Skip to content

Instantly share code, notes, and snippets.

@joxer

joxer/gist:f1dc636a97b555c2bc6f45747897f90d

Last active February 20, 2019 16:13
Show Gist options
  • Save joxer/f1dc636a97b555c2bc6f45747897f90d to your computer and use it in GitHub Desktop.
Save joxer/f1dc636a97b555c2bc6f45747897f90d to your computer and use it in GitHub Desktop.
Download ZIP
Objdump inotify code example
Raw
gistfile1.txt
~$ objdump -d -S a.out
a.out: file format elf64-x86-64
Disassembly of section .init:
00000000000006e0 <_init>:
6e0: 48 83 ec 08 sub $0x8,%rsp
6e4: 48 8b 05 fd 18 20 00 mov 0x2018fd(%rip),%rax # 201fe8 <__gmon_start__>
6eb: 48 85 c0 test %rax,%rax
6ee: 74 02 je 6f2 <_init+0x12>
6f0: ff d0 callq *%rax
6f2: 48 83 c4 08 add $0x8,%rsp
6f6: c3 retq
Disassembly of section .plt:
0000000000000700 <.plt>:
700: ff 35 7a 18 20 00 pushq 0x20187a(%rip) # 201f80 <_GLOBAL_OFFSET_TABLE_+0x8>
706: ff 25 7c 18 20 00 jmpq *0x20187c(%rip) # 201f88 <_GLOBAL_OFFSET_TABLE_+0x10>
70c: 0f 1f 40 00 nopl 0x0(%rax)
0000000000000710 <puts@plt>:
710: ff 25 7a 18 20 00 jmpq *0x20187a(%rip) # 201f90 <puts@GLIBC_2.2.5>
716: 68 00 00 00 00 pushq $0x0
71b: e9 e0 ff ff ff jmpq 700 <.plt>
0000000000000720 <pathconf@plt>:
720: ff 25 72 18 20 00 jmpq *0x201872(%rip) # 201f98 <pathconf@GLIBC_2.2.5>
726: 68 01 00 00 00 pushq $0x1
72b: e9 d0 ff ff ff jmpq 700 <.plt>
0000000000000730 <printf@plt>:
730: ff 25 6a 18 20 00 jmpq *0x20186a(%rip) # 201fa0 <printf@GLIBC_2.2.5>
736: 68 02 00 00 00 pushq $0x2
73b: e9 c0 ff ff ff jmpq 700 <.plt>
0000000000000740 <getcwd@plt>:
740: ff 25 62 18 20 00 jmpq *0x201862(%rip) # 201fa8 <getcwd@GLIBC_2.2.5>
746: 68 03 00 00 00 pushq $0x3
74b: e9 b0 ff ff ff jmpq 700 <.plt>
0000000000000750 <read@plt>:
750: ff 25 5a 18 20 00 jmpq *0x20185a(%rip) # 201fb0 <read@GLIBC_2.2.5>
756: 68 04 00 00 00 pushq $0x4
75b: e9 a0 ff ff ff jmpq 700 <.plt>
0000000000000760 <inotify_init@plt>:
760: ff 25 52 18 20 00 jmpq *0x201852(%rip) # 201fb8 <inotify_init@GLIBC_2.4>
766: 68 05 00 00 00 pushq $0x5
76b: e9 90 ff ff ff jmpq 700 <.plt>
0000000000000770 <malloc@plt>:
770: ff 25 4a 18 20 00 jmpq *0x20184a(%rip) # 201fc0 <malloc@GLIBC_2.2.5>
776: 68 06 00 00 00 pushq $0x6
77b: e9 80 ff ff ff jmpq 700 <.plt>
0000000000000780 <inotify_add_watch@plt>:
780: ff 25 42 18 20 00 jmpq *0x201842(%rip) # 201fc8 <inotify_add_watch@GLIBC_2.4>
786: 68 07 00 00 00 pushq $0x7
78b: e9 70 ff ff ff jmpq 700 <.plt>
0000000000000790 <exit@plt>:
790: ff 25 3a 18 20 00 jmpq *0x20183a(%rip) # 201fd0 <exit@GLIBC_2.2.5>
796: 68 08 00 00 00 pushq $0x8
79b: e9 60 ff ff ff jmpq 700 <.plt>
Disassembly of section .plt.got:
00000000000007a0 <__cxa_finalize@plt>:
7a0: ff 25 52 18 20 00 jmpq *0x201852(%rip) # 201ff8 <__cxa_finalize@GLIBC_2.2.5>
7a6: 66 90 xchg %ax,%ax
Disassembly of section .text:
00000000000007b0 <_start>:
7b0: 31 ed xor %ebp,%ebp
7b2: 49 89 d1 mov %rdx,%r9
7b5: 5e pop %rsi
7b6: 48 89 e2 mov %rsp,%rdx
7b9: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
7bd: 50 push %rax
7be: 54 push %rsp
7bf: 4c 8d 05 1a 04 00 00 lea 0x41a(%rip),%r8 # be0 <__libc_csu_fini>
7c6: 48 8d 0d a3 03 00 00 lea 0x3a3(%rip),%rcx # b70 <__libc_csu_init>
7cd: 48 8d 3d e6 00 00 00 lea 0xe6(%rip),%rdi # 8ba <main>
7d4: ff 15 06 18 20 00 callq *0x201806(%rip) # 201fe0 <__libc_start_main@GLIBC_2.2.5>
7da: f4 hlt
7db: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
00000000000007e0 <deregister_tm_clones>:
7e0: 48 8d 3d 29 18 20 00 lea 0x201829(%rip),%rdi # 202010 <__TMC_END__>
7e7: 55 push %rbp
7e8: 48 8d 05 21 18 20 00 lea 0x201821(%rip),%rax # 202010 <__TMC_END__>
7ef: 48 39 f8 cmp %rdi,%rax
7f2: 48 89 e5 mov %rsp,%rbp
7f5: 74 19 je 810 <deregister_tm_clones+0x30>
7f7: 48 8b 05 da 17 20 00 mov 0x2017da(%rip),%rax # 201fd8 <_ITM_deregisterTMCloneTable>
7fe: 48 85 c0 test %rax,%rax
801: 74 0d je 810 <deregister_tm_clones+0x30>
803: 5d pop %rbp
804: ff e0 jmpq *%rax
806: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
80d: 00 00 00
810: 5d pop %rbp
811: c3 retq
812: 0f 1f 40 00 nopl 0x0(%rax)
816: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
81d: 00 00 00
0000000000000820 <register_tm_clones>:
820: 48 8d 3d e9 17 20 00 lea 0x2017e9(%rip),%rdi # 202010 <__TMC_END__>
827: 48 8d 35 e2 17 20 00 lea 0x2017e2(%rip),%rsi # 202010 <__TMC_END__>
82e: 55 push %rbp
82f: 48 29 fe sub %rdi,%rsi
832: 48 89 e5 mov %rsp,%rbp
835: 48 c1 fe 03 sar $0x3,%rsi
839: 48 89 f0 mov %rsi,%rax
83c: 48 c1 e8 3f shr $0x3f,%rax
840: 48 01 c6 add %rax,%rsi
843: 48 d1 fe sar %rsi
846: 74 18 je 860 <register_tm_clones+0x40>
848: 48 8b 05 a1 17 20 00 mov 0x2017a1(%rip),%rax # 201ff0 <_ITM_registerTMCloneTable>
84f: 48 85 c0 test %rax,%rax
852: 74 0c je 860 <register_tm_clones+0x40>
854: 5d pop %rbp
855: ff e0 jmpq *%rax
857: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1)
85e: 00 00
860: 5d pop %rbp
861: c3 retq
862: 0f 1f 40 00 nopl 0x0(%rax)
866: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
86d: 00 00 00
0000000000000870 <__do_global_dtors_aux>:
870: 80 3d 99 17 20 00 00 cmpb $0x0,0x201799(%rip) # 202010 <__TMC_END__>
877: 75 2f jne 8a8 <__do_global_dtors_aux+0x38>
879: 48 83 3d 77 17 20 00 cmpq $0x0,0x201777(%rip) # 201ff8 <__cxa_finalize@GLIBC_2.2.5>
880: 00
881: 55 push %rbp
882: 48 89 e5 mov %rsp,%rbp
885: 74 0c je 893 <__do_global_dtors_aux+0x23>
887: 48 8b 3d 7a 17 20 00 mov 0x20177a(%rip),%rdi # 202008 <__dso_handle>
88e: e8 0d ff ff ff callq 7a0 <__cxa_finalize@plt>
893: e8 48 ff ff ff callq 7e0 <deregister_tm_clones>
898: c6 05 71 17 20 00 01 movb $0x1,0x201771(%rip) # 202010 <__TMC_END__>
89f: 5d pop %rbp
8a0: c3 retq
8a1: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
8a8: f3 c3 repz retq
8aa: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
00000000000008b0 <frame_dummy>:
8b0: 55 push %rbp
8b1: 48 89 e5 mov %rsp,%rbp
8b4: 5d pop %rbp
8b5: e9 66 ff ff ff jmpq 820 <register_tm_clones>
00000000000008ba <main>:
#include <string.h>
#define EVENT_SIZE ( sizeof (struct inotify_event) )
#define EVENT_BUF_LEN ( 1024 * ( EVENT_SIZE + 16 ) )
#define BUF_LEN (10 * (sizeof(struct inotify_event) + NAME_MAX + 1))
int main(){
8ba: 55 push %rbp
8bb: 48 89 e5 mov %rsp,%rbp
8be: 48 81 ec 00 0b 00 00 sub $0xb00,%rsp
8c5: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
8cc: 00 00
8ce: 48 89 45 f8 mov %rax,-0x8(%rbp)
8d2: 31 c0 xor %eax,%eax
char *bufPtr, *bufPtr2;
ssize_t numRead;
char buf[BUF_LEN] __attribute__ ((aligned(8)));
struct inotify_event* event;
char *p;
int inotifyFd = inotify_init();
8d4: e8 87 fe ff ff callq 760 <inotify_init@plt>
8d9: 89 85 04 f5 ff ff mov %eax,-0xafc(%rbp)
printf("inotify started\n");
8df: 48 8d 3d 12 03 00 00 lea 0x312(%rip),%rdi # bf8 <_IO_stdin_used+0x8>
8e6: e8 25 fe ff ff callq 710 <puts@plt>
long size = pathconf(".", _PC_PATH_MAX);
8eb: be 04 00 00 00 mov $0x4,%esi
8f0: 48 8d 3d 11 03 00 00 lea 0x311(%rip),%rdi # c08 <_IO_stdin_used+0x18>
8f7: e8 24 fe ff ff callq 720 <pathconf@plt>
8fc: 48 89 85 18 f5 ff ff mov %rax,-0xae8(%rbp)
if ((bufPtr = (char *)malloc((size_t)size)) != NULL){
903: 48 8b 85 18 f5 ff ff mov -0xae8(%rbp),%rax
90a: 48 89 c7 mov %rax,%rdi
90d: e8 5e fe ff ff callq 770 <malloc@plt>
912: 48 89 85 20 f5 ff ff mov %rax,-0xae0(%rbp)
919: 48 83 bd 20 f5 ff ff cmpq $0x0,-0xae0(%rbp)
920: 00
921: 74 20 je 943 <main+0x89>
ptr = getcwd(bufPtr, (size_t)size);
923: 48 8b 95 18 f5 ff ff mov -0xae8(%rbp),%rdx
92a: 48 8b 85 20 f5 ff ff mov -0xae0(%rbp),%rax
931: 48 89 d6 mov %rdx,%rsi
934: 48 89 c7 mov %rax,%rdi
937: e8 04 fe ff ff callq 740 <getcwd@plt>
93c: 48 89 85 28 f5 ff ff mov %rax,-0xad8(%rbp)
}
printf("added notify to %s\n", bufPtr);
943: 48 8b 85 20 f5 ff ff mov -0xae0(%rbp),%rax
94a: 48 89 c6 mov %rax,%rsi
94d: 48 8d 3d b6 02 00 00 lea 0x2b6(%rip),%rdi # c0a <_IO_stdin_used+0x1a>
954: b8 00 00 00 00 mov $0x0,%eax
959: e8 d2 fd ff ff callq 730 <printf@plt>
size = pathconf("..", _PC_PATH_MAX);
95e: be 04 00 00 00 mov $0x4,%esi
963: 48 8d 3d b4 02 00 00 lea 0x2b4(%rip),%rdi # c1e <_IO_stdin_used+0x2e>
96a: e8 b1 fd ff ff callq 720 <pathconf@plt>
96f: 48 89 85 18 f5 ff ff mov %rax,-0xae8(%rbp)
if ((bufPtr2 = (char *)malloc((size_t)size+3)) != NULL){
976: 48 8b 85 18 f5 ff ff mov -0xae8(%rbp),%rax
97d: 48 83 c0 03 add $0x3,%rax
981: 48 89 c7 mov %rax,%rdi
984: e8 e7 fd ff ff callq 770 <malloc@plt>
989: 48 89 85 30 f5 ff ff mov %rax,-0xad0(%rbp)
990: 48 83 bd 30 f5 ff ff cmpq $0x0,-0xad0(%rbp)
997: 00
998: 74 4d je 9e7 <main+0x12d>
ptr2 = strcat(getcwd(bufPtr2, (size_t)size), "/..");
99a: 48 8b 95 18 f5 ff ff mov -0xae8(%rbp),%rdx
9a1: 48 8b 85 30 f5 ff ff mov -0xad0(%rbp),%rax
9a8: 48 89 d6 mov %rdx,%rsi
9ab: 48 89 c7 mov %rax,%rdi
9ae: e8 8d fd ff ff callq 740 <getcwd@plt>
9b3: 48 89 c2 mov %rax,%rdx
9b6: 48 89 d0 mov %rdx,%rax
9b9: 48 c7 c1 ff ff ff ff mov $0xffffffffffffffff,%rcx
9c0: 48 89 c6 mov %rax,%rsi
9c3: b8 00 00 00 00 mov $0x0,%eax
9c8: 48 89 f7 mov %rsi,%rdi
9cb: f2 ae repnz scas %es:(%rdi),%al
9cd: 48 89 c8 mov %rcx,%rax
9d0: 48 f7 d0 not %rax
9d3: 48 83 e8 01 sub $0x1,%rax
9d7: 48 01 d0 add %rdx,%rax
9da: c7 00 2f 2e 2e 00 movl $0x2e2e2f,(%rax)
9e0: 48 89 95 38 f5 ff ff mov %rdx,-0xac8(%rbp)
}
printf("added notify to %s\n", bufPtr2);
9e7: 48 8b 85 30 f5 ff ff mov -0xad0(%rbp),%rax
9ee: 48 89 c6 mov %rax,%rsi
9f1: 48 8d 3d 12 02 00 00 lea 0x212(%rip),%rdi # c0a <_IO_stdin_used+0x1a>
9f8: b8 00 00 00 00 mov $0x0,%eax
9fd: e8 2e fd ff ff callq 730 <printf@plt>
int wd = inotify_add_watch( inotifyFd, bufPtr, IN_ALL_EVENTS );
a02: 48 8b 8d 20 f5 ff ff mov -0xae0(%rbp),%rcx
a09: 8b 85 04 f5 ff ff mov -0xafc(%rbp),%eax
a0f: ba ff 0f 00 00 mov $0xfff,%edx
a14: 48 89 ce mov %rcx,%rsi
a17: 89 c7 mov %eax,%edi
a19: e8 62 fd ff ff callq 780 <inotify_add_watch@plt>
a1e: 89 85 08 f5 ff ff mov %eax,-0xaf8(%rbp)
int wd2 = inotify_add_watch( inotifyFd, bufPtr2, IN_ALL_EVENTS );
a24: 48 8b 8d 30 f5 ff ff mov -0xad0(%rbp),%rcx
a2b: 8b 85 04 f5 ff ff mov -0xafc(%rbp),%eax
a31: ba ff 0f 00 00 mov $0xfff,%edx
a36: 48 89 ce mov %rcx,%rsi
a39: 89 c7 mov %eax,%edi
a3b: e8 40 fd ff ff callq 780 <inotify_add_watch@plt>
a40: 89 85 0c f5 ff ff mov %eax,-0xaf4(%rbp)
for(;;){
numRead = read(inotifyFd, buf, BUF_LEN);
a46: 48 8d 8d 50 f5 ff ff lea -0xab0(%rbp),%rcx
a4d: 8b 85 04 f5 ff ff mov -0xafc(%rbp),%eax
a53: ba a0 0a 00 00 mov $0xaa0,%edx
a58: 48 89 ce mov %rcx,%rsi
a5b: 89 c7 mov %eax,%edi
a5d: e8 ee fc ff ff callq 750 <read@plt>
a62: 48 89 85 40 f5 ff ff mov %rax,-0xac0(%rbp)
if (numRead == 0){
a69: 48 83 bd 40 f5 ff ff cmpq $0x0,-0xac0(%rbp)
a70: 00
a71: 75 16 jne a89 <main+0x1cf>
printf("read() from inotify fd returned 0!\n");
a73: 48 8d 3d ae 01 00 00 lea 0x1ae(%rip),%rdi # c28 <_IO_stdin_used+0x38>
a7a: e8 91 fc ff ff callq 710 <puts@plt>
exit(1);
a7f: bf 01 00 00 00 mov $0x1,%edi
a84: e8 07 fd ff ff callq 790 <exit@plt>
}
for (p = buf; p < buf + numRead; ) {
a89: 48 8d 85 50 f5 ff ff lea -0xab0(%rbp),%rax
a90: 48 89 85 10 f5 ff ff mov %rax,-0xaf0(%rbp)
a97: e9 ab 00 00 00 jmpq b47 <main+0x28d>
event = (struct inotify_event *) p;
a9c: 48 8b 85 10 f5 ff ff mov -0xaf0(%rbp),%rax
aa3: 48 89 85 48 f5 ff ff mov %rax,-0xab8(%rbp)
if(event->wd == wd){
aaa: 48 8b 85 48 f5 ff ff mov -0xab8(%rbp),%rax
ab1: 8b 00 mov (%rax),%eax
ab3: 39 85 08 f5 ff ff cmp %eax,-0xaf8(%rbp)
ab9: 75 33 jne aee <main+0x234>
if(event->mask & IN_OPEN){
abb: 48 8b 85 48 f5 ff ff mov -0xab8(%rbp),%rax
ac2: 8b 40 04 mov 0x4(%rax),%eax
ac5: 83 e0 20 and $0x20,%eax
ac8: 85 c0 test %eax,%eax
aca: 74 64 je b30 <main+0x276>
printf("event from current directory: %d\n", event->mask & IN_OPEN);
acc: 48 8b 85 48 f5 ff ff mov -0xab8(%rbp),%rax
ad3: 8b 40 04 mov 0x4(%rax),%eax
ad6: 83 e0 20 and $0x20,%eax
ad9: 89 c6 mov %eax,%esi
adb: 48 8d 3d 6e 01 00 00 lea 0x16e(%rip),%rdi # c50 <_IO_stdin_used+0x60>
ae2: b8 00 00 00 00 mov $0x0,%eax
ae7: e8 44 fc ff ff callq 730 <printf@plt>
aec: eb 42 jmp b30 <main+0x276>
}
}
else if(event->wd == wd2){
aee: 48 8b 85 48 f5 ff ff mov -0xab8(%rbp),%rax
af5: 8b 00 mov (%rax),%eax
af7: 39 85 0c f5 ff ff cmp %eax,-0xaf4(%rbp)
afd: 75 31 jne b30 <main+0x276>
if(event->mask & IN_OPEN){
aff: 48 8b 85 48 f5 ff ff mov -0xab8(%rbp),%rax
b06: 8b 40 04 mov 0x4(%rax),%eax
b09: 83 e0 20 and $0x20,%eax
b0c: 85 c0 test %eax,%eax
b0e: 74 20 je b30 <main+0x276>
printf("event from parent: %d\n", event->mask & IN_OPEN);
b10: 48 8b 85 48 f5 ff ff mov -0xab8(%rbp),%rax
b17: 8b 40 04 mov 0x4(%rax),%eax
b1a: 83 e0 20 and $0x20,%eax
b1d: 89 c6 mov %eax,%esi
b1f: 48 8d 3d 4c 01 00 00 lea 0x14c(%rip),%rdi # c72 <_IO_stdin_used+0x82>
b26: b8 00 00 00 00 mov $0x0,%eax
b2b: e8 00 fc ff ff callq 730 <printf@plt>
}
}
p += sizeof(struct inotify_event) + event->len;
b30: 48 8b 85 48 f5 ff ff mov -0xab8(%rbp),%rax
b37: 8b 40 0c mov 0xc(%rax),%eax
b3a: 89 c0 mov %eax,%eax
b3c: 48 83 c0 10 add $0x10,%rax
b40: 48 01 85 10 f5 ff ff add %rax,-0xaf0(%rbp)
for (p = buf; p < buf + numRead; ) {
b47: 48 8b 85 40 f5 ff ff mov -0xac0(%rbp),%rax
b4e: 48 8d 95 50 f5 ff ff lea -0xab0(%rbp),%rdx
b55: 48 01 d0 add %rdx,%rax
b58: 48 39 85 10 f5 ff ff cmp %rax,-0xaf0(%rbp)
b5f: 0f 82 37 ff ff ff jb a9c <main+0x1e2>
numRead = read(inotifyFd, buf, BUF_LEN);
b65: e9 dc fe ff ff jmpq a46 <main+0x18c>
b6a: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
0000000000000b70 <__libc_csu_init>:
b70: 41 57 push %r15
b72: 41 56 push %r14
b74: 49 89 d7 mov %rdx,%r15
b77: 41 55 push %r13
b79: 41 54 push %r12
b7b: 4c 8d 25 f6 11 20 00 lea 0x2011f6(%rip),%r12 # 201d78 <__frame_dummy_init_array_entry>
b82: 55 push %rbp
b83: 48 8d 2d f6 11 20 00 lea 0x2011f6(%rip),%rbp # 201d80 <__init_array_end>
b8a: 53 push %rbx
b8b: 41 89 fd mov %edi,%r13d
b8e: 49 89 f6 mov %rsi,%r14
b91: 4c 29 e5 sub %r12,%rbp
b94: 48 83 ec 08 sub $0x8,%rsp
b98: 48 c1 fd 03 sar $0x3,%rbp
b9c: e8 3f fb ff ff callq 6e0 <_init>
ba1: 48 85 ed test %rbp,%rbp
ba4: 74 20 je bc6 <__libc_csu_init+0x56>
ba6: 31 db xor %ebx,%ebx
ba8: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
baf: 00
bb0: 4c 89 fa mov %r15,%rdx
bb3: 4c 89 f6 mov %r14,%rsi
bb6: 44 89 ef mov %r13d,%edi
bb9: 41 ff 14 dc callq *(%r12,%rbx,8)
bbd: 48 83 c3 01 add $0x1,%rbx
bc1: 48 39 dd cmp %rbx,%rbp
bc4: 75 ea jne bb0 <__libc_csu_init+0x40>
bc6: 48 83 c4 08 add $0x8,%rsp
bca: 5b pop %rbx
bcb: 5d pop %rbp
bcc: 41 5c pop %r12
bce: 41 5d pop %r13
bd0: 41 5e pop %r14
bd2: 41 5f pop %r15
bd4: c3 retq
bd5: 90 nop
bd6: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
bdd: 00 00 00
0000000000000be0 <__libc_csu_fini>:
be0: f3 c3 repz retq
Disassembly of section .fini:
0000000000000be4 <_fini>:
be4: 48 83 ec 08 sub $0x8,%rsp
be8: 48 83 c4 08 add $0x8,%rsp
bec: c3 retq
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment