hhc0null · December 31, 2014 19:39
diff --git a/yabai.dump b/yabai.dump
 int sub_8049110() 
 {
 8049110:	5d                   	pop    %ebp // return address: 0x8048f06
 8049111:	8b 45 00             	mov    0x0(%ebp),%eax // eax = 0xfffffff
 8049114:	83 e0 03             	and    $0x3,%eax
    *ebp &= 3;
 8049117:	83 f8 03             	cmp    $0x3,%eax
 804911a:	75 42                	jne    804915e <exit@plt+0xb8e>
    if(*ebp == 3) {
 804911c:	6a 00                	push   $0x0
 804911e:	6a 00                	push   $0x0
 8049120:	6a ff                	push   $0xffffffff
 8049122:	68 00 10 00 00       	push   $0x1000
 8049127:	6a 07                	push   $0x7
 8049129:	68 00 10 00 00       	push   $0x1000
 804912e:	6a 00                	push   $0x0
 8049130:	ff 15 f8 a5 04 08    	call   *0x804a5f8 // 08048590: mmap
        tmp = mmap(NULL, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_EXECUTABLE, -1, 0);
 8049136:	83 c4 1c             	add    $0x1c,%esp
 8049139:	85 c0                	test   %eax,%eax
 804913b:	79 0a                	jns    8049147 <exit@plt+0xb77>
        if(tmp < 0) {
 804913d:	b8 fe ff ff ff       	mov    $0xfffffffe,%eax
 8049142:	e9 af 00 00 00       	jmp    80491f6 <exit@plt+0xc26>
            return -2;
        }
 8049147:	b9 f8 02 00 00       	mov    $0x2f8,%ecx
        // {{{ tmp[i] <- 0x8048f00[i]
        for(int i = 760; i >= 0; i--) {
 804914c:	8a 54 0d fa          	mov    -0x6(%ebp,%ecx,1),%dl 
            // 0x8048f00[i]
 8049150:	88 14 08             	mov    %dl,(%eax,%ecx,1)
            tmp[i] = 0x8048f06[i];
 8049153:	49                   	dec    %ecx
 8049154:	79 f6                	jns    804914c <exit@plt+0xb7c>
        }
        // }}}
        memcpy(tmp, ebp-6, 0x2f8); // ebp-6 == 0x8048f00
 8049156:	8d 88 66 02 00 00    	lea    0x266(%eax),%ecx
 804915c:	ff e1                	jmp    *%ecx
    } else {
 804915e:	8d 85 f2 02 00 00    	lea    0x2f2(%ebp),%eax
 8049164:	eb e1                	jmp    8049147 <exit@plt+0xb77>
        memcpy(text_80491f8, ebp-6, 0x2f8); // ebp-6 == 0x8048f00
    }
 LOC_8049166:
 8049166:	8d a9 a0 fd ff ff    	lea    -0x260(%ecx),%ebp
 804916c:	ff 45 00             	incl   0x0(%ebp)
    ebp[0]++; // -1 => 0
 804916f:	ff 74 24 08          	pushl  0x8(%esp) // fp
 8049173:	8d 45 08             	lea    0x8(%ebp),%eax
 8049176:	50                   	push   %eax // ebp[8] == 0x8048f0e -> 0x0
 8049177:	8d 85 fa 01 00 00    	lea    0x1fa(%ebp),%eax
 804917d:	50                   	push   %eax // ebp[506] == 0x8049100 -> 0xffb204ff
 804917e:	ff 15 04 a6 04 08    	call   *0x804a604 // sub_8048c50
    sub_8048c50(text_8049100, text_8048f0e, fp);
 8049184:	83 c4 0c             	add    $0xc,%esp
 8049187:	83 7d 04 00          	cmpl   $0x0,0x4(%ebp)
 804918b:	75 17                	jne    80491a4 <exit@plt+0xbd4>
    if(ebp[4] == 0 /* 0x8048f0a */) {
 804918d:	ff 45 04             	incl   0x4(%ebp)
        ebp[4]++;
 8049190:	6a 10                	push   $0x10
 8049192:	68 10 a6 04 08       	push   $0x804a610
 8049197:	8d 45 08             	lea    0x8(%ebp),%eax
 804919a:	50                   	push   %eax // 0x8048f0e
 804919b:	ff 15 00 a6 04 08    	call   *0x804a600 // 0x08048700
        // data_804a610 = { 0x4d35e1b5, 0x7a2dbf16, 0x8db2faba, 0xee3de392 };
        sub_8048700(0x8048f0e, data_804a610, 16);
 80491a1:	83 c4 0c             	add    $0xc,%esp
    }
    do {
 80491a4:	8d 85 fa 01 00 00    	lea    0x1fa(%ebp),%eax // text_8049100
 80491aa:	8b 10                	mov    (%eax),%edx // *text_8049100
 80491ac:	ff 75 00             	pushl  0x0(%ebp)
 80491af:	50                   	push   %eax
 80491b0:	ff 52 0c             	call   *0xc(%edx)
        result = sub_804910c(text_8049100, *text_8048f06);
 80491b3:	83 c4 08             	add    $0x8,%esp
 80491b6:	85 c0                	test   %eax,%eax
 80491b8:	78 37                	js     80491f1 <exit@plt+0xc21>
 80491ba:	74 29                	je     80491e5 <exit@plt+0xc15>
        if(result > 0) cond = 1;
        if(result = 0) cond = 0;
        if(result < 0) cond = -1;
        switch(case) {
            case 1:
 80491bc:	89 c1                	mov    %eax,%ecx
 80491be:	6a 40                	push   $0x40
 80491c0:	c1 e1 06             	shl    $0x6,%ecx // result << 6;
 80491c3:	8d 8c 0d ca 00 00 00 	lea    0xca(%ebp,%ecx,1),%ecx 
                // text_8048f06[0xca+result<<6];
 80491ca:	51                   	push   %ecx
 80491cb:	50                   	push   %eax
 80491cc:	8d 85 fa 01 00 00    	lea    0x1fa(%ebp),%eax // text_8049100;
 80491d2:	8b 10                	mov    (%eax),%edx // *text_8049100;
 80491d4:	50                   	push   %eax
 80491d5:	ff 52 04             	call   *0x4(%edx)
                text_8049104(text_8049100, result, text_8048f06[0xca+(result<<6)]);
 80491d8:	8d 85 fa 01 00 00    	lea    0x1fa(%ebp),%eax
 80491de:	8b 10                	mov    (%eax),%edx
 80491e0:	ff 12                	call   *(%edx)
                text_8049100();
 80491e2:	83 c4 10             	add    $0x10,%esp
            case 0:
 80491e5:	ff 74 24 08          	pushl  0x8(%esp)
 80491e9:	e8 12 fd ff ff       	call   8048f00 <exit@plt+0x930>
                result = sub_8049110(/* ??? */);
 80491ee:	83 c4 04             	add    $0x4,%esp
            case -1:
 80491f1:	83 f8 ff             	cmp    $0xffffffff,%eax
 80491f4:	74 ae                	je     80491a4 <exit@plt+0xbd4>
        }
    } while(result == -1);
 80491f6:	5d                   	pop    %ebp
 80491f7:	c3                   	ret    
 }
	int sub_8049110()
	{
	8049110: 5d pop %ebp // return address: 0x8048f06
	8049111: 8b 45 00 mov 0x0(%ebp),%eax // eax = 0xfffffff
	8049114: 83 e0 03 and $0x3,%eax
	*ebp &= 3;
	8049117: 83 f8 03 cmp $0x3,%eax
	804911a: 75 42 jne 804915e <exit@plt+0xb8e>
	if(*ebp == 3) {
	804911c: 6a 00 push $0x0
	804911e: 6a 00 push $0x0
	8049120: 6a ff push $0xffffffff
	8049122: 68 00 10 00 00 push $0x1000
	8049127: 6a 07 push $0x7
	8049129: 68 00 10 00 00 push $0x1000
	804912e: 6a 00 push $0x0
	8049130: ff 15 f8 a5 04 08 call *0x804a5f8 // 08048590: mmap
	tmp = mmap(NULL, 4096, PROT_READ\|PROT_WRITE\|PROT_EXEC, MAP_EXECUTABLE, -1, 0);
	8049136: 83 c4 1c add $0x1c,%esp
	8049139: 85 c0 test %eax,%eax
	804913b: 79 0a jns 8049147 <exit@plt+0xb77>
	if(tmp < 0) {
	804913d: b8 fe ff ff ff mov $0xfffffffe,%eax
	8049142: e9 af 00 00 00 jmp 80491f6 <exit@plt+0xc26>
	return -2;
	}
	8049147: b9 f8 02 00 00 mov $0x2f8,%ecx
	// {{{ tmp[i] <- 0x8048f00[i]
	for(int i = 760; i >= 0; i--) {
	804914c: 8a 54 0d fa mov -0x6(%ebp,%ecx,1),%dl
	// 0x8048f00[i]
	8049150: 88 14 08 mov %dl,(%eax,%ecx,1)
	tmp[i] = 0x8048f06[i];
	8049153: 49 dec %ecx
	8049154: 79 f6 jns 804914c <exit@plt+0xb7c>
	}
	// }}}
	memcpy(tmp, ebp-6, 0x2f8); // ebp-6 == 0x8048f00
	8049156: 8d 88 66 02 00 00 lea 0x266(%eax),%ecx
	804915c: ff e1 jmp *%ecx
	} else {
	804915e: 8d 85 f2 02 00 00 lea 0x2f2(%ebp),%eax
	8049164: eb e1 jmp 8049147 <exit@plt+0xb77>
	memcpy(text_80491f8, ebp-6, 0x2f8); // ebp-6 == 0x8048f00
	}
	LOC_8049166:
	8049166: 8d a9 a0 fd ff ff lea -0x260(%ecx),%ebp
	804916c: ff 45 00 incl 0x0(%ebp)
	ebp[0]++; // -1 => 0
	804916f: ff 74 24 08 pushl 0x8(%esp) // fp
	8049173: 8d 45 08 lea 0x8(%ebp),%eax
	8049176: 50 push %eax // ebp[8] == 0x8048f0e -> 0x0
	8049177: 8d 85 fa 01 00 00 lea 0x1fa(%ebp),%eax
	804917d: 50 push %eax // ebp[506] == 0x8049100 -> 0xffb204ff
	804917e: ff 15 04 a6 04 08 call *0x804a604 // sub_8048c50
	sub_8048c50(text_8049100, text_8048f0e, fp);
	8049184: 83 c4 0c add $0xc,%esp
	8049187: 83 7d 04 00 cmpl $0x0,0x4(%ebp)
	804918b: 75 17 jne 80491a4 <exit@plt+0xbd4>
	if(ebp[4] == 0 /* 0x8048f0a */) {
	804918d: ff 45 04 incl 0x4(%ebp)
	ebp[4]++;
	8049190: 6a 10 push $0x10
	8049192: 68 10 a6 04 08 push $0x804a610
	8049197: 8d 45 08 lea 0x8(%ebp),%eax
	804919a: 50 push %eax // 0x8048f0e
	804919b: ff 15 00 a6 04 08 call *0x804a600 // 0x08048700
	// data_804a610 = { 0x4d35e1b5, 0x7a2dbf16, 0x8db2faba, 0xee3de392 };
	sub_8048700(0x8048f0e, data_804a610, 16);
	80491a1: 83 c4 0c add $0xc,%esp
	}
	do {
	80491a4: 8d 85 fa 01 00 00 lea 0x1fa(%ebp),%eax // text_8049100
	80491aa: 8b 10 mov (%eax),%edx // *text_8049100
	80491ac: ff 75 00 pushl 0x0(%ebp)
	80491af: 50 push %eax
	80491b0: ff 52 0c call *0xc(%edx)
	result = sub_804910c(text_8049100, *text_8048f06);
	80491b3: 83 c4 08 add $0x8,%esp
	80491b6: 85 c0 test %eax,%eax
	80491b8: 78 37 js 80491f1 <exit@plt+0xc21>
	80491ba: 74 29 je 80491e5 <exit@plt+0xc15>
	if(result > 0) cond = 1;
	if(result = 0) cond = 0;
	if(result < 0) cond = -1;
	switch(case) {
	case 1:
	80491bc: 89 c1 mov %eax,%ecx
	80491be: 6a 40 push $0x40
	80491c0: c1 e1 06 shl $0x6,%ecx // result << 6;
	80491c3: 8d 8c 0d ca 00 00 00 lea 0xca(%ebp,%ecx,1),%ecx
	// text_8048f06[0xca+result<<6];
	80491ca: 51 push %ecx
	80491cb: 50 push %eax
	80491cc: 8d 85 fa 01 00 00 lea 0x1fa(%ebp),%eax // text_8049100;
	80491d2: 8b 10 mov (%eax),%edx // *text_8049100;
	80491d4: 50 push %eax
	80491d5: ff 52 04 call *0x4(%edx)
	text_8049104(text_8049100, result, text_8048f06[0xca+(result<<6)]);
	80491d8: 8d 85 fa 01 00 00 lea 0x1fa(%ebp),%eax
	80491de: 8b 10 mov (%eax),%edx
	80491e0: ff 12 call *(%edx)
	text_8049100();
	80491e2: 83 c4 10 add $0x10,%esp
	case 0:
	80491e5: ff 74 24 08 pushl 0x8(%esp)
	80491e9: e8 12 fd ff ff call 8048f00 <exit@plt+0x930>
	result = sub_8049110(/* ??? */);
	80491ee: 83 c4 04 add $0x4,%esp
	case -1:
	80491f1: 83 f8 ff cmp $0xffffffff,%eax
	80491f4: 74 ae je 80491a4 <exit@plt+0xbd4>
	}
	} while(result == -1);
	80491f6: 5d pop %ebp
	80491f7: c3 ret
	}