我的汇编代码¶
bomb.asm¶
完整的汇编代码
bomb: file format elf64-x86-64
Disassembly of section .init:
0000000000001000 <_init>:
1000: f3 0f 1e fa endbr64
1004: 48 83 ec 08 sub $0x8,%rsp
1008: 48 8b 05 d9 3f 00 00 mov 0x3fd9(%rip),%rax # 4fe8 <__gmon_start__>
100f: 48 85 c0 test %rax,%rax
1012: 74 02 je 1016 <_init+0x16>
1014: ff d0 callq *%rax
1016: 48 83 c4 08 add $0x8,%rsp
101a: c3 retq
Disassembly of section .plt:
0000000000001020 <.plt>:
1020: ff 35 da 3e 00 00 pushq 0x3eda(%rip) # 4f00 <_GLOBAL_OFFSET_TABLE_+0x8>
1026: f2 ff 25 db 3e 00 00 bnd jmpq *0x3edb(%rip) # 4f08 <_GLOBAL_OFFSET_TABLE_+0x10>
102d: 0f 1f 00 nopl (%rax)
1030: f3 0f 1e fa endbr64
1034: 68 00 00 00 00 pushq $0x0
1039: f2 e9 e1 ff ff ff bnd jmpq 1020 <.plt>
103f: 90 nop
1040: f3 0f 1e fa endbr64
1044: 68 01 00 00 00 pushq $0x1
1049: f2 e9 d1 ff ff ff bnd jmpq 1020 <.plt>
104f: 90 nop
1050: f3 0f 1e fa endbr64
1054: 68 02 00 00 00 pushq $0x2
1059: f2 e9 c1 ff ff ff bnd jmpq 1020 <.plt>
105f: 90 nop
1060: f3 0f 1e fa endbr64
1064: 68 03 00 00 00 pushq $0x3
1069: f2 e9 b1 ff ff ff bnd jmpq 1020 <.plt>
106f: 90 nop
1070: f3 0f 1e fa endbr64
1074: 68 04 00 00 00 pushq $0x4
1079: f2 e9 a1 ff ff ff bnd jmpq 1020 <.plt>
107f: 90 nop
1080: f3 0f 1e fa endbr64
1084: 68 05 00 00 00 pushq $0x5
1089: f2 e9 91 ff ff ff bnd jmpq 1020 <.plt>
108f: 90 nop
1090: f3 0f 1e fa endbr64
1094: 68 06 00 00 00 pushq $0x6
1099: f2 e9 81 ff ff ff bnd jmpq 1020 <.plt>
109f: 90 nop
10a0: f3 0f 1e fa endbr64
10a4: 68 07 00 00 00 pushq $0x7
10a9: f2 e9 71 ff ff ff bnd jmpq 1020 <.plt>
10af: 90 nop
10b0: f3 0f 1e fa endbr64
10b4: 68 08 00 00 00 pushq $0x8
10b9: f2 e9 61 ff ff ff bnd jmpq 1020 <.plt>
10bf: 90 nop
10c0: f3 0f 1e fa endbr64
10c4: 68 09 00 00 00 pushq $0x9
10c9: f2 e9 51 ff ff ff bnd jmpq 1020 <.plt>
10cf: 90 nop
10d0: f3 0f 1e fa endbr64
10d4: 68 0a 00 00 00 pushq $0xa
10d9: f2 e9 41 ff ff ff bnd jmpq 1020 <.plt>
10df: 90 nop
10e0: f3 0f 1e fa endbr64
10e4: 68 0b 00 00 00 pushq $0xb
10e9: f2 e9 31 ff ff ff bnd jmpq 1020 <.plt>
10ef: 90 nop
10f0: f3 0f 1e fa endbr64
10f4: 68 0c 00 00 00 pushq $0xc
10f9: f2 e9 21 ff ff ff bnd jmpq 1020 <.plt>
10ff: 90 nop
1100: f3 0f 1e fa endbr64
1104: 68 0d 00 00 00 pushq $0xd
1109: f2 e9 11 ff ff ff bnd jmpq 1020 <.plt>
110f: 90 nop
1110: f3 0f 1e fa endbr64
1114: 68 0e 00 00 00 pushq $0xe
1119: f2 e9 01 ff ff ff bnd jmpq 1020 <.plt>
111f: 90 nop
1120: f3 0f 1e fa endbr64
1124: 68 0f 00 00 00 pushq $0xf
1129: f2 e9 f1 fe ff ff bnd jmpq 1020 <.plt>
112f: 90 nop
1130: f3 0f 1e fa endbr64
1134: 68 10 00 00 00 pushq $0x10
1139: f2 e9 e1 fe ff ff bnd jmpq 1020 <.plt>
113f: 90 nop
1140: f3 0f 1e fa endbr64
1144: 68 11 00 00 00 pushq $0x11
1149: f2 e9 d1 fe ff ff bnd jmpq 1020 <.plt>
114f: 90 nop
1150: f3 0f 1e fa endbr64
1154: 68 12 00 00 00 pushq $0x12
1159: f2 e9 c1 fe ff ff bnd jmpq 1020 <.plt>
115f: 90 nop
1160: f3 0f 1e fa endbr64
1164: 68 13 00 00 00 pushq $0x13
1169: f2 e9 b1 fe ff ff bnd jmpq 1020 <.plt>
116f: 90 nop
1170: f3 0f 1e fa endbr64
1174: 68 14 00 00 00 pushq $0x14
1179: f2 e9 a1 fe ff ff bnd jmpq 1020 <.plt>
117f: 90 nop
1180: f3 0f 1e fa endbr64
1184: 68 15 00 00 00 pushq $0x15
1189: f2 e9 91 fe ff ff bnd jmpq 1020 <.plt>
118f: 90 nop
1190: f3 0f 1e fa endbr64
1194: 68 16 00 00 00 pushq $0x16
1199: f2 e9 81 fe ff ff bnd jmpq 1020 <.plt>
119f: 90 nop
11a0: f3 0f 1e fa endbr64
11a4: 68 17 00 00 00 pushq $0x17
11a9: f2 e9 71 fe ff ff bnd jmpq 1020 <.plt>
11af: 90 nop
11b0: f3 0f 1e fa endbr64
11b4: 68 18 00 00 00 pushq $0x18
11b9: f2 e9 61 fe ff ff bnd jmpq 1020 <.plt>
11bf: 90 nop
Disassembly of section .plt.got:
00000000000011c0 <__cxa_finalize@plt>:
11c0: f3 0f 1e fa endbr64
11c4: f2 ff 25 2d 3e 00 00 bnd jmpq *0x3e2d(%rip) # 4ff8 <__cxa_finalize@GLIBC_2.2.5>
11cb: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
Disassembly of section .plt.sec:
00000000000011d0 <getenv@plt>:
11d0: f3 0f 1e fa endbr64
11d4: f2 ff 25 35 3d 00 00 bnd jmpq *0x3d35(%rip) # 4f10 <getenv@GLIBC_2.2.5>
11db: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
00000000000011e0 <__errno_location@plt>:
11e0: f3 0f 1e fa endbr64
11e4: f2 ff 25 2d 3d 00 00 bnd jmpq *0x3d2d(%rip) # 4f18 <__errno_location@GLIBC_2.2.5>
11eb: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
00000000000011f0 <strcpy@plt>:
11f0: f3 0f 1e fa endbr64
11f4: f2 ff 25 25 3d 00 00 bnd jmpq *0x3d25(%rip) # 4f20 <strcpy@GLIBC_2.2.5>
11fb: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000001200 <puts@plt>:
1200: f3 0f 1e fa endbr64
1204: f2 ff 25 1d 3d 00 00 bnd jmpq *0x3d1d(%rip) # 4f28 <puts@GLIBC_2.2.5>
120b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000001210 <write@plt>:
1210: f3 0f 1e fa endbr64
1214: f2 ff 25 15 3d 00 00 bnd jmpq *0x3d15(%rip) # 4f30 <write@GLIBC_2.2.5>
121b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000001220 <__stack_chk_fail@plt>:
1220: f3 0f 1e fa endbr64
1224: f2 ff 25 0d 3d 00 00 bnd jmpq *0x3d0d(%rip) # 4f38 <__stack_chk_fail@GLIBC_2.4>
122b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000001230 <alarm@plt>:
1230: f3 0f 1e fa endbr64
1234: f2 ff 25 05 3d 00 00 bnd jmpq *0x3d05(%rip) # 4f40 <alarm@GLIBC_2.2.5>
123b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000001240 <close@plt>:
1240: f3 0f 1e fa endbr64
1244: f2 ff 25 fd 3c 00 00 bnd jmpq *0x3cfd(%rip) # 4f48 <close@GLIBC_2.2.5>
124b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000001250 <read@plt>:
1250: f3 0f 1e fa endbr64
1254: f2 ff 25 f5 3c 00 00 bnd jmpq *0x3cf5(%rip) # 4f50 <read@GLIBC_2.2.5>
125b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000001260 <fgets@plt>:
1260: f3 0f 1e fa endbr64
1264: f2 ff 25 ed 3c 00 00 bnd jmpq *0x3ced(%rip) # 4f58 <fgets@GLIBC_2.2.5>
126b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000001270 <signal@plt>:
1270: f3 0f 1e fa endbr64
1274: f2 ff 25 e5 3c 00 00 bnd jmpq *0x3ce5(%rip) # 4f60 <signal@GLIBC_2.2.5>
127b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000001280 <gethostbyname@plt>:
1280: f3 0f 1e fa endbr64
1284: f2 ff 25 dd 3c 00 00 bnd jmpq *0x3cdd(%rip) # 4f68 <gethostbyname@GLIBC_2.2.5>
128b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000001290 <__memmove_chk@plt>:
1290: f3 0f 1e fa endbr64
1294: f2 ff 25 d5 3c 00 00 bnd jmpq *0x3cd5(%rip) # 4f70 <__memmove_chk@GLIBC_2.3.4>
129b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
00000000000012a0 <strtol@plt>:
12a0: f3 0f 1e fa endbr64
12a4: f2 ff 25 cd 3c 00 00 bnd jmpq *0x3ccd(%rip) # 4f78 <strtol@GLIBC_2.2.5>
12ab: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
00000000000012b0 <fflush@plt>:
12b0: f3 0f 1e fa endbr64
12b4: f2 ff 25 c5 3c 00 00 bnd jmpq *0x3cc5(%rip) # 4f80 <fflush@GLIBC_2.2.5>
12bb: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
00000000000012c0 <__isoc99_sscanf@plt>:
12c0: f3 0f 1e fa endbr64
12c4: f2 ff 25 bd 3c 00 00 bnd jmpq *0x3cbd(%rip) # 4f88 <__isoc99_sscanf@GLIBC_2.7>
12cb: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
00000000000012d0 <__printf_chk@plt>:
12d0: f3 0f 1e fa endbr64
12d4: f2 ff 25 b5 3c 00 00 bnd jmpq *0x3cb5(%rip) # 4f90 <__printf_chk@GLIBC_2.3.4>
12db: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
00000000000012e0 <fopen@plt>:
12e0: f3 0f 1e fa endbr64
12e4: f2 ff 25 ad 3c 00 00 bnd jmpq *0x3cad(%rip) # 4f98 <fopen@GLIBC_2.2.5>
12eb: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
00000000000012f0 <exit@plt>:
12f0: f3 0f 1e fa endbr64
12f4: f2 ff 25 a5 3c 00 00 bnd jmpq *0x3ca5(%rip) # 4fa0 <exit@GLIBC_2.2.5>
12fb: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000001300 <connect@plt>:
1300: f3 0f 1e fa endbr64
1304: f2 ff 25 9d 3c 00 00 bnd jmpq *0x3c9d(%rip) # 4fa8 <connect@GLIBC_2.2.5>
130b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000001310 <__fprintf_chk@plt>:
1310: f3 0f 1e fa endbr64
1314: f2 ff 25 95 3c 00 00 bnd jmpq *0x3c95(%rip) # 4fb0 <__fprintf_chk@GLIBC_2.3.4>
131b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000001320 <sleep@plt>:
1320: f3 0f 1e fa endbr64
1324: f2 ff 25 8d 3c 00 00 bnd jmpq *0x3c8d(%rip) # 4fb8 <sleep@GLIBC_2.2.5>
132b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000001330 <__ctype_b_loc@plt>:
1330: f3 0f 1e fa endbr64
1334: f2 ff 25 85 3c 00 00 bnd jmpq *0x3c85(%rip) # 4fc0 <__ctype_b_loc@GLIBC_2.3>
133b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000001340 <__sprintf_chk@plt>:
1340: f3 0f 1e fa endbr64
1344: f2 ff 25 7d 3c 00 00 bnd jmpq *0x3c7d(%rip) # 4fc8 <__sprintf_chk@GLIBC_2.3.4>
134b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000001350 <socket@plt>:
1350: f3 0f 1e fa endbr64
1354: f2 ff 25 75 3c 00 00 bnd jmpq *0x3c75(%rip) # 4fd0 <socket@GLIBC_2.2.5>
135b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
Disassembly of section .text:
0000000000001360 <_start>:
1360: f3 0f 1e fa endbr64
1364: 31 ed xor %ebp,%ebp
1366: 49 89 d1 mov %rdx,%r9
1369: 5e pop %rsi
136a: 48 89 e2 mov %rsp,%rdx
136d: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
1371: 50 push %rax
1372: 54 push %rsp
1373: 4c 8d 05 16 17 00 00 lea 0x1716(%rip),%r8 # 2a90 <__libc_csu_fini>
137a: 48 8d 0d 9f 16 00 00 lea 0x169f(%rip),%rcx # 2a20 <__libc_csu_init>
1381: 48 8d 3d c1 00 00 00 lea 0xc1(%rip),%rdi # 1449 <main>
1388: ff 15 52 3c 00 00 callq *0x3c52(%rip) # 4fe0 <__libc_start_main@GLIBC_2.2.5>
138e: f4 hlt
138f: 90 nop
0000000000001390 <deregister_tm_clones>:
1390: 48 8d 3d c9 42 00 00 lea 0x42c9(%rip),%rdi # 5660 <stdout@@GLIBC_2.2.5>
1397: 48 8d 05 c2 42 00 00 lea 0x42c2(%rip),%rax # 5660 <stdout@@GLIBC_2.2.5>
139e: 48 39 f8 cmp %rdi,%rax
13a1: 74 15 je 13b8 <deregister_tm_clones+0x28>
13a3: 48 8b 05 2e 3c 00 00 mov 0x3c2e(%rip),%rax # 4fd8 <_ITM_deregisterTMCloneTable>
13aa: 48 85 c0 test %rax,%rax
13ad: 74 09 je 13b8 <deregister_tm_clones+0x28>
13af: ff e0 jmpq *%rax
13b1: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
13b8: c3 retq
13b9: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
00000000000013c0 <register_tm_clones>:
13c0: 48 8d 3d 99 42 00 00 lea 0x4299(%rip),%rdi # 5660 <stdout@@GLIBC_2.2.5>
13c7: 48 8d 35 92 42 00 00 lea 0x4292(%rip),%rsi # 5660 <stdout@@GLIBC_2.2.5>
13ce: 48 29 fe sub %rdi,%rsi
13d1: 48 89 f0 mov %rsi,%rax
13d4: 48 c1 ee 3f shr $0x3f,%rsi
13d8: 48 c1 f8 03 sar $0x3,%rax
13dc: 48 01 c6 add %rax,%rsi
13df: 48 d1 fe sar %rsi
13e2: 74 14 je 13f8 <register_tm_clones+0x38>
13e4: 48 8b 05 05 3c 00 00 mov 0x3c05(%rip),%rax # 4ff0 <_ITM_registerTMCloneTable>
13eb: 48 85 c0 test %rax,%rax
13ee: 74 08 je 13f8 <register_tm_clones+0x38>
13f0: ff e0 jmpq *%rax
13f2: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
13f8: c3 retq
13f9: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
0000000000001400 <__do_global_dtors_aux>:
1400: f3 0f 1e fa endbr64
1404: 80 3d 7d 42 00 00 00 cmpb $0x0,0x427d(%rip) # 5688 <completed.8061>
140b: 75 2b jne 1438 <__do_global_dtors_aux+0x38>
140d: 55 push %rbp
140e: 48 83 3d e2 3b 00 00 cmpq $0x0,0x3be2(%rip) # 4ff8 <__cxa_finalize@GLIBC_2.2.5>
1415: 00
1416: 48 89 e5 mov %rsp,%rbp
1419: 74 0c je 1427 <__do_global_dtors_aux+0x27>
141b: 48 8b 3d e6 3b 00 00 mov 0x3be6(%rip),%rdi # 5008 <__dso_handle>
1422: e8 99 fd ff ff callq 11c0 <__cxa_finalize@plt>
1427: e8 64 ff ff ff callq 1390 <deregister_tm_clones>
142c: c6 05 55 42 00 00 01 movb $0x1,0x4255(%rip) # 5688 <completed.8061>
1433: 5d pop %rbp
1434: c3 retq
1435: 0f 1f 00 nopl (%rax)
1438: c3 retq
1439: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
0000000000001440 <frame_dummy>:
1440: f3 0f 1e fa endbr64
1444: e9 77 ff ff ff jmpq 13c0 <register_tm_clones>
0000000000001449 <main>:
1449: f3 0f 1e fa endbr64
144d: 53 push %rbx
144e: 83 ff 01 cmp $0x1,%edi
1451: 0f 84 f8 00 00 00 je 154f <main+0x106>
1457: 48 89 f3 mov %rsi,%rbx
145a: 83 ff 02 cmp $0x2,%edi
145d: 0f 85 21 01 00 00 jne 1584 <main+0x13b>
1463: 48 8b 7e 08 mov 0x8(%rsi),%rdi
1467: 48 8d 35 96 1b 00 00 lea 0x1b96(%rip),%rsi # 3004 <_IO_stdin_used+0x4>
146e: e8 6d fe ff ff callq 12e0 <fopen@plt>
1473: 48 89 05 16 42 00 00 mov %rax,0x4216(%rip) # 5690 <infile>
147a: 48 85 c0 test %rax,%rax
147d: 0f 84 df 00 00 00 je 1562 <main+0x119>
1483: e8 b7 06 00 00 callq 1b3f <initialize_bomb>
1488: 48 8d 3d f9 1b 00 00 lea 0x1bf9(%rip),%rdi # 3088 <_IO_stdin_used+0x88>
148f: e8 6c fd ff ff callq 1200 <puts@plt>
1494: 48 8d 3d 2d 1c 00 00 lea 0x1c2d(%rip),%rdi # 30c8 <_IO_stdin_used+0xc8>
149b: e8 60 fd ff ff callq 1200 <puts@plt>
14a0: e8 bf 07 00 00 callq 1c64 <read_line>
14a5: 48 89 c7 mov %rax,%rdi
14a8: e8 fa 00 00 00 callq 15a7 <phase_1>
14ad: e8 fa 08 00 00 callq 1dac <phase_defused>
14b2: 48 8d 3d 3f 1c 00 00 lea 0x1c3f(%rip),%rdi # 30f8 <_IO_stdin_used+0xf8>
14b9: e8 42 fd ff ff callq 1200 <puts@plt>
14be: e8 a1 07 00 00 callq 1c64 <read_line>
14c3: 48 89 c7 mov %rax,%rdi
14c6: e8 00 01 00 00 callq 15cb <phase_2>
14cb: e8 dc 08 00 00 callq 1dac <phase_defused>
14d0: 48 8d 3d 66 1b 00 00 lea 0x1b66(%rip),%rdi # 303d <_IO_stdin_used+0x3d>
14d7: e8 24 fd ff ff callq 1200 <puts@plt>
14dc: e8 83 07 00 00 callq 1c64 <read_line>
14e1: 48 89 c7 mov %rax,%rdi
14e4: e8 54 01 00 00 callq 163d <phase_3>
14e9: e8 be 08 00 00 callq 1dac <phase_defused>
14ee: 48 8d 3d 66 1b 00 00 lea 0x1b66(%rip),%rdi # 305b <_IO_stdin_used+0x5b>
14f5: e8 06 fd ff ff callq 1200 <puts@plt>
14fa: e8 65 07 00 00 callq 1c64 <read_line>
14ff: 48 89 c7 mov %rax,%rdi
1502: e8 52 02 00 00 callq 1759 <phase_4>
1507: e8 a0 08 00 00 callq 1dac <phase_defused>
150c: 48 8d 3d 15 1c 00 00 lea 0x1c15(%rip),%rdi # 3128 <_IO_stdin_used+0x128>
1513: e8 e8 fc ff ff callq 1200 <puts@plt>
1518: e8 47 07 00 00 callq 1c64 <read_line>
151d: 48 89 c7 mov %rax,%rdi
1520: e8 ad 02 00 00 callq 17d2 <phase_5>
1525: e8 82 08 00 00 callq 1dac <phase_defused>
152a: 48 8d 3d 39 1b 00 00 lea 0x1b39(%rip),%rdi # 306a <_IO_stdin_used+0x6a>
1531: e8 ca fc ff ff callq 1200 <puts@plt>
1536: e8 29 07 00 00 callq 1c64 <read_line>
153b: 48 89 c7 mov %rax,%rdi
153e: e8 26 03 00 00 callq 1869 <phase_6>
1543: e8 64 08 00 00 callq 1dac <phase_defused>
1548: b8 00 00 00 00 mov $0x0,%eax
154d: 5b pop %rbx
154e: c3 retq
154f: 48 8b 05 1a 41 00 00 mov 0x411a(%rip),%rax # 5670 <stdin@@GLIBC_2.2.5>
1556: 48 89 05 33 41 00 00 mov %rax,0x4133(%rip) # 5690 <infile>
155d: e9 21 ff ff ff jmpq 1483 <main+0x3a>
1562: 48 8b 4b 08 mov 0x8(%rbx),%rcx
1566: 48 8b 13 mov (%rbx),%rdx
1569: 48 8d 35 96 1a 00 00 lea 0x1a96(%rip),%rsi # 3006 <_IO_stdin_used+0x6>
1570: bf 01 00 00 00 mov $0x1,%edi
1575: e8 56 fd ff ff callq 12d0 <__printf_chk@plt>
157a: bf 08 00 00 00 mov $0x8,%edi
157f: e8 6c fd ff ff callq 12f0 <exit@plt>
1584: 48 8b 16 mov (%rsi),%rdx
1587: 48 8d 35 95 1a 00 00 lea 0x1a95(%rip),%rsi # 3023 <_IO_stdin_used+0x23>
158e: bf 01 00 00 00 mov $0x1,%edi
1593: b8 00 00 00 00 mov $0x0,%eax
1598: e8 33 fd ff ff callq 12d0 <__printf_chk@plt>
159d: bf 08 00 00 00 mov $0x8,%edi
15a2: e8 49 fd ff ff callq 12f0 <exit@plt>
00000000000015a7 <phase_1>:
15a7: f3 0f 1e fa endbr64
15ab: 48 83 ec 08 sub $0x8,%rsp
15af: 48 8d 35 9a 1b 00 00 lea 0x1b9a(%rip),%rsi # 3150 <_IO_stdin_used+0x150>
15b6: e8 24 05 00 00 callq 1adf <strings_not_equal>
15bb: 85 c0 test %eax,%eax
15bd: 75 05 jne 15c4 <phase_1+0x1d>
15bf: 48 83 c4 08 add $0x8,%rsp
15c3: c3 retq
15c4: e8 2a 06 00 00 callq 1bf3 <explode_bomb>
15c9: eb f4 jmp 15bf <phase_1+0x18>
00000000000015cb <phase_2>:
15cb: f3 0f 1e fa endbr64
15cf: 55 push %rbp
15d0: 53 push %rbx
15d1: 48 83 ec 28 sub $0x28,%rsp
15d5: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
15dc: 00 00
15de: 48 89 44 24 18 mov %rax,0x18(%rsp)
15e3: 31 c0 xor %eax,%eax
15e5: 48 89 e6 mov %rsp,%rsi
15e8: e8 32 06 00 00 callq 1c1f <read_six_numbers>
15ed: 83 3c 24 00 cmpl $0x0,(%rsp)
15f1: 78 0a js 15fd <phase_2+0x32>
15f3: 48 89 e5 mov %rsp,%rbp
15f6: bb 01 00 00 00 mov $0x1,%ebx
15fb: eb 18 jmp 1615 <phase_2+0x4a>
15fd: e8 f1 05 00 00 callq 1bf3 <explode_bomb>
1602: eb ef jmp 15f3 <phase_2+0x28>
1604: e8 ea 05 00 00 callq 1bf3 <explode_bomb>
1609: 83 c3 01 add $0x1,%ebx
160c: 48 83 c5 04 add $0x4,%rbp
1610: 83 fb 06 cmp $0x6,%ebx
1613: 74 0c je 1621 <phase_2+0x56>
1615: 89 d8 mov %ebx,%eax
1617: 03 45 00 add 0x0(%rbp),%eax
161a: 39 45 04 cmp %eax,0x4(%rbp)
161d: 74 ea je 1609 <phase_2+0x3e>
161f: eb e3 jmp 1604 <phase_2+0x39>
1621: 48 8b 44 24 18 mov 0x18(%rsp),%rax
1626: 64 48 33 04 25 28 00 xor %fs:0x28,%rax
162d: 00 00
162f: 75 07 jne 1638 <phase_2+0x6d>
1631: 48 83 c4 28 add $0x28,%rsp
1635: 5b pop %rbx
1636: 5d pop %rbp
1637: c3 retq
1638: e8 e3 fb ff ff callq 1220 <__stack_chk_fail@plt>
000000000000163d <phase_3>:
163d: f3 0f 1e fa endbr64
1641: 48 83 ec 18 sub $0x18,%rsp
1645: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
164c: 00 00
164e: 48 89 44 24 08 mov %rax,0x8(%rsp)
1653: 31 c0 xor %eax,%eax
1655: 48 8d 4c 24 04 lea 0x4(%rsp),%rcx
165a: 48 89 e2 mov %rsp,%rdx
165d: 48 8d 35 cb 1c 00 00 lea 0x1ccb(%rip),%rsi # 332f <array.3471+0x14f>
1664: e8 57 fc ff ff callq 12c0 <__isoc99_sscanf@plt>
1669: 83 f8 01 cmp $0x1,%eax
166c: 7e 1e jle 168c <phase_3+0x4f>
166e: 83 3c 24 07 cmpl $0x7,(%rsp)
1672: 0f 87 9a 00 00 00 ja 1712 <phase_3+0xd5>
1678: 8b 04 24 mov (%rsp),%eax
167b: 48 8d 15 3e 1b 00 00 lea 0x1b3e(%rip),%rdx # 31c0 <_IO_stdin_used+0x1c0>
1682: 48 63 04 82 movslq (%rdx,%rax,4),%rax
1686: 48 01 d0 add %rdx,%rax
1689: 3e ff e0 notrack jmpq *%rax
168c: e8 62 05 00 00 callq 1bf3 <explode_bomb>
1691: eb db jmp 166e <phase_3+0x31>
1693: b8 62 02 00 00 mov $0x262,%eax
1698: 2d a8 03 00 00 sub $0x3a8,%eax
169d: 05 73 01 00 00 add $0x173,%eax
16a2: 2d 52 03 00 00 sub $0x352,%eax
16a7: 05 52 03 00 00 add $0x352,%eax
16ac: 2d 52 03 00 00 sub $0x352,%eax
16b1: 05 52 03 00 00 add $0x352,%eax
16b6: 2d 52 03 00 00 sub $0x352,%eax
16bb: 83 3c 24 05 cmpl $0x5,(%rsp)
16bf: 7f 06 jg 16c7 <phase_3+0x8a>
16c1: 39 44 24 04 cmp %eax,0x4(%rsp)
16c5: 74 05 je 16cc <phase_3+0x8f>
16c7: e8 27 05 00 00 callq 1bf3 <explode_bomb>
16cc: 48 8b 44 24 08 mov 0x8(%rsp),%rax
16d1: 64 48 33 04 25 28 00 xor %fs:0x28,%rax
16d8: 00 00
16da: 75 42 jne 171e <phase_3+0xe1>
16dc: 48 83 c4 18 add $0x18,%rsp
16e0: c3 retq
16e1: b8 00 00 00 00 mov $0x0,%eax
16e6: eb b0 jmp 1698 <phase_3+0x5b>
16e8: b8 00 00 00 00 mov $0x0,%eax
16ed: eb ae jmp 169d <phase_3+0x60>
16ef: b8 00 00 00 00 mov $0x0,%eax
16f4: eb ac jmp 16a2 <phase_3+0x65>
16f6: b8 00 00 00 00 mov $0x0,%eax
16fb: eb aa jmp 16a7 <phase_3+0x6a>
16fd: b8 00 00 00 00 mov $0x0,%eax
1702: eb a8 jmp 16ac <phase_3+0x6f>
1704: b8 00 00 00 00 mov $0x0,%eax
1709: eb a6 jmp 16b1 <phase_3+0x74>
170b: b8 00 00 00 00 mov $0x0,%eax
1710: eb a4 jmp 16b6 <phase_3+0x79>
1712: e8 dc 04 00 00 callq 1bf3 <explode_bomb>
1717: b8 00 00 00 00 mov $0x0,%eax
171c: eb 9d jmp 16bb <phase_3+0x7e>
171e: e8 fd fa ff ff callq 1220 <__stack_chk_fail@plt>
0000000000001723 <func4>:
1723: f3 0f 1e fa endbr64
1727: 53 push %rbx
1728: 89 d0 mov %edx,%eax
172a: 29 f0 sub %esi,%eax
172c: 89 c3 mov %eax,%ebx
172e: c1 eb 1f shr $0x1f,%ebx
1731: 01 c3 add %eax,%ebx
1733: d1 fb sar %ebx
1735: 01 f3 add %esi,%ebx
1737: 39 fb cmp %edi,%ebx
1739: 7f 06 jg 1741 <func4+0x1e>
173b: 7c 10 jl 174d <func4+0x2a>
173d: 89 d8 mov %ebx,%eax
173f: 5b pop %rbx
1740: c3 retq
1741: 8d 53 ff lea -0x1(%rbx),%edx
1744: e8 da ff ff ff callq 1723 <func4>
1749: 01 c3 add %eax,%ebx
174b: eb f0 jmp 173d <func4+0x1a>
174d: 8d 73 01 lea 0x1(%rbx),%esi
1750: e8 ce ff ff ff callq 1723 <func4>
1755: 01 c3 add %eax,%ebx
1757: eb e4 jmp 173d <func4+0x1a>
0000000000001759 <phase_4>:
1759: f3 0f 1e fa endbr64
175d: 48 83 ec 18 sub $0x18,%rsp
1761: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
1768: 00 00
176a: 48 89 44 24 08 mov %rax,0x8(%rsp)
176f: 31 c0 xor %eax,%eax
1771: 48 8d 4c 24 04 lea 0x4(%rsp),%rcx
1776: 48 89 e2 mov %rsp,%rdx
1779: 48 8d 35 af 1b 00 00 lea 0x1baf(%rip),%rsi # 332f <array.3471+0x14f>
1780: e8 3b fb ff ff callq 12c0 <__isoc99_sscanf@plt>
1785: 83 f8 02 cmp $0x2,%eax
1788: 75 06 jne 1790 <phase_4+0x37>
178a: 83 3c 24 0e cmpl $0xe,(%rsp)
178e: 76 05 jbe 1795 <phase_4+0x3c>
1790: e8 5e 04 00 00 callq 1bf3 <explode_bomb>
1795: ba 0e 00 00 00 mov $0xe,%edx
179a: be 00 00 00 00 mov $0x0,%esi
179f: 8b 3c 24 mov (%rsp),%edi
17a2: e8 7c ff ff ff callq 1723 <func4>
17a7: 83 f8 0b cmp $0xb,%eax
17aa: 75 07 jne 17b3 <phase_4+0x5a>
17ac: 83 7c 24 04 0b cmpl $0xb,0x4(%rsp)
17b1: 74 05 je 17b8 <phase_4+0x5f>
17b3: e8 3b 04 00 00 callq 1bf3 <explode_bomb>
17b8: 48 8b 44 24 08 mov 0x8(%rsp),%rax
17bd: 64 48 33 04 25 28 00 xor %fs:0x28,%rax
17c4: 00 00
17c6: 75 05 jne 17cd <phase_4+0x74>
17c8: 48 83 c4 18 add $0x18,%rsp
17cc: c3 retq
17cd: e8 4e fa ff ff callq 1220 <__stack_chk_fail@plt>
00000000000017d2 <phase_5>:
17d2: f3 0f 1e fa endbr64
17d6: 48 83 ec 18 sub $0x18,%rsp
17da: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
17e1: 00 00
17e3: 48 89 44 24 08 mov %rax,0x8(%rsp)
17e8: 31 c0 xor %eax,%eax
17ea: 48 8d 4c 24 04 lea 0x4(%rsp),%rcx
17ef: 48 89 e2 mov %rsp,%rdx
17f2: 48 8d 35 36 1b 00 00 lea 0x1b36(%rip),%rsi # 332f <array.3471+0x14f>
17f9: e8 c2 fa ff ff callq 12c0 <__isoc99_sscanf@plt>
17fe: 83 f8 01 cmp $0x1,%eax
1801: 7e 5a jle 185d <phase_5+0x8b>
1803: 8b 04 24 mov (%rsp),%eax
1806: 83 e0 0f and $0xf,%eax
1809: 89 04 24 mov %eax,(%rsp)
180c: 83 f8 0f cmp $0xf,%eax
180f: 74 32 je 1843 <phase_5+0x71>
1811: b9 00 00 00 00 mov $0x0,%ecx
1816: ba 00 00 00 00 mov $0x0,%edx
181b: 48 8d 35 be 19 00 00 lea 0x19be(%rip),%rsi # 31e0 <array.3471>
1822: 83 c2 01 add $0x1,%edx
1825: 48 98 cltq
1827: 8b 04 86 mov (%rsi,%rax,4),%eax
182a: 01 c1 add %eax,%ecx
182c: 83 f8 0f cmp $0xf,%eax
182f: 75 f1 jne 1822 <phase_5+0x50>
1831: c7 04 24 0f 00 00 00 movl $0xf,(%rsp)
1838: 83 fa 0f cmp $0xf,%edx
183b: 75 06 jne 1843 <phase_5+0x71>
183d: 39 4c 24 04 cmp %ecx,0x4(%rsp)
1841: 74 05 je 1848 <phase_5+0x76>
1843: e8 ab 03 00 00 callq 1bf3 <explode_bomb>
1848: 48 8b 44 24 08 mov 0x8(%rsp),%rax
184d: 64 48 33 04 25 28 00 xor %fs:0x28,%rax
1854: 00 00
1856: 75 0c jne 1864 <phase_5+0x92>
1858: 48 83 c4 18 add $0x18,%rsp
185c: c3 retq
185d: e8 91 03 00 00 callq 1bf3 <explode_bomb>
1862: eb 9f jmp 1803 <phase_5+0x31>
1864: e8 b7 f9 ff ff callq 1220 <__stack_chk_fail@plt>
0000000000001869 <phase_6>:
1869: f3 0f 1e fa endbr64
186d: 41 56 push %r14
186f: 41 55 push %r13
1871: 41 54 push %r12
1873: 55 push %rbp
1874: 53 push %rbx
1875: 48 83 ec 60 sub $0x60,%rsp
1879: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
1880: 00 00
1882: 48 89 44 24 58 mov %rax,0x58(%rsp)
1887: 31 c0 xor %eax,%eax
1889: 49 89 e5 mov %rsp,%r13
188c: 4c 89 ee mov %r13,%rsi
188f: e8 8b 03 00 00 callq 1c1f <read_six_numbers>
1894: 41 be 01 00 00 00 mov $0x1,%r14d
189a: 49 89 e4 mov %rsp,%r12
189d: eb 28 jmp 18c7 <phase_6+0x5e>
189f: e8 4f 03 00 00 callq 1bf3 <explode_bomb>
18a4: eb 30 jmp 18d6 <phase_6+0x6d>
18a6: 48 83 c3 01 add $0x1,%rbx
18aa: 83 fb 05 cmp $0x5,%ebx
18ad: 7f 10 jg 18bf <phase_6+0x56>
18af: 41 8b 04 9c mov (%r12,%rbx,4),%eax
18b3: 39 45 00 cmp %eax,0x0(%rbp)
18b6: 75 ee jne 18a6 <phase_6+0x3d>
18b8: e8 36 03 00 00 callq 1bf3 <explode_bomb>
18bd: eb e7 jmp 18a6 <phase_6+0x3d>
18bf: 49 83 c6 01 add $0x1,%r14
18c3: 49 83 c5 04 add $0x4,%r13
18c7: 4c 89 ed mov %r13,%rbp
18ca: 41 8b 45 00 mov 0x0(%r13),%eax
18ce: 83 e8 01 sub $0x1,%eax
18d1: 83 f8 05 cmp $0x5,%eax
18d4: 77 c9 ja 189f <phase_6+0x36>
18d6: 41 83 fe 05 cmp $0x5,%r14d
18da: 7f 05 jg 18e1 <phase_6+0x78>
18dc: 4c 89 f3 mov %r14,%rbx
18df: eb ce jmp 18af <phase_6+0x46>
18e1: be 00 00 00 00 mov $0x0,%esi
18e6: 8b 0c b4 mov (%rsp,%rsi,4),%ecx
18e9: b8 01 00 00 00 mov $0x1,%eax
18ee: 48 8d 15 1b 39 00 00 lea 0x391b(%rip),%rdx # 5210 <node1>
18f5: 83 f9 01 cmp $0x1,%ecx
18f8: 7e 0b jle 1905 <phase_6+0x9c>
18fa: 48 8b 52 08 mov 0x8(%rdx),%rdx
18fe: 83 c0 01 add $0x1,%eax
1901: 39 c8 cmp %ecx,%eax
1903: 75 f5 jne 18fa <phase_6+0x91>
1905: 48 89 54 f4 20 mov %rdx,0x20(%rsp,%rsi,8)
190a: 48 83 c6 01 add $0x1,%rsi
190e: 48 83 fe 06 cmp $0x6,%rsi
1912: 75 d2 jne 18e6 <phase_6+0x7d>
1914: 48 8b 5c 24 20 mov 0x20(%rsp),%rbx
1919: 48 8b 44 24 28 mov 0x28(%rsp),%rax
191e: 48 89 43 08 mov %rax,0x8(%rbx)
1922: 48 8b 54 24 30 mov 0x30(%rsp),%rdx
1927: 48 89 50 08 mov %rdx,0x8(%rax)
192b: 48 8b 44 24 38 mov 0x38(%rsp),%rax
1930: 48 89 42 08 mov %rax,0x8(%rdx)
1934: 48 8b 54 24 40 mov 0x40(%rsp),%rdx
1939: 48 89 50 08 mov %rdx,0x8(%rax)
193d: 48 8b 44 24 48 mov 0x48(%rsp),%rax
1942: 48 89 42 08 mov %rax,0x8(%rdx)
1946: 48 c7 40 08 00 00 00 movq $0x0,0x8(%rax)
194d: 00
194e: bd 05 00 00 00 mov $0x5,%ebp
1953: eb 09 jmp 195e <phase_6+0xf5>
1955: 48 8b 5b 08 mov 0x8(%rbx),%rbx
1959: 83 ed 01 sub $0x1,%ebp
195c: 74 11 je 196f <phase_6+0x106>
195e: 48 8b 43 08 mov 0x8(%rbx),%rax
1962: 8b 00 mov (%rax),%eax
1964: 39 03 cmp %eax,(%rbx)
1966: 7d ed jge 1955 <phase_6+0xec>
1968: e8 86 02 00 00 callq 1bf3 <explode_bomb>
196d: eb e6 jmp 1955 <phase_6+0xec>
196f: 48 8b 44 24 58 mov 0x58(%rsp),%rax
1974: 64 48 33 04 25 28 00 xor %fs:0x28,%rax
197b: 00 00
197d: 75 0d jne 198c <phase_6+0x123>
197f: 48 83 c4 60 add $0x60,%rsp
1983: 5b pop %rbx
1984: 5d pop %rbp
1985: 41 5c pop %r12
1987: 41 5d pop %r13
1989: 41 5e pop %r14
198b: c3 retq
198c: e8 8f f8 ff ff callq 1220 <__stack_chk_fail@plt>
0000000000001991 <fun7>:
1991: f3 0f 1e fa endbr64
1995: 48 85 ff test %rdi,%rdi
1998: 74 32 je 19cc <fun7+0x3b>
199a: 48 83 ec 08 sub $0x8,%rsp
199e: 8b 17 mov (%rdi),%edx
19a0: 39 f2 cmp %esi,%edx
19a2: 7f 0c jg 19b0 <fun7+0x1f>
19a4: b8 00 00 00 00 mov $0x0,%eax
19a9: 75 12 jne 19bd <fun7+0x2c>
19ab: 48 83 c4 08 add $0x8,%rsp
19af: c3 retq
19b0: 48 8b 7f 08 mov 0x8(%rdi),%rdi
19b4: e8 d8 ff ff ff callq 1991 <fun7>
19b9: 01 c0 add %eax,%eax
19bb: eb ee jmp 19ab <fun7+0x1a>
19bd: 48 8b 7f 10 mov 0x10(%rdi),%rdi
19c1: e8 cb ff ff ff callq 1991 <fun7>
19c6: 8d 44 00 01 lea 0x1(%rax,%rax,1),%eax
19ca: eb df jmp 19ab <fun7+0x1a>
19cc: b8 ff ff ff ff mov $0xffffffff,%eax
19d1: c3 retq
00000000000019d2 <secret_phase>:
19d2: f3 0f 1e fa endbr64
19d6: 53 push %rbx
19d7: e8 88 02 00 00 callq 1c64 <read_line>
19dc: 48 89 c7 mov %rax,%rdi
19df: ba 0a 00 00 00 mov $0xa,%edx
19e4: be 00 00 00 00 mov $0x0,%esi
19e9: e8 b2 f8 ff ff callq 12a0 <strtol@plt>
19ee: 48 89 c3 mov %rax,%rbx
19f1: 8d 40 ff lea -0x1(%rax),%eax
19f4: 3d e8 03 00 00 cmp $0x3e8,%eax
19f9: 77 26 ja 1a21 <secret_phase+0x4f>
19fb: 89 de mov %ebx,%esi
19fd: 48 8d 3d 2c 37 00 00 lea 0x372c(%rip),%rdi # 5130 <n1>
1a04: e8 88 ff ff ff callq 1991 <fun7>
1a09: 83 f8 03 cmp $0x3,%eax
1a0c: 75 1a jne 1a28 <secret_phase+0x56>
1a0e: 48 8d 3d 73 17 00 00 lea 0x1773(%rip),%rdi # 3188 <_IO_stdin_used+0x188>
1a15: e8 e6 f7 ff ff callq 1200 <puts@plt>
1a1a: e8 8d 03 00 00 callq 1dac <phase_defused>
1a1f: 5b pop %rbx
1a20: c3 retq
1a21: e8 cd 01 00 00 callq 1bf3 <explode_bomb>
1a26: eb d3 jmp 19fb <secret_phase+0x29>
1a28: e8 c6 01 00 00 callq 1bf3 <explode_bomb>
1a2d: eb df jmp 1a0e <secret_phase+0x3c>
0000000000001a2f <sig_handler>:
1a2f: f3 0f 1e fa endbr64
1a33: 50 push %rax
1a34: 58 pop %rax
1a35: 48 83 ec 08 sub $0x8,%rsp
1a39: 48 8d 3d e0 17 00 00 lea 0x17e0(%rip),%rdi # 3220 <array.3471+0x40>
1a40: e8 bb f7 ff ff callq 1200 <puts@plt>
1a45: bf 03 00 00 00 mov $0x3,%edi
1a4a: e8 d1 f8 ff ff callq 1320 <sleep@plt>
1a4f: 48 8d 35 8c 18 00 00 lea 0x188c(%rip),%rsi # 32e2 <array.3471+0x102>
1a56: bf 01 00 00 00 mov $0x1,%edi
1a5b: b8 00 00 00 00 mov $0x0,%eax
1a60: e8 6b f8 ff ff callq 12d0 <__printf_chk@plt>
1a65: 48 8b 3d f4 3b 00 00 mov 0x3bf4(%rip),%rdi # 5660 <stdout@@GLIBC_2.2.5>
1a6c: e8 3f f8 ff ff callq 12b0 <fflush@plt>
1a71: bf 01 00 00 00 mov $0x1,%edi
1a76: e8 a5 f8 ff ff callq 1320 <sleep@plt>
1a7b: 48 8d 3d 68 18 00 00 lea 0x1868(%rip),%rdi # 32ea <array.3471+0x10a>
1a82: e8 79 f7 ff ff callq 1200 <puts@plt>
1a87: bf 10 00 00 00 mov $0x10,%edi
1a8c: e8 5f f8 ff ff callq 12f0 <exit@plt>
0000000000001a91 <invalid_phase>:
1a91: f3 0f 1e fa endbr64
1a95: 50 push %rax
1a96: 58 pop %rax
1a97: 48 83 ec 08 sub $0x8,%rsp
1a9b: 48 89 fa mov %rdi,%rdx
1a9e: 48 8d 35 4d 18 00 00 lea 0x184d(%rip),%rsi # 32f2 <array.3471+0x112>
1aa5: bf 01 00 00 00 mov $0x1,%edi
1aaa: b8 00 00 00 00 mov $0x0,%eax
1aaf: e8 1c f8 ff ff callq 12d0 <__printf_chk@plt>
1ab4: bf 08 00 00 00 mov $0x8,%edi
1ab9: e8 32 f8 ff ff callq 12f0 <exit@plt>
0000000000001abe <string_length>:
1abe: f3 0f 1e fa endbr64
1ac2: 80 3f 00 cmpb $0x0,(%rdi)
1ac5: 74 12 je 1ad9 <string_length+0x1b>
1ac7: b8 00 00 00 00 mov $0x0,%eax
1acc: 48 83 c7 01 add $0x1,%rdi
1ad0: 83 c0 01 add $0x1,%eax
1ad3: 80 3f 00 cmpb $0x0,(%rdi)
1ad6: 75 f4 jne 1acc <string_length+0xe>
1ad8: c3 retq
1ad9: b8 00 00 00 00 mov $0x0,%eax
1ade: c3 retq
0000000000001adf <strings_not_equal>:
1adf: f3 0f 1e fa endbr64
1ae3: 41 54 push %r12
1ae5: 55 push %rbp
1ae6: 53 push %rbx
1ae7: 48 89 fb mov %rdi,%rbx
1aea: 48 89 f5 mov %rsi,%rbp
1aed: e8 cc ff ff ff callq 1abe <string_length>
1af2: 41 89 c4 mov %eax,%r12d
1af5: 48 89 ef mov %rbp,%rdi
1af8: e8 c1 ff ff ff callq 1abe <string_length>
1afd: 89 c2 mov %eax,%edx
1aff: b8 01 00 00 00 mov $0x1,%eax
1b04: 41 39 d4 cmp %edx,%r12d
1b07: 75 31 jne 1b3a <strings_not_equal+0x5b>
1b09: 0f b6 13 movzbl (%rbx),%edx
1b0c: 84 d2 test %dl,%dl
1b0e: 74 1e je 1b2e <strings_not_equal+0x4f>
1b10: b8 00 00 00 00 mov $0x0,%eax
1b15: 38 54 05 00 cmp %dl,0x0(%rbp,%rax,1)
1b19: 75 1a jne 1b35 <strings_not_equal+0x56>
1b1b: 48 83 c0 01 add $0x1,%rax
1b1f: 0f b6 14 03 movzbl (%rbx,%rax,1),%edx
1b23: 84 d2 test %dl,%dl
1b25: 75 ee jne 1b15 <strings_not_equal+0x36>
1b27: b8 00 00 00 00 mov $0x0,%eax
1b2c: eb 0c jmp 1b3a <strings_not_equal+0x5b>
1b2e: b8 00 00 00 00 mov $0x0,%eax
1b33: eb 05 jmp 1b3a <strings_not_equal+0x5b>
1b35: b8 01 00 00 00 mov $0x1,%eax
1b3a: 5b pop %rbx
1b3b: 5d pop %rbp
1b3c: 41 5c pop %r12
1b3e: c3 retq
0000000000001b3f <initialize_bomb>:
1b3f: f3 0f 1e fa endbr64
1b43: 48 83 ec 08 sub $0x8,%rsp
1b47: 48 8d 35 e1 fe ff ff lea -0x11f(%rip),%rsi # 1a2f <sig_handler>
1b4e: bf 02 00 00 00 mov $0x2,%edi
1b53: e8 18 f7 ff ff callq 1270 <signal@plt>
1b58: 48 83 c4 08 add $0x8,%rsp
1b5c: c3 retq
0000000000001b5d <initialize_bomb_solve>:
1b5d: f3 0f 1e fa endbr64
1b61: c3 retq
0000000000001b62 <blank_line>:
1b62: f3 0f 1e fa endbr64
1b66: 55 push %rbp
1b67: 53 push %rbx
1b68: 48 83 ec 08 sub $0x8,%rsp
1b6c: 48 89 fd mov %rdi,%rbp
1b6f: 0f b6 5d 00 movzbl 0x0(%rbp),%ebx
1b73: 84 db test %bl,%bl
1b75: 74 1e je 1b95 <blank_line+0x33>
1b77: e8 b4 f7 ff ff callq 1330 <__ctype_b_loc@plt>
1b7c: 48 83 c5 01 add $0x1,%rbp
1b80: 48 0f be db movsbq %bl,%rbx
1b84: 48 8b 00 mov (%rax),%rax
1b87: f6 44 58 01 20 testb $0x20,0x1(%rax,%rbx,2)
1b8c: 75 e1 jne 1b6f <blank_line+0xd>
1b8e: b8 00 00 00 00 mov $0x0,%eax
1b93: eb 05 jmp 1b9a <blank_line+0x38>
1b95: b8 01 00 00 00 mov $0x1,%eax
1b9a: 48 83 c4 08 add $0x8,%rsp
1b9e: 5b pop %rbx
1b9f: 5d pop %rbp
1ba0: c3 retq
0000000000001ba1 <skip>:
1ba1: f3 0f 1e fa endbr64
1ba5: 55 push %rbp
1ba6: 53 push %rbx
1ba7: 48 83 ec 08 sub $0x8,%rsp
1bab: 48 8d 2d ee 3a 00 00 lea 0x3aee(%rip),%rbp # 56a0 <input_strings>
1bb2: 48 63 05 d3 3a 00 00 movslq 0x3ad3(%rip),%rax # 568c <num_input_strings>
1bb9: 48 8d 3c 80 lea (%rax,%rax,4),%rdi
1bbd: 48 c1 e7 04 shl $0x4,%rdi
1bc1: 48 01 ef add %rbp,%rdi
1bc4: 48 8b 15 c5 3a 00 00 mov 0x3ac5(%rip),%rdx # 5690 <infile>
1bcb: be 50 00 00 00 mov $0x50,%esi
1bd0: e8 8b f6 ff ff callq 1260 <fgets@plt>
1bd5: 48 89 c3 mov %rax,%rbx
1bd8: 48 85 c0 test %rax,%rax
1bdb: 74 0c je 1be9 <skip+0x48>
1bdd: 48 89 c7 mov %rax,%rdi
1be0: e8 7d ff ff ff callq 1b62 <blank_line>
1be5: 85 c0 test %eax,%eax
1be7: 75 c9 jne 1bb2 <skip+0x11>
1be9: 48 89 d8 mov %rbx,%rax
1bec: 48 83 c4 08 add $0x8,%rsp
1bf0: 5b pop %rbx
1bf1: 5d pop %rbp
1bf2: c3 retq
0000000000001bf3 <explode_bomb>:
1bf3: f3 0f 1e fa endbr64
1bf7: 50 push %rax
1bf8: 58 pop %rax
1bf9: 48 83 ec 08 sub $0x8,%rsp
1bfd: 48 8d 3d ff 16 00 00 lea 0x16ff(%rip),%rdi # 3303 <array.3471+0x123>
1c04: e8 f7 f5 ff ff callq 1200 <puts@plt>
1c09: 48 8d 3d fc 16 00 00 lea 0x16fc(%rip),%rdi # 330c <array.3471+0x12c>
1c10: e8 eb f5 ff ff callq 1200 <puts@plt>
1c15: bf 08 00 00 00 mov $0x8,%edi
1c1a: e8 d1 f6 ff ff callq 12f0 <exit@plt>
0000000000001c1f <read_six_numbers>:
1c1f: f3 0f 1e fa endbr64
1c23: 48 83 ec 08 sub $0x8,%rsp
1c27: 48 89 f2 mov %rsi,%rdx
1c2a: 48 8d 4e 04 lea 0x4(%rsi),%rcx
1c2e: 48 8d 46 14 lea 0x14(%rsi),%rax
1c32: 50 push %rax
1c33: 48 8d 46 10 lea 0x10(%rsi),%rax
1c37: 50 push %rax
1c38: 4c 8d 4e 0c lea 0xc(%rsi),%r9
1c3c: 4c 8d 46 08 lea 0x8(%rsi),%r8
1c40: 48 8d 35 dc 16 00 00 lea 0x16dc(%rip),%rsi # 3323 <array.3471+0x143>
1c47: b8 00 00 00 00 mov $0x0,%eax
1c4c: e8 6f f6 ff ff callq 12c0 <__isoc99_sscanf@plt>
1c51: 48 83 c4 10 add $0x10,%rsp
1c55: 83 f8 05 cmp $0x5,%eax
1c58: 7e 05 jle 1c5f <read_six_numbers+0x40>
1c5a: 48 83 c4 08 add $0x8,%rsp
1c5e: c3 retq
1c5f: e8 8f ff ff ff callq 1bf3 <explode_bomb>
0000000000001c64 <read_line>:
1c64: f3 0f 1e fa endbr64
1c68: 48 83 ec 08 sub $0x8,%rsp
1c6c: b8 00 00 00 00 mov $0x0,%eax
1c71: e8 2b ff ff ff callq 1ba1 <skip>
1c76: 48 85 c0 test %rax,%rax
1c79: 74 6f je 1cea <read_line+0x86>
1c7b: 8b 35 0b 3a 00 00 mov 0x3a0b(%rip),%esi # 568c <num_input_strings>
1c81: 48 63 c6 movslq %esi,%rax
1c84: 48 8d 14 80 lea (%rax,%rax,4),%rdx
1c88: 48 c1 e2 04 shl $0x4,%rdx
1c8c: 48 8d 05 0d 3a 00 00 lea 0x3a0d(%rip),%rax # 56a0 <input_strings>
1c93: 48 01 c2 add %rax,%rdx
1c96: 48 c7 c1 ff ff ff ff mov $0xffffffffffffffff,%rcx
1c9d: b8 00 00 00 00 mov $0x0,%eax
1ca2: 48 89 d7 mov %rdx,%rdi
1ca5: f2 ae repnz scas %es:(%rdi),%al
1ca7: 48 f7 d1 not %rcx
1caa: 48 83 e9 01 sub $0x1,%rcx
1cae: 83 f9 4e cmp $0x4e,%ecx
1cb1: 0f 8f ab 00 00 00 jg 1d62 <read_line+0xfe>
1cb7: 83 e9 01 sub $0x1,%ecx
1cba: 48 63 c9 movslq %ecx,%rcx
1cbd: 48 63 c6 movslq %esi,%rax
1cc0: 48 8d 04 80 lea (%rax,%rax,4),%rax
1cc4: 48 c1 e0 04 shl $0x4,%rax
1cc8: 48 89 c7 mov %rax,%rdi
1ccb: 48 8d 05 ce 39 00 00 lea 0x39ce(%rip),%rax # 56a0 <input_strings>
1cd2: 48 01 f8 add %rdi,%rax
1cd5: c6 04 08 00 movb $0x0,(%rax,%rcx,1)
1cd9: 83 c6 01 add $0x1,%esi
1cdc: 89 35 aa 39 00 00 mov %esi,0x39aa(%rip) # 568c <num_input_strings>
1ce2: 48 89 d0 mov %rdx,%rax
1ce5: 48 83 c4 08 add $0x8,%rsp
1ce9: c3 retq
1cea: 48 8b 05 7f 39 00 00 mov 0x397f(%rip),%rax # 5670 <stdin@@GLIBC_2.2.5>
1cf1: 48 39 05 98 39 00 00 cmp %rax,0x3998(%rip) # 5690 <infile>
1cf8: 74 1b je 1d15 <read_line+0xb1>
1cfa: 48 8d 3d 52 16 00 00 lea 0x1652(%rip),%rdi # 3353 <array.3471+0x173>
1d01: e8 ca f4 ff ff callq 11d0 <getenv@plt>
1d06: 48 85 c0 test %rax,%rax
1d09: 74 20 je 1d2b <read_line+0xc7>
1d0b: bf 00 00 00 00 mov $0x0,%edi
1d10: e8 db f5 ff ff callq 12f0 <exit@plt>
1d15: 48 8d 3d 19 16 00 00 lea 0x1619(%rip),%rdi # 3335 <array.3471+0x155>
1d1c: e8 df f4 ff ff callq 1200 <puts@plt>
1d21: bf 08 00 00 00 mov $0x8,%edi
1d26: e8 c5 f5 ff ff callq 12f0 <exit@plt>
1d2b: 48 8b 05 3e 39 00 00 mov 0x393e(%rip),%rax # 5670 <stdin@@GLIBC_2.2.5>
1d32: 48 89 05 57 39 00 00 mov %rax,0x3957(%rip) # 5690 <infile>
1d39: b8 00 00 00 00 mov $0x0,%eax
1d3e: e8 5e fe ff ff callq 1ba1 <skip>
1d43: 48 85 c0 test %rax,%rax
1d46: 0f 85 2f ff ff ff jne 1c7b <read_line+0x17>
1d4c: 48 8d 3d e2 15 00 00 lea 0x15e2(%rip),%rdi # 3335 <array.3471+0x155>
1d53: e8 a8 f4 ff ff callq 1200 <puts@plt>
1d58: bf 00 00 00 00 mov $0x0,%edi
1d5d: e8 8e f5 ff ff callq 12f0 <exit@plt>
1d62: 48 8d 3d f5 15 00 00 lea 0x15f5(%rip),%rdi # 335e <array.3471+0x17e>
1d69: e8 92 f4 ff ff callq 1200 <puts@plt>
1d6e: 8b 05 18 39 00 00 mov 0x3918(%rip),%eax # 568c <num_input_strings>
1d74: 8d 50 01 lea 0x1(%rax),%edx
1d77: 89 15 0f 39 00 00 mov %edx,0x390f(%rip) # 568c <num_input_strings>
1d7d: 48 98 cltq
1d7f: 48 6b c0 50 imul $0x50,%rax,%rax
1d83: 48 8d 15 16 39 00 00 lea 0x3916(%rip),%rdx # 56a0 <input_strings>
1d8a: 48 be 2a 2a 2a 74 72 movabs $0x636e7572742a2a2a,%rsi
1d91: 75 6e 63
1d94: 48 bf 61 74 65 64 2a movabs $0x2a2a2a64657461,%rdi
1d9b: 2a 2a 00
1d9e: 48 89 34 02 mov %rsi,(%rdx,%rax,1)
1da2: 48 89 7c 02 08 mov %rdi,0x8(%rdx,%rax,1)
1da7: e8 47 fe ff ff callq 1bf3 <explode_bomb>
0000000000001dac <phase_defused>:
1dac: f3 0f 1e fa endbr64
1db0: 48 83 ec 78 sub $0x78,%rsp
1db4: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
1dbb: 00 00
1dbd: 48 89 44 24 68 mov %rax,0x68(%rsp)
1dc2: 31 c0 xor %eax,%eax
1dc4: 83 3d c1 38 00 00 06 cmpl $0x6,0x38c1(%rip) # 568c <num_input_strings>
1dcb: 74 15 je 1de2 <phase_defused+0x36>
1dcd: 48 8b 44 24 68 mov 0x68(%rsp),%rax
1dd2: 64 48 33 04 25 28 00 xor %fs:0x28,%rax
1dd9: 00 00
1ddb: 75 73 jne 1e50 <phase_defused+0xa4>
1ddd: 48 83 c4 78 add $0x78,%rsp
1de1: c3 retq
1de2: 48 8d 4c 24 0c lea 0xc(%rsp),%rcx
1de7: 48 8d 54 24 08 lea 0x8(%rsp),%rdx
1dec: 4c 8d 44 24 10 lea 0x10(%rsp),%r8
1df1: 48 8d 35 81 15 00 00 lea 0x1581(%rip),%rsi # 3379 <array.3471+0x199>
1df8: 48 8d 3d 91 39 00 00 lea 0x3991(%rip),%rdi # 5790 <input_strings+0xf0>
1dff: e8 bc f4 ff ff callq 12c0 <__isoc99_sscanf@plt>
1e04: 83 f8 03 cmp $0x3,%eax
1e07: 74 0e je 1e17 <phase_defused+0x6b>
1e09: 48 8d 3d a8 14 00 00 lea 0x14a8(%rip),%rdi # 32b8 <array.3471+0xd8>
1e10: e8 eb f3 ff ff callq 1200 <puts@plt>
1e15: eb b6 jmp 1dcd <phase_defused+0x21>
1e17: 48 8d 7c 24 10 lea 0x10(%rsp),%rdi
1e1c: 48 8d 35 5f 15 00 00 lea 0x155f(%rip),%rsi # 3382 <array.3471+0x1a2>
1e23: e8 b7 fc ff ff callq 1adf <strings_not_equal>
1e28: 85 c0 test %eax,%eax
1e2a: 75 dd jne 1e09 <phase_defused+0x5d>
1e2c: 48 8d 3d 25 14 00 00 lea 0x1425(%rip),%rdi # 3258 <array.3471+0x78>
1e33: e8 c8 f3 ff ff callq 1200 <puts@plt>
1e38: 48 8d 3d 41 14 00 00 lea 0x1441(%rip),%rdi # 3280 <array.3471+0xa0>
1e3f: e8 bc f3 ff ff callq 1200 <puts@plt>
1e44: b8 00 00 00 00 mov $0x0,%eax
1e49: e8 84 fb ff ff callq 19d2 <secret_phase>
1e4e: eb b9 jmp 1e09 <phase_defused+0x5d>
1e50: e8 cb f3 ff ff callq 1220 <__stack_chk_fail@plt>
0000000000001e55 <sigalrm_handler>:
1e55: f3 0f 1e fa endbr64
1e59: 50 push %rax
1e5a: 58 pop %rax
1e5b: 48 83 ec 08 sub $0x8,%rsp
1e5f: b9 00 00 00 00 mov $0x0,%ecx
1e64: 48 8d 15 85 15 00 00 lea 0x1585(%rip),%rdx # 33f0 <array.3471+0x210>
1e6b: be 01 00 00 00 mov $0x1,%esi
1e70: 48 8b 3d 09 38 00 00 mov 0x3809(%rip),%rdi # 5680 <stderr@@GLIBC_2.2.5>
1e77: b8 00 00 00 00 mov $0x0,%eax
1e7c: e8 8f f4 ff ff callq 1310 <__fprintf_chk@plt>
1e81: bf 01 00 00 00 mov $0x1,%edi
1e86: e8 65 f4 ff ff callq 12f0 <exit@plt>
0000000000001e8b <rio_readlineb>:
1e8b: 41 56 push %r14
1e8d: 41 55 push %r13
1e8f: 41 54 push %r12
1e91: 55 push %rbp
1e92: 53 push %rbx
1e93: 48 89 f5 mov %rsi,%rbp
1e96: 48 83 fa 01 cmp $0x1,%rdx
1e9a: 0f 86 90 00 00 00 jbe 1f30 <rio_readlineb+0xa5>
1ea0: 48 89 fb mov %rdi,%rbx
1ea3: 4c 8d 74 16 ff lea -0x1(%rsi,%rdx,1),%r14
1ea8: 41 bd 01 00 00 00 mov $0x1,%r13d
1eae: 4c 8d 67 10 lea 0x10(%rdi),%r12
1eb2: eb 54 jmp 1f08 <rio_readlineb+0x7d>
1eb4: e8 27 f3 ff ff callq 11e0 <__errno_location@plt>
1eb9: 83 38 04 cmpl $0x4,(%rax)
1ebc: 75 53 jne 1f11 <rio_readlineb+0x86>
1ebe: ba 00 20 00 00 mov $0x2000,%edx
1ec3: 4c 89 e6 mov %r12,%rsi
1ec6: 8b 3b mov (%rbx),%edi
1ec8: e8 83 f3 ff ff callq 1250 <read@plt>
1ecd: 89 c2 mov %eax,%edx
1ecf: 89 43 04 mov %eax,0x4(%rbx)
1ed2: 85 c0 test %eax,%eax
1ed4: 78 de js 1eb4 <rio_readlineb+0x29>
1ed6: 85 c0 test %eax,%eax
1ed8: 74 40 je 1f1a <rio_readlineb+0x8f>
1eda: 4c 89 63 08 mov %r12,0x8(%rbx)
1ede: 48 8b 43 08 mov 0x8(%rbx),%rax
1ee2: 0f b6 08 movzbl (%rax),%ecx
1ee5: 48 83 c0 01 add $0x1,%rax
1ee9: 48 89 43 08 mov %rax,0x8(%rbx)
1eed: 83 ea 01 sub $0x1,%edx
1ef0: 89 53 04 mov %edx,0x4(%rbx)
1ef3: 48 83 c5 01 add $0x1,%rbp
1ef7: 88 4d ff mov %cl,-0x1(%rbp)
1efa: 80 f9 0a cmp $0xa,%cl
1efd: 74 3c je 1f3b <rio_readlineb+0xb0>
1eff: 41 83 c5 01 add $0x1,%r13d
1f03: 4c 39 f5 cmp %r14,%rbp
1f06: 74 30 je 1f38 <rio_readlineb+0xad>
1f08: 8b 53 04 mov 0x4(%rbx),%edx
1f0b: 85 d2 test %edx,%edx
1f0d: 7e af jle 1ebe <rio_readlineb+0x33>
1f0f: eb cd jmp 1ede <rio_readlineb+0x53>
1f11: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax
1f18: eb 05 jmp 1f1f <rio_readlineb+0x94>
1f1a: b8 00 00 00 00 mov $0x0,%eax
1f1f: 85 c0 test %eax,%eax
1f21: 75 28 jne 1f4b <rio_readlineb+0xc0>
1f23: b8 00 00 00 00 mov $0x0,%eax
1f28: 41 83 fd 01 cmp $0x1,%r13d
1f2c: 75 0d jne 1f3b <rio_readlineb+0xb0>
1f2e: eb 12 jmp 1f42 <rio_readlineb+0xb7>
1f30: 41 bd 01 00 00 00 mov $0x1,%r13d
1f36: eb 03 jmp 1f3b <rio_readlineb+0xb0>
1f38: 4c 89 f5 mov %r14,%rbp
1f3b: c6 45 00 00 movb $0x0,0x0(%rbp)
1f3f: 49 63 c5 movslq %r13d,%rax
1f42: 5b pop %rbx
1f43: 5d pop %rbp
1f44: 41 5c pop %r12
1f46: 41 5d pop %r13
1f48: 41 5e pop %r14
1f4a: c3 retq
1f4b: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax
1f52: eb ee jmp 1f42 <rio_readlineb+0xb7>
0000000000001f54 <submitr>:
1f54: f3 0f 1e fa endbr64
1f58: 41 57 push %r15
1f5a: 41 56 push %r14
1f5c: 41 55 push %r13
1f5e: 41 54 push %r12
1f60: 55 push %rbp
1f61: 53 push %rbx
1f62: 4c 8d 9c 24 00 60 ff lea -0xa000(%rsp),%r11
1f69: ff
1f6a: 48 81 ec 00 10 00 00 sub $0x1000,%rsp
1f71: 48 83 0c 24 00 orq $0x0,(%rsp)
1f76: 4c 39 dc cmp %r11,%rsp
1f79: 75 ef jne 1f6a <submitr+0x16>
1f7b: 48 83 ec 68 sub $0x68,%rsp
1f7f: 49 89 fd mov %rdi,%r13
1f82: 89 f5 mov %esi,%ebp
1f84: 48 89 14 24 mov %rdx,(%rsp)
1f88: 48 89 4c 24 08 mov %rcx,0x8(%rsp)
1f8d: 4c 89 44 24 18 mov %r8,0x18(%rsp)
1f92: 4c 89 4c 24 10 mov %r9,0x10(%rsp)
1f97: 48 8b 9c 24 a0 a0 00 mov 0xa0a0(%rsp),%rbx
1f9e: 00
1f9f: 4c 8b bc 24 a8 a0 00 mov 0xa0a8(%rsp),%r15
1fa6: 00
1fa7: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
1fae: 00 00
1fb0: 48 89 84 24 58 a0 00 mov %rax,0xa058(%rsp)
1fb7: 00
1fb8: 31 c0 xor %eax,%eax
1fba: c7 44 24 2c 00 00 00 movl $0x0,0x2c(%rsp)
1fc1: 00
1fc2: ba 00 00 00 00 mov $0x0,%edx
1fc7: be 01 00 00 00 mov $0x1,%esi
1fcc: bf 02 00 00 00 mov $0x2,%edi
1fd1: e8 7a f3 ff ff callq 1350 <socket@plt>
1fd6: 85 c0 test %eax,%eax
1fd8: 0f 88 17 01 00 00 js 20f5 <submitr+0x1a1>
1fde: 41 89 c4 mov %eax,%r12d
1fe1: 4c 89 ef mov %r13,%rdi
1fe4: e8 97 f2 ff ff callq 1280 <gethostbyname@plt>
1fe9: 48 85 c0 test %rax,%rax
1fec: 0f 84 53 01 00 00 je 2145 <submitr+0x1f1>
1ff2: 4c 8d 6c 24 30 lea 0x30(%rsp),%r13
1ff7: 48 c7 44 24 30 00 00 movq $0x0,0x30(%rsp)
1ffe: 00 00
2000: 48 c7 44 24 38 00 00 movq $0x0,0x38(%rsp)
2007: 00 00
2009: 66 c7 44 24 30 02 00 movw $0x2,0x30(%rsp)
2010: 48 63 50 14 movslq 0x14(%rax),%rdx
2014: 48 8b 40 18 mov 0x18(%rax),%rax
2018: 48 8d 7c 24 34 lea 0x34(%rsp),%rdi
201d: b9 0c 00 00 00 mov $0xc,%ecx
2022: 48 8b 30 mov (%rax),%rsi
2025: e8 66 f2 ff ff callq 1290 <__memmove_chk@plt>
202a: 66 c1 c5 08 rol $0x8,%bp
202e: 66 89 6c 24 32 mov %bp,0x32(%rsp)
2033: ba 10 00 00 00 mov $0x10,%edx
2038: 4c 89 ee mov %r13,%rsi
203b: 44 89 e7 mov %r12d,%edi
203e: e8 bd f2 ff ff callq 1300 <connect@plt>
2043: 85 c0 test %eax,%eax
2045: 0f 88 65 01 00 00 js 21b0 <submitr+0x25c>
204b: 49 c7 c1 ff ff ff ff mov $0xffffffffffffffff,%r9
2052: b8 00 00 00 00 mov $0x0,%eax
2057: 4c 89 c9 mov %r9,%rcx
205a: 48 89 df mov %rbx,%rdi
205d: f2 ae repnz scas %es:(%rdi),%al
205f: 48 f7 d1 not %rcx
2062: 48 89 ce mov %rcx,%rsi
2065: 4c 89 c9 mov %r9,%rcx
2068: 48 8b 3c 24 mov (%rsp),%rdi
206c: f2 ae repnz scas %es:(%rdi),%al
206e: 49 89 c8 mov %rcx,%r8
2071: 4c 89 c9 mov %r9,%rcx
2074: 48 8b 7c 24 08 mov 0x8(%rsp),%rdi
2079: f2 ae repnz scas %es:(%rdi),%al
207b: 48 89 ca mov %rcx,%rdx
207e: 48 f7 d2 not %rdx
2081: 4c 89 c9 mov %r9,%rcx
2084: 48 8b 7c 24 10 mov 0x10(%rsp),%rdi
2089: f2 ae repnz scas %es:(%rdi),%al
208b: 4c 29 c2 sub %r8,%rdx
208e: 48 29 ca sub %rcx,%rdx
2091: 48 8d 44 76 fd lea -0x3(%rsi,%rsi,2),%rax
2096: 48 8d 44 02 7b lea 0x7b(%rdx,%rax,1),%rax
209b: 48 3d 00 20 00 00 cmp $0x2000,%rax
20a1: 0f 87 66 01 00 00 ja 220d <submitr+0x2b9>
20a7: 48 8d 94 24 50 40 00 lea 0x4050(%rsp),%rdx
20ae: 00
20af: b9 00 04 00 00 mov $0x400,%ecx
20b4: b8 00 00 00 00 mov $0x0,%eax
20b9: 48 89 d7 mov %rdx,%rdi
20bc: f3 48 ab rep stos %rax,%es:(%rdi)
20bf: 48 c7 c1 ff ff ff ff mov $0xffffffffffffffff,%rcx
20c6: 48 89 df mov %rbx,%rdi
20c9: f2 ae repnz scas %es:(%rdi),%al
20cb: 48 f7 d1 not %rcx
20ce: 48 8d 41 ff lea -0x1(%rcx),%rax
20d2: 83 f9 01 cmp $0x1,%ecx
20d5: 0f 84 08 05 00 00 je 25e3 <submitr+0x68f>
20db: 8d 40 ff lea -0x1(%rax),%eax
20de: 4c 8d 74 03 01 lea 0x1(%rbx,%rax,1),%r14
20e3: 48 89 d5 mov %rdx,%rbp
20e6: 49 bd d9 ff 00 00 00 movabs $0x2000000000ffd9,%r13
20ed: 00 20 00
20f0: e9 a6 01 00 00 jmpq 229b <submitr+0x347>
20f5: 48 b8 45 72 72 6f 72 movabs $0x43203a726f727245,%rax
20fc: 3a 20 43
20ff: 48 ba 6c 69 65 6e 74 movabs $0x6e7520746e65696c,%rdx
2106: 20 75 6e
2109: 49 89 07 mov %rax,(%r15)
210c: 49 89 57 08 mov %rdx,0x8(%r15)
2110: 48 b8 61 62 6c 65 20 movabs $0x206f7420656c6261,%rax
2117: 74 6f 20
211a: 48 ba 63 72 65 61 74 movabs $0x7320657461657263,%rdx
2121: 65 20 73
2124: 49 89 47 10 mov %rax,0x10(%r15)
2128: 49 89 57 18 mov %rdx,0x18(%r15)
212c: 41 c7 47 20 6f 63 6b movl $0x656b636f,0x20(%r15)
2133: 65
2134: 66 41 c7 47 24 74 00 movw $0x74,0x24(%r15)
213b: b8 ff ff ff ff mov $0xffffffff,%eax
2140: e9 16 03 00 00 jmpq 245b <submitr+0x507>
2145: 48 b8 45 72 72 6f 72 movabs $0x44203a726f727245,%rax
214c: 3a 20 44
214f: 48 ba 4e 53 20 69 73 movabs $0x6e7520736920534e,%rdx
2156: 20 75 6e
2159: 49 89 07 mov %rax,(%r15)
215c: 49 89 57 08 mov %rdx,0x8(%r15)
2160: 48 b8 61 62 6c 65 20 movabs $0x206f7420656c6261,%rax
2167: 74 6f 20
216a: 48 ba 72 65 73 6f 6c movabs $0x2065766c6f736572,%rdx
2171: 76 65 20
2174: 49 89 47 10 mov %rax,0x10(%r15)
2178: 49 89 57 18 mov %rdx,0x18(%r15)
217c: 48 b8 73 65 72 76 65 movabs $0x6120726576726573,%rax
2183: 72 20 61
2186: 49 89 47 20 mov %rax,0x20(%r15)
218a: 41 c7 47 28 64 64 72 movl $0x65726464,0x28(%r15)
2191: 65
2192: 66 41 c7 47 2c 73 73 movw $0x7373,0x2c(%r15)
2199: 41 c6 47 2e 00 movb $0x0,0x2e(%r15)
219e: 44 89 e7 mov %r12d,%edi
21a1: e8 9a f0 ff ff callq 1240 <close@plt>
21a6: b8 ff ff ff ff mov $0xffffffff,%eax
21ab: e9 ab 02 00 00 jmpq 245b <submitr+0x507>
21b0: 48 b8 45 72 72 6f 72 movabs $0x55203a726f727245,%rax
21b7: 3a 20 55
21ba: 48 ba 6e 61 62 6c 65 movabs $0x6f7420656c62616e,%rdx
21c1: 20 74 6f
21c4: 49 89 07 mov %rax,(%r15)
21c7: 49 89 57 08 mov %rdx,0x8(%r15)
21cb: 48 b8 20 63 6f 6e 6e movabs $0x7463656e6e6f6320,%rax
21d2: 65 63 74
21d5: 48 ba 20 74 6f 20 74 movabs $0x20656874206f7420,%rdx
21dc: 68 65 20
21df: 49 89 47 10 mov %rax,0x10(%r15)
21e3: 49 89 57 18 mov %rdx,0x18(%r15)
21e7: 41 c7 47 20 73 65 72 movl $0x76726573,0x20(%r15)
21ee: 76
21ef: 66 41 c7 47 24 65 72 movw $0x7265,0x24(%r15)
21f6: 41 c6 47 26 00 movb $0x0,0x26(%r15)
21fb: 44 89 e7 mov %r12d,%edi
21fe: e8 3d f0 ff ff callq 1240 <close@plt>
2203: b8 ff ff ff ff mov $0xffffffff,%eax
2208: e9 4e 02 00 00 jmpq 245b <submitr+0x507>
220d: 48 b8 45 72 72 6f 72 movabs $0x52203a726f727245,%rax
2214: 3a 20 52
2217: 48 ba 65 73 75 6c 74 movabs $0x747320746c757365,%rdx
221e: 20 73 74
2221: 49 89 07 mov %rax,(%r15)
2224: 49 89 57 08 mov %rdx,0x8(%r15)
2228: 48 b8 72 69 6e 67 20 movabs $0x6f6f7420676e6972,%rax
222f: 74 6f 6f
2232: 48 ba 20 6c 61 72 67 movabs $0x202e656772616c20,%rdx
2239: 65 2e 20
223c: 49 89 47 10 mov %rax,0x10(%r15)
2240: 49 89 57 18 mov %rdx,0x18(%r15)
2244: 48 b8 49 6e 63 72 65 movabs $0x6573616572636e49,%rax
224b: 61 73 65
224e: 48 ba 20 53 55 42 4d movabs $0x5254494d42555320,%rdx
2255: 49 54 52
2258: 49 89 47 20 mov %rax,0x20(%r15)
225c: 49 89 57 28 mov %rdx,0x28(%r15)
2260: 48 b8 5f 4d 41 58 42 movabs $0x46554258414d5f,%rax
2267: 55 46 00
226a: 49 89 47 30 mov %rax,0x30(%r15)
226e: 44 89 e7 mov %r12d,%edi
2271: e8 ca ef ff ff callq 1240 <close@plt>
2276: b8 ff ff ff ff mov $0xffffffff,%eax
227b: e9 db 01 00 00 jmpq 245b <submitr+0x507>
2280: 49 0f a3 c5 bt %rax,%r13
2284: 73 21 jae 22a7 <submitr+0x353>
2286: 44 88 45 00 mov %r8b,0x0(%rbp)
228a: 48 8d 6d 01 lea 0x1(%rbp),%rbp
228e: 48 83 c3 01 add $0x1,%rbx
2292: 4c 39 f3 cmp %r14,%rbx
2295: 0f 84 48 03 00 00 je 25e3 <submitr+0x68f>
229b: 44 0f b6 03 movzbl (%rbx),%r8d
229f: 41 8d 40 d6 lea -0x2a(%r8),%eax
22a3: 3c 35 cmp $0x35,%al
22a5: 76 d9 jbe 2280 <submitr+0x32c>
22a7: 44 89 c0 mov %r8d,%eax
22aa: 83 e0 df and $0xffffffdf,%eax
22ad: 83 e8 41 sub $0x41,%eax
22b0: 3c 19 cmp $0x19,%al
22b2: 76 d2 jbe 2286 <submitr+0x332>
22b4: 41 80 f8 20 cmp $0x20,%r8b
22b8: 74 63 je 231d <submitr+0x3c9>
22ba: 41 8d 40 e0 lea -0x20(%r8),%eax
22be: 3c 5f cmp $0x5f,%al
22c0: 76 0a jbe 22cc <submitr+0x378>
22c2: 41 80 f8 09 cmp $0x9,%r8b
22c6: 0f 85 8a 02 00 00 jne 2556 <submitr+0x602>
22cc: 48 8d bc 24 50 80 00 lea 0x8050(%rsp),%rdi
22d3: 00
22d4: 45 0f b6 c0 movzbl %r8b,%r8d
22d8: 48 8d 0d e7 11 00 00 lea 0x11e7(%rip),%rcx # 34c6 <array.3471+0x2e6>
22df: ba 08 00 00 00 mov $0x8,%edx
22e4: be 01 00 00 00 mov $0x1,%esi
22e9: b8 00 00 00 00 mov $0x0,%eax
22ee: e8 4d f0 ff ff callq 1340 <__sprintf_chk@plt>
22f3: 0f b6 84 24 50 80 00 movzbl 0x8050(%rsp),%eax
22fa: 00
22fb: 88 45 00 mov %al,0x0(%rbp)
22fe: 0f b6 84 24 51 80 00 movzbl 0x8051(%rsp),%eax
2305: 00
2306: 88 45 01 mov %al,0x1(%rbp)
2309: 0f b6 84 24 52 80 00 movzbl 0x8052(%rsp),%eax
2310: 00
2311: 88 45 02 mov %al,0x2(%rbp)
2314: 48 8d 6d 03 lea 0x3(%rbp),%rbp
2318: e9 71 ff ff ff jmpq 228e <submitr+0x33a>
231d: c6 45 00 2b movb $0x2b,0x0(%rbp)
2321: 48 8d 6d 01 lea 0x1(%rbp),%rbp
2325: e9 64 ff ff ff jmpq 228e <submitr+0x33a>
232a: 48 01 c5 add %rax,%rbp
232d: 48 29 c3 sub %rax,%rbx
2330: 0f 84 25 03 00 00 je 265b <submitr+0x707>
2336: 48 89 da mov %rbx,%rdx
2339: 48 89 ee mov %rbp,%rsi
233c: 44 89 e7 mov %r12d,%edi
233f: e8 cc ee ff ff callq 1210 <write@plt>
2344: 48 85 c0 test %rax,%rax
2347: 7f e1 jg 232a <submitr+0x3d6>
2349: e8 92 ee ff ff callq 11e0 <__errno_location@plt>
234e: 83 38 04 cmpl $0x4,(%rax)
2351: 0f 85 a0 01 00 00 jne 24f7 <submitr+0x5a3>
2357: 4c 89 e8 mov %r13,%rax
235a: eb ce jmp 232a <submitr+0x3d6>
235c: 48 b8 45 72 72 6f 72 movabs $0x43203a726f727245,%rax
2363: 3a 20 43
2366: 48 ba 6c 69 65 6e 74 movabs $0x6e7520746e65696c,%rdx
236d: 20 75 6e
2370: 49 89 07 mov %rax,(%r15)
2373: 49 89 57 08 mov %rdx,0x8(%r15)
2377: 48 b8 61 62 6c 65 20 movabs $0x206f7420656c6261,%rax
237e: 74 6f 20
2381: 48 ba 72 65 61 64 20 movabs $0x7269662064616572,%rdx
2388: 66 69 72
238b: 49 89 47 10 mov %rax,0x10(%r15)
238f: 49 89 57 18 mov %rdx,0x18(%r15)
2393: 48 b8 73 74 20 68 65 movabs $0x6564616568207473,%rax
239a: 61 64 65
239d: 48 ba 72 20 66 72 6f movabs $0x73206d6f72662072,%rdx
23a4: 6d 20 73
23a7: 49 89 47 20 mov %rax,0x20(%r15)
23ab: 49 89 57 28 mov %rdx,0x28(%r15)
23af: 41 c7 47 30 65 72 76 movl $0x65767265,0x30(%r15)
23b6: 65
23b7: 66 41 c7 47 34 72 00 movw $0x72,0x34(%r15)
23be: 44 89 e7 mov %r12d,%edi
23c1: e8 7a ee ff ff callq 1240 <close@plt>
23c6: b8 ff ff ff ff mov $0xffffffff,%eax
23cb: e9 8b 00 00 00 jmpq 245b <submitr+0x507>
23d0: 4c 8d 8c 24 50 80 00 lea 0x8050(%rsp),%r9
23d7: 00
23d8: 48 8d 0d 39 10 00 00 lea 0x1039(%rip),%rcx # 3418 <array.3471+0x238>
23df: 48 c7 c2 ff ff ff ff mov $0xffffffffffffffff,%rdx
23e6: be 01 00 00 00 mov $0x1,%esi
23eb: 4c 89 ff mov %r15,%rdi
23ee: b8 00 00 00 00 mov $0x0,%eax
23f3: e8 48 ef ff ff callq 1340 <__sprintf_chk@plt>
23f8: 44 89 e7 mov %r12d,%edi
23fb: e8 40 ee ff ff callq 1240 <close@plt>
2400: b8 ff ff ff ff mov $0xffffffff,%eax
2405: eb 54 jmp 245b <submitr+0x507>
2407: 48 8d b4 24 50 20 00 lea 0x2050(%rsp),%rsi
240e: 00
240f: 48 8d 7c 24 40 lea 0x40(%rsp),%rdi
2414: ba 00 20 00 00 mov $0x2000,%edx
2419: e8 6d fa ff ff callq 1e8b <rio_readlineb>
241e: 48 85 c0 test %rax,%rax
2421: 7e 61 jle 2484 <submitr+0x530>
2423: 48 8d b4 24 50 20 00 lea 0x2050(%rsp),%rsi
242a: 00
242b: 4c 89 ff mov %r15,%rdi
242e: e8 bd ed ff ff callq 11f0 <strcpy@plt>
2433: 44 89 e7 mov %r12d,%edi
2436: e8 05 ee ff ff callq 1240 <close@plt>
243b: b9 03 00 00 00 mov $0x3,%ecx
2440: 48 8d 3d 9a 10 00 00 lea 0x109a(%rip),%rdi # 34e1 <array.3471+0x301>
2447: 4c 89 fe mov %r15,%rsi
244a: f3 a6 repz cmpsb %es:(%rdi),%ds:(%rsi)
244c: 0f 97 c0 seta %al
244f: 1c 00 sbb $0x0,%al
2451: 84 c0 test %al,%al
2453: 0f 95 c0 setne %al
2456: 0f b6 c0 movzbl %al,%eax
2459: f7 d8 neg %eax
245b: 48 8b 94 24 58 a0 00 mov 0xa058(%rsp),%rdx
2462: 00
2463: 64 48 33 14 25 28 00 xor %fs:0x28,%rdx
246a: 00 00
246c: 0f 85 0c 03 00 00 jne 277e <submitr+0x82a>
2472: 48 81 c4 68 a0 00 00 add $0xa068,%rsp
2479: 5b pop %rbx
247a: 5d pop %rbp
247b: 41 5c pop %r12
247d: 41 5d pop %r13
247f: 41 5e pop %r14
2481: 41 5f pop %r15
2483: c3 retq
2484: 48 b8 45 72 72 6f 72 movabs $0x43203a726f727245,%rax
248b: 3a 20 43
248e: 48 ba 6c 69 65 6e 74 movabs $0x6e7520746e65696c,%rdx
2495: 20 75 6e
2498: 49 89 07 mov %rax,(%r15)
249b: 49 89 57 08 mov %rdx,0x8(%r15)
249f: 48 b8 61 62 6c 65 20 movabs $0x206f7420656c6261,%rax
24a6: 74 6f 20
24a9: 48 ba 72 65 61 64 20 movabs $0x6174732064616572,%rdx
24b0: 73 74 61
24b3: 49 89 47 10 mov %rax,0x10(%r15)
24b7: 49 89 57 18 mov %rdx,0x18(%r15)
24bb: 48 b8 74 75 73 20 6d movabs $0x7373656d20737574,%rax
24c2: 65 73 73
24c5: 48 ba 61 67 65 20 66 movabs $0x6d6f726620656761,%rdx
24cc: 72 6f 6d
24cf: 49 89 47 20 mov %rax,0x20(%r15)
24d3: 49 89 57 28 mov %rdx,0x28(%r15)
24d7: 48 b8 20 73 65 72 76 movabs $0x72657672657320,%rax
24de: 65 72 00
24e1: 49 89 47 30 mov %rax,0x30(%r15)
24e5: 44 89 e7 mov %r12d,%edi
24e8: e8 53 ed ff ff callq 1240 <close@plt>
24ed: b8 ff ff ff ff mov $0xffffffff,%eax
24f2: e9 64 ff ff ff jmpq 245b <submitr+0x507>
24f7: 48 b8 45 72 72 6f 72 movabs $0x43203a726f727245,%rax
24fe: 3a 20 43
2501: 48 ba 6c 69 65 6e 74 movabs $0x6e7520746e65696c,%rdx
2508: 20 75 6e
250b: 49 89 07 mov %rax,(%r15)
250e: 49 89 57 08 mov %rdx,0x8(%r15)
2512: 48 b8 61 62 6c 65 20 movabs $0x206f7420656c6261,%rax
2519: 74 6f 20
251c: 48 ba 77 72 69 74 65 movabs $0x6f74206574697277,%rdx
2523: 20 74 6f
2526: 49 89 47 10 mov %rax,0x10(%r15)
252a: 49 89 57 18 mov %rdx,0x18(%r15)
252e: 48 b8 20 74 68 65 20 movabs $0x7265732065687420,%rax
2535: 73 65 72
2538: 49 89 47 20 mov %rax,0x20(%r15)
253c: 41 c7 47 28 76 65 72 movl $0x726576,0x28(%r15)
2543: 00
2544: 44 89 e7 mov %r12d,%edi
2547: e8 f4 ec ff ff callq 1240 <close@plt>
254c: b8 ff ff ff ff mov $0xffffffff,%eax
2551: e9 05 ff ff ff jmpq 245b <submitr+0x507>
2556: 48 b8 45 72 72 6f 72 movabs $0x52203a726f727245,%rax
255d: 3a 20 52
2560: 48 ba 65 73 75 6c 74 movabs $0x747320746c757365,%rdx
2567: 20 73 74
256a: 49 89 07 mov %rax,(%r15)
256d: 49 89 57 08 mov %rdx,0x8(%r15)
2571: 48 b8 72 69 6e 67 20 movabs $0x6e6f6320676e6972,%rax
2578: 63 6f 6e
257b: 48 ba 74 61 69 6e 73 movabs $0x6e6120736e696174,%rdx
2582: 20 61 6e
2585: 49 89 47 10 mov %rax,0x10(%r15)
2589: 49 89 57 18 mov %rdx,0x18(%r15)
258d: 48 b8 20 69 6c 6c 65 movabs $0x6c6167656c6c6920,%rax
2594: 67 61 6c
2597: 48 ba 20 6f 72 20 75 movabs $0x72706e7520726f20,%rdx
259e: 6e 70 72
25a1: 49 89 47 20 mov %rax,0x20(%r15)
25a5: 49 89 57 28 mov %rdx,0x28(%r15)
25a9: 48 b8 69 6e 74 61 62 movabs $0x20656c6261746e69,%rax
25b0: 6c 65 20
25b3: 48 ba 63 68 61 72 61 movabs $0x6574636172616863,%rdx
25ba: 63 74 65
25bd: 49 89 47 30 mov %rax,0x30(%r15)
25c1: 49 89 57 38 mov %rdx,0x38(%r15)
25c5: 66 41 c7 47 40 72 2e movw $0x2e72,0x40(%r15)
25cc: 41 c6 47 42 00 movb $0x0,0x42(%r15)
25d1: 44 89 e7 mov %r12d,%edi
25d4: e8 67 ec ff ff callq 1240 <close@plt>
25d9: b8 ff ff ff ff mov $0xffffffff,%eax
25de: e9 78 fe ff ff jmpq 245b <submitr+0x507>
25e3: 48 8d 9c 24 50 20 00 lea 0x2050(%rsp),%rbx
25ea: 00
25eb: 48 83 ec 08 sub $0x8,%rsp
25ef: 48 8d 84 24 58 40 00 lea 0x4058(%rsp),%rax
25f6: 00
25f7: 50 push %rax
25f8: ff 74 24 20 pushq 0x20(%rsp)
25fc: ff 74 24 30 pushq 0x30(%rsp)
2600: 4c 8b 4c 24 28 mov 0x28(%rsp),%r9
2605: 4c 8b 44 24 20 mov 0x20(%rsp),%r8
260a: 48 8d 0d 37 0e 00 00 lea 0xe37(%rip),%rcx # 3448 <array.3471+0x268>
2611: ba 00 20 00 00 mov $0x2000,%edx
2616: be 01 00 00 00 mov $0x1,%esi
261b: 48 89 df mov %rbx,%rdi
261e: b8 00 00 00 00 mov $0x0,%eax
2623: e8 18 ed ff ff callq 1340 <__sprintf_chk@plt>
2628: 48 c7 c1 ff ff ff ff mov $0xffffffffffffffff,%rcx
262f: b8 00 00 00 00 mov $0x0,%eax
2634: 48 89 df mov %rbx,%rdi
2637: f2 ae repnz scas %es:(%rdi),%al
2639: 48 f7 d1 not %rcx
263c: 48 83 c4 20 add $0x20,%rsp
2640: 48 8d ac 24 50 20 00 lea 0x2050(%rsp),%rbp
2647: 00
2648: 41 bd 00 00 00 00 mov $0x0,%r13d
264e: 48 89 cb mov %rcx,%rbx
2651: 48 83 eb 01 sub $0x1,%rbx
2655: 0f 85 db fc ff ff jne 2336 <submitr+0x3e2>
265b: 44 89 64 24 40 mov %r12d,0x40(%rsp)
2660: c7 44 24 44 00 00 00 movl $0x0,0x44(%rsp)
2667: 00
2668: 48 8d 7c 24 40 lea 0x40(%rsp),%rdi
266d: 48 8d 44 24 50 lea 0x50(%rsp),%rax
2672: 48 89 44 24 48 mov %rax,0x48(%rsp)
2677: 48 8d b4 24 50 20 00 lea 0x2050(%rsp),%rsi
267e: 00
267f: ba 00 20 00 00 mov $0x2000,%edx
2684: e8 02 f8 ff ff callq 1e8b <rio_readlineb>
2689: 48 85 c0 test %rax,%rax
268c: 0f 8e ca fc ff ff jle 235c <submitr+0x408>
2692: 48 8d 4c 24 2c lea 0x2c(%rsp),%rcx
2697: 48 8d 94 24 50 60 00 lea 0x6050(%rsp),%rdx
269e: 00
269f: 48 8d bc 24 50 20 00 lea 0x2050(%rsp),%rdi
26a6: 00
26a7: 4c 8d 84 24 50 80 00 lea 0x8050(%rsp),%r8
26ae: 00
26af: 48 8d 35 17 0e 00 00 lea 0xe17(%rip),%rsi # 34cd <array.3471+0x2ed>
26b6: b8 00 00 00 00 mov $0x0,%eax
26bb: e8 00 ec ff ff callq 12c0 <__isoc99_sscanf@plt>
26c0: 44 8b 44 24 2c mov 0x2c(%rsp),%r8d
26c5: 41 81 f8 c8 00 00 00 cmp $0xc8,%r8d
26cc: 0f 85 fe fc ff ff jne 23d0 <submitr+0x47c>
26d2: 48 8d 1d 05 0e 00 00 lea 0xe05(%rip),%rbx # 34de <array.3471+0x2fe>
26d9: 48 8d b4 24 50 20 00 lea 0x2050(%rsp),%rsi
26e0: 00
26e1: b9 03 00 00 00 mov $0x3,%ecx
26e6: 48 89 df mov %rbx,%rdi
26e9: f3 a6 repz cmpsb %es:(%rdi),%ds:(%rsi)
26eb: 0f 97 c0 seta %al
26ee: 1c 00 sbb $0x0,%al
26f0: 84 c0 test %al,%al
26f2: 0f 84 0f fd ff ff je 2407 <submitr+0x4b3>
26f8: 48 8d b4 24 50 20 00 lea 0x2050(%rsp),%rsi
26ff: 00
2700: 48 8d 7c 24 40 lea 0x40(%rsp),%rdi
2705: ba 00 20 00 00 mov $0x2000,%edx
270a: e8 7c f7 ff ff callq 1e8b <rio_readlineb>
270f: 48 85 c0 test %rax,%rax
2712: 7f c5 jg 26d9 <submitr+0x785>
2714: 48 b8 45 72 72 6f 72 movabs $0x43203a726f727245,%rax
271b: 3a 20 43
271e: 48 ba 6c 69 65 6e 74 movabs $0x6e7520746e65696c,%rdx
2725: 20 75 6e
2728: 49 89 07 mov %rax,(%r15)
272b: 49 89 57 08 mov %rdx,0x8(%r15)
272f: 48 b8 61 62 6c 65 20 movabs $0x206f7420656c6261,%rax
2736: 74 6f 20
2739: 48 ba 72 65 61 64 20 movabs $0x6165682064616572,%rdx
2740: 68 65 61
2743: 49 89 47 10 mov %rax,0x10(%r15)
2747: 49 89 57 18 mov %rdx,0x18(%r15)
274b: 48 b8 64 65 72 73 20 movabs $0x6f72662073726564,%rax
2752: 66 72 6f
2755: 48 ba 6d 20 73 65 72 movabs $0x726576726573206d,%rdx
275c: 76 65 72
275f: 49 89 47 20 mov %rax,0x20(%r15)
2763: 49 89 57 28 mov %rdx,0x28(%r15)
2767: 41 c6 47 30 00 movb $0x0,0x30(%r15)
276c: 44 89 e7 mov %r12d,%edi
276f: e8 cc ea ff ff callq 1240 <close@plt>
2774: b8 ff ff ff ff mov $0xffffffff,%eax
2779: e9 dd fc ff ff jmpq 245b <submitr+0x507>
277e: e8 9d ea ff ff callq 1220 <__stack_chk_fail@plt>
0000000000002783 <init_timeout>:
2783: f3 0f 1e fa endbr64
2787: 85 ff test %edi,%edi
2789: 75 01 jne 278c <init_timeout+0x9>
278b: c3 retq
278c: 53 push %rbx
278d: 89 fb mov %edi,%ebx
278f: 48 8d 35 bf f6 ff ff lea -0x941(%rip),%rsi # 1e55 <sigalrm_handler>
2796: bf 0e 00 00 00 mov $0xe,%edi
279b: e8 d0 ea ff ff callq 1270 <signal@plt>
27a0: 85 db test %ebx,%ebx
27a2: bf 00 00 00 00 mov $0x0,%edi
27a7: 0f 49 fb cmovns %ebx,%edi
27aa: e8 81 ea ff ff callq 1230 <alarm@plt>
27af: 5b pop %rbx
27b0: c3 retq
00000000000027b1 <init_driver>:
27b1: f3 0f 1e fa endbr64
27b5: 41 54 push %r12
27b7: 55 push %rbp
27b8: 53 push %rbx
27b9: 48 83 ec 20 sub $0x20,%rsp
27bd: 48 89 fd mov %rdi,%rbp
27c0: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
27c7: 00 00
27c9: 48 89 44 24 18 mov %rax,0x18(%rsp)
27ce: 31 c0 xor %eax,%eax
27d0: be 01 00 00 00 mov $0x1,%esi
27d5: bf 0d 00 00 00 mov $0xd,%edi
27da: e8 91 ea ff ff callq 1270 <signal@plt>
27df: be 01 00 00 00 mov $0x1,%esi
27e4: bf 1d 00 00 00 mov $0x1d,%edi
27e9: e8 82 ea ff ff callq 1270 <signal@plt>
27ee: be 01 00 00 00 mov $0x1,%esi
27f3: bf 1d 00 00 00 mov $0x1d,%edi
27f8: e8 73 ea ff ff callq 1270 <signal@plt>
27fd: ba 00 00 00 00 mov $0x0,%edx
2802: be 01 00 00 00 mov $0x1,%esi
2807: bf 02 00 00 00 mov $0x2,%edi
280c: e8 3f eb ff ff callq 1350 <socket@plt>
2811: 85 c0 test %eax,%eax
2813: 0f 88 9c 00 00 00 js 28b5 <init_driver+0x104>
2819: 89 c3 mov %eax,%ebx
281b: 48 8d 3d c2 0c 00 00 lea 0xcc2(%rip),%rdi # 34e4 <array.3471+0x304>
2822: e8 59 ea ff ff callq 1280 <gethostbyname@plt>
2827: 48 85 c0 test %rax,%rax
282a: 0f 84 d1 00 00 00 je 2901 <init_driver+0x150>
2830: 49 89 e4 mov %rsp,%r12
2833: 48 c7 04 24 00 00 00 movq $0x0,(%rsp)
283a: 00
283b: 48 c7 44 24 08 00 00 movq $0x0,0x8(%rsp)
2842: 00 00
2844: 66 c7 04 24 02 00 movw $0x2,(%rsp)
284a: 48 63 50 14 movslq 0x14(%rax),%rdx
284e: 48 8b 40 18 mov 0x18(%rax),%rax
2852: 48 8d 7c 24 04 lea 0x4(%rsp),%rdi
2857: b9 0c 00 00 00 mov $0xc,%ecx
285c: 48 8b 30 mov (%rax),%rsi
285f: e8 2c ea ff ff callq 1290 <__memmove_chk@plt>
2864: 66 c7 44 24 02 3b 6e movw $0x6e3b,0x2(%rsp)
286b: ba 10 00 00 00 mov $0x10,%edx
2870: 4c 89 e6 mov %r12,%rsi
2873: 89 df mov %ebx,%edi
2875: e8 86 ea ff ff callq 1300 <connect@plt>
287a: 85 c0 test %eax,%eax
287c: 0f 88 e7 00 00 00 js 2969 <init_driver+0x1b8>
2882: 89 df mov %ebx,%edi
2884: e8 b7 e9 ff ff callq 1240 <close@plt>
2889: 66 c7 45 00 4f 4b movw $0x4b4f,0x0(%rbp)
288f: c6 45 02 00 movb $0x0,0x2(%rbp)
2893: b8 00 00 00 00 mov $0x0,%eax
2898: 48 8b 4c 24 18 mov 0x18(%rsp),%rcx
289d: 64 48 33 0c 25 28 00 xor %fs:0x28,%rcx
28a4: 00 00
28a6: 0f 85 f5 00 00 00 jne 29a1 <init_driver+0x1f0>
28ac: 48 83 c4 20 add $0x20,%rsp
28b0: 5b pop %rbx
28b1: 5d pop %rbp
28b2: 41 5c pop %r12
28b4: c3 retq
28b5: 48 b8 45 72 72 6f 72 movabs $0x43203a726f727245,%rax
28bc: 3a 20 43
28bf: 48 ba 6c 69 65 6e 74 movabs $0x6e7520746e65696c,%rdx
28c6: 20 75 6e
28c9: 48 89 45 00 mov %rax,0x0(%rbp)
28cd: 48 89 55 08 mov %rdx,0x8(%rbp)
28d1: 48 b8 61 62 6c 65 20 movabs $0x206f7420656c6261,%rax
28d8: 74 6f 20
28db: 48 ba 63 72 65 61 74 movabs $0x7320657461657263,%rdx
28e2: 65 20 73
28e5: 48 89 45 10 mov %rax,0x10(%rbp)
28e9: 48 89 55 18 mov %rdx,0x18(%rbp)
28ed: c7 45 20 6f 63 6b 65 movl $0x656b636f,0x20(%rbp)
28f4: 66 c7 45 24 74 00 movw $0x74,0x24(%rbp)
28fa: b8 ff ff ff ff mov $0xffffffff,%eax
28ff: eb 97 jmp 2898 <init_driver+0xe7>
2901: 48 b8 45 72 72 6f 72 movabs $0x44203a726f727245,%rax
2908: 3a 20 44
290b: 48 ba 4e 53 20 69 73 movabs $0x6e7520736920534e,%rdx
2912: 20 75 6e
2915: 48 89 45 00 mov %rax,0x0(%rbp)
2919: 48 89 55 08 mov %rdx,0x8(%rbp)
291d: 48 b8 61 62 6c 65 20 movabs $0x206f7420656c6261,%rax
2924: 74 6f 20
2927: 48 ba 72 65 73 6f 6c movabs $0x2065766c6f736572,%rdx
292e: 76 65 20
2931: 48 89 45 10 mov %rax,0x10(%rbp)
2935: 48 89 55 18 mov %rdx,0x18(%rbp)
2939: 48 b8 73 65 72 76 65 movabs $0x6120726576726573,%rax
2940: 72 20 61
2943: 48 89 45 20 mov %rax,0x20(%rbp)
2947: c7 45 28 64 64 72 65 movl $0x65726464,0x28(%rbp)
294e: 66 c7 45 2c 73 73 movw $0x7373,0x2c(%rbp)
2954: c6 45 2e 00 movb $0x0,0x2e(%rbp)
2958: 89 df mov %ebx,%edi
295a: e8 e1 e8 ff ff callq 1240 <close@plt>
295f: b8 ff ff ff ff mov $0xffffffff,%eax
2964: e9 2f ff ff ff jmpq 2898 <init_driver+0xe7>
2969: 4c 8d 05 74 0b 00 00 lea 0xb74(%rip),%r8 # 34e4 <array.3471+0x304>
2970: 48 8d 0d 29 0b 00 00 lea 0xb29(%rip),%rcx # 34a0 <array.3471+0x2c0>
2977: 48 c7 c2 ff ff ff ff mov $0xffffffffffffffff,%rdx
297e: be 01 00 00 00 mov $0x1,%esi
2983: 48 89 ef mov %rbp,%rdi
2986: b8 00 00 00 00 mov $0x0,%eax
298b: e8 b0 e9 ff ff callq 1340 <__sprintf_chk@plt>
2990: 89 df mov %ebx,%edi
2992: e8 a9 e8 ff ff callq 1240 <close@plt>
2997: b8 ff ff ff ff mov $0xffffffff,%eax
299c: e9 f7 fe ff ff jmpq 2898 <init_driver+0xe7>
29a1: e8 7a e8 ff ff callq 1220 <__stack_chk_fail@plt>
00000000000029a6 <driver_post>:
29a6: f3 0f 1e fa endbr64
29aa: 53 push %rbx
29ab: 4c 89 c3 mov %r8,%rbx
29ae: 85 c9 test %ecx,%ecx
29b0: 75 17 jne 29c9 <driver_post+0x23>
29b2: 48 85 ff test %rdi,%rdi
29b5: 74 05 je 29bc <driver_post+0x16>
29b7: 80 3f 00 cmpb $0x0,(%rdi)
29ba: 75 33 jne 29ef <driver_post+0x49>
29bc: 66 c7 03 4f 4b movw $0x4b4f,(%rbx)
29c1: c6 43 02 00 movb $0x0,0x2(%rbx)
29c5: 89 c8 mov %ecx,%eax
29c7: 5b pop %rbx
29c8: c3 retq
29c9: 48 8d 35 2c 0b 00 00 lea 0xb2c(%rip),%rsi # 34fc <array.3471+0x31c>
29d0: bf 01 00 00 00 mov $0x1,%edi
29d5: b8 00 00 00 00 mov $0x0,%eax
29da: e8 f1 e8 ff ff callq 12d0 <__printf_chk@plt>
29df: 66 c7 03 4f 4b movw $0x4b4f,(%rbx)
29e4: c6 43 02 00 movb $0x0,0x2(%rbx)
29e8: b8 00 00 00 00 mov $0x0,%eax
29ed: eb d8 jmp 29c7 <driver_post+0x21>
29ef: 41 50 push %r8
29f1: 52 push %rdx
29f2: 4c 8d 0d 1a 0b 00 00 lea 0xb1a(%rip),%r9 # 3513 <array.3471+0x333>
29f9: 49 89 f0 mov %rsi,%r8
29fc: 48 89 f9 mov %rdi,%rcx
29ff: 48 8d 15 15 0b 00 00 lea 0xb15(%rip),%rdx # 351b <array.3471+0x33b>
2a06: be 6e 3b 00 00 mov $0x3b6e,%esi
2a0b: 48 8d 3d d2 0a 00 00 lea 0xad2(%rip),%rdi # 34e4 <array.3471+0x304>
2a12: e8 3d f5 ff ff callq 1f54 <submitr>
2a17: 48 83 c4 10 add $0x10,%rsp
2a1b: eb aa jmp 29c7 <driver_post+0x21>
2a1d: 0f 1f 00 nopl (%rax)
0000000000002a20 <__libc_csu_init>:
2a20: f3 0f 1e fa endbr64
2a24: 41 57 push %r15
2a26: 4c 8d 3d cb 22 00 00 lea 0x22cb(%rip),%r15 # 4cf8 <__frame_dummy_init_array_entry>
2a2d: 41 56 push %r14
2a2f: 49 89 d6 mov %rdx,%r14
2a32: 41 55 push %r13
2a34: 49 89 f5 mov %rsi,%r13
2a37: 41 54 push %r12
2a39: 41 89 fc mov %edi,%r12d
2a3c: 55 push %rbp
2a3d: 48 8d 2d bc 22 00 00 lea 0x22bc(%rip),%rbp # 4d00 <__do_global_dtors_aux_fini_array_entry>
2a44: 53 push %rbx
2a45: 4c 29 fd sub %r15,%rbp
2a48: 48 83 ec 08 sub $0x8,%rsp
2a4c: e8 af e5 ff ff callq 1000 <_init>
2a51: 48 c1 fd 03 sar $0x3,%rbp
2a55: 74 1f je 2a76 <__libc_csu_init+0x56>
2a57: 31 db xor %ebx,%ebx
2a59: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
2a60: 4c 89 f2 mov %r14,%rdx
2a63: 4c 89 ee mov %r13,%rsi
2a66: 44 89 e7 mov %r12d,%edi
2a69: 41 ff 14 df callq *(%r15,%rbx,8)
2a6d: 48 83 c3 01 add $0x1,%rbx
2a71: 48 39 dd cmp %rbx,%rbp
2a74: 75 ea jne 2a60 <__libc_csu_init+0x40>
2a76: 48 83 c4 08 add $0x8,%rsp
2a7a: 5b pop %rbx
2a7b: 5d pop %rbp
2a7c: 41 5c pop %r12
2a7e: 41 5d pop %r13
2a80: 41 5e pop %r14
2a82: 41 5f pop %r15
2a84: c3 retq
2a85: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1)
2a8c: 00 00 00 00
0000000000002a90 <__libc_csu_fini>:
2a90: f3 0f 1e fa endbr64
2a94: c3 retq
Disassembly of section .fini:
0000000000002a98 <_fini>:
2a98: f3 0f 1e fa endbr64
2a9c: 48 83 ec 08 sub $0x8,%rsp
2aa0: 48 83 c4 08 add $0x8,%rsp
2aa4: c3 retq
bomb70.asm¶
只有题目的汇编代码
0x5555555555a7 <phase_1> endbr64 │
│ 0x5555555555ab <phase_1+4> sub $0x8,%rsp │
│ 0x5555555555af <phase_1+8> lea 0x1b9a(%rip),%rsi # 0x555555557150 │
│ 0x5555555555b6 <phase_1+15> callq 0x555555555adf <strings_not_equal> │
│ 0x5555555555bb <phase_1+20> test %eax,%eax │
│ 0x5555555555bd <phase_1+22> jne 0x5555555555c4 <phase_1+29> │
│ 0x5555555555bf <phase_1+24> add $0x8,%rsp │
│ 0x5555555555c3 <phase_1+28> retq │
│ 0x5555555555c4 <phase_1+29> callq 0x555555555bf3 <explode_bomb> │
│ 0x5555555555c9 <phase_1+34> jmp 0x5555555555bf <phase_1+24>
│
│b+ 0x5555555555cb <phase_2> endbr64
0x5555555555cf <phase_2+4> push %rbp │
│ 0x5555555555d0 <phase_2+5> push %rbx │
│ 0x5555555555d1 <phase_2+6> sub $0x28,%rsp │
│ 0x5555555555d5 <phase_2+10> mov %fs:0x28,%rax │
│ 0x5555555555de <phase_2+19> mov %rax,0x18(%rsp) │
│ 0x5555555555e3 <phase_2+24> xor %eax,%eax │
│ 0x5555555555e5 <phase_2+26> mov %rsp,%rsi │
│ 0x5555555555e8 <phase_2+29> callq 0x555555555c1f <read_six_numbers>
│
│ 0x5555555555ed <phase_2+34> cmpl $0x0,(%rsp) │
│ 0x5555555555f1 <phase_2+38> js 0x5555555555fd <phase_2+50> │
│ 0x5555555555f3 <phase_2+40> mov %rsp,%rbp │
│ 0x5555555555f6 <phase_2+43> mov $0x1,%ebx │
│ 0x5555555555fb <phase_2+48> jmp 0x555555555615 <phase_2+74> │
│ 0x5555555555fd <phase_2+50> callq 0x555555555bf3 <explode_bomb> │
│ 0x555555555602 <phase_2+55> jmp 0x5555555555f3 <phase_2+40> │
│ 0x555555555604 <phase_2+57> callq 0x555555555bf3 <explode_bomb> │
│ 0x555555555609 <phase_2+62> add $0x1,%ebx │
│ 0x55555555560c <phase_2+65> add $0x4,%rbp
0x555555555610 <phase_2+69> cmp $0x6,%ebx │
│ 0x555555555613 <phase_2+72> je 0x555555555621 <phase_2+86> │
│ 0x555555555615 <phase_2+74> mov %ebx,%eax │
│ 0x555555555617 <phase_2+76> add 0x0(%rbp),%eax │
│ 0x55555555561a <phase_2+79> cmp %eax,0x4(%rbp) │
│ 0x55555555561d <phase_2+82> je 0x555555555609 <phase_2+62> │
│ 0x55555555561f <phase_2+84> jmp 0x555555555604 <phase_2+57> │
│ 0x555555555621 <phase_2+86> mov 0x18(%rsp),%rax │
│ 0x555555555626 <phase_2+91> xor %fs:0x28,%rax │
│ 0x55555555562f <phase_2+100> jne 0x555555555638 <phase_2+109> │
│ 0x555555555631 <phase_2+102> add $0x28,%rsp
0x555555555635 <phase_2+106> pop %rbx │
│ 0x555555555636 <phase_2+107> pop %rbp │
│ 0x555555555637 <phase_2+108> retq │
│ 0x555555555638 <phase_2+109> callq 0x555555555220 <__stack_chk_fail@plt>
│
│b+ 0x55555555563d <phase_3> endbr64 │
│ 0x555555555641 <phase_3+4> sub $0x18,%rsp │
│ 0x555555555645 <phase_3+8> mov %fs:0x28,%rax │
│ 0x55555555564e <phase_3+17> mov %rax,0x8(%rsp) │
│ 0x555555555653 <phase_3+22> xor %eax,%eax │
│ 0x555555555655 <phase_3+24> lea 0x4(%rsp),%rcx │
│ 0x55555555565a <phase_3+29> mov %rsp,%rdx │
│ 0x55555555565d <phase_3+32> lea 0x1ccb(%rip),%rsi # 0x55555555732f │
│ 0x555555555664 <phase_3+39> callq 0x5555555552c0 <__isoc99_sscanf@plt> │
│ 0x555555555669 <phase_3+44> cmp $0x1,%eax │
│ 0x55555555566c <phase_3+47> jle 0x55555555568c <phase_3+79> │
│ 0x55555555566e <phase_3+49> cmpl $0x7,(%rsp) │
│ 0x555555555672 <phase_3+53> ja 0x555555555712 <phase_3+213> │
│ 0x555555555678 <phase_3+59> mov (%rsp),%eax
0x55555555567b <phase_3+62> lea 0x1b3e(%rip),%rdx # 0x5555555571c0 │
│ 0x555555555682 <phase_3+69> movslq (%rdx,%rax,4),%rax │
│ 0x555555555686 <phase_3+73> add %rdx,%rax │
│ 0x555555555689 <phase_3+76> notrack jmpq *%rax │
│ 0x55555555568c <phase_3+79> callq 0x555555555bf3 <explode_bomb> │
│ 0x555555555691 <phase_3+84> jmp 0x55555555566e <phase_3+49> │
│ 0x555555555693 <phase_3+86> mov $0x262,%eax │
│ 0x555555555698 <phase_3+91> sub $0x3a8,%eax │
│ 0x55555555569d <phase_3+96> add $0x173,%eax │
│ 0x5555555556a2 <phase_3+101> sub $0x352,%eax │
│ 0x5555555556a7 <phase_3+106> add $0x352,%eax
0x5555555556ac <phase_3+111> sub $0x352,%eax │
│ 0x5555555556b1 <phase_3+116> add $0x352,%eax │
│ 0x5555555556b6 <phase_3+121> sub $0x352,%eax │
│ 0x5555555556bb <phase_3+126> cmpl $0x5,(%rsp) │
│ 0x5555555556bf <phase_3+130> jg 0x5555555556c7 <phase_3+138> │
│ 0x5555555556c1 <phase_3+132> cmp %eax,0x4(%rsp) │
│ 0x5555555556c5 <phase_3+136> je 0x5555555556cc <phase_3+143> │
│ 0x5555555556c7 <phase_3+138> callq 0x555555555bf3 <explode_bomb> │
│ 0x5555555556cc <phase_3+143> mov 0x8(%rsp),%rax │
│ 0x5555555556d1 <phase_3+148> xor %fs:0x28,%rax │
│ 0x5555555556da <phase_3+157> jne 0x55555555571e <phase_3+225> │
│ 0x5555555556dc <phase_3+159> add $0x18,%rsp │
│ 0x5555555556e0 <phase_3+163> retq │
│ 0x5555555556e1 <phase_3+164> mov $0x0,%eax │
│ 0x5555555556e6 <phase_3+169> jmp 0x555555555698 <phase_3+91> │
│ 0x5555555556e8 <phase_3+171> mov $0x0,%eax │
│ 0x5555555556ed <phase_3+176> jmp 0x55555555569d <phase_3+96> │
│ 0x5555555556ef <phase_3+178> mov $0x0,%eax
0x5555555556f4 <phase_3+183> jmp 0x5555555556a2 <phase_3+101> │
│ 0x5555555556f6 <phase_3+185> mov $0x0,%eax │
│ 0x5555555556fb <phase_3+190> jmp 0x5555555556a7 <phase_3+106> │
│ 0x5555555556fd <phase_3+192> mov $0x0,%eax │
│ 0x555555555702 <phase_3+197> jmp 0x5555555556ac <phase_3+111> │
│ 0x555555555704 <phase_3+199> mov $0x0,%eax │
│ 0x555555555709 <phase_3+204> jmp 0x5555555556b1 <phase_3+116> │
│ 0x55555555570b <phase_3+206> mov $0x0,%eax │
│ 0x555555555710 <phase_3+211> jmp 0x5555555556b6 <phase_3+121> │
│ 0x555555555712 <phase_3+213> callq 0x555555555bf3 <explode_bomb> │
│ 0x555555555717 <phase_3+218> mov $0x0,%eax
0x55555555571c <phase_3+223> jmp 0x5555555556bb <phase_3+126> │
│ 0x55555555571e <phase_3+225> callq 0x555555555220 <__stack_chk_fail@plt>
│
│ 0x555555555723 <func4> endbr64 │
│ 0x555555555727 <func4+4> push %rbx │
│ 0x555555555728 <func4+5> mov %edx,%eax │
│ 0x55555555572a <func4+7> sub %esi,%eax │
│ 0x55555555572c <func4+9> mov %eax,%ebx │
│ 0x55555555572e <func4+11> shr $0x1f,%ebx │
│ 0x555555555731 <func4+14> add %eax,%ebx │
│ 0x555555555733 <func4+16> sar %ebx │
│ 0x555555555735 <func4+18> add %esi,%ebx │
│ 0x555555555737 <func4+20> cmp %edi,%ebx │
│ 0x555555555739 <func4+22> jg 0x555555555741 <func4+30> │
│ 0x55555555573b <func4+24> jl 0x55555555574d <func4+42> │
│ 0x55555555573d <func4+26> mov %ebx,%eax │
│ 0x55555555573f <func4+28> pop %rbx │
│ 0x555555555740 <func4+29> retq │
│ 0x555555555741 <func4+30> lea -0x1(%rbx),%edx
0x555555555744 <func4+33> callq 0x555555555723 <func4> │
│ 0x555555555749 <func4+38> add %eax,%ebx │
│ 0x55555555574b <func4+40> jmp 0x55555555573d <func4+26> │
│ 0x55555555574d <func4+42> lea 0x1(%rbx),%esi │
│ 0x555555555750 <func4+45> callq 0x555555555723 <func4> │
│ 0x555555555755 <func4+50> add %eax,%ebx │
│ 0x555555555757 <func4+52> jmp 0x55555555573d <func4+26>
│
│b+ 0x555555555759 <phase_4> endbr64 │
│ 0x55555555575d <phase_4+4> sub $0x18,%rsp │
│ 0x555555555761 <phase_4+8> mov %fs:0x28,%rax │
│ 0x55555555576a <phase_4+17> mov %rax,0x8(%rsp) │
│ 0x55555555576f <phase_4+22> xor %eax,%eax
│
│ 0x555555555771 <phase_4+24> lea 0x4(%rsp),%rcx │
│ 0x555555555776 <phase_4+29> mov %rsp,%rdx │
│ 0x555555555779 <phase_4+32> lea 0x1baf(%rip),%rsi # 0x55555555732f │
│ 0x555555555780 <phase_4+39> callq 0x5555555552c0 <__isoc99_sscanf@plt>
│
│ 0x555555555785 <phase_4+44> cmp $0x2,%eax │
│ 0x555555555788 <phase_4+47> jne 0x555555555790 <phase_4+55> │
│ 0x55555555578a <phase_4+49> cmpl $0xe,(%rsp)
0x55555555578e <phase_4+53> jbe 0x555555555795 <phase_4+60> │
│ 0x555555555790 <phase_4+55> callq 0x555555555bf3 <explode_bomb> │
│ 0x555555555795 <phase_4+60> mov $0xe,%edx │
│ 0x55555555579a <phase_4+65> mov $0x0,%esi │
│ 0x55555555579f <phase_4+70> mov (%rsp),%edi │
│ 0x5555555557a2 <phase_4+73> callq 0x555555555723 <func4> │
│ 0x5555555557a7 <phase_4+78> cmp $0xb,%eax │
│ 0x5555555557aa <phase_4+81> jne 0x5555555557b3 <phase_4+90> │
│ 0x5555555557ac <phase_4+83> cmpl $0xb,0x4(%rsp) │
│ 0x5555555557b1 <phase_4+88> je 0x5555555557b8 <phase_4+95> │
│ 0x5555555557b3 <phase_4+90> callq 0x555555555bf3 <explode_bomb> │
│ 0x5555555557b8 <phase_4+95> mov 0x8(%rsp),%rax │
│ 0x5555555557bd <phase_4+100> xor %fs:0x28,%rax │
│ 0x5555555557c6 <phase_4+109> jne 0x5555555557cd <phase_4+116> │
│ 0x5555555557c8 <phase_4+111> add $0x18,%rsp │
│ 0x5555555557cc <phase_4+115> retq │
│ 0x5555555557cd <phase_4+116> callq 0x555555555220 <__stack_chk_fail@plt>
│
│b+ 0x5555555557d2 <phase_5> endbr64 │
│ 0x5555555557d6 <phase_5+4> sub $0x18,%rsp
0x5555555557da <phase_5+8> mov %fs:0x28,%rax │
│ 0x5555555557e3 <phase_5+17> mov %rax,0x8(%rsp) │
│ 0x5555555557e8 <phase_5+22> xor %eax,%eax │
│ 0x5555555557ea <phase_5+24> lea 0x4(%rsp),%rcx │
│ 0x5555555557ef <phase_5+29> mov %rsp,%rdx │
│ 0x5555555557f2 <phase_5+32> lea 0x1b36(%rip),%rsi # 0x55555555732f │
│ 0x5555555557f9 <phase_5+39> callq 0x5555555552c0 <__isoc99_sscanf@plt> │
│ 0x5555555557fe <phase_5+44> cmp $0x1,%eax │
│ 0x555555555801 <phase_5+47> jle 0x55555555585d <phase_5+139> │
│ 0x555555555803 <phase_5+49> mov (%rsp),%eax │
│ 0x555555555806 <phase_5+52> and $0xf,%eax
0x555555555809 <phase_5+55> mov %eax,(%rsp) │
│ 0x55555555580c <phase_5+58> cmp $0xf,%eax │
│ 0x55555555580f <phase_5+61> je 0x555555555843 <phase_5+113> │
│ 0x555555555811 <phase_5+63> mov $0x0,%ecx │
│ 0x555555555816 <phase_5+68> mov $0x0,%edx │
│ 0x55555555581b <phase_5+73> lea 0x19be(%rip),%rsi # 0x5555555571e0 <array.3471> │
│ 0x555555555822 <phase_5+80> add $0x1,%edx │
│ 0x555555555825 <phase_5+83> cltq │
│ 0x555555555827 <phase_5+85> mov (%rsi,%rax,4),%eax
│ 0x55555555582a <phase_5+88> add %eax,%ecx │
│ 0x55555555582c <phase_5+90> cmp $0xf,%eax │
│ 0x55555555582f <phase_5+93> jne 0x555555555822 <phase_5+80> │
│ 0x555555555831 <phase_5+95> movl $0xf,(%rsp) │
│ 0x555555555838 <phase_5+102> cmp $0xf,%edx │
│ 0x55555555583b <phase_5+105> jne 0x555555555843 <phase_5+113> │
│ 0x55555555583d <phase_5+107> cmp %ecx,0x4(%rsp) │
│ 0x555555555841 <phase_5+111> je 0x555555555848 <phase_5+118> │
│ 0x555555555843 <phase_5+113> callq 0x555555555bf3 <explode_bomb> │
│ 0x555555555848 <phase_5+118> mov 0x8(%rsp),%rax │
│ 0x55555555584d <phase_5+123> xor %fs:0x28,%rax │
│ 0x555555555856 <phase_5+132> jne 0x555555555864 <phase_5+146> │
│ 0x555555555858 <phase_5+134> add $0x18,%rsp │
│ 0x55555555585c <phase_5+138> retq │
│ 0x55555555585d <phase_5+139> callq 0x555555555bf3 <explode_bomb> │
│ 0x555555555862 <phase_5+144> jmp 0x555555555803 <phase_5+49> │
│ 0x555555555864 <phase_5+146> callq 0x555555555220 <__stack_chk_fail@plt>
│
│b+ 0x555555555869 <phase_6> endbr64 │
│ 0x55555555586d <phase_6+4> push %r14
| 0x55555555586f <phase_6+6> push %r13 │
│ 0x555555555871 <phase_6+8> push %r12 │
│ 0x555555555873 <phase_6+10> push %rbp │
│ 0x555555555874 <phase_6+11> push %rbx │
│ 0x555555555875 <phase_6+12> sub $0x60,%rsp │
│ 0x555555555879 <phase_6+16> mov %fs:0x28,%rax │
│ 0x555555555882 <phase_6+25> mov %rax,0x58(%rsp) │
│ 0x555555555887 <phase_6+30> xor %eax,%eax │
│ 0x555555555889 <phase_6+32> mov %rsp,%r13 │
│ 0x55555555588c <phase_6+35> mov %r13,%rsi │
│ 0x55555555588f <phase_6+38> callq 0x555555555c1f <read_six_numbers> │
│ 0x555555555894 <phase_6+43> mov $0x1,%r14d │
│ 0x55555555589a <phase_6+49> mov %rsp,%r12 │
│ 0x55555555589d <phase_6+52> jmp 0x5555555558c7 <phase_6+94> │
│ 0x55555555589f <phase_6+54> callq 0x555555555bf3 <explode_bomb> │
│ 0x5555555558a4 <phase_6+59> jmp 0x5555555558d6 <phase_6+109> │
│ 0x5555555558a6 <phase_6+61> add $0x1,%rbx │
│ 0x5555555558aa <phase_6+65> cmp $0x5,%ebx │
│ 0x5555555558ad <phase_6+68> jg 0x5555555558bf <phase_6+86>
│ 0x5555555558af <phase_6+70> mov (%r12,%rbx,4),%eax │
│ 0x5555555558b3 <phase_6+74> cmp %eax,0x0(%rbp) │
│ 0x5555555558b6 <phase_6+77> jne 0x5555555558a6 <phase_6+61> │
│ 0x5555555558b8 <phase_6+79> callq 0x555555555bf3 <explode_bomb> │
│ 0x5555555558bd <phase_6+84> jmp 0x5555555558a6 <phase_6+61> │
│ 0x5555555558bf <phase_6+86> add $0x1,%r14 │
│ 0x5555555558c3 <phase_6+90> add $0x4,%r13 │
│ 0x5555555558c7 <phase_6+94> mov %r13,%rbp │
│ 0x5555555558ca <phase_6+97> mov 0x0(%r13),%eax │
│ 0x5555555558ce <phase_6+101> sub $0x1,%eax │
│ 0x5555555558d1 <phase_6+104> cmp $0x5,%eax
│ 0x5555555558d4 <phase_6+107> ja 0x55555555589f <phase_6+54> │
│ 0x5555555558d6 <phase_6+109> cmp $0x5,%r14d │
│ 0x5555555558da <phase_6+113> jg 0x5555555558e1 <phase_6+120> │
│ 0x5555555558dc <phase_6+115> mov %r14,%rbx │
│ 0x5555555558df <phase_6+118> jmp 0x5555555558af <phase_6+70> │
│ 0x5555555558e1 <phase_6+120> mov $0x0,%esi │
│ 0x5555555558e6 <phase_6+125> mov (%rsp,%rsi,4),%ecx │
│ 0x5555555558e9 <phase_6+128> mov $0x1,%eax │
│ 0x5555555558ee <phase_6+133> lea 0x391b(%rip),%rdx # 0x555555559210 <node1> │
│ 0x5555555558f5 <phase_6+140> cmp $0x1,%ecx │
│ 0x5555555558f8 <phase_6+143> jle 0x555555555905 <phase_6+156> │
│ 0x5555555558fa <phase_6+145> mov 0x8(%rdx),%rdx │
│ 0x5555555558fe <phase_6+149> add $0x1,%eax │
│ 0x555555555901 <phase_6+152> cmp %ecx,%eax │
│ 0x555555555903 <phase_6+154> jne 0x5555555558fa <phase_6+145> │
│ 0x555555555905 <phase_6+156> mov %rdx,0x20(%rsp,%rsi,8) │
│ 0x55555555590a <phase_6+161> add $0x1,%rsi │
│ 0x55555555590e <phase_6+165> cmp $0x6,%rsi
│ 0x555555555912 <phase_6+169> jne 0x5555555558e6 <phase_6+125> │
│ 0x555555555914 <phase_6+171> mov 0x20(%rsp),%rbx │
│ 0x555555555919 <phase_6+176> mov 0x28(%rsp),%rax │
│ 0x55555555591e <phase_6+181> mov %rax,0x8(%rbx) │
│ 0x555555555922 <phase_6+185> mov 0x30(%rsp),%rdx │
│ 0x555555555927 <phase_6+190> mov %rdx,0x8(%rax) │
│ 0x55555555592b <phase_6+194> mov 0x38(%rsp),%rax │
│ 0x555555555930 <phase_6+199> mov %rax,0x8(%rdx) │
│ 0x555555555934 <phase_6+203> mov 0x40(%rsp),%rdx │
│ 0x555555555939 <phase_6+208> mov %rdx,0x8(%rax)
│ 0x55555555593d <phase_6+212> mov 0x48(%rsp),%rax │
│ 0x555555555942 <phase_6+217> mov %rax,0x8(%rdx) │
│ 0x555555555946 <phase_6+221> movq $0x0,0x8(%rax) │
│ 0x55555555594e <phase_6+229> mov $0x5,%ebp │
│ 0x555555555953 <phase_6+234> jmp 0x55555555595e <phase_6+245> │
│ 0x555555555955 <phase_6+236> mov 0x8(%rbx),%rbx │
│ 0x555555555959 <phase_6+240> sub $0x1,%ebp │
│ 0x55555555595c <phase_6+243> je 0x55555555596f <phase_6+262> │
│ 0x55555555595e <phase_6+245> mov 0x8(%rbx),%rax │
│ 0x555555555962 <phase_6+249> mov (%rax),%eax
│ 0x555555555964 <phase_6+251> cmp %eax,(%rbx) │
│ 0x555555555966 <phase_6+253> jge 0x555555555955 <phase_6+236> │
│ 0x555555555968 <phase_6+255> callq 0x555555555bf3 <explode_bomb> │
│ 0x55555555596d <phase_6+260> jmp 0x555555555955 <phase_6+236> │
│ 0x55555555596f <phase_6+262> mov 0x58(%rsp),%rax │
│ 0x555555555974 <phase_6+267> xor %fs:0x28,%rax │
│ 0x55555555597d <phase_6+276> jne 0x55555555598c <phase_6+291> │
│ 0x55555555597f <phase_6+278> add $0x60,%rsp │
│ 0x555555555983 <phase_6+282> pop %rbx │
│ 0x555555555984 <phase_6+283> pop %rbp
│ 0x555555555985 <phase_6+284> pop %r12 │
│ 0x555555555987 <phase_6+286> pop %r13 │
│ 0x555555555989 <phase_6+288> pop %r14 │
│ 0x55555555598b <phase_6+290> retq │
│ 0x55555555598c <phase_6+291> callq 0x555555555220 <__stack_chk_fail@plt>
bomblab复盘.asm¶
带有我笔记的汇编代码
bomb做题思路
我的bomblab是bomb70
2022 10 28我来写一下自己的思路吧
phase1
0x5555555555a7 <phase_1> endbr64
│
│ 0x5555555555ab <phase_1+4> sub $0x8,%rsp │
│ 0x5555555555af <phase_1+8> lea 0x1b9a(%rip),%rsi # 0x555555557150
│
│ 0x5555555555b6 <phase_1+15> callq 0x555555555adf <strings_not_equal> │
│ 0x5555555555bb <phase_1+20> test %eax,%eax │
│ 0x5555555555bd <phase_1+22> jne 0x5555555555c4 <phase_1+29> │
│ 0x5555555555bf <phase_1+24> add $0x8,%rsp │
│ 0x5555555555c3 <phase_1+28> retq │
│ 0x5555555555c4 <phase_1+29> callq 0x555555555bf3 <explode_bomb> │
│ 0x5555555555c9 <phase_1+34> jmp 0x5555555555bf <phase_1+24>
答案在 1+8 那一行执行之后的%rsi里面
(gdb) x $rsi
0x555555557150: 0x62726556
(gdb) x/s 0x555555557150
0x555555557150: "Verbosity leads to unclear, inarticulate things."
x/s是查看以某个地址开始的字符串
phase2
│b+ 0x5555555555cb <phase_2> endbr64
0x5555555555cf <phase_2+4> push %rbp │
│ 0x5555555555d0 <phase_2+5> push %rbx │
│ 0x5555555555d1 <phase_2+6> sub $0x28,%rsp │
│ 0x5555555555d5 <phase_2+10> mov %fs:0x28,%rax │
│ 0x5555555555de <phase_2+19> mov %rax,0x18(%rsp) │
│ 0x5555555555e3 <phase_2+24> xor %eax,%eax │
│ 0x5555555555e5 <phase_2+26> mov %rsp,%rsi │
│ 0x5555555555e8 <phase_2+29> callq 0x555555555c1f <read_six_numbers> 猜测这里是读入了6个数字
│ 0x5555555555ed <phase_2+34> cmpl $0x0,(%rsp) 第一个数x=*rsp x:0 │
│ 0x5555555555f1 <phase_2+38> js 0x5555555555fd <phase_2+50> 如果x<0直接爆炸 │
│ 0x5555555555f3 <phase_2+40> mov %rsp,%rbp rbp=&x │
│ 0x5555555555f6 <phase_2+43> mov $0x1,%ebx rbx=1
│
│ 0x5555555555fb <phase_2+48> jmp 0x555555555615 <phase_2+74>
│
│ 0x5555555555fd <phase_2+50> callq 0x555555555bf3 <explode_bomb> │
│ 0x555555555602 <phase_2+55> jmp 0x5555555555f3 <phase_2+40> │
│ 0x555555555604 <phase_2+57> callq 0x555555555bf3 <explode_bomb>
│
│ 0x555555555609 <phase_2+62> add $0x1,%ebx rbx+=1 │
│ 0x55555555560c <phase_2+65> add $0x4,%rbp rbp+=4
0x555555555610 <phase_2+69> cmp $0x6,%ebx rbx:6 │
│ 0x555555555613 <phase_2+72> je 0x555555555621 <phase_2+86> 相等
│
│ 0x555555555615 <phase_2+74> mov %ebx,%eax rax=rbx │
│ 0x555555555617 <phase_2+76> add 0x0(%rbp),%eax rax+=*rbp │
│ 0x55555555561a <phase_2+79> cmp %eax,0x4(%rbp) *(rbp+4) : rax │
│ 0x55555555561d <phase_2+82> je 0x555555555609 <phase_2+62> 相等就再来一次 │
│ 0x55555555561f <phase_2+84> jmp 0x555555555604 <phase_2+57> 如果不相等,就爆炸了
│
│ 0x555555555621 <phase_2+86> mov 0x18(%rsp),%rax rax=*(rsp+0x18)
│
│ 0x555555555626 <phase_2+91> xor %fs:0x28,%rax │
│ 0x55555555562f <phase_2+100> jne 0x555555555638 <phase_2+109> │
│ 0x555555555631 <phase_2+102> add $0x28,%rsp
0x555555555635 <phase_2+106> pop %rbx
值得注意的是,如果我们继续(gdb) si,就会进入到没必要看的read_six_numbers调用。
我们可以在callq后面打一个断点,然后用(gdb) next跳过 read_six_numbers 。
因为这里的 read_six_numbers 在bomb.c源文件里没有对应的行数,所以需要使用(gdb)b *0x5555555555ed的方式来打一个地址断点。
phase3
│b+ 0x55555555563d <phase_3> endbr64 │
│ 0x555555555641 <phase_3+4> sub $0x18,%rsp │
│ 0x555555555645 <phase_3+8> mov %fs:0x28,%rax │
│ 0x55555555564e <phase_3+17> mov %rax,0x8(%rsp) │
│ 0x555555555653 <phase_3+22> xor %eax,%eax
│
│ 0x555555555655 <phase_3+24> lea 0x4(%rsp),%rcx │
│ 0x55555555565a <phase_3+29> mov %rsp,%rdx │
│ 0x55555555565d <phase_3+32> lea 0x1ccb(%rip),%rsi # 0x55555555732f
(gdb) x 0x55555555732f
0x55555555732f: "%d %d"
│
│ 0x555555555664 <phase_3+39> callq 0x5555555552c0 <__isoc99_sscanf@plt> │
│ 0x555555555669 <phase_3+44> cmp $0x1,%eax
│
│ 0x55555555566c <phase_3+47> jle 0x55555555568c <phase_3+79> │
│ 0x55555555566e <phase_3+49> cmpl $0x7,(%rsp)
*rsp存储的是输入的第一个值
│
│ 0x555555555672 <phase_3+53> ja 0x555555555712 <phase_3+213>
如果超过则爆炸
│ 0x555555555678 <phase_3+59> mov (%rsp),%eax
0x55555555567b <phase_3+62> lea 0x1b3e(%rip),%rdx # 0x5555555571c0 │
│ 0x555555555682 <phase_3+69> movslq (%rdx,%rax,4),%rax │
│ 0x555555555686 <phase_3+73> add %rdx,%rax │
│ 0x555555555689 <phase_3+76> notrack jmpq *%rax
│
│ 0x55555555568c <phase_3+79> callq 0x555555555bf3 <explode_bomb> │
│ 0x555555555691 <phase_3+84> jmp 0x55555555566e <phase_3+49> │
│ 0x555555555693 <phase_3+86> mov $0x262,%eax │
│ 0x555555555698 <phase_3+91> sub $0x3a8,%eax │
│ 0x55555555569d <phase_3+96> add $0x173,%eax
│
│ 0x5555555556a2 <phase_3+101> sub $0x352,%eax rax = -352 │
│ 0x5555555556a7 <phase_3+106> add $0x352,%eax rax=0
0x5555555556ac <phase_3+111> sub $0x352,%eax rax=-352 │
│ 0x5555555556b1 <phase_3+116> add $0x352,%eax rax=0 │
│ 0x5555555556b6 <phase_3+121> sub $0x352,%eax rax=-0x352
│
│ 0x5555555556bb <phase_3+126> cmpl $0x5,(%rsp) 第一个数x : 5 │
│ 0x5555555556bf <phase_3+130> jg 0x5555555556c7 <phase_3+138> 不能超过5
│
│ 0x5555555556c1 <phase_3+132> cmp %eax,0x4(%rsp) 第二个数y:-0x352 │
│ 0x5555555556c5 <phase_3+136> je 0x5555555556cc <phase_3+143> 一定要相等
s │
│ 0x5555555556c7 <phase_3+138> callq 0x555555555bf3 <explode_bomb>
│
│ 0x5555555556cc <phase_3+143> mov 0x8(%rsp),%rax │
│ 0x5555555556d1 <phase_3+148> xor %fs:0x28,%rax │
│ 0x5555555556da <phase_3+157> jne 0x55555555571e <phase_3+225> │
│ 0x5555555556dc <phase_3+159> add $0x18,%rsp │
│ 0x5555555556e0 <phase_3+163> retq
│
│ 0x5555555556e1 <phase_3+164> mov $0x0,%eax │
│ 0x5555555556e6 <phase_3+169> jmp 0x555555555698 <phase_3+91>
│
│ 0x5555555556e8 <phase_3+171> mov $0x0,%eax │
│ 0x5555555556ed <phase_3+176> jmp 0x55555555569d <phase_3+96>
│
│ 0x5555555556ef <phase_3+178> mov $0x0,%eax rax=0
0x5555555556f4 <phase_3+183> jmp 0x5555555556a2 <phase_3+101>
│ 0x5555555556f6 <phase_3+185> mov $0x0,%eax │
│ 0x5555555556fb <phase_3+190> jmp 0x5555555556a7 <phase_3+106>
│
│ 0x5555555556fd <phase_3+192> mov $0x0,%eax │
│ 0x555555555702 <phase_3+197> jmp 0x5555555556ac <phase_3+111>
│
│ 0x555555555704 <phase_3+199> mov $0x0,%eax │
│ 0x555555555709 <phase_3+204> jmp 0x5555555556b1 <phase_3+116>
│
│ 0x55555555570b <phase_3+206> mov $0x0,%eax │
│ 0x555555555710 <phase_3+211> jmp 0x5555555556b6 <phase_3+121>
│
│ 0x555555555712 <phase_3+213> callq 0x555555555bf3 <explode_bomb>
│
│ 0x555555555717 <phase_3+218> mov $0x0,%eax
0x55555555571c <phase_3+223> jmp 0x5555555556bb <phase_3+126> │
│ 0x55555555571e <phase_3+225> callq 0x555555555220 <__stack_chk_fail@plt>
如果第一个输入的是1
0x5555555571c0
1
(gdb) x $rax
0x5555555556e1 <phase_3+164>: 0x000000b8
2
(gdb) x $rax
0x5555555556e8 <phase_3+171>: 0x000000b8
3
(gdb) x $rax
0x5555555556ef <phase_3+178>: 0x000000b8
4
(gdb) x $rax
0x5555555556f6 <phase_3+185>: 0x000000b8
5
(gdb) x $rax
0x5555555556fd <phase_3+192>: 0x000000b8
6
(gdb) x $rax
0x555555555704 <phase_3+199>: 0x000000b8
7
(gdb) x 0x55555555570b
0x55555555570b <phase_3+206>: 0x000000b8
这就是跳转表了
根据输入的第一个数的值,跳转到相应的位置
比如说我输入第一个数是3
然后中间就是在比较第二个数和-0x352(-850) 题目就做出来了
初始(最最最开始)调用 fun4(x,0,14) rdi=x rsi=0 rdx=14
之后模拟这个流程就行
就是这样一个思路
fun4(u,v,w){
int i,j;
j=w
j-=v
i=j
if(i<0)i+=1
i/=2
i+=v
if(i>u){
w=i-1
return fun4(u,v,i-1)
}else if(i<u){
v=1+i
return fun4(u,1+i,w)
}else{
return i
}
}
初始(最最最开始)调用 fun4(x,0,14)
fun4(u,v,w){
int i,j
j=w-v
i=w-v
if(w<v)i=w-v+1
i=(w-v)/2+v
if(i>u){
w=i-1
return i+fun4(u,v,i-1)
}
if(i<u){
v=1+i
return i+fun4(u,1+i,w)
}
if(i==u)return i
}
返回值是11才行
rbx=i
rax=j
0x1f=00011111=1+2+4+8+16=31
phase4
│ 0x555555555723 <func4> endbr64
│
│ 0x555555555727 <func4+4> push %rbx 保存rbx │
│ 0x555555555728 <func4+5> mov %edx,%eax rax=rdx │
│ 0x55555555572a <func4+7> sub %esi,%eax rax-=rsi │
│ 0x55555555572c <func4+9> mov %eax,%ebx rbx=rax │
│ 0x55555555572e <func4+11> shr $0x1f,%ebx rbx右移31位(看rbx是不是正数) │
│ 0x555555555731 <func4+14> add %eax,%ebx rbx+=rax
如果rax是正数 rbx=rax
如果rax是负数 rbx=rax+1
逻辑右移补0算数右移补0/1
│
│ 0x555555555733 <func4+16> sar %ebx
rbx算数右移一位 就是除以2了
│
│ 0x555555555735 <func4+18> add %esi,%ebx
│
│ 0x555555555737 <func4+20> cmp %edi,%ebx
rbx:rdi
│
│ 0x555555555739 <func4+22> jg 0x555555555741 <func4+30> 如果rbx>rdi │
│ 0x55555555573b <func4+24> jl 0x55555555574d <func4+42> 如果rbx<rdi
│
│ 0x55555555573d <func4+26> mov %ebx,%eax rbx 给了rax │
│ 0x55555555573f <func4+28> pop %rbx │
│ 0x555555555740 <func4+29> retq 返回rax
│
│ 0x555555555741 <func4+30> lea -0x1(%rbx),%edx rdx=rbx-1
0x555555555744 <func4+33> callq 0x555555555723 <func4>
│ 0x555555555749 <func4+38> add %eax,%ebx 运行之后的返回值rax加到rbx │
│ 0x55555555574b <func4+40> jmp 0x55555555573d <func4+26> 然后就返回了
│
│ 0x55555555574d <func4+42> lea 0x1(%rbx),%esi rsi=1+rbx │
│ 0x555555555750 <func4+45> callq 0x555555555723 <func4> │
│ 0x555555555755 <func4+50> add %eax,%ebx 将返回值加到rbx │
│ 0x555555555757 <func4+52> jmp 0x55555555573d <func4+26> 然后就返回了
│b+ 0x555555555759 <phase_4> endbr64 │
│ 0x55555555575d <phase_4+4> sub $0x18,%rsp │
│ 0x555555555761 <phase_4+8> mov %fs:0x28,%rax │
│ 0x55555555576a <phase_4+17> mov %rax,0x8(%rsp) │
│ 0x55555555576f <phase_4+22> xor %eax,%eax │
│ 0x555555555771 <phase_4+24> lea 0x4(%rsp),%rcx │
│ 0x555555555776 <phase_4+29> mov %rsp,%rdx │
│ 0x555555555779 <phase_4+32> lea 0x1baf(%rip),%rsi # 0x55555555732f │
│ 0x555555555780 <phase_4+39> callq 0x5555555552c0 <__isoc99_sscanf@plt>
(gdb) x/s 0x55555555732f
0x55555555732f: "%d %d"
输入的是两个整数
假设输入的是 x y
│
│ 0x555555555785 <phase_4+44> cmp $0x2,%eax │
│ 0x555555555788 <phase_4+47> jne 0x555555555790 <phase_4+55> 一定要输两个数
│
│ 0x55555555578a <phase_4+49> cmpl $0xe,(%rsp) x:14
0x55555555578e <phase_4+53> jbe 0x555555555795 <phase_4+60> x<=14 │
│ 0x555555555790 <phase_4+55> callq 0x555555555bf3 <explode_bomb>
│
│ 0x555555555795 <phase_4+60> mov $0xe,%edx rdx=14 │
│ 0x55555555579a <phase_4+65> mov $0x0,%esi 第二个参数 rsi=0 │
│ 0x55555555579f <phase_4+70> mov (%rsp),%edi 第一个传输的参数rdi=x │
│ 0x5555555557a2 <phase_4+73> callq 0x555555555723 <func4> func4(x,0,14)
│
│ 0x5555555557a7 <phase_4+78> cmp $0xb,%eax 返回值rax是否是0xb(11) │
│ 0x5555555557aa <phase_4+81> jne 0x5555555557b3 <phase_4+90> 一定要是
│
│ 0x5555555557ac <phase_4+83> cmpl $0xb,0x4(%rsp) y是不是11 │
│ 0x5555555557b1 <phase_4+88> je 0x5555555557b8 <phase_4+95> │
│ 0x5555555557b3 <phase_4+90> callq 0x555555555bf3 <explode_bomb> y一定是11
│
│ 0x5555555557b8 <phase_4+95> mov 0x8(%rsp),%rax rax=y
│
│ 0x5555555557bd <phase_4+100> xor %fs:0x28,%rax │
│ 0x5555555557c6 <phase_4+109> jne 0x5555555557cd <phase_4+116> │
│ 0x5555555557c8 <phase_4+111> add $0x18,%rsp │
│ 0x5555555557cc <phase_4+115> retq │
│ 0x5555555557cd <phase_4+116> callq 0x555555555220 <__stack_chk_fail@plt>
phase4还是有些难度的,我当时在此卡了挺久
其实这个题目根本不难,只要往后学了一些,这个做起来简直切菜
│b+ 0x5555555557d2 <phase_5> endbr64 │
│ 0x5555555557d6 <phase_5+4> sub $0x18,%rsp
0x5555555557da <phase_5+8> mov %fs:0x28,%rax
│ 0x5555555557e3 <phase_5+17> mov %rax,0x8(%rsp) │
│ 0x5555555557e8 <phase_5+22> xor %eax,%eax
│
│ 0x5555555557ea <phase_5+24> lea 0x4(%rsp),%rcx │
│ 0x5555555557ef <phase_5+29> mov %rsp,%rdx │
│ 0x5555555557f2 <phase_5+32> lea 0x1b36(%rip),%rsi # 0x55555555732f
(gdb) x/s 0x55555555732f
0x55555555732f: "%d %d"
│
│ 0x5555555557f9 <phase_5+39> callq 0x5555555552c0 <__isoc99_sscanf@plt> │
│ 0x5555555557fe <phase_5+44> cmp $0x1,%eax │
│ 0x555555555801 <phase_5+47> jle 0x55555555585d <phase_5+139>
rsp里面还是在存我们输入的值,就那两个 输入了 x y
│
│ 0x555555555803 <phase_5+49> mov (%rsp),%eax │
│ 0x555555555806 <phase_5+52> and $0xf,%eax
在这之后 eax只保留了后四位
0x555555555809 <phase_5+55> mov %eax,(%rsp)
│ 0x55555555580c <phase_5+58> cmp $0xf,%eax │
│ 0x55555555580f <phase_5+61> je 0x555555555843 <phase_5+113>
截取输入第一个数字x的后四位二进制位赋值到%rax,并且检查这后四位是否为1111,如果是则引爆炸弹。
│
│ 0x555555555811 <phase_5+63> mov $0x0,%ecx rcx=0 │
│ 0x555555555816 <phase_5+68> mov $0x0,%edx rdx=0 │
│ 0x55555555581b <phase_5+73> lea 0x19be(%rip),%rsi # 0x5555555571e0 <array.3471>
(gdb) x/16wd 0x5555555571e0
0x5555555571e0 <array.3469>: 10 2 14 7
0x5555555571f0 <array.3469+16>: 8 12 15 11
0x555555557200 <array.3469+32>: 0 4 1 13
0x555555557210 <array.3469+48>: 3 9 6 5
rsi是数组的起始地址
假设输入的第一个数在and 0xf之后值是t
最开始eax=x 要保证t不能为15
循环1 eax=[4*rax+rsi]
循环2 eax=[4*rax+rsi]
循环k取出来的eax是p 那么循环k+1取出来的eax就是array[p] (array从下标0开始)
取出来的值是
底下是个循环
│ 0x555555555822 <phase_5+80> add $0x1,%edx rdx+=1 │
│ 0x555555555825 <phase_5+83> cltq
cltq将eax符号拓展到rax
│
│ 0x555555555827 <phase_5+85> mov (%rsi,%rax,4),%eax 索引访问array数组
rax=[4*rax+rsi]
│ 0x55555555582a <phase_5+88> add %eax,%ecx
%rcx里储存的是每次循环读取到的数组值的累加和,即 %rcx += array[%rax]
│
│ 0x55555555582c <phase_5+90> cmp $0xf,%eax 循环结束的条件 rax=15 就可以跳出循环了 最后一个得到的数值是15才能退出循环 │
│ 0x55555555582f <phase_5+93> jne 0x555555555822 <phase_5+80> 不相等就继续进行循环
│
│ 0x555555555831 <phase_5+95> movl $0xf,(%rsp)
│
│ 0x555555555838 <phase_5+102> cmp $0xf,%edx 计数器rdx一定要等于15 │
│ 0x55555555583b <phase_5+105> jne 0x555555555843 <phase_5+113>
现在要解决的问题,一定要完整地把这个环给遍历一遍,更要让最后一个得到的数值是15
显然,这个只用从环上15的下一个结点开始就行了
│
│ 0x55555555583d <phase_5+107> cmp %ecx,0x4(%rsp) 遍历到的数组元素的累加和%ecx要等于输入的第二个数字(%rsp+4) │
│ 0x555555555841 <phase_5+111> je 0x555555555848 <phase_5+118>
│
│ 0x555555555843 <phase_5+113> callq 0x555555555bf3 <explode_bomb>
│
│ 0x555555555848 <phase_5+118> mov 0x8(%rsp),%rax │
│ 0x55555555584d <phase_5+123> xor %fs:0x28,%rax │
│ 0x555555555856 <phase_5+132> jne 0x555555555864 <phase_5+146> │
│ 0x555555555858 <phase_5+134> add $0x18,%rsp │
│ 0x55555555585c <phase_5+138> retq │
│ 0x55555555585d <phase_5+139> callq 0x555555555bf3 <explode_bomb> │
│ 0x555555555862 <phase_5+144> jmp 0x555555555803 <phase_5+49> │
│ 0x555555555864 <phase_5+146> callq 0x555555555220 <__stack_chk_fail@plt>
我们把这个数组用类似链表的方式画出来
我们可以发现,这个数组构成了一个环状链表!那么,我们的问题就变成了寻找遍历这个环状链表所有元素的起始点,并且遍历到的最后一个元素的值为0xF(15)。
我们可以从图中直观地看出,如果我们从5开始遍历,那么当我们遍历完所有的十六个表元后,遍历到的最后一个表元就恰好是15:
所以我们输入的第一个数字可以为5
而输入的第二个数字自然就是遍历一圈后得到整个数组所有元素的和,容易计算出这个和等于115。
phase6
最难的phase
我通过较简单粗暴的方法搞出了结果,不过还是要深入研究一下这个的原理
│b+ 0x555555555869 <phase_6> endbr64 │
│ 0x55555555586d <phase_6+4> push %r14
| 0x55555555586f <phase_6+6> push %r13 │
│ 0x555555555871 <phase_6+8> push %r12 │
│ 0x555555555873 <phase_6+10> push %rbp │
│ 0x555555555874 <phase_6+11> push %rbx │
│ 0x555555555875 <phase_6+12> sub $0x60,%rsp │
│ 0x555555555879 <phase_6+16> mov %fs:0x28,%rax │
│ 0x555555555882 <phase_6+25> mov %rax,0x58(%rsp) │
│ 0x555555555887 <phase_6+30> xor %eax,%eax
│
│ 0x555555555889 <phase_6+32> mov %rsp,%r13 │
│ 0x55555555588c <phase_6+35> mov %r13,%rsi │
│ 0x55555555588f <phase_6+38> callq 0x555555555c1f <read_six_numbers>
看到 <read_six_numbers>显然就是读进去了6个数
参考phase2
│
│ 0x555555555894 <phase_6+43> mov $0x1,%r14d │
│ 0x55555555589a <phase_6+49> mov %rsp,%r12 │
│ 0x55555555589d <phase_6+52> jmp 0x5555555558c7 <phase_6+94>
最开始跳到了phase_6+94
r12有读进去的6个数的首地址
│
│ 0x55555555589f <phase_6+54> callq 0x555555555bf3 <explode_bomb>
│
│ 0x5555555558a4 <phase_6+59> jmp 0x5555555558d6 <phase_6+109> │
│ 0x5555555558a6 <phase_6+61> add $0x1,%rbx │
│ 0x5555555558aa <phase_6+65> cmp $0x5,%ebx │
│ 0x5555555558ad <phase_6+68> jg 0x5555555558bf <phase_6+86>
rbx是内存循环的索引值
│ 0x5555555558af <phase_6+70> mov (%r12,%rbx,4),%eax rax=[rsp+4*rbx] │
│ 0x5555555558b3 <phase_6+74> cmp %eax,0x0(%rbp) [rbp]:rax │
│ 0x5555555558b6 <phase_6+77> jne 0x5555555558a6 <phase_6+61> 不相等重新开始一次循环 continue
这里是内层循环
│
│ 0x5555555558b8 <phase_6+79> callq 0x555555555bf3 <explode_bomb> 相等就完蛋了 │
│ 0x5555555558bd <phase_6+84> jmp 0x5555555558a6 <phase_6+61>
rbx是索引值 到达5之后就不加了
│
│ 0x5555555558bf <phase_6+86> add $0x1,%r14 │
│ 0x5555555558c3 <phase_6+90> add $0x4,%r13
这里是外层循环
r14是记录迭代的次数,初始为1
r13记录地址,初始为输入的第一个数的地址
│
│ 0x5555555558c7 <phase_6+94> mov %r13,%rbp │
│ 0x5555555558ca <phase_6+97> mov 0x0(%r13),%eax eax=r13指向的元素 │
│ 0x5555555558ce <phase_6+101> sub $0x1,%eax eax-=1 │
│ 0x5555555558d1 <phase_6+104> cmp $0x5,%eax
│ 0x5555555558d4 <phase_6+107> ja 0x55555555589f <phase_6+54> eax>5
rbp指向的元素一定不能超过6超过就完蛋了 │
│ 0x5555555558d6 <phase_6+109> cmp $0x5,%r14d │
│ 0x5555555558da <phase_6+113> jg 0x5555555558e1 <phase_6+120> 索引值rbx超出了5就可以出来了 │
│ 0x5555555558dc <phase_6+115> mov %r14,%rbx
│
│ 0x5555555558df <phase_6+118> jmp 0x5555555558af <phase_6+70>
在一切开始之前 rbx=1 rbp指向输入的6个数的第一个数
<phase_6+86>结合<phase_6+115>实质上是将rbx的值加了1
<phase_6+90>结合<phase_6+94>实质上是将rbp指向了下一个元素
综上所述,应该这是一个循环套循环(二层循环)
int k=1
for(i=0;i<6;i++){
if(arr[i]>6)bomb
for(j=k;j<6;j++){
if(arr[i]==arr[j])bomb
}
k++
}
这个二层循环的目的是保证输入的数在都小于等于6,并且彼此不相等
│ 0x5555555558e1 <phase_6+120> mov $0x0,%esi 初始化 rsi=0
│
│ 0x5555555558e6 <phase_6+125> mov (%rsp,%rsi,4),%ecx rcx=[rsp+4*rsi] │
│ 0x5555555558e9 <phase_6+128> mov $0x1,%eax rax=1 │
│ 0x5555555558ee <phase_6+133> lea 0x391b(%rip),%rdx # 0x555555559210 <node1>
注释见第628行
│ 0x5555555558f5 <phase_6+140> cmp $0x1,%ecx rcx:1 │
│ 0x5555555558f8 <phase_6+143> jle 0x555555555905 <phase_6+156>
如果rcx<=1干脆就不执行内循环了
│
│ 0x5555555558fa <phase_6+145> mov 0x8(%rdx),%rdx │
│ 0x5555555558fe <phase_6+149> add $0x1,%eax │
│ 0x555555555901 <phase_6+152> cmp %ecx,%eax │
│ 0x555555555903 <phase_6+154> jne 0x5555555558fa <phase_6+145>
这是内循环
某个结点的地址(当然是起始位置)加上0x8便是第三栏,即后继结点的地址
│
│ 0x555555555905 <phase_6+156> mov %rdx,0x20(%rsp,%rsi,8) [rsp+8*rsi+0x20] │
│ 0x55555555590a <phase_6+161> add $0x1,%rsi rsi+=1 │
│ 0x55555555590e <phase_6+165> cmp $0x6,%rsi rsi:6
│ 0x555555555912 <phase_6+169> jne 0x5555555558e6 <phase_6+125>
从0x555555559210到0x555555559210有十六个地址,空间16字节 而一个int类型4字节 因此能存4个数 6个node理论来说有24个数
(gdb) x/24 0x555555559210
0x555555559210 <node1>: 0x0000035b 0x00000001 0x55559220 0x00005555
0x555555559220 <node2>: 0x00000134 0x00000002 0x55559230 0x00005555
0x555555559230 <node3>: 0x000000a4 0x00000003 0x55559240 0x00005555
0x555555559240 <node4>: 0x000003aa 0x00000004 0x55559250 0x00005555
0x555555559250 <node5>: 0x000002ef 0x00000005 0x55559110 0x00005555
0x555555559260 <host_table>: 0x55557389 0x00005555 0x555573a3 0x00005555
除去最后一个,好像能看出一些端倪,就是第二列存的是序号,第三列存的是下一个node的地址(当然是删减版)什么是删减版,比如说node2 0x555555559220
但是node1里面是这样记录的 0x55559220 其实不是删减版,这个问题涉及大端小端,看一下第四列,就是把第四列拼接过来了
那顺手看一下node6吧 0x555555559110
(gdb) x/4 0x555555559110
0x555555559110 <node6>: 0x0000018f 0x00000006 0x00000000 0x00000000
node6的下一个指针是0 即NULL
第一列应该是这个结点的数值
<phase_6+125>到 <phase_6+169> 是个大循环且是大循环套小循环
对于外层循环来说 rsi是计数器 从0到6 每次外循环都读取arr[rsi],同时给内层循环rax设初值1
如果rcx<=1干脆就不执行内循环了
对于内层循环来说 rax为循环计数器 每次循环的操作是将指向链表元素的指针rdx指向下一个元素
<phase_6+156> mov %rdx,0x20(%rsp,%rsi,8) 比较难以理解
这个是干什么的呢?0x20=00100000=32
将每次内层循环得到的指针保存起来
整个链表的头指针假设是head arr为我们输入的数组
rsi->i
rax->j
rcx->num
rdx->p
for(i=0;i<6;i++){
num=arr[i]
j=1
node *p=head
if(num==1){
save(p)
continue
}
while(j<num){
p=p->next
j++
}
save(p)
}
这个看起来超级复杂,但实际上就是根据我们输入的数据重新排了一下链表中的元素
mov %rdx,0x20(%rsp,%rsi,8) 重排之后的元素都放到了这里[rsp+0x20+8*i] 里面放了那个元素的地址
[rsp+0x20+8*i]在内存这个区块,存了一系列地址q0,q1...q5
这些地址便是一些结点的起始地址(当然不一定是按那个表中的顺序了)
假设这些地址对应的结点分别为Q0....Q5
对于结点有三项数据{数据,序号,位置}
│
│ 0x555555555914 <phase_6+171> mov 0x20(%rsp),%rbx rbx=Q0的地址 │
│ 0x555555555919 <phase_6+176> mov 0x28(%rsp),%rax rax=Q1的地址 │
│ 0x55555555591e <phase_6+181> mov %rax,0x8(%rbx) Q0的后继=Q1的地址
│
│ 0x555555555922 <phase_6+185> mov 0x30(%rsp),%rdx rdx=Q2的地址 │
│ 0x555555555927 <phase_6+190> mov %rdx,0x8(%rax) Q1的后继=Q2的地址
│
│ 0x55555555592b <phase_6+194> mov 0x38(%rsp),%rax rax=Q3的地址 │
│ 0x555555555930 <phase_6+199> mov %rax,0x8(%rdx) Q2的后继=Q3的地址
│
│ 0x555555555934 <phase_6+203> mov 0x40(%rsp),%rdx rdx=Q4的地址 │
│ 0x555555555939 <phase_6+208> mov %rdx,0x8(%rax) Q3的后继=Q4的地址
│ 0x55555555593d <phase_6+212> mov 0x48(%rsp),%rax rax=Q5的地址 │
│ 0x555555555942 <phase_6+217> mov %rax,0x8(%rdx) Q4的后继=Q5的地址
│
│ 0x555555555946 <phase_6+221> movq $0x0,0x8(%rax) Q5的后继=0
0x20=00100000=32
mov 0x8(%rdx),%rdx 就等效于p=p->next
32/8=4
这里写了这么多,实际上就是将数串联成链表
rbx Q0的地址
│
│ 0x55555555594e <phase_6+229> mov $0x5,%ebp rbp=5 │
│ 0x555555555953 <phase_6+234> jmp 0x55555555595e <phase_6+245>
│
│ 0x555555555955 <phase_6+236> mov 0x8(%rbx),%rbx q=q->next 目前结点往后拨 │
│ 0x555555555959 <phase_6+240> sub $0x1,%ebp rbp-=1 │
│ 0x55555555595c <phase_6+243> je 0x55555555596f <phase_6+262> 如果拨到头了就跳出
│
│ 0x55555555595e <phase_6+245> mov 0x8(%rbx),%rax rax=目前结点的下一个结点(拿地址来表示结点了) │
│ 0x555555555962 <phase_6+249> mov (%rax),%eax eax=目前结点的下一个结点的第一个参数的值
│ 0x555555555964 <phase_6+251> cmp %eax,(%rbx) 目前节点第一个参数:下一个结点的第一个参数 │
│ 0x555555555966 <phase_6+253> jge 0x555555555955 <phase_6+236> 一定要大于等于
│
│ 0x555555555968 <phase_6+255> callq 0x555555555bf3 <explode_bomb>
│
│ 0x55555555596d <phase_6+260> jmp 0x555555555955 <phase_6+236>
从 <phase_6+236>到 <phase_6+253> 是一个循环
比较 前指针指向的元素的值是否大于后指针指向的元素的值,如果不大于等于就完了
v代表结点的值
node *p1=head
node *p2=p1->next
for (i=5;i>0;i++)
if(p1->v < p2->v)bomb
p1=p1->next
p2=p2->next
0x555555559210 <node1>: 0x0000035b 0x00000001 0x55559220 0x00005555
0x555555559220 <node2>: 0x00000134 0x00000002 0x55559230 0x00005555
0x555555559230 <node3>: 0x000000a4 0x00000003 0x55559240 0x00005555
0x555555559240 <node4>: 0x000003aa 0x00000004 0x55559250 0x00005555
0x555555559250 <node5>: 0x000002ef 0x00000005 0x55559110 0x00005555
0x555555559110 <node6>: 0x0000018f 0x00000006 0x00000000 0x00000000
node1 859
node2 308
node3 164
node4 938
node5 751
node6 399
排序后的结果是 4 1 5 6 2 3 这就是答案
│
│ 0x55555555596f <phase_6+262> mov 0x58(%rsp),%rax │
│ 0x555555555974 <phase_6+267> xor %fs:0x28,%rax │
│ 0x55555555597d <phase_6+276> jne 0x55555555598c <phase_6+291> │
│ 0x55555555597f <phase_6+278> add $0x60,%rsp │
│ 0x555555555983 <phase_6+282> pop %rbx │
│ 0x555555555984 <phase_6+283> pop %rbp
│ 0x555555555985 <phase_6+284> pop %r12 │
│ 0x555555555987 <phase_6+286> pop %r13 │
│ 0x555555555989 <phase_6+288> pop %r14 │
│ 0x55555555598b <phase_6+290> retq │
│ 0x55555555598c <phase_6+291> callq 0x555555555220 <__stack_chk_fail@plt>