0x8);
recvlen(arg_0, &ebp_1828->offset_04h, 0x8);
if(ebp_1828h->offse_00h > 0x100 || ebp_1828h->offset_00h == 0 || ebp_1828h->offset_04h > 0x1000 || ebp_1828h->offset_04h == 0) {
sendstr(arg_0, "Invalid length\n");
return -1;
}
recvlen(arg_0, &ebp_1828h->ebp_10h, ebp_1828h[0]*8);
recvlen(arg_0, &ebp_1828h[0x810], ebp_1828h->offset_04h);
ebp_10h = (-ebp_1828h->offset_04h)&0x7;
ebp_14h = ebp_1828h->offset_04h + ebp_10h;
ebp_18h = calloc(ebp_14h, 1);
if(ebp_18h == NULL) {
sendstr(arg_0, "Alloc failure\n");
return -1;
}
ebp_0ch = encipher(arg_0, &ebp_1828h->offset_00h, ebp_18h);
if(ebp_0ch < 0) {
return ebp_0ch;
}
sendlen(arg_0, ebp_18h, ebp_14h);
free(ebp_18h);
return ebp_0ch;
}
int drop_privs(char *arg_0)
{
ebp_0ch = getpwnam(arg_0);
if(ebp_0ch == NULL) {
fprintf(stderr, "User %s not found\n", arg_0);
return 1;
}
if(chdir(ebp_0chl.pw_dir) != 0) {
perror("chdir");
return 1;
}
if(setgid(ebp_0ch.pw_gid) != 0) {
perror("setgid");
return 1;
}
if(setuid(ebp_0ch.pw_uid) != 0) {
perror("setuid");
return 1;
}
return 0;
}
int recvlen(int arg_0, char *arg_4, size_t arg_8) {
// Local variables.
int ebp_10h
int ebp_0ch;
for(ebp_0ch = 0; ebp_0ch < ebp_10h;) {
ebp_10h = recv(arg_0, &arg_4[ebp_0ch], arg_8-ebp_0ch);
if(ebp_10h == -1) {
if((*__errno_location() != 0xb && *__errno_location() != 0x4)) {
return -1;
}
} else {
if(ebp_10h == 0) break;
ebp_0ch += ebp_10h;
}
}
return ebp_0ch;
}
int sendlen(int arg_0, char *arg_4, size_t arg_8)
{
// Local variables.
int ebp_10h;
int ebp_0ch;
for(ebp_0ch = 0; ebp_0ch < ebp_10h;) {
ebp_10h = send(arg_0, &arg_4[ebp_0ch], arg_8-ebp_0ch);
if(ebp_10h == -1) {
if((*__errno_location() != 0xb && *__errno_location() != 0x4)) {
return -1;
}
} else {
ebp_0ch += ebp_10h;
}
}
return ebp_0ch;
}
void sendstr(arg_0, arg_4)
{
sendlen(arg0, strlen(arg1));
}
int main()
{
// initialized.
handle();
}
Raw
cryptoserv.disas
cryptoserv_redacted_2023c925bef7a45a177122b18662b19f.elf: file format elf32-i386
Disassembly of section .init:
080486c0 <_init>:
80486c0: 55 push %ebp
80486c1: 89 e5 mov %esp,%ebp
80486c3: 53 push %ebx
80486c4: 83 ec 04 sub $0x4,%esp
80486c7: e8 00 00 00 00 call 80486cc <_init+0xc>
80486cc: 5b pop %ebx
80486cd: 81 c3 28 24 00 00 add $0x2428,%ebx
80486d3: 8b 93 fc ff ff ff mov -0x4(%ebx),%edx
80486d9: 85 d2 test %edx,%edx
80486db: 74 05 je 80486e2 <_init+0x22>
80486dd: e8 de 00 00 00 call 80487c0 <__gmon_start__@plt>
80486e2: 58 pop %eax
80486e3: 5b pop %ebx
80486e4: c9 leave
80486e5: c3 ret
Disassembly of section .plt:
080486f0 <setsockopt@plt-0x10>:
80486f0: ff 35 f8 aa 04 08 pushl 0x804aaf8
80486f6: ff 25 fc aa 04 08 jmp *0x804aafc
80486fc: 00 00 add %al,(%eax)
...
08048700 <setsockopt@plt>:
8048700: ff 25 00 ab 04 08 jmp *0x804ab00
8048706: 68 00 00 00 00 push $0x0
804870b: e9 e0 ff ff ff jmp 80486f0 <_init+0x30>
08048710 <getpwnam@plt>:
8048710: ff 25 04 ab 04 08 jmp *0x804ab04
8048716: 68 08 00 00 00 push $0x8
804871b: e9 d0 ff ff ff jmp 80486f0 <_init+0x30>
08048720 <_exit@plt>:
8048720: ff 25 08 ab 04 08 jmp *0x804ab08
8048726: 68 10 00 00 00 push $0x10
804872b: e9 c0 ff ff ff jmp 80486f0 <_init+0x30>
08048730 <free@plt>:
8048730: ff 25 0c ab 04 08 jmp *0x804ab0c
8048736: 68 18 00 00 00 push $0x18
804873b: e9 b0 ff ff ff jmp 80486f0 <_init+0x30>
08048740 <chdir@plt>:
8048740: ff 25 10 ab 04 08 jmp *0x804ab10
8048746: 68 20 00 00 00 push $0x20
804874b: e9 a0 ff ff ff jmp 80486f0 <_init+0x30>
08048750 <alarm@plt>:
8048750: ff 25 14 ab 04 08 jmp *0x804ab14
8048756: 68 28 00 00 00 push $0x28
804875b: e9 90 ff ff ff jmp 80486f0 <_init+0x30>
08048760 <htons@plt>:
8048760: ff 25 18 ab 04 08 jmp *0x804ab18
8048766: 68 30 00 00 00 push $0x30
804876b: e9 80 ff ff ff jmp 80486f0 <_init+0x30>
08048770 <perror@plt>:
8048770: ff 25 1c ab 04 08 jmp *0x804ab1c
8048776: 68 38 00 00 00 push $0x38
804877b: e9 70 ff ff ff jmp 80486f0 <_init+0x30>
08048780 <accept@plt>:
8048780: ff 25 20 ab 04 08 jmp *0x804ab20
8048786: 68 40 00 00 00 push $0x40
804878b: e9 60 ff ff ff jmp 80486f0 <_init+0x30>
08048790 <fwrite@plt>:
8048790: ff 25 24 ab 04 08 jmp *0x804ab24
8048796: 68 48 00 00 00 push $0x48
804879b: e9 50 ff ff ff jmp 80486f0 <_init+0x30>
080487a0 <setgid@plt>:
80487a0: ff 25 28 ab 04 08 jmp *0x804ab28
80487a6: 68 50 00 00 00 push $0x50
80487ab: e9 40 ff ff ff jmp 80486f0 <_init+0x30>
080487b0 <__sysv_signal@plt>:
80487b0: ff 25 2c ab 04 08 jmp *0x804ab2c
80487b6: 68 58 00 00 00 push $0x58
80487bb: e9 30 ff ff ff jmp 80486f0 <_init+0x30>
080487c0 <__gmon_start__@plt>:
80487c0: ff 25 30 ab 04 08 jmp *0x804ab30
80487c6: 68 60 00 00 00 push $0x60
80487cb: e9 20 ff ff ff jmp 80486f0 <_init+0x30>
080487d0 <strlen@plt>:
80487d0: ff 25 34 ab 04 08 jmp *0x804ab34
80487d6: 68 68 00 00 00 push $0x68
80487db: e9 10 ff ff ff jmp 80486f0 <_init+0x30>
080487e0 <__libc_start_main@plt>:
80487e0: ff 25 38 ab 04 08 jmp *0x804ab38
80487e6: 68 70 00 00 00 push $0x70
80487eb: e9 00 ff ff ff jmp 80486f0 <_init+0x30>
080487f0 <fprintf@plt>:
80487f0: ff 25 3c ab 04 08 jmp *0x804ab3c
80487f6: 68 78 00 00 00 push $0x78
80487fb: e9 f0 fe ff ff jmp 80486f0 <_init+0x30>
08048800 <bind@plt>:
8048800: ff 25 40 ab 04 08 jmp *0x804ab40
8048806: 68 80 00 00 00 push $0x80
804880b: e9 e0 fe ff ff jmp 80486f0 <_init+0x30>
08048810 <memset@plt>:
8048810: ff 25 44 ab 04 08 jmp *0x804ab44
8048816: 68 88 00 00 00 push $0x88
804881b: e9 d0 fe ff ff jmp 80486f0 <_init+0x30>
08048820 <__errno_location@plt>:
8048820: ff 25 48 ab 04 08 jmp *0x804ab48
8048826: 68 90 00 00 00 push $0x90
804882b: e9 c0 fe ff ff jmp 80486f0 <_init+0x30>
08048830 <fork@plt>:
8048830: ff 25 4c ab 04 08 jmp *0x804ab4c
8048836: 68 98 00 00 00 push $0x98
804883b: e9 b0 fe ff ff jmp 80486f0 <_init+0x30>
08048840 <htonl@plt>:
8048840: ff 25 50 ab 04 08 jmp *0x804ab50
8048846: 68 a0 00 00 00 push $0xa0
804884b: e9 a0 fe ff ff jmp 80486f0 <_init+0x30>
08048850 <listen@plt>:
8048850: ff 25 54 ab 04 08 jmp *0x804ab54
8048856: 68 a8 00 00 00 push $0xa8
804885b: e9 90 fe ff ff jmp 80486f0 <_init+0x30>
08048860 <setuid@plt>:
8048860: ff 25 58 ab 04 08 jmp *0x804ab58
8048866: 68 b0 00 00 00 push $0xb0
804886b: e9 80 fe ff ff jmp 80486f0 <_init+0x30>
08048870 <socket@plt>:
8048870: ff 25 5c ab 04 08 jmp *0x804ab5c
8048876: 68 b8 00 00 00 push $0xb8
804887b: e9 70 fe ff ff jmp 80486f0 <_init+0x30>
08048880 <recv@plt>:
8048880: ff 25 60 ab 04 08 jmp *0x804ab60
8048886: 68 c0 00 00 00 push $0xc0
804888b: e9 60 fe ff ff jmp 80486f0 <_init+0x30>
08048890 <close@plt>:
8048890: ff 25 64 ab 04 08 jmp *0x804ab64
8048896: 68 c8 00 00 00 push $0xc8
804889b: e9 50 fe ff ff jmp 80486f0 <_init+0x30>
080488a0 <send@plt>:
80488a0: ff 25 68 ab 04 08 jmp *0x804ab68
80488a6: 68 d0 00 00 00 push $0xd0
80488ab: e9 40 fe ff ff jmp 80486f0 <_init+0x30>
080488b0 <calloc@plt>:
80488b0: ff 25 6c ab 04 08 jmp *0x804ab6c
80488b6: 68 d8 00 00 00 push $0xd8
80488bb: e9 30 fe ff ff jmp 80486f0 <_init+0x30>
Disassembly of section .text:
080488c0 <_start>:
80488c0: 31 ed xor %ebp,%ebp
80488c2: 5e pop %esi
80488c3: 89 e1 mov %esp,%ecx
80488c5: 83 e4 f0 and $0xfffffff0,%esp
80488c8: 50 push %eax
80488c9: 54 push %esp
80488ca: 52 push %edx
80488cb: 68 20 96 04 08 push $0x8049620
80488d0: 68 30 96 04 08 push $0x8049630
80488d5: 51 push %ecx
80488d6: 56 push %esi
80488d7: 68 af 93 04 08 push $0x80493af
80488dc: e8 ff fe ff ff call 80487e0 <__libc_start_main@plt>
80488e1: f4 hlt
80488e2: 90 nop
80488e3: 90 nop
80488e4: 90 nop
80488e5: 90 nop
80488e6: 90 nop
80488e7: 90 nop
80488e8: 90 nop
80488e9: 90 nop
80488ea: 90 nop
80488eb: 90 nop
80488ec: 90 nop
80488ed: 90 nop
80488ee: 90 nop
80488ef: 90 nop
080488f0 <deregister_tm_clones>:
80488f0: b8 8b ab 04 08 mov $0x804ab8b,%eax
80488f5: 2d 88 ab 04 08 sub $0x804ab88,%eax
80488fa: 83 f8 06 cmp $0x6,%eax
80488fd: 77 02 ja 8048901 <deregister_tm_clones+0x11>
80488ff: f3 c3 repz ret
8048901: b8 00 00 00 00 mov $0x0,%eax
8048906: 85 c0 test %eax,%eax
8048908: 74 f5 je 80488ff <deregister_tm_clones+0xf>
804890a: 55 push %ebp
804890b: 89 e5 mov %esp,%ebp
804890d: 83 ec 18 sub $0x18,%esp
8048910: c7 04 24 88 ab 04 08 movl $0x804ab88,(%esp)
8048917: ff d0 call *%eax
8048919: c9 leave
804891a: c3 ret
804891b: 90 nop
804891c: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
08048920 <register_tm_clones>:
8048920: b8 88 ab 04 08 mov $0x804ab88,%eax
8048925: 2d 88 ab 04 08 sub $0x804ab88,%eax
804892a: c1 f8 02 sar $0x2,%eax
804892d: 89 c2 mov %eax,%edx
804892f: c1 ea 1f shr $0x1f,%edx
8048932: 01 d0 add %edx,%eax
8048934: d1 f8 sar %eax
8048936: 75 02 jne 804893a <register_tm_clones+0x1a>
8048938: f3 c3 repz ret
804893a: ba 00 00 00 00 mov $0x0,%edx
804893f: 85 d2 test %edx,%edx
8048941: 74 f5 je 8048938 <register_tm_clones+0x18>
8048943: 55 push %ebp
8048944: 89 e5 mov %esp,%ebp
8048946: 83 ec 18 sub $0x18,%esp
8048949: 89 44 24 04 mov %eax,0x4(%esp)
804894d: c7 04 24 88 ab 04 08 movl $0x804ab88,(%esp)
8048954: ff d2 call *%edx
8048956: c9 leave
8048957: c3 ret
8048958: 90 nop
8048959: 8d b4 26 00 00 00 00 lea 0x0(%esi,%eiz,1),%esi
08048960 <__do_global_dtors_aux>:
8048960: 80 3d a4 ab 04 08 00 cmpb $0x0,0x804aba4
8048967: 75 13 jne 804897c <__do_global_dtors_aux+0x1c>
8048969: 55 push %ebp
804896a: 89 e5 mov %esp,%ebp
804896c: 83 ec 08 sub $0x8,%esp
804896f: e8 7c ff ff ff call 80488f0 <deregister_tm_clones>
8048974: c6 05 a4 ab 04 08 01 movb $0x1,0x804aba4
804897b: c9 leave
804897c: f3 c3 repz ret
804897e: 66 90 xchg %ax,%ax
08048980 <frame_dummy>:
8048980: a1 fc a9 04 08 mov 0x804a9fc,%eax
8048985: 85 c0 test %eax,%eax
8048987: 74 1e je 80489a7 <frame_dummy+0x27>
8048989: b8 00 00 00 00 mov $0x0,%eax
804898e: 85 c0 test %eax,%eax
8048990: 74 15 je 80489a7 <frame_dummy+0x27>
8048992: 55 push %ebp
8048993: 89 e5 mov %esp,%ebp
8048995: 83 ec 18 sub $0x18,%esp
8048998: c7 04 24 fc a9 04 08 movl $0x804a9fc,(%esp)
804899f: ff d0 call *%eax
80489a1: c9 leave
80489a2: e9 79 ff ff ff jmp 8048920 <register_tm_clones>
80489a7: e9 74 ff ff ff jmp 8048920 <register_tm_clones>
080489ac <reset_vm>:
void reset_vm()
{
80489ac: 55 push %ebp
80489ad: 89 e5 mov %esp,%ebp
80489af: 83 ec 10 sub $0x10,%esp
80489b2: c7 45 fc 00 00 00 00 movl $0x0,-0x4(%ebp)
80489b9: eb 12 jmp 80489cd <reset_vm+0x21>
for(ebp_04h = 0; ebp_04h < 0x10; ebp_04h++) {
80489bb: 8b 45 fc mov -0x4(%ebp),%eax
80489be: c7 04 85 c0 ab 04 08 movl $0x0,0x804abc0(,%eax,4)
80489c5: 00 00 00 00
bss_804abc0h[ebp_04h] = 0;
80489c9: 83 45 fc 01 addl $0x1,-0x4(%ebp)
80489cd: 83 7d fc 0f cmpl $0xf,-0x4(%ebp)
80489d1: 7e e8 jle 80489bb <reset_vm+0xf>
}
80489d3: c7 05 00 ac 04 08 00 movl $0x0,0x804ac00
80489da: 00 00 00
bss_804ac00h = 0;
80489dd: c9 leave
80489de: c3 ret
}
080489df <opcode_valid>:
int opcode_valid(arg_0, arg_4)
{
80489df: 55 push %ebp
80489e0: 89 e5 mov %esp,%ebp
80489e2: 8b 45 08 mov 0x8(%ebp),%eax
80489e5: 0f b6 00 movzbl (%eax),%eax
80489e8: 3c 0c cmp $0xc,%al
80489ea: 76 0a jbe 80489f6 <opcode_valid+0x17>
if(arg_0[0] > 0xc) {
80489ec: b8 00 00 00 00 mov $0x0,%eax
return 0;
80489f1: e9 86 00 00 00 jmp 8048a7c <opcode_valid+0x9d>
}
80489f6: 8b 45 08 mov 0x8(%ebp),%eax
80489f9: 0f b6 40 01 movzbl 0x1(%eax),%eax
80489fd: 3c 0f cmp $0xf,%al
80489ff: 77 16 ja 8048a17 <opcode_valid+0x38>
if(arg_0[1] > 0xf) {
return 0;
}
8048a01: 8b 45 08 mov 0x8(%ebp),%eax
8048a04: 0f b6 40 02 movzbl 0x2(%eax),%eax
8048a08: 3c 0f cmp $0xf,%al
8048a0a: 77 0b ja 8048a17 <opcode_valid+0x38>
if(arg_0[2] > 0xf) {
return 0;
}
8048a0c: 8b 45 08 mov 0x8(%ebp),%eax
8048a0f: 0f b6 40 03 movzbl 0x3(%eax),%eax
8048a13: 3c 0f cmp $0xf,%al
8048a15: 76 07 jbe 8048a1e <opcode_valid+0x3f>
if(arg_0[3] > 0xf) {
8048a17: b8 00 00 00 00 mov $0x0,%eax
8048a1c: eb 5e jmp 8048a7c <opcode_valid+0x9d>
return 0;
}
8048a1e: 8b 45 08 mov 0x8(%ebp),%eax
8048a21: 0f b6 00 movzbl (%eax),%eax
8048a24: 3c 0a cmp $0xa,%al
8048a26: 74 0a je 8048a32 <opcode_valid+0x53>
8048a28: 8b 45 08 mov 0x8(%ebp),%eax
8048a2b: 0f b6 00 movzbl (%eax),%eax
8048a2e: 3c 0b cmp $0xb,%al
8048a30: 75 12 jne 8048a44 <opcode_valid+0x65>
8048a32: 8b 45 08 mov 0x8(%ebp),%eax
8048a35: 8b 40 04 mov 0x4(%eax),%eax
8048a38: 3b 45 0c cmp 0xc(%ebp),%eax
8048a3b: 72 07 jb 8048a44 <opcode_valid+0x65>
if((arg_0[0] == '\n' || arg_0[0] == '\x0b') && arg_0[4] >= arg_4)) {
8048a3d: b8 00 00 00 00 mov $0x0,%eax
8048a42: eb 38 jmp 8048a7c <opcode_valid+0x9d>
return 0;
}
8048a44: 8b 45 08 mov 0x8(%ebp),%eax
8048a47: 0f b6 00 movzbl (%eax),%eax
8048a4a: 3c 09 cmp $0x9,%al
8048a4c: 75 29 jne 8048a77 <opcode_valid+0x98>
if(arg_0[0] == '\t') {
8048a4e: 8b 45 08 mov 0x8(%ebp),%eax
8048a51: 0f b6 40 02 movzbl 0x2(%eax),%eax
8048a55: 0f b6 d0 movzbl %al,%edx
8048a58: 8b 45 08 mov 0x8(%ebp),%eax
8048a5b: 0f b6 40 03 movzbl 0x3(%eax),%eax
8048a5f: 0f b6 c0 movzbl %al,%eax
8048a62: 8b 04 85 c0 ab 04 08 mov 0x804abc0(,%eax,4),%eax
8048a69: 01 d0 add %edx,%eax
8048a6b: 83 f8 0f cmp $0xf,%eax
8048a6e: 76 07 jbe 8048a77 <opcode_valid+0x98>
if(arg_0[2] + bss_804abc0h[arg_0[3]] > 0xf) {
8048a70: b8 00 00 00 00 mov $0x0,%eax
8048a75: eb 05 jmp 8048a7c <opcode_valid+0x9d>
return 0;
}
}
8048a77: b8 01 00 00 00 mov $0x1,%eax
return 1;
8048a7c: 5d pop %ebp
8048a7d: c3 ret
}
08048a7e <run_vm>:
int run_vm(arg_0, arg_4, arg_8)
{
8048a7e: 55 push %ebp
8048a7f: 89 e5 mov %esp,%ebp
8048a81: 56 push %esi
8048a82: 53 push %ebx
8048a83: 83 ec 20 sub $0x20,%esp
8048a86: c7 45 f4 00 00 00 00 movl $0x0,-0xc(%ebp)
8048a8d: e9 ba 03 00 00 jmp 8048e4c <run_vm+0x3ce>
for(ebp_0ch = 0; ebp_0ch < 0x1000; ebp_0ch++) {
8048a92: a1 00 ac 04 08 mov 0x804ac00,%eax
8048a97: 8d 14 c5 00 00 00 00 lea 0x0(,%eax,8),%edx
8048a9e: 8b 45 0c mov 0xc(%ebp),%eax
8048aa1: 01 c2 add %eax,%edx
8048aa3: 8b 45 10 mov 0x10(%ebp),%eax
8048aa6: 89 44 24 04 mov %eax,0x4(%esp)
8048aaa: 89 14 24 mov %edx,(%esp)
8048aad: e8 2d ff ff ff call 80489df <opcode_valid>
8048ab2: 85 c0 test %eax,%eax
8048ab4: 75 1d jne 8048ad3 <run_vm+0x55>
if(opcode_valid(arg_4[bss_804ac00h], arg_8) == 0) {
8048ab6: c7 44 24 04 b0 96 04 movl $0x80496b0,0x4(%esp)
8048abd: 08
8048abe: 8b 45 08 mov 0x8(%ebp),%eax
8048ac1: 89 04 24 mov %eax,(%esp)
8048ac4: e8 bd 08 00 00 call 8049386 <sendstr>
sendstr(arg_0, "Invalid instruction\n");
8048ac9: b8 ff ff ff ff mov $0xffffffff,%eax
8048ace: e9 9e 03 00 00 jmp 8048e71 <run_vm+0x3f3>
return -1;
}
8048ad3: a1 00 ac 04 08 mov 0x804ac00,%eax
8048ad8: 3b 45 10 cmp 0x10(%ebp),%eax
8048adb: 72 1d jb 8048afa <run_vm+0x7c>
if(bss_804ac00h >= arg_8) {
8048add: c7 44 24 04 c5 96 04 movl $0x80496c5,0x4(%esp)
8048ae4: 08
8048ae5: 8b 45 08 mov 0x8(%ebp),%eax
8048ae8: 89 04 24 mov %eax,(%esp)
8048aeb: e8 96 08 00 00 call 8049386 <sendstr>
sendstr("Invalid instruction pointer\n");
8048af0: b8 fe ff ff ff mov $0xfffffffe,%eax
8048af5: e9 77 03 00 00 jmp 8048e71 <run_vm+0x3f3>
return -1;
}
8048afa: a1 00 ac 04 08 mov 0x804ac00,%eax
8048aff: 8d 14 c5 00 00 00 00 lea 0x0(,%eax,8),%edx
8048b06: 8b 45 0c mov 0xc(%ebp),%eax
8048b09: 01 d0 add %edx,%eax
8048b0b: 89 45 f0 mov %eax,-0x10(%ebp)
ebp_10h = arg_4[bss_804ac00h];
8048b0e: 8b 45 f0 mov -0x10(%ebp),%eax
8048b11: 0f b6 00 movzbl (%eax),%eax
8048b14: 0f b6 c0 movzbl %al,%eax
8048b17: 83 f8 0c cmp $0xc,%eax
8048b1a: 0f 87 0e 03 00 00 ja 8048e2e <run_vm+0x3b0>
8048b20: 8b 04 85 00 97 04 08 mov 0x8049700(,%eax,4),%eax
8048b27: ff e0 jmp *%eax
switch(*ebp_10h) {
case 0:
8048b29: 8b 45 f0 mov -0x10(%ebp),%eax
8048b2c: 0f b6 40 01 movzbl 0x1(%eax),%eax
8048b30: 0f b6 c0 movzbl %al,%eax
8048b33: 8b 55 f0 mov -0x10(%ebp),%edx
8048b36: 0f b6 52 02 movzbl 0x2(%edx),%edx
8048b3a: 0f b6 d2 movzbl %dl,%edx
8048b3d: 8b 14 95 c0 ab 04 08 mov 0x804abc0(,%edx,4),%edx
8048b44: 89 14 85 c0 ab 04 08 mov %edx,0x804abc0(,%eax,4)
bss_804abc0h[ebp_10h[1]] = bss_804abc0h[ebp_10h[2]];
8048b4b: a1 00 ac 04 08 mov 0x804ac00,%eax
8048b50: 83 c0 01 add $0x1,%eax
8048b53: a3 00 ac 04 08 mov %eax,0x804ac00
bss_804ac00h += 1;
8048b58: e9 eb 02 00 00 jmp 8048e48 <run_vm+0x3ca>
break;
case 1:
8048b5d: 8b 45 f0 mov -0x10(%ebp),%eax
8048b60: 0f b6 40 01 movzbl 0x1(%eax),%eax
8048b64: 0f b6 c0 movzbl %al,%eax
8048b67: 8b 55 f0 mov -0x10(%ebp),%edx
8048b6a: 8b 52 04 mov 0x4(%edx),%edx
8048b6d: 89 14 85 c0 ab 04 08 mov %edx,0x804abc0(,%eax,4)
bss_804abc0h[ebp_10h[1]] = ebp_10h[4];
8048b74: a1 00 ac 04 08 mov 0x804ac00,%eax
8048b79: 83 c0 01 add $0x1,%eax
8048b7c: a3 00 ac 04 08 mov %eax,0x804ac00
bss_804ac00h += 1;
8048b81: e9 c2 02 00 00 jmp 8048e48 <run_vm+0x3ca>
break;
case 2:
8048b86: 8b 45 f0 mov -0x10(%ebp),%eax
8048b89: 0f b6 40 01 movzbl 0x1(%eax),%eax
8048b8d: 0f b6 c0 movzbl %al,%eax
8048b90: 8b 55 f0 mov -0x10(%ebp),%edx
8048b93: 0f b6 52 02 movzbl 0x2(%edx),%edx
8048b97: 0f b6 d2 movzbl %dl,%edx
8048b9a: 8b 0c 95 c0 ab 04 08 mov 0x804abc0(,%edx,4),%ecx
8048ba1: 8b 55 f0 mov -0x10(%ebp),%edx
8048ba4: 0f b6 52 03 movzbl 0x3(%edx),%edx
8048ba8: 0f b6 d2 movzbl %dl,%edx
8048bab: 8b 14 95 c0 ab 04 08 mov 0x804abc0(,%edx,4),%edx
8048bb2: 01 ca add %ecx,%edx
8048bb4: 89 14 85 c0 ab 04 08 mov %edx,0x804abc0(,%eax,4)
bss_804abc0h[ebp_10h[1]] = bss_804abc0h[ebp_10h[2]] + bss_804abc0h[ebp_10h[3]]
8048bbb: a1 00 ac 04 08 mov 0x804ac00,%eax
8048bc0: 83 c0 01 add $0x1,%eax
8048bc3: a3 00 ac 04 08 mov %eax,0x804ac00
bss_804ac00h += 1;
8048bc8: e9 7b 02 00 00 jmp 8048e48 <run_vm+0x3ca>
break;
case 3:
8048bcd: 8b 45 f0 mov -0x10(%ebp),%eax
8048bd0: 0f b6 40 01 movzbl 0x1(%eax),%eax
8048bd4: 0f b6 c0 movzbl %al,%eax
8048bd7: 8b 55 f0 mov -0x10(%ebp),%edx
8048bda: 0f b6 52 02 movzbl 0x2(%edx),%edx
8048bde: 0f b6 d2 movzbl %dl,%edx
8048be1: 8b 0c 95 c0 ab 04 08 mov 0x804abc0(,%edx,4),%ecx
8048be8: 8b 55 f0 mov -0x10(%ebp),%edx
8048beb: 0f b6 52 03 movzbl 0x3(%edx),%edx
8048bef: 0f b6 d2 movzbl %dl,%edx
8048bf2: 8b 14 95 c0 ab 04 08 mov 0x804abc0(,%edx,4),%edx
8048bf9: 21 ca and %ecx,%edx
8048bfb: 89 14 85 c0 ab 04 08 mov %edx,0x804abc0(,%eax,4)
bss_804abc0h[ebp_10h[1]] = bss_804abc0h[ebp_10h[2]] & bss_804abc0h[ebp_10h[3]]
8048c02: a1 00 ac 04 08 mov 0x804ac00,%eax
8048c07: 83 c0 01 add $0x1,%eax
8048c0a: a3 00 ac 04 08 mov %eax,0x804ac00
8048c0f: e9 34 02 00 00 jmp 8048e48 <run_vm+0x3ca>
case 4:
8048c14: 8b 45 f0 mov -0x10(%ebp),%eax
8048c17: 0f b6 40 01 movzbl 0x1(%eax),%eax
8048c1b: 0f b6 c0 movzbl %al,%eax
8048c1e: 8b 55 f0 mov -0x10(%ebp),%edx
8048c21: 0f b6 52 02 movzbl 0x2(%edx),%edx
8048c25: 0f b6 d2 movzbl %dl,%edx
8048c28: 8b 0c 95 c0 ab 04 08 mov 0x804abc0(,%edx,4),%ecx
8048c2f: 8b 55 f0 mov -0x10(%ebp),%edx
8048c32: 0f b6 52 03 movzbl 0x3(%edx),%edx
8048c36: 0f b6 d2 movzbl %dl,%edx
8048c39: 8b 14 95 c0 ab 04 08 mov 0x804abc0(,%edx,4),%edx
8048c40: 09 ca or %ecx,%edx
8048c42: 89 14 85 c0 ab 04 08 mov %edx,0x804abc0(,%eax,4)
bss_804abc0h[ebp_10h[1]] = bss_804abc0h[ebp_10h[2]] | bss_804abc0h[ebp_10h[3]]
8048c49: a1 00 ac 04 08 mov 0x804ac00,%eax
8048c4e: 83 c0 01 add $0x1,%eax
8048c51: a3 00 ac 04 08 mov %eax,0x804ac00
bss_804ac00h += 1;
8048c56: e9 ed 01 00 00 jmp 8048e48 <run_vm+0x3ca>
break;
case 5:
8048c5b: 8b 45 f0 mov -0x10(%ebp),%eax
8048c5e: 0f b6 40 01 movzbl 0x1(%eax),%eax
8048c62: 0f b6 c0 movzbl %al,%eax
8048c65: 8b 55 f0 mov -0x10(%ebp),%edx
8048c68: 0f b6 52 02 movzbl 0x2(%edx),%edx
8048c6c: 0f b6 d2 movzbl %dl,%edx
8048c6f: 8b 0c 95 c0 ab 04 08 mov 0x804abc0(,%edx,4),%ecx
8048c76: 8b 55 f0 mov -0x10(%ebp),%edx
8048c79: 0f b6 52 03 movzbl 0x3(%edx),%edx
8048c7d: 0f b6 d2 movzbl %dl,%edx
8048c80: 8b 14 95 c0 ab 04 08 mov 0x804abc0(,%edx,4),%edx
8048c87: 31 ca xor %ecx,%edx
8048c89: 89 14 85 c0 ab 04 08 mov %edx,0x804abc0(,%eax,4)
bss_804abc0h[ebp_10h[1]] = bss_804abc0h[ebp_10h[2]] ^ bss_804abc0h[ebp_10h[3]]
8048c90: a1 00 ac 04 08 mov 0x804ac00,%eax
8048c95: 83 c0 01 add $0x1,%eax
8048c98: a3 00 ac 04 08 mov %eax,0x804ac00
bss_804ac00h += 1;
8048c9d: e9 a6 01 00 00 jmp 8048e48 <run_vm+0x3ca>
break;
case 6:
8048ca2: 8b 45 f0 mov -0x10(%ebp),%eax
8048ca5: 0f b6 40 01 movzbl 0x1(%eax),%eax
8048ca9: 0f b6 c0 movzbl %al,%eax
8048cac: 8b 55 f0 mov -0x10(%ebp),%edx
8048caf: 0f b6 52 02 movzbl 0x2(%edx),%edx
8048cb3: 0f b6 d2 movzbl %dl,%edx
8048cb6: 8b 14 95 c0 ab 04 08 mov 0x804abc0(,%edx,4),%edx
8048cbd: f7 d2 not %edx
8048cbf: 89 14 85 c0 ab 04 08 mov %edx,0x804abc0(,%eax,4)
bss_804abc0h[ebp_10h[1]] = ~bss_804abc0h[ebp_10h[2]]
8048cc6: a1 00 ac 04 08 mov 0x804ac00,%eax
8048ccb: 83 c0 01 add $0x1,%eax
8048cce: a3 00 ac 04 08 mov %eax,0x804ac00
bss_804ac00h += 1;
8048cd3: e9 70 01 00 00 jmp 8048e48 <run_vm+0x3ca>
break;
case 7:
8048cd8: 8b 45 f0 mov -0x10(%ebp),%eax
8048cdb: 0f b6 40 01 movzbl 0x1(%eax),%eax
8048cdf: 0f b6 c0 movzbl %al,%eax
8048ce2: 8b 55 f0 mov -0x10(%ebp),%edx
8048ce5: 0f b6 52 02 movzbl 0x2(%edx),%edx
8048ce9: 0f b6 d2 movzbl %dl,%edx
8048cec: 8b 1c 95 c0 ab 04 08 mov 0x804abc0(,%edx,4),%ebx
8048cf3: 8b 55 f0 mov -0x10(%ebp),%edx
8048cf6: 8b 52 04 mov 0x4(%edx),%edx
8048cf9: 89 de mov %ebx,%esi
8048cfb: 89 d1 mov %edx,%ecx
8048cfd: d3 ee shr %cl,%esi
8048cff: 89 f2 mov %esi,%edx
8048d01: 89 14 85 c0 ab 04 08 mov %edx,0x804abc0(,%eax,4)
bss_804abc0h[ebp_10h[1]] = bss_804abc0h[ebp_10h[2]] >> ebp_10h[4];
8048d08: a1 00 ac 04 08 mov 0x804ac00,%eax
8048d0d: 83 c0 01 add $0x1,%eax
8048d10: a3 00 ac 04 08 mov %eax,0x804ac00
bss_804ac00h += 1;
8048d15: e9 2e 01 00 00 jmp 8048e48 <run_vm+0x3ca>
break;
case 8:
8048d1a: 8b 45 f0 mov -0x10(%ebp),%eax
8048d1d: 0f b6 40 01 movzbl 0x1(%eax),%eax
8048d21: 0f b6 c0 movzbl %al,%eax
8048d24: 8b 55 f0 mov -0x10(%ebp),%edx
8048d27: 0f b6 52 02 movzbl 0x2(%edx),%edx
8048d2b: 0f b6 d2 movzbl %dl,%edx
8048d2e: 8b 1c 95 c0 ab 04 08 mov 0x804abc0(,%edx,4),%ebx
8048d35: 8b 55 f0 mov -0x10(%ebp),%edx
8048d38: 8b 52 04 mov 0x4(%edx),%edx
8048d3b: 89 de mov %ebx,%esi
8048d3d: 89 d1 mov %edx,%ecx
8048d3f: d3 e6 shl %cl,%esi
8048d41: 89 f2 mov %esi,%edx
8048d43: 89 14 85 c0 ab 04 08 mov %edx,0x804abc0(,%eax,4)
bss_804abc0h[ebp_10h[1]] = bss_804abc0h[ebp_10h[2]] << ebp_10h[4];
8048d4a: a1 00 ac 04 08 mov 0x804ac00,%eax
8048d4f: 83 c0 01 add $0x1,%eax
8048d52: a3 00 ac 04 08 mov %eax,0x804ac00
bss_804ac00h += 1;
8048d57: e9 ec 00 00 00 jmp 8048e48 <run_vm+0x3ca>
break;
case 9:
8048d5c: 8b 45 f0 mov -0x10(%ebp),%eax
8048d5f: 0f b6 40 01 movzbl 0x1(%eax),%eax
8048d63: 0f b6 c0 movzbl %al,%eax
8048d66: 8b 55 f0 mov -0x10(%ebp),%edx
8048d69: 0f b6 52 02 movzbl 0x2(%edx),%edx
8048d6d: 0f b6 ca movzbl %dl,%ecx
8048d70: 8b 55 f0 mov -0x10(%ebp),%edx
8048d73: 0f b6 52 03 movzbl 0x3(%edx),%edx
8048d77: 0f b6 d2 movzbl %dl,%edx
8048d7a: 8b 14 95 c0 ab 04 08 mov 0x804abc0(,%edx,4),%edx
8048d81: 01 ca add %ecx,%edx
8048d83: 8b 14 95 c0 ab 04 08 mov 0x804abc0(,%edx,4),%edx
8048d8a: 89 14 85 c0 ab 04 08 mov %edx,0x804abc0(,%eax,4)
bss_804abc0h[ebp_10h[1]] = bss_804abc0h[ebp_10h[3]] + ebp_10h[2];
8048d91: a1 00 ac 04 08 mov 0x804ac00,%eax
8048d96: 83 c0 01 add $0x1,%eax
8048d99: a3 00 ac 04 08 mov %eax,0x804ac00
bss_804ac00h += 1;
8048d9e: e9 a5 00 00 00 jmp 8048e48 <run_vm+0x3ca>
break;
case 10:
8048da3: 8b 45 f0 mov -0x10(%ebp),%eax
8048da6: 0f b6 40 02 movzbl 0x2(%eax),%eax
8048daa: 0f b6 c0 movzbl %al,%eax
8048dad: 8b 14 85 c0 ab 04 08 mov 0x804abc0(,%eax,4),%edx
8048db4: 8b 45 f0 mov -0x10(%ebp),%eax
8048db7: 0f b6 40 03 movzbl 0x3(%eax),%eax
8048dbb: 0f b6 c0 movzbl %al,%eax
8048dbe: 8b 04 85 c0 ab 04 08 mov 0x804abc0(,%eax,4),%eax
8048dc5: 39 c2 cmp %eax,%edx
8048dc7: 75 0d jne 8048dd6 <run_vm+0x358>
if(bss_804abc0h[ebp_10h[2]] == bss_804abc0h[ebp_10h[3]]) {
8048dc9: 8b 45 f0 mov -0x10(%ebp),%eax
8048dcc: 8b 40 04 mov 0x4(%eax),%eax
8048dcf: a3 00 ac 04 08 mov %eax,0x804ac00
bss_804ac00h = ebp_10h->offset_04h;
8048dd4: eb 72 jmp 8048e48 <run_vm+0x3ca>
break;
}
8048dd6: a1 00 ac 04 08 mov 0x804ac00,%eax
8048ddb: 83 c0 01 add $0x1,%eax
bss_804ac00h += 1;
8048dde: a3 00 ac 04 08 mov %eax,0x804ac00
8048de3: eb 63 jmp 8048e48 <run_vm+0x3ca>
break;
case 11:
8048de5: 8b 45 f0 mov -0x10(%ebp),%eax
8048de8: 0f b6 40 02 movzbl 0x2(%eax),%eax
8048dec: 0f b6 c0 movzbl %al,%eax
8048def: 8b 14 85 c0 ab 04 08 mov 0x804abc0(,%eax,4),%edx
8048df6: 8b 45 f0 mov -0x10(%ebp),%eax
8048df9: 0f b6 40 03 movzbl 0x3(%eax),%eax
8048dfd: 0f b6 c0 movzbl %al,%eax
8048e00: 8b 04 85 c0 ab 04 08 mov 0x804abc0(,%eax,4),%eax
8048e07: 39 c2 cmp %eax,%edx
8048e09: 73 0d jae 8048e18 <run_vm+0x39a>
if(bss_804abc0h[ebp_10h[2]] < bss_804abc0h[ebp_10h[3]]) {
8048e0b: 8b 45 f0 mov -0x10(%ebp),%eax
8048e0e: 8b 40 04 mov 0x4(%eax),%eax
8048e11: a3 00 ac 04 08 mov %eax,0x804ac00
bss_804ac00h = ebp_10h->offset_04h;
8048e16: eb 30 jmp 8048e48 <run_vm+0x3ca>
break;
}
8048e18: a1 00 ac 04 08 mov 0x804ac00,%eax
8048e1d: 83 c0 01 add $0x1,%eax
8048e20: a3 00 ac 04 08 mov %eax,0x804ac00
8048e25: eb 21 jmp 8048e48 <run_vm+0x3ca>
break;
case 12:
8048e27: b8 00 00 00 00 mov $0x0,%eax
8048e2c: eb 43 jmp 8048e71 <run_vm+0x3f3>
return 0;
defalut:
8048e2e: c7 44 24 04 e2 96 04 movl $0x80496e2,0x4(%esp)
8048e35: 08
8048e36: 8b 45 08 mov 0x8(%ebp),%eax
8048e39: 89 04 24 mov %eax,(%esp)
8048e3c: e8 45 05 00 00 call 8049386 <sendstr>
sendstr("Invalid opcode");
8048e41: b8 fd ff ff ff mov $0xfffffffd,%eax
8048e46: eb 29 jmp 8048e71 <run_vm+0x3f3>
return -3;
}
8048e48: 83 45 f4 01 addl $0x1,-0xc(%ebp)
8048e4c: 81 7d f4 ff ff 0f 00 cmpl $0xfffff,-0xc(%ebp)
8048e53: 0f 8e 39 fc ff ff jle 8048a92 <run_vm+0x14>
}
8048e59: c7 44 24 04 f2 96 04 movl $0x80496f2,0x4(%esp)
8048e60: 08
8048e61: 8b 45 08 mov 0x8(%ebp),%eax
8048e64: 89 04 24 mov %eax,(%esp)
8048e67: e8 1a 05 00 00 call 8049386 <sendstr>
sendstr(arg_0, "Timed out\n");
8048e6c: b8 fc ff ff ff mov $0xfffffffc,%eax
8048e71: 83 c4 20 add $0x20,%esp
8048e74: 5b pop %ebx
8048e75: 5e pop %esi
8048e76: 5d pop %ebp
8048e77: c3 ret
return -1;
}
08048e78 <encipher_block>:
int encipher_block(arg0, arg_4, arg_8, arg_c, arg_10, arg_14, arg_18)
{
8048e78: 55 push %ebp
8048e79: 89 e5 mov %esp,%ebp
8048e7b: 83 ec 28 sub $0x28,%esp
// Local variables.
8048e7e: c7 45 f4 00 00 00 00 movl $0x0,-0xc(%ebp)
ebp_0ch = 0;
8048e85: e8 22 fb ff ff call 80489ac <reset_vm>
reset_vm();
8048e8a: 8b 45 18 mov 0x18(%ebp),%eax
8048e8d: 8b 00 mov (%eax),%eax
8048e8f: a3 c0 ab 04 08 mov %eax,0x804abc0
bss_804abc0h[0] = arg_10->offset_00h;
8048e94: 8b 45 18 mov 0x18(%ebp),%eax
8048e97: 8b 40 04 mov 0x4(%eax),%eax
8048e9a: a3 c4 ab 04 08 mov %eax,0x804abc4
bss_804abc0h[1] = arg_10->offset_04h;
8048e9f: 8b 45 1c mov 0x1c(%ebp),%eax
8048ea2: 8b 00 mov (%eax),%eax
8048ea4: a3 c8 ab 04 08 mov %eax,0x804abc8
bss_804abc0h[2] = arg_14->offset_00h;
8048ea9: 8b 45 1c mov 0x1c(%ebp),%eax
8048eac: 8b 40 04 mov 0x4(%eax),%eax
8048eaf: a3 cc ab 04 08 mov %eax,0x804abcc
bss_804abc0h[3] = arg_14->offset_04h;
8048eb4: 8b 45 20 mov 0x20(%ebp),%eax
8048eb7: 8b 00 mov (%eax),%eax
8048eb9: a3 d0 ab 04 08 mov %eax,0x804abd0
bss_804abc0h[4] = arg_18->offset_00h;
8048ebe: 8b 45 20 mov 0x20(%ebp),%eax
8048ec1: 8b 40 04 mov 0x4(%eax),%eax
8048ec4: a3 d4 ab 04 08 mov %eax,0x804abd4
bss_804abc0h[5] = arg_18->offset_04h;
8048ec9: 8b 45 20 mov 0x20(%ebp),%eax
8048ecc: 8b 40 08 mov 0x8(%eax),%eax
8048ecf: a3 d8 ab 04 08 mov %eax,0x804abd8
bss_804abc0h[6] = arg_18->offset_08h;
8048ed4: 8b 45 20 mov 0x20(%ebp),%eax
8048ed7: 8b 40 0c mov 0xc(%eax),%eax
8048eda: a3 dc ab 04 08 mov %eax,0x804abdc
bss_804abc0h[7] = arg_18->offset_0ch;
8048edf: 8b 45 10 mov 0x10(%ebp),%eax
8048ee2: 89 44 24 08 mov %eax,0x8(%esp)
8048ee6: 8b 45 0c mov 0xc(%ebp),%eax
8048ee9: 89 44 24 04 mov %eax,0x4(%esp)
8048eed: 8b 45 08 mov 0x8(%ebp),%eax
8048ef0: 89 04 24 mov %eax,(%esp)
8048ef3: e8 86 fb ff ff call 8048a7e <run_vm>
8048ef8: 89 45 f4 mov %eax,-0xc(%ebp)
ebp_0ch = run_vm(arg_0, arg_4, arg_8);
8048efb: 83 7d f4 00 cmpl $0x0,-0xc(%ebp)
8048eff: 79 05 jns 8048f06 <encipher_block+0x8e>
if(ebp_0ch < 0) {
8048f01: 8b 45 f4 mov -0xc(%ebp),%eax
8048f04: eb 1b jmp 8048f21 <encipher_block+0xa9>
return ebp_0ch;
}
8048f06: 8b 15 c0 ab 04 08 mov 0x804abc0,%edx
8048f0c: 8b 45 14 mov 0x14(%ebp),%eax
8048f0f: 89 10 mov %edx,(%eax)
arg_c->offset_00h = bss_804abc0h[0];
8048f11: 8b 45 14 mov 0x14(%ebp),%eax
8048f14: 8d 50 04 lea 0x4(%eax),%edx
8048f17: a1 c4 ab 04 08 mov 0x804abc4,%eax
8048f1c: 89 02 mov %eax,(%edx)
arg_c->offset_00h = bss_804abc0h[1];
8048f1e: 8b 45 f4 mov -0xc(%ebp),%eax
8048f21: c9 leave
8048f22: c3 ret
return ebp_0ch;
}
08048f23 <encipher>:
int encipher(arg_0, arg_4, arg_8)
{
8048f23: 55 push %ebp
8048f24: 89 e5 mov %esp,%ebp
8048f26: 53 push %ebx
8048f27: 83 ec 44 sub $0x44,%esp
// Local variables.
8048f2a: c7 45 f0 00 00 00 00 movl $0x0,-0x10(%ebp)
ebp_10h = 0;
8048f31: 8b 45 0c mov 0xc(%ebp),%eax
8048f34: 8b 40 08 mov 0x8(%eax),%eax
8048f37: 89 45 e4 mov %eax,-0x1c(%ebp)
ebp_1ch = arg_4[0x8];
8048f3a: 8b 45 0c mov 0xc(%ebp),%eax
8048f3d: 8b 40 0c mov 0xc(%eax),%eax
8048f40: 89 45 e8 mov %eax,-0x18(%ebp)
ebp_18h = arg_4[0xc];
8048f43: 8b 45 0c mov 0xc(%ebp),%eax
8048f46: 8b 40 04 mov 0x4(%eax),%eax
8048f49: 83 e0 07 and $0x7,%eax
8048f4c: 85 c0 test %eax,%eax
8048f4e: 75 0b jne 8048f5b <encipher+0x38>
8048f50: 8b 45 0c mov 0xc(%ebp),%eax
8048f53: 8b 40 04 mov 0x4(%eax),%eax
8048f56: c1 e8 03 shr $0x3,%eax
8048f59: eb 0c jmp 8048f67 <encipher+0x44>
8048f5b: 8b 45 0c mov 0xc(%ebp),%eax
8048f5e: 8b 40 04 mov 0x4(%eax),%eax
8048f61: c1 e8 03 shr $0x3,%eax
8048f64: 83 c0 01 add $0x1,%eax
ebp_14h = arg_4[4]/8 + arg4[4]? 1: 0;
8048f67: 89 45 ec mov %eax,-0x14(%ebp)
8048f6a: c7 45 f4 00 00 00 00 movl $0x0,-0xc(%ebp)
8048f71: e9 a9 00 00 00 jmp 804901f <encipher+0xfc>
for(ebp_0ch = 0; ebp_0ch < ebp_14h; ebp_0ch++) {
8048f76: 8b 45 f4 mov -0xc(%ebp),%eax
8048f79: 8d 14 00 lea (%eax,%eax,1),%edx
8048f7c: 8b 45 0c mov 0xc(%ebp),%eax
8048f7f: 81 c2 04 02 00 00 add $0x204,%edx
8048f85: 8b 04 90 mov (%eax,%edx,4),%eax
8048f88: 89 45 dc mov %eax,-0x24(%ebp)
ebp_24h = arg_4[ebp_0ch*2+0x204];
8048f8b: 8b 45 f4 mov -0xc(%ebp),%eax
8048f8e: 01 c0 add %eax,%eax
8048f90: 8d 50 01 lea 0x1(%eax),%edx
8048f93: 8b 45 0c mov 0xc(%ebp),%eax
8048f96: 81 c2 04 02 00 00 add $0x204,%edx
8048f9c: 8b 04 90 mov (%eax,%edx,4),%eax
8048f9f: 89 45 e0 mov %eax,-0x20(%ebp)
ebp_20h = arg_4[ebp_0ch*2+1];
8048fa2: 8b 45 f4 mov -0xc(%ebp),%eax
8048fa5: c1 e0 03 shl $0x3,%eax
8048fa8: 89 c2 mov %eax,%edx
8048faa: 8b 45 10 mov 0x10(%ebp),%eax
8048fad: 8d 1c 02 lea (%edx,%eax,1),%ebx
8048fb0: 8b 45 0c mov 0xc(%ebp),%eax
8048fb3: 8b 00 mov (%eax),%eax
8048fb5: 8b 55 0c mov 0xc(%ebp),%edx
8048fb8: 8d 4a 10 lea 0x10(%edx),%ecx
8048fbb: c7 44 24 18 78 ab 04 movl $0x804ab78,0x18(%esp)
8048fc2: 08
8048fc3: 8d 55 dc lea -0x24(%ebp),%edx
8048fc6: 89 54 24 14 mov %edx,0x14(%esp)
8048fca: 8d 55 e4 lea -0x1c(%ebp),%edx
8048fcd: 89 54 24 10 mov %edx,0x10(%esp)
8048fd1: 89 5c 24 0c mov %ebx,0xc(%esp)
8048fd5: 89 44 24 08 mov %eax,0x8(%esp)
8048fd9: 89 4c 24 04 mov %ecx,0x4(%esp)
8048fdd: 8b 45 08 mov 0x8(%ebp),%eax
8048fe0: 89 04 24 mov %eax,(%esp)
8048fe3: e8 90 fe ff ff call 8048e78 <encipher_block>
8048fe8: 89 45 f0 mov %eax,-0x10(%ebp)
ebp_10h = encipher_block(arg_0, &arg_4[0x10], &arg_8[ebp_0ch*8], ebp_1ch, ebp_24h, data_804ab78h);
8048feb: 83 7d f0 00 cmpl $0x0,-0x10(%ebp)
8048fef: 79 05 jns 8048ff6 <encipher+0xd3>
if(ebp_10 < 0) {
8048ff1: 8b 45 f0 mov -0x10(%ebp),%eax
8048ff4: eb 3a jmp 8049030 <encipher+0x10d>
return ebp_10h;
}
8048ff6: 8b 45 f4 mov -0xc(%ebp),%eax
8048ff9: c1 e0 03 shl $0x3,%eax
8048ffc: 89 c2 mov %eax,%edx
8048ffe: 8b 45 10 mov 0x10(%ebp),%eax
8049001: 01 d0 add %edx,%eax
8049003: 8b 00 mov (%eax),%eax
8049005: 89 45 e4 mov %eax,-0x1c(%ebp)
ebp_1ch = arg_8[ebp_0ch*8];
8049008: 8b 45 f4 mov -0xc(%ebp),%eax
804900b: c1 e0 03 shl $0x3,%eax
804900e: 8d 50 04 lea 0x4(%eax),%edx
8049011: 8b 45 10 mov 0x10(%ebp),%eax
8049014: 01 d0 add %edx,%eax
8049016: 8b 00 mov (%eax),%eax
8049018: 89 45 e8 mov %eax,-0x18(%ebp)
ebp_18h = arg_8[ebp_0ch*8+4]
804901b: 83 45 f4 01 addl $0x1,-0xc(%ebp)
804901f: 8b 45 f4 mov -0xc(%ebp),%eax
8049022: 3b 45 ec cmp -0x14(%ebp),%eax
8049025: 0f 8c 4b ff ff ff jl 8048f76 <encipher+0x53>
}
804902b: b8 00 00 00 00 mov $0x0,%eax
8049030: 83 c4 44 add $0x44,%esp
8049033: 5b pop %ebx
8049034: 5d pop %ebp
8049035: c3 ret
return 0;
}
08049036 <handle>:
void handle(int arg_0)
{
8049036: 55 push %ebp
8049037: 89 e5 mov %esp,%ebp
8049039: 81 ec 38 18 00 00 sub $0x1838,%esp
// Local variables.
ebp_1828h;
ebp_18h;
ebp_14h;
ebp_10h;
ebp_0ch;
804903f: c7 45 f4 00 00 00 00 movl $0x0,-0xc(%ebp)
8049046: c7 44 24 08 10 18 00 movl $0x1810,0x8(%esp)
804904d: 00
804904e: c7 44 24 04 00 00 00 movl $0x0,0x4(%esp)
8049055: 00
8049056: 8d 85 d8 e7 ff ff lea -0x1828(%ebp),%eax
804905c: 89 04 24 mov %eax,(%esp)
804905f: e8 ac f7 ff ff call 8048810 <memset@plt>
memset(ebp_1828h, '\0', 0x1810);
8049064: c7 44 24 08 08 00 00 movl $0x8,0x8(%esp)
804906b: 00
804906c: 8d 85 d8 e7 ff ff lea -0x1828(%ebp),%eax
8049072: 89 44 24 04 mov %eax,0x4(%esp)
8049076: 8b 45 08 mov 0x8(%ebp),%eax
8049079: 89 04 24 mov %eax,(%esp)
804907c: e8 0c 02 00 00 call 804928d <recvlen>
recvlen(arg_0, &ebp_1828h->offset_00h, 0x8);
8049081: c7 44 24 08 08 00 00 movl $0x8,0x8(%esp)
8049088: 00
8049089: 8d 85 d8 e7 ff ff lea -0x1828(%ebp),%eax
804908f: 83 c0 08 add $0x8,%eax
8049092: 89 44 24 04 mov %eax,0x4(%esp)
8049096: 8b 45 08 mov 0x8(%ebp),%eax
8049099: 89 04 24 mov %eax,(%esp)
804909c: e8 ec 01 00 00 call 804928d <recvlen>
recvlen(arg_0, &ebp_1828->offset_04h, 0x8);
80490a1: 8b 85 d8 e7 ff ff mov -0x1828(%ebp),%eax
80490a7: 3d 00 01 00 00 cmp $0x100,%eax
80490ac: 77 21 ja 80490cf <handle+0x99>
80490ae: 8b 85 d8 e7 ff ff mov -0x1828(%ebp),%eax
80490b4: 85 c0 test %eax,%eax
80490b6: 74 17 je 80490cf <handle+0x99>
80490b8: 8b 85 dc e7 ff ff mov -0x1824(%ebp),%eax
80490be: 3d 00 10 00 00 cmp $0x1000,%eax
80490c3: 77 0a ja 80490cf <handle+0x99>
80490c5: 8b 85 dc e7 ff ff mov -0x1824(%ebp),%eax
80490cb: 85 c0 test %eax,%eax
80490cd: 75 1d jne 80490ec <handle+0xb6>
if(ebp_1828h->offse_00h > 0x100 || ebp_1828h->offset_00h == 0 || ebp_1828h->offset_04h > 0x1000 || ebp_1828h->offset_04h == 0) {
80490cf: c7 44 24 04 34 97 04 movl $0x8049734,0x4(%esp)
80490d6: 08
80490d7: 8b 45 08 mov 0x8(%ebp),%eax
80490da: 89 04 24 mov %eax,(%esp)
80490dd: e8 a4 02 00 00 call 8049386 <sendstr>
sendstr(arg_0, "Invalid length\n");
80490e2: b8 ff ff ff ff mov $0xffffffff,%eax
80490e7: e9 ec 00 00 00 jmp 80491d8 <handle+0x1a2>
return -1;
}
80490ec: 8b 85 d8 e7 ff ff mov -0x1828(%ebp),%eax
80490f2: c1 e0 03 shl $0x3,%eax
80490f5: 89 44 24 08 mov %eax,0x8(%esp)
80490f9: 8d 85 d8 e7 ff ff lea -0x1828(%ebp),%eax
80490ff: 83 c0 10 add $0x10,%eax
8049102: 89 44 24 04 mov %eax,0x4(%esp)
8049106: 8b 45 08 mov 0x8(%ebp),%eax
8049109: 89 04 24 mov %eax,(%esp)
804910c: e8 7c 01 00 00 call 804928d <recvlen>
recvlen(arg_0, &ebp_1828h->ebp_10h, ebp_1828h[0]*8);
8049111: 8b 85 dc e7 ff ff mov -0x1824(%ebp),%eax
8049117: 89 44 24 08 mov %eax,0x8(%esp)
804911b: 8d 85 d8 e7 ff ff lea -0x1828(%ebp),%eax
8049121: 05 10 08 00 00 add $0x810,%eax
8049126: 89 44 24 04 mov %eax,0x4(%esp)
804912a: 8b 45 08 mov 0x8(%ebp),%eax
804912d: 89 04 24 mov %eax,(%esp)
8049130: e8 58 01 00 00 call 804928d <recvlen>
recvlen(arg_0, &ebp_1828h[0x810], ebp_1828h->offset_04h);
8049135: 8b 85 dc e7 ff ff mov -0x1824(%ebp),%eax
804913b: f7 d8 neg %eax
804913d: 83 e0 07 and $0x7,%eax
8049140: 89 45 f0 mov %eax,-0x10(%ebp)
ebp_10h = (-ebp_1828h->offset_04h)&0x7;
8049143: 8b 95 dc e7 ff ff mov -0x1824(%ebp),%edx
8049149: 8b 45 f0 mov -0x10(%ebp),%eax
804914c: 01 d0 add %edx,%eax
804914e: 89 45 ec mov %eax,-0x14(%ebp)
ebp_14h = ebp_1828h->offset_04h + ebp_10h;
8049151: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp)
8049158: 00
8049159: 8b 45 ec mov -0x14(%ebp),%eax
804915c: 89 04 24 mov %eax,(%esp)
804915f: e8 4c f7 ff ff call 80488b0 <calloc@plt>
8049164: 89 45 e8 mov %eax,-0x18(%ebp)
ebp_18h = calloc(ebp_14h, 1);
8049167: 83 7d e8 00 cmpl $0x0,-0x18(%ebp)
804916b: 75 1a jne 8049187 <handle+0x151>
if(ebp_18h == NULL) {
804916d: c7 44 24 04 44 97 04 movl $0x8049744,0x4(%esp)
8049174: 08
8049175: 8b 45 08 mov 0x8(%ebp),%eax
8049178: 89 04 24 mov %eax,(%esp)
804917b: e8 06 02 00 00 call 8049386 <sendstr>
sendstr(arg_0, "Alloc failure\n");
8049180: b8 fe ff ff ff mov $0xfffffffe,%eax
8049185: eb 51 jmp 80491d8 <handle+0x1a2>
return -1;
}
8049187: 8b 45 e8 mov -0x18(%ebp),%eax
804918a: 89 44 24 08 mov %eax,0x8(%esp)
804918e: 8d 85 d8 e7 ff ff lea -0x1828(%ebp),%eax
8049194: 89 44 24 04 mov %eax,0x4(%esp)
8049198: 8b 45 08 mov 0x8(%ebp),%eax
804919b: 89 04 24 mov %eax,(%esp)
804919e: e8 80 fd ff ff call 8048f23 <encipher>
80491a3: 89 45 f4 mov %eax,-0xc(%ebp)
ebp_0ch = encipher(arg_0, &ebp_1828h->offset_00h, ebp_18h);
80491a6: 83 7d f4 00 cmpl $0x0,-0xc(%ebp)
80491aa: 79 05 jns 80491b1 <handle+0x17b>
if(ebp_0ch < 0) {
80491ac: 8b 45 f4 mov -0xc(%ebp),%eax
80491af: eb 27 jmp 80491d8 <handle+0x1a2>
return ebp_0ch;
}
80491b1: 8b 45 ec mov -0x14(%ebp),%eax
80491b4: 89 44 24 08 mov %eax,0x8(%esp)
80491b8: 8b 45 e8 mov -0x18(%ebp),%eax
80491bb: 89 44 24 04 mov %eax,0x4(%esp)
80491bf: 8b 45 08 mov 0x8(%ebp),%eax
80491c2: 89 04 24 mov %eax,(%esp)
80491c5: e8 44 01 00 00 call 804930e <sendlen>
sendlen(arg_0, ebp_18h, ebp_14h);
80491ca: 8b 45 e8 mov -0x18(%ebp),%eax
80491cd: 89 04 24 mov %eax,(%esp)
80491d0: e8 5b f5 ff ff call 8048730 <free@plt>
free(ebp_18h);
80491d5: 8b 45 f4 mov -0xc(%ebp),%eax
80491d8: c9 leave
80491d9: c3 ret
return ebp_0ch;
}
080491da <drop_privs>:
int drop_privs(char *arg_0)
{
80491da: 55 push %ebp
80491db: 89 e5 mov %esp,%ebp
80491dd: 83 ec 28 sub $0x28,%esp
80491e0: 8b 45 08 mov 0x8(%ebp),%eax
80491e3: 89 04 24 mov %eax,(%esp)
80491e6: e8 25 f5 ff ff call 8048710 <getpwnam@plt>
80491eb: 89 45 f4 mov %eax,-0xc(%ebp)
ebp_0ch = getpwnam(arg_0);
80491ee: 83 7d f4 00 cmpl $0x0,-0xc(%ebp)
80491f2: 75 23 jne 8049217 <drop_privs+0x3d>
if(ebp_0ch == NULL) {
80491f4: a1 a0 ab 04 08 mov 0x804aba0,%eax
80491f9: 8b 55 08 mov 0x8(%ebp),%edx
80491fc: 89 54 24 08 mov %edx,0x8(%esp)
8049200: c7 44 24 04 56 97 04 movl $0x8049756,0x4(%esp)
8049207: 08
8049208: 89 04 24 mov %eax,(%esp)
804920b: e8 e0 f5 ff ff call 80487f0 <fprintf@plt>
fprintf(stderr, "User %s not found\n", arg_0);
8049210: b8 01 00 00 00 mov $0x1,%eax
8049215: eb 74 jmp 804928b <drop_privs+0xb1>
return 1;
}
8049217: 8b 45 f4 mov -0xc(%ebp),%eax
804921a: 8b 40 14 mov 0x14(%eax),%eax
804921d: 89 04 24 mov %eax,(%esp)
8049220: e8 1b f5 ff ff call 8048740 <chdir@plt>
8049225: 85 c0 test %eax,%eax
8049227: 74 13 je 804923c <drop_privs+0x62>
if(chdir(ebp_0chl.pw_dir) != 0) {
8049229: c7 04 24 69 97 04 08 movl $0x8049769,(%esp)
8049230: e8 3b f5 ff ff call 8048770 <perror@plt>
perror("chdir");
8049235: b8 01 00 00 00 mov $0x1,%eax
804923a: eb 4f jmp 804928b <drop_privs+0xb1>
return 1;
}
804923c: 8b 45 f4 mov -0xc(%ebp),%eax
804923f: 8b 40 0c mov 0xc(%eax),%eax
8049242: 89 04 24 mov %eax,(%esp)
8049245: e8 56 f5 ff ff call 80487a0 <setgid@plt>
804924a: 85 c0 test %eax,%eax
804924c: 74 13 je 8049261 <drop_privs+0x87>
if(setgid(ebp_0ch.pw_gid) != 0) {
804924e: c7 04 24 6f 97 04 08 movl $0x804976f,(%esp)
8049255: e8 16 f5 ff ff call 8048770 <perror@plt>
perror("setgid");
804925a: b8 01 00 00 00 mov $0x1,%eax
804925f: eb 2a jmp 804928b <drop_privs+0xb1>
return 1;
}
8049261: 8b 45 f4 mov -0xc(%ebp),%eax
8049264: 8b 40 08 mov 0x8(%eax),%eax
8049267: 89 04 24 mov %eax,(%esp)
804926a: e8 f1 f5 ff ff call 8048860 <setuid@plt>
804926f: 85 c0 test %eax,%eax
8049271: 74 13 je 8049286 <drop_privs+0xac>
if(setuid(ebp_0ch.pw_uid) != 0) {
8049273: c7 04 24 76 97 04 08 movl $0x8049776,(%esp)
804927a: e8 f1 f4 ff ff call 8048770 <perror@plt>
perror("setuid");
804927f: b8 01 00 00 00 mov $0x1,%eax
8049284: eb 05 jmp 804928b <drop_privs+0xb1>
return 1;
}
8049286: b8 00 00 00 00 mov $0x0,%eax
804928b: c9 leave
804928c: c3 ret
return 0;
}
0804928d <recvlen>:
int recvlen(int arg_0, char *arg_4, size_t arg_8) {
804928d: 55 push %ebp
804928e: 89 e5 mov %esp,%ebp
8049290: 83 ec 28 sub $0x28,%esp
// Local variables.
int ebp_10h
int ebp_0ch;
8049293: c7 45 f4 00 00 00 00 movl $0x0,-0xc(%ebp)
804929a: eb 62 jmp 80492fe <recvlen+0x71>
for(ebp_0ch = 0; ebp_0ch < ebp_10h;) {
804929c: 8b 45 f4 mov -0xc(%ebp),%eax
804929f: 8b 55 10 mov 0x10(%ebp),%edx
80492a2: 29 c2 sub %eax,%edx
80492a4: 8b 45 f4 mov -0xc(%ebp),%eax
80492a7: 8b 4d 0c mov 0xc(%ebp),%ecx
80492aa: 01 c8 add %ecx,%eax
80492ac: c7 44 24 0c 00 00 00 movl $0x0,0xc(%esp)
80492b3: 00
80492b4: 89 54 24 08 mov %edx,0x8(%esp)
80492b8: 89 44 24 04 mov %eax,0x4(%esp)
80492bc: 8b 45 08 mov 0x8(%ebp),%eax
80492bf: 89 04 24 mov %eax,(%esp)
80492c2: e8 b9 f5 ff ff call 8048880 <recv@plt>
80492c7: 89 45 f0 mov %eax,-0x10(%ebp)
ebp_10h = recv(arg_0, &arg_4[ebp_0ch], arg_8-ebp_0ch);
80492ca: 83 7d f0 ff cmpl $0xffffffff,-0x10(%ebp)
80492ce: 75 1f jne 80492ef <recvlen+0x62>
if(ebp_10h == -1) {
80492d0: e8 4b f5 ff ff call 8048820 <__errno_location@plt>
80492d5: 8b 00 mov (%eax),%eax
80492d7: 83 f8 0b cmp $0xb,%eax
80492da: 74 21 je 80492fd <recvlen+0x70>
80492dc: e8 3f f5 ff ff call 8048820 <__errno_location@plt>
80492e1: 8b 00 mov (%eax),%eax
80492e3: 83 f8 04 cmp $0x4,%eax
80492e6: 74 15 je 80492fd <recvlen+0x70>
if((*__errno_location() != 0xb && *__errno_location() != 0x4)) {
return -1;
80492e8: b8 ff ff ff ff mov $0xffffffff,%eax
80492ed: eb 1d jmp 804930c <recvlen+0x7f>
}
} else {
80492ef: 83 7d f0 00 cmpl $0x0,-0x10(%ebp)
80492f3: 74 13 je 8049308 <recvlen+0x7b>
if(ebp_10h == 0) break;
80492f5: 8b 45 f0 mov -0x10(%ebp),%eax
80492f8: 01 45 f4 add %eax,-0xc(%ebp)
ebp_0ch += ebp_10h;
80492fb: eb 01 jmp 80492fe <recvlen+0x71>
}
80492fd: 90 nop
80492fe: 8b 45 f4 mov -0xc(%ebp),%eax
8049301: 3b 45 10 cmp 0x10(%ebp),%eax
8049304: 72 96 jb 804929c <recvlen+0xf>
}
8049306: eb 01 jmp 8049309 <recvlen+0x7c>
8049308: 90 nop
8049309: 8b 45 f4 mov -0xc(%ebp),%eax
return ebp_0ch;
804930c: c9 leave
804930d: c3 ret
}
0804930e <sendlen>:
int sendlen(int arg_0, char *arg_4, size_t arg_8)
{
804930e: 55 push %ebp
804930f: 89 e5 mov %esp,%ebp
8049311: 83 ec 28 sub $0x28,%esp
// Local variables.
int ebp_10h;
int ebp_0ch;
8049314: c7 45 f4 00 00 00 00 movl $0x0,-0xc(%ebp)
804931b: eb 5c jmp 8049379 <sendlen+0x6b>
for(ebp_0ch = 0; ebp_0ch < ebp_10h;) {
804931d: 8b 45 f4 mov -0xc(%ebp),%eax
8049320: 8b 55 10 mov 0x10(%ebp),%edx
8049323: 29 c2 sub %eax,%edx
8049325: 8b 45 f4 mov -0xc(%ebp),%eax
8049328: 8b 4d 0c mov 0xc(%ebp),%ecx
804932b: 01 c8 add %ecx,%eax
804932d: c7 44 24 0c 00 00 00 movl $0x0,0xc(%esp)
8049334: 00
8049335: 89 54 24 08 mov %edx,0x8(%esp)
8049339: 89 44 24 04 mov %eax,0x4(%esp)
804933d: 8b 45 08 mov 0x8(%ebp),%eax
8049340: 89 04 24 mov %eax,(%esp)
8049343: e8 58 f5 ff ff call 80488a0 <send@plt>
8049348: 89 45 f0 mov %eax,-0x10(%ebp)
ebp_10h = send(arg_0, &arg_4[ebp_0ch], arg_8-ebp_0ch);
804934b: 83 7d f0 ff cmpl $0xffffffff,-0x10(%ebp)
804934f: 75 1f jne 8049370 <sendlen+0x62>
if(ebp_10h == -1) {
8049351: e8 ca f4 ff ff call 8048820 <__errno_location@plt>
8049356: 8b 00 mov (%eax),%eax
8049358: 83 f8 0b cmp $0xb,%eax
804935b: 74 1b je 8049378 <sendlen+0x6a>
804935d: e8 be f4 ff ff call 8048820 <__errno_location@plt>
8049362: 8b 00 mov (%eax),%eax
8049364: 83 f8 04 cmp $0x4,%eax
8049367: 74 0f je 8049378 <sendlen+0x6a>
if((*__errno_location() != 0xb && *__errno_location() != 0x4)) {
8049369: b8 ff ff ff ff mov $0xffffffff,%eax
804936e: eb 14 jmp 8049384 <sendlen+0x76>
return -1;
}
} else {
8049370: 8b 45 f0 mov -0x10(%ebp),%eax
8049373: 01 45 f4 add %eax,-0xc(%ebp)
ebp_0ch += ebp_10h;
8049376: eb 01 jmp 8049379 <sendlen+0x6b>
}
8049378: 90 nop
8049379: 8b 45 f4 mov -0xc(%ebp),%eax
804937c: 3b 45 10 cmp 0x10(%ebp),%eax
804937f: 72 9c jb 804931d <sendlen+0xf>
}
8049381: 8b 45 f4 mov -0xc(%ebp),%eax
8049384: c9 leave
8049385: c3 ret
return ebp_0ch;
}
08049386 <sendstr>:
void sendstr(arg_0, arg_4)
{
8049386: 55 push %ebp
8049387: 89 e5 mov %esp,%ebp
8049389: 83 ec 18 sub $0x18,%esp
804938c: 8b 45 0c mov 0xc(%ebp),%eax
804938f: 89 04 24 mov %eax,(%esp)
8049392: e8 39 f4 ff ff call 80487d0 <strlen@plt>
8049397: 89 44 24 08 mov %eax,0x8(%esp)
804939b: 8b 45 0c mov 0xc(%ebp),%eax
804939e: 89 44 24 04 mov %eax,0x4(%esp)
80493a2: 8b 45 08 mov 0x8(%ebp),%eax
80493a5: 89 04 24 mov %eax,(%esp)
80493a8: e8 61 ff ff ff call 804930e <sendlen>
sendlen(arg0, strlen(arg1));
80493ad: c9 leave
80493ae: c3 ret
}
080493af <main>:
int main()
{
80493af: 55 push %ebp
80493b0: 89 e5 mov %esp,%ebp
80493b2: 83 e4 f0 and $0xfffffff0,%esp
80493b5: 83 ec 50 sub $0x50,%esp
80493b8: c7 44 24 2c 00 00 00 movl $0x0,0x2c(%esp)
80493bf: 00
80493c0: c7 44 24 30 00 00 00 movl $0x0,0x30(%esp)
80493c7: 00
80493c8: c7 44 24 34 00 00 00 movl $0x0,0x34(%esp)
80493cf: 00
80493d0: c7 44 24 38 00 00 00 movl $0x0,0x38(%esp)
80493d7: 00
80493d8: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp)
80493df: 00
80493e0: c7 04 24 11 00 00 00 movl $0x11,(%esp)
80493e7: e8 c4 f3 ff ff call 80487b0 <__sysv_signal@plt>
80493ec: 83 f8 ff cmp $0xffffffff,%eax
80493ef: 75 2f jne 8049420 <main+0x71>
80493f1: a1 a0 ab 04 08 mov 0x804aba0,%eax
80493f6: 89 44 24 0c mov %eax,0xc(%esp)
80493fa: c7 44 24 08 1e 00 00 movl $0x1e,0x8(%esp)
8049401: 00
8049402: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp)
8049409: 00
804940a: c7 04 24 80 97 04 08 movl $0x8049780,(%esp)
8049411: e8 7a f3 ff ff call 8048790 <fwrite@plt>
8049416: b8 01 00 00 00 mov $0x1,%eax
804941b: e9 f3 01 00 00 jmp 8049613 <main+0x264>
8049420: c7 44 24 08 06 00 00 movl $0x6,0x8(%esp)
8049427: 00
8049428: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp)
804942f: 00
8049430: c7 04 24 02 00 00 00 movl $0x2,(%esp)
8049437: e8 34 f4 ff ff call 8048870 <socket@plt>
804943c: 89 44 24 48 mov %eax,0x48(%esp)
8049440: 83 7c 24 48 ff cmpl $0xffffffff,0x48(%esp)
8049445: 75 16 jne 804945d <main+0xae>
8049447: c7 04 24 9f 97 04 08 movl $0x804979f,(%esp)
804944e: e8 1d f3 ff ff call 8048770 <perror@plt>
8049453: b8 01 00 00 00 mov $0x1,%eax
8049458: e9 b6 01 00 00 jmp 8049613 <main+0x264>
804945d: c7 44 24 3c 01 00 00 movl $0x1,0x3c(%esp)
8049464: 00
8049465: c7 44 24 10 04 00 00 movl $0x4,0x10(%esp)
804946c: 00
804946d: 8d 44 24 3c lea 0x3c(%esp),%eax
8049471: 89 44 24 0c mov %eax,0xc(%esp)
8049475: c7 44 24 08 02 00 00 movl $0x2,0x8(%esp)
804947c: 00
804947d: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp)
8049484: 00
8049485: 8b 44 24 48 mov 0x48(%esp),%eax
8049489: 89 04 24 mov %eax,(%esp)
804948c: e8 6f f2 ff ff call 8048700 <setsockopt@plt>
8049491: 85 c0 test %eax,%eax
8049493: 74 16 je 80494ab <main+0xfc>
8049495: c7 04 24 a6 97 04 08 movl $0x80497a6,(%esp)
804949c: e8 cf f2 ff ff call 8048770 <perror@plt>
80494a1: b8 01 00 00 00 mov $0x1,%eax
80494a6: e9 68 01 00 00 jmp 8049613 <main+0x264>
80494ab: 66 c7 44 24 2c 02 00 movw $0x2,0x2c(%esp)
80494b2: c7 04 24 00 00 00 00 movl $0x0,(%esp)
80494b9: e8 82 f3 ff ff call 8048840 <htonl@plt>
80494be: 89 44 24 30 mov %eax,0x30(%esp)
80494c2: 0f b7 05 54 97 04 08 movzwl 0x8049754,%eax
80494c9: 0f b7 c0 movzwl %ax,%eax
80494cc: 89 04 24 mov %eax,(%esp)
80494cf: e8 8c f2 ff ff call 8048760 <htons@plt>
80494d4: 66 89 44 24 2e mov %ax,0x2e(%esp)
80494d9: c7 44 24 08 10 00 00 movl $0x10,0x8(%esp)
80494e0: 00
80494e1: 8d 44 24 2c lea 0x2c(%esp),%eax
80494e5: 89 44 24 04 mov %eax,0x4(%esp)
80494e9: 8b 44 24 48 mov 0x48(%esp),%eax
80494ed: 89 04 24 mov %eax,(%esp)
80494f0: e8 0b f3 ff ff call 8048800 <bind@plt>
80494f5: 85 c0 test %eax,%eax
80494f7: 74 16 je 804950f <main+0x160>
80494f9: c7 04 24 b1 97 04 08 movl $0x80497b1,(%esp)
8049500: e8 6b f2 ff ff call 8048770 <perror@plt>
8049505: b8 01 00 00 00 mov $0x1,%eax
804950a: e9 04 01 00 00 jmp 8049613 <main+0x264>
804950f: c7 44 24 04 14 00 00 movl $0x14,0x4(%esp)
8049516: 00
8049517: 8b 44 24 48 mov 0x48(%esp),%eax
804951b: 89 04 24 mov %eax,(%esp)
804951e: e8 2d f3 ff ff call 8048850 <listen@plt>
8049523: 85 c0 test %eax,%eax
8049525: 74 16 je 804953d <main+0x18e>
8049527: c7 04 24 b6 97 04 08 movl $0x80497b6,(%esp)
804952e: e8 3d f2 ff ff call 8048770 <perror@plt>
8049533: b8 01 00 00 00 mov $0x1,%eax
8049538: e9 d6 00 00 00 jmp 8049613 <main+0x264>
804953d: c7 44 24 08 00 00 00 movl $0x0,0x8(%esp)
8049544: 00
8049545: c7 44 24 04 00 00 00 movl $0x0,0x4(%esp)
804954c: 00
804954d: 8b 44 24 48 mov 0x48(%esp),%eax
8049551: 89 04 24 mov %eax,(%esp)
8049554: e8 27 f2 ff ff call 8048780 <accept@plt>
8049559: 89 44 24 44 mov %eax,0x44(%esp)
804955d: 83 7c 24 44 ff cmpl $0xffffffff,0x44(%esp)
8049562: 75 11 jne 8049575 <main+0x1c6>
8049564: c7 04 24 bd 97 04 08 movl $0x80497bd,(%esp)
804956b: e8 00 f2 ff ff call 8048770 <perror@plt>
8049570: e9 99 00 00 00 jmp 804960e <main+0x25f>
8049575: e8 b6 f2 ff ff call 8048830 <fork@plt>
804957a: 89 44 24 40 mov %eax,0x40(%esp)
804957e: 83 7c 24 40 ff cmpl $0xffffffff,0x40(%esp)
8049583: 75 1a jne 804959f <main+0x1f0>
8049585: c7 04 24 c4 97 04 08 movl $0x80497c4,(%esp)
804958c: e8 df f1 ff ff call 8048770 <perror@plt>
8049591: 8b 44 24 44 mov 0x44(%esp),%eax
8049595: 89 04 24 mov %eax,(%esp)
8049598: e8 f3 f2 ff ff call 8048890 <close@plt>
804959d: eb 6f jmp 804960e <main+0x25f>
804959f: 83 7c 24 40 00 cmpl $0x0,0x40(%esp)
80495a4: 75 57 jne 80495fd <main+0x24e>
80495a6: c7 04 24 0f 00 00 00 movl $0xf,(%esp)
80495ad: e8 9e f1 ff ff call 8048750 <alarm@plt>
80495b2: 8b 44 24 48 mov 0x48(%esp),%eax
80495b6: 89 04 24 mov %eax,(%esp)
80495b9: e8 d2 f2 ff ff call 8048890 <close@plt>
80495be: c7 04 24 c9 97 04 08 movl $0x80497c9,(%esp)
80495c5: e8 10 fc ff ff call 80491da <drop_privs>
80495ca: 89 44 24 4c mov %eax,0x4c(%esp)
80495ce: 83 7c 24 4c 00 cmpl $0x0,0x4c(%esp)
80495d3: 75 10 jne 80495e5 <main+0x236>
80495d5: 8b 44 24 44 mov 0x44(%esp),%eax
80495d9: 89 04 24 mov %eax,(%esp)
80495dc: e8 55 fa ff ff call 8049036 <handle>
80495e1: 89 44 24 4c mov %eax,0x4c(%esp)
80495e5: 8b 44 24 44 mov 0x44(%esp),%eax
80495e9: 89 04 24 mov %eax,(%esp)
80495ec: e8 9f f2 ff ff call 8048890 <close@plt>
80495f1: 8b 44 24 4c mov 0x4c(%esp),%eax
80495f5: 89 04 24 mov %eax,(%esp)
80495f8: e8 23 f1 ff ff call 8048720 <_exit@plt>
80495fd: 8b 44 24 44 mov 0x44(%esp),%eax
8049601: 89 04 24 mov %eax,(%esp)
8049604: e8 87 f2 ff ff call 8048890 <close@plt>
8049609: e9 2f ff ff ff jmp 804953d <main+0x18e>
804960e: e9 2a ff ff ff jmp 804953d <main+0x18e>
8049613: c9 leave
8049614: c3 ret
8049615: 90 nop
8049616: 90 nop
8049617: 90 nop
8049618: 90 nop
8049619: 90 nop
804961a: 90 nop
804961b: 90 nop
804961c: 90 nop
804961d: 90 nop
804961e: 90 nop
804961f: 90 nop
}
08049620 <__libc_csu_fini>:
8049620: 55 push %ebp
8049621: 89 e5 mov %esp,%ebp
8049623: 5d pop %ebp
8049624: c3 ret
8049625: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
8049629: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
08049630 <__libc_csu_init>:
8049630: 55 push %ebp
8049631: 89 e5 mov %esp,%ebp
8049633: 57 push %edi
8049634: 56 push %esi
8049635: 53 push %ebx
8049636: e8 4f 00 00 00 call 804968a <__i686.get_pc_thunk.bx>
804963b: 81 c3 b9 14 00 00 add $0x14b9,%ebx
8049641: 83 ec 1c sub $0x1c,%esp
8049644: e8 77 f0 ff ff call 80486c0 <_init>
8049649: 8d bb 04 ff ff ff lea -0xfc(%ebx),%edi
804964f: 8d 83 00 ff ff ff lea -0x100(%ebx),%eax
8049655: 29 c7 sub %eax,%edi
8049657: c1 ff 02 sar $0x2,%edi
804965a: 85 ff test %edi,%edi
804965c: 74 24 je 8049682 <__libc_csu_init+0x52>
804965e: 31 f6 xor %esi,%esi
8049660: 8b 45 10 mov 0x10(%ebp),%eax
8049663: 89 44 24 08 mov %eax,0x8(%esp)
8049667: 8b 45 0c mov 0xc(%ebp),%eax
804966a: 89 44 24 04 mov %eax,0x4(%esp)
804966e: 8b 45 08 mov 0x8(%ebp),%eax
8049671: 89 04 24 mov %eax,(%esp)
8049674: ff 94 b3 00 ff ff ff call *-0x100(%ebx,%esi,4)
804967b: 83 c6 01 add $0x1,%esi
804967e: 39 fe cmp %edi,%esi
8049680: 72 de jb 8049660 <__libc_csu_init+0x30>
8049682: 83 c4 1c add $0x1c,%esp
8049685: 5b pop %ebx
8049686: 5e pop %esi
8049687: 5f pop %edi
8049688: 5d pop %ebp
8049689: c3 ret
0804968a <__i686.get_pc_thunk.bx>:
804968a: 8b 1c 24 mov (%esp),%ebx
804968d: c3 ret
804968e: 90 nop
804968f: 90 nop
Disassembly of section .fini:
08049690 <_fini>:
8049690: 55 push %ebp
8049691: 89 e5 mov %esp,%ebp
8049693: 53 push %ebx
8049694: 83 ec 04 sub $0x4,%esp
8049697: e8 00 00 00 00 call 804969c <_fini+0xc>
804969c: 5b pop %ebx
804969d: 81 c3 58 14 00 00 add $0x1458,%ebx
80496a3: 59 pop %ecx
80496a4: 5b pop %ebx
80496a5: c9 leave
80496a6: c3 ret
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment