Skip to content

Instantly share code, notes, and snippets.

@hhc0null

hhc0null/freenote.c

Last active August 29, 2015 14:17
Show Gist options
  • Save hhc0null/de6482c978d662d48557 to your computer and use it in GitHub Desktop.
Save hhc0null/de6482c978d662d48557 to your computer and use it in GitHub Desktop.
Download ZIP
0CTF 2015 Quals Exploit-freenote-400pts
Raw
freenote.c
// [0ctf 2015 quals] exploit-freenote-400pts
/*
* memo of bss_6020a8h.
* offset_00h: limit number of memo.
* offset_08h: current number of memo.
* offset_10h[memo_limit]: content.
*/
const unsigned long long memo_limit = 0x100;
typedef struct _memo_t {
unsigned int int is_used; // offset_10h
unsigned int int size; // offset_18h
char *content; // offset_20h
} memo_t;
typedef struct _pad_t {
unsigned long long limit;
unsigned long long current_number;
memo_t content[memo_limit];
} pad_t;
int sub_40085d(char *arg0, int arg1)
{
// Local variables.
int rbp_1ch;
char *rbp_18h;
int rbp_08h;
int rbp_04h;
rbp_1ch = arg1;
rbp_18h = arg0;
if(rbp_1ch <= 0) {
return 0;
} else {
for(rbp_08h = 0; rbp_08h < rbp_1ch; rbp_08h += rbp_04h) {
rbp_04h = read(STDIN_FILENO, &rbp_18h[rbp_08h], rbp_1ch-rbp_08h);
if(rbp_04h <= 0) {
break;
}
}
}
return rbp_08h;
}
int sub_4008c9(char *arg0, int arg1)
{
// local variables.
int rbp_1ch;
char *rbp_18h;
int rbp_08h;
int rbp_04h;
rbp_1ch = arg1;
rbp_18h = arg0;
if(rbp_1ch <= 0) {
return 0;
} else {
for(rbp_08h; rbp_08h < rbp_1ch; rbp_08h--) {
rbp_04h = read(STDIN_FILENO, &rbp_18h[rbp_08h], 1);
// if(rbp_04h == 0) break;
// if(rbp_18h[rbp_08h] == '\n') break;
if(rbp_04h == 0 || rbp_18h[rbp_08h] == '\n') break;
}
rbp_18h[rbp_08h] = '\0';
}
return rbp_08h;
}
int sub_40094e()
{
// Local variables.
char rbp_30h[0x20];
sub_4008c9(rbp_30h, 0x20);
return atoi(rbp_30h);
}
int sub_400998()
{
puts("== 0ops free note ==");
puts("1. List note");
puts("2. New note");
puts("3. Edit note");
puts("4. Delete note");
puts("5. Exit");
puts("====================");
printf("Your choice: ");
return sub_40094e();
}
void sub_4009fd()
{
setvbuf(stdin, NULL, _IONBF, 0);
setvbuf(stdout, NULL, _IONBF, 0);
alarm(60);
}
void sub_400a49()
{
// Local variables.
int rbp_04h;
bss_6020a8h = malloc(sizeof(pad_t));
bss_6020a8h->offset_00h = 0x100;
bss_6020a8h->offset_08h = 0;
for(rbp_04h = 0; rbp_04h < 0x100; rbp_04h++) {
bss_6020a8h[rbp_04h*24].is_used = 0; // 0x10 is `is_used'.
bss_6020a8h[rbp_04h*24].size = 0; // 0x18 is `size'
bss_6020a8h[rbp_04h*24].content = NULL; // 0x20 is `content'.
}
}
void sub_400b14()
{
// Local variables.
int rbp_04h;
if(bss_6020a8h->offset_08h > 0) {
for(rbp_04h = 0; rbp_04h < bss_6020a8h->offset_00h; rbp_04h++) {
if(bss_6020a8h[rbp_04h*24].is_used == 1) {
printf("%d. %s\n", rbp_04h, bss_6020a8h[rbp_04h*3 << 3 + 0x20]);
}
}
} else {
puts("You need to create some new notes first.");
}
}
void sub_400bc2()
{
// Local variables.
int rbp_10h;
int rbp_0ch;
char *rbp_08h;
int val0, val1, val2, val3; // type is teketo- :(
if(bss_6020a8h->offset_08h >= bss_6020a8h->offset_00h) {
puts("Unbale to create new note.");
} else {
for(rbp_14h = 0; rbp_14h < bss_6020a8h->offset_00h; rbp_14h++) {
if(bss_6020a8h[rbp_14h*3 << 3 + 0x10 + 0x00] == 0) {
printf("Length of new note: ");
rbp_10h = sub_40094e();
if(rbp_10h <= 0) {
puts("Invalid length!");
break;
}
if(rbp_10h > 0x1000) {
rbp_10h = 0x1000;
}
val0 = rbp_10h >> 0x19;
val1 = 0x80 - (((val0 + rbp_10h) & 0x7f) - val0);
// val1 >> 0x1f; // signed?
val2 = (val1 >> 0x1f) >> 0x19;
val3 = ((val2 + val1) & 0x7f) - val2;
rbp_0ch = rbp_10h + val3;
rbp_08h = malloc(rbp_0ch);
printf("Enter your note: ");
sub_40085d(rbp_08h, rbp_10h);
bss_6020a8h[rbp_14h*24].is_used = 1;
bss_6020a8h[rbp_14h*24].size = rbp_10h;
bss_6020a8h[rbp_14h*24].content = rbp_08h;
bss_6020a8h->offset_08h += 1;
puts("Done.");
break;
}
}
}
}
void sub_400d87()
{
// Local variables.
int rbp_1ch;
int rbp_18h;
int rbp_14h;
int val0, val1, val2, val3; // type is teketo- :(
printf("Note number: ");
rbp_18h = sub_40094e();
if(!(0 <= rbp_18h && rbp_18h < bss_6020a8h->offset_00h)
|| bss_6020a8h[rbp_18h*24].is_used != 1) {
puts("Invalid number!");
return;
}
if(!(0 <= rbp_18h && rbp_18h < bss_6020a8h->offset_00h) ||
bss_6020a8h[rbp_18h*24].is_used != 1) {
puts("Invalid number!");
return;
}
printf("Length of note: ");
rbp_1ch = sub_40094e();
if(rbp_1ch <= 0) {
puts("Invalid length!");
}
if(rbp_1ch > 0x1000) {
rbp_1ch = 0x1000;
}
if(bss_6020a8h[rbp_18h*24].size != rbp_1ch) {
val0 = rbp_1ch >> 0x19;
val1 = 0x80 - (((val0 + rbp_1ch) & 0x7f) - val0);
// val1 >> 0x1f; // signed?
val2 = (val1 >> 0x1f) >> 0x19;
val3 = ((val2 + val1) & 0x7f) - val2;
rbp_14h = rbp_1ch + val3;
bss_6020a8h[rbp_18h*24].content = realloc(bss_6020a8h[rbp_18h*24].content, rbp_14h);
bss_6020a8h[rbp_18h*24].size = rbp_1ch;
}
printf("Enter your note: ");
sub_40085d(bss_6020a8h[rbp_18h*24].content, rbp_1ch);
puts("Done.");
}
void sub_400f7d()
{
// local variables.
int rbp_04h;
if(bss_6020a8h->offset_08h != 0) {
printf("Note number: ");
rbp_04h = sub_40094e();
if(!(0 <= rbp_04h || rbp_04h >= bss_6020a8h->offset_00h)) {
puts("Invalid number");
return;
}
bss_6020a8h->offset_08h -= 1;
bss_6020a8h[rbp_04h*24].is_used = 0;
bss_6020a8h[rbp_04h*24].size = 0;
free(bss_6020a8h[rbp_04h*24].content);
puts("Done.");
} else {
puts("No notes yet.");
}
}
int main(void)
{
// Local variables.
sub_4009fd();
sub_400a49();
while(true) {
rbp_04h = sub_400998();
switch(rbp_04h) {
case 1:
sub_400b14();
break;
case 2:
sub_400bc2();
break;
case 3:
sub_400d87();
break;
case 4:
sub_400f7d();
break;
case 5:
puts("Bye");
return;
default:
puts("Invalid!");
}
}
}
Raw
freenote.disas
freenote: file format elf64-x86-64
Disassembly of section .init:
0000000000400678 <.init>:
400678: 48 83 ec 08 sub $0x8,%rsp
40067c: 48 8b 05 75 19 20 00 mov 0x201975(%rip),%rax # 601ff8 <atoi@plt+0x201898>
400683: 48 85 c0 test %rax,%rax
400686: 74 05 je 40068d <free@plt-0x23>
400688: e8 93 00 00 00 callq 400720 <__gmon_start__@plt>
40068d: 48 83 c4 08 add $0x8,%rsp
400691: c3 retq
Disassembly of section .plt:
00000000004006a0 <free@plt-0x10>:
4006a0: ff 35 62 19 20 00 pushq 0x201962(%rip) # 602008 <atoi@plt+0x2018a8>
4006a6: ff 25 64 19 20 00 jmpq *0x201964(%rip) # 602010 <atoi@plt+0x2018b0>
4006ac: 0f 1f 40 00 nopl 0x0(%rax)
00000000004006b0 <free@plt>:
4006b0: ff 25 62 19 20 00 jmpq *0x201962(%rip) # 602018 <atoi@plt+0x2018b8>
4006b6: 68 00 00 00 00 pushq $0x0
4006bb: e9 e0 ff ff ff jmpq 4006a0 <free@plt-0x10>
00000000004006c0 <puts@plt>:
4006c0: ff 25 5a 19 20 00 jmpq *0x20195a(%rip) # 602020 <atoi@plt+0x2018c0>
4006c6: 68 01 00 00 00 pushq $0x1
4006cb: e9 d0 ff ff ff jmpq 4006a0 <free@plt-0x10>
00000000004006d0 <__stack_chk_fail@plt>:
4006d0: ff 25 52 19 20 00 jmpq *0x201952(%rip) # 602028 <atoi@plt+0x2018c8>
4006d6: 68 02 00 00 00 pushq $0x2
4006db: e9 c0 ff ff ff jmpq 4006a0 <free@plt-0x10>
00000000004006e0 <printf@plt>:
4006e0: ff 25 4a 19 20 00 jmpq *0x20194a(%rip) # 602030 <atoi@plt+0x2018d0>
4006e6: 68 03 00 00 00 pushq $0x3
4006eb: e9 b0 ff ff ff jmpq 4006a0 <free@plt-0x10>
00000000004006f0 <alarm@plt>:
4006f0: ff 25 42 19 20 00 jmpq *0x201942(%rip) # 602038 <atoi@plt+0x2018d8>
4006f6: 68 04 00 00 00 pushq $0x4
4006fb: e9 a0 ff ff ff jmpq 4006a0 <free@plt-0x10>
0000000000400700 <read@plt>:
400700: ff 25 3a 19 20 00 jmpq *0x20193a(%rip) # 602040 <atoi@plt+0x2018e0>
400706: 68 05 00 00 00 pushq $0x5
40070b: e9 90 ff ff ff jmpq 4006a0 <free@plt-0x10>
0000000000400710 <__libc_start_main@plt>:
400710: ff 25 32 19 20 00 jmpq *0x201932(%rip) # 602048 <atoi@plt+0x2018e8>
400716: 68 06 00 00 00 pushq $0x6
40071b: e9 80 ff ff ff jmpq 4006a0 <free@plt-0x10>
0000000000400720 <__gmon_start__@plt>:
400720: ff 25 2a 19 20 00 jmpq *0x20192a(%rip) # 602050 <atoi@plt+0x2018f0>
400726: 68 07 00 00 00 pushq $0x7
40072b: e9 70 ff ff ff jmpq 4006a0 <free@plt-0x10>
0000000000400730 <malloc@plt>:
400730: ff 25 22 19 20 00 jmpq *0x201922(%rip) # 602058 <atoi@plt+0x2018f8>
400736: 68 08 00 00 00 pushq $0x8
40073b: e9 60 ff ff ff jmpq 4006a0 <free@plt-0x10>
0000000000400740 <realloc@plt>:
400740: ff 25 1a 19 20 00 jmpq *0x20191a(%rip) # 602060 <atoi@plt+0x201900>
400746: 68 09 00 00 00 pushq $0x9
40074b: e9 50 ff ff ff jmpq 4006a0 <free@plt-0x10>
0000000000400750 <setvbuf@plt>:
400750: ff 25 12 19 20 00 jmpq *0x201912(%rip) # 602068 <atoi@plt+0x201908>
400756: 68 0a 00 00 00 pushq $0xa
40075b: e9 40 ff ff ff jmpq 4006a0 <free@plt-0x10>
0000000000400760 <atoi@plt>:
400760: ff 25 0a 19 20 00 jmpq *0x20190a(%rip) # 602070 <atoi@plt+0x201910>
400766: 68 0b 00 00 00 pushq $0xb
40076b: e9 30 ff ff ff jmpq 4006a0 <free@plt-0x10>
Disassembly of section .text:
0000000000400770 <.text>:
400770: 31 ed xor %ebp,%ebp
400772: 49 89 d1 mov %rdx,%r9
400775: 5e pop %rsi
400776: 48 89 e2 mov %rsp,%rdx
400779: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
40077d: 50 push %rax
40077e: 54 push %rsp
40077f: 49 c7 c0 90 11 40 00 mov $0x401190,%r8
400786: 48 c7 c1 20 11 40 00 mov $0x401120,%rcx
40078d: 48 c7 c7 87 10 40 00 mov $0x401087,%rdi
400794: e8 77 ff ff ff callq 400710 <__libc_start_main@plt>
400799: f4 hlt
40079a: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
4007a0: b8 8f 20 60 00 mov $0x60208f,%eax
4007a5: 55 push %rbp
4007a6: 48 2d 88 20 60 00 sub $0x602088,%rax
4007ac: 48 83 f8 0e cmp $0xe,%rax
4007b0: 48 89 e5 mov %rsp,%rbp
4007b3: 77 02 ja 4007b7 <atoi@plt+0x57>
4007b5: 5d pop %rbp
4007b6: c3 retq
4007b7: b8 00 00 00 00 mov $0x0,%eax
4007bc: 48 85 c0 test %rax,%rax
4007bf: 74 f4 je 4007b5 <atoi@plt+0x55>
4007c1: 5d pop %rbp
4007c2: bf 88 20 60 00 mov $0x602088,%edi
4007c7: ff e0 jmpq *%rax
4007c9: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
4007d0: b8 88 20 60 00 mov $0x602088,%eax
4007d5: 55 push %rbp
4007d6: 48 2d 88 20 60 00 sub $0x602088,%rax
4007dc: 48 c1 f8 03 sar $0x3,%rax
4007e0: 48 89 e5 mov %rsp,%rbp
4007e3: 48 89 c2 mov %rax,%rdx
4007e6: 48 c1 ea 3f shr $0x3f,%rdx
4007ea: 48 01 d0 add %rdx,%rax
4007ed: 48 d1 f8 sar %rax
4007f0: 75 02 jne 4007f4 <atoi@plt+0x94>
4007f2: 5d pop %rbp
4007f3: c3 retq
4007f4: ba 00 00 00 00 mov $0x0,%edx
4007f9: 48 85 d2 test %rdx,%rdx
4007fc: 74 f4 je 4007f2 <atoi@plt+0x92>
4007fe: 5d pop %rbp
4007ff: 48 89 c6 mov %rax,%rsi
400802: bf 88 20 60 00 mov $0x602088,%edi
400807: ff e2 jmpq *%rdx
400809: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
400810: 80 3d 89 18 20 00 00 cmpb $0x0,0x201889(%rip) # 6020a0 <stdin+0x8>
400817: 75 11 jne 40082a <atoi@plt+0xca>
400819: 55 push %rbp
40081a: 48 89 e5 mov %rsp,%rbp
40081d: e8 7e ff ff ff callq 4007a0 <atoi@plt+0x40>
400822: 5d pop %rbp
400823: c6 05 76 18 20 00 01 movb $0x1,0x201876(%rip) # 6020a0 <stdin+0x8>
40082a: f3 c3 repz retq
40082c: 0f 1f 40 00 nopl 0x0(%rax)
400830: 48 83 3d e8 15 20 00 cmpq $0x0,0x2015e8(%rip) # 601e20 <atoi@plt+0x2016c0>
400837: 00
400838: 74 1e je 400858 <atoi@plt+0xf8>
40083a: b8 00 00 00 00 mov $0x0,%eax
40083f: 48 85 c0 test %rax,%rax
400842: 74 14 je 400858 <atoi@plt+0xf8>
400844: 55 push %rbp
400845: bf 20 1e 60 00 mov $0x601e20,%edi
40084a: 48 89 e5 mov %rsp,%rbp
40084d: ff d0 callq *%rax
40084f: 5d pop %rbp
400850: e9 7b ff ff ff jmpq 4007d0 <atoi@plt+0x70>
400855: 0f 1f 00 nopl (%rax)
400858: e9 73 ff ff ff jmpq 4007d0 <atoi@plt+0x70>
int sub_40085d(char *arg0, int arg1)
{
40085d: 55 push %rbp
40085e: 48 89 e5 mov %rsp,%rbp
400861: 48 83 ec 20 sub $0x20,%rsp
// Local variables.
int rbp_1ch;
char *rbp_18h;
400865: 48 89 7d e8 mov %rdi,-0x18(%rbp)
400869: 89 75 e4 mov %esi,-0x1c(%rbp)
40086c: 83 7d e4 00 cmpl $0x0,-0x1c(%rbp)
400870: 7f 07 jg 400879 <atoi@plt+0x119>
if(rbp_1ch <= 0) {
400872: b8 00 00 00 00 mov $0x0,%eax
400877: eb 4e jmp 4008c7 <atoi@plt+0x167>
return 0;
} else {
400879: c7 45 f8 00 00 00 00 movl $0x0,-0x8(%rbp)
400880: eb 3a jmp 4008bc <atoi@plt+0x15c>
for(rbp_08h = 0; rbp_08h < rbp_1ch; rbp_08h += rbp_04h) {
400882: 8b 45 f8 mov -0x8(%rbp),%eax
400885: 8b 55 e4 mov -0x1c(%rbp),%edx
400888: 29 c2 sub %eax,%edx
40088a: 89 d0 mov %edx,%eax
40088c: 48 98 cltq
40088e: 8b 55 f8 mov -0x8(%rbp),%edx
400891: 48 63 ca movslq %edx,%rcx
400894: 48 8b 55 e8 mov -0x18(%rbp),%rdx
400898: 48 01 d1 add %rdx,%rcx
40089b: 48 89 c2 mov %rax,%rdx
40089e: 48 89 ce mov %rcx,%rsi
4008a1: bf 00 00 00 00 mov $0x0,%edi
4008a6: e8 55 fe ff ff callq 400700 <read@plt>
rbp_04h = read(STDIN_FILENO, &rbp_18h[rbp_08h], rbp_1ch-rbp_08h);
4008ab: 89 45 fc mov %eax,-0x4(%rbp)
4008ae: 83 7d fc 00 cmpl $0x0,-0x4(%rbp)
4008b2: 7f 02 jg 4008b6 <atoi@plt+0x156>
if(rbp_04h <= 0) {
4008b4: eb 0e jmp 4008c4 <atoi@plt+0x164>
break;
}
4008b6: 8b 45 fc mov -0x4(%rbp),%eax
4008b9: 01 45 f8 add %eax,-0x8(%rbp)
4008bc: 8b 45 f8 mov -0x8(%rbp),%eax
// ->>
4008bf: 3b 45 e4 cmp -0x1c(%rbp),%eax
4008c2: 7c be jl 400882 <atoi@plt+0x122>
}
4008c4: 8b 45 f8 mov -0x8(%rbp),%eax
}
return rbp_08h;
4008c7: c9 leaveq
4008c8: c3 retq
}
sub_4008c9(char *arg0, int arg0)
{
4008c9: 55 push %rbp
4008ca: 48 89 e5 mov %rsp,%rbp
4008cd: 48 83 ec 20 sub $0x20,%rsp
// Local variables.
int rbp_1ch;
char *rbp_18h;
4008d1: 48 89 7d e8 mov %rdi,-0x18(%rbp)
4008d5: 89 75 e4 mov %esi,-0x1c(%rbp)
4008d8: 83 7d e4 00 cmpl $0x0,-0x1c(%rbp)
4008dc: 7f 07 jg 4008e5 <atoi@plt+0x185>
if(rbp_1ch <= 0) {
4008de: b8 00 00 00 00 mov $0x0,%eax
4008e3: eb 67 jmp 40094c <atoi@plt+0x1ec>
return 0;
} else {
4008e5: c7 45 f8 00 00 00 00 movl $0x0,-0x8(%rbp)
4008ec: eb 40 jmp 40092e <atoi@plt+0x1ce>
for(rbp_08h; rbp_08h < rbp_1ch; rbp_08h--) {
4008ee: 8b 45 f8 mov -0x8(%rbp),%eax
4008f1: 48 63 d0 movslq %eax,%rdx
4008f4: 48 8b 45 e8 mov -0x18(%rbp),%rax
4008f8: 48 01 d0 add %rdx,%rax
4008fb: ba 01 00 00 00 mov $0x1,%edx
400900: 48 89 c6 mov %rax,%rsi
400903: bf 00 00 00 00 mov $0x0,%edi
400908: e8 f3 fd ff ff callq 400700 <read@plt>
40090d: 89 45 fc mov %eax,-0x4(%rbp)
rbp_04h = read(STDIN_FILENO, &rbp_18h[rbp_08h], 1);
400910: 83 7d fc 00 cmpl $0x0,-0x4(%rbp)
400914: 7e 23 jle 400939 <atoi@plt+0x1d9>
if(rbp_04h == 0) break;
400916: 8b 45 f8 mov -0x8(%rbp),%eax
400919: 48 63 d0 movslq %eax,%rdx
40091c: 48 8b 45 e8 mov -0x18(%rbp),%rax
400920: 48 01 d0 add %rdx,%rax
400923: 0f b6 00 movzbl (%rax),%eax
400926: 3c 0a cmp $0xa,%al
400928: 74 0f je 400939 <atoi@plt+0x1d9>
if(rbp_18h[rbp_08h] == '\n') break;
40092a: 83 45 f8 01 addl $0x1,-0x8(%rbp)
// ->>
40092e: 8b 45 e4 mov -0x1c(%rbp),%eax
400931: 83 e8 01 sub $0x1,%eax
400934: 3b 45 f8 cmp -0x8(%rbp),%eax
400937: 7f b5 jg 4008ee <atoi@plt+0x18e>
}
400939: 8b 45 f8 mov -0x8(%rbp),%eax
40093c: 48 63 d0 movslq %eax,%rdx
40093f: 48 8b 45 e8 mov -0x18(%rbp),%rax
400943: 48 01 d0 add %rdx,%rax
400946: c6 00 00 movb $0x0,(%rax)
rbp_18h[rbp_08h] = '\0';
400949: 8b 45 f8 mov -0x8(%rbp),%eax
}
40094c: c9 leaveq
40094d: c3 retq
return rbp_08h;
}
int sub_40094e()
{
40094e: 55 push %rbp
40094f: 48 89 e5 mov %rsp,%rbp
400952: 48 83 ec 30 sub $0x30,%rsp
// Local variables.
char rbp_30h[0x20];
400956: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
40095d: 00 00
40095f: 48 89 45 f8 mov %rax,-0x8(%rbp)
400963: 31 c0 xor %eax,%eax
400965: 48 8d 45 d0 lea -0x30(%rbp),%rax
400969: be 20 00 00 00 mov $0x20,%esi
40096e: 48 89 c7 mov %rax,%rdi
400971: e8 53 ff ff ff callq 4008c9 <atoi@plt+0x169>
sub_4008c9(rbp_30h, 0x20);
400976: 48 8d 45 d0 lea -0x30(%rbp),%rax
40097a: 48 89 c7 mov %rax,%rdi
40097d: e8 de fd ff ff callq 400760 <atoi@plt>
400982: 48 8b 55 f8 mov -0x8(%rbp),%rdx
400986: 64 48 33 14 25 28 00 xor %fs:0x28,%rdx
40098d: 00 00
40098f: 74 05 je 400996 <atoi@plt+0x236>
400991: e8 3a fd ff ff callq 4006d0 <__stack_chk_fail@plt>
400996: c9 leaveq
400997: c3 retq
return atoi(rbp_30h);
}
int sub_400998()
{
400998: 55 push %rbp
400999: 48 89 e5 mov %rsp,%rbp
40099c: bf a8 11 40 00 mov $0x4011a8,%edi
4009a1: e8 1a fd ff ff callq 4006c0 <puts@plt>
puts("== 0ops Free Note ==");
4009a6: bf bd 11 40 00 mov $0x4011bd,%edi
4009ab: e8 10 fd ff ff callq 4006c0 <puts@plt>
puts("1. List Note");
4009b0: bf ca 11 40 00 mov $0x4011ca,%edi
4009b5: e8 06 fd ff ff callq 4006c0 <puts@plt>
puts("2. New Note");
4009ba: bf d6 11 40 00 mov $0x4011d6,%edi
4009bf: e8 fc fc ff ff callq 4006c0 <puts@plt>
puts("3. Edit Note");
4009c4: bf e3 11 40 00 mov $0x4011e3,%edi
4009c9: e8 f2 fc ff ff callq 4006c0 <puts@plt>
puts("4. Delete Note");
4009ce: bf f2 11 40 00 mov $0x4011f2,%edi
4009d3: e8 e8 fc ff ff callq 4006c0 <puts@plt>
puts("5. Exit");
4009d8: bf fa 11 40 00 mov $0x4011fa,%edi
4009dd: e8 de fc ff ff callq 4006c0 <puts@plt>
puts("====================");
4009e2: bf 0f 12 40 00 mov $0x40120f,%edi
4009e7: b8 00 00 00 00 mov $0x0,%eax
4009ec: e8 ef fc ff ff callq 4006e0 <printf@plt>
printf("Your choice: ");
4009f1: b8 00 00 00 00 mov $0x0,%eax
4009f6: e8 53 ff ff ff callq 40094e <atoi@plt+0x1ee>
4009fb: 5d pop %rbp
4009fc: c3 retq
return sub_40094e();
}
void sub_4009fd()
{
4009fd: 55 push %rbp
4009fe: 48 89 e5 mov %rsp,%rbp
400a01: 48 8b 05 90 16 20 00 mov 0x201690(%rip),%rax # 602098 <stdin>
400a08: b9 00 00 00 00 mov $0x0,%ecx
400a0d: ba 02 00 00 00 mov $0x2,%edx
400a12: be 00 00 00 00 mov $0x0,%esi
400a17: 48 89 c7 mov %rax,%rdi
400a1a: e8 31 fd ff ff callq 400750 <setvbuf@plt>
setvbuf(stdin, NULL, _IONBF, 0);
400a1f: 48 8b 05 6a 16 20 00 mov 0x20166a(%rip),%rax # 602090 <stdout>
400a26: b9 00 00 00 00 mov $0x0,%ecx
400a2b: ba 02 00 00 00 mov $0x2,%edx
400a30: be 00 00 00 00 mov $0x0,%esi
400a35: 48 89 c7 mov %rax,%rdi
400a38: e8 13 fd ff ff callq 400750 <setvbuf@plt>
setvbuf(stdout, NULL, _IONBF, 0);
400a3d: bf 3c 00 00 00 mov $0x3c,%edi
400a42: e8 a9 fc ff ff callq 4006f0 <alarm@plt>
alarm(60);
400a47: 5d pop %rbp
400a48: c3 retq
}
// TODO
void sub_400a49()
{
400a49: 55 push %rbp
400a4a: 48 89 e5 mov %rsp,%rbp
400a4d: 48 83 ec 10 sub $0x10,%rsp
// Local variables.
int rbp_04h;
400a51: bf 10 18 00 00 mov $0x1810,%edi
400a56: e8 d5 fc ff ff callq 400730 <malloc@plt>
400a5b: 48 89 05 46 16 20 00 mov %rax,0x201646(%rip) # 6020a8 <stdin+0x10>
bss_6020a8h = malloc(0x1810);
400a62: 48 8b 05 3f 16 20 00 mov 0x20163f(%rip),%rax # 6020a8 <stdin+0x10>
400a69: 48 c7 00 00 01 00 00 movq $0x100,(%rax)
bss_6020a8h->offset_00h = 0x100;
400a70: 48 8b 05 31 16 20 00 mov 0x201631(%rip),%rax # 6020a8 <stdin+0x10>
400a77: 48 c7 40 08 00 00 00 movq $0x0,0x8(%rax)
400a7e: 00
bss_6020a8h->offset_08h = NULL;
400a7f: c7 45 fc 00 00 00 00 movl $0x0,-0x4(%rbp)
400a86: eb 7d jmp 400b05 <atoi@plt+0x3a5>
for(rbp_04h = 0; rbp_04h < 0x100; rbp_04h++) {
400a88: 48 8b 0d 19 16 20 00 mov 0x201619(%rip),%rcx # 6020a8 <stdin+0x10>
400a8f: 8b 45 fc mov -0x4(%rbp),%eax
400a92: 48 63 d0 movslq %eax,%rdx
400a95: 48 89 d0 mov %rdx,%rax
400a98: 48 01 c0 add %rax,%rax
400a9b: 48 01 d0 add %rdx,%rax
400a9e: 48 c1 e0 03 shl $0x3,%rax
i*3 << 0x3;
400aa2: 48 01 c8 add %rcx,%rax
bss_6020a8h[];
400aa5: 48 83 c0 10 add $0x10,%rax
400aa9: 48 c7 00 00 00 00 00 movq $0x0,(%rax)
400ab0: 48 8b 0d f1 15 20 00 mov 0x2015f1(%rip),%rcx # 6020a8 <stdin+0x10>
400ab7: 8b 45 fc mov -0x4(%rbp),%eax
400aba: 48 63 d0 movslq %eax,%rdx
400abd: 48 89 d0 mov %rdx,%rax
400ac0: 48 01 c0 add %rax,%rax
400ac3: 48 01 d0 add %rdx,%rax
400ac6: 48 c1 e0 03 shl $0x3,%rax
400aca: 48 01 c8 add %rcx,%rax
400acd: 48 83 c0 10 add $0x10,%rax
400ad1: 48 c7 40 08 00 00 00 movq $0x0,0x8(%rax)
400ad8: 00
400ad9: 48 8b 0d c8 15 20 00 mov 0x2015c8(%rip),%rcx # 6020a8 <stdin+0x10>
400ae0: 8b 45 fc mov -0x4(%rbp),%eax
400ae3: 48 63 d0 movslq %eax,%rdx
400ae6: 48 89 d0 mov %rdx,%rax
400ae9: 48 01 c0 add %rax,%rax
400aec: 48 01 d0 add %rdx,%rax
400aef: 48 c1 e0 03 shl $0x3,%rax
400af3: 48 01 c8 add %rcx,%rax
400af6: 48 83 c0 20 add $0x20,%rax
400afa: 48 c7 00 00 00 00 00 movq $0x0,(%rax)
400b01: 83 45 fc 01 addl $0x1,-0x4(%rbp)
// ->>
400b05: 81 7d fc ff 00 00 00 cmpl $0xff,-0x4(%rbp)
400b0c: 0f 8e 76 ff ff ff jle 400a88 <atoi@plt+0x328>
}
400b12: c9 leaveq
400b13: c3 retq
}
void sub_400b14()
{
400b14: 55 push %rbp
400b15: 48 89 e5 mov %rsp,%rbp
400b18: 48 83 ec 10 sub $0x10,%rsp
// Local variables.
400b1c: 48 8b 05 85 15 20 00 mov 0x201585(%rip),%rax # 6020a8 <stdin+0x10>
400b23: 48 8b 40 08 mov 0x8(%rax),%rax
400b27: 48 85 c0 test %rax,%rax
400b2a: 0f 8e 86 00 00 00 jle 400bb6 <atoi@plt+0x456>
if(bss_6020a8h->offset_08h > 0) {
400b30: c7 45 fc 00 00 00 00 movl $0x0,-0x4(%rbp)
400b37: eb 66 jmp 400b9f <atoi@plt+0x43f>
for(rbp_04h = 0; rbp_04h < bss_6020a8h->offset_00h; rbp_04h++) {
400b39: 48 8b 0d 68 15 20 00 mov 0x201568(%rip),%rcx # 6020a8 <stdin+0x10>
400b40: 8b 45 fc mov -0x4(%rbp),%eax
400b43: 48 63 d0 movslq %eax,%rdx
400b46: 48 89 d0 mov %rdx,%rax
400b49: 48 01 c0 add %rax,%rax
400b4c: 48 01 d0 add %rdx,%rax
400b4f: 48 c1 e0 03 shl $0x3,%rax
400b53: 48 01 c8 add %rcx,%rax
400b56: 48 83 c0 10 add $0x10,%rax
400b5a: 48 8b 00 mov (%rax),%rax
400b5d: 48 83 f8 01 cmp $0x1,%rax
400b61: 75 38 jne 400b9b <atoi@plt+0x43b>
if(bss_6020a8h[rbp_04h*3 << 0x8 + 0x10] == 1) {
400b63: 48 8b 0d 3e 15 20 00 mov 0x20153e(%rip),%rcx # 6020a8 <stdin+0x10>
400b6a: 8b 45 fc mov -0x4(%rbp),%eax
400b6d: 48 63 d0 movslq %eax,%rdx
400b70: 48 89 d0 mov %rdx,%rax
400b73: 48 01 c0 add %rax,%rax
400b76: 48 01 d0 add %rdx,%rax
400b79: 48 c1 e0 03 shl $0x3,%rax
400b7d: 48 01 c8 add %rcx,%rax
400b80: 48 83 c0 20 add $0x20,%rax
400b84: 48 8b 10 mov (%rax),%rdx
;
400b87: 8b 45 fc mov -0x4(%rbp),%eax
400b8a: 89 c6 mov %eax,%esi
400b8c: bf 1d 12 40 00 mov $0x40121d,%edi
400b91: b8 00 00 00 00 mov $0x0,%eax
400b96: e8 45 fb ff ff callq 4006e0 <printf@plt>
printf("%d. %s\n", rbp_04h, bss_6020a8h[rbp_04h*3 << 3 + 0x20]);
}
400b9b: 83 45 fc 01 addl $0x1,-0x4(%rbp)
// ->>
400b9f: 8b 45 fc mov -0x4(%rbp),%eax
400ba2: 48 63 d0 movslq %eax,%rdx
400ba5: 48 8b 05 fc 14 20 00 mov 0x2014fc(%rip),%rax # 6020a8 <stdin+0x10>
400bac: 48 8b 00 mov (%rax),%rax
400baf: 48 39 c2 cmp %rax,%rdx
400bb2: 7c 85 jl 400b39 <atoi@plt+0x3d9>
}
400bb4: eb 0a jmp 400bc0 <atoi@plt+0x460>
} else {
400bb6: bf 28 12 40 00 mov $0x401228,%edi
400bbb: e8 00 fb ff ff callq 4006c0 <puts@plt>
puts("You need to create some new notes first.");
}
400bc0: c9 leaveq
400bc1: c3 retq
}
void sub_400bc2()
{
400bc2: 55 push %rbp
400bc3: 48 89 e5 mov %rsp,%rbp
400bc6: 48 83 ec 20 sub $0x20,%rsp
400bca: 48 8b 05 d7 14 20 00 mov 0x2014d7(%rip),%rax # 6020a8 <stdin+0x10>
400bd1: 48 8b 50 08 mov 0x8(%rax),%rdx
400bd5: 48 8b 05 cc 14 20 00 mov 0x2014cc(%rip),%rax # 6020a8 <stdin+0x10>
400bdc: 48 8b 00 mov (%rax),%rax
400bdf: 48 39 c2 cmp %rax,%rdx
400be2: 7c 0f jl 400bf3 <atoi@plt+0x493>
if() {
400be4: bf 51 12 40 00 mov $0x401251,%edi
400be9: e8 d2 fa ff ff callq 4006c0 <puts@plt>
400bee: e9 92 01 00 00 jmpq 400d85 <atoi@plt+0x625>
} else {
400bf3: c7 45 ec 00 00 00 00 movl $0x0,-0x14(%rbp)
400bfa: e9 6d 01 00 00 jmpq 400d6c <atoi@plt+0x60c>
for(rbp_14h = 0; rbp_14h < bss_6020a8h->offset_00h; rbp_14h++) {
400bff: 48 8b 0d a2 14 20 00 mov 0x2014a2(%rip),%rcx # 6020a8 <stdin+0x10>
400c06: 8b 45 ec mov -0x14(%rbp),%eax
400c09: 48 63 d0 movslq %eax,%rdx
400c0c: 48 89 d0 mov %rdx,%rax
400c0f: 48 01 c0 add %rax,%rax
400c12: 48 01 d0 add %rdx,%rax
400c15: 48 c1 e0 03 shl $0x3,%rax
400c19: 48 01 c8 add %rcx,%rax
400c1c: 48 83 c0 10 add $0x10,%rax
400c20: 48 8b 00 mov (%rax),%rax
400c23: 48 85 c0 test %rax,%rax
400c26: 0f 85 3c 01 00 00 jne 400d68 <atoi@plt+0x608>
if(bss_6020a8h[rbp_14h*3 << 3 + 0x10] == 0) {
400c2c: bf 6c 12 40 00 mov $0x40126c,%edi
400c31: b8 00 00 00 00 mov $0x0,%eax
400c36: e8 a5 fa ff ff callq 4006e0 <printf@plt>
printf("Length of new note: ");
400c3b: b8 00 00 00 00 mov $0x0,%eax
400c40: e8 09 fd ff ff callq 40094e <atoi@plt+0x1ee>
400c45: 89 45 f0 mov %eax,-0x10(%rbp)
rbp_10h = sub_40094e();
400c48: 83 7d f0 00 cmpl $0x0,-0x10(%rbp)
400c4c: 7f 0f jg 400c5d <atoi@plt+0x4fd>
if(rbp_10h <= 0) {
400c4e: bf 81 12 40 00 mov $0x401281,%edi
400c53: e8 68 fa ff ff callq 4006c0 <puts@plt>
puts("Invalid length!");
400c58: e9 28 01 00 00 jmpq 400d85 <atoi@plt+0x625>
break;
}
400c5d: 81 7d f0 00 10 00 00 cmpl $0x1000,-0x10(%rbp)
400c64: 7e 07 jle 400c6d <atoi@plt+0x50d>
if(rbp_10h > 0) {
400c66: c7 45 f0 00 10 00 00 movl $0x1000,-0x10(%rbp)
rbp_10h = 0x1000;
}
400c6d: 8b 45 f0 mov -0x10(%rbp),%eax
400c70: 99 cltd
400c71: c1 ea 19 shr $0x19,%edx
val0 = ((unsigned long long)rbp_10h >> 0x19);
400c74: 01 d0 add %edx,%eax
400c76: 83 e0 7f and $0x7f,%eax
400c79: 29 d0 sub %edx,%eax
val1 = 0x80;
400c7b: ba 80 00 00 00 mov $0x80,%edx
400c80: 29 c2 sub %eax,%edx
400c82: 89 d0 mov %edx,%eax
val2 = ((unsigned long long)rbp_10h + val0)&0x7f - val0 - val1;
400c84: c1 f8 1f sar $0x1f,%eax
// val2 >> 0x1f; // signed?
400c87: c1 e8 19 shr $0x19,%eax
val3 = (val2 >> 0x1f) >> 0x19;
400c8a: 01 c2 add %eax,%edx
400c8c: 83 e2 7f and $0x7f,%edx
400c8f: 29 c2 sub %eax,%edx
400c91: 89 d0 mov %edx,%eax
val4 = (val3 + val2) & 0x7f - val3;
400c93: 89 c2 mov %eax,%edx
400c95: 8b 45 f0 mov -0x10(%rbp),%eax
400c98: 01 d0 add %edx,%eax
400c9a: 89 45 f4 mov %eax,-0xc(%rbp)
rbp_0ch = rbp_10h + val4;
400c9d: 8b 45 f4 mov -0xc(%rbp),%eax
400ca0: 48 98 cltq
400ca2: 48 89 c7 mov %rax,%rdi
400ca5: e8 86 fa ff ff callq 400730 <malloc@plt>
400caa: 48 89 45 f8 mov %rax,-0x8(%rbp)
rbp_08h = malloc(rbp_0ch);
400cae: bf 91 12 40 00 mov $0x401291,%edi
400cb3: b8 00 00 00 00 mov $0x0,%eax
400cb8: e8 23 fa ff ff callq 4006e0 <printf@plt>
printf("Enter your note: ");
400cbd: 8b 55 f0 mov -0x10(%rbp),%edx
400cc0: 48 8b 45 f8 mov -0x8(%rbp),%rax
400cc4: 89 d6 mov %edx,%esi
400cc6: 48 89 c7 mov %rax,%rdi
400cc9: e8 8f fb ff ff callq 40085d <atoi@plt+0xfd>
sub_40085d(rbp_08h, rbp_10h);
400cce: 48 8b 0d d3 13 20 00 mov 0x2013d3(%rip),%rcx # 6020a8 <stdin+0x10>
400cd5: 8b 45 ec mov -0x14(%rbp),%eax
400cd8: 48 63 d0 movslq %eax,%rdx
400cdb: 48 89 d0 mov %rdx,%rax
400cde: 48 01 c0 add %rax,%rax
400ce1: 48 01 d0 add %rdx,%rax
400ce4: 48 c1 e0 03 shl $0x3,%rax
400ce8: 48 01 c8 add %rcx,%rax
400ceb: 48 83 c0 10 add $0x10,%rax
400cef: 48 c7 00 01 00 00 00 movq $0x1,(%rax)
bss_6020a8h[rbp_14h*3 << 0x3 + 0x10 + 0x00] = 1;
400cf6: 48 8b 35 ab 13 20 00 mov 0x2013ab(%rip),%rsi # 6020a8 <stdin+0x10>
400cfd: 8b 45 f0 mov -0x10(%rbp),%eax
400d00: 48 63 c8 movslq %eax,%rcx
400d03: 8b 45 ec mov -0x14(%rbp),%eax
400d06: 48 63 d0 movslq %eax,%rdx
400d09: 48 89 d0 mov %rdx,%rax
400d0c: 48 01 c0 add %rax,%rax
400d0f: 48 01 d0 add %rdx,%rax
400d12: 48 c1 e0 03 shl $0x3,%rax
400d16: 48 01 f0 add %rsi,%rax
400d19: 48 83 c0 10 add $0x10,%rax
400d1d: 48 89 48 08 mov %rcx,0x8(%rax)
bss_6020a8h[rbp_14h*3 << 0x3 + 0x10 + 0x08] = rbp_10h;
400d21: 48 8b 0d 80 13 20 00 mov 0x201380(%rip),%rcx # 6020a8 <stdin+0x10>
400d28: 8b 45 ec mov -0x14(%rbp),%eax
400d2b: 48 63 d0 movslq %eax,%rdx
400d2e: 48 89 d0 mov %rdx,%rax
400d31: 48 01 c0 add %rax,%rax
400d34: 48 01 d0 add %rdx,%rax
400d37: 48 c1 e0 03 shl $0x3,%rax
400d3b: 48 01 c8 add %rcx,%rax
400d3e: 48 8d 50 20 lea 0x20(%rax),%rdx
400d42: 48 8b 45 f8 mov -0x8(%rbp),%rax
400d46: 48 89 02 mov %rax,(%rdx)
bss_6020a8h[rbp_14h*3 << 0x3 + 0x20] = rbp_08h;
400d49: 48 8b 05 58 13 20 00 mov 0x201358(%rip),%rax # 6020a8 <stdin+0x10>
400d50: 48 8b 50 08 mov 0x8(%rax),%rdx
400d54: 48 83 c2 01 add $0x1,%rdx
400d58: 48 89 50 08 mov %rdx,0x8(%rax)
bss_6020a8h->offset_08h = 1;
400d5c: bf a3 12 40 00 mov $0x4012a3,%edi
400d61: e8 5a f9 ff ff callq 4006c0 <puts@plt>
puts("Done.");
400d66: eb 1d jmp 400d85 <atoi@plt+0x625>
break;
}
400d68: 83 45 ec 01 addl $0x1,-0x14(%rbp)
// ->>
400d6c: 8b 45 ec mov -0x14(%rbp),%eax
400d6f: 48 63 d0 movslq %eax,%rdx
400d72: 48 8b 05 2f 13 20 00 mov 0x20132f(%rip),%rax # 6020a8 <stdin+0x10>
400d79: 48 8b 00 mov (%rax),%rax
400d7c: 48 39 c2 cmp %rax,%rdx
400d7f: 0f 8c 7a fe ff ff jl 400bff <atoi@plt+0x49f>
}
}
400d85: c9 leaveq
400d86: c3 retq
}
void sub_400d87()
{
400d87: 55 push %rbp
400d88: 48 89 e5 mov %rsp,%rbp
400d8b: 53 push %rbx
400d8c: 48 83 ec 18 sub $0x18,%rsp
// Local variables.
400d90: bf a9 12 40 00 mov $0x4012a9,%edi
400d95: b8 00 00 00 00 mov $0x0,%eax
400d9a: e8 41 f9 ff ff callq 4006e0 <printf@plt>
printf("Note number: ");
400d9f: b8 00 00 00 00 mov $0x0,%eax
400da4: e8 a5 fb ff ff callq 40094e <atoi@plt+0x1ee>
400da9: 89 45 e8 mov %eax,-0x18(%rbp)
rbp_18h = sub_40094e();
400dac: 83 7d e8 00 cmpl $0x0,-0x18(%rbp)
400db0: 78 3f js 400df1 <atoi@plt+0x691>
400db2: 8b 45 e8 mov -0x18(%rbp),%eax
400db5: 48 63 d0 movslq %eax,%rdx
400db8: 48 8b 05 e9 12 20 00 mov 0x2012e9(%rip),%rax # 6020a8 <stdin+0x10>
400dbf: 48 8b 00 mov (%rax),%rax
400dc2: 48 39 c2 cmp %rax,%rdx
400dc5: 7d 2a jge 400df1 <atoi@plt+0x691>
// XXX: strange. (rbp_18h >= 0)
if(rbp_18h >= 0 && rbp_18h < bss_6020a8h->offset_00h) {
400dc7: 48 8b 0d da 12 20 00 mov 0x2012da(%rip),%rcx # 6020a8 <stdin+0x10>
400dce: 8b 45 e8 mov -0x18(%rbp),%eax
400dd1: 48 63 d0 movslq %eax,%rdx
400dd4: 48 89 d0 mov %rdx,%rax
400dd7: 48 01 c0 add %rax,%rax
400dda: 48 01 d0 add %rdx,%rax
400ddd: 48 c1 e0 03 shl $0x3,%rax
400de1: 48 01 c8 add %rcx,%rax
400de4: 48 83 c0 10 add $0x10,%rax
400de8: 48 8b 00 mov (%rax),%rax
400deb: 48 83 f8 01 cmp $0x1,%rax
400def: 74 0f je 400e00 <atoi@plt+0x6a0>
if(bss_6020a8h[rbp_18h*3 << 3 + 0x10] != 1) {
puts("Invalid number!");
return;
}
} else {
400df1: bf b7 12 40 00 mov $0x4012b7,%edi
400df6: e8 c5 f8 ff ff callq 4006c0 <puts@plt>
puts("Invalid number!");
400dfb: e9 76 01 00 00 jmpq 400f76 <atoi@plt+0x816>
return;
}
400e00: bf c7 12 40 00 mov $0x4012c7,%edi
400e05: b8 00 00 00 00 mov $0x0,%eax
400e0a: e8 d1 f8 ff ff callq 4006e0 <printf@plt>
printf("Length of note: ");
400e0f: b8 00 00 00 00 mov $0x0,%eax
400e14: e8 35 fb ff ff callq 40094e <atoi@plt+0x1ee>
400e19: 89 45 e4 mov %eax,-0x1c(%rbp)
rbp_1ch = sub_40094e();
400e1c: 83 7d e4 00 cmpl $0x0,-0x1c(%rbp)
400e20: 7f 0f jg 400e31 <atoi@plt+0x6d1>
if(rbp_1ch <= 0) {
400e22: bf 81 12 40 00 mov $0x401281,%edi
400e27: e8 94 f8 ff ff callq 4006c0 <puts@plt>
puts("Invalid length!");
400e2c: e9 45 01 00 00 jmpq 400f76 <atoi@plt+0x816>
}
400e31: 81 7d e4 00 10 00 00 cmpl $0x1000,-0x1c(%rbp)
400e38: 7e 07 jle 400e41 <atoi@plt+0x6e1>
if(rbp_1ch > 0x1000) {
400e3a: c7 45 e4 00 10 00 00 movl $0x1000,-0x1c(%rbp)
rbp_1ch = 0x1000;
}
400e41: 8b 45 e4 mov -0x1c(%rbp),%eax
400e44: 48 63 c8 movslq %eax,%rcx
400e47: 48 8b 35 5a 12 20 00 mov 0x20125a(%rip),%rsi # 6020a8 <stdin+0x10>
400e4e: 8b 45 e8 mov -0x18(%rbp),%eax
400e51: 48 63 d0 movslq %eax,%rdx
400e54: 48 89 d0 mov %rdx,%rax
400e57: 48 01 c0 add %rax,%rax
400e5a: 48 01 d0 add %rdx,%rax
400e5d: 48 c1 e0 03 shl $0x3,%rax
400e61: 48 01 f0 add %rsi,%rax
400e64: 48 83 c0 10 add $0x10,%rax
400e68: 48 8b 40 08 mov 0x8(%rax),%rax
400e6c: 48 39 c1 cmp %rax,%rcx
400e6f: 0f 84 b7 00 00 00 je 400f2c <atoi@plt+0x7cc>
if(bss_6020a8h[rbp_18h*3 << 3 + 0x10 + 0x8] != rbp_1ch) {
400e75: 8b 45 e4 mov -0x1c(%rbp),%eax
400e78: 99 cltd
400e79: c1 ea 19 shr $0x19,%edx
val0 = rbp_1ch >> 0x19;
400e7c: 01 d0 add %edx,%eax
400e7e: 83 e0 7f and $0x7f,%eax
400e81: 29 d0 sub %edx,%eax
400e83: ba 80 00 00 00 mov $0x80,%edx
400e88: 29 c2 sub %eax,%edx
400e8a: 89 d0 mov %edx,%eax
val1 = 0x80 - (((val0 + rbp_1ch) & 0x7f) - val0);
400e8c: c1 f8 1f sar $0x1f,%eax
// val1 >> 0x1f; // signed?
400e8f: c1 e8 19 shr $0x19,%eax
val2 = (val1 >> 0x1f) >> 0x19;
400e92: 01 c2 add %eax,%edx
400e94: 83 e2 7f and $0x7f,%edx
400e97: 29 c2 sub %eax,%edx
400e99: 89 d0 mov %edx,%eax
400e9b: 89 c2 mov %eax,%edx
val3 = ((val2 + val1) & 0x7f) - val2;
400e9d: 8b 45 e4 mov -0x1c(%rbp),%eax
400ea0: 01 d0 add %edx,%eax
400ea2: 89 45 ec mov %eax,-0x14(%rbp)
rbp_14h = rbp_1ch + val3;
400ea5: 48 8b 1d fc 11 20 00 mov 0x2011fc(%rip),%rbx # 6020a8 <stdin+0x10>
400eac: 8b 45 ec mov -0x14(%rbp),%eax
400eaf: 48 63 c8 movslq %eax,%rcx
400eb2: 48 8b 35 ef 11 20 00 mov 0x2011ef(%rip),%rsi # 6020a8 <stdin+0x10>
400eb9: 8b 45 e8 mov -0x18(%rbp),%eax
400ebc: 48 63 d0 movslq %eax,%rdx
400ebf: 48 89 d0 mov %rdx,%rax
400ec2: 48 01 c0 add %rax,%rax
400ec5: 48 01 d0 add %rdx,%rax
400ec8: 48 c1 e0 03 shl $0x3,%rax
400ecc: 48 01 f0 add %rsi,%rax
400ecf: 48 83 c0 20 add $0x20,%rax
400ed3: 48 8b 00 mov (%rax),%rax
400ed6: 48 89 ce mov %rcx,%rsi
400ed9: 48 89 c7 mov %rax,%rdi
400edc: e8 5f f8 ff ff callq 400740 <realloc@plt>
400ee1: 48 89 c1 mov %rax,%rcx
400ee4: 8b 45 e8 mov -0x18(%rbp),%eax
400ee7: 48 63 d0 movslq %eax,%rdx
400eea: 48 89 d0 mov %rdx,%rax
400eed: 48 01 c0 add %rax,%rax
400ef0: 48 01 d0 add %rdx,%rax
400ef3: 48 c1 e0 03 shl $0x3,%rax
400ef7: 48 01 d8 add %rbx,%rax
400efa: 48 83 c0 20 add $0x20,%rax
400efe: 48 89 08 mov %rcx,(%rax)
bss_6020a8h[rbp_18h*3 << 0x3 + 0x20] = realloc(bss_6020a8h[rbp_18h*3 << 0x3 + 0x20], rbp_14h);
400f01: 48 8b 35 a0 11 20 00 mov 0x2011a0(%rip),%rsi # 6020a8 <stdin+0x10>
400f08: 8b 45 e4 mov -0x1c(%rbp),%eax
400f0b: 48 63 c8 movslq %eax,%rcx
400f0e: 8b 45 e8 mov -0x18(%rbp),%eax
400f11: 48 63 d0 movslq %eax,%rdx
400f14: 48 89 d0 mov %rdx,%rax
400f17: 48 01 c0 add %rax,%rax
400f1a: 48 01 d0 add %rdx,%rax
400f1d: 48 c1 e0 03 shl $0x3,%rax
400f21: 48 01 f0 add %rsi,%rax
400f24: 48 83 c0 10 add $0x10,%rax
400f28: 48 89 48 08 mov %rcx,0x8(%rax)
bss_6020a8h[rbp_18h*3 << 0x3 + 0x10 + 0x08] = rbp_1ch;
}
400f2c: bf 91 12 40 00 mov $0x401291,%edi
400f31: b8 00 00 00 00 mov $0x0,%eax
400f36: e8 a5 f7 ff ff callq 4006e0 <printf@plt>
printf("Enter your note: ");
400f3b: 48 8b 0d 66 11 20 00 mov 0x201166(%rip),%rcx # 6020a8 <stdin+0x10>
400f42: 8b 45 e8 mov -0x18(%rbp),%eax
400f45: 48 63 d0 movslq %eax,%rdx
400f48: 48 89 d0 mov %rdx,%rax
400f4b: 48 01 c0 add %rax,%rax
400f4e: 48 01 d0 add %rdx,%rax
400f51: 48 c1 e0 03 shl $0x3,%rax
400f55: 48 01 c8 add %rcx,%rax
400f58: 48 83 c0 20 add $0x20,%rax
400f5c: 48 8b 00 mov (%rax),%rax
400f5f: 8b 55 e4 mov -0x1c(%rbp),%edx
400f62: 89 d6 mov %edx,%esi
400f64: 48 89 c7 mov %rax,%rdi
400f67: e8 f1 f8 ff ff callq 40085d <atoi@plt+0xfd>
sub_40085d(bss_6020a8h[rbp_18h*3 << 0x3 + 0x20], rbp_1ch);
400f6c: bf a3 12 40 00 mov $0x4012a3,%edi
400f71: e8 4a f7 ff ff callq 4006c0 <puts@plt>
puts("Done.");
400f76: 48 83 c4 18 add $0x18,%rsp
400f7a: 5b pop %rbx
400f7b: 5d pop %rbp
400f7c: c3 retq
}
void sub_400f7d()
{
400f7d: 55 push %rbp
400f7e: 48 89 e5 mov %rsp,%rbp
400f81: 48 83 ec 10 sub $0x10,%rsp
// Local variables.
400f85: 48 8b 05 1c 11 20 00 mov 0x20111c(%rip),%rax # 6020a8 <stdin+0x10>
400f8c: 48 8b 40 08 mov 0x8(%rax),%rax
400f90: 48 85 c0 test %rax,%rax
400f93: 0f 8e e2 00 00 00 jle 40107b <atoi@plt+0x91b>
if(bss_6020a8h->offset_08h != 0) {
400f99: bf a9 12 40 00 mov $0x4012a9,%edi
400f9e: b8 00 00 00 00 mov $0x0,%eax
400fa3: e8 38 f7 ff ff callq 4006e0 <printf@plt>
printf("Note number: ");
400fa8: b8 00 00 00 00 mov $0x0,%eax
400fad: e8 9c f9 ff ff callq 40094e <atoi@plt+0x1ee>
400fb2: 89 45 fc mov %eax,-0x4(%rbp)
rbp_04h = sub_40094e();
400fb5: 83 7d fc 00 cmpl $0x0,-0x4(%rbp)
400fb9: 78 15 js 400fd0 <atoi@plt+0x870>
if(rbp_04h >= 0) {
400fbb: 8b 45 fc mov -0x4(%rbp),%eax
400fbe: 48 63 d0 movslq %eax,%rdx
400fc1: 48 8b 05 e0 10 20 00 mov 0x2010e0(%rip),%rax # 6020a8 <stdin+0x10>
400fc8: 48 8b 00 mov (%rax),%rax
400fcb: 48 39 c2 cmp %rax,%rdx
400fce: 7c 0f jl 400fdf <atoi@plt+0x87f>
if(rbp_04h >= bss_6020a8h->offset_00h) {
puts("Invalid number");
return;
}
} else {
400fd0: bf b7 12 40 00 mov $0x4012b7,%edi
400fd5: e8 e6 f6 ff ff callq 4006c0 <puts@plt>
puts("Invalid number!");
400fda: e9 a6 00 00 00 jmpq 401085 <atoi@plt+0x925>
return;
}
400fdf: 48 8b 05 c2 10 20 00 mov 0x2010c2(%rip),%rax # 6020a8 <stdin+0x10>
400fe6: 48 8b 50 08 mov 0x8(%rax),%rdx
400fea: 48 83 ea 01 sub $0x1,%rdx
400fee: 48 89 50 08 mov %rdx,0x8(%rax)
bss_6020a8h->offset_08h -= 1;
400ff2: 48 8b 0d af 10 20 00 mov 0x2010af(%rip),%rcx # 6020a8 <stdin+0x10>
400ff9: 8b 45 fc mov -0x4(%rbp),%eax
400ffc: 48 63 d0 movslq %eax,%rdx
400fff: 48 89 d0 mov %rdx,%rax
401002: 48 01 c0 add %rax,%rax
401005: 48 01 d0 add %rdx,%rax
401008: 48 c1 e0 03 shl $0x3,%rax
40100c: 48 01 c8 add %rcx,%rax
40100f: 48 83 c0 10 add $0x10,%rax
401013: 48 c7 00 00 00 00 00 movq $0x0,(%rax)
bss_6020a8h[rbp_04h*3 << 0x3 + 0x10 + 0x00] = NULL;
40101a: 48 8b 0d 87 10 20 00 mov 0x201087(%rip),%rcx # 6020a8 <stdin+0x10>
401021: 8b 45 fc mov -0x4(%rbp),%eax
401024: 48 63 d0 movslq %eax,%rdx
401027: 48 89 d0 mov %rdx,%rax
40102a: 48 01 c0 add %rax,%rax
40102d: 48 01 d0 add %rdx,%rax
401030: 48 c1 e0 03 shl $0x3,%rax
401034: 48 01 c8 add %rcx,%rax
401037: 48 83 c0 10 add $0x10,%rax
40103b: 48 c7 40 08 00 00 00 movq $0x0,0x8(%rax)
401042: 00
bss_6020a8h[rbp_04h*3 << 0x3 + 0x10 + 0x08] = 0;
401043: 48 8b 0d 5e 10 20 00 mov 0x20105e(%rip),%rcx # 6020a8 <stdin+0x10>
40104a: 8b 45 fc mov -0x4(%rbp),%eax
40104d: 48 63 d0 movslq %eax,%rdx
401050: 48 89 d0 mov %rdx,%rax
401053: 48 01 c0 add %rax,%rax
401056: 48 01 d0 add %rdx,%rax
401059: 48 c1 e0 03 shl $0x3,%rax
40105d: 48 01 c8 add %rcx,%rax
401060: 48 83 c0 20 add $0x20,%rax
401064: 48 8b 00 mov (%rax),%rax
401067: 48 89 c7 mov %rax,%rdi
40106a: e8 41 f6 ff ff callq 4006b0 <free@plt>
free(bss_6020a8h[rbp_04h*3 << 0x3 + 0x20]);
40106f: bf a3 12 40 00 mov $0x4012a3,%edi
401074: e8 47 f6 ff ff callq 4006c0 <puts@plt>
puts("Done.");
401079: eb 0a jmp 401085 <atoi@plt+0x925>
} else {
40107b: bf d8 12 40 00 mov $0x4012d8,%edi
401080: e8 3b f6 ff ff callq 4006c0 <puts@plt>
puts("No notes yet.");
}
401085: c9 leaveq
401086: c3 retq
}
int main(void)
{
401087: 55 push %rbp
401088: 48 89 e5 mov %rsp,%rbp
40108b: 48 83 ec 10 sub $0x10,%rsp
// Local variables.
40108f: b8 00 00 00 00 mov $0x0,%eax
401094: e8 64 f9 ff ff callq 4009fd <atoi@plt+0x29d>
sub_4009fd();
401099: b8 00 00 00 00 mov $0x0,%eax
40109e: e8 a6 f9 ff ff callq 400a49 <atoi@plt+0x2e9>
sub_400a49();
while(true) {
4010a3: b8 00 00 00 00 mov $0x0,%eax
4010a8: e8 eb f8 ff ff callq 400998 <atoi@plt+0x238>
4010ad: 89 45 fc mov %eax,-0x4(%rbp)
rbp_04h = sub_400998();
4010b0: 83 7d fc 05 cmpl $0x5,-0x4(%rbp)
4010b4: 77 4e ja 401104 <atoi@plt+0x9a4>
4010b6: 8b 45 fc mov -0x4(%rbp),%eax
4010b9: 48 8b 04 c5 f8 12 40 mov 0x4012f8(,%rax,8),%rax
4010c0: 00
4010c1: ff e0 jmpq *%rax
switch(rbp_04h) {
case 1:
4010c3: b8 00 00 00 00 mov $0x0,%eax
4010c8: e8 47 fa ff ff callq 400b14 <atoi@plt+0x3b4>
4010cd: eb 40 jmp 40110f <atoi@plt+0x9af>
break;
case 2:
4010cf: b8 00 00 00 00 mov $0x0,%eax
4010d4: e8 e9 fa ff ff callq 400bc2 <atoi@plt+0x462>
4010d9: eb 34 jmp 40110f <atoi@plt+0x9af>
break;
case 3:
4010db: b8 00 00 00 00 mov $0x0,%eax
4010e0: e8 a2 fc ff ff callq 400d87 <atoi@plt+0x627>
4010e5: eb 28 jmp 40110f <atoi@plt+0x9af>
break;
case 4:
4010e7: b8 00 00 00 00 mov $0x0,%eax
4010ec: e8 8c fe ff ff callq 400f7d <atoi@plt+0x81d>
4010f1: eb 1c jmp 40110f <atoi@plt+0x9af>
break;
case 5:
4010f3: bf e6 12 40 00 mov $0x4012e6,%edi
4010f8: e8 c3 f5 ff ff callq 4006c0 <puts@plt>
4010fd: b8 00 00 00 00 mov $0x0,%eax
401102: eb 0d jmp 401111 <atoi@plt+0x9b1>
return;
case 0:
default:
401104: bf ea 12 40 00 mov $0x4012ea,%edi
401109: e8 b2 f5 ff ff callq 4006c0 <puts@plt>
40110e: 90 nop
40110f: eb 92 jmp 4010a3 <atoi@plt+0x943>
}
}
401111: c9 leaveq
401112: c3 retq
401113: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
40111a: 00 00 00
40111d: 0f 1f 00 nopl (%rax)
}
401120: 41 57 push %r15
401122: 41 89 ff mov %edi,%r15d
401125: 41 56 push %r14
401127: 49 89 f6 mov %rsi,%r14
40112a: 41 55 push %r13
40112c: 49 89 d5 mov %rdx,%r13
40112f: 41 54 push %r12
401131: 4c 8d 25 d8 0c 20 00 lea 0x200cd8(%rip),%r12 # 601e10 <atoi@plt+0x2016b0>
401138: 55 push %rbp
401139: 48 8d 2d d8 0c 20 00 lea 0x200cd8(%rip),%rbp # 601e18 <atoi@plt+0x2016b8>
401140: 53 push %rbx
401141: 4c 29 e5 sub %r12,%rbp
401144: 31 db xor %ebx,%ebx
401146: 48 c1 fd 03 sar $0x3,%rbp
40114a: 48 83 ec 08 sub $0x8,%rsp
40114e: e8 25 f5 ff ff callq 400678 <free@plt-0x38>
401153: 48 85 ed test %rbp,%rbp
401156: 74 1e je 401176 <atoi@plt+0xa16>
401158: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
40115f: 00
401160: 4c 89 ea mov %r13,%rdx
401163: 4c 89 f6 mov %r14,%rsi
401166: 44 89 ff mov %r15d,%edi
401169: 41 ff 14 dc callq *(%r12,%rbx,8)
40116d: 48 83 c3 01 add $0x1,%rbx
401171: 48 39 eb cmp %rbp,%rbx
401174: 75 ea jne 401160 <atoi@plt+0xa00>
401176: 48 83 c4 08 add $0x8,%rsp
40117a: 5b pop %rbx
40117b: 5d pop %rbp
40117c: 41 5c pop %r12
40117e: 41 5d pop %r13
401180: 41 5e pop %r14
401182: 41 5f pop %r15
401184: c3 retq
401185: 66 66 2e 0f 1f 84 00 data32 nopw %cs:0x0(%rax,%rax,1)
40118c: 00 00 00 00
401190: f3 c3 repz retq
Disassembly of section .fini:
0000000000401194 <.fini>:
401194: 48 83 ec 08 sub $0x8,%rsp
401198: 48 83 c4 08 add $0x8,%rsp
40119c: c3 retq
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment