Skip to content

Instantly share code, notes, and snippets.

@hhc0null

hhc0null/decompiled.c

Created March 18, 2015 06:43
Show Gist options
  • Save hhc0null/cf5eaeb1322f7195ca44 to your computer and use it in GitHub Desktop.
Save hhc0null/cf5eaeb1322f7195ca44 to your computer and use it in GitHub Desktop.
Download ZIP
B-sides 2015 SB340 Baby Playpen Fence
Raw
decompiled.c
int main()
{
// Local variables.
int rsp_04h;
setvbuf(stdin, 0, 2); // maybe
setvbuf(stdout, 0, 2); // maybe
puts("\n ______\n | |__| | WELCOME TO THE\n | () | UNTRUSTED COMPUTING SERVICE\n |______| V0.0.1a\n\nLOAD PROGRAM");
base = mmap(NULL, sysconf(0x1e), PROT_WRITE, MAP_ANONYMOUS|MAP_PRIVATE, 0, 0);
if(!sub_e90(NULL, rsp_04h, 4) && !sub_e90(NULL, base, rsp_04h <= 0x200? rsp_04h: 0x200)) {
exit(EXIT_FAILURE);
}
mprotect(base, sysconf(0x1e), PROT_EXEC|PROT_READ);
sub_f10(base);
puts("THANK YOU");
exit(EXIT_SUCCESS);
}
// set seccomp rules.
void sub_c40()
{
/* we cannot use open(2), mmap(9), openat(257), open_by_handle_at(304), ptrace(101) */
}
int sub_e90(int arg0, char *arg1, size_t arg2)
{
// Local variables.
if(arg2) {
for(int result = 0, len = 0; (len = read(arg0, arg1, arg2)) > 0; result += len) {
if(arg2 <= result) {
return result;
}
}
}
return 0;
}
void sub_f10(char *arg0)
{
// Local variables.
int rsp_04h;
pid = fork();
if(pid != -1) {
if(pid != 0) {
waitpid(pid, &rsp_04h, 0);
if(rsp_04h & 0x7f == 0 && rsp_04h >> 8 == 0) {
abort();
}
return;
}
} else {
exit(EXIT_FAILURE);
}
sub_c40(); // set seccomp rules.
(arg0)();
abort();
}
Raw
disas
babypf-1ae7656c09638d7ed138553e58bbffc5077a5b13: file format elf64-x86-64
Disassembly of section .init:
00000000000008f8 <.init>:
8f8: 48 83 ec 08 sub $0x8,%rsp
8fc: 48 8b 05 dd 16 20 00 mov 0x2016dd(%rip),%rax # 201fe0 <fork@plt+0x2015d0>
903: 48 85 c0 test %rax,%rax
906: 74 05 je 90d <abort@plt-0x23>
908: e8 83 00 00 00 callq 990 <__gmon_start__@plt>
90d: 48 83 c4 08 add $0x8,%rsp
911: c3 retq
Disassembly of section .plt:
0000000000000920 <abort@plt-0x10>:
920: ff 35 1a 16 20 00 pushq 0x20161a(%rip) # 201f40 <fork@plt+0x201530>
926: ff 25 1c 16 20 00 jmpq *0x20161c(%rip) # 201f48 <fork@plt+0x201538>
92c: 0f 1f 40 00 nopl 0x0(%rax)
0000000000000930 <abort@plt>:
930: ff 25 1a 16 20 00 jmpq *0x20161a(%rip) # 201f50 <fork@plt+0x201540>
936: 68 00 00 00 00 pushq $0x0
93b: e9 e0 ff ff ff jmpq 920 <abort@plt-0x10>
0000000000000940 <puts@plt>:
940: ff 25 12 16 20 00 jmpq *0x201612(%rip) # 201f58 <fork@plt+0x201548>
946: 68 01 00 00 00 pushq $0x1
94b: e9 d0 ff ff ff jmpq 920 <abort@plt-0x10>
0000000000000950 <__stack_chk_fail@plt>:
950: ff 25 0a 16 20 00 jmpq *0x20160a(%rip) # 201f60 <fork@plt+0x201550>
956: 68 02 00 00 00 pushq $0x2
95b: e9 c0 ff ff ff jmpq 920 <abort@plt-0x10>
0000000000000960 <mmap@plt>:
960: ff 25 02 16 20 00 jmpq *0x201602(%rip) # 201f68 <fork@plt+0x201558>
966: 68 03 00 00 00 pushq $0x3
96b: e9 b0 ff ff ff jmpq 920 <abort@plt-0x10>
0000000000000970 <read@plt>:
970: ff 25 fa 15 20 00 jmpq *0x2015fa(%rip) # 201f70 <fork@plt+0x201560>
976: 68 04 00 00 00 pushq $0x4
97b: e9 a0 ff ff ff jmpq 920 <abort@plt-0x10>
0000000000000980 <__libc_start_main@plt>:
980: ff 25 f2 15 20 00 jmpq *0x2015f2(%rip) # 201f78 <fork@plt+0x201568>
986: 68 05 00 00 00 pushq $0x5
98b: e9 90 ff ff ff jmpq 920 <abort@plt-0x10>
0000000000000990 <__gmon_start__@plt>:
990: ff 25 ea 15 20 00 jmpq *0x2015ea(%rip) # 201f80 <fork@plt+0x201570>
996: 68 06 00 00 00 pushq $0x6
99b: e9 80 ff ff ff jmpq 920 <abort@plt-0x10>
00000000000009a0 <prctl@plt>:
9a0: ff 25 e2 15 20 00 jmpq *0x2015e2(%rip) # 201f88 <fork@plt+0x201578>
9a6: 68 07 00 00 00 pushq $0x7
9ab: e9 70 ff ff ff jmpq 920 <abort@plt-0x10>
00000000000009b0 <setvbuf@plt>:
9b0: ff 25 da 15 20 00 jmpq *0x2015da(%rip) # 201f90 <fork@plt+0x201580>
9b6: 68 08 00 00 00 pushq $0x8
9bb: e9 60 ff ff ff jmpq 920 <abort@plt-0x10>
00000000000009c0 <waitpid@plt>:
9c0: ff 25 d2 15 20 00 jmpq *0x2015d2(%rip) # 201f98 <fork@plt+0x201588>
9c6: 68 09 00 00 00 pushq $0x9
9cb: e9 50 ff ff ff jmpq 920 <abort@plt-0x10>
00000000000009d0 <mprotect@plt>:
9d0: ff 25 ca 15 20 00 jmpq *0x2015ca(%rip) # 201fa0 <fork@plt+0x201590>
9d6: 68 0a 00 00 00 pushq $0xa
9db: e9 40 ff ff ff jmpq 920 <abort@plt-0x10>
00000000000009e0 <sysconf@plt>:
9e0: ff 25 c2 15 20 00 jmpq *0x2015c2(%rip) # 201fa8 <fork@plt+0x201598>
9e6: 68 0b 00 00 00 pushq $0xb
9eb: e9 30 ff ff ff jmpq 920 <abort@plt-0x10>
00000000000009f0 <exit@plt>:
9f0: ff 25 ba 15 20 00 jmpq *0x2015ba(%rip) # 201fb0 <fork@plt+0x2015a0>
9f6: 68 0c 00 00 00 pushq $0xc
9fb: e9 20 ff ff ff jmpq 920 <abort@plt-0x10>
0000000000000a00 <__cxa_finalize@plt>:
a00: ff 25 b2 15 20 00 jmpq *0x2015b2(%rip) # 201fb8 <fork@plt+0x2015a8>
a06: 68 0d 00 00 00 pushq $0xd
a0b: e9 10 ff ff ff jmpq 920 <abort@plt-0x10>
0000000000000a10 <fork@plt>:
a10: ff 25 aa 15 20 00 jmpq *0x2015aa(%rip) # 201fc0 <fork@plt+0x2015b0>
a16: 68 0e 00 00 00 pushq $0xe
a1b: e9 00 ff ff ff jmpq 920 <abort@plt-0x10>
Disassembly of section .text:
0000000000000a20 <.text>:
int main()
{
a20: 53 push %rbx
a21: 31 c9 xor %ecx,%ecx
a23: 31 f6 xor %esi,%esi
a25: ba 02 00 00 00 mov $0x2,%edx
a2a: 48 83 ec 10 sub $0x10,%rsp
// Local variables.
int rsp_04h;
a2e: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
a35: 00 00
a37: 48 89 44 24 08 mov %rax,0x8(%rsp)
a3c: 31 c0 xor %eax,%eax
a3e: 48 8b 05 93 15 20 00 mov 0x201593(%rip),%rax # 201fd8 <fork@plt+0x2015c8>
a45: 48 8b 38 mov (%rax),%rdi
a48: e8 63 ff ff ff callq 9b0 <setvbuf@plt>
setvbuf(stdin, 0, 2);
a4d: 48 8b 05 7c 15 20 00 mov 0x20157c(%rip),%rax # 201fd0 <fork@plt+0x2015c0>
a54: 31 c9 xor %ecx,%ecx
a56: 31 f6 xor %esi,%esi
a58: ba 02 00 00 00 mov $0x2,%edx
a5d: 48 8b 38 mov (%rax),%rdi
a60: e8 4b ff ff ff callq 9b0 <setvbuf@plt>
setvbuf(stdout, 0, 2);
a65: 48 8d 3d ac 05 00 00 lea 0x5ac(%rip),%rdi # 1018 <fork@plt+0x608>
a6c: e8 cf fe ff ff callq 940 <puts@plt>
puts("\n ______\n | |__| | WELCOME TO THE\n | () | UNTRUSTED COMPUTING SERVICE\n |______| V0.0.1a\n\nLOAD PROGRAM");
a71: bf 1e 00 00 00 mov $0x1e,%edi
a76: e8 65 ff ff ff callq 9e0 <sysconf@plt>
a7b: 45 31 c9 xor %r9d,%r9d
a7e: 45 31 c0 xor %r8d,%r8d
a81: 31 ff xor %edi,%edi
a83: b9 22 00 00 00 mov $0x22,%ecx
a88: ba 02 00 00 00 mov $0x2,%edx
a8d: 48 89 c6 mov %rax,%rsi
a90: e8 cb fe ff ff callq 960 <mmap@plt>
a95: 48 8d 74 24 04 lea 0x4(%rsp),%rsi
a9a: 31 ff xor %edi,%edi
a9c: ba 04 00 00 00 mov $0x4,%edx
aa1: 48 89 c3 mov %rax,%rbx
base = mmap(NULL, sysconf(0x1e), PROT_WRITE, MAP_ANONYMOUS|MAP_PRIVATE, 0, 0);
aa4: e8 e7 03 00 00 callq e90 <fork@plt+0x480>
aa9: 85 c0 test %eax,%eax
aab: 74 20 je acd <fork@plt+0xbd>
aad: 81 7c 24 04 00 02 00 cmpl $0x200,0x4(%rsp)
ab4: 00
ab5: ba 00 02 00 00 mov $0x200,%edx
aba: 48 89 de mov %rbx,%rsi
abd: 0f 46 54 24 04 cmovbe 0x4(%rsp),%edx
ac2: 31 ff xor %edi,%edi
ac4: e8 c7 03 00 00 callq e90 <fork@plt+0x480>
ac9: 85 c0 test %eax,%eax
acb: 75 0a jne ad7 <fork@plt+0xc7>
if(!sub_e90(NULL, rsp_04h, 4) && !sub_e90(NULL, base, rsp_04h <= 0x200? rsp_04h: 0x200)) {
acd: bf 01 00 00 00 mov $0x1,%edi
ad2: e8 19 ff ff ff callq 9f0 <exit@plt>
exit(EXIT_FAILURE);
}
ad7: bf 1e 00 00 00 mov $0x1e,%edi
adc: e8 ff fe ff ff callq 9e0 <sysconf@plt>
ae1: ba 05 00 00 00 mov $0x5,%edx
ae6: 48 89 c6 mov %rax,%rsi
ae9: 48 89 df mov %rbx,%rdi
aec: e8 df fe ff ff callq 9d0 <mprotect@plt>
mprotect(base, sysconf(0x1e), PROT_EXEC|PROT_READ);
af1: 48 89 df mov %rbx,%rdi
af4: e8 17 04 00 00 callq f10 <fork@plt+0x500>
sub_f10(base);
af9: 48 8d 3d 88 05 00 00 lea 0x588(%rip),%rdi # 1088 <fork@plt+0x678>
b00: e8 3b fe ff ff callq 940 <puts@plt>
puts("THANK YOU");
b05: 31 ff xor %edi,%edi
b07: e8 e4 fe ff ff callq 9f0 <exit@plt>
exit(EXIT_SUCCESS);
}
b0c: 31 ed xor %ebp,%ebp
b0e: 49 89 d1 mov %rdx,%r9
b11: 5e pop %rsi
b12: 48 89 e2 mov %rsp,%rdx
b15: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
b19: 50 push %rax
b1a: 54 push %rsp
b1b: 4c 8d 05 de 04 00 00 lea 0x4de(%rip),%r8 # 1000 <fork@plt+0x5f0>
b22: 48 8d 0d 67 04 00 00 lea 0x467(%rip),%rcx # f90 <fork@plt+0x580>
b29: 48 8d 3d f0 fe ff ff lea -0x110(%rip),%rdi # a20 <fork@plt+0x10>
b30: e8 4b fe ff ff callq 980 <__libc_start_main@plt>
b35: f4 hlt
b36: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
b3d: 00 00 00
b40: 48 8d 3d c9 14 20 00 lea 0x2014c9(%rip),%rdi # 202010 <_edata>
b47: 48 8d 05 c9 14 20 00 lea 0x2014c9(%rip),%rax # 202017 <_edata+0x7>
b4e: 55 push %rbp
b4f: 48 29 f8 sub %rdi,%rax
b52: 48 89 e5 mov %rsp,%rbp
b55: 48 83 f8 0e cmp $0xe,%rax
b59: 76 15 jbe b70 <fork@plt+0x160>
b5b: 48 8b 05 66 14 20 00 mov 0x201466(%rip),%rax # 201fc8 <fork@plt+0x2015b8>
b62: 48 85 c0 test %rax,%rax
b65: 74 09 je b70 <fork@plt+0x160>
b67: 5d pop %rbp
b68: ff e0 jmpq *%rax
b6a: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
b70: 5d pop %rbp
b71: c3 retq
b72: 66 66 66 66 66 2e 0f data32 data32 data32 data32 nopw %cs:0x0(%rax,%rax,1)
b79: 1f 84 00 00 00 00 00
b80: 48 8d 3d 89 14 20 00 lea 0x201489(%rip),%rdi # 202010 <_edata>
b87: 48 8d 35 82 14 20 00 lea 0x201482(%rip),%rsi # 202010 <_edata>
b8e: 55 push %rbp
b8f: 48 29 fe sub %rdi,%rsi
b92: 48 89 e5 mov %rsp,%rbp
b95: 48 c1 fe 03 sar $0x3,%rsi
b99: 48 89 f0 mov %rsi,%rax
b9c: 48 c1 e8 3f shr $0x3f,%rax
ba0: 48 01 c6 add %rax,%rsi
ba3: 48 d1 fe sar %rsi
ba6: 74 18 je bc0 <fork@plt+0x1b0>
ba8: 48 8b 05 41 14 20 00 mov 0x201441(%rip),%rax # 201ff0 <fork@plt+0x2015e0>
baf: 48 85 c0 test %rax,%rax
bb2: 74 0c je bc0 <fork@plt+0x1b0>
bb4: 5d pop %rbp
bb5: ff e0 jmpq *%rax
bb7: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1)
bbe: 00 00
bc0: 5d pop %rbp
bc1: c3 retq
bc2: 66 66 66 66 66 2e 0f data32 data32 data32 data32 nopw %cs:0x0(%rax,%rax,1)
bc9: 1f 84 00 00 00 00 00
bd0: 80 3d 39 14 20 00 00 cmpb $0x0,0x201439(%rip) # 202010 <_edata>
bd7: 75 27 jne c00 <fork@plt+0x1f0>
bd9: 48 83 3d 17 14 20 00 cmpq $0x0,0x201417(%rip) # 201ff8 <fork@plt+0x2015e8>
be0: 00
be1: 55 push %rbp
be2: 48 89 e5 mov %rsp,%rbp
be5: 74 0c je bf3 <fork@plt+0x1e3>
be7: 48 8b 3d 1a 14 20 00 mov 0x20141a(%rip),%rdi # 202008 <fork@plt+0x2015f8>
bee: e8 0d fe ff ff callq a00 <__cxa_finalize@plt>
bf3: e8 48 ff ff ff callq b40 <fork@plt+0x130>
bf8: 5d pop %rbp
bf9: c6 05 10 14 20 00 01 movb $0x1,0x201410(%rip) # 202010 <_edata>
c00: f3 c3 repz retq
c02: 66 66 66 66 66 2e 0f data32 data32 data32 data32 nopw %cs:0x0(%rax,%rax,1)
c09: 1f 84 00 00 00 00 00
c10: 48 8d 3d 29 11 20 00 lea 0x201129(%rip),%rdi # 201d40 <fork@plt+0x201330>
c17: 48 83 3f 00 cmpq $0x0,(%rdi)
c1b: 75 0b jne c28 <fork@plt+0x218>
c1d: e9 5e ff ff ff jmpq b80 <fork@plt+0x170>
c22: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
c28: 48 8b 05 b9 13 20 00 mov 0x2013b9(%rip),%rax # 201fe8 <fork@plt+0x2015d8>
c2f: 48 85 c0 test %rax,%rax
c32: 74 e9 je c1d <fork@plt+0x20d>
c34: 55 push %rbp
c35: 48 89 e5 mov %rsp,%rbp
c38: ff d0 callq *%rax
c3a: 5d pop %rbp
c3b: e9 40 ff ff ff jmpq b80 <fork@plt+0x170>
// set seccomp rules.
sub_c40()
{
/* we cannot use open(2), mmap(9), openat(257), open_by_handle_at(304), ptrace(101) */
c40: 48 81 ec 98 00 00 00 sub $0x98,%rsp
c47: 41 b9 15 00 00 00 mov $0x15,%r9d
c4d: 41 ba 06 00 00 00 mov $0x6,%r10d
c53: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
c5a: 00 00
c5c: 48 89 84 24 88 00 00 mov %rax,0x88(%rsp)
c63: 00
c64: 31 c0 xor %eax,%eax
c66: b8 20 00 00 00 mov $0x20,%eax
c6b: ba 15 00 00 00 mov $0x15,%edx
c70: b9 06 00 00 00 mov $0x6,%ecx
c75: 66 89 44 24 10 mov %ax,0x10(%rsp)
c7a: be 20 00 00 00 mov $0x20,%esi
c7f: bf 15 00 00 00 mov $0x15,%edi
c84: 41 b8 06 00 00 00 mov $0x6,%r8d
c8a: b8 06 00 00 00 mov $0x6,%eax
c8f: 66 44 89 4c 24 40 mov %r9w,0x40(%rsp)
c95: 66 44 89 54 24 48 mov %r10w,0x48(%rsp)
c9b: 66 89 54 24 18 mov %dx,0x18(%rsp)
ca0: ba 0f 00 00 00 mov $0xf,%edx
ca5: 66 89 4c 24 20 mov %cx,0x20(%rsp)
caa: 66 89 74 24 28 mov %si,0x28(%rsp)
caf: 41 bb 15 00 00 00 mov $0x15,%r11d
cb5: 66 89 7c 24 30 mov %di,0x30(%rsp)
cba: 66 44 89 44 24 38 mov %r8w,0x38(%rsp)
cc0: 31 c9 xor %ecx,%ecx
cc2: c6 44 24 12 00 movb $0x0,0x12(%rsp)
cc7: c6 44 24 13 00 movb $0x0,0x13(%rsp)
ccc: 45 31 c0 xor %r8d,%r8d
ccf: c7 44 24 14 04 00 00 movl $0x4,0x14(%rsp)
cd6: 00
cd7: c6 44 24 1a 01 movb $0x1,0x1a(%rsp)
cdc: 31 f6 xor %esi,%esi
cde: c6 44 24 1b 00 movb $0x0,0x1b(%rsp)
ce3: c7 44 24 1c 3e 00 00 movl $0xc000003e,0x1c(%rsp)
cea: c0
ceb: bf 04 00 00 00 mov $0x4,%edi
cf0: c6 44 24 22 00 movb $0x0,0x22(%rsp)
cf5: c6 44 24 23 00 movb $0x0,0x23(%rsp)
cfa: c7 44 24 24 00 00 00 movl $0x0,0x24(%rsp)
d01: 00
d02: c6 44 24 2a 00 movb $0x0,0x2a(%rsp)
d07: c6 44 24 2b 00 movb $0x0,0x2b(%rsp)
d0c: c7 44 24 2c 00 00 00 movl $0x0,0x2c(%rsp)
d13: 00
d14: c6 44 24 32 00 movb $0x0,0x32(%rsp)
d19: c6 44 24 33 01 movb $0x1,0x33(%rsp)
d1e: c7 44 24 34 02 00 00 movl $0x2,0x34(%rsp)
d25: 00
d26: c6 44 24 3a 00 movb $0x0,0x3a(%rsp)
d2b: c6 44 24 3b 00 movb $0x0,0x3b(%rsp)
d30: c7 44 24 3c 16 00 05 movl $0x50016,0x3c(%rsp)
d37: 00
d38: c6 44 24 42 00 movb $0x0,0x42(%rsp)
d3d: c6 44 24 43 01 movb $0x1,0x43(%rsp)
d42: c7 44 24 44 09 00 00 movl $0x9,0x44(%rsp)
d49: 00
d4a: c6 44 24 4a 00 movb $0x0,0x4a(%rsp)
d4f: c6 44 24 4b 00 movb $0x0,0x4b(%rsp)
d54: c7 44 24 4c 16 00 05 movl $0x50016,0x4c(%rsp)
d5b: 00
d5c: 66 89 44 24 58 mov %ax,0x58(%rsp)
d61: b8 15 00 00 00 mov $0x15,%eax
d66: 66 89 14 24 mov %dx,(%rsp)
d6a: 66 89 44 24 60 mov %ax,0x60(%rsp)
d6f: b8 06 00 00 00 mov $0x6,%eax
d74: 31 d2 xor %edx,%edx
d76: 66 89 44 24 68 mov %ax,0x68(%rsp)
d7b: b8 15 00 00 00 mov $0x15,%eax
d80: 66 44 89 5c 24 50 mov %r11w,0x50(%rsp)
d86: 66 89 44 24 70 mov %ax,0x70(%rsp)
d8b: b8 06 00 00 00 mov $0x6,%eax
d90: c6 44 24 52 00 movb $0x0,0x52(%rsp)
d95: 66 89 44 24 78 mov %ax,0x78(%rsp)
d9a: b8 06 00 00 00 mov $0x6,%eax
d9f: c6 44 24 53 01 movb $0x1,0x53(%rsp)
da4: 66 89 84 24 80 00 00 mov %ax,0x80(%rsp)
dab: 00
dac: 48 8d 44 24 10 lea 0x10(%rsp),%rax
db1: c7 44 24 54 01 01 00 movl $0x101,0x54(%rsp)
db8: 00
db9: c6 44 24 5a 00 movb $0x0,0x5a(%rsp)
dbe: c6 44 24 5b 00 movb $0x0,0x5b(%rsp)
dc3: 48 89 44 24 08 mov %rax,0x8(%rsp)
dc8: 31 c0 xor %eax,%eax
dca: c7 44 24 5c 16 00 05 movl $0x50016,0x5c(%rsp)
dd1: 00
dd2: c6 44 24 62 00 movb $0x0,0x62(%rsp)
dd7: c6 44 24 63 01 movb $0x1,0x63(%rsp)
ddc: c7 44 24 64 30 01 00 movl $0x130,0x64(%rsp)
de3: 00
de4: c6 44 24 6a 00 movb $0x0,0x6a(%rsp)
de9: c6 44 24 6b 00 movb $0x0,0x6b(%rsp)
dee: c7 44 24 6c 16 00 05 movl $0x50016,0x6c(%rsp)
df5: 00
df6: c6 44 24 72 00 movb $0x0,0x72(%rsp)
dfb: c6 44 24 73 01 movb $0x1,0x73(%rsp)
e00: c7 44 24 74 65 00 00 movl $0x65,0x74(%rsp)
e07: 00
e08: c6 44 24 7a 00 movb $0x0,0x7a(%rsp)
e0d: c6 44 24 7b 00 movb $0x0,0x7b(%rsp)
e12: c7 44 24 7c 16 00 05 movl $0x50016,0x7c(%rsp)
e19: 00
e1a: c6 84 24 82 00 00 00 movb $0x0,0x82(%rsp)
e21: 00
e22: c6 84 24 83 00 00 00 movb $0x0,0x83(%rsp)
e29: 00
e2a: c7 84 24 84 00 00 00 movl $0x7fff0000,0x84(%rsp)
e31: 00 00 ff 7f
e35: e8 66 fb ff ff callq 9a0 <prctl@plt>
e3a: 45 31 c0 xor %r8d,%r8d
e3d: 31 c9 xor %ecx,%ecx
e3f: 31 d2 xor %edx,%edx
e41: be 01 00 00 00 mov $0x1,%esi
e46: bf 26 00 00 00 mov $0x26,%edi
e4b: 31 c0 xor %eax,%eax
e4d: e8 4e fb ff ff callq 9a0 <prctl@plt>
e52: 45 31 c0 xor %r8d,%r8d
e55: 31 c9 xor %ecx,%ecx
e57: 31 c0 xor %eax,%eax
e59: 48 89 e2 mov %rsp,%rdx
e5c: be 02 00 00 00 mov $0x2,%esi
e61: bf 16 00 00 00 mov $0x16,%edi
e66: e8 35 fb ff ff callq 9a0 <prctl@plt>
e6b: 31 c0 xor %eax,%eax
e6d: 48 8b 8c 24 88 00 00 mov 0x88(%rsp),%rcx
e74: 00
e75: 64 48 33 0c 25 28 00 xor %fs:0x28,%rcx
e7c: 00 00
e7e: 75 08 jne e88 <fork@plt+0x478>
e80: 48 81 c4 98 00 00 00 add $0x98,%rsp
e87: c3 retq
e88: e8 c3 fa ff ff callq 950 <__stack_chk_fail@plt>
e8d: 0f 1f 00 nopl (%rax)
}
sub_e90(int arg0, char *arg1, size_t arg2)
{
e90: 41 55 push %r13
e92: 41 54 push %r12
e94: 55 push %rbp
e95: 53 push %rbx
e96: 89 d5 mov %edx,%ebp
e98: 48 83 ec 18 sub $0x18,%rsp
// Local variables.
e9c: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
ea3: 00 00
ea5: 48 89 44 24 08 mov %rax,0x8(%rsp)
eaa: 31 c0 xor %eax,%eax
eac: 85 d2 test %edx,%edx
eae: 74 2d je edd <fork@plt+0x4cd>
if(arg2) {
eb0: 41 89 fc mov %edi,%r12d
eb3: 49 89 f5 mov %rsi,%r13
eb6: 31 db xor %ebx,%ebx
eb8: eb 0c jmp ec6 <fork@plt+0x4b6>
eba: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
for(int result = 0, len = 0; (len = read(arg0, arg1, arg2)) > 0; result += len) {
ec0: 01 c3 add %eax,%ebx
ec2: 39 dd cmp %ebx,%ebp
ec4: 76 1a jbe ee0 <fork@plt+0x4d0>
if(arg2 <= result) {
return result;
}
ec6: 89 ea mov %ebp,%edx
// ->>
ec8: 4c 89 ee mov %r13,%rsi
ecb: 44 89 e7 mov %r12d,%edi
ece: 29 da sub %ebx,%edx
ed0: e8 9b fa ff ff callq 970 <read@plt>
ed5: 85 c0 test %eax,%eax
ed7: 7f e7 jg ec0 <fork@plt+0x4b0>
}
ed9: 31 c0 xor %eax,%eax
edb: eb 05 jmp ee2 <fork@plt+0x4d2>
}
edd: 31 db xor %ebx,%ebx
edf: 90 nop
ee0: 89 d8 mov %ebx,%eax
ee2: 48 8b 4c 24 08 mov 0x8(%rsp),%rcx
ee7: 64 48 33 0c 25 28 00 xor %fs:0x28,%rcx
eee: 00 00
ef0: 75 0b jne efd <fork@plt+0x4ed>
ef2: 48 83 c4 18 add $0x18,%rsp
ef6: 5b pop %rbx
ef7: 5d pop %rbp
ef8: 41 5c pop %r12
efa: 41 5d pop %r13
efc: c3 retq
return 0;
efd: e8 4e fa ff ff callq 950 <__stack_chk_fail@plt>
f02: 66 66 66 66 66 2e 0f data32 data32 data32 data32 nopw %cs:0x0(%rax,%rax,1)
f09: 1f 84 00 00 00 00 00
}
sub_f10(char *arg0)
{
f10: 53 push %rbx
f11: 48 89 fb mov %rdi,%rbx
f14: 48 83 ec 10 sub $0x10,%rsp
// Local variables.
rsp_04h;
f18: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
f1f: 00 00
f21: 48 89 44 24 08 mov %rax,0x8(%rsp)
f26: 31 c0 xor %eax,%eax
f28: e8 e3 fa ff ff callq a10 <fork@plt>
pid = fork();
f2d: 83 f8 ff cmp $0xffffffff,%eax
f30: 74 37 je f69 <fork@plt+0x559>
if(pid != -1) {
f32: 85 c0 test %eax,%eax
f34: 74 42 je f78 <fork@plt+0x568>
if(pid != 0) {
f36: 48 8d 74 24 04 lea 0x4(%rsp),%rsi
f3b: 31 d2 xor %edx,%edx
f3d: 89 c7 mov %eax,%edi
f3f: e8 7c fa ff ff callq 9c0 <waitpid@plt>
waitpid(pid, rsp_04h, 0);
f44: 8b 44 24 04 mov 0x4(%rsp),%eax
f48: a8 7f test $0x7f,%al
f4a: 75 07 jne f53 <fork@plt+0x543>
f4c: 0f b6 c4 movzbl %ah,%eax
f4f: 85 c0 test %eax,%eax
f51: 74 33 je f86 <fork@plt+0x576>
if(rsp_04h & 0x7f == 0 && rsp_04h >> 8 == 0) {
abort();
}
f53: 48 8b 44 24 08 mov 0x8(%rsp),%rax
f58: 64 48 33 04 25 28 00 xor %fs:0x28,%rax
f5f: 00 00
f61: 75 10 jne f73 <fork@plt+0x563>
f63: 48 83 c4 10 add $0x10,%rsp
f67: 5b pop %rbx
f68: c3 retq
return;
}
} else {
f69: bf 01 00 00 00 mov $0x1,%edi
f6e: e8 7d fa ff ff callq 9f0 <exit@plt>
exit(EXIT_FAILURE);
}
f73: e8 d8 f9 ff ff callq 950 <__stack_chk_fail@plt>
f78: e8 c3 fc ff ff callq c40 <fork@plt+0x230>
sub_c40();
f7d: 31 c0 xor %eax,%eax
f7f: ff d3 callq *%rbx
(arg0)();
f81: e8 aa f9 ff ff callq 930 <abort@plt>
abort();
f86: e8 a5 f9 ff ff callq 930 <abort@plt>
f8b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
}
f90: 41 57 push %r15
f92: 41 89 ff mov %edi,%r15d
f95: 41 56 push %r14
f97: 49 89 f6 mov %rsi,%r14
f9a: 41 55 push %r13
f9c: 49 89 d5 mov %rdx,%r13
f9f: 41 54 push %r12
fa1: 4c 8d 25 88 0d 20 00 lea 0x200d88(%rip),%r12 # 201d30 <fork@plt+0x201320>
fa8: 55 push %rbp
fa9: 48 8d 2d 88 0d 20 00 lea 0x200d88(%rip),%rbp # 201d38 <fork@plt+0x201328>
fb0: 53 push %rbx
fb1: 4c 29 e5 sub %r12,%rbp
fb4: 31 db xor %ebx,%ebx
fb6: 48 c1 fd 03 sar $0x3,%rbp
fba: 48 83 ec 08 sub $0x8,%rsp
fbe: e8 35 f9 ff ff callq 8f8 <abort@plt-0x38>
fc3: 48 85 ed test %rbp,%rbp
fc6: 74 1e je fe6 <fork@plt+0x5d6>
fc8: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
fcf: 00
fd0: 4c 89 ea mov %r13,%rdx
fd3: 4c 89 f6 mov %r14,%rsi
fd6: 44 89 ff mov %r15d,%edi
fd9: 41 ff 14 dc callq *(%r12,%rbx,8)
fdd: 48 83 c3 01 add $0x1,%rbx
fe1: 48 39 eb cmp %rbp,%rbx
fe4: 75 ea jne fd0 <fork@plt+0x5c0>
fe6: 48 83 c4 08 add $0x8,%rsp
fea: 5b pop %rbx
feb: 5d pop %rbp
fec: 41 5c pop %r12
fee: 41 5d pop %r13
ff0: 41 5e pop %r14
ff2: 41 5f pop %r15
ff4: c3 retq
ff5: 66 66 2e 0f 1f 84 00 data32 nopw %cs:0x0(%rax,%rax,1)
ffc: 00 00 00 00
1000: f3 c3 repz retq
Disassembly of section .fini:
0000000000001004 <.fini>:
1004: 48 83 ec 08 sub $0x8,%rsp
1008: 48 83 c4 08 add $0x8,%rsp
100c: c3 retq
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment