Hall of Fame

1. Infinity0899,180
2. DropZone10,500
3. t0t08,520
4. ozo7,000
5. abel4,375
6. evilrix4,332
7. jcgriff24,000
8. garycase3,750
9. nobus3,000
10. billprew2,860
11. TheLearn...2,500
11. ikework2,500
11. ravenpl2,500
14. itsmeandn...2,332
15. giltjr2,164
16. woolmilkp...2,150
17. Hypo2,000
17. tliotta2,000
17. vo1d2,000
17. Agarici2,000
17. oBdA2,000
17. Sandra-242,000
17. moorhous...2,000
17. bounsy2,000
17. McKnife2,000
17. noci2,000
17. kaufmed2,000
17. Eladla2,000
17. DefreeCo...2,000
17. mgonullu2,000
17. HooKooD...2,000
17. comegets...2,000
17. sjl19862,000
17. xenacode2,000
17. HalfAsleep2,000
17. climbgunks2,000
17. roman22,000
17. intelfx2,000

1. Infinity08233,426
2. dimitry158,876
3. grg99116,208
4. mzvika56,009
5. BrianGEF...52,043
6. BeyondWu51,715
7. PaulCasw...50,139
8. manish_r...30,623
9. stefan7325,328
10. PeterdLo20,472
11. Dancie17,978
12. ozo16,114
13. mtmike15,779
14. abith13,536
15. billious12,777
16. DeanHorak12,698
17. DropZone11,500
18. joghurt11,070
19. _Katka_10,600
20. craigward...9,570
21. AlexFM9,504
22. evilrix9,332
23. Jase-Co...9,100
24. ravenpl8,980
25. TheLearn...8,875

	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

6.2

buffer overflow bomb

Asked by dminh01 in Assembly Programming Language

Tags: bufbomb

hi there
I have a homework in which I need to enter a string so that the buffer bomb does not exploit and need some help. Here is the disassembly code for the bomb

-bash-3.1$ objdump -d bufbomb

bufbomb: file format elf32-i386

Disassembly of section .init:

080485fc <_init>:
80485fc: 55 push %ebp
80485fd: 89 e5 mov %esp,%ebp
80485ff: 83 ec 08 sub $0x8,%esp
8048602: e8 0d 02 00 00 call 8048814 <call_gmon_start>
8048607: e8 64 02 00 00 call 8048870 <frame_dummy>
804860c: e8 ef 0d 00 00 call 8049400 <__do_global_ctors_aux>
8048611: c9 leave
8048612: c3 ret
Disassembly of section .plt:

08048614 <sprintf@plt-0x10>:
8048614: ff 35 e4 a0 04 08 pushl 0x804a0e4
804861a: ff 25 e8 a0 04 08 jmp *0x804a0e8
8048620: 00 00 add %al,(%eax)
...

08048624 <sprintf@plt>:
8048624: ff 25 ec a0 04 08 jmp *0x804a0ec
804862a: 68 00 00 00 00 push $0x0
804862f: e9 e0 ff ff ff jmp 8048614 <_init+0x18>

08048634 <srand@plt>:
8048634: ff 25 f0 a0 04 08 jmp *0x804a0f0
804863a: 68 08 00 00 00 push $0x8
804863f: e9 d0 ff ff ff jmp 8048614 <_init+0x18>

08048644 <random@plt>:
8048644: ff 25 f4 a0 04 08 jmp *0x804a0f4
804864a: 68 10 00 00 00 push $0x10
804864f: e9 c0 ff ff ff jmp 8048614 <_init+0x18>

08048654 <signal@plt>:
8048654: ff 25 f8 a0 04 08 jmp *0x804a0f8
804865a: 68 18 00 00 00 push $0x18
804865f: e9 b0 ff ff ff jmp 8048614 <_init+0x18>

08048664 <__gmon_start__@plt>:
8048664: ff 25 fc a0 04 08 jmp *0x804a0fc
804866a: 68 20 00 00 00 push $0x20
804866f: e9 a0 ff ff ff jmp 8048614 <_init+0x18>

08048674 <calloc@plt>:
8048674: ff 25 00 a1 04 08 jmp *0x804a100
804867a: 68 28 00 00 00 push $0x28
804867f: e9 90 ff ff ff jmp 8048614 <_init+0x18>

08048684 <system@plt>:
8048684: ff 25 04 a1 04 08 jmp *0x804a104
804868a: 68 30 00 00 00 push $0x30
804868f: e9 80 ff ff ff jmp 8048614 <_init+0x18>

08048694 <memset@plt>:
8048694: ff 25 08 a1 04 08 jmp *0x804a108
804869a: 68 38 00 00 00 push $0x38
804869f: e9 70 ff ff ff jmp 8048614 <_init+0x18>

080486a4 <__libc_start_main@plt>:
80486a4: ff 25 0c a1 04 08 jmp *0x804a10c
80486aa: 68 40 00 00 00 push $0x40
80486af: e9 60 ff ff ff jmp 8048614 <_init+0x18>

080486b4 <_IO_getc@plt>:
80486b4: ff 25 10 a1 04 08 jmp *0x804a110
80486ba: 68 48 00 00 00 push $0x48
80486bf: e9 50 ff ff ff jmp 8048614 <_init+0x18>

080486c4 <__ctype_b_loc@plt>:
80486c4: ff 25 14 a1 04 08 jmp *0x804a114
80486ca: 68 50 00 00 00 push $0x50
80486cf: e9 40 ff ff ff jmp 8048614 <_init+0x18>

080486d4 <fclose@plt>:
80486d4: ff 25 18 a1 04 08 jmp *0x804a118
80486da: 68 58 00 00 00 push $0x58
80486df: e9 30 ff ff ff jmp 8048614 <_init+0x18>

080486e4 <getopt@plt>:
80486e4: ff 25 1c a1 04 08 jmp *0x804a11c
80486ea: 68 60 00 00 00 push $0x60
80486ef: e9 20 ff ff ff jmp 8048614 <_init+0x18>

080486f4 <fopen@plt>:
80486f4: ff 25 20 a1 04 08 jmp *0x804a120
80486fa: 68 68 00 00 00 push $0x68
80486ff: e9 10 ff ff ff jmp 8048614 <_init+0x18>

08048704 <alarm@plt>:
8048704: ff 25 24 a1 04 08 jmp *0x804a124
804870a: 68 70 00 00 00 push $0x70
804870f: e9 00 ff ff ff jmp 8048614 <_init+0x18>

08048714 <strcpy@plt>:
8048714: ff 25 28 a1 04 08 jmp *0x804a128
804871a: 68 78 00 00 00 push $0x78
804871f: e9 f0 fe ff ff jmp 8048614 <_init+0x18>

08048724 <printf@plt>:
8048724: ff 25 2c a1 04 08 jmp *0x804a12c
804872a: 68 80 00 00 00 push $0x80
804872f: e9 e0 fe ff ff jmp 8048614 <_init+0x18>

08048734 <srandom@plt>:
8048734: ff 25 30 a1 04 08 jmp *0x804a130
804873a: 68 88 00 00 00 push $0x88
804873f: e9 d0 fe ff ff jmp 8048614 <_init+0x18>

08048744 <fwrite@plt>:
8048744: ff 25 34 a1 04 08 jmp *0x804a134
804874a: 68 90 00 00 00 push $0x90
804874f: e9 c0 fe ff ff jmp 8048614 <_init+0x18>

08048754 <fprintf@plt>:
8048754: ff 25 38 a1 04 08 jmp *0x804a138
804875a: 68 98 00 00 00 push $0x98
804875f: e9 b0 fe ff ff jmp 8048614 <_init+0x18>

08048764 <remove@plt>:
8048764: ff 25 3c a1 04 08 jmp *0x804a13c
804876a: 68 a0 00 00 00 push $0xa0
804876f: e9 a0 fe ff ff jmp 8048614 <_init+0x18>

08048774 <cuserid@plt>:
8048774: ff 25 40 a1 04 08 jmp *0x804a140
804877a: 68 a8 00 00 00 push $0xa8
804877f: e9 90 fe ff ff jmp 8048614 <_init+0x18>

08048784 <fputc@plt>:
8048784: ff 25 44 a1 04 08 jmp *0x804a144
804878a: 68 b0 00 00 00 push $0xb0
804878f: e9 80 fe ff ff jmp 8048614 <_init+0x18>

08048794 <puts@plt>:
8048794: ff 25 48 a1 04 08 jmp *0x804a148
804879a: 68 b8 00 00 00 push $0xb8
804879f: e9 70 fe ff ff jmp 8048614 <_init+0x18>

080487a4 <rand@plt>:
80487a4: ff 25 4c a1 04 08 jmp *0x804a14c
80487aa: 68 c0 00 00 00 push $0xc0
80487af: e9 60 fe ff ff jmp 8048614 <_init+0x18>

080487b4 <tempnam@plt>:
80487b4: ff 25 50 a1 04 08 jmp *0x804a150
80487ba: 68 c8 00 00 00 push $0xc8
80487bf: e9 50 fe ff ff jmp 8048614 <_init+0x18>

080487c4 <__strdup@plt>:
80487c4: ff 25 54 a1 04 08 jmp *0x804a154
80487ca: 68 d0 00 00 00 push $0xd0
80487cf: e9 40 fe ff ff jmp 8048614 <_init+0x18>

080487d4 <exit@plt>:
80487d4: ff 25 58 a1 04 08 jmp *0x804a158
80487da: 68 d8 00 00 00 push $0xd8
80487df: e9 30 fe ff ff jmp 8048614 <_init+0x18>
Disassembly of section .text:

080487f0 <_start>:
80487f0: 31 ed xor %ebp,%ebp
80487f2: 5e pop %esi
80487f3: 89 e1 mov %esp,%ecx
80487f5: 83 e4 f0 and $0xfffffff0,%esp
80487f8: 50 push %eax
80487f9: 54 push %esp
80487fa: 52 push %edx
80487fb: 68 80 93 04 08 push $0x8049380
8048800: 68 90 93 04 08 push $0x8049390
8048805: 51 push %ecx
8048806: 56 push %esi
8048807: 68 40 90 04 08 push $0x8049040
804880c: e8 93 fe ff ff call 80486a4 <__libc_start_main@plt>
8048811: f4 hlt
8048812: 90 nop
8048813: 90 nop

08048814 <call_gmon_start>:
8048814: 55 push %ebp
8048815: 89 e5 mov %esp,%ebp
8048817: 53 push %ebx
8048818: 83 ec 04 sub $0x4,%esp
804881b: e8 00 00 00 00 call 8048820 <call_gmon_start+0xc>
8048820: 5b pop %ebx
8048821: 81 c3 c0 18 00 00 add $0x18c0,%ebx
8048827: 8b 93 fc ff ff ff mov 0xfffffffc(%ebx),%edx
804882d: 85 d2 test %edx,%edx
804882f: 74 05 je 8048836 <call_gmon_start+0x22>
8048831: e8 2e fe ff ff call 8048664 <__gmon_start__@plt>
8048836: 58 pop %eax
8048837: 5b pop %ebx
8048838: c9 leave
8048839: c3 ret
804883a: 90 nop
804883b: 90 nop
804883c: 90 nop
804883d: 90 nop
804883e: 90 nop
804883f: 90 nop

08048840 <__do_global_dtors_aux>:
8048840: 55 push %ebp
8048841: 89 e5 mov %esp,%ebp
8048843: 83 ec 08 sub $0x8,%esp
8048846: 80 3d 88 a1 04 08 00 cmpb $0x0,0x804a188
804884d: 74 0c je 804885b <__do_global_dtors_aux+0x1b>
804884f: eb 1c jmp 804886d <__do_global_dtors_aux+0x2d>
8048851: 83 c0 04 add $0x4,%eax
8048854: a3 60 a1 04 08 mov %eax,0x804a160
8048859: ff d2 call *%edx
804885b: a1 60 a1 04 08 mov 0x804a160,%eax
8048860: 8b 10 mov (%eax),%edx
8048862: 85 d2 test %edx,%edx
8048864: 75 eb jne 8048851 <__do_global_dtors_aux+0x11>
8048866: c6 05 88 a1 04 08 01 movb $0x1,0x804a188
804886d: c9 leave
804886e: c3 ret
804886f: 90 nop

08048870 <frame_dummy>:
8048870: 55 push %ebp
8048871: 89 e5 mov %esp,%ebp
8048873: 83 ec 08 sub $0x8,%esp
8048876: a1 10 a0 04 08 mov 0x804a010,%eax
804887b: 85 c0 test %eax,%eax
804887d: 74 12 je 8048891 <frame_dummy+0x21>
804887f: b8 00 00 00 00 mov $0x0,%eax
8048884: 85 c0 test %eax,%eax
8048886: 74 09 je 8048891 <frame_dummy+0x21>
8048888: c7 04 24 10 a0 04 08 movl $0x804a010,(%esp)
804888f: ff d0 call *%eax
8048891: c9 leave
8048892: c3 ret
8048893: 90 nop
8048894: 90 nop
8048895: 90 nop
8048896: 90 nop
8048897: 90 nop
8048898: 90 nop
8048899: 90 nop
804889a: 90 nop
804889b: 90 nop
804889c: 90 nop
804889d: 90 nop
804889e: 90 nop
804889f: 90 nop

080488a0 <save_char>:
80488a0: 8b 0d c4 a1 04 08 mov 0x804a1c4,%ecx
80488a6: 55 push %ebp
80488a7: 89 e5 mov %esp,%ebp
80488a9: 53 push %ebx
80488aa: 89 c3 mov %eax,%ebx
80488ac: 81 f9 ff 03 00 00 cmp $0x3ff,%ecx
80488b2: 7f 37 jg 80488eb <save_char+0x4b>
80488b4: c0 f8 04 sar $0x4,%al
80488b7: 83 e0 0f and $0xf,%eax
80488ba: 0f b6 80 e4 99 04 08 movzbl 0x80499e4(%eax),%eax
80488c1: 8d 14 49 lea (%ecx,%ecx,2),%edx
80488c4: c6 82 e2 a1 04 08 20 movb $0x20,0x804a1e2(%edx)
80488cb: 88 82 e0 a1 04 08 mov %al,0x804a1e0(%edx)
80488d1: 89 d8 mov %ebx,%eax
80488d3: 83 e0 0f and $0xf,%eax
80488d6: 0f b6 80 e4 99 04 08 movzbl 0x80499e4(%eax),%eax
80488dd: 88 82 e1 a1 04 08 mov %al,0x804a1e1(%edx)
80488e3: 8d 41 01 lea 0x1(%ecx),%eax
80488e6: a3 c4 a1 04 08 mov %eax,0x804a1c4
80488eb: 5b pop %ebx
80488ec: 5d pop %ebp
80488ed: c3 ret
80488ee: 66 90 xchg %ax,%ax

080488f0 <entry_check>:
80488f0: 55 push %ebp
80488f1: 89 e5 mov %esp,%ebp
80488f3: 8b 45 08 mov 0x8(%ebp),%eax
80488f6: 5d pop %ebp
80488f7: a3 64 a1 04 08 mov %eax,0x804a164
80488fc: c3 ret
80488fd: 8d 76 00 lea 0x0(%esi),%esi

08048900 <illegalhandler>:
8048900: 55 push %ebp
8048901: 89 e5 mov %esp,%ebp
8048903: 83 ec 08 sub $0x8,%esp
8048906: c7 04 24 50 94 04 08 movl $0x8049450,(%esp)
804890d: e8 82 fe ff ff call 8048794 <puts@plt>
8048912: c7 04 24 c4 97 04 08 movl $0x80497c4,(%esp)
8048919: e8 76 fe ff ff call 8048794 <puts@plt>
804891e: c7 04 24 00 00 00 00 movl $0x0,(%esp)
8048925: e8 aa fe ff ff call 80487d4 <exit@plt>
804892a: 8d b6 00 00 00 00 lea 0x0(%esi),%esi

08048930 <alarmhandler>:
8048930: 55 push %ebp
8048931: 89 e5 mov %esp,%ebp
8048933: 83 ec 08 sub $0x8,%esp
8048936: a1 68 a1 04 08 mov 0x804a168,%eax
804893b: c7 04 24 7c 94 04 08 movl $0x804947c,(%esp)
8048942: 89 44 24 04 mov %eax,0x4(%esp)
8048946: e8 d9 fd ff ff call 8048724 <printf@plt>
804894b: c7 04 24 c4 97 04 08 movl $0x80497c4,(%esp)
8048952: e8 3d fe ff ff call 8048794 <puts@plt>
8048957: c7 04 24 00 00 00 00 movl $0x0,(%esp)
804895e: e8 71 fe ff ff call 80487d4 <exit@plt>
8048963: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
8048969: 8d bc 27 00 00 00 00 lea 0x0(%edi),%edi

08048970 <seghandler>:
8048970: 55 push %ebp
8048971: 89 e5 mov %esp,%ebp
8048973: 83 ec 08 sub $0x8,%esp
8048976: c7 04 24 b0 94 04 08 movl $0x80494b0,(%esp)
804897d: e8 12 fe ff ff call 8048794 <puts@plt>
8048982: c7 04 24 c4 97 04 08 movl $0x80497c4,(%esp)
8048989: e8 06 fe ff ff call 8048794 <puts@plt>
804898e: c7 04 24 00 00 00 00 movl $0x0,(%esp)
8048995: e8 3a fe ff ff call 80487d4 <exit@plt>
804899a: 8d b6 00 00 00 00 lea 0x0(%esi),%esi

080489a0 <bushandler>:
80489a0: 55 push %ebp
80489a1: 89 e5 mov %esp,%ebp
80489a3: 83 ec 08 sub $0x8,%esp
80489a6: c7 04 24 d8 94 04 08 movl $0x80494d8,(%esp)
80489ad: e8 e2 fd ff ff call 8048794 <puts@plt>
80489b2: c7 04 24 c4 97 04 08 movl $0x80497c4,(%esp)
80489b9: e8 d6 fd ff ff call 8048794 <puts@plt>
80489be: c7 04 24 00 00 00 00 movl $0x0,(%esp)
80489c5: e8 0a fe ff ff call 80487d4 <exit@plt>
80489ca: 8d b6 00 00 00 00 lea 0x0(%esi),%esi

080489d0 <usage>:
80489d0: 55 push %ebp
80489d1: 89 e5 mov %esp,%ebp
80489d3: 83 ec 08 sub $0x8,%esp
80489d6: 89 44 24 04 mov %eax,0x4(%esp)
80489da: c7 04 24 f8 94 04 08 movl $0x80494f8,(%esp)
80489e1: e8 3e fd ff ff call 8048724 <printf@plt>
80489e6: c7 04 24 da 97 04 08 movl $0x80497da,(%esp)
80489ed: e8 a2 fd ff ff call 8048794 <puts@plt>
80489f2: c7 04 24 f8 97 04 08 movl $0x80497f8,(%esp)
80489f9: e8 96 fd ff ff call 8048794 <puts@plt>
80489fe: c7 04 24 1c 95 04 08 movl $0x804951c,(%esp)
8048a05: e8 8a fd ff ff call 8048794 <puts@plt>
8048a0a: c7 04 24 44 95 04 08 movl $0x8049544,(%esp)
8048a11: e8 7e fd ff ff call 8048794 <puts@plt>
8048a16: c7 04 24 00 00 00 00 movl $0x0,(%esp)
8048a1d: e8 b2 fd ff ff call 80487d4 <exit@plt>
8048a22: 8d b4 26 00 00 00 00 lea 0x0(%esi),%esi
8048a29: 8d bc 27 00 00 00 00 lea 0x0(%edi),%edi

08048a30 <validate>:
8048a30: 55 push %ebp
8048a31: 89 e5 mov %esp,%ebp
8048a33: 81 ec 48 01 00 00 sub $0x148,%esp
8048a39: 8b 0d b4 a1 04 08 mov 0x804a1b4,%ecx
8048a3f: 89 5d f4 mov %ebx,0xfffffff4(%ebp)
8048a42: 8b 5d 08 mov 0x8(%ebp),%ebx
8048a45: 89 75 f8 mov %esi,0xfffffff8(%ebp)
8048a48: 89 7d fc mov %edi,0xfffffffc(%ebp)
8048a4b: 85 c9 test %ecx,%ecx
8048a4d: 0f 84 d8 01 00 00 je 8048c2b <validate+0x1fb>
8048a53: 83 fb 04 cmp $0x4,%ebx
8048a56: 77 58 ja 8048ab0 <validate+0x80>
8048a58: 3b 1d 64 a1 04 08 cmp 0x804a164,%ebx
8048a5e: 74 20 je 8048a80 <validate+0x50>
8048a60: c7 04 24 bc 95 04 08 movl $0x80495bc,(%esp)
8048a67: e8 28 fd ff ff call 8048794 <puts@plt>
8048a6c: 8d 74 26 00 lea 0x0(%esi),%esi
8048a70: 8b 5d f4 mov 0xfffffff4(%ebp),%ebx
8048a73: 8b 75 f8 mov 0xfffffff8(%ebp),%esi
8048a76: 8b 7d fc mov 0xfffffffc(%ebp),%edi
8048a79: 89 ec mov %ebp,%esp
8048a7b: 5d pop %ebp
8048a7c: c3 ret
8048a7d: 8d 76 00 lea 0x0(%esi),%esi
8048a80: 8b 04 9d 6c a1 04 08 mov 0x804a16c(,%ebx,4),%eax
8048a87: c7 05 bc a1 04 08 01 movl $0x1,0x804a1bc
8048a8e: 00 00 00
8048a91: 83 e8 01 sub $0x1,%eax
8048a94: 85 c0 test %eax,%eax
8048a96: 89 04 9d 6c a1 04 08 mov %eax,0x804a16c(,%ebx,4)
8048a9d: 7e 21 jle 8048ac0 <validate+0x90>
8048a9f: c7 04 24 0f 98 04 08 movl $0x804980f,(%esp)
8048aa6: e8 e9 fc ff ff call 8048794 <puts@plt>
8048aab: eb c3 jmp 8048a70 <validate+0x40>
8048aad: 8d 76 00 lea 0x0(%esi),%esi
8048ab0: c7 04 24 94 95 04 08 movl $0x8049594,(%esp)
8048ab7: e8 d8 fc ff ff call 8048794 <puts@plt>
8048abc: eb b2 jmp 8048a70 <validate+0x40>
8048abe: 66 90 xchg %ax,%ax
8048ac0: 8b 15 b8 a1 04 08 mov 0x804a1b8,%edx
8048ac6: 85 d2 test %edx,%edx
8048ac8: 0f 85 7f 01 00 00 jne 8048c4d <validate+0x21d>
8048ace: a1 a4 a1 04 08 mov 0x804a1a4,%eax
8048ad3: 85 c0 test %eax,%eax
8048ad5: 0f 84 61 01 00 00 je 8048c3c <validate+0x20c>
8048adb: c7 44 24 04 20 98 04 movl $0x8049820,0x4(%esp)
8048ae2: 08
8048ae3: c7 04 24 00 00 00 00 movl $0x0,(%esp)
8048aea: e8 c5 fc ff ff call 80487b4 <tempnam@plt>
8048aef: c7 44 24 04 27 98 04 movl $0x8049827,0x4(%esp)
8048af6: 08
8048af7: 89 85 e0 fe ff ff mov %eax,0xfffffee0(%ebp)
8048afd: 89 04 24 mov %eax,(%esp)
8048b00: e8 ef fb ff ff call 80486f4 <fopen@plt>
8048b05: 85 c0 test %eax,%eax
8048b07: 89 c6 mov %eax,%esi
8048b09: 0f 84 76 01 00 00 je 8048c85 <validate+0x255>
8048b0f: 89 44 24 0c mov %eax,0xc(%esp)
8048b13: c7 44 24 08 1b 00 00 movl $0x1b,0x8(%esp)
8048b1a: 00
8048b1b: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp)
8048b22: 00
8048b23: c7 04 24 29 98 04 08 movl $0x8049829,(%esp)
8048b2a: e8 15 fc ff ff call 8048744 <fwrite@plt>
8048b2f: 89 74 24 04 mov %esi,0x4(%esp)
8048b33: c7 04 24 0a 00 00 00 movl $0xa,(%esp)
8048b3a: e8 45 fc ff ff call 8048784 <fputc@plt>
8048b3f: c7 04 24 00 00 00 00 movl $0x0,(%esp)
8048b46: e8 29 fc ff ff call 8048774 <cuserid@plt>
8048b4b: 85 c0 test %eax,%eax
8048b4d: 0f 84 19 01 00 00 je 8048c6c <validate+0x23c>
8048b53: 8d 7d eb lea 0xffffffeb(%ebp),%edi
8048b56: 89 44 24 04 mov %eax,0x4(%esp)
8048b5a: 89 3c 24 mov %edi,(%esp)
8048b5d: e8 b2 fb ff ff call 8048714 <strcpy@plt>
8048b62: 89 7c 24 08 mov %edi,0x8(%esp)
8048b66: c7 44 24 04 45 98 04 movl $0x8049845,0x4(%esp)
8048b6d: 08
8048b6e: 89 34 24 mov %esi,(%esp)
8048b71: e8 de fb ff ff call 8048754 <fprintf@plt>
8048b76: a1 b0 a1 04 08 mov 0x804a1b0,%eax
8048b7b: 89 5c 24 10 mov %ebx,0x10(%esp)
8048b7f: 8d 9d eb fe ff ff lea 0xfffffeeb(%ebp),%ebx
8048b85: c7 44 24 1c 00 00 00 movl $0x0,0x1c(%esp)
8048b8c: 00
8048b8d: c7 44 24 18 e0 a1 04 movl $0x804a1e0,0x18(%esp)
8048b94: 08
8048b95: 89 44 24 14 mov %eax,0x14(%esp)
8048b99: a1 b4 a1 04 08 mov 0x804a1b4,%eax
8048b9e: c7 44 24 08 6f 3b 00 movl $0x3b6f,0x8(%esp)
8048ba5: 00
8048ba6: c7 44 24 04 2c 96 04 movl $0x804962c,0x4(%esp)
8048bad: 08
8048bae: 89 34 24 mov %esi,(%esp)
8048bb1: 89 44 24 0c mov %eax,0xc(%esp)
8048bb5: e8 9a fb ff ff call 8048754 <fprintf@plt>
8048bba: 89 34 24 mov %esi,(%esp)
8048bbd: e8 12 fb ff ff call 80486d4 <fclose@plt>
8048bc2: 8b 85 e0 fe ff ff mov 0xfffffee0(%ebp),%eax
8048bc8: c7 44 24 14 53 98 04 movl $0x8049853,0x14(%esp)
8048bcf: 08
8048bd0: c7 44 24 10 5d 98 04 movl $0x804985d,0x10(%esp)
8048bd7: 08
8048bd8: c7 44 24 0c 63 98 04 movl $0x8049863,0xc(%esp)
8048bdf: 08
8048be0: 89 44 24 08 mov %eax,0x8(%esp)
8048be4: c7 44 24 04 7a 98 04 movl $0x804987a,0x4(%esp)
8048beb: 08
8048bec: 89 1c 24 mov %ebx,(%esp)
8048bef: e8 30 fa ff ff call 8048624 <sprintf@plt>
8048bf4: 89 1c 24 mov %ebx,(%esp)
8048bf7: e8 88 fa ff ff call 8048684 <system@plt>
8048bfc: 85 c0 test %eax,%eax
8048bfe: 75 5e jne 8048c5e <validate+0x22e>
8048c00: c7 04 24 8d 98 04 08 movl $0x804988d,(%esp)
8048c07: e8 88 fb ff ff call 8048794 <puts@plt>
8048c0c: c7 04 24 4c 96 04 08 movl $0x804964c,(%esp)
8048c13: e8 7c fb ff ff call 8048794 <puts@plt>
8048c18: 8b 85 e0 fe ff ff mov 0xfffffee0(%ebp),%eax
8048c1e: 89 04 24 mov %eax,(%esp)
8048c21: e8 3e fb ff ff call 8048764 <remove@plt>
8048c26: e9 45 fe ff ff jmp 8048a70 <validate+0x40>
8048c2b: c7 04 24 68 95 04 08 movl $0x8049568,(%esp)
8048c32: e8 5d fb ff ff call 8048794 <puts@plt>
8048c37: e9 34 fe ff ff jmp 8048a70 <validate+0x40>
8048c3c: c7 04 24 bc 96 04 08 movl $0x80496bc,(%esp)
8048c43: e8 4c fb ff ff call 8048794 <puts@plt>
8048c48: e9 23 fe ff ff jmp 8048a70 <validate+0x40>
8048c4d: c7 04 24 1a 98 04 08 movl $0x804981a,(%esp)
8048c54: e8 3b fb ff ff call 8048794 <puts@plt>
8048c59: e9 12 fe ff ff jmp 8048a70 <validate+0x40>
8048c5e: c7 04 24 7c 96 04 08 movl $0x804967c,(%esp)
8048c65: e8 2a fb ff ff call 8048794 <puts@plt>
8048c6a: eb ac jmp 8048c18 <validate+0x1e8>
8048c6c: 8d 7d eb lea 0xffffffeb(%ebp),%edi
8048c6f: c7 45 eb 6e 6f 62 6f movl $0x6f626f6e,0xffffffeb(%ebp)
8048c76: 66 c7 45 ef 64 79 movw $0x7964,0xffffffef(%ebp)
8048c7c: c6 45 f1 00 movb $0x0,0xfffffff1(%ebp)
8048c80: e9 dd fe ff ff jmp 8048b62 <validate+0x132>
8048c85: c7 04 24 f8 95 04 08 movl $0x80495f8,(%esp)
8048c8c: e8 93 fa ff ff call 8048724 <printf@plt>
8048c91: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048c98: e8 37 fb ff ff call 80487d4 <exit@plt>
8048c9d: 8d 76 00 lea 0x0(%esi),%esi

08048ca0 <bang>:
8048ca0: 55 push %ebp
8048ca1: 89 e5 mov %esp,%ebp
8048ca3: 83 ec 08 sub $0x8,%esp
8048ca6: c7 04 24 02 00 00 00 movl $0x2,(%esp)
8048cad: e8 3e fc ff ff call 80488f0 <entry_check>
8048cb2: a1 c0 a1 04 08 mov 0x804a1c0,%eax
8048cb7: 3b 05 b0 a1 04 08 cmp 0x804a1b0,%eax
8048cbd: 74 21 je 8048ce0 <bang+0x40>
8048cbf: 89 44 24 04 mov %eax,0x4(%esp)
8048cc3: c7 04 24 97 98 04 08 movl $0x8049897,(%esp)
8048cca: e8 55 fa ff ff call 8048724 <printf@plt>
8048ccf: c7 04 24 00 00 00 00 movl $0x0,(%esp)
8048cd6: e8 f9 fa ff ff call 80487d4 <exit@plt>
8048cdb: 90 nop
8048cdc: 8d 74 26 00 lea 0x0(%esi),%esi
8048ce0: 89 44 24 04 mov %eax,0x4(%esp)
8048ce4: c7 04 24 08 97 04 08 movl $0x8049708,(%esp)
8048ceb: e8 34 fa ff ff call 8048724 <printf@plt>
8048cf0: c7 04 24 02 00 00 00 movl $0x2,(%esp)
8048cf7: e8 34 fd ff ff call 8048a30 <validate>
8048cfc: eb d1 jmp 8048ccf <bang+0x2f>
8048cfe: 66 90 xchg %ax,%ax

08048d00 <fizz>:
8048d00: 55 push %ebp
8048d01: 89 e5 mov %esp,%ebp
8048d03: 53 push %ebx
8048d04: 83 ec 14 sub $0x14,%esp
8048d07: 8b 5d 08 mov 0x8(%ebp),%ebx
8048d0a: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048d11: e8 da fb ff ff call 80488f0 <entry_check>
8048d16: 3b 1d b0 a1 04 08 cmp 0x804a1b0,%ebx
8048d1c: 74 22 je 8048d40 <fizz+0x40>
8048d1e: 89 5c 24 04 mov %ebx,0x4(%esp)
8048d22: c7 04 24 30 97 04 08 movl $0x8049730,(%esp)
8048d29: e8 f6 f9 ff ff call 8048724 <printf@plt>
8048d2e: c7 04 24 00 00 00 00 movl $0x0,(%esp)
8048d35: e8 9a fa ff ff call 80487d4 <exit@plt>
8048d3a: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
8048d40: 89 5c 24 04 mov %ebx,0x4(%esp)
8048d44: c7 04 24 b5 98 04 08 movl $0x80498b5,(%esp)
8048d4b: e8 d4 f9 ff ff call 8048724 <printf@plt>
8048d50: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048d57: e8 d4 fc ff ff call 8048a30 <validate>
8048d5c: eb d0 jmp 8048d2e <fizz+0x2e>
8048d5e: 66 90 xchg %ax,%ax

08048d60 <smoke>:
8048d60: 55 push %ebp
8048d61: 89 e5 mov %esp,%ebp
8048d63: 83 ec 08 sub $0x8,%esp
8048d66: c7 04 24 00 00 00 00 movl $0x0,(%esp)
8048d6d: e8 7e fb ff ff call 80488f0 <entry_check>
8048d72: c7 04 24 d3 98 04 08 movl $0x80498d3,(%esp)
8048d79: e8 16 fa ff ff call 8048794 <puts@plt>
8048d7e: c7 04 24 00 00 00 00 movl $0x0,(%esp)
8048d85: e8 a6 fc ff ff call 8048a30 <validate>
8048d8a: c7 04 24 00 00 00 00 movl $0x0,(%esp)
8048d91: e8 3e fa ff ff call 80487d4 <exit@plt>
8048d96: 8d 76 00 lea 0x0(%esi),%esi
8048d99: 8d bc 27 00 00 00 00 lea 0x0(%edi),%edi

08048da0 <Gets>:
8048da0: 55 push %ebp
8048da1: 89 e5 mov %esp,%ebp
8048da3: 57 push %edi
8048da4: 56 push %esi
8048da5: 53 push %ebx
8048da6: 83 ec 0c sub $0xc,%esp
8048da9: 8b 1d ac a1 04 08 mov 0x804a1ac,%ebx
8048daf: c7 05 c4 a1 04 08 00 movl $0x0,0x804a1c4
8048db6: 00 00 00
8048db9: 8b 75 08 mov 0x8(%ebp),%esi
8048dbc: 85 db test %ebx,%ebx
8048dbe: 74 72 je 8048e32 <Gets+0x92>
8048dc0: bf 01 00 00 00 mov $0x1,%edi
8048dc5: c7 45 f0 00 00 00 00 movl $0x0,0xfffffff0(%ebp)
8048dcc: 8d 74 26 00 lea 0x0(%esi),%esi
8048dd0: a1 a0 a1 04 08 mov 0x804a1a0,%eax
8048dd5: 89 04 24 mov %eax,(%esp)
8048dd8: e8 d7 f8 ff ff call 80486b4 <_IO_getc@plt>
8048ddd: 83 f8 ff cmp $0xffffffff,%eax
8048de0: 89 c3 mov %eax,%ebx
8048de2: 74 60 je 8048e44 <Gets+0xa4>
8048de4: 83 f8 0a cmp $0xa,%eax
8048de7: 74 5b je 8048e44 <Gets+0xa4>
8048de9: e8 d6 f8 ff ff call 80486c4 <__ctype_b_loc@plt>
8048dee: 8b 00 mov (%eax),%eax
8048df0: f6 44 58 01 10 testb $0x10,0x1(%eax,%ebx,2)
8048df5: 74 d9 je 8048dd0 <Gets+0x30>
8048df7: 8d 43 d0 lea 0xffffffd0(%ebx),%eax
8048dfa: 83 f8 09 cmp $0x9,%eax
8048dfd: 89 c2 mov %eax,%edx
8048dff: 76 0f jbe 8048e10 <Gets+0x70>
8048e01: 8d 43 bf lea 0xffffffbf(%ebx),%eax
8048e04: 83 f8 05 cmp $0x5,%eax
8048e07: 8d 53 c9 lea 0xffffffc9(%ebx),%edx
8048e0a: 76 04 jbe 8048e10 <Gets+0x70>
8048e0c: 8d 53 a9 lea 0xffffffa9(%ebx),%edx
8048e0f: 90 nop
8048e10: 85 ff test %edi,%edi
8048e12: 74 4c je 8048e60 <Gets+0xc0>
8048e14: 31 ff xor %edi,%edi
8048e16: 89 55 f0 mov %edx,0xfffffff0(%ebp)
8048e19: eb b5 jmp 8048dd0 <Gets+0x30>
8048e1b: 90 nop
8048e1c: 8d 74 26 00 lea 0x0(%esi),%esi
8048e20: 83 f8 0a cmp $0xa,%eax
8048e23: 74 1f je 8048e44 <Gets+0xa4>
8048e25: 88 06 mov %al,(%esi)
8048e27: 0f be c0 movsbl %al,%eax
8048e2a: 83 c6 01 add $0x1,%esi
8048e2d: e8 6e fa ff ff call 80488a0 <save_char>
8048e32: a1 a0 a1 04 08 mov 0x804a1a0,%eax
8048e37: 89 04 24 mov %eax,(%esp)
8048e3a: e8 75 f8 ff ff call 80486b4 <_IO_getc@plt>
8048e3f: 83 f8 ff cmp $0xffffffff,%eax
8048e42: 75 dc jne 8048e20 <Gets+0x80>
8048e44: c6 06 00 movb $0x0,(%esi)
8048e47: a1 c4 a1 04 08 mov 0x804a1c4,%eax
8048e4c: c6 84 40 e0 a1 04 08 movb $0x0,0x804a1e0(%eax,%eax,2)
8048e53: 00
8048e54: 8b 45 08 mov 0x8(%ebp),%eax
8048e57: 83 c4 0c add $0xc,%esp
8048e5a: 5b pop %ebx
8048e5b: 5e pop %esi
8048e5c: 5f pop %edi
8048e5d: 5d pop %ebp
8048e5e: c3 ret
8048e5f: 90 nop
8048e60: 8b 45 f0 mov 0xfffffff0(%ebp),%eax
8048e63: bf 01 00 00 00 mov $0x1,%edi
8048e68: c1 e0 04 shl $0x4,%eax
8048e6b: 8d 04 02 lea (%edx,%eax,1),%eax
8048e6e: 88 06 mov %al,(%esi)
8048e70: 0f be c0 movsbl %al,%eax
8048e73: 83 c6 01 add $0x1,%esi
8048e76: e8 25 fa ff ff call 80488a0 <save_char>
8048e7b: e9 50 ff ff ff jmp 8048dd0 <Gets+0x30>

08048e80 <getbufn>:
8048e80: 55 push %ebp
8048e81: 89 e5 mov %esp,%ebp
8048e83: 81 ec 08 02 00 00 sub $0x208,%esp
8048e89: 8d 85 00 fe ff ff lea 0xfffffe00(%ebp),%eax
8048e8f: 89 04 24 mov %eax,(%esp)
8048e92: e8 09 ff ff ff call 8048da0 <Gets>
8048e97: b8 01 00 00 00 mov $0x1,%eax
8048e9c: c9 leave
8048e9d: c3 ret
8048e9e: 66 90 xchg %ax,%ax

08048ea0 <testn>:
8048ea0: 55 push %ebp
8048ea1: 89 e5 mov %esp,%ebp
8048ea3: 83 ec 18 sub $0x18,%esp
8048ea6: c7 45 fc ef be ad de movl $0xdeadbeef,0xfffffffc(%ebp)
8048ead: c7 04 24 04 00 00 00 movl $0x4,(%esp)
8048eb4: e8 37 fa ff ff call 80488f0 <entry_check>
8048eb9: e8 c2 ff ff ff call 8048e80 <getbufn>
8048ebe: 89 c2 mov %eax,%edx
8048ec0: 8b 45 fc mov 0xfffffffc(%ebp),%eax
8048ec3: 3d ef be ad de cmp $0xdeadbeef,%eax
8048ec8: 74 0e je 8048ed8 <testn+0x38>
8048eca: c7 04 24 50 97 04 08 movl $0x8049750,(%esp)
8048ed1: e8 be f8 ff ff call 8048794 <puts@plt>
8048ed6: c9 leave
8048ed7: c3 ret
8048ed8: 3b 15 b0 a1 04 08 cmp 0x804a1b0,%edx
8048ede: 74 12 je 8048ef2 <testn+0x52>
8048ee0: 89 54 24 04 mov %edx,0x4(%esp)
8048ee4: c7 04 24 ee 98 04 08 movl $0x80498ee,(%esp)
8048eeb: e8 34 f8 ff ff call 8048724 <printf@plt>
8048ef0: c9 leave
8048ef1: c3 ret
8048ef2: 89 54 24 04 mov %edx,0x4(%esp)
8048ef6: c7 04 24 7c 97 04 08 movl $0x804977c,(%esp)
8048efd: e8 22 f8 ff ff call 8048724 <printf@plt>
8048f02: c7 04 24 04 00 00 00 movl $0x4,(%esp)
8048f09: e8 22 fb ff ff call 8048a30 <validate>
8048f0e: c9 leave
8048f0f: c3 ret

08048f10 <getbuf>:
8048f10: 55 push %ebp
8048f11: 89 e5 mov %esp,%ebp
8048f13: 83 ec 18 sub $0x18,%esp
8048f16: 8d 45 f0 lea 0xfffffff0(%ebp),%eax
8048f19: 89 04 24 mov %eax,(%esp)
8048f1c: e8 7f fe ff ff call 8048da0 <Gets>
8048f21: b8 01 00 00 00 mov $0x1,%eax
8048f26: c9 leave
8048f27: c3 ret
8048f28: 90 nop
8048f29: 8d b4 26 00 00 00 00 lea 0x0(%esi),%esi

08048f30 <test>:
8048f30: 55 push %ebp
8048f31: 89 e5 mov %esp,%ebp
8048f33: 83 ec 18 sub $0x18,%esp
8048f36: c7 45 fc ef be ad de movl $0xdeadbeef,0xfffffffc(%ebp)
8048f3d: c7 04 24 03 00 00 00 movl $0x3,(%esp)
8048f44: e8 a7 f9 ff ff call 80488f0 <entry_check>
8048f49: e8 c2 ff ff ff call 8048f10 <getbuf>
8048f4e: 89 c2 mov %eax,%edx
8048f50: 8b 45 fc mov 0xfffffffc(%ebp),%eax
8048f53: 3d ef be ad de cmp $0xdeadbeef,%eax
8048f58: 74 0e je 8048f68 <test+0x38>
8048f5a: c7 04 24 50 97 04 08 movl $0x8049750,(%esp)
8048f61: e8 2e f8 ff ff call 8048794 <puts@plt>
8048f66: c9 leave
8048f67: c3 ret
8048f68: 3b 15 b0 a1 04 08 cmp 0x804a1b0,%edx
8048f6e: 74 12 je 8048f82 <test+0x52>
8048f70: 89 54 24 04 mov %edx,0x4(%esp)
8048f74: c7 04 24 27 99 04 08 movl $0x8049927,(%esp)
8048f7b: e8 a4 f7 ff ff call 8048724 <printf@plt>
8048f80: c9 leave
8048f81: c3 ret
8048f82: 89 54 24 04 mov %edx,0x4(%esp)
8048f86: c7 04 24 0a 99 04 08 movl $0x804990a,(%esp)
8048f8d: e8 92 f7 ff ff call 8048724 <printf@plt>
8048f92: c7 04 24 03 00 00 00 movl $0x3,(%esp)
8048f99: e8 92 fa ff ff call 8048a30 <validate>
8048f9e: c9 leave
8048f9f: c3 ret

08048fa0 <launch>:
8048fa0: 55 push %ebp
8048fa1: 89 e5 mov %esp,%ebp
8048fa3: 53 push %ebx
8048fa4: 89 c3 mov %eax,%ebx
8048fa6: 8d 45 bc lea 0xffffffbc(%ebp),%eax
8048fa9: 83 ec 54 sub $0x54,%esp
8048fac: 25 f8 3f 00 00 and $0x3ff8,%eax
8048fb1: 01 c2 add %eax,%edx
8048fb3: 8d 42 1e lea 0x1e(%edx),%eax
8048fb6: 83 e0 f0 and $0xfffffff0,%eax
8048fb9: 29 c4 sub %eax,%esp
8048fbb: 8d 44 24 1b lea 0x1b(%esp),%eax
8048fbf: 83 e0 f0 and $0xfffffff0,%eax
8048fc2: 89 54 24 08 mov %edx,0x8(%esp)
8048fc6: c7 44 24 04 f4 00 00 movl $0xf4,0x4(%esp)
8048fcd: 00
8048fce: 89 04 24 mov %eax,(%esp)
8048fd1: e8 be f6 ff ff call 8048694 <memset@plt>
8048fd6: a1 a8 a1 04 08 mov 0x804a1a8,%eax
8048fdb: 85 c0 test %eax,%eax
8048fdd: 75 15 jne 8048ff4 <launch+0x54>
8048fdf: a1 ac a1 04 08 mov 0x804a1ac,%eax
8048fe4: 85 c0 test %eax,%eax
8048fe6: 75 40 jne 8049028 <launch+0x88>
8048fe8: c7 04 24 53 99 04 08 movl $0x8049953,(%esp)
8048fef: e8 30 f7 ff ff call 8048724 <printf@plt>
8048ff4: 85 db test %ebx,%ebx
8048ff6: 74 29 je 8049021 <launch+0x81>
8048ff8: e8 a3 fe ff ff call 8048ea0 <testn>
8048ffd: a1 bc a1 04 08 mov 0x804a1bc,%eax
8049002: 85 c0 test %eax,%eax
8049004: 75 16 jne 804901c <launch+0x7c>
8049006: c7 04 24 c4 97 04 08 movl $0x80497c4,(%esp)
804900d: e8 82 f7 ff ff call 8048794 <puts@plt>
8049012: c7 05 bc a1 04 08 00 movl $0x0,0x804a1bc
8049019: 00 00 00
804901c: 8b 5d fc mov 0xfffffffc(%ebp),%ebx
804901f: c9 leave
8049020: c3 ret
8049021: e8 0a ff ff ff call 8048f30 <test>
8049026: eb d5 jmp 8048ffd <launch+0x5d>
8049028: c7 04 24 42 99 04 08 movl $0x8049942,(%esp)
804902f: e8 f0 f6 ff ff call 8048724 <printf@plt>
8049034: eb be jmp 8048ff4 <launch+0x54>
8049036: 8d 76 00 lea 0x0(%esi),%esi
8049039: 8d bc 27 00 00 00 00 lea 0x0(%edi),%edi

08049040 <main>:
8049040: 8d 4c 24 04 lea 0x4(%esp),%ecx
8049044: 83 e4 f0 and $0xfffffff0,%esp
8049047: ff 71 fc pushl 0xfffffffc(%ecx)
804904a: 55 push %ebp
804904b: 89 e5 mov %esp,%ebp
804904d: 57 push %edi
804904e: 56 push %esi
804904f: 53 push %ebx
8049050: 51 push %ecx
8049051: 83 ec 18 sub $0x18,%esp
8049054: 8b 31 mov (%ecx),%esi
8049056: 8b 59 04 mov 0x4(%ecx),%ebx
8049059: c7 44 24 04 70 89 04 movl $0x8048970,0x4(%esp)
8049060: 08
8049061: c7 04 24 0b 00 00 00 movl $0xb,(%esp)
8049068: e8 e7 f5 ff ff call 8048654 <signal@plt>
804906d: c7 44 24 04 a0 89 04 movl $0x80489a0,0x4(%esp)
8049074: 08
8049075: c7 04 24 07 00 00 00 movl $0x7,(%esp)
804907c: e8 d3 f5 ff ff call 8048654 <signal@plt>
8049081: c7 44 24 04 30 89 04 movl $0x8048930,0x4(%esp)
8049088: 08
8049089: c7 04 24 0e 00 00 00 movl $0xe,(%esp)
8049090: e8 bf f5 ff ff call 8048654 <signal@plt>
8049095: c7 44 24 04 00 89 04 movl $0x8048900,0x4(%esp)
804909c: 08
804909d: c7 04 24 04 00 00 00 movl $0x4,(%esp)
80490a4: e8 ab f5 ff ff call 8048654 <signal@plt>
80490a9: a1 80 a1 04 08 mov 0x804a180,%eax
80490ae: c7 45 e8 00 00 00 00 movl $0x0,0xffffffe8(%ebp)
80490b5: c7 45 ec 01 00 00 00 movl $0x1,0xffffffec(%ebp)
80490bc: a3 a0 a1 04 08 mov %eax,0x804a1a0
80490c1: c7 44 24 08 8f 99 04 movl $0x804998f,0x8(%esp)
80490c8: 08
80490c9: 89 5c 24 04 mov %ebx,0x4(%esp)
80490cd: 89 34 24 mov %esi,(%esp)
80490d0: e8 0f f6 ff ff call 80486e4 <getopt@plt>
80490d5: 3c ff cmp $0xff,%al
80490d7: 0f 84 04 01 00 00 je 80491e1 <main+0x1a1>
80490dd: 83 e8 66 sub $0x66,%eax
80490e0: 3c 12 cmp $0x12,%al
80490e2: 77 0c ja 80490f0 <main+0xb0>
80490e4: 0f b6 c0 movzbl %al,%eax
80490e7: ff 24 85 98 99 04 08 jmp *0x8049998(,%eax,4)
80490ee: 66 90 xchg %ax,%ax
80490f0: 8b 03 mov (%ebx),%eax
80490f2: e8 d9 f8 ff ff call 80489d0 <usage>
80490f7: eb c8 jmp 80490c1 <main+0x81>
80490f9: c7 05 b8 a1 04 08 01 movl $0x1,0x804a1b8
8049100: 00 00 00
8049103: c7 05 a8 a1 04 08 01 movl $0x1,0x804a1a8
804910a: 00 00 00
804910d: c7 05 68 a1 04 08 01 movl $0x1,0x804a168
8049114: 00 00 00
8049117: eb a8 jmp 80490c1 <main+0x81>
8049119: c7 44 24 04 78 99 04 movl $0x8049978,0x4(%esp)
8049120: 08
8049121: a1 84 a1 04 08 mov 0x804a184,%eax
8049126: 89 04 24 mov %eax,(%esp)
8049129: e8 c6 f5 ff ff call 80486f4 <fopen@plt>
804912e: 85 c0 test %eax,%eax
8049130: a3 a0 a1 04 08 mov %eax,0x804a1a0
8049135: 75 8a jne 80490c1 <main+0x81>
8049137: a1 84 a1 04 08 mov 0x804a184,%eax
804913c: c7 04 24 7a 99 04 08 movl $0x804997a,(%esp)
8049143: 89 44 24 04 mov %eax,0x4(%esp)
8049147: e8 d8 f5 ff ff call 8048724 <printf@plt>
804914c: 8b 03 mov (%ebx),%eax
804914e: e8 7d f8 ff ff call 80489d0 <usage>
8049153: e9 69 ff ff ff jmp 80490c1 <main+0x81>
8049158: c7 45 e8 01 00 00 00 movl $0x1,0xffffffe8(%ebp)
804915f: c7 45 ec 05 00 00 00 movl $0x5,0xffffffec(%ebp)
8049166: e9 56 ff ff ff jmp 80490c1 <main+0x81>
804916b: c7 05 a8 a1 04 08 01 movl $0x1,0x804a1a8
8049172: 00 00 00
8049175: e9 47 ff ff ff jmp 80490c1 <main+0x81>
804917a: c7 05 a4 a1 04 08 01 movl $0x1,0x804a1a4
8049181: 00 00 00
8049184: e9 38 ff ff ff jmp 80490c1 <main+0x81>
8049189: a1 84 a1 04 08 mov 0x804a184,%eax
804918e: 89 04 24 mov %eax,(%esp)
8049191: e8 2e f6 ff ff call 80487c4 <__strdup@plt>
8049196: a3 b4 a1 04 08 mov %eax,0x804a1b4
804919b: 89 44 24 04 mov %eax,0x4(%esp)
804919f: c7 04 24 60 99 04 08 movl $0x8049960,(%esp)
80491a6: e8 79 f5 ff ff call 8048724 <printf@plt>
80491ab: a1 b4 a1 04 08 mov 0x804a1b4,%eax
80491b0: 89 04 24 mov %eax,(%esp)
80491b3: e8 88 01 00 00 call 8049340 <gencookie>
80491b8: a3 b0 a1 04 08 mov %eax,0x804a1b0
80491bd: 89 44 24 04 mov %eax,0x4(%esp)
80491c1: c7 04 24 6a 99 04 08 movl $0x804996a,(%esp)
80491c8: e8 57 f5 ff ff call 8048724 <printf@plt>
80491cd: e9 ef fe ff ff jmp 80490c1 <main+0x81>
80491d2: c7 05 ac a1 04 08 01 movl $0x1,0x804a1ac
80491d9: 00 00 00
80491dc: e9 e0 fe ff ff jmp 80490c1 <main+0x81>
80491e1: a1 b4 a1 04 08 mov 0x804a1b4,%eax
80491e6: 85 c0 test %eax,%eax
80491e8: 0f 84 d2 00 00 00 je 80492c0 <main+0x280>
80491ee: a1 b0 a1 04 08 mov 0x804a1b0,%eax
80491f3: 89 04 24 mov %eax,(%esp)
80491f6: e8 39 f5 ff ff call 8048734 <srandom@plt>
80491fb: e8 44 f4 ff ff call 8048644 <random@plt>
8049200: 25 f8 0f 00 00 and $0xff8,%eax
8049205: 89 45 e4 mov %eax,0xffffffe4(%ebp)
8049208: c7 44 24 04 04 00 00 movl $0x4,0x4(%esp)
804920f: 00
8049210: 8b 45 ec mov 0xffffffec(%ebp),%eax
8049213: 89 04 24 mov %eax,(%esp)
8049216: e8 59 f4 ff ff call 8048674 <calloc@plt>
804921b: 89 c7 mov %eax,%edi
804921d: 8b 45 ec mov 0xffffffec(%ebp),%eax
8049220: 83 e8 02 sub $0x2,%eax
8049223: 85 c0 test %eax,%eax
8049225: 7e 1e jle 8049245 <main+0x205>
8049227: 8b 55 ec mov 0xffffffec(%ebp),%edx
804922a: bb 01 00 00 00 mov $0x1,%ebx
804922f: 8d 72 ff lea 0xffffffff(%edx),%esi
8049232: e8 0d f4 ff ff call 8048644 <random@plt>
8049237: 83 e0 38 and $0x38,%eax
804923a: 89 44 9f fc mov %eax,0xfffffffc(%edi,%ebx,4)
804923e: 83 c3 01 add $0x1,%ebx
8049241: 39 f3 cmp %esi,%ebx
8049243: 75 ed jne 8049232 <main+0x1f2>
8049245: 83 7d ec 01 cmpl $0x1,0xffffffec(%ebp)
8049249: 7e 49 jle 8049294 <main+0x254>
804924b: 8b 55 ec mov 0xffffffec(%ebp),%edx
804924e: 8d 04 97 lea (%edi,%edx,4),%eax
8049251: c7 40 f8 38 00 00 00 movl $0x38,0xfffffff8(%eax)
8049258: c7 40 fc 00 00 00 00 movl $0x0,0xfffffffc(%eax)
804925f: a1 68 a1 04 08 mov 0x804a168,%eax
8049264: 89 04 24 mov %eax,(%esp)
8049267: e8 98 f4 ff ff call 8048704 <alarm@plt>
804926c: 31 db xor %ebx,%ebx
804926e: 66 90 xchg %ax,%ax
8049270: 8b 55 e4 mov 0xffffffe4(%ebp),%edx
8049273: 8b 45 e8 mov 0xffffffe8(%ebp),%eax
8049276: 03 14 9f add (%edi,%ebx,4),%edx
8049279: 83 c3 01 add $0x1,%ebx
804927c: e8 1f fd ff ff call 8048fa0 <launch>
8049281: 3b 5d ec cmp 0xffffffec(%ebp),%ebx
8049284: 7c ea jl 8049270 <main+0x230>
8049286: 83 c4 18 add $0x18,%esp
8049289: 31 c0 xor %eax,%eax
804928b: 59 pop %ecx
804928c: 5b pop %ebx
804928d: 5e pop %esi
804928e: 5f pop %edi
804928f: 5d pop %ebp
8049290: 8d 61 fc lea 0xfffffffc(%ecx),%esp
8049293: c3 ret
8049294: 8b 45 ec mov 0xffffffec(%ebp),%eax
8049297: c7 44 87 fc 00 00 00 movl $0x0,0xfffffffc(%edi,%eax,4)
804929e: 00
804929f: a1 68 a1 04 08 mov 0x804a168,%eax
80492a4: 89 04 24 mov %eax,(%esp)
80492a7: e8 58 f4 ff ff call 8048704 <alarm@plt>
80492ac: 83 7d ec 01 cmpl $0x1,0xffffffec(%ebp)
80492b0: 74 ba je 804926c <main+0x22c>
80492b2: 83 c4 18 add $0x18,%esp
80492b5: 31 c0 xor %eax,%eax
80492b7: 59 pop %ecx
80492b8: 5b pop %ebx
80492b9: 5e pop %esi
80492ba: 5f pop %edi
80492bb: 5d pop %ebp
80492bc: 8d 61 fc lea 0xfffffffc(%ecx),%esp
80492bf: c3 ret
80492c0: c7 04 24 9c 97 04 08 movl $0x804979c,(%esp)
80492c7: e8 c8 f4 ff ff call 8048794 <puts@plt>
80492cc: 8b 03 mov (%ebx),%eax
80492ce: e8 fd f6 ff ff call 80489d0 <usage>
80492d3: e9 16 ff ff ff jmp 80491ee <main+0x1ae>
80492d8: 90 nop
80492d9: 90 nop
80492da: 90 nop
80492db: 90 nop
80492dc: 90 nop
80492dd: 90 nop
80492de: 90 nop
80492df: 90 nop

080492e0 <hash>:
80492e0: 55 push %ebp
80492e1: 31 c0 xor %eax,%eax
80492e3: 89 e5 mov %esp,%ebp
80492e5: 8b 4d 08 mov 0x8(%ebp),%ecx
80492e8: 0f b6 11 movzbl (%ecx),%edx
80492eb: 84 d2 test %dl,%dl
80492ed: 74 15 je 8049304 <hash+0x24>
80492ef: 90 nop
80492f0: 6b c0 67 imul $0x67,%eax,%eax
80492f3: 0f be d2 movsbl %dl,%edx
80492f6: 8d 04 02 lea (%edx,%eax,1),%eax
80492f9: 0f b6 51 01 movzbl 0x1(%ecx),%edx
80492fd: 83 c1 01 add $0x1,%ecx
8049300: 84 d2 test %dl,%dl
8049302: 75 ec jne 80492f0 <hash+0x10>
8049304: 5d pop %ebp
8049305: c3 ret
8049306: 8d 76 00 lea 0x0(%esi),%esi
8049309: 8d bc 27 00 00 00 00 lea 0x0(%edi),%edi

08049310 <check>:
8049310: 55 push %ebp
8049311: 89 e5 mov %esp,%ebp
8049313: 8b 55 08 mov 0x8(%ebp),%edx
8049316: 89 d0 mov %edx,%eax
8049318: c1 e8 1c shr $0x1c,%eax
804931b: 85 c0 test %eax,%eax
804931d: 74 19 je 8049338 <check+0x28>
804931f: 31 c9 xor %ecx,%ecx
8049321: 89 d0 mov %edx,%eax
8049323: d3 e8 shr %cl,%eax
8049325: 3c 0a cmp $0xa,%al
8049327: 74 0f je 8049338 <check+0x28>
8049329: 83 c1 08 add $0x8,%ecx
804932c: 83 f9 20 cmp $0x20,%ecx
804932f: 75 f0 jne 8049321 <check+0x11>
8049331: 5d pop %ebp
8049332: b8 01 00 00 00 mov $0x1,%eax
8049337: c3 ret
8049338: 5d pop %ebp
8049339: 31 c0 xor %eax,%eax
804933b: c3 ret
804933c: 8d 74 26 00 lea 0x0(%esi),%esi

08049340 <gencookie>:
8049340: 55 push %ebp
8049341: 89 e5 mov %esp,%ebp
8049343: 53 push %ebx
8049344: 83 ec 04 sub $0x4,%esp
8049347: 8b 45 08 mov 0x8(%ebp),%eax
804934a: 89 04 24 mov %eax,(%esp)
804934d: e8 8e ff ff ff call 80492e0 <hash>
8049352: 89 04 24 mov %eax,(%esp)
8049355: e8 da f2 ff ff call 8048634 <srand@plt>
804935a: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
8049360: e8 3f f4 ff ff call 80487a4 <rand@plt>
8049365: 89 c3 mov %eax,%ebx
8049367: 89 04 24 mov %eax,(%esp)
804936a: e8 a1 ff ff ff call 8049310 <check>
804936f: 85 c0 test %eax,%eax
8049371: 74 ed je 8049360 <gencookie+0x20>
8049373: 89 d8 mov %ebx,%eax
8049375: 83 c4 04 add $0x4,%esp
8049378: 5b pop %ebx
8049379: 5d pop %ebp
804937a: c3 ret
804937b: 90 nop
804937c: 90 nop
804937d: 90 nop
804937e: 90 nop
804937f: 90 nop

08049380 <__libc_csu_fini>:
8049380: 55 push %ebp
8049381: 89 e5 mov %esp,%ebp
8049383: 5d pop %ebp
8049384: c3 ret
8049385: 8d 74 26 00 lea 0x0(%esi),%esi
8049389: 8d bc 27 00 00 00 00 lea 0x0(%edi),%edi

08049390 <__libc_csu_init>:
8049390: 55 push %ebp
8049391: 89 e5 mov %esp,%ebp
8049393: 57 push %edi
8049394: 56 push %esi
8049395: 53 push %ebx
8049396: e8 5e 00 00 00 call 80493f9 <__i686.get_pc_thunk.bx>
804939b: 81 c3 45 0d 00 00 add $0xd45,%ebx
80493a1: 83 ec 1c sub $0x1c,%esp
80493a4: e8 53 f2 ff ff call 80485fc <_init>
80493a9: 8d 83 20 ff ff ff lea 0xffffff20(%ebx),%eax
80493af: 89 45 f0 mov %eax,0xfffffff0(%ebp)
80493b2: 8d 83 20 ff ff ff lea 0xffffff20(%ebx),%eax
80493b8: 29 45 f0 sub %eax,0xfffffff0(%ebp)
80493bb: c1 7d f0 02 sarl $0x2,0xfffffff0(%ebp)
80493bf: 8b 55 f0 mov 0xfffffff0(%ebp),%edx
80493c2: 85 d2 test %edx,%edx
80493c4: 74 2b je 80493f1 <__libc_csu_init+0x61>
80493c6: 31 ff xor %edi,%edi
80493c8: 89 c6 mov %eax,%esi
80493ca: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
80493d0: 8b 45 10 mov 0x10(%ebp),%eax
80493d3: 83 c7 01 add $0x1,%edi
80493d6: 89 44 24 08 mov %eax,0x8(%esp)
80493da: 8b 45 0c mov 0xc(%ebp),%eax
80493dd: 89 44 24 04 mov %eax,0x4(%esp)
80493e1: 8b 45 08 mov 0x8(%ebp),%eax
80493e4: 89 04 24 mov %eax,(%esp)
80493e7: ff 16 call *(%esi)
80493e9: 83 c6 04 add $0x4,%esi
80493ec: 39 7d f0 cmp %edi,0xfffffff0(%ebp)
80493ef: 75 df jne 80493d0 <__libc_csu_init+0x40>
80493f1: 83 c4 1c add $0x1c,%esp
80493f4: 5b pop %ebx
80493f5: 5e pop %esi
80493f6: 5f pop %edi
80493f7: 5d pop %ebp
80493f8: c3 ret

080493f9 <__i686.get_pc_thunk.bx>:
80493f9: 8b 1c 24 mov (%esp),%ebx
80493fc: c3 ret
80493fd: 90 nop
80493fe: 90 nop
80493ff: 90 nop

08049400 <__do_global_ctors_aux>:
8049400: 55 push %ebp
8049401: 89 e5 mov %esp,%ebp
8049403: 53 push %ebx
8049404: bb 00 a0 04 08 mov $0x804a000,%ebx
8049409: 83 ec 04 sub $0x4,%esp
804940c: a1 00 a0 04 08 mov 0x804a000,%eax
8049411: 83 f8 ff cmp $0xffffffff,%eax
8049414: 74 0c je 8049422 <__do_global_ctors_aux+0x22>
8049416: 83 eb 04 sub $0x4,%ebx
8049419: ff d0 call *%eax
804941b: 8b 03 mov (%ebx),%eax
804941d: 83 f8 ff cmp $0xffffffff,%eax
8049420: 75 f4 jne 8049416 <__do_global_ctors_aux+0x16>
8049422: 83 c4 04 add $0x4,%esp
8049425: 5b pop %ebx
8049426: 5d pop %ebp
8049427: c3 ret
Disassembly of section .fini:

08049428 <_fini>:
8049428: 55 push %ebp
8049429: 89 e5 mov %esp,%ebp
804942b: 53 push %ebx
804942c: 83 ec 04 sub $0x4,%esp
804942f: e8 00 00 00 00 call 8049434 <_fini+0xc>
8049434: 5b pop %ebx
8049435: 81 c3 ac 0c 00 00 add $0xcac,%ebx
804943b: e8 00 f4 ff ff call 8048840 <__do_global_dtors_aux>
8049440: 59 pop %ecx
8049441: 5b pop %ebx
8049442: c9 leave
8049443: c3 ret
-bash-3.1$

The first level is to get bufbomb to execute the code for smoke when getbuf executes its return statement rather than returning to test by providing a string to overwrite the buffer. I am not very sure what that means and how to do this level. I think by knowing how to do this level I will be able to do other level

Thanks and please help
infinity08?? Where are you

View the Solution FREE for 30 Days

	Title
1	defuse binary bomb
2	Buffer Bomb - Final Phase
3	Buffer Bomb Phase 2

buffer overflow bomb

Asked by dminh01 in Assembly Programming Language

Tags: bufbomb

About this solution