xelenonz/vuln100.asm

## vuln100.asm
  ; buffer = rbp-0x128
  ; name   = rbp-0x110
  400d08:       55                      push   rbp
  400d09:       48 89 e5                mov    rbp,rsp
  400d0c:       48 81 ec 30 01 00 00    sub    rsp,0x130
  400d13:       48 89 bd d8 fe ff ff    mov    QWORD PTR [rbp-0x128],rdi
  400d1a:       64 48 8b 04 25 28 00    mov    rax,QWORD PTR fs:0x28
  400d21:       00 00
  400d23:       48 89 45 f8             mov    QWORD PTR [rbp-0x8],rax
  400d27:       31 c0                   xor    eax,eax
  400d29:       48 8d 85 f0 fe ff ff    lea    rax,[rbp-0x110]
  400d30:       48 89 85 e8 fe ff ff    mov    QWORD PTR [rbp-0x118],rax
  400d37:       48 8b 85 d8 fe ff ff    mov    rax,QWORD PTR [rbp-0x128]
  400d3e:       48 c7 85 d0 fe ff ff    mov    QWORD PTR [rbp-0x130],0xffffffffffffffff
  400d45:       ff ff ff ff
  400d49:       48 89 c2                mov    rdx,rax
  400d4c:       b8 00 00 00 00          mov    eax,0x0
  400d51:       48 8b 8d d0 fe ff ff    mov    rcx,QWORD PTR [rbp-0x130]
  400d58:       48 89 d7                mov    rdi,rdx
  400d5b:       f2 ae                   repnz scas al,BYTE PTR es:[rdi]
  400d5d:       48 89 c8                mov    rax,rcx
  400d60:       48 f7 d0                not    rax
  400d63:       48 8d 70 ff             lea    rsi,[rax-0x1]
  400d67:       48 8b 95 d8 fe ff ff    mov    rdx,QWORD PTR [rbp-0x128]
  400d6e:       48 8d 85 f0 fe ff ff    lea    rax,[rbp-0x110]
  400d75:       48 89 d1                mov    rcx,rdx
  400d78:       48 89 f2                mov    rdx,rsi ; strlen(buffer)
  400d7b:       48 89 ce                mov    rsi,rcx ; &buffer
  400d7e:       48 89 c7                mov    rdi,rax ; name[272]
  400d81:       e8 6a fd ff ff          call   400af0 <memcpy@plt> ; memcpy(name,buffer,strlen(buffer))
  400d86:       48 8b 95 d8 fe ff ff    mov    rdx,QWORD PTR [rbp-0x128]
  400d8d:       48 8b 85 e8 fe ff ff    mov    rax,QWORD PTR [rbp-0x118]
  400d94:       48 89 d6                mov    rsi,rdx ; rbp-0x128 ; buffer
  400d97:       48 89 c7                mov    rdi,rax ; rbp-0x118 ; name[8]
  400d9a:       e8 01 fd ff ff          call   400aa0 <strcpy@plt> ; strcpy(name[280],buffer) overflow 8 bytes
  400d9f:       48 8b 85 e8 fe ff ff    mov    rax,QWORD PTR [rbp-0x118]
  400da6:       48 89 05 33 13 20 00    mov    QWORD PTR [rip+0x201333],rax        # 6020e0 <memcpy@plt+0x2015f0>
  400dad:       48 8b 55 f8             mov    rdx,QWORD PTR [rbp-0x8]
  400db1:       64 48 33 14 25 28 00    xor    rdx,QWORD PTR fs:0x28
  400db8:       00 00
  400dba:       74 05                   je     400dc1 <memcpy@plt+0x2d1>
  400dbc:       e8 af fc ff ff          call   400a70 <__stack_chk_fail@plt>
  400dc1:       c9                      leave
  400dc2:       c3                      ret
	; buffer = rbp-0x128
	; name = rbp-0x110
	400d08: 55 push rbp
	400d09: 48 89 e5 mov rbp,rsp
	400d0c: 48 81 ec 30 01 00 00 sub rsp,0x130
	400d13: 48 89 bd d8 fe ff ff mov QWORD PTR [rbp-0x128],rdi
	400d1a: 64 48 8b 04 25 28 00 mov rax,QWORD PTR fs:0x28
	400d21: 00 00
	400d23: 48 89 45 f8 mov QWORD PTR [rbp-0x8],rax
	400d27: 31 c0 xor eax,eax
	400d29: 48 8d 85 f0 fe ff ff lea rax,[rbp-0x110]
	400d30: 48 89 85 e8 fe ff ff mov QWORD PTR [rbp-0x118],rax
	400d37: 48 8b 85 d8 fe ff ff mov rax,QWORD PTR [rbp-0x128]
	400d3e: 48 c7 85 d0 fe ff ff mov QWORD PTR [rbp-0x130],0xffffffffffffffff
	400d45: ff ff ff ff
	400d49: 48 89 c2 mov rdx,rax
	400d4c: b8 00 00 00 00 mov eax,0x0
	400d51: 48 8b 8d d0 fe ff ff mov rcx,QWORD PTR [rbp-0x130]
	400d58: 48 89 d7 mov rdi,rdx
	400d5b: f2 ae repnz scas al,BYTE PTR es:[rdi]
	400d5d: 48 89 c8 mov rax,rcx
	400d60: 48 f7 d0 not rax
	400d63: 48 8d 70 ff lea rsi,[rax-0x1]
	400d67: 48 8b 95 d8 fe ff ff mov rdx,QWORD PTR [rbp-0x128]
	400d6e: 48 8d 85 f0 fe ff ff lea rax,[rbp-0x110]
	400d75: 48 89 d1 mov rcx,rdx
	400d78: 48 89 f2 mov rdx,rsi ; strlen(buffer)
	400d7b: 48 89 ce mov rsi,rcx ; &buffer
	400d7e: 48 89 c7 mov rdi,rax ; name[272]
	400d81: e8 6a fd ff ff call 400af0 <memcpy@plt> ; memcpy(name,buffer,strlen(buffer))
	400d86: 48 8b 95 d8 fe ff ff mov rdx,QWORD PTR [rbp-0x128]
	400d8d: 48 8b 85 e8 fe ff ff mov rax,QWORD PTR [rbp-0x118]
	400d94: 48 89 d6 mov rsi,rdx ; rbp-0x128 ; buffer
	400d97: 48 89 c7 mov rdi,rax ; rbp-0x118 ; name[8]
	400d9a: e8 01 fd ff ff call 400aa0 <strcpy@plt> ; strcpy(name[280],buffer) overflow 8 bytes
	400d9f: 48 8b 85 e8 fe ff ff mov rax,QWORD PTR [rbp-0x118]
	400da6: 48 89 05 33 13 20 00 mov QWORD PTR [rip+0x201333],rax # 6020e0 <memcpy@plt+0x2015f0>
	400dad: 48 8b 55 f8 mov rdx,QWORD PTR [rbp-0x8]
	400db1: 64 48 33 14 25 28 00 xor rdx,QWORD PTR fs:0x28
	400db8: 00 00
	400dba: 74 05 je 400dc1 <memcpy@plt+0x2d1>
	400dbc: e8 af fc ff ff call 400a70 <__stack_chk_fail@plt>
	400dc1: c9 leave
	400dc2: c3 ret