; --------------------------------------------------------------------------- Elf64_Sym struc ; (sizeof=0x18, align=0x8, mappedto_1) ; XREF: LOAD:00000000000003C8/r ; LOAD:00000000000003E0/r ... st_name dd ? ; offset (00000608) st_info db ? st_other db ? st_shndx dw ? st_value dq ? ; offset (00000000) st_size dq ? Elf64_Sym ends ; --------------------------------------------------------------------------- Elf64_Rela struc ; (sizeof=0x18, align=0x8, copyof_2) ; XREF: LOAD:0000000000000770/r ; LOAD:0000000000000788/r ... r_offset dq ? r_info dq ? r_addend dq ? Elf64_Rela ends ; --------------------------------------------------------------------------- Elf64_Dyn struc ; (sizeof=0x10, align=0x8, copyof_3) ; XREF: LOAD:_DYNAMIC/r ; LOAD:0000000000003D50/r ... d_tag dq ? d_un dq ? Elf64_Dyn ends ; --------------------------------------------------------------------------- Elf64_Verneed struc ; (sizeof=0x10, align=0x4, mappedto_4) ; XREF: LOAD:0000000000000740/r vn_version dw ? vn_cnt dw ? vn_file dd ? ; offset (00000608) vn_aux dd ? vn_next dd ? Elf64_Verneed ends ; --------------------------------------------------------------------------- Elf64_Vernaux struc ; (sizeof=0x10, align=0x4, mappedto_5) ; XREF: LOAD:0000000000000750/r ; LOAD:0000000000000760/r vna_hash dd ? vna_flags dw ? vna_other dw ? vna_name dd ? ; offset (00000608) vna_next dd ? Elf64_Vernaux ends ; ; +-------------------------------------------------------------------------+ ; | This file was generated by The Interactive Disassembler (IDA) | ; | Copyright (c) 2021 Hex-Rays, | ; | License info: 48-206A-1AC0-08 | ; | IDA PRO 7.6 SP1 | ; +-------------------------------------------------------------------------+ ; ; Input SHA256 : 8FFC76D721702FD9140973C39403152E44FF090B90BC9972107BBF9BC56BFAF5 ; Input MD5 : 2310C32D2C9478678CA2493BF866EDA4 ; Input CRC32 : 07A8B466 ; File Name : C:\Users\nguye\OneDrive\Máy tính\a.out ; Format : ELF64 for x86-64 (Shared object) ; Interpreter '/lib64/ld-linux-x86-64.so.2' ; Needed Library 'libc.so.6' ; ; Source File : 'crtstuff.c' ; Source File : 'code.c' ; Source File : 'crtstuff.c' .686p .mmx .model flat .intel_syntax noprefix ; =========================================================================== ; Segment type: Pure data ; Segment permissions: Read LOAD segment mempage public 'DATA' use64 assume cs:LOAD dword_0 dd 464C457Fh ; DATA XREF: LOAD:00000000000003E0↓o ; LOAD:00000000000003F8↓o ... ; File format: \x7FELF db 2 ; File class: 64-bit db 1 ; Data encoding: little-endian db 1 ; File version db 0 ; OS/ABI: UNIX System V ABI db 0 ; ABI Version db 7 dup(0) ; Padding dw 3 ; File type: Shared object dw 3Eh ; Machine: x86-64 dd 1 ; File version dq offset _start ; Entry point dq 40h ; PHT file offset dq 3C70h ; SHT file offset dd 0 ; Processor-specific flags dw 40h ; ELF header size dw 38h ; PHT entry size dw 0Dh ; Number of entries in PHT dw 40h ; SHT entry size dw 1Fh ; Number of entries in SHT dw 1Eh ; SHT entry index for string table ; ELF64 Program Header ; PHT Entry 0 dword_40 dd 6 ; DATA XREF: LOAD:0000000000000050↓o ; Type: PHDR dd 4 ; Flags dq 40h ; File offset dq offset dword_40 ; Virtual address dq 40h ; Physical address dq 2D8h ; Size in file image dq 2D8h ; Size in memory image dq 8 ; Alignment ; PHT Entry 1 dd 3 ; Type: INTERP dd 4 ; Flags dq 318h ; File offset dq offset aLib64LdLinuxX8 ; Virtual address dq 318h ; Physical address dq 1Ch ; Size in file image dq 1Ch ; Size in memory image dq 1 ; Alignment ; PHT Entry 2 dd 1 ; Type: LOAD dd 4 ; Flags dq 0 ; File offset dq 0 ; Virtual address dq 0 ; Physical address dq 9E0h ; Size in file image dq 9E0h ; Size in memory image dq 1000h ; Alignment ; PHT Entry 3 dd 1 ; Type: LOAD dd 5 ; Flags dq 1000h ; File offset dq offset _init_proc ; Virtual address dq 1000h ; Physical address dq 7C5h ; Size in file image dq 7C5h ; Size in memory image dq 1000h ; Alignment ; PHT Entry 4 dd 1 ; Type: LOAD dd 4 ; Flags dq 2000h ; File offset dq offset _IO_stdin_used ; Virtual address dq 2000h ; Physical address dq 1F0h ; Size in file image dq 1F0h ; Size in memory image dq 1000h ; Alignment ; PHT Entry 5 dd 1 ; Type: LOAD dd 6 ; Flags dq 2D30h ; File offset dq offset __frame_dummy_init_array_entry ; Virtual address dq 3D30h ; Physical address dq 2E0h ; Size in file image dq 2E8h ; Size in memory image dq 1000h ; Alignment ; PHT Entry 6 dd 2 ; Type: DYNAMIC dd 6 ; Flags dq 2D40h ; File offset dq offset _DYNAMIC ; Virtual address dq 3D40h ; Physical address dq 1F0h ; Size in file image dq 1F0h ; Size in memory image dq 8 ; Alignment ; PHT Entry 7 dd 4 ; Type: NOTE dd 4 ; Flags dq 338h ; File offset dq offset dword_338 ; Virtual address dq 338h ; Physical address dq 20h ; Size in file image dq 20h ; Size in memory image dq 8 ; Alignment ; PHT Entry 8 dd 4 ; Type: NOTE dd 4 ; Flags dq 358h ; File offset dq offset dword_358 ; Virtual address dq 358h ; Physical address dq 44h ; Size in file image dq 44h ; Size in memory image dq 4 ; Alignment ; PHT Entry 9 dd 6474E553h ; Type: 6474E553 dd 4 ; Flags dq 338h ; File offset dq offset dword_338 ; Virtual address dq 338h ; Physical address dq 20h ; Size in file image dq 20h ; Size in memory image dq 8 ; Alignment ; PHT Entry 10 dd 6474E550h ; Type: EH_FRAME dd 4 ; Flags dq 207Ch ; File offset dq offset __GNU_EH_FRAME_HDR ; Virtual address dq 207Ch ; Physical address dq 4Ch ; Size in file image dq 4Ch ; Size in memory image dq 4 ; Alignment ; PHT Entry 11 dd 6474E551h ; Type: STACK dd 6 ; Flags dq 0 ; File offset dq 0 ; Virtual address dq 0 ; Physical address dq 0 ; Size in file image dq 0 ; Size in memory image dq 10h ; Alignment ; PHT Entry 12 dd 6474E552h ; Type: RO-AFTER dd 4 ; Flags dq 2D30h ; File offset dq offset __frame_dummy_init_array_entry ; Virtual address dq 3D30h ; Physical address dq 2D0h ; Size in file image dq 2D0h ; Size in memory image dq 1 ; Alignment aLib64LdLinuxX8 db '/lib64/ld-linux-x86-64.so.2',0 ; DATA XREF: LOAD:0000000000000088↑o align 8 ; ELF Note Entry dword_338 dd 4 ; DATA XREF: LOAD:00000000000001D8↑o ; LOAD:0000000000000248↑o ; Name Size dd 10h ; Desc Size dd 5 ; Type: NT_GNU_PROPERTY_TYPE_0 aGnu db 'GNU',0 ; Name db 2, 2 dup(0), 0C0h, 4, 3 dup(0), 3, 7 dup(0) ; Desc ; ELF Note Entry dword_358 dd 4 ; DATA XREF: LOAD:0000000000000210↑o ; Name Size dd 14h ; Desc Size dd 3 ; Type: NT_GNU_BUILD_ID aGnu_0 db 'GNU',0 ; Name db 0FEh, 0C4h, 42h, 0C9h, 7, 88h, 0D4h, 46h, 4Dh, 5Bh ; Desc db 0E3h, 50h, 0D6h, 0CAh, 4Ah, 0EEh, 0E9h, 0Ah, 23h, 44h ; ELF Note Entry dd 4 ; Name Size dd 10h ; Desc Size dd 1 ; Type: NT_GNU_ABI_TAG aGnu_1 db 'GNU',0 ; Name dd 0, 3, 2, 0 ; ABI: Linux 3.2.0 align 20h ; ELF GNU Hash Table elf_gnu_hash_nbuckets dd 2 elf_gnu_hash_symbias dd 17h elf_gnu_hash_bitmask_nwords dd 1 elf_gnu_hash_shift dd 6 elf_gnu_hash_indexes dq 810000h elf_gnu_hash_bucket dd 17h, 0 elf_gnu_hash_chain dd 6DCE65D1h, 0 ; ELF Symbol Table Elf64_Sym <0> Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym Elf64_Sym ; ELF String Table unk_608 db 0 ; DATA XREF: LOAD:00000000000003E0↑o ; LOAD:00000000000003F8↑o ... aLibcSo6 db 'libc.so.6',0 ; DATA XREF: LOAD:0000000000000740↓o aSrand db 'srand',0 ; DATA XREF: LOAD:00000000000004D0↑o ; LOAD:00000000000005D8↑o aFopen db 'fopen',0 ; DATA XREF: LOAD:0000000000000578↑o aStrncpy db 'strncpy',0 ; DATA XREF: LOAD:00000000000003F8↑o aPuts db 'puts',0 ; DATA XREF: LOAD:0000000000000428↑o aTime db 'time',0 ; DATA XREF: LOAD:0000000000000530↑o aStackChkFail db '__stack_chk_fail',0 ; DATA XREF: LOAD:0000000000000470↑o aPutchar db 'putchar',0 ; DATA XREF: LOAD:00000000000003E0↑o aStrtoll db 'strtoll',0 ; DATA XREF: LOAD:0000000000000500↑o aPrintf db 'printf',0 ; DATA XREF: LOAD:0000000000000488↑o aFgets db 'fgets',0 ; DATA XREF: LOAD:00000000000004E8↑o aMemset db 'memset',0 ; DATA XREF: LOAD:00000000000004A0↑o aStrstr db 'strstr',0 ; DATA XREF: LOAD:00000000000005C0↑o aFseek db 'fseek',0 ; DATA XREF: LOAD:0000000000000560↑o aFclose db 'fclose',0 ; DATA XREF: LOAD:0000000000000458↑o aMalloc db 'malloc',0 ; DATA XREF: LOAD:0000000000000548↑o aFwrite db 'fwrite',0 ; DATA XREF: LOAD:0000000000000590↑o aFread db 'fread',0 ; DATA XREF: LOAD:0000000000000440↑o aCxaFinalize db '__cxa_finalize',0 ; DATA XREF: LOAD:00000000000005F0↑o aLibcStartMain db '__libc_start_main',0 ; DATA XREF: LOAD:00000000000004B8↑o aGlibc24 db 'GLIBC_2.4',0 ; DATA XREF: LOAD:0000000000000750↓o aGlibc225 db 'GLIBC_2.2.5',0 ; DATA XREF: LOAD:0000000000000760↓o aItmDeregistert db '_ITM_deregisterTMCloneTable',0 ; DATA XREF: LOAD:0000000000000410↑o aGmonStart db '__gmon_start__',0 ; DATA XREF: LOAD:0000000000000518↑o aItmRegistertmc db '_ITM_registerTMCloneTable',0 ; DATA XREF: LOAD:00000000000005A8↑o ; ELF GNU Symbol Version Table dw 0 dw 2 ; putchar@@GLIBC_2.2.5 dw 2 ; strncpy@@GLIBC_2.2.5 dw 0 ; local symbol: _ITM_deregisterTMCloneTable dw 2 ; puts@@GLIBC_2.2.5 dw 2 ; fread@@GLIBC_2.2.5 dw 2 ; fclose@@GLIBC_2.2.5 dw 3 ; __stack_chk_fail@@GLIBC_2.4 dw 2 ; printf@@GLIBC_2.2.5 dw 2 ; memset@@GLIBC_2.2.5 dw 2 ; __libc_start_main@@GLIBC_2.2.5 dw 2 ; srand@@GLIBC_2.2.5 dw 2 ; fgets@@GLIBC_2.2.5 dw 2 ; strtoll@@GLIBC_2.2.5 dw 0 ; local symbol: __gmon_start__ dw 2 ; time@@GLIBC_2.2.5 dw 2 ; malloc@@GLIBC_2.2.5 dw 2 ; fseek@@GLIBC_2.2.5 dw 2 ; fopen@@GLIBC_2.2.5 dw 2 ; fwrite@@GLIBC_2.2.5 dw 0 ; local symbol: _ITM_registerTMCloneTable dw 2 ; strstr@@GLIBC_2.2.5 dw 2 ; rand@@GLIBC_2.2.5 dw 2 ; __cxa_finalize@@GLIBC_2.2.5 dw 0 dw 0 dw 0 ; ELF GNU Symbol Version Requirements Elf64_Verneed <1, 2, offset aLibcSo6 - offset unk_608, 10h, 0> ; "libc.so.6" Elf64_Vernaux <0D696914h, 0, 3, offset aGlibc24 - offset unk_608, 10h> ; "GLIBC_2.4" Elf64_Vernaux <9691A75h, 0, 2, offset aGlibc225 - offset unk_608, 0> ; "GLIBC_2.2.5" ; ELF RELA Relocation Table Elf64_Rela <3D30h, 8, 1360h> ; R_X86_64_RELATIVE +1360h Elf64_Rela <3D38h, 8, 1320h> ; R_X86_64_RELATIVE +1320h Elf64_Rela <4008h, 8, 4008h> ; R_X86_64_RELATIVE +4008h Elf64_Rela <3FD8h, 300000006h, 0> ; R_X86_64_GLOB_DAT _ITM_deregisterTMCloneTable Elf64_Rela <3FE0h, 0A00000006h, 0> ; R_X86_64_GLOB_DAT __libc_start_main Elf64_Rela <3FE8h, 0E00000006h, 0> ; R_X86_64_GLOB_DAT __gmon_start__ Elf64_Rela <3FF0h, 1400000006h, 0> ; R_X86_64_GLOB_DAT _ITM_registerTMCloneTable Elf64_Rela <3FF8h, 1700000006h, 0> ; R_X86_64_GLOB_DAT __cxa_finalize ; ELF JMPREL Relocation Table Elf64_Rela <3F48h, 100000007h, 0> ; R_X86_64_JUMP_SLOT putchar Elf64_Rela <3F50h, 200000007h, 0> ; R_X86_64_JUMP_SLOT strncpy Elf64_Rela <3F58h, 400000007h, 0> ; R_X86_64_JUMP_SLOT puts Elf64_Rela <3F60h, 500000007h, 0> ; R_X86_64_JUMP_SLOT fread Elf64_Rela <3F68h, 600000007h, 0> ; R_X86_64_JUMP_SLOT fclose Elf64_Rela <3F70h, 700000007h, 0> ; R_X86_64_JUMP_SLOT __stack_chk_fail Elf64_Rela <3F78h, 800000007h, 0> ; R_X86_64_JUMP_SLOT printf Elf64_Rela <3F80h, 900000007h, 0> ; R_X86_64_JUMP_SLOT memset Elf64_Rela <3F88h, 0B00000007h, 0> ; R_X86_64_JUMP_SLOT srand Elf64_Rela <3F90h, 0C00000007h, 0> ; R_X86_64_JUMP_SLOT fgets Elf64_Rela <3F98h, 0D00000007h, 0> ; R_X86_64_JUMP_SLOT strtoll Elf64_Rela <3FA0h, 0F00000007h, 0> ; R_X86_64_JUMP_SLOT time Elf64_Rela <3FA8h, 1000000007h, 0> ; R_X86_64_JUMP_SLOT malloc Elf64_Rela <3FB0h, 1100000007h, 0> ; R_X86_64_JUMP_SLOT fseek Elf64_Rela <3FB8h, 1200000007h, 0> ; R_X86_64_JUMP_SLOT fopen Elf64_Rela <3FC0h, 1300000007h, 0> ; R_X86_64_JUMP_SLOT fwrite Elf64_Rela <3FC8h, 1500000007h, 0> ; R_X86_64_JUMP_SLOT strstr Elf64_Rela <3FD0h, 1600000007h, 0> ; R_X86_64_JUMP_SLOT rand LOAD ends ; =========================================================================== ; Segment type: Pure code ; Segment permissions: Read/Execute _init segment dword public 'CODE' use64 assume cs:_init ;org 1000h assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing ; =============== S U B R O U T I N E ======================================= public _init_proc _init_proc proc near ; CODE XREF: __libc_csu_init+2C↓p ; DATA XREF: LOAD:00000000000000F8↑o endbr64 ; _init sub rsp, 8 mov rax, cs:__gmon_start___ptr test rax, rax jz short loc_1016 call rax ; __gmon_start__ loc_1016: ; CODE XREF: _init_proc+12↑j add rsp, 8 retn _init_proc endp _init ends ; =========================================================================== ; Segment type: Pure code ; Segment permissions: Read/Execute LOAD segment mempage public 'CODE' use64 assume cs:LOAD ;org 101Bh assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing align 20h LOAD ends ; =========================================================================== ; Segment type: Pure code ; Segment permissions: Read/Execute _plt segment para public 'CODE' use64 assume cs:_plt ;org 1020h assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing ; =============== S U B R O U T I N E ======================================= sub_1020 proc near ; CODE XREF: sub_1030+9↓j ; sub_1040+9↓j ... ; __unwind { push cs:qword_3F38 bnd jmp cs:qword_3F40 sub_1020 endp ; --------------------------------------------------------------------------- align 10h ; [0000000F BYTES: COLLAPSED FUNCTION sub_1030. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; [0000000F BYTES: COLLAPSED FUNCTION sub_1040. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; [0000000F BYTES: COLLAPSED FUNCTION sub_1050. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; [0000000F BYTES: COLLAPSED FUNCTION sub_1060. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; [0000000F BYTES: COLLAPSED FUNCTION sub_1070. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; [0000000F BYTES: COLLAPSED FUNCTION sub_1080. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; [0000000F BYTES: COLLAPSED FUNCTION sub_1090. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; [0000000F BYTES: COLLAPSED FUNCTION sub_10A0. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; [0000000F BYTES: COLLAPSED FUNCTION sub_10B0. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; [0000000F BYTES: COLLAPSED FUNCTION sub_10C0. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; [0000000F BYTES: COLLAPSED FUNCTION sub_10D0. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; [0000000F BYTES: COLLAPSED FUNCTION sub_10E0. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; [0000000F BYTES: COLLAPSED FUNCTION sub_10F0. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; [0000000F BYTES: COLLAPSED FUNCTION sub_1100. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; [0000000F BYTES: COLLAPSED FUNCTION sub_1110. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; [0000000F BYTES: COLLAPSED FUNCTION sub_1120. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; [0000000F BYTES: COLLAPSED FUNCTION sub_1130. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; [0000000F BYTES: COLLAPSED FUNCTION sub_1140. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; } // starts at 1020 _plt ends ; =========================================================================== ; Segment type: Pure code ; Segment permissions: Read/Execute _plt_got segment para public 'CODE' use64 assume cs:_plt_got ;org 1150h assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing ; [0000000B BYTES: COLLAPSED FUNCTION __cxa_finalize. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; } // starts at 1150 _plt_got ends ; =========================================================================== ; Segment type: Pure code ; Segment permissions: Read/Execute _plt_sec segment para public 'CODE' use64 assume cs:_plt_sec ;org 1160h assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing ; [0000000B BYTES: COLLAPSED FUNCTION _putchar. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; [0000000B BYTES: COLLAPSED FUNCTION _strncpy. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; [0000000B BYTES: COLLAPSED FUNCTION _puts. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; [0000000B BYTES: COLLAPSED FUNCTION _fread. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; [0000000B BYTES: COLLAPSED FUNCTION _fclose. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; [0000000B BYTES: COLLAPSED FUNCTION ___stack_chk_fail. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; [0000000B BYTES: COLLAPSED FUNCTION _printf. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; [0000000B BYTES: COLLAPSED FUNCTION _memset. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; [0000000B BYTES: COLLAPSED FUNCTION _srand. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; [0000000B BYTES: COLLAPSED FUNCTION _fgets. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; [0000000B BYTES: COLLAPSED FUNCTION _strtoll. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; [0000000B BYTES: COLLAPSED FUNCTION _time. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; [0000000B BYTES: COLLAPSED FUNCTION _malloc. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; [0000000B BYTES: COLLAPSED FUNCTION _fseek. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; [0000000B BYTES: COLLAPSED FUNCTION _fopen. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; [0000000B BYTES: COLLAPSED FUNCTION _fwrite. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; [0000000B BYTES: COLLAPSED FUNCTION _strstr. PRESS CTRL-NUMPAD+ TO EXPAND] align 10h ; [0000000B BYTES: COLLAPSED FUNCTION _rand. PRESS CTRL-NUMPAD+ TO EXPAND] align 20h ; } // starts at 1160 _plt_sec ends ; =========================================================================== ; Segment type: Pure code ; Segment permissions: Read/Execute _text segment para public 'CODE' use64 assume cs:_text ;org 1280h assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing ; =============== S U B R O U T I N E ======================================= ; Attributes: noreturn fuzzy-sp public _start _start proc near ; DATA XREF: LOAD:0000000000000018↑o ; __unwind { endbr64 xor ebp, ebp mov r9, rdx ; rtld_fini pop rsi ; argc mov rdx, rsp ; ubp_av and rsp, 0FFFFFFFFFFFFFFF0h push rax push rsp ; stack_end lea r8, __libc_csu_fini ; fini lea rcx, __libc_csu_init ; init lea rdi, main ; main call cs:__libc_start_main_ptr hlt ; } // starts at 1280 _start endp ; --------------------------------------------------------------------------- align 10h ; =============== S U B R O U T I N E ======================================= deregister_tm_clones proc near ; CODE XREF: __do_global_dtors_aux:loc_1347↓p lea rdi, __bss_start lea rax, __bss_start cmp rax, rdi jz short locret_12D8 mov rax, cs:_ITM_deregisterTMCloneTable_ptr test rax, rax jz short locret_12D8 jmp rax ; --------------------------------------------------------------------------- align 8 locret_12D8: ; CODE XREF: deregister_tm_clones+11↑j ; deregister_tm_clones+1D↑j retn deregister_tm_clones endp ; --------------------------------------------------------------------------- align 20h ; =============== S U B R O U T I N E ======================================= register_tm_clones proc near ; CODE XREF: frame_dummy+4↓j lea rdi, __bss_start lea rsi, __bss_start sub rsi, rdi mov rax, rsi shr rsi, 3Fh sar rax, 3 add rsi, rax sar rsi, 1 jz short locret_1318 mov rax, cs:_ITM_registerTMCloneTable_ptr test rax, rax jz short locret_1318 jmp rax ; --------------------------------------------------------------------------- align 8 locret_1318: ; CODE XREF: register_tm_clones+22↑j ; register_tm_clones+2E↑j retn register_tm_clones endp ; --------------------------------------------------------------------------- align 20h ; =============== S U B R O U T I N E ======================================= __do_global_dtors_aux proc near ; DATA XREF: .fini_array:__do_global_dtors_aux_fini_array_entry↓o endbr64 cmp cs:__bss_start, 0 jnz short locret_1358 push rbp cmp cs:__cxa_finalize_ptr, 0 mov rbp, rsp jz short loc_1347 mov rdi, cs:__dso_handle ; void * call __cxa_finalize loc_1347: ; CODE XREF: __do_global_dtors_aux+19↑j call deregister_tm_clones mov cs:__bss_start, 1 pop rbp retn ; --------------------------------------------------------------------------- align 8 locret_1358: ; CODE XREF: __do_global_dtors_aux+B↑j retn __do_global_dtors_aux endp ; --------------------------------------------------------------------------- align 20h ; =============== S U B R O U T I N E ======================================= frame_dummy proc near ; CODE XREF: __libc_csu_init+49↓p ; DATA XREF: .init_array:__frame_dummy_init_array_entry↓o endbr64 jmp register_tm_clones frame_dummy endp ; =============== S U B R O U T I N E ======================================= ; Attributes: bp-based frame ; __int64 sus(void) public sus sus proc near ; CODE XREF: main+1B0↓p endptr = qword ptr -68h haystack = qword ptr -60h stream = qword ptr -58h off = qword ptr -50h var_48 = qword ptr -48h var_40 = qword ptr -40h ptr = qword ptr -38h var_30 = qword ptr -30h s = byte ptr -22h dest = byte ptr -15h var_8 = qword ptr -8 ; __unwind { endbr64 push rbp mov rbp, rsp sub rsp, 70h mov rax, fs:28h mov [rbp+var_8], rax xor eax, eax mov edi, 12Ch ; size call _malloc mov [rbp+haystack], rax lea rax, [rbp+s] mov edx, 0Dh ; n mov esi, 0 ; c mov rdi, rax ; s call _memset lea rax, [rbp+dest] mov edx, 0Dh ; n mov esi, 0 ; c mov rdi, rax ; s call _memset lea rsi, modes ; "r" lea rdi, filename ; "/proc/self/maps" call _fopen mov [rbp+stream], rax jmp short loc_1402 ; --------------------------------------------------------------------------- loc_13D7: ; CODE XREF: sus+AF↓j mov rax, [rbp+haystack] mov edx, 8 ; n mov esi, 0 ; c mov rdi, rax ; s call _memset mov rdx, [rbp+stream] ; stream mov rax, [rbp+haystack] mov esi, 96h ; n mov rdi, rax ; s call _fgets loc_1402: ; CODE XREF: sus+6C↑j mov rax, [rbp+haystack] lea rsi, needle ; "[st" mov rdi, rax ; haystack call _strstr test rax, rax jz short loc_13D7 mov rax, [rbp+stream] mov rdi, rax ; stream call _fclose mov rcx, [rbp+haystack] lea rax, [rbp+s] mov edx, 0Ch ; n mov rsi, rcx ; src mov rdi, rax ; dest call _strncpy mov rax, [rbp+haystack] lea rcx, [rax+0Dh] lea rax, [rbp+dest] mov edx, 0Ch ; n mov rsi, rcx ; src mov rdi, rax ; dest call _strncpy lea rcx, [rbp+endptr] lea rax, [rbp+s] mov edx, 10h ; base mov rsi, rcx ; endptr mov rdi, rax ; nptr call _strtoll mov [rbp+off], rax lea rcx, [rbp+endptr] lea rax, [rbp+dest] mov edx, 10h ; base mov rsi, rcx ; endptr mov rdi, rax ; nptr call _strtoll mov [rbp+var_48], rax lea rsi, modes ; "r" lea rdi, aProcSelfMem ; "/proc/self/mem" call _fopen mov [rbp+var_40], rax mov rcx, [rbp+off] mov rax, [rbp+var_40] mov edx, 0 ; whence mov rsi, rcx ; off mov rdi, rax ; stream call _fseek mov rax, [rbp+var_48] sub rax, [rbp+off] add rax, 1 mov rdi, rax ; size call _malloc mov [rbp+ptr], rax mov rax, [rbp+var_48] sub rax, [rbp+off] lea rsi, [rax+1] ; size mov rdx, [rbp+var_40] mov rax, [rbp+ptr] mov rcx, rdx ; stream mov edx, 1 ; n mov rdi, rax ; ptr call _fread mov rax, [rbp+var_40] mov rdi, rax ; stream call _fclose lea rsi, aW ; "w" lea rdi, aDump ; "./dump" call _fopen mov [rbp+var_30], rax mov rax, [rbp+var_48] sub rax, [rbp+off] lea rsi, [rax+1] ; size mov rdx, [rbp+var_30] mov rax, [rbp+ptr] mov rcx, rdx ; s mov edx, 1 ; n mov rdi, rax ; ptr call _fwrite mov rax, [rbp+var_30] mov rdi, rax ; stream call _fclose nop mov rax, [rbp+var_8] xor rax, fs:28h jz short locret_1565 call ___stack_chk_fail ; --------------------------------------------------------------------------- locret_1565: ; CODE XREF: sus+1F5↑j leave retn ; } // starts at 1369 sus endp ; =============== S U B R O U T I N E ======================================= ; Attributes: bp-based frame ; int __cdecl main(int argc, const char **argv, const char **envp) public main main proc near ; DATA XREF: _start+21↑o var_BC = dword ptr -0BCh var_B8 = dword ptr -0B8h var_B4 = dword ptr -0B4h stream = qword ptr -0B0h ptr = qword ptr -0A8h s = byte ptr -0A0h var_50 = byte ptr -50h var_8 = qword ptr -8 ; __unwind { endbr64 push rbp mov rbp, rsp sub rsp, 0C0h mov rax, fs:28h mov [rbp+var_8], rax xor eax, eax lea rsi, modes ; "r" lea rdi, aSomethingsecre ; "./somethingSecret.txt" call _fopen mov [rbp+stream], rax mov edi, 4Ch ; 'L' ; size call _malloc mov [rbp+ptr], rax mov rdx, [rbp+stream] mov rax, [rbp+ptr] mov rcx, rdx ; stream mov edx, 1 ; n mov esi, 42h ; 'B' ; size mov rdi, rax ; ptr call _fread mov rax, [rbp+stream] mov rdi, rax ; stream call _fclose lea rdi, s ; "Oh no, someone leaked something..." call _puts lea rax, [rbp+s] mov edx, 42h ; 'B' ; n mov esi, 0 ; c mov rdi, rax ; s call _memset lea rax, [rbp+var_50] mov edx, 42h ; 'B' ; n mov esi, 0 ; c mov rdi, rax ; s call _memset mov edi, 0 ; timer call _time mov edi, eax ; seed call _srand mov [rbp+var_BC], 0 jmp short loc_1657 ; --------------------------------------------------------------------------- loc_163A: ; CODE XREF: main+F7↓j call _rand mov edx, eax mov eax, [rbp+var_BC] cdqe mov [rbp+rax+s], dl add [rbp+var_BC], 1 loc_1657: ; CODE XREF: main+D1↑j cmp [rbp+var_BC], 41h ; 'A' jle short loc_163A mov [rbp+var_B8], 0 jmp short loc_16BD ; --------------------------------------------------------------------------- loc_166C: ; CODE XREF: main+15D↓j mov eax, [rbp+var_B8] movsxd rdx, eax mov rax, [rbp+ptr] add rax, rdx movzx edx, byte ptr [rax] mov eax, [rbp+var_B8] cdqe movzx eax, [rbp+rax+s] xor eax, edx mov edx, eax mov eax, [rbp+var_B8] cdqe movzx eax, [rbp+rax+s] add eax, edx mov edx, eax mov eax, [rbp+var_B8] cdqe mov [rbp+rax+var_50], dl add [rbp+var_B8], 1 loc_16BD: ; CODE XREF: main+103↑j cmp [rbp+var_B8], 41h ; 'A' jle short loc_166C mov [rbp+var_B4], 0 jmp short loc_16FF ; --------------------------------------------------------------------------- loc_16D2: ; CODE XREF: main+19F↓j mov eax, [rbp+var_B4] cdqe movzx eax, [rbp+rax+var_50] movsx eax, al movzx eax, al mov esi, eax lea rdi, format ; "%02X " mov eax, 0 call _printf add [rbp+var_B4], 1 loc_16FF: ; CODE XREF: main+169↑j cmp [rbp+var_B4], 2 jle short loc_16D2 mov edi, 0Ah ; c call _putchar mov eax, 0 call sus mov eax, 0 mov rcx, [rbp+var_8] xor rcx, fs:28h jz short locret_1735 call ___stack_chk_fail ; --------------------------------------------------------------------------- locret_1735: ; CODE XREF: main+1C7↑j leave retn ; } // starts at 1567 main endp ; --------------------------------------------------------------------------- align 20h ; =============== S U B R O U T I N E ======================================= ; void _libc_csu_init(void) public __libc_csu_init __libc_csu_init proc near ; DATA XREF: _start+1A↑o ; __unwind { endbr64 push r15 lea r15, __frame_dummy_init_array_entry push r14 mov r14, rdx push r13 mov r13, rsi push r12 mov r12d, edi push rbp lea rbp, __do_global_dtors_aux_fini_array_entry push rbx sub rbp, r15 sub rsp, 8 call _init_proc sar rbp, 3 jz short loc_1796 xor ebx, ebx nop dword ptr [rax+00000000h] loc_1780: ; CODE XREF: __libc_csu_init+54↓j mov rdx, r14 mov rsi, r13 mov edi, r12d call ds:(__frame_dummy_init_array_entry - 3D30h)[r15+rbx*8] add rbx, 1 cmp rbp, rbx jnz short loc_1780 loc_1796: ; CODE XREF: __libc_csu_init+35↑j add rsp, 8 pop rbx pop rbp pop r12 pop r13 pop r14 pop r15 retn ; } // starts at 1740 __libc_csu_init endp ; --------------------------------------------------------------------------- align 10h ; =============== S U B R O U T I N E ======================================= ; void _libc_csu_fini(void) public __libc_csu_fini __libc_csu_fini proc near ; DATA XREF: _start+13↑o ; __unwind { endbr64 retn ; } // starts at 17B0 __libc_csu_fini endp _text ends ; =========================================================================== ; Segment type: Pure code ; Segment permissions: Read/Execute LOAD segment mempage public 'CODE' use64 assume cs:LOAD ;org 17B5h assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing align 8 LOAD ends ; =========================================================================== ; Segment type: Pure code ; Segment permissions: Read/Execute _fini segment dword public 'CODE' use64 assume cs:_fini ;org 17B8h assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing ; =============== S U B R O U T I N E ======================================= public _term_proc _term_proc proc near endbr64 ; _fini sub rsp, 8 add rsp, 8 retn _term_proc endp _fini ends ; =========================================================================== ; Segment type: Pure data ; Segment permissions: Read _rodata segment qword public 'CONST' use64 assume cs:_rodata ;org 2000h public _IO_stdin_used _IO_stdin_used db 1 ; DATA XREF: LOAD:0000000000000130↑o db 0 db 2 db 0 db 0 db 0 db 0 db 0 ; const char modes[2] modes db 'r',0 ; DATA XREF: sus+55↑o ; sus+129↑o ... ; const char filename[] filename db '/proc/self/maps',0 ; DATA XREF: sus+5C↑o ; const char needle[] needle db '[st',0 ; DATA XREF: sus+9D↑o ; const char aProcSelfMem[] aProcSelfMem db '/proc/self/mem',0 ; DATA XREF: sus+130↑o ; const char aW[] aW db 'w',0 ; DATA XREF: sus+1A0↑o ; const char aDump[] aDump db './dump',0 ; DATA XREF: sus+1A7↑o ; const char aSomethingsecre[] aSomethingsecre db './somethingSecret.txt',0 ; DATA XREF: main+25↑o align 10h ; const char s[] s db 'Oh no, someone leaked something...',0 ; DATA XREF: main+7B↑o ; const char format[] format db '%02X ',0 ; DATA XREF: main+180↑o _rodata ends ; =========================================================================== ; Segment type: Pure data ; Segment permissions: Read LOAD segment mempage public 'DATA' use64 assume cs:LOAD ;org 2079h align 4 LOAD ends ; =========================================================================== ; Segment type: Pure data ; Segment permissions: Read _eh_frame_hdr segment dword public 'CONST' use64 assume cs:_eh_frame_hdr ;org 207Ch __GNU_EH_FRAME_HDR db 1 ; DATA XREF: LOAD:0000000000000280↑o db 1Bh db 3 db 3Bh ; ; db 48h ; H db 0 db 0 db 0 db 8 db 0 db 0 db 0 db 0A4h db 0EFh db 0FFh db 0FFh db 7Ch ; | db 0 db 0 db 0 db 0D4h db 0F0h db 0FFh db 0FFh db 0A4h db 0 db 0 db 0 db 0E4h db 0F0h db 0FFh db 0FFh db 0BCh db 0 db 0 db 0 db 4 db 0F2h db 0FFh db 0FFh db 64h ; d db 0 db 0 db 0 db 0EDh db 0F2h db 0FFh db 0FFh db 0D4h db 0 db 0 db 0 db 0EBh db 0F4h db 0FFh db 0FFh db 0F4h db 0 db 0 db 0 db 0C4h db 0F6h db 0FFh db 0FFh db 14h db 1 db 0 db 0 db 34h ; 4 db 0F7h db 0FFh db 0FFh db 5Ch ; \ db 1 db 0 db 0 _eh_frame_hdr ends ; =========================================================================== ; Segment type: Pure data ; Segment permissions: Read _eh_frame segment qword public 'CONST' use64 assume cs:_eh_frame ;org 20C8h db 14h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1 db 7Ah ; z db 52h ; R db 0 db 1 db 78h ; x db 10h db 1 db 1Bh db 0Ch db 7 db 8 db 90h db 1 db 0 db 0 db 14h db 0 db 0 db 0 db 1Ch db 0 db 0 db 0 db 98h db 0F1h db 0FFh db 0FFh db 2Fh ; / db 0 db 0 db 0 db 0 db 44h ; D db 7 db 10h db 0 db 0 db 0 db 0 db 24h ; $ db 0 db 0 db 0 db 34h ; 4 db 0 db 0 db 0 db 20h db 0EFh db 0FFh db 0FFh db 30h ; 0 db 1 db 0 db 0 db 0 db 0Eh db 10h db 46h ; F db 0Eh db 18h db 4Ah ; J db 0Fh db 0Bh db 77h ; w db 8 db 80h db 0 db 3Fh ; ? db 1Ah db 3Ah ; : db 2Ah ; * db 33h ; 3 db 24h ; $ db 22h ; " db 0 db 0 db 0 db 0 db 14h db 0 db 0 db 0 db 5Ch ; \ db 0 db 0 db 0 db 28h ; ( db 0F0h db 0FFh db 0FFh db 10h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 14h db 0 db 0 db 0 db 74h ; t db 0 db 0 db 0 db 20h db 0F0h db 0FFh db 0FFh db 20h db 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1Ch db 0 db 0 db 0 db 8Ch db 0 db 0 db 0 db 11h db 0F2h db 0FFh db 0FFh db 0FEh db 1 db 0 db 0 db 0 db 45h ; E db 0Eh db 10h db 86h db 2 db 43h ; C db 0Dh db 6 db 3 db 0F5h db 1 db 0Ch db 7 db 8 db 0 db 1Ch db 0 db 0 db 0 db 0ACh db 0 db 0 db 0 db 0EFh db 0F3h db 0FFh db 0FFh db 0D0h db 1 db 0 db 0 db 0 db 45h ; E db 0Eh db 10h db 86h db 2 db 43h ; C db 0Dh db 6 db 3 db 0C7h db 1 db 0Ch db 7 db 8 db 0 db 44h ; D db 0 db 0 db 0 db 0CCh db 0 db 0 db 0 db 0A8h db 0F5h db 0FFh db 0FFh db 65h ; e db 0 db 0 db 0 db 0 db 46h ; F db 0Eh db 10h db 8Fh db 2 db 49h ; I db 0Eh db 18h db 8Eh db 3 db 45h ; E db 0Eh db 20h db 8Dh db 4 db 45h ; E db 0Eh db 28h ; ( db 8Ch db 5 db 44h ; D db 0Eh db 30h ; 0 db 86h db 6 db 48h ; H db 0Eh db 38h ; 8 db 83h db 7 db 47h ; G db 0Eh db 40h ; @ db 6Eh ; n db 0Eh db 38h ; 8 db 41h ; A db 0Eh db 30h ; 0 db 41h ; A db 0Eh db 28h ; ( db 42h ; B db 0Eh db 20h db 42h ; B db 0Eh db 18h db 42h ; B db 0Eh db 10h db 42h ; B db 0Eh db 8 db 0 db 10h db 0 db 0 db 0 db 14h db 1 db 0 db 0 db 0D0h db 0F5h db 0FFh db 0FFh db 5 db 0 db 0 db 0 db 0 db 0 db 0 db 0 __FRAME_END__ db 0 db 0 db 0 db 0 _eh_frame ends ; ELF Initialization Function Table ; =========================================================================== ; Segment type: Pure data ; Segment permissions: Read/Write _init_array segment qword public 'DATA' use64 assume cs:_init_array ;org 3D30h __frame_dummy_init_array_entry dq offset frame_dummy ; DATA XREF: LOAD:0000000000000168↑o ; LOAD:00000000000002F0↑o ... _init_array ends ; Alternative name is '__init_array_start' ; ELF Termination Function Table ; =========================================================================== ; Segment type: Pure data ; Segment permissions: Read/Write _fini_array segment qword public 'DATA' use64 assume cs:_fini_array ;org 3D38h __do_global_dtors_aux_fini_array_entry dq offset __do_global_dtors_aux ; DATA XREF: __libc_csu_init+1D↑o _fini_array ends ; Alternative name is '__init_array_end' ; ELF Dynamic Information ; =========================================================================== ; Segment type: Pure data ; Segment permissions: Read/Write LOAD segment mempage public 'DATA' use64 assume cs:LOAD ;org 3D40h _DYNAMIC Elf64_Dyn <1, 1> ; DATA XREF: LOAD:00000000000001A0↑o ; .got:_GLOBAL_OFFSET_TABLE_↓o ; DT_NEEDED libc.so.6 Elf64_Dyn <0Ch, 1000h> ; DT_INIT Elf64_Dyn <0Dh, 17B8h> ; DT_FINI Elf64_Dyn <19h, 3D30h> ; DT_INIT_ARRAY Elf64_Dyn <1Bh, 8> ; DT_INIT_ARRAYSZ Elf64_Dyn <1Ah, 3D38h> ; DT_FINI_ARRAY Elf64_Dyn <1Ch, 8> ; DT_FINI_ARRAYSZ Elf64_Dyn <6FFFFEF5h, 3A0h> ; DT_GNU_HASH Elf64_Dyn <5, 608h> ; DT_STRTAB Elf64_Dyn <6, 3C8h> ; DT_SYMTAB Elf64_Dyn <0Ah, 102h> ; DT_STRSZ Elf64_Dyn <0Bh, 18h> ; DT_SYMENT Elf64_Dyn <15h, 0> ; DT_DEBUG Elf64_Dyn <3, 3F30h> ; DT_PLTGOT Elf64_Dyn <2, 1B0h> ; DT_PLTRELSZ Elf64_Dyn <14h, 7> ; DT_PLTREL Elf64_Dyn <17h, 830h> ; DT_JMPREL Elf64_Dyn <7, 770h> ; DT_RELA Elf64_Dyn <8, 0C0h> ; DT_RELASZ Elf64_Dyn <9, 18h> ; DT_RELAENT Elf64_Dyn <1Eh, 8> ; DT_FLAGS Elf64_Dyn <6FFFFFFBh, 8000001h> ; DT_FLAGS_1 Elf64_Dyn <6FFFFFFEh, 740h> ; DT_VERNEED Elf64_Dyn <6FFFFFFFh, 1> ; DT_VERNEEDNUM Elf64_Dyn <6FFFFFF0h, 70Ah> ; DT_VERSYM Elf64_Dyn <6FFFFFF9h, 3> ; DT_RELACOUNT Elf64_Dyn <0> ; DT_NULL db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 LOAD ends ; =========================================================================== ; Segment type: Pure data ; Segment permissions: Read/Write _got segment qword public 'DATA' use64 assume cs:_got ;org 3F30h _GLOBAL_OFFSET_TABLE_ dq offset _DYNAMIC qword_3F38 dq 0 ; DATA XREF: sub_1020↑r qword_3F40 dq 0 ; DATA XREF: sub_1020+6↑r putchar_ptr dq offset putchar ; DATA XREF: _putchar+4↑r strncpy_ptr dq offset strncpy ; DATA XREF: _strncpy+4↑r puts_ptr dq offset puts ; DATA XREF: _puts+4↑r fread_ptr dq offset fread ; DATA XREF: _fread+4↑r fclose_ptr dq offset fclose ; DATA XREF: _fclose+4↑r __stack_chk_fail_ptr dq offset __stack_chk_fail ; DATA XREF: ___stack_chk_fail+4↑r printf_ptr dq offset printf ; DATA XREF: _printf+4↑r memset_ptr dq offset memset ; DATA XREF: _memset+4↑r srand_ptr dq offset srand ; DATA XREF: _srand+4↑r fgets_ptr dq offset fgets ; DATA XREF: _fgets+4↑r strtoll_ptr dq offset strtoll ; DATA XREF: _strtoll+4↑r time_ptr dq offset time ; DATA XREF: _time+4↑r malloc_ptr dq offset malloc ; DATA XREF: _malloc+4↑r fseek_ptr dq offset fseek ; DATA XREF: _fseek+4↑r fopen_ptr dq offset fopen ; DATA XREF: _fopen+4↑r fwrite_ptr dq offset fwrite ; DATA XREF: _fwrite+4↑r strstr_ptr dq offset strstr ; DATA XREF: _strstr+4↑r rand_ptr dq offset rand ; DATA XREF: _rand+4↑r _ITM_deregisterTMCloneTable_ptr dq offset _ITM_deregisterTMCloneTable ; DATA XREF: deregister_tm_clones+13↑r __libc_start_main_ptr dq offset __libc_start_main ; DATA XREF: _start+28↑r __gmon_start___ptr dq offset __gmon_start__ ; DATA XREF: _init_proc+8↑r _ITM_registerTMCloneTable_ptr dq offset _ITM_registerTMCloneTable ; DATA XREF: register_tm_clones+24↑r __cxa_finalize_ptr dq offset __imp___cxa_finalize ; DATA XREF: __cxa_finalize+4↑r ; __do_global_dtors_aux+E↑r _got ends ; =========================================================================== ; Segment type: Pure data ; Segment permissions: Read/Write _data segment qword public 'DATA' use64 assume cs:_data ;org 4000h public __data_start ; weak __data_start db 0 ; Alternative name is '__data_start' ; data_start db 0 db 0 db 0 db 0 db 0 db 0 db 0 public __dso_handle ; void *_dso_handle __dso_handle dq offset __dso_handle ; DATA XREF: __do_global_dtors_aux+1B↑r ; .data:__dso_handle↓o _data ends ; =========================================================================== ; Segment type: Uninitialized ; Segment permissions: Read/Write _bss segment byte public 'BSS' use64 assume cs:_bss ;org 4010h assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing public __bss_start __bss_start db ? ; DATA XREF: deregister_tm_clones↑o ; deregister_tm_clones+7↑o ... ; Alternative name is '__TMC_END__' ; completed.8061 ; _edata align 8 _bss ends ; =========================================================================== ; Segment type: Zero-length _prgend segment byte public '' use64 _end label byte _prgend ends ; =========================================================================== ; Segment type: Externs ; extern ; int putchar(int c) extrn putchar:near ; CODE XREF: _putchar+4↑j ; DATA XREF: .got:putchar_ptr↑o ; char *strncpy(char *dest, const char *src, size_t n) extrn strncpy:near ; CODE XREF: _strncpy+4↑j ; DATA XREF: .got:strncpy_ptr↑o ; int puts(const char *s) extrn puts:near ; CODE XREF: _puts+4↑j ; DATA XREF: .got:puts_ptr↑o ; size_t fread(void *ptr, size_t size, size_t n, FILE *stream) extrn fread:near ; CODE XREF: _fread+4↑j ; DATA XREF: .got:fread_ptr↑o ; int fclose(FILE *stream) extrn fclose:near ; CODE XREF: _fclose+4↑j ; DATA XREF: .got:fclose_ptr↑o extrn __stack_chk_fail:near ; CODE XREF: ___stack_chk_fail+4↑j ; DATA XREF: .got:__stack_chk_fail_ptr↑o ; int printf(const char *format, ...) extrn printf:near ; CODE XREF: _printf+4↑j ; DATA XREF: .got:printf_ptr↑o ; void *memset(void *s, int c, size_t n) extrn memset:near ; CODE XREF: _memset+4↑j ; DATA XREF: .got:memset_ptr↑o ; int __fastcall _libc_start_main(int (__fastcall *main)(int, char **, char **), int argc, char **ubp_av, void (*init)(void), void (*fini)(void), void (*rtld_fini)(void), void *stack_end) extrn __libc_start_main:near ; CODE XREF: _start+28↑p ; DATA XREF: .got:__libc_start_main_ptr↑o ; void srand(unsigned int seed) extrn srand:near ; CODE XREF: _srand+4↑j ; DATA XREF: .got:srand_ptr↑o ; char *fgets(char *s, int n, FILE *stream) extrn fgets:near ; CODE XREF: _fgets+4↑j ; DATA XREF: .got:fgets_ptr↑o ; __int64 strtoll(const char *nptr, char **endptr, int base) extrn strtoll:near ; CODE XREF: _strtoll+4↑j ; DATA XREF: .got:strtoll_ptr↑o ; time_t time(time_t *timer) extrn time:near ; CODE XREF: _time+4↑j ; DATA XREF: .got:time_ptr↑o ; void *malloc(size_t size) extrn malloc:near ; CODE XREF: _malloc+4↑j ; DATA XREF: .got:malloc_ptr↑o ; int fseek(FILE *stream, __int64 off, int whence) extrn fseek:near ; CODE XREF: _fseek+4↑j ; DATA XREF: .got:fseek_ptr↑o ; FILE *fopen(const char *filename, const char *modes) extrn fopen:near ; CODE XREF: _fopen+4↑j ; DATA XREF: .got:fopen_ptr↑o ; size_t fwrite(const void *ptr, size_t size, size_t n, FILE *s) extrn fwrite:near ; CODE XREF: _fwrite+4↑j ; DATA XREF: .got:fwrite_ptr↑o ; char *strstr(const char *haystack, const char *needle) extrn strstr:near ; CODE XREF: _strstr+4↑j ; DATA XREF: .got:strstr_ptr↑o ; int rand(void) extrn rand:near ; CODE XREF: _rand+4↑j ; DATA XREF: .got:rand_ptr↑o ; int __fastcall __cxa_finalize(void *) extrn __imp___cxa_finalize:near ; weak ; CODE XREF: __cxa_finalize+4↑j ; DATA XREF: .got:__cxa_finalize_ptr↑o extrn _ITM_deregisterTMCloneTable ; weak ; DATA XREF: .got:_ITM_deregisterTMCloneTable_ptr↑o extrn __gmon_start__:near ; weak ; CODE XREF: _init_proc+14↑p ; DATA XREF: .got:__gmon_start___ptr↑o extrn _ITM_registerTMCloneTable ; weak ; DATA XREF: .got:_ITM_registerTMCloneTable_ptr↑o end _start