Skip to content

Instantly share code, notes, and snippets.

@hhc0null

hhc0null/quine.c

Last active August 29, 2015 14:19
Show Gist options
  • Save hhc0null/cd21269eb241ebac7685 to your computer and use it in GitHub Desktop.
Save hhc0null/cd21269eb241ebac7685 to your computer and use it in GitHub Desktop.
Download ZIP
[Teaser_CONFidence_CTF_2015_Pwning-Quine-400pts] Unsolved.
Raw
quine.c
struct hoge {
char *offset_00h;
int offset_04h; // max length.
int offset_08h; // counter.
}
void sub_804889d(char *arg_0)
{
puts(arg_0);
exit(EXIT_FAILURE);
}
int sub_80488ba(char *arg_0, int arg_4, char *arg_8, int arg_c)
{
// Local variables.
int ebp_24h;
int ebp_20h;
int ebp_1ch;
int ebp_18h;
struct hoge ebp_14h;
sub_8048d52(ebp_14h, arg_8, arg_c);
for(ebp_24h = 0; sub_8048d72(ebp_14h); ) {
ebp_20h = sub_8048d8e(ebp_14h, 1);
if(ebp_20h) {
if(sub_8048d72(ebp_14h) <= 7) {
sub_804889d("Invalid input buffer");
}
arg_0[ebp_24h++] = sub_8048d8e(ebp_14h, 8);
} else {
if(sub_8048d72(ebp_14h) == 0) {
sub_804889d("Invalid input buffer");
}
if(sub_8048d8e(ebp_14h, 1)) {
ebp_1ch = sub_8048e30(ebp_14h);
ebp_18h = sub_8048e30(ebp_14h);
if(&arg_0->offset_00h[ebp_24h - ebp_1ch - 1] < arg_0->offset_00h) {
sub_804889d("Invalid input buffer");
}
if(ebp_18h > ebp_24h) {
sub_804889d("Invalid input buffer");
}
memcpy(&arg_0[ebp_24h], &arg_0[ebp_24h - ebp_1ch - 1], ebp_18h);
ebp_24h += ebp_18h;
} else {
break;
}
}
// ->>
}
return ebp_24h;
}
int sub_8048a38(int arg_0)
{
// Local variables.
char ebp_0ch;
ebp_0ch = arg_0;
if('0' <= ebp_0ch && ebp_0ch <= '9') {
return ebp_0ch - '0'; // [0-9]
} else {
return tolower(ebp_0ch) - 'W'; // [a-f]
}
}
void sub_8048a6a(char *arg_0, char *arg_4)
{
// Local variables.
int ebp_10h;
int ebp_0ch;
ebp_0ch = strlen(arg_4);
if(ebp_0ch & 1) { // is odd number?
sub_804889d("Invalid hex input length!");
}
for(ebp_10h = 0; ebp_10h < ebp_0ch; ebp_10h += 2) {
if(!isxdigit(arg_4[ebp_10h]) || !isxdigit(arg_4[ebp_10h+1])) {
sub_804889d("Non-hex digit found!");
}
// HighLow -> LowHigh
arg_0[ebp_10h>>1] =
(sub_8048a38(arg_4[ebp_10h]) << 4) + sub_8048a38(arg_4[ebp_10h+1]);
// ->>
}
}
int main()
{
// Local variables.
unsigned int esp_1ch;
int esp_20h;
int esp_24h;
char esp_2bh[0x800];
char esp_82bh[0x800];
char esp_102bh[0x800];
setvbuf(stdout, NULL, _IONBF, 0);
puts("Welcome to DaaS - Decompression as a Service");
puts("Because of recent attacks, we have reduced the input size by half, sorry.");
system("sleep 1");
printf("Input size: ");
scanf("%u", &esp_1ch);
getchar();
if(esp_1ch > 0x800) {
sub_804889d("What are you trying to do?!?");
}
printf("Hex input: ");
fgets(esp_102bh, 0x801, stdin); // XXX: Off-by-one
for(esp_20h = strlen(esp_102bh) - 1; esp_20h >= 0 && esp_102bh[esp_20h] == '\n'; esp_102bh[esp_20h--] = '\0') {
// ->>
}
sub_8048a6a(esp_82bh, esp_102bh);
esp_24h = sub_80488ba(esp_2bh, 0x800, esp_82bh, 0x800);
printf("Your result: ");
fwrite(esp_2bh, 1, esp_24h, stdout);
puts("");
return 0;
}
// {{{
sub_8048cf6(int arg_0, int arg_4)
{
if(arg_0 == 1 && arg_4 == 0xffff) {
std::ios_base::Init::Init(bss_804b085h);
__cxa_at_exit(std::ios_base::Init::~Init, bss_804b085h, bss_804b05ch);
}
}
sub_8048d35()
{
sub_8048cf6(1, 0xffff);
}
// }}}
void sub_8048d52(struct hoge arg_0, char *arg_4, int arg_8)
{
arg_0->offset_00h = arg_4;
arg_0->offset_04h = arg_8;
arg_0->offset_08h = 0;
}
int sub_8048d72(struct hoge arg_0)
{
return arg_0->offset_04h*8 - arg_0->offset_08h;
}
int sub_8048d8e(struct hoge arg_0, int arg_4)
{
// Local variables.
char ebp_0dh;
int ebp_0ch;
ebp_0ch = 0;
if(arg_4 >= 0x20 || arg_0->offset_08h + arg_4 >= arg_0->offset_04h << 3) {
sub_804889d("Not enought bits in input stream!");
}
for(ebp_0ch = 0; arg_4--; arg_0->offset_08h++) {
ebp_0dh = arg_0->offset_00h[arg_0->offset_08h >> 3];
ebp_0ch = ((arg_0->offset_08h & 7) >> ebp_0dh & 1) + ebp_0ch * 2;
// ->>
}
return ebp_0ch;
}
int sub_8048e30(struct hoge arg_0)
{
// Local variables.
int ebp_10h;
int ebp_0ch;
ebp_10h = 0;
for(ebp_0ch = 0; sub_8048d8e(arg_0, 1); ebp_0ch++) {
ebp_10h |= sub_8048d8e(arg_0, 4) << (ebp_0ch << 2);
// ->>
}
return ebp_10h;
}
Raw
quine.disasm
../quine: file format elf32-i386
Disassembly of section .init:
08048630 <.init>:
8048630: 53 push %ebx
8048631: 83 ec 08 sub $0x8,%esp
8048634: e8 97 01 00 00 call 80487d0 <exit@plt+0x40>
8048639: 81 c3 c7 29 00 00 add $0x29c7,%ebx
804863f: 8b 83 fc ff ff ff mov -0x4(%ebx),%eax
8048645: 85 c0 test %eax,%eax
8048647: 74 05 je 804864e <__cxa_atexit@plt-0x22>
8048649: e8 42 00 00 00 call 8048690 <__gmon_start__@plt>
804864e: 83 c4 08 add $0x8,%esp
8048651: 5b pop %ebx
8048652: c3 ret
Disassembly of section .plt:
08048660 <__cxa_atexit@plt-0x10>:
8048660: ff 35 04 b0 04 08 pushl 0x804b004
8048666: ff 25 08 b0 04 08 jmp *0x804b008
804866c: 00 00 add %al,(%eax)
...
08048670 <__cxa_atexit@plt>:
8048670: ff 25 0c b0 04 08 jmp *0x804b00c
8048676: 68 00 00 00 00 push $0x0
804867b: e9 e0 ff ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
08048680 <getchar@plt>:
8048680: ff 25 10 b0 04 08 jmp *0x804b010
8048686: 68 08 00 00 00 push $0x8
804868b: e9 d0 ff ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
08048690 <__gmon_start__@plt>:
8048690: ff 25 14 b0 04 08 jmp *0x804b014
8048696: 68 10 00 00 00 push $0x10
804869b: e9 c0 ff ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
080486a0 <system@plt>:
80486a0: ff 25 18 b0 04 08 jmp *0x804b018
80486a6: 68 18 00 00 00 push $0x18
80486ab: e9 b0 ff ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
080486b0 <std::ios_base::Init::Init()@plt>:
80486b0: ff 25 1c b0 04 08 jmp *0x804b01c
80486b6: 68 20 00 00 00 push $0x20
80486bb: e9 a0 ff ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
080486c0 <fgets@plt>:
80486c0: ff 25 20 b0 04 08 jmp *0x804b020
80486c6: 68 28 00 00 00 push $0x28
80486cb: e9 90 ff ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
080486d0 <isxdigit@plt>:
80486d0: ff 25 24 b0 04 08 jmp *0x804b024
80486d6: 68 30 00 00 00 push $0x30
80486db: e9 80 ff ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
080486e0 <__libc_start_main@plt>:
80486e0: ff 25 28 b0 04 08 jmp *0x804b028
80486e6: 68 38 00 00 00 push $0x38
80486eb: e9 70 ff ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
080486f0 <std::ios_base::Init::~Init()@plt>:
80486f0: ff 25 2c b0 04 08 jmp *0x804b02c
80486f6: 68 40 00 00 00 push $0x40
80486fb: e9 60 ff ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
08048700 <scanf@plt>:
8048700: ff 25 30 b0 04 08 jmp *0x804b030
8048706: 68 48 00 00 00 push $0x48
804870b: e9 50 ff ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
08048710 <memcpy@plt>:
8048710: ff 25 34 b0 04 08 jmp *0x804b034
8048716: 68 50 00 00 00 push $0x50
804871b: e9 40 ff ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
08048720 <strlen@plt>:
8048720: ff 25 38 b0 04 08 jmp *0x804b038
8048726: 68 58 00 00 00 push $0x58
804872b: e9 30 ff ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
08048730 <printf@plt>:
8048730: ff 25 3c b0 04 08 jmp *0x804b03c
8048736: 68 60 00 00 00 push $0x60
804873b: e9 20 ff ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
08048740 <fwrite@plt>:
8048740: ff 25 40 b0 04 08 jmp *0x804b040
8048746: 68 68 00 00 00 push $0x68
804874b: e9 10 ff ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
08048750 <setvbuf@plt>:
8048750: ff 25 44 b0 04 08 jmp *0x804b044
8048756: 68 70 00 00 00 push $0x70
804875b: e9 00 ff ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
08048760 <__stack_chk_fail@plt>:
8048760: ff 25 48 b0 04 08 jmp *0x804b048
8048766: 68 78 00 00 00 push $0x78
804876b: e9 f0 fe ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
08048770 <puts@plt>:
8048770: ff 25 4c b0 04 08 jmp *0x804b04c
8048776: 68 80 00 00 00 push $0x80
804877b: e9 e0 fe ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
08048780 <tolower@plt>:
8048780: ff 25 50 b0 04 08 jmp *0x804b050
8048786: 68 88 00 00 00 push $0x88
804878b: e9 d0 fe ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
08048790 <exit@plt>:
8048790: ff 25 54 b0 04 08 jmp *0x804b054
8048796: 68 90 00 00 00 push $0x90
804879b: e9 c0 fe ff ff jmp 8048660 <__cxa_atexit@plt-0x10>
Disassembly of section .text:
080487a0 <.text>:
80487a0: 31 ed xor %ebp,%ebp
80487a2: 5e pop %esi
80487a3: 89 e1 mov %esp,%ecx
80487a5: 83 e4 f0 and $0xfffffff0,%esp
80487a8: 50 push %eax
80487a9: 54 push %esp
80487aa: 52 push %edx
80487ab: 68 00 8f 04 08 push $0x8048f00
80487b0: 68 90 8e 04 08 push $0x8048e90
80487b5: 51 push %ecx
80487b6: 56 push %esi
80487b7: 68 41 8b 04 08 push $0x8048b41
80487bc: e8 1f ff ff ff call 80486e0 <__libc_start_main@plt>
80487c1: f4 hlt
80487c2: 66 90 xchg %ax,%ax
80487c4: 66 90 xchg %ax,%ax
80487c6: 66 90 xchg %ax,%ax
80487c8: 66 90 xchg %ax,%ax
80487ca: 66 90 xchg %ax,%ax
80487cc: 66 90 xchg %ax,%ax
80487ce: 66 90 xchg %ax,%ax
80487d0: 8b 1c 24 mov (%esp),%ebx
80487d3: c3 ret
80487d4: 66 90 xchg %ax,%ax
80487d6: 66 90 xchg %ax,%ax
80487d8: 66 90 xchg %ax,%ax
80487da: 66 90 xchg %ax,%ax
80487dc: 66 90 xchg %ax,%ax
80487de: 66 90 xchg %ax,%ax
80487e0: b8 63 b0 04 08 mov $0x804b063,%eax
80487e5: 2d 60 b0 04 08 sub $0x804b060,%eax
80487ea: 83 f8 06 cmp $0x6,%eax
80487ed: 77 01 ja 80487f0 <exit@plt+0x60>
80487ef: c3 ret
80487f0: b8 00 00 00 00 mov $0x0,%eax
80487f5: 85 c0 test %eax,%eax
80487f7: 74 f6 je 80487ef <exit@plt+0x5f>
80487f9: 55 push %ebp
80487fa: 89 e5 mov %esp,%ebp
80487fc: 83 ec 18 sub $0x18,%esp
80487ff: c7 04 24 60 b0 04 08 movl $0x804b060,(%esp)
8048806: ff d0 call *%eax
8048808: c9 leave
8048809: c3 ret
804880a: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
8048810: b8 60 b0 04 08 mov $0x804b060,%eax
8048815: 2d 60 b0 04 08 sub $0x804b060,%eax
804881a: c1 f8 02 sar $0x2,%eax
804881d: 89 c2 mov %eax,%edx
804881f: c1 ea 1f shr $0x1f,%edx
8048822: 01 d0 add %edx,%eax
8048824: d1 f8 sar %eax
8048826: 75 01 jne 8048829 <exit@plt+0x99>
8048828: c3 ret
8048829: ba 00 00 00 00 mov $0x0,%edx
804882e: 85 d2 test %edx,%edx
8048830: 74 f6 je 8048828 <exit@plt+0x98>
8048832: 55 push %ebp
8048833: 89 e5 mov %esp,%ebp
8048835: 83 ec 18 sub $0x18,%esp
8048838: 89 44 24 04 mov %eax,0x4(%esp)
804883c: c7 04 24 60 b0 04 08 movl $0x804b060,(%esp)
8048843: ff d2 call *%edx
8048845: c9 leave
8048846: c3 ret
8048847: 89 f6 mov %esi,%esi
8048849: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
8048850: 80 3d 84 b0 04 08 00 cmpb $0x0,0x804b084
8048857: 75 13 jne 804886c <exit@plt+0xdc>
8048859: 55 push %ebp
804885a: 89 e5 mov %esp,%ebp
804885c: 83 ec 08 sub $0x8,%esp
804885f: e8 7c ff ff ff call 80487e0 <exit@plt+0x50>
8048864: c6 05 84 b0 04 08 01 movb $0x1,0x804b084
804886b: c9 leave
804886c: f3 c3 repz ret
804886e: 66 90 xchg %ax,%ax
8048870: a1 08 af 04 08 mov 0x804af08,%eax
8048875: 85 c0 test %eax,%eax
8048877: 74 1f je 8048898 <exit@plt+0x108>
8048879: b8 00 00 00 00 mov $0x0,%eax
804887e: 85 c0 test %eax,%eax
8048880: 74 16 je 8048898 <exit@plt+0x108>
8048882: 55 push %ebp
8048883: 89 e5 mov %esp,%ebp
8048885: 83 ec 18 sub $0x18,%esp
8048888: c7 04 24 08 af 04 08 movl $0x804af08,(%esp)
804888f: ff d0 call *%eax
8048891: c9 leave
8048892: e9 79 ff ff ff jmp 8048810 <exit@plt+0x80>
8048897: 90 nop
8048898: e9 73 ff ff ff jmp 8048810 <exit@plt+0x80>
void sub_804889d(char *arg_0)
{
804889d: 55 push %ebp
804889e: 89 e5 mov %esp,%ebp
80488a0: 83 ec 18 sub $0x18,%esp
80488a3: 8b 45 08 mov 0x8(%ebp),%eax
80488a6: 89 04 24 mov %eax,(%esp)
80488a9: e8 c2 fe ff ff call 8048770 <puts@plt>
puts(arg_0);
80488ae: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80488b5: e8 d6 fe ff ff call 8048790 <exit@plt>
exit(EXIT_FAILURE);
}
int sub_80488ba(char *arg_0, int arg_4, char *arg_8, int arg_c)
{
80488ba: 55 push %ebp
80488bb: 89 e5 mov %esp,%ebp
80488bd: 53 push %ebx
80488be: 83 ec 34 sub $0x34,%esp
// Local variables.
int ebp_24h;
ebp_20h;
ebp_1ch;
ebp_18h;
struct hoge ebp_14h;
80488c1: 8b 45 14 mov 0x14(%ebp),%eax
80488c4: 89 44 24 08 mov %eax,0x8(%esp)
80488c8: 8b 45 10 mov 0x10(%ebp),%eax
80488cb: 89 44 24 04 mov %eax,0x4(%esp)
80488cf: 8d 45 ec lea -0x14(%ebp),%eax
80488d2: 89 04 24 mov %eax,(%esp)
80488d5: e8 78 04 00 00 call 8048d52 <exit@plt+0x5c2>
sub_8048d52(ebp_14h, arg_8, arg_c);
80488da: c7 45 dc 00 00 00 00 movl $0x0,-0x24(%ebp)
80488e1: e9 31 01 00 00 jmp 8048a17 <exit@plt+0x287>
for(ebp_24h = 0; sub_8048d72(ebp_14h) == 0; ) {
80488e6: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp)
80488ed: 00
80488ee: 8d 45 ec lea -0x14(%ebp),%eax
80488f1: 89 04 24 mov %eax,(%esp)
80488f4: e8 95 04 00 00 call 8048d8e <exit@plt+0x5fe>
80488f9: 89 45 e0 mov %eax,-0x20(%ebp)
ebp_20h = sub_8048d8e(ebp_14h, 1);
80488fc: 83 7d e0 00 cmpl $0x0,-0x20(%ebp)
8048900: 74 4a je 804894c <exit@plt+0x1bc>
if(ebp_20h != 0) {
8048902: 8d 45 ec lea -0x14(%ebp),%eax
8048905: 89 04 24 mov %eax,(%esp)
8048908: e8 65 04 00 00 call 8048d72 <exit@plt+0x5e2>
804890d: 83 f8 07 cmp $0x7,%eax
8048910: 0f 96 c0 setbe %al
8048913: 84 c0 test %al,%al
8048915: 74 0c je 8048923 <exit@plt+0x193>
if(sub_8048d72(ebp_14h) <= 7) {
8048917: c7 04 24 46 8f 04 08 movl $0x8048f46,(%esp)
804891e: e8 7a ff ff ff call 804889d <exit@plt+0x10d>
sub_804889d("Invalid input buffer");
}
8048923: 8b 45 dc mov -0x24(%ebp),%eax
8048926: 8d 50 01 lea 0x1(%eax),%edx
8048929: 89 55 dc mov %edx,-0x24(%ebp)
804892c: 8b 55 08 mov 0x8(%ebp),%edx
804892f: 8d 1c 10 lea (%eax,%edx,1),%ebx
8048932: c7 44 24 04 08 00 00 movl $0x8,0x4(%esp)
8048939: 00
804893a: 8d 45 ec lea -0x14(%ebp),%eax
804893d: 89 04 24 mov %eax,(%esp)
8048940: e8 49 04 00 00 call 8048d8e <exit@plt+0x5fe>
8048945: 88 03 mov %al,(%ebx)
arg_0[ebp_24h++] = sub_8048d8e(ebp_14h, 8);
8048947: e9 cb 00 00 00 jmp 8048a17 <exit@plt+0x287>
} else {
804894c: 8d 45 ec lea -0x14(%ebp),%eax
804894f: 89 04 24 mov %eax,(%esp)
8048952: e8 1b 04 00 00 call 8048d72 <exit@plt+0x5e2>
8048957: 85 c0 test %eax,%eax
8048959: 0f 94 c0 sete %al
804895c: 84 c0 test %al,%al
804895e: 74 0c je 804896c <exit@plt+0x1dc>
if(sub_8048d72(ebp_14h) == 0) {
8048960: c7 04 24 46 8f 04 08 movl $0x8048f46,(%esp)
8048967: e8 31 ff ff ff call 804889d <exit@plt+0x10d>
sub_804889d("Invalid input buffer");
}
804896c: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp)
8048973: 00
8048974: 8d 45 ec lea -0x14(%ebp),%eax
8048977: 89 04 24 mov %eax,(%esp)
804897a: e8 0f 04 00 00 call 8048d8e <exit@plt+0x5fe>
804897f: 85 c0 test %eax,%eax
8048981: 0f 95 c0 setne %al
8048984: 84 c0 test %al,%al
8048986: 0f 84 89 00 00 00 je 8048a15 <exit@plt+0x285>
if(sub_8048d8e(ebp_14h, 1)) {
804898c: 8d 45 ec lea -0x14(%ebp),%eax
804898f: 89 04 24 mov %eax,(%esp)
8048992: e8 99 04 00 00 call 8048e30 <exit@plt+0x6a0>
8048997: 89 45 e4 mov %eax,-0x1c(%ebp)
ebp_1ch = sub_8048e30(ebp_14h);
804899a: 8d 45 ec lea -0x14(%ebp),%eax
804899d: 89 04 24 mov %eax,(%esp)
80489a0: e8 8b 04 00 00 call 8048e30 <exit@plt+0x6a0>
80489a5: 89 45 e8 mov %eax,-0x18(%ebp)
ebp_18h = sub_8048e30(ebp_14h);
80489a8: 8b 45 e4 mov -0x1c(%ebp),%eax
80489ab: 8b 55 dc mov -0x24(%ebp),%edx
80489ae: 29 c2 sub %eax,%edx
80489b0: 89 d0 mov %edx,%eax
80489b2: 8d 50 ff lea -0x1(%eax),%edx
80489b5: 8b 45 08 mov 0x8(%ebp),%eax
80489b8: 01 d0 add %edx,%eax
80489ba: 3b 45 08 cmp 0x8(%ebp),%eax
80489bd: 73 0c jae 80489cb <exit@plt+0x23b>
if(&arg_0[ebp_24h - ebp_1ch - 1] < arg_0) {
80489bf: c7 04 24 46 8f 04 08 movl $0x8048f46,(%esp)
80489c6: e8 d2 fe ff ff call 804889d <exit@plt+0x10d>
sub_804889d("Invalid input buffer");
}
80489cb: 8b 45 e8 mov -0x18(%ebp),%eax
80489ce: 3b 45 dc cmp -0x24(%ebp),%eax
80489d1: 76 0c jbe 80489df <exit@plt+0x24f>
if(ebp_18h > ebp_24h) {
80489d3: c7 04 24 46 8f 04 08 movl $0x8048f46,(%esp)
80489da: e8 be fe ff ff call 804889d <exit@plt+0x10d>
sub_804889d("Invalid input buffer");
}
80489df: 8b 45 e4 mov -0x1c(%ebp),%eax
80489e2: 8b 55 dc mov -0x24(%ebp),%edx
80489e5: 29 c2 sub %eax,%edx
80489e7: 89 d0 mov %edx,%eax
80489e9: 8d 50 ff lea -0x1(%eax),%edx
80489ec: 8b 45 08 mov 0x8(%ebp),%eax
80489ef: 8d 0c 02 lea (%edx,%eax,1),%ecx
80489f2: 8b 45 dc mov -0x24(%ebp),%eax
80489f5: 8b 55 08 mov 0x8(%ebp),%edx
80489f8: 01 c2 add %eax,%edx
80489fa: 8b 45 e8 mov -0x18(%ebp),%eax
80489fd: 89 44 24 08 mov %eax,0x8(%esp)
8048a01: 89 4c 24 04 mov %ecx,0x4(%esp)
8048a05: 89 14 24 mov %edx,(%esp)
8048a08: e8 03 fd ff ff call 8048710 <memcpy@plt>
memcpy(&arg_0[ebp_24h], &arg_0[ebp_24h - ebp_1ch - 1], ebp_18h);
8048a0d: 8b 45 e8 mov -0x18(%ebp),%eax
8048a10: 01 45 dc add %eax,-0x24(%ebp)
ebp_24h += ebp_18h;
8048a13: eb 02 jmp 8048a17 <exit@plt+0x287>
} else {
8048a15: eb 18 jmp 8048a2f <exit@plt+0x29f>
break;
}
}
// ->>
8048a17: 8d 45 ec lea -0x14(%ebp),%eax
8048a1a: 89 04 24 mov %eax,(%esp)
8048a1d: e8 50 03 00 00 call 8048d72 <exit@plt+0x5e2>
8048a22: 85 c0 test %eax,%eax
8048a24: 0f 95 c0 setne %al
8048a27: 84 c0 test %al,%al
8048a29: 0f 85 b7 fe ff ff jne 80488e6 <exit@plt+0x156>
}
8048a2f: 8b 45 dc mov -0x24(%ebp),%eax
8048a32: 83 c4 34 add $0x34,%esp
8048a35: 5b pop %ebx
8048a36: 5d pop %ebp
8048a37: c3 ret
return ebp_24h;
}
int sub_8048a38(int arg_0)
{
8048a38: 55 push %ebp
8048a39: 89 e5 mov %esp,%ebp
8048a3b: 83 ec 18 sub $0x18,%esp
// Local variables.
char ebp_0ch;
8048a3e: 8b 45 08 mov 0x8(%ebp),%eax
8048a41: 88 45 f4 mov %al,-0xc(%ebp)
ebp_0ch = arg_0;
8048a44: 80 7d f4 2f cmpb $0x2f,-0xc(%ebp)
8048a48: 7e 0f jle 8048a59 <exit@plt+0x2c9>
8048a4a: 80 7d f4 39 cmpb $0x39,-0xc(%ebp)
8048a4e: 7f 09 jg 8048a59 <exit@plt+0x2c9>
if('0' <= ebp_0ch && ebp_0ch <= '9') {
8048a50: 0f be 45 f4 movsbl -0xc(%ebp),%eax
8048a54: 83 e8 30 sub $0x30,%eax
return ebp_0ch - '0';
8048a57: eb 0f jmp 8048a68 <exit@plt+0x2d8>
} else {
8048a59: 0f be 45 f4 movsbl -0xc(%ebp),%eax
8048a5d: 89 04 24 mov %eax,(%esp)
8048a60: e8 1b fd ff ff call 8048780 <tolower@plt>
return tolower(ebp_0ch);
8048a65: 83 e8 57 sub $0x57,%eax
}
8048a68: c9 leave
8048a69: c3 ret
}
void sub_8048a6a(char *arg_0, char *arg_4)
{
8048a6a: 55 push %ebp
8048a6b: 89 e5 mov %esp,%ebp
8048a6d: 56 push %esi
8048a6e: 53 push %ebx
8048a6f: 83 ec 20 sub $0x20,%esp
// Local variables.
int ebp_10h;
int ebp_0ch;
8048a72: 8b 45 0c mov 0xc(%ebp),%eax
8048a75: 89 04 24 mov %eax,(%esp)
8048a78: e8 a3 fc ff ff call 8048720 <strlen@plt>
8048a7d: 89 45 f4 mov %eax,-0xc(%ebp)
ebp_0ch = strlen(arg_4);
8048a80: 8b 45 f4 mov -0xc(%ebp),%eax
8048a83: 83 e0 01 and $0x1,%eax
8048a86: 85 c0 test %eax,%eax
8048a88: 74 0c je 8048a96 <exit@plt+0x306>
if(ebp_0ch & 1) {
8048a8a: c7 04 24 5b 8f 04 08 movl $0x8048f5b,(%esp)
8048a91: e8 07 fe ff ff call 804889d <exit@plt+0x10d>
sub_804889d("Invalid hex input length!");
}
8048a96: c7 45 f0 00 00 00 00 movl $0x0,-0x10(%ebp)
8048a9d: e9 8c 00 00 00 jmp 8048b2e <exit@plt+0x39e>
for(ebp_10h = 0; ebp_10h < ebp_0ch; ebp_10h+=2) {
8048aa2: 8b 45 f0 mov -0x10(%ebp),%eax
8048aa5: 8b 55 0c mov 0xc(%ebp),%edx
8048aa8: 01 d0 add %edx,%eax
8048aaa: 0f b6 00 movzbl (%eax),%eax
8048aad: 0f be c0 movsbl %al,%eax
8048ab0: 89 04 24 mov %eax,(%esp)
8048ab3: e8 18 fc ff ff call 80486d0 <isxdigit@plt>
8048ab8: 85 c0 test %eax,%eax
8048aba: 74 1d je 8048ad9 <exit@plt+0x349>
if(!isxdigit(arg_4[ebp_10h])) {
sub_804889d("Non-hex digit found!");
}
8048abc: 8b 45 f0 mov -0x10(%ebp),%eax
8048abf: 8d 50 01 lea 0x1(%eax),%edx
8048ac2: 8b 45 0c mov 0xc(%ebp),%eax
8048ac5: 01 d0 add %edx,%eax
8048ac7: 0f b6 00 movzbl (%eax),%eax
8048aca: 0f be c0 movsbl %al,%eax
8048acd: 89 04 24 mov %eax,(%esp)
8048ad0: e8 fb fb ff ff call 80486d0 <isxdigit@plt>
8048ad5: 85 c0 test %eax,%eax
8048ad7: 75 0c jne 8048ae5 <exit@plt+0x355>
if(!isxdigit(arg_4[ebp_10h+1])) {
8048ad9: c7 04 24 75 8f 04 08 movl $0x8048f75,(%esp)
8048ae0: e8 b8 fd ff ff call 804889d <exit@plt+0x10d>
sub_804889d("Non-hex digit found!");
}
8048ae5: 8b 45 f0 mov -0x10(%ebp),%eax
8048ae8: d1 e8 shr %eax
8048aea: 89 c2 mov %eax,%edx
8048aec: 8b 45 08 mov 0x8(%ebp),%eax
8048aef: 8d 1c 02 lea (%edx,%eax,1),%ebx
// ebx = arg_0[ebp_10h>>1];
8048af2: 8b 45 f0 mov -0x10(%ebp),%eax
8048af5: 8b 55 0c mov 0xc(%ebp),%edx
8048af8: 01 d0 add %edx,%eax
8048afa: 0f b6 00 movzbl (%eax),%eax
8048afd: 0f be c0 movsbl %al,%eax
8048b00: 89 04 24 mov %eax,(%esp)
8048b03: e8 30 ff ff ff call 8048a38 <exit@plt+0x2a8>
8048b08: c1 e0 04 shl $0x4,%eax
8048b0b: 89 c6 mov %eax,%esi
// esi = sub_8048a38(arg_4[ebp_10h]) << 4;
8048b0d: 8b 45 f0 mov -0x10(%ebp),%eax
8048b10: 8d 50 01 lea 0x1(%eax),%edx
8048b13: 8b 45 0c mov 0xc(%ebp),%eax
8048b16: 01 d0 add %edx,%eax
8048b18: 0f b6 00 movzbl (%eax),%eax
8048b1b: 0f be c0 movsbl %al,%eax
8048b1e: 89 04 24 mov %eax,(%esp)
8048b21: e8 12 ff ff ff call 8048a38 <exit@plt+0x2a8>
8048b26: 01 f0 add %esi,%eax
8048b28: 88 03 mov %al,(%ebx)
arg_0[ebp_10h>>1] = (sub_8048a38(arg_4[ebp_10h]) << 4) + sub_8048a38(arg_4[ebp_10h++]);
8048b2a: 83 45 f0 02 addl $0x2,-0x10(%ebp)
// ->>
8048b2e: 8b 45 f0 mov -0x10(%ebp),%eax
8048b31: 3b 45 f4 cmp -0xc(%ebp),%eax
8048b34: 0f 82 68 ff ff ff jb 8048aa2 <exit@plt+0x312>
}
8048b3a: 83 c4 20 add $0x20,%esp
8048b3d: 5b pop %ebx
8048b3e: 5e pop %esi
8048b3f: 5d pop %ebp
8048b40: c3 ret
}
int main()
{
8048b41: 55 push %ebp
8048b42: 89 e5 mov %esp,%ebp
8048b44: 83 e4 f0 and $0xfffffff0,%esp
8048b47: 81 ec 30 20 00 00 sub $0x2030,%esp
// Local variables.
unsigned int esp_1ch;
int esp_20h;
int esp_24h;
char esp_2bh[0x800];
char esp_82bh[0x800];
char esp_102bh[0x800];
8048b4d: 65 a1 14 00 00 00 mov %gs:0x14,%eax
8048b53: 89 84 24 2c 20 00 00 mov %eax,0x202c(%esp)
8048b5a: 31 c0 xor %eax,%eax
8048b5c: a1 80 b0 04 08 mov 0x804b080,%eax
8048b61: c7 44 24 0c 00 00 00 movl $0x0,0xc(%esp)
8048b68: 00
8048b69: c7 44 24 08 02 00 00 movl $0x2,0x8(%esp)
8048b70: 00
8048b71: c7 44 24 04 00 00 00 movl $0x0,0x4(%esp)
8048b78: 00
8048b79: 89 04 24 mov %eax,(%esp)
8048b7c: e8 cf fb ff ff call 8048750 <setvbuf@plt>
setvbuf(stdout, NULL, _IONBF, 0);
8048b81: c7 04 24 8c 8f 04 08 movl $0x8048f8c,(%esp)
8048b88: e8 e3 fb ff ff call 8048770 <puts@plt>
puts("Welcome to DaaS - Decompression as a Service");
8048b8d: c7 04 24 bc 8f 04 08 movl $0x8048fbc,(%esp)
8048b94: e8 d7 fb ff ff call 8048770 <puts@plt>
puts("Because of recent attacks, we have reduced the input size by half, sorry.");
8048b99: c7 04 24 06 90 04 08 movl $0x8049006,(%esp)
8048ba0: e8 fb fa ff ff call 80486a0 <system@plt>
system("sleep 1");
8048ba5: c7 04 24 0e 90 04 08 movl $0x804900e,(%esp)
8048bac: e8 7f fb ff ff call 8048730 <printf@plt>
printf("1.Input size: ");
8048bb1: 8d 44 24 1c lea 0x1c(%esp),%eax
8048bb5: 89 44 24 04 mov %eax,0x4(%esp)
8048bb9: c7 04 24 1b 90 04 08 movl $0x804901b,(%esp)
8048bc0: e8 3b fb ff ff call 8048700 <scanf@plt>
scanf("%u", &esp_1ch);
8048bc5: e8 b6 fa ff ff call 8048680 <getchar@plt>
getchar();
8048bca: 8b 44 24 1c mov 0x1c(%esp),%eax
8048bce: 3d 00 08 00 00 cmp $0x800,%eax
8048bd3: 76 0c jbe 8048be1 <exit@plt+0x451>
if(esp_1ch > 0x800) {
8048bd5: c7 04 24 1e 90 04 08 movl $0x804901e,(%esp)
8048bdc: e8 bc fc ff ff call 804889d <exit@plt+0x10d>
sub_804889d("What are you trying to do?!?");
}
8048be1: c7 04 24 3b 90 04 08 movl $0x804903b,(%esp)
8048be8: e8 43 fb ff ff call 8048730 <printf@plt>
printf("Hex input: ");
8048bed: 8b 15 60 b0 04 08 mov 0x804b060,%edx
8048bf3: b8 00 08 00 00 mov $0x800,%eax
8048bf8: 83 c0 01 add $0x1,%eax
8048bfb: 89 54 24 08 mov %edx,0x8(%esp)
8048bff: 89 44 24 04 mov %eax,0x4(%esp)
8048c03: 8d 84 24 2b 10 00 00 lea 0x102b(%esp),%eax
8048c0a: 89 04 24 mov %eax,(%esp)
8048c0d: e8 ae fa ff ff call 80486c0 <fgets@plt>
fgets(esp_102bh, 1, 0x800, stdin);
8048c12: 8d 84 24 2b 10 00 00 lea 0x102b(%esp),%eax
8048c19: 89 04 24 mov %eax,(%esp)
8048c1c: e8 ff fa ff ff call 8048720 <strlen@plt>
8048c21: 83 e8 01 sub $0x1,%eax
8048c24: 89 44 24 20 mov %eax,0x20(%esp)
8048c28: eb 13 jmp 8048c3d <exit@plt+0x4ad>
for(esp_20h = strlen(esp_102bh) - 1; esp_20h >= 0 && esp_102bh[esp_20h] == '\n'; esp_102bh[esp_20h--] = '\0') {
8048c2a: 8b 44 24 20 mov 0x20(%esp),%eax
8048c2e: 8d 50 ff lea -0x1(%eax),%edx
8048c31: 89 54 24 20 mov %edx,0x20(%esp)
8048c35: c6 84 04 2b 10 00 00 movb $0x0,0x102b(%esp,%eax,1)
8048c3c: 00
// ->>
8048c3d: 83 7c 24 20 00 cmpl $0x0,0x20(%esp)
8048c42: 78 14 js 8048c58 <exit@plt+0x4c8>
8048c44: 8d 94 24 2b 10 00 00 lea 0x102b(%esp),%edx
8048c4b: 8b 44 24 20 mov 0x20(%esp),%eax
8048c4f: 01 d0 add %edx,%eax
8048c51: 0f b6 00 movzbl (%eax),%eax
8048c54: 3c 0a cmp $0xa,%al
8048c56: 74 d2 je 8048c2a <exit@plt+0x49a>
}
8048c58: 8d 84 24 2b 10 00 00 lea 0x102b(%esp),%eax
8048c5f: 89 44 24 04 mov %eax,0x4(%esp)
8048c63: 8d 84 24 2b 08 00 00 lea 0x82b(%esp),%eax
8048c6a: 89 04 24 mov %eax,(%esp)
8048c6d: e8 f8 fd ff ff call 8048a6a <exit@plt+0x2da>
sub_8048a6a(esp_82bh, esp_102bh);
8048c72: c7 44 24 0c 00 08 00 movl $0x800,0xc(%esp)
8048c79: 00
8048c7a: 8d 84 24 2b 08 00 00 lea 0x82b(%esp),%eax
8048c81: 89 44 24 08 mov %eax,0x8(%esp)
8048c85: c7 44 24 04 00 08 00 movl $0x800,0x4(%esp)
8048c8c: 00
8048c8d: 8d 44 24 2b lea 0x2b(%esp),%eax
8048c91: 89 04 24 mov %eax,(%esp)
8048c94: e8 21 fc ff ff call 80488ba <exit@plt+0x12a>
8048c99: 89 44 24 24 mov %eax,0x24(%esp)
esp_24h = sub_80488ba(esp_2bh, 0x800, esp_82bh, 0x800);
8048c9d: c7 04 24 47 90 04 08 movl $0x8049047,(%esp)
8048ca4: e8 87 fa ff ff call 8048730 <printf@plt>
printf("Your result: ");
8048ca9: a1 80 b0 04 08 mov 0x804b080,%eax
8048cae: 89 44 24 0c mov %eax,0xc(%esp)
8048cb2: 8b 44 24 24 mov 0x24(%esp),%eax
8048cb6: 89 44 24 08 mov %eax,0x8(%esp)
8048cba: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp)
8048cc1: 00
8048cc2: 8d 44 24 2b lea 0x2b(%esp),%eax
8048cc6: 89 04 24 mov %eax,(%esp)
8048cc9: e8 72 fa ff ff call 8048740 <fwrite@plt>
fwrite(esp_2bh, 1, esp_24h, stdout);
8048cce: c7 04 24 55 90 04 08 movl $0x8049055,(%esp)
8048cd5: e8 96 fa ff ff call 8048770 <puts@plt>
puts("");
8048cda: b8 00 00 00 00 mov $0x0,%eax
8048cdf: 8b 8c 24 2c 20 00 00 mov 0x202c(%esp),%ecx
8048ce6: 65 33 0d 14 00 00 00 xor %gs:0x14,%ecx
8048ced: 74 05 je 8048cf4 <exit@plt+0x564>
8048cef: e8 6c fa ff ff call 8048760 <__stack_chk_fail@plt>
8048cf4: c9 leave
8048cf5: c3 ret
return 0;
}
sub_8048cf6(int arg_0, int arg_4)
{
8048cf6: 55 push %ebp
8048cf7: 89 e5 mov %esp,%ebp
8048cf9: 83 ec 18 sub $0x18,%esp
8048cfc: 83 7d 08 01 cmpl $0x1,0x8(%ebp)
8048d00: 75 31 jne 8048d33 <exit@plt+0x5a3>
8048d02: 81 7d 0c ff ff 00 00 cmpl $0xffff,0xc(%ebp)
8048d09: 75 28 jne 8048d33 <exit@plt+0x5a3>
if(arg_0 == 1 && arg_4 == 0xffff) {
8048d0b: c7 04 24 85 b0 04 08 movl $0x804b085,(%esp)
8048d12: e8 99 f9 ff ff call 80486b0 <std::ios_base::Init::Init()@plt>
std::ios_base::Init::Init(bss_804b085h);
8048d17: c7 44 24 08 5c b0 04 movl $0x804b05c,0x8(%esp)
8048d1e: 08
8048d1f: c7 44 24 04 85 b0 04 movl $0x804b085,0x4(%esp)
8048d26: 08
8048d27: c7 04 24 f0 86 04 08 movl $0x80486f0,(%esp)
8048d2e: e8 3d f9 ff ff call 8048670 <__cxa_atexit@plt>
__cxa_at_exit(std::ios_base::Init::~Init, bss_804b085h, bss_804b05ch);
}
8048d33: c9 leave
8048d34: c3 ret
}
sub_8048d35()
{
8048d35: 55 push %ebp
8048d36: 89 e5 mov %esp,%ebp
8048d38: 83 ec 18 sub $0x18,%esp
8048d3b: c7 44 24 04 ff ff 00 movl $0xffff,0x4(%esp)
8048d42: 00
8048d43: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048d4a: e8 a7 ff ff ff call 8048cf6 <exit@plt+0x566>
sub_8048cf6(1, 0xffff);
8048d4f: c9 leave
8048d50: c3 ret
8048d51: 90 nop
}
void sub_8048d52(struct hoge arg_0, char *arg_4, int arg_8)
{
8048d52: 55 push %ebp
8048d53: 89 e5 mov %esp,%ebp
8048d55: 8b 45 08 mov 0x8(%ebp),%eax
8048d58: 8b 55 0c mov 0xc(%ebp),%edx
8048d5b: 89 10 mov %edx,(%eax)
arg_0->offset_00h = arg_4;
8048d5d: 8b 45 08 mov 0x8(%ebp),%eax
8048d60: 8b 55 10 mov 0x10(%ebp),%edx
8048d63: 89 50 04 mov %edx,0x4(%eax)
arg_0->offset_04h = arg_8;
8048d66: 8b 45 08 mov 0x8(%ebp),%eax
8048d69: c7 40 08 00 00 00 00 movl $0x0,0x8(%eax)
arg_0->offset_08h = 0;
8048d70: 5d pop %ebp
8048d71: c3 ret
}
int sub_8048d72(struct hoge arg_0)
{
8048d72: 55 push %ebp
8048d73: 89 e5 mov %esp,%ebp
8048d75: 8b 45 08 mov 0x8(%ebp),%eax
8048d78: 8b 40 04 mov 0x4(%eax),%eax
8048d7b: 8d 14 c5 00 00 00 00 lea 0x0(,%eax,8),%edx
8048d82: 8b 45 08 mov 0x8(%ebp),%eax
8048d85: 8b 40 08 mov 0x8(%eax),%eax
8048d88: 29 c2 sub %eax,%edx
8048d8a: 89 d0 mov %edx,%eax
8048d8c: 5d pop %ebp
8048d8d: c3 ret
return arg_0->offset_04h*8 - arg_0->offset_08h;
}
int sub_8048d8e(struct hoge arg_0, int arg_4)
{
8048d8e: 55 push %ebp
8048d8f: 89 e5 mov %esp,%ebp
8048d91: 53 push %ebx
8048d92: 83 ec 24 sub $0x24,%esp
// Local variables.
char ebp_0dh;
int ebp_0ch;
8048d95: c7 45 f4 00 00 00 00 movl $0x0,-0xc(%ebp)
ebp_0ch = 0;
8048d9c: b8 20 00 00 00 mov $0x20,%eax
8048da1: 3b 45 0c cmp 0xc(%ebp),%eax
8048da4: 72 18 jb 8048dbe <exit@plt+0x62e>
8048da6: 8b 45 08 mov 0x8(%ebp),%eax
8048da9: 8b 50 08 mov 0x8(%eax),%edx
8048dac: 8b 45 0c mov 0xc(%ebp),%eax
8048daf: 01 c2 add %eax,%edx
8048db1: 8b 45 08 mov 0x8(%ebp),%eax
8048db4: 8b 40 04 mov 0x4(%eax),%eax
8048db7: c1 e0 03 shl $0x3,%eax
8048dba: 39 c2 cmp %eax,%edx
8048dbc: 72 0e jb 8048dcc <exit@plt+0x63c>
if(arg_4 >= 0x20 || arg_0->offset_08h + arg_4 >= arg_0->offset_04h << 3) {
8048dbe: c7 04 24 24 8f 04 08 movl $0x8048f24,(%esp)
8048dc5: e8 d3 fa ff ff call 804889d <exit@plt+0x10d>
sub_804889d("Not enought bits in input stream!");
8048dca: eb 48 jmp 8048e14 <exit@plt+0x684>
}
8048dcc: eb 46 jmp 8048e14 <exit@plt+0x684>
for(ebp_0ch = 0; arg_4--; arg_0->offset_08h++) {
8048dce: 8b 45 08 mov 0x8(%ebp),%eax
8048dd1: 8b 10 mov (%eax),%edx
8048dd3: 8b 45 08 mov 0x8(%ebp),%eax
8048dd6: 8b 40 08 mov 0x8(%eax),%eax
8048dd9: c1 e8 03 shr $0x3,%eax
8048ddc: 01 d0 add %edx,%eax
8048dde: 0f b6 00 movzbl (%eax),%eax
8048de1: 88 45 f3 mov %al,-0xd(%ebp)
ebp_0dh = arg_0->offset_00h[arg_0->offset_08h/* >> 3*/];
8048de4: 8b 45 f4 mov -0xc(%ebp),%eax
8048de7: 8d 1c 00 lea (%eax,%eax,1),%ebx
8048dea: 0f b6 55 f3 movzbl -0xd(%ebp),%edx
8048dee: 8b 45 08 mov 0x8(%ebp),%eax
8048df1: 8b 40 08 mov 0x8(%eax),%eax
8048df4: 83 e0 07 and $0x7,%eax
8048df7: 89 c1 mov %eax,%ecx
8048df9: d3 fa sar %cl,%edx
8048dfb: 89 d0 mov %edx,%eax
8048dfd: 83 e0 01 and $0x1,%eax
8048e00: 01 d8 add %ebx,%eax
8048e02: 89 45 f4 mov %eax,-0xc(%ebp)
ebp_0ch = (ebp_0dh >> (arg_0->offset_08h & 0x7) & 1) + ebp_0ch * 2;
8048e05: 8b 45 08 mov 0x8(%ebp),%eax
8048e08: 8b 40 08 mov 0x8(%eax),%eax
8048e0b: 8d 50 01 lea 0x1(%eax),%edx
8048e0e: 8b 45 08 mov 0x8(%ebp),%eax
8048e11: 89 50 08 mov %edx,0x8(%eax)
// ->>
8048e14: 8b 45 0c mov 0xc(%ebp),%eax
8048e17: 8d 50 ff lea -0x1(%eax),%edx
8048e1a: 89 55 0c mov %edx,0xc(%ebp)
8048e1d: 85 c0 test %eax,%eax
8048e1f: 0f 95 c0 setne %al
8048e22: 84 c0 test %al,%al
8048e24: 75 a8 jne 8048dce <exit@plt+0x63e>
}
8048e26: 8b 45 f4 mov -0xc(%ebp),%eax
8048e29: 83 c4 24 add $0x24,%esp
8048e2c: 5b pop %ebx
8048e2d: 5d pop %ebp
8048e2e: c3 ret
return ebp_0ch;
8048e2f: 90 nop
}
int sub_8048e30(struct hoge arg_0)
{
8048e30: 55 push %ebp
8048e31: 89 e5 mov %esp,%ebp
8048e33: 83 ec 28 sub $0x28,%esp
// Local variables.
int ebp_10h;
int ebp_0ch;
8048e36: c7 45 f0 00 00 00 00 movl $0x0,-0x10(%ebp)
ebp_10h = 0;
8048e3d: c7 45 f4 00 00 00 00 movl $0x0,-0xc(%ebp)
8048e44: eb 28 jmp 8048e6e <exit@plt+0x6de>
for(ebp_0ch = 0; sub_8048d8e(arg_0, 1); ebp_0ch++) {
8048e46: c7 44 24 04 04 00 00 movl $0x4,0x4(%esp)
8048e4d: 00
8048e4e: 8b 45 08 mov 0x8(%ebp),%eax
8048e51: 89 04 24 mov %eax,(%esp)
8048e54: e8 35 ff ff ff call 8048d8e <exit@plt+0x5fe>
8048e59: 89 c2 mov %eax,%edx
8048e5b: 8b 45 f4 mov -0xc(%ebp),%eax
8048e5e: c1 e0 02 shl $0x2,%eax
8048e61: 89 c1 mov %eax,%ecx
8048e63: d3 e2 shl %cl,%edx
8048e65: 89 d0 mov %edx,%eax
8048e67: 09 45 f0 or %eax,-0x10(%ebp)
ebp_10h |= sub_8048d8e(arg_0, 4) << (ebp_0ch << 2);
8048e6a: 83 45 f4 01 addl $0x1,-0xc(%ebp)
// ->>
8048e6e: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp)
8048e75: 00
8048e76: 8b 45 08 mov 0x8(%ebp),%eax
8048e79: 89 04 24 mov %eax,(%esp)
8048e7c: e8 0d ff ff ff call 8048d8e <exit@plt+0x5fe>
8048e81: 85 c0 test %eax,%eax
8048e83: 0f 95 c0 setne %al
8048e86: 84 c0 test %al,%al
8048e88: 75 bc jne 8048e46 <exit@plt+0x6b6>
}
8048e8a: 8b 45 f0 mov -0x10(%ebp),%eax
8048e8d: c9 leave
8048e8e: c3 ret
return ebp_10h;
8048e8f: 90 nop
}
8048e90: 55 push %ebp
8048e91: 57 push %edi
8048e92: 31 ff xor %edi,%edi
8048e94: 56 push %esi
8048e95: 53 push %ebx
8048e96: e8 35 f9 ff ff call 80487d0 <exit@plt+0x40>
8048e9b: 81 c3 65 21 00 00 add $0x2165,%ebx
8048ea1: 83 ec 1c sub $0x1c,%esp
8048ea4: 8b 6c 24 30 mov 0x30(%esp),%ebp
8048ea8: 8d b3 04 ff ff ff lea -0xfc(%ebx),%esi
8048eae: e8 7d f7 ff ff call 8048630 <__cxa_atexit@plt-0x40>
8048eb3: 8d 83 fc fe ff ff lea -0x104(%ebx),%eax
8048eb9: 29 c6 sub %eax,%esi
8048ebb: c1 fe 02 sar $0x2,%esi
8048ebe: 85 f6 test %esi,%esi
8048ec0: 74 27 je 8048ee9 <exit@plt+0x759>
8048ec2: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
8048ec8: 8b 44 24 38 mov 0x38(%esp),%eax
8048ecc: 89 2c 24 mov %ebp,(%esp)
8048ecf: 89 44 24 08 mov %eax,0x8(%esp)
8048ed3: 8b 44 24 34 mov 0x34(%esp),%eax
8048ed7: 89 44 24 04 mov %eax,0x4(%esp)
8048edb: ff 94 bb fc fe ff ff call *-0x104(%ebx,%edi,4)
8048ee2: 83 c7 01 add $0x1,%edi
8048ee5: 39 f7 cmp %esi,%edi
8048ee7: 75 df jne 8048ec8 <exit@plt+0x738>
8048ee9: 83 c4 1c add $0x1c,%esp
8048eec: 5b pop %ebx
8048eed: 5e pop %esi
8048eee: 5f pop %edi
8048eef: 5d pop %ebp
8048ef0: c3 ret
8048ef1: eb 0d jmp 8048f00 <exit@plt+0x770>
8048ef3: 90 nop
8048ef4: 90 nop
8048ef5: 90 nop
8048ef6: 90 nop
8048ef7: 90 nop
8048ef8: 90 nop
8048ef9: 90 nop
8048efa: 90 nop
8048efb: 90 nop
8048efc: 90 nop
8048efd: 90 nop
8048efe: 90 nop
8048eff: 90 nop
8048f00: f3 c3 repz ret
Disassembly of section .fini:
08048f04 <.fini>:
8048f04: 53 push %ebx
8048f05: 83 ec 08 sub $0x8,%esp
8048f08: e8 c3 f8 ff ff call 80487d0 <exit@plt+0x40>
8048f0d: 81 c3 f3 20 00 00 add $0x20f3,%ebx
8048f13: 83 c4 08 add $0x8,%esp
8048f16: 5b pop %ebx
8048f17: c3 ret
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment