[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1621
  • Last Modified:

Buffer Overflow Bomb Assignment - Final Phase

Hi, I've completed the first 3 stages of a buffer overflow attack assignment, but I'm stuck on the final stage.  

Final Stage:
Our preceding attacks have all caused the program to jump to the code for some other function, which then causes the program to exit. As a result, it was acceptable to use exploit strings that corrupt the stack, overwriting saved values.
The most sophisticated form of buffer overflow attack causes the program to execute some exploit code that changes the program’s register/memory state, but makes the program return to the original calling function (test in this case). The calling function is oblivious to the attack. This style of attack is tricky, though, since you must: 1) get machine code onto the stack, 2) set the return pointer to the start of this code, and 3) undo any corruptions made to the stack state.
Your job for this level is to supply an exploit string that will cause getbuf to return your cookie back to test, rather than the value 1. You can see in the code for test that this will cause the program to go “Boom!.” Your exploit code should set your cookie as the return value, restore any corrupted state, push the correct return location on the stack, and execute a ret instruction to really return to test.
Some Advice:
You can use GDB to get the information you need to construct your exploit string. Set a breakpoint within getbuf and run to this breakpoint. Determine parameters such as the saved return address.
Determining the byte encoding of instruction sequences by hand is tedious and prone to errors. You can let tools do all of the work by writing an assembly code file containing the instructions and data you want to put on the stack. Assemble this file with GCC and disassemble it with OBJDUMP. You should be able to get the exact byte sequence that you will type at the prompt. (A brief example of how to do this is included at the end of this writeup.)
Keep in mind that your exploit string depends on your machine, your compiler, and even your userid’s cookie. Do all of your work on the machines assigned by your instructor, and make sure you include the proper userid on the command line to BUFBOMB.
Once you complete this level, pause to reflect on what you have accomplished. You caused a program to execute machine code of your own design. You have done so in a sufficiently stealthy way that the program did not realize that anything was amiss.

Here's the disassembled code:
bufbomb:     file format elf32-i386

Disassembly of section .init:

080486bc <_init>:
 80486bc:       55                      push   %ebp
 80486bd:       89 e5                   mov    %esp,%ebp
 80486bf:       83 ec 08                sub    $0x8,%esp
 80486c2:       e8 6d 02 00 00          call   8048934 <call_gmon_start>
 80486c7:       e8 f4 02 00 00          call   80489c0 <frame_dummy>
 80486cc:       e8 8f 18 00 00          call   8049f60 <__do_global_ctors_aux>
 80486d1:       c9                      leave  
 80486d2:       c3                      ret    
Disassembly of section .plt:

080486d4 <__errno_location@plt-0x10>:
 80486d4:       ff 35 e4 b0 04 08       pushl  0x804b0e4
 80486da:       ff 25 e8 b0 04 08       jmp    *0x804b0e8
 80486e0:       00 00                   add    %al,(%eax)
        ...

080486e4 <__errno_location@plt>:
 80486e4:       ff 25 ec b0 04 08       jmp    *0x804b0ec
 80486ea:       68 00 00 00 00          push   $0x0
 80486ef:       e9 e0 ff ff ff          jmp    80486d4 <_init+0x18>

080486f4 <sprintf@plt>:
 80486f4:       ff 25 f0 b0 04 08       jmp    *0x804b0f0
 80486fa:       68 08 00 00 00          push   $0x8
 80486ff:       e9 d0 ff ff ff          jmp    80486d4 <_init+0x18>

08048704 <srand@plt>:
 8048704:       ff 25 f4 b0 04 08       jmp    *0x804b0f4
 804870a:       68 10 00 00 00          push   $0x10
 804870f:       e9 c0 ff ff ff          jmp    80486d4 <_init+0x18>

08048714 <connect@plt>:
 8048714:       ff 25 f8 b0 04 08       jmp    *0x804b0f8
 804871a:       68 18 00 00 00          push   $0x18
 804871f:       e9 b0 ff ff ff          jmp    80486d4 <_init+0x18>

08048724 <mmap@plt>:
 8048724:       ff 25 fc b0 04 08       jmp    *0x804b0fc
 804872a:       68 20 00 00 00          push   $0x20
 804872f:       e9 a0 ff ff ff          jmp    80486d4 <_init+0x18>

08048734 <random@plt>:
 8048734:       ff 25 00 b1 04 08       jmp    *0x804b100
 804873a:       68 28 00 00 00          push   $0x28
 804873f:       e9 90 ff ff ff          jmp    80486d4 <_init+0x18>

08048744 <signal@plt>:
 8048744:       ff 25 04 b1 04 08       jmp    *0x804b104
 804874a:       68 30 00 00 00          push   $0x30
 804874f:       e9 80 ff ff ff          jmp    80486d4 <_init+0x18>

08048754 <__gmon_start__@plt>:
 8048754:       ff 25 08 b1 04 08       jmp    *0x804b108
 804875a:       68 38 00 00 00          push   $0x38
 804875f:       e9 70 ff ff ff          jmp    80486d4 <_init+0x18>

08048764 <calloc@plt>:
 8048764:       ff 25 0c b1 04 08       jmp    *0x804b10c
 804876a:       68 40 00 00 00          push   $0x40
 804876f:       e9 60 ff ff ff          jmp    80486d4 <_init+0x18>

08048774 <write@plt>:
 8048774:       ff 25 10 b1 04 08       jmp    *0x804b110
 804877a:       68 48 00 00 00          push   $0x48
 804877f:       e9 50 ff ff ff          jmp    80486d4 <_init+0x18>

08048784 <memset@plt>:
 8048784:       ff 25 14 b1 04 08       jmp    *0x804b114
 804878a:       68 50 00 00 00          push   $0x50
 804878f:       e9 40 ff ff ff          jmp    80486d4 <_init+0x18>

08048794 <__libc_start_main@plt>:
 8048794:       ff 25 18 b1 04 08       jmp    *0x804b118
 804879a:       68 58 00 00 00          push   $0x58
 804879f:       e9 30 ff ff ff          jmp    80486d4 <_init+0x18>

080487a4 <_IO_getc@plt>:
 80487a4:       ff 25 1c b1 04 08       jmp    *0x804b11c
 80487aa:       68 60 00 00 00          push   $0x60
 80487af:       e9 20 ff ff ff          jmp    80486d4 <_init+0x18>

080487b4 <read@plt>:
 80487b4:       ff 25 20 b1 04 08       jmp    *0x804b120
 80487ba:       68 68 00 00 00          push   $0x68
 80487bf:       e9 10 ff ff ff          jmp    80486d4 <_init+0x18>

080487c4 <socket@plt>:
 80487c4:       ff 25 24 b1 04 08       jmp    *0x804b124
 80487ca:       68 70 00 00 00          push   $0x70
 80487cf:       e9 00 ff ff ff          jmp    80486d4 <_init+0x18>

080487d4 <bcopy@plt>:
 80487d4:       ff 25 28 b1 04 08       jmp    *0x804b128
 80487da:       68 78 00 00 00          push   $0x78
 80487df:       e9 f0 fe ff ff          jmp    80486d4 <_init+0x18>

080487e4 <getopt@plt>:
 80487e4:       ff 25 2c b1 04 08       jmp    *0x804b12c
 80487ea:       68 80 00 00 00          push   $0x80
 80487ef:       e9 e0 fe ff ff          jmp    80486d4 <_init+0x18>

080487f4 <memcpy@plt>:
 80487f4:       ff 25 30 b1 04 08       jmp    *0x804b130
 80487fa:       68 88 00 00 00          push   $0x88
 80487ff:       e9 d0 fe ff ff          jmp    80486d4 <_init+0x18>

08048804 <alarm@plt>:
 8048804:       ff 25 34 b1 04 08       jmp    *0x804b134
 804880a:       68 90 00 00 00          push   $0x90
 804880f:       e9 c0 fe ff ff          jmp    80486d4 <_init+0x18>

08048814 <strcpy@plt>:
 8048814:       ff 25 38 b1 04 08       jmp    *0x804b138
 804881a:       68 98 00 00 00          push   $0x98
 804881f:       e9 b0 fe ff ff          jmp    80486d4 <_init+0x18>

08048824 <printf@plt>:
 8048824:       ff 25 3c b1 04 08       jmp    *0x804b13c
 804882a:       68 a0 00 00 00          push   $0xa0
 804882f:       e9 a0 fe ff ff          jmp    80486d4 <_init+0x18>

08048834 <strcasecmp@plt>:
 8048834:       ff 25 40 b1 04 08       jmp    *0x804b140
 804883a:       68 a8 00 00 00          push   $0xa8
 804883f:       e9 90 fe ff ff          jmp    80486d4 <_init+0x18>

08048844 <srandom@plt>:
 8048844:       ff 25 44 b1 04 08       jmp    *0x804b144
 804884a:       68 b0 00 00 00          push   $0xb0
 804884f:       e9 80 fe ff ff          jmp    80486d4 <_init+0x18>

08048854 <close@plt>:
 8048854:       ff 25 48 b1 04 08       jmp    *0x804b148
 804885a:       68 b8 00 00 00          push   $0xb8
 804885f:       e9 70 fe ff ff          jmp    80486d4 <_init+0x18>

08048864 <fwrite@plt>:
 8048864:       ff 25 4c b1 04 08       jmp    *0x804b14c
 804886a:       68 c0 00 00 00          push   $0xc0
 804886f:       e9 60 fe ff ff          jmp    80486d4 <_init+0x18>

08048874 <fprintf@plt>:
 8048874:       ff 25 50 b1 04 08       jmp    *0x804b150
 804887a:       68 c8 00 00 00          push   $0xc8
 804887f:       e9 50 fe ff ff          jmp    80486d4 <_init+0x18>

08048884 <gethostname@plt>:
 8048884:       ff 25 54 b1 04 08       jmp    *0x804b154
 804888a:       68 d0 00 00 00          push   $0xd0
 804888f:       e9 40 fe ff ff          jmp    80486d4 <_init+0x18>

08048894 <puts@plt>:
 8048894:       ff 25 58 b1 04 08       jmp    *0x804b158
 804889a:       68 d8 00 00 00          push   $0xd8
 804889f:       e9 30 fe ff ff          jmp    80486d4 <_init+0x18>

080488a4 <rand@plt>:
 80488a4:       ff 25 5c b1 04 08       jmp    *0x804b15c
 80488aa:       68 e0 00 00 00          push   $0xe0
 80488af:       e9 20 fe ff ff          jmp    80486d4 <_init+0x18>

080488b4 <sscanf@plt>:
 80488b4:       ff 25 60 b1 04 08       jmp    *0x804b160
 80488ba:       68 e8 00 00 00          push   $0xe8
 80488bf:       e9 10 fe ff ff          jmp    80486d4 <_init+0x18>

080488c4 <munmap@plt>:
 80488c4:       ff 25 64 b1 04 08       jmp    *0x804b164
 80488ca:       68 f0 00 00 00          push   $0xf0
 80488cf:       e9 00 fe ff ff          jmp    80486d4 <_init+0x18>

080488d4 <gethostbyname@plt>:
 80488d4:       ff 25 68 b1 04 08       jmp    *0x804b168
 80488da:       68 f8 00 00 00          push   $0xf8
 80488df:       e9 f0 fd ff ff          jmp    80486d4 <_init+0x18>

080488e4 <__strdup@plt>:
 80488e4:       ff 25 6c b1 04 08       jmp    *0x804b16c
 80488ea:       68 00 01 00 00          push   $0x100
 80488ef:       e9 e0 fd ff ff          jmp    80486d4 <_init+0x18>

080488f4 <exit@plt>:
 80488f4:       ff 25 70 b1 04 08       jmp    *0x804b170
 80488fa:       68 08 01 00 00          push   $0x108
 80488ff:       e9 d0 fd ff ff          jmp    80486d4 <_init+0x18>
Disassembly of section .text:

08048910 <_start>:
 8048910:       31 ed                   xor    %ebp,%ebp
 8048912:       5e                      pop    %esi
 8048913:       89 e1                   mov    %esp,%ecx
 8048915:       83 e4 f0                and    $0xfffffff0,%esp
 8048918:       50                      push   %eax
 8048919:       54                      push   %esp
 804891a:       52                      push   %edx
 804891b:       68 e0 9e 04 08          push   $0x8049ee0
 8048920:       68 f0 9e 04 08          push   $0x8049ef0
 8048925:       51                      push   %ecx
 8048926:       56                      push   %esi
 8048927:       68 95 8d 04 08          push   $0x8048d95
 804892c:       e8 63 fe ff ff          call   8048794 <__libc_start_main@plt>
 8048931:       f4                      hlt    
 8048932:       90                      nop    
 8048933:       90                      nop    

08048934 <call_gmon_start>:
 8048934:       55                      push   %ebp
 8048935:       89 e5                   mov    %esp,%ebp
 8048937:       53                      push   %ebx
 8048938:       83 ec 04                sub    $0x4,%esp
 804893b:       e8 00 00 00 00          call   8048940 <call_gmon_start+0xc>
 8048940:       5b                      pop    %ebx
 8048941:       81 c3 a0 27 00 00       add    $0x27a0,%ebx
 8048947:       8b 93 fc ff ff ff       mov    0xfffffffc(%ebx),%edx
 804894d:       85 d2                   test   %edx,%edx
 804894f:       74 05                   je     8048956 <call_gmon_start+0x22>
 8048951:       e8 fe fd ff ff          call   8048754 <__gmon_start__@plt>
 8048956:       58                      pop    %eax
 8048957:       5b                      pop    %ebx
 8048958:       c9                      leave  
 8048959:       c3                      ret    
 804895a:       90                      nop    
 804895b:       90                      nop    
 804895c:       90                      nop    
 804895d:       90                      nop    
 804895e:       90                      nop    
 804895f:       90                      nop    

08048960 <__do_global_dtors_aux>:
 8048960:       55                      push   %ebp
 8048961:       89 e5                   mov    %esp,%ebp
 8048963:       53                      push   %ebx
 8048964:       83 ec 04                sub    $0x4,%esp
 8048967:       80 3d d0 c1 04 08 00    cmpb   $0x0,0x804c1d0
 804896e:       75 3f                   jne    80489af <__do_global_dtors_aux+0x4f>
 8048970:       b8 0c b0 04 08          mov    $0x804b00c,%eax
 8048975:       2d 08 b0 04 08          sub    $0x804b008,%eax
 804897a:       c1 f8 02                sar    $0x2,%eax
 804897d:       8d 58 ff                lea    0xffffffff(%eax),%ebx
 8048980:       a1 cc c1 04 08          mov    0x804c1cc,%eax
 8048985:       39 c3                   cmp    %eax,%ebx
 8048987:       76 1f                   jbe    80489a8 <__do_global_dtors_aux+0x48>
 8048989:       8d b4 26 00 00 00 00    lea    0x0(%esi),%esi
 8048990:       83 c0 01                add    $0x1,%eax
 8048993:       a3 cc c1 04 08          mov    %eax,0x804c1cc
 8048998:       ff 14 85 08 b0 04 08    call   *0x804b008(,%eax,4)
 804899f:       a1 cc c1 04 08          mov    0x804c1cc,%eax
 80489a4:       39 c3                   cmp    %eax,%ebx
 80489a6:       77 e8                   ja     8048990 <__do_global_dtors_aux+0x30>
 80489a8:       c6 05 d0 c1 04 08 01    movb   $0x1,0x804c1d0
 80489af:       83 c4 04                add    $0x4,%esp
 80489b2:       5b                      pop    %ebx
 80489b3:       5d                      pop    %ebp
 80489b4:       c3                      ret    
 80489b5:       8d 74 26 00             lea    0x0(%esi),%esi
 80489b9:       8d bc 27 00 00 00 00    lea    0x0(%edi),%edi

080489c0 <frame_dummy>:
 80489c0:       55                      push   %ebp
 80489c1:       89 e5                   mov    %esp,%ebp
 80489c3:       83 ec 08                sub    $0x8,%esp
 80489c6:       a1 10 b0 04 08          mov    0x804b010,%eax
 80489cb:       85 c0                   test   %eax,%eax
 80489cd:       74 12                   je     80489e1 <frame_dummy+0x21>
 80489cf:       b8 00 00 00 00          mov    $0x0,%eax
 80489d4:       85 c0                   test   %eax,%eax
 80489d6:       74 09                   je     80489e1 <frame_dummy+0x21>
 80489d8:       c7 04 24 10 b0 04 08    movl   $0x804b010,(%esp)
 80489df:       ff d0                   call   *%eax
 80489e1:       c9                      leave  
 80489e2:       c3                      ret    
 80489e3:       90                      nop    
 80489e4:       90                      nop    
 80489e5:       90                      nop    
 80489e6:       90                      nop    
 80489e7:       90                      nop    
 80489e8:       90                      nop    
 80489e9:       90                      nop    
 80489ea:       90                      nop    
 80489eb:       90                      nop    
 80489ec:       90                      nop    
 80489ed:       90                      nop    
 80489ee:       90                      nop    
 80489ef:       90                      nop    

080489f0 <illegalhandler>:
 80489f0:       55                      push   %ebp
 80489f1:       89 e5                   mov    %esp,%ebp
 80489f3:       83 ec 08                sub    $0x8,%esp
 80489f6:       c7 04 24 b0 9f 04 08    movl   $0x8049fb0,(%esp)
 80489fd:       e8 92 fe ff ff          call   8048894 <puts@plt>
 8048a02:       c7 04 24 90 a1 04 08    movl   $0x804a190,(%esp)
 8048a09:       e8 86 fe ff ff          call   8048894 <puts@plt>
 8048a0e:       c7 04 24 00 00 00 00    movl   $0x0,(%esp)
 8048a15:       e8 da fe ff ff          call   80488f4 <exit@plt>

08048a1a <seghandler>:
 8048a1a:       55                      push   %ebp
 8048a1b:       89 e5                   mov    %esp,%ebp
 8048a1d:       83 ec 08                sub    $0x8,%esp
 8048a20:       c7 04 24 dc 9f 04 08    movl   $0x8049fdc,(%esp)
 8048a27:       e8 68 fe ff ff          call   8048894 <puts@plt>
 8048a2c:       c7 04 24 90 a1 04 08    movl   $0x804a190,(%esp)
 8048a33:       e8 5c fe ff ff          call   8048894 <puts@plt>
 8048a38:       c7 04 24 00 00 00 00    movl   $0x0,(%esp)
 8048a3f:       e8 b0 fe ff ff          call   80488f4 <exit@plt>

08048a44 <bushandler>:
 8048a44:       55                      push   %ebp
 8048a45:       89 e5                   mov    %esp,%ebp
 8048a47:       83 ec 08                sub    $0x8,%esp
 8048a4a:       c7 04 24 04 a0 04 08    movl   $0x804a004,(%esp)
 8048a51:       e8 3e fe ff ff          call   8048894 <puts@plt>
 8048a56:       c7 04 24 90 a1 04 08    movl   $0x804a190,(%esp)
 8048a5d:       e8 32 fe ff ff          call   8048894 <puts@plt>
 8048a62:       c7 04 24 00 00 00 00    movl   $0x0,(%esp)
 8048a69:       e8 86 fe ff ff          call   80488f4 <exit@plt>

08048a6e <usage>:
 8048a6e:       55                      push   %ebp
 8048a6f:       89 e5                   mov    %esp,%ebp
 8048a71:       83 ec 08                sub    $0x8,%esp
 8048a74:       89 44 24 04             mov    %eax,0x4(%esp)
 8048a78:       c7 04 24 a6 a1 04 08    movl   $0x804a1a6,(%esp)
 8048a7f:       e8 a0 fd ff ff          call   8048824 <printf@plt>
 8048a84:       c7 04 24 c4 a1 04 08    movl   $0x804a1c4,(%esp)
 8048a8b:       e8 04 fe ff ff          call   8048894 <puts@plt>
 8048a90:       c7 04 24 da a1 04 08    movl   $0x804a1da,(%esp)
 8048a97:       e8 f8 fd ff ff          call   8048894 <puts@plt>
 8048a9c:       c7 04 24 24 a0 04 08    movl   $0x804a024,(%esp)
 8048aa3:       e8 ec fd ff ff          call   8048894 <puts@plt>
 8048aa8:       c7 04 24 60 a0 04 08    movl   $0x804a060,(%esp)
 8048aaf:       e8 e0 fd ff ff          call   8048894 <puts@plt>
 8048ab4:       c7 04 24 00 00 00 00    movl   $0x0,(%esp)
 8048abb:       e8 34 fe ff ff          call   80488f4 <exit@plt>

08048ac0 <Gets>:
 8048ac0:       55                      push   %ebp
 8048ac1:       89 e5                   mov    %esp,%ebp
 8048ac3:       57                      push   %edi
 8048ac4:       56                      push   %esi
 8048ac5:       53                      push   %ebx
 8048ac6:       83 ec 0c                sub    $0xc,%esp
 8048ac9:       8b 7d 08                mov    0x8(%ebp),%edi
 8048acc:       c7 05 ec c1 04 08 00    movl   $0x0,0x804c1ec
 8048ad3:       00 00 00 
 8048ad6:       89 fe                   mov    %edi,%esi
 8048ad8:       eb 4a                   jmp    8048b24 <Gets+0x64>
 8048ada:       89 c2                   mov    %eax,%edx
 8048adc:       88 06                   mov    %al,(%esi)
 8048ade:       8b 1d ec c1 04 08       mov    0x804c1ec,%ebx
 8048ae4:       81 fb ff 03 00 00       cmp    $0x3ff,%ebx
 8048aea:       7f 35                   jg     8048b21 <Gets+0x61>
 8048aec:       8d 0c 5b                lea    (%ebx,%ebx,2),%ecx
 8048aef:       c0 f8 04                sar    $0x4,%al
 8048af2:       83 e0 0f                and    $0xf,%eax
 8048af5:       0f b6 80 cb a2 04 08    movzbl 0x804a2cb(%eax),%eax
 8048afc:       88 81 00 c2 04 08       mov    %al,0x804c200(%ecx)
 8048b02:       83 e2 0f                and    $0xf,%edx
 8048b05:       0f b6 82 cb a2 04 08    movzbl 0x804a2cb(%edx),%eax
 8048b0c:       88 81 01 c2 04 08       mov    %al,0x804c201(%ecx)
 8048b12:       c6 81 02 c2 04 08 20    movb   $0x20,0x804c202(%ecx)
 8048b19:       8d 43 01                lea    0x1(%ebx),%eax
 8048b1c:       a3 ec c1 04 08          mov    %eax,0x804c1ec
 8048b21:       83 c6 01                add    $0x1,%esi
 8048b24:       a1 dc c1 04 08          mov    0x804c1dc,%eax
 8048b29:       89 04 24                mov    %eax,(%esp)
 8048b2c:       e8 73 fc ff ff          call   80487a4 <_IO_getc@plt>
 8048b31:       83 f8 ff                cmp    $0xffffffff,%eax
 8048b34:       74 05                   je     8048b3b <Gets+0x7b>
 8048b36:       83 f8 0a                cmp    $0xa,%eax
 8048b39:       75 9f                   jne    8048ada <Gets+0x1a>
 8048b3b:       c6 06 00                movb   $0x0,(%esi)
 8048b3e:       a1 ec c1 04 08          mov    0x804c1ec,%eax
 8048b43:       c6 84 40 00 c2 04 08    movb   $0x0,0x804c200(%eax,%eax,2)
 8048b4a:       00 
 8048b4b:       89 f8                   mov    %edi,%eax
 8048b4d:       83 c4 0c                add    $0xc,%esp
 8048b50:       5b                      pop    %ebx
 8048b51:       5e                      pop    %esi
 8048b52:       5f                      pop    %edi
 8048b53:       5d                      pop    %ebp
 8048b54:       c3                      ret    

08048b55 <getbufn>:
 8048b55:       55                      push   %ebp
 8048b56:       89 e5                   mov    %esp,%ebp
 8048b58:       81 ec 08 02 00 00       sub    $0x208,%esp
 8048b5e:       8d 85 00 fe ff ff       lea    0xfffffe00(%ebp),%eax
 8048b64:       89 04 24                mov    %eax,(%esp)
 8048b67:       e8 54 ff ff ff          call   8048ac0 <Gets>
 8048b6c:       b8 01 00 00 00          mov    $0x1,%eax
 8048b71:       c9                      leave  
 8048b72:       c3                      ret    

08048b73 <getbuf>:
 8048b73:       55                      push   %ebp
 8048b74:       89 e5                   mov    %esp,%ebp
 8048b76:       83 ec 28                sub    $0x28,%esp
 8048b79:       8d 45 e0                lea    0xffffffe0(%ebp),%eax
 8048b7c:       89 04 24                mov    %eax,(%esp)
 8048b7f:       e8 3c ff ff ff          call   8048ac0 <Gets>
 8048b84:       b8 01 00 00 00          mov    $0x1,%eax
 8048b89:       c9                      leave  
 8048b8a:       c3                      ret    

08048b8b <testn>:
 8048b8b:       55                      push   %ebp
 8048b8c:       89 e5                   mov    %esp,%ebp
 8048b8e:       83 ec 18                sub    $0x18,%esp
 8048b91:       c7 45 fc ef be ad de    movl   $0xdeadbeef,0xfffffffc(%ebp)
 8048b98:       e8 b8 ff ff ff          call   8048b55 <getbufn>
 8048b9d:       89 c2                   mov    %eax,%edx
 8048b9f:       8b 45 fc                mov    0xfffffffc(%ebp),%eax
 8048ba2:       3d ef be ad de          cmp    $0xdeadbeef,%eax
 8048ba7:       74 0e                   je     8048bb7 <testn+0x2c>
 8048ba9:       c7 04 24 88 a0 04 08    movl   $0x804a088,(%esp)
 8048bb0:       e8 df fc ff ff          call   8048894 <puts@plt>
 8048bb5:       eb 36                   jmp    8048bed <testn+0x62>
 8048bb7:       3b 15 e0 c1 04 08       cmp    0x804c1e0,%edx
 8048bbd:       75 1e                   jne    8048bdd <testn+0x52>
 8048bbf:       89 54 24 04             mov    %edx,0x4(%esp)
 8048bc3:       c7 04 24 b4 a0 04 08    movl   $0x804a0b4,(%esp)
 8048bca:       e8 55 fc ff ff          call   8048824 <printf@plt>
 8048bcf:       c7 04 24 04 00 00 00    movl   $0x4,(%esp)
 8048bd6:       e8 85 04 00 00          call   8049060 <validate>
 8048bdb:       eb 10                   jmp    8048bed <testn+0x62>
 8048bdd:       89 54 24 04             mov    %edx,0x4(%esp)
 8048be1:       c7 04 24 f3 a1 04 08    movl   $0x804a1f3,(%esp)
 8048be8:       e8 37 fc ff ff          call   8048824 <printf@plt>
 8048bed:       c9                      leave  
 8048bee:       c3                      ret    

08048bef <test>:
 8048bef:       55                      push   %ebp
 8048bf0:       89 e5                   mov    %esp,%ebp
 8048bf2:       83 ec 18                sub    $0x18,%esp
 8048bf5:       c7 45 fc ef be ad de    movl   $0xdeadbeef,0xfffffffc(%ebp)
 8048bfc:       e8 72 ff ff ff          call   8048b73 <getbuf>
 8048c01:       89 c2                   mov    %eax,%edx
 8048c03:       8b 45 fc                mov    0xfffffffc(%ebp),%eax
 8048c06:       3d ef be ad de          cmp    $0xdeadbeef,%eax
 8048c0b:       74 0e                   je     8048c1b <test+0x2c>
 8048c0d:       c7 04 24 88 a0 04 08    movl   $0x804a088,(%esp)
 8048c14:       e8 7b fc ff ff          call   8048894 <puts@plt>
 8048c19:       eb 36                   jmp    8048c51 <test+0x62>
 8048c1b:       3b 15 e0 c1 04 08       cmp    0x804c1e0,%edx
 8048c21:       75 1e                   jne    8048c41 <test+0x52>
 8048c23:       89 54 24 04             mov    %edx,0x4(%esp)
 8048c27:       c7 04 24 0f a2 04 08    movl   $0x804a20f,(%esp)
 8048c2e:       e8 f1 fb ff ff          call   8048824 <printf@plt>
 8048c33:       c7 04 24 03 00 00 00    movl   $0x3,(%esp)
 8048c3a:       e8 21 04 00 00          call   8049060 <validate>
 8048c3f:       eb 10                   jmp    8048c51 <test+0x62>
 8048c41:       89 54 24 04             mov    %edx,0x4(%esp)
 8048c45:       c7 04 24 2c a2 04 08    movl   $0x804a22c,(%esp)
 8048c4c:       e8 d3 fb ff ff          call   8048824 <printf@plt>
 8048c51:       c9                      leave  
 8048c52:       c3                      ret    

08048c53 <launch>:
 8048c53:       55                      push   %ebp
 8048c54:       89 e5                   mov    %esp,%ebp
 8048c56:       53                      push   %ebx
 8048c57:       83 ec 54                sub    $0x54,%esp
 8048c5a:       89 c3                   mov    %eax,%ebx
 8048c5c:       8d 45 bc                lea    0xffffffbc(%ebp),%eax
 8048c5f:       25 f8 3f 00 00          and    $0x3ff8,%eax
 8048c64:       01 c2                   add    %eax,%edx
 8048c66:       8d 42 1e                lea    0x1e(%edx),%eax
 8048c69:       83 e0 f0                and    $0xfffffff0,%eax
 8048c6c:       29 c4                   sub    %eax,%esp
 8048c6e:       8d 44 24 1b             lea    0x1b(%esp),%eax
 8048c72:       83 e0 f0                and    $0xfffffff0,%eax
 8048c75:       89 54 24 08             mov    %edx,0x8(%esp)
 8048c79:       c7 44 24 04 f4 00 00    movl   $0xf4,0x4(%esp)
 8048c80:       00 
 8048c81:       89 04 24                mov    %eax,(%esp)
 8048c84:       e8 fb fa ff ff          call   8048784 <memset@plt>
 8048c89:       c7 04 24 47 a2 04 08    movl   $0x804a247,(%esp)
 8048c90:       e8 8f fb ff ff          call   8048824 <printf@plt>
 8048c95:       85 db                   test   %ebx,%ebx
 8048c97:       74 09                   je     8048ca2 <launch+0x4f>
 8048c99:       e8 ed fe ff ff          call   8048b8b <testn>
 8048c9e:       66 90                   xchg   %ax,%ax
 8048ca0:       eb 05                   jmp    8048ca7 <launch+0x54>
 8048ca2:       e8 48 ff ff ff          call   8048bef <test>
 8048ca7:       83 3d e4 c1 04 08 00    cmpl   $0x0,0x804c1e4
 8048cae:       66 90                   xchg   %ax,%ax
 8048cb0:       75 16                   jne    8048cc8 <launch+0x75>
 8048cb2:       c7 04 24 90 a1 04 08    movl   $0x804a190,(%esp)
 8048cb9:       e8 d6 fb ff ff          call   8048894 <puts@plt>
 8048cbe:       c7 05 e4 c1 04 08 00    movl   $0x0,0x804c1e4
 8048cc5:       00 00 00 
 8048cc8:       8b 5d fc                mov    0xfffffffc(%ebp),%ebx
 8048ccb:       c9                      leave  
 8048ccc:       c3                      ret    

08048ccd <launcher>:
 8048ccd:       55                      push   %ebp
 8048cce:       89 e5                   mov    %esp,%ebp
 8048cd0:       53                      push   %ebx
 8048cd1:       83 ec 24                sub    $0x24,%esp
 8048cd4:       8b 45 08                mov    0x8(%ebp),%eax
 8048cd7:       a3 f0 c1 04 08          mov    %eax,0x804c1f0
 8048cdc:       8b 45 0c                mov    0xc(%ebp),%eax
 8048cdf:       a3 f4 c1 04 08          mov    %eax,0x804c1f4
 8048ce4:       c7 44 24 14 00 00 00    movl   $0x0,0x14(%esp)
 8048ceb:       00 
 8048cec:       c7 44 24 10 00 00 00    movl   $0x0,0x10(%esp)
 8048cf3:       00 
 8048cf4:       c7 44 24 0c 22 01 00    movl   $0x122,0xc(%esp)
 8048cfb:       00 
 8048cfc:       c7 44 24 08 07 00 00    movl   $0x7,0x8(%esp)
 8048d03:       00 
 8048d04:       c7 44 24 04 00 00 10    movl   $0x100000,0x4(%esp)
 8048d0b:       00 
 8048d0c:       c7 04 24 00 60 58 55    movl   $0x55586000,(%esp)
 8048d13:       e8 0c fa ff ff          call   8048724 <mmap@plt>
 8048d18:       89 c3                   mov    %eax,%ebx
 8048d1a:       83 f8 ff                cmp    $0xffffffff,%eax
 8048d1d:       75 31                   jne    8048d50 <launcher+0x83>
 8048d1f:       a1 c0 c1 04 08          mov    0x804c1c0,%eax
 8048d24:       89 44 24 0c             mov    %eax,0xc(%esp)
 8048d28:       c7 44 24 08 47 00 00    movl   $0x47,0x8(%esp)
 8048d2f:       00 
 8048d30:       c7 44 24 04 01 00 00    movl   $0x1,0x4(%esp)
 8048d37:       00 
 8048d38:       c7 04 24 d4 a0 04 08    movl   $0x804a0d4,(%esp)
 8048d3f:       e8 20 fb ff ff          call   8048864 <fwrite@plt>
 8048d44:       c7 04 24 01 00 00 00    movl   $0x1,(%esp)
 8048d4b:       e8 a4 fb ff ff          call   80488f4 <exit@plt>
 8048d50:       8d 90 f8 ff 0f 00       lea    0xffff8(%eax),%edx
 8048d56:       89 15 04 ce 04 08       mov    %edx,0x804ce04
 8048d5c:       89 e0                   mov    %esp,%eax
 8048d5e:       89 d4                   mov    %edx,%esp
 8048d60:       89 c2                   mov    %eax,%edx
 8048d62:       89 15 f8 c1 04 08       mov    %edx,0x804c1f8
 8048d68:       8b 15 f4 c1 04 08       mov    0x804c1f4,%edx
 8048d6e:       a1 f0 c1 04 08          mov    0x804c1f0,%eax
 8048d73:       e8 db fe ff ff          call   8048c53 <launch>
 8048d78:       a1 f8 c1 04 08          mov    0x804c1f8,%eax
 8048d7d:       89 c4                   mov    %eax,%esp
 8048d7f:       c7 44 24 04 00 00 10    movl   $0x100000,0x4(%esp)
 8048d86:       00 
 8048d87:       89 1c 24                mov    %ebx,(%esp)
 8048d8a:       e8 35 fb ff ff          call   80488c4 <munmap@plt>
 8048d8f:       83 c4 24                add    $0x24,%esp
 8048d92:       5b                      pop    %ebx
 8048d93:       5d                      pop    %ebp
 8048d94:       c3                      ret    


08048d95 <main>:
 8048d95:       8d 4c 24 04             lea    0x4(%esp),%ecx
 8048d99:       83 e4 f0                and    $0xfffffff0,%esp
 8048d9c:       ff 71 fc                pushl  0xfffffffc(%ecx)
 8048d9f:       55                      push   %ebp
 8048da0:       89 e5                   mov    %esp,%ebp
 8048da2:       57                      push   %edi
 8048da3:       56                      push   %esi
 8048da4:       53                      push   %ebx
 8048da5:       51                      push   %ecx
 8048da6:       83 ec 28                sub    $0x28,%esp
 8048da9:       8b 31                   mov    (%ecx),%esi
 8048dab:       8b 59 04                mov    0x4(%ecx),%ebx
 8048dae:       c7 44 24 04 1a 8a 04    movl   $0x8048a1a,0x4(%esp)
 8048db5:       08 
 8048db6:       c7 04 24 0b 00 00 00    movl   $0xb,(%esp)
 8048dbd:       e8 82 f9 ff ff          call   8048744 <signal@plt>
 8048dc2:       c7 44 24 04 44 8a 04    movl   $0x8048a44,0x4(%esp)
 8048dc9:       08 
 8048dca:       c7 04 24 07 00 00 00    movl   $0x7,(%esp)
 8048dd1:       e8 6e f9 ff ff          call   8048744 <signal@plt>
 8048dd6:       c7 44 24 04 f0 89 04    movl   $0x80489f0,0x4(%esp)
 8048ddd:       08 
 8048dde:       c7 04 24 04 00 00 00    movl   $0x4,(%esp)
 8048de5:       e8 5a f9 ff ff          call   8048744 <signal@plt>
 8048dea:       a1 c4 c1 04 08          mov    0x804c1c4,%eax
 8048def:       a3 dc c1 04 08          mov    %eax,0x804c1dc
 8048df4:       c7 45 e8 00 00 00 00    movl   $0x0,0xffffffe8(%ebp)
 8048dfb:       c7 45 ec 01 00 00 00    movl   $0x1,0xffffffec(%ebp)
 8048e02:       eb 6d                   jmp    8048e71 <main+0xdc>
 8048e04:       3c 6e                   cmp    $0x6e,%al
 8048e06:       74 1c                   je     8048e24 <main+0x8f>
 8048e08:       3c 6e                   cmp    $0x6e,%al
 8048e0a:       7f 08                   jg     8048e14 <main+0x7f>
 8048e0c:       3c 68                   cmp    $0x68,%al
 8048e0e:       66 90                   xchg   %ax,%ax
 8048e10:       75 58                   jne    8048e6a <main+0xd5>
 8048e12:       eb 20                   jmp    8048e34 <main+0x9f>
 8048e14:       3c 73                   cmp    $0x73,%al
 8048e16:       74 46                   je     8048e5e <main+0xc9>
 8048e18:       3c 75                   cmp    $0x75,%al
 8048e1a:       8d b6 00 00 00 00       lea    0x0(%esi),%esi
 8048e20:       75 48                   jne    8048e6a <main+0xd5>
 8048e22:       eb 19                   jmp    8048e3d <main+0xa8>
 8048e24:       c7 45 e8 01 00 00 00    movl   $0x1,0xffffffe8(%ebp)
 8048e2b:       c7 45 ec 05 00 00 00    movl   $0x5,0xffffffec(%ebp)
 8048e32:       eb 3d                   jmp    8048e71 <main+0xdc>
 8048e34:       8b 03                   mov    (%ebx),%eax
 8048e36:       e8 33 fc ff ff          call   8048a6e <usage>
 8048e3b:       eb 34                   jmp    8048e71 <main+0xdc>
 8048e3d:       a1 c8 c1 04 08          mov    0x804c1c8,%eax
 8048e42:       89 04 24                mov    %eax,(%esp)
 8048e45:       e8 9a fa ff ff          call   80488e4 <__strdup@plt>
 8048e4a:       a3 d4 c1 04 08          mov    %eax,0x804c1d4
 8048e4f:       89 04 24                mov    %eax,(%esp)
 8048e52:       e8 4a 10 00 00          call   8049ea1 <gencookie>
 8048e57:       a3 e0 c1 04 08          mov    %eax,0x804c1e0
 8048e5c:       eb 13                   jmp    8048e71 <main+0xdc>
 8048e5e:       c7 05 d8 c1 04 08 01    movl   $0x1,0x804c1d8
 8048e65:       00 00 00 
 8048e68:       eb 07                   jmp    8048e71 <main+0xdc>
 8048e6a:       8b 03                   mov    (%ebx),%eax
 8048e6c:       e8 fd fb ff ff          call   8048a6e <usage>
 8048e71:       c7 44 24 08 54 a2 04    movl   $0x804a254,0x8(%esp)
 8048e78:       08 
 8048e79:       89 5c 24 04             mov    %ebx,0x4(%esp)
 8048e7d:       89 34 24                mov    %esi,(%esp)
 8048e80:       e8 5f f9 ff ff          call   80487e4 <getopt@plt>
 8048e85:       3c ff                   cmp    $0xff,%al
 8048e87:       0f 85 77 ff ff ff       jne    8048e04 <main+0x6f>
 8048e8d:       83 3d d4 c1 04 08 00    cmpl   $0x0,0x804c1d4
 8048e94:       75 19                   jne    8048eaf <main+0x11a>
 8048e96:       8b 03                   mov    (%ebx),%eax
 8048e98:       89 44 24 04             mov    %eax,0x4(%esp)
 8048e9c:       c7 04 24 1c a1 04 08    movl   $0x804a11c,(%esp)
 8048ea3:       e8 7c f9 ff ff          call   8048824 <printf@plt>
 8048ea8:       8b 03                   mov    (%ebx),%eax
 8048eaa:       e8 bf fb ff ff          call   8048a6e <usage>
 8048eaf:       e8 f3 02 00 00          call   80491a7 <initialize_bomb>
 8048eb4:       a1 d4 c1 04 08          mov    0x804c1d4,%eax
 8048eb9:       89 44 24 04             mov    %eax,0x4(%esp)
 8048ebd:       c7 04 24 5a a2 04 08    movl   $0x804a25a,(%esp)
 8048ec4:       e8 5b f9 ff ff          call   8048824 <printf@plt>
 8048ec9:       a1 e0 c1 04 08          mov    0x804c1e0,%eax
 8048ece:       89 44 24 04             mov    %eax,0x4(%esp)
 8048ed2:       c7 04 24 66 a2 04 08    movl   $0x804a266,(%esp)
 8048ed9:       e8 46 f9 ff ff          call   8048824 <printf@plt>
 8048ede:       a1 e0 c1 04 08          mov    0x804c1e0,%eax
 8048ee3:       89 04 24                mov    %eax,(%esp)
 8048ee6:       e8 59 f9 ff ff          call   8048844 <srandom@plt>
 8048eeb:       e8 44 f8 ff ff          call   8048734 <random@plt>
 8048ef0:       25 f8 0f 00 00          and    $0xff8,%eax
 8048ef5:       89 45 e4                mov    %eax,0xffffffe4(%ebp)
 8048ef8:       8b 45 ec                mov    0xffffffec(%ebp),%eax
 8048efb:       89 45 e0                mov    %eax,0xffffffe0(%ebp)
 8048efe:       c7 44 24 04 04 00 00    movl   $0x4,0x4(%esp)
 8048f05:       00 
 8048f06:       89 04 24                mov    %eax,(%esp)
 8048f09:       e8 56 f8 ff ff          call   8048764 <calloc@plt>
 8048f0e:       89 c6                   mov    %eax,%esi
 8048f10:       8b 45 ec                mov    0xffffffec(%ebp),%eax
 8048f13:       83 e8 02                sub    $0x2,%eax
 8048f16:       85 c0                   test   %eax,%eax
 8048f18:       7e 1e                   jle    8048f38 <main+0x1a3>
 8048f1a:       bb 01 00 00 00          mov    $0x1,%ebx
 8048f1f:       8b 7d e0                mov    0xffffffe0(%ebp),%edi
 8048f22:       83 ef 01                sub    $0x1,%edi
 8048f25:       e8 0a f8 ff ff          call   8048734 <random@plt>
 8048f2a:       83 e0 38                and    $0x38,%eax
 8048f2d:       89 44 9e fc             mov    %eax,0xfffffffc(%esi,%ebx,4)
 8048f31:       83 c3 01                add    $0x1,%ebx
 8048f34:       39 fb                   cmp    %edi,%ebx
 8048f36:       75 ed                   jne    8048f25 <main+0x190>
 8048f38:       83 7d ec 01             cmpl   $0x1,0xffffffec(%ebp)
 8048f3c:       7e 1d                   jle    8048f5b <main+0x1c6>
 8048f3e:       8b 45 e0                mov    0xffffffe0(%ebp),%eax
 8048f41:       c1 e0 02                shl    $0x2,%eax
 8048f44:       c7 44 06 f8 38 00 00    movl   $0x38,0xfffffff8(%esi,%eax,1)
 8048f4b:       00 
 8048f4c:       c7 44 06 fc 00 00 00    movl   $0x0,0xfffffffc(%esi,%eax,1)
 8048f53:       00 
 8048f54:       bb 00 00 00 00          mov    $0x0,%ebx
 8048f59:       eb 13                   jmp    8048f6e <main+0x1d9>
 8048f5b:       8b 45 e0                mov    0xffffffe0(%ebp),%eax
 8048f5e:       c7 44 86 fc 00 00 00    movl   $0x0,0xfffffffc(%esi,%eax,4)
 8048f65:       00 
 8048f66:       83 7d ec 01             cmpl   $0x1,0xffffffec(%ebp)
 8048f6a:       74 e8                   je     8048f54 <main+0x1bf>
 8048f6c:       eb 1d                   jmp    8048f8b <main+0x1f6>
 8048f6e:       8b 45 e4                mov    0xffffffe4(%ebp),%eax
 8048f71:       03 04 9e                add    (%esi,%ebx,4),%eax
 8048f74:       89 44 24 04             mov    %eax,0x4(%esp)
 8048f78:       8b 45 e8                mov    0xffffffe8(%ebp),%eax
 8048f7b:       89 04 24                mov    %eax,(%esp)
 8048f7e:       e8 4a fd ff ff          call   8048ccd <launcher>
 8048f83:       83 c3 01                add    $0x1,%ebx
 8048f86:       3b 5d ec                cmp    0xffffffec(%ebp),%ebx
 8048f89:       7c e3                   jl     8048f6e <main+0x1d9>
 8048f8b:       b8 00 00 00 00          mov    $0x0,%eax
 8048f90:       83 c4 28                add    $0x28,%esp
 8048f93:       59                      pop    %ecx
 8048f94:       5b                      pop    %ebx
 8048f95:       5e                      pop    %esi
 8048f96:       5f                      pop    %edi
 8048f97:       5d                      pop    %ebp
 8048f98:       8d 61 fc                lea    0xfffffffc(%ecx),%esp
 8048f9b:       c3                      ret    

08048f9c <bang>:
 8048f9c:       55                      push   %ebp
 8048f9d:       89 e5                   mov    %esp,%ebp
 8048f9f:       83 ec 08                sub    $0x8,%esp
 8048fa2:       a1 e8 c1 04 08          mov    0x804c1e8,%eax
 8048fa7:       3b 05 e0 c1 04 08       cmp    0x804c1e0,%eax
 8048fad:       75 1e                   jne    8048fcd <bang+0x31>
 8048faf:       89 44 24 04             mov    %eax,0x4(%esp)
 8048fb3:       c7 04 24 48 a1 04 08    movl   $0x804a148,(%esp)
 8048fba:       e8 65 f8 ff ff          call   8048824 <printf@plt>
 8048fbf:       c7 04 24 02 00 00 00    movl   $0x2,(%esp)
 8048fc6:       e8 95 00 00 00          call   8049060 <validate>
 8048fcb:       eb 10                   jmp    8048fdd <bang+0x41>
 8048fcd:       89 44 24 04             mov    %eax,0x4(%esp)
 8048fd1:       c7 04 24 74 a2 04 08    movl   $0x804a274,(%esp)
 8048fd8:       e8 47 f8 ff ff          call   8048824 <printf@plt>
 8048fdd:       c7 04 24 00 00 00 00    movl   $0x0,(%esp)
 8048fe4:       e8 0b f9 ff ff          call   80488f4 <exit@plt>

08048fe9 <fizz>:
 8048fe9:       55                      push   %ebp
 8048fea:       89 e5                   mov    %esp,%ebp
 8048fec:       83 ec 08                sub    $0x8,%esp
 8048fef:       8b 45 08                mov    0x8(%ebp),%eax
 8048ff2:       3b 05 e0 c1 04 08       cmp    0x804c1e0,%eax
 8048ff8:       75 1e                   jne    8049018 <fizz+0x2f>
 8048ffa:       89 44 24 04             mov    %eax,0x4(%esp)
 8048ffe:       c7 04 24 92 a2 04 08    movl   $0x804a292,(%esp)
 8049005:       e8 1a f8 ff ff          call   8048824 <printf@plt>
 804900a:       c7 04 24 01 00 00 00    movl   $0x1,(%esp)
 8049011:       e8 4a 00 00 00          call   8049060 <validate>
 8049016:       eb 10                   jmp    8049028 <fizz+0x3f>
 8049018:       89 44 24 04             mov    %eax,0x4(%esp)
 804901c:       c7 04 24 70 a1 04 08    movl   $0x804a170,(%esp)
 8049023:       e8 fc f7 ff ff          call   8048824 <printf@plt>
 8049028:       c7 04 24 00 00 00 00    movl   $0x0,(%esp)
 804902f:       e8 c0 f8 ff ff          call   80488f4 <exit@plt>

08049034 <smoke>:
 8049034:       55                      push   %ebp
 8049035:       89 e5                   mov    %esp,%ebp
 8049037:       83 ec 08                sub    $0x8,%esp
 804903a:       c7 04 24 b0 a2 04 08    movl   $0x804a2b0,(%esp)
 8049041:       e8 4e f8 ff ff          call   8048894 <puts@plt>
 8049046:       c7 04 24 00 00 00 00    movl   $0x0,(%esp)
 804904d:       e8 0e 00 00 00          call   8049060 <validate>
 8049052:       c7 04 24 00 00 00 00    movl   $0x0,(%esp)
 8049059:       e8 96 f8 ff ff          call   80488f4 <exit@plt>
 804905e:       90                      nop    
 804905f:       90                      nop    

08049060 <validate>:
 8049060:       55                      push   %ebp
 8049061:       89 e5                   mov    %esp,%ebp
 8049063:       81 ec 28 40 00 00       sub    $0x4028,%esp
 8049069:       89 5d f8                mov    %ebx,0xfffffff8(%ebp)
 804906c:       89 7d fc                mov    %edi,0xfffffffc(%ebp)
 804906f:       8b 5d 08                mov    0x8(%ebp),%ebx
 8049072:       83 3d d4 c1 04 08 00    cmpl   $0x0,0x804c1d4
 8049079:       75 11                   jne    804908c <validate+0x2c>
 804907b:       c7 04 24 dc a2 04 08    movl   $0x804a2dc,(%esp)
 8049082:       e8 0d f8 ff ff          call   8048894 <puts@plt>
 8049087:       e9 11 01 00 00          jmp    804919d <validate+0x13d>
 804908c:       83 fb 04                cmp    $0x4,%ebx
 804908f:       76 11                   jbe    80490a2 <validate+0x42>
 8049091:       c7 04 24 08 a3 04 08    movl   $0x804a308,(%esp)
 8049098:       e8 f7 f7 ff ff          call   8048894 <puts@plt>
 804909d:       e9 fb 00 00 00          jmp    804919d <validate+0x13d>
 80490a2:       c7 05 e4 c1 04 08 01    movl   $0x1,0x804c1e4
 80490a9:       00 00 00 
 80490ac:       8b 04 9d a0 c1 04 08    mov    0x804c1a0(,%ebx,4),%eax
 80490b3:       83 e8 01                sub    $0x1,%eax
 80490b6:       89 04 9d a0 c1 04 08    mov    %eax,0x804c1a0(,%ebx,4)
 80490bd:       85 c0                   test   %eax,%eax
 80490bf:       7e 11                   jle    80490d2 <validate+0x72>
 80490c1:       c7 04 24 4b a4 04 08    movl   $0x804a44b,(%esp)
 80490c8:       e8 c7 f7 ff ff          call   8048894 <puts@plt>
 80490cd:       e9 cb 00 00 00          jmp    804919d <validate+0x13d>
 80490d2:       c7 04 24 56 a4 04 08    movl   $0x804a456,(%esp)
 80490d9:       e8 b6 f7 ff ff          call   8048894 <puts@plt>
 80490de:       83 3d d8 c1 04 08 00    cmpl   $0x0,0x804c1d8
 80490e5:       0f 84 a6 00 00 00       je     8049191 <validate+0x131>
 80490eb:       bf 00 c2 04 08          mov    $0x804c200,%edi
 80490f0:       fc                      cld    
 80490f1:       b9 ff ff ff ff          mov    $0xffffffff,%ecx
 80490f6:       b8 00 00 00 00          mov    $0x0,%eax
 80490fb:       f2 ae                   repnz scas %es:(%edi),%al
 80490fd:       f7 d1                   not    %ecx
 80490ff:       83 c1 1f                add    $0x1f,%ecx
 8049102:       81 f9 00 20 00 00       cmp    $0x2000,%ecx
 8049108:       76 11                   jbe    804911b <validate+0xbb>
 804910a:       c7 04 24 30 a3 04 08    movl   $0x804a330,(%esp)
 8049111:       e8 7e f7 ff ff          call   8048894 <puts@plt>
 8049116:       e9 82 00 00 00          jmp    804919d <validate+0x13d>
 804911b:       c7 44 24 10 00 c2 04    movl   $0x804c200,0x10(%esp)
 8049122:       08 
 8049123:       a1 e0 c1 04 08          mov    0x804c1e0,%eax
 8049128:       89 44 24 0c             mov    %eax,0xc(%esp)
 804912c:       89 5c 24 08             mov    %ebx,0x8(%esp)
 8049130:       c7 44 24 04 5c a4 04    movl   $0x804a45c,0x4(%esp)
 8049137:       08 
 8049138:       8d 9d f8 df ff ff       lea    0xffffdff8(%ebp),%ebx
 804913e:       89 1c 24                mov    %ebx,(%esp)
 8049141:       e8 ae f5 ff ff          call   80486f4 <sprintf@plt>
 8049146:       8d 85 f8 bf ff ff       lea    0xffffbff8(%ebp),%eax
 804914c:       89 44 24 0c             mov    %eax,0xc(%esp)
 8049150:       c7 44 24 08 00 00 00    movl   $0x0,0x8(%esp)
 8049157:       00 
 8049158:       89 5c 24 04             mov    %ebx,0x4(%esp)
 804915c:       a1 d4 c1 04 08          mov    0x804c1d4,%eax
 8049161:       89 04 24                mov    %eax,(%esp)
 8049164:       e8 0b 0c 00 00          call   8049d74 <driver_post>
 8049169:       85 c0                   test   %eax,%eax
 804916b:       75 0e                   jne    804917b <validate+0x11b>
 804916d:       c7 04 24 68 a3 04 08    movl   $0x804a368,(%esp)
 8049174:       e8 1b f7 ff ff          call   8048894 <puts@plt>
 8049179:       eb 16                   jmp    8049191 <validate+0x131>
 804917b:       8d 85 f8 bf ff ff       lea    0xffffbff8(%ebp),%eax
 8049181:       89 44 24 04             mov    %eax,0x4(%esp)
 8049185:       c7 04 24 98 a3 04 08    movl   $0x804a398,(%esp)
 804918c:       e8 93 f6 ff ff          call   8048824 <printf@plt>
 8049191:       c7 04 24 65 a4 04 08    movl   $0x804a465,(%esp)
 8049198:       e8 f7 f6 ff ff          call   8048894 <puts@plt>
 804919d:       8b 5d f8                mov    0xfffffff8(%ebp),%ebx
 80491a0:       8b 7d fc                mov    0xfffffffc(%ebp),%edi
 80491a3:       89 ec                   mov    %ebp,%esp
 80491a5:       5d                      pop    %ebp
 80491a6:       c3                      ret    

080491a7 <initialize_bomb>:
 80491a7:       55                      push   %ebp
 80491a8:       89 e5                   mov    %esp,%ebp
 80491aa:       56                      push   %esi
 80491ab:       53                      push   %ebx
 80491ac:       81 ec 10 24 00 00       sub    $0x2410,%esp
 80491b2:       83 3d d8 c1 04 08 00    cmpl   $0x0,0x804c1d8
 80491b9:       0f 84 f8 00 00 00       je     80492b7 <initialize_bomb+0x110>
 80491bf:       c7 44 24 04 00 04 00    movl   $0x400,0x4(%esp)
 80491c6:       00 
 80491c7:       8d 85 f8 fb ff ff       lea    0xfffffbf8(%ebp),%eax
 80491cd:       89 04 24                mov    %eax,(%esp)
 80491d0:       e8 af f6 ff ff          call   8048884 <gethostname@plt>
 80491d5:       85 c0                   test   %eax,%eax
 80491d7:       75 19                   jne    80491f2 <initialize_bomb+0x4b>
 80491d9:       a1 a0 b1 04 08          mov    0x804b1a0,%eax
 80491de:       bb 00 00 00 00          mov    $0x0,%ebx
 80491e3:       8d b5 f8 fb ff ff       lea    0xfffffbf8(%ebp),%esi
 80491e9:       85 c0                   test   %eax,%eax
 80491eb:       75 1d                   jne    804920a <initialize_bomb+0x63>
 80491ed:       e9 9f 00 00 00          jmp    8049291 <initialize_bomb+0xea>
 80491f2:       c7 04 24 d8 a3 04 08    movl   $0x804a3d8,(%esp)
 80491f9:       e8 96 f6 ff ff          call   8048894 <puts@plt>
 80491fe:       c7 04 24 08 00 00 00    movl   $0x8,(%esp)
 8049205:       e8 ea f6 ff ff          call   80488f4 <exit@plt>
 804920a:       89 74 24 04             mov    %esi,0x4(%esp)
 804920e:       89 04 24                mov    %eax,(%esp)
 8049211:       e8 1e f6 ff ff          call   8048834 <strcasecmp@plt>
 8049216:       85 c0                   test   %eax,%eax
 8049218:       74 10                   je     804922a <initialize_bomb+0x83>
 804921a:       83 c3 01                add    $0x1,%ebx
 804921d:       8b 04 9d a0 b1 04 08    mov    0x804b1a0(,%ebx,4),%eax
 8049224:       85 c0                   test   %eax,%eax
 8049226:       74 69                   je     8049291 <initialize_bomb+0xea>
 8049228:       eb e0                   jmp    804920a <initialize_bomb+0x63>
 804922a:       8d 85 f8 db ff ff       lea    0xffffdbf8(%ebp),%eax
 8049230:       89 04 24                mov    %eax,(%esp)
 8049233:       e8 98 00 00 00          call   80492d0 <init_driver>
 8049238:       85 c0                   test   %eax,%eax
 804923a:       79 46                   jns    8049282 <initialize_bomb+0xdb>
 804923c:       eb 22                   jmp    8049260 <initialize_bomb+0xb9>
 804923e:       89 04 24                mov    %eax,(%esp)
 8049241:       e8 4e f6 ff ff          call   8048894 <puts@plt>
 8049246:       83 c3 01                add    $0x1,%ebx
 8049249:       8b 04 9d a0 b1 04 08    mov    0x804b1a0(,%ebx,4),%eax
 8049250:       85 c0                   test   %eax,%eax
 8049252:       75 ea                   jne    804923e <initialize_bomb+0x97>
 8049254:       c7 04 24 08 00 00 00    movl   $0x8,(%esp)
 804925b:       e8 94 f6 ff ff          call   80488f4 <exit@plt>
 8049260:       8d 85 f8 db ff ff       lea    0xffffdbf8(%ebp),%eax
 8049266:       89 44 24 04             mov    %eax,0x4(%esp)
 804926a:       c7 04 24 6f a4 04 08    movl   $0x804a46f,(%esp)
 8049271:       e8 ae f5 ff ff          call   8048824 <printf@plt>
 8049276:       c7 04 24 08 00 00 00    movl   $0x8,(%esp)
 804927d:       e8 72 f6 ff ff          call   80488f4 <exit@plt>
 8049282:       a1 ac a4 04 08          mov    0x804a4ac,%eax
 8049287:       89 04 24                mov    %eax,(%esp)
 804928a:       e8 16 02 00 00          call   80494a5 <init_timeout>
 804928f:       eb 26                   jmp    80492b7 <initialize_bomb+0x110>
 8049291:       8d 85 f8 fb ff ff       lea    0xfffffbf8(%ebp),%eax
 8049297:       89 44 24 04             mov    %eax,0x4(%esp)
 804929b:       c7 04 24 10 a4 04 08    movl   $0x804a410,(%esp)
 80492a2:       e8 7d f5 ff ff          call   8048824 <printf@plt>
 80492a7:       a1 a0 b1 04 08          mov    0x804b1a0,%eax
 80492ac:       bb 00 00 00 00          mov    $0x0,%ebx
 80492b1:       85 c0                   test   %eax,%eax
 80492b3:       75 89                   jne    804923e <initialize_bomb+0x97>
 80492b5:       eb 9d                   jmp    8049254 <initialize_bomb+0xad>
 80492b7:       81 c4 10 24 00 00       add    $0x2410,%esp
 80492bd:       5b                      pop    %ebx
 80492be:       5e                      pop    %esi
 80492bf:       5d                      pop    %ebp
 80492c0:       c3                      ret    
 80492c1:       90                      nop    
 80492c2:       90                      nop    
 80492c3:       90                      nop    
 80492c4:       90                      nop    
 80492c5:       90                      nop    
 80492c6:       90                      nop    
 80492c7:       90                      nop    
 80492c8:       90                      nop    
 80492c9:       90                      nop    
 80492ca:       90                      nop    
 80492cb:       90                      nop    
 80492cc:       90                      nop    
 80492cd:       90                      nop    
 80492ce:       90                      nop    
 80492cf:       90                      nop    

080492d0 <init_driver>:
 80492d0:       55                      push   %ebp
 80492d1:       89 e5                   mov    %esp,%ebp
 80492d3:       57                      push   %edi
 80492d4:       56                      push   %esi
 80492d5:       53                      push   %ebx
 80492d6:       83 ec 1c                sub    $0x1c,%esp
 80492d9:       8b 7d 08                mov    0x8(%ebp),%edi
 80492dc:       c7 44 24 04 01 00 00    movl   $0x1,0x4(%esp)
 80492e3:       00 
 80492e4:       c7 04 24 0d 00 00 00    movl   $0xd,(%esp)
 80492eb:       e8 54 f4 ff ff          call   8048744 <signal@plt>
 80492f0:       c7 44 24 04 01 00 00    movl   $0x1,0x4(%esp)
 80492f7:       00 
 80492f8:       c7 04 24 1d 00 00 00    movl   $0x1d,(%esp)
 80492ff:       e8 40 f4 ff ff          call   8048744 <signal@plt>
 8049304:       c7 44 24 04 01 00 00    movl   $0x1,0x4(%esp)
 804930b:       00 
 804930c:       c7 04 24 1d 00 00 00    movl   $0x1d,(%esp)
 8049313:       e8 2c f4 ff ff          call   8048744 <signal@plt>
 8049318:       c7 44 24 08 00 00 00    movl   $0x0,0x8(%esp)
 804931f:       00 
 8049320:       c7 44 24 04 01 00 00    movl   $0x1,0x4(%esp)
 8049327:       00 
 8049328:       c7 04 24 02 00 00 00    movl   $0x2,(%esp)
 804932f:       e8 90 f4 ff ff          call   80487c4 <socket@plt>
 8049334:       89 c6                   mov    %eax,%esi
 8049336:       85 c0                   test   %eax,%eax
 8049338:       79 4e                   jns    8049388 <init_driver+0xb8>
 804933a:       c7 07 45 72 72 6f       movl   $0x6f727245,(%edi)
 8049340:       c7 47 04 72 3a 20 43    movl   $0x43203a72,0x4(%edi)
 8049347:       c7 47 08 6c 69 65 6e    movl   $0x6e65696c,0x8(%edi)
 804934e:       c7 47 0c 74 20 75 6e    movl   $0x6e752074,0xc(%edi)
 8049355:       c7 47 10 61 62 6c 65    movl   $0x656c6261,0x10(%edi)
 804935c:       c7 47 14 20 74 6f 20    movl   $0x206f7420,0x14(%edi)
 8049363:       c7 47 18 63 72 65 61    movl   $0x61657263,0x18(%edi)
 804936a:       c7 47 1c 74 65 20 73    movl   $0x73206574,0x1c(%edi)
 8049371:       c7 47 20 6f 63 6b 65    movl   $0x656b636f,0x20(%edi)
 8049378:       66 c7 47 24 74 00       movw   $0x74,0x24(%edi)
 804937e:       b8 ff ff ff ff          mov    $0xffffffff,%eax
 8049383:       e9 15 01 00 00          jmp    804949d <init_driver+0x1cd>
 8049388:       c7 04 24 84 a4 04 08    movl   $0x804a484,(%esp)
 804938f:       e8 40 f5 ff ff          call   80488d4 <gethostbyname@plt>
 8049394:       89 c1                   mov    %eax,%ecx
 8049396:       85 c0                   test   %eax,%eax
 8049398:       75 68                   jne    8049402 <init_driver+0x132>
 804939a:       c7 07 45 72 72 6f       movl   $0x6f727245,(%edi)
 80493a0:       c7 47 04 72 3a 20 44    movl   $0x44203a72,0x4(%edi)
 80493a7:       c7 47 08 4e 53 20 69    movl   $0x6920534e,0x8(%edi)
 80493ae:       c7 47 0c 73 20 75 6e    movl   $0x6e752073,0xc(%edi)
 80493b5:       c7 47 10 61 62 6c 65    movl   $0x656c6261,0x10(%edi)
 80493bc:       c7 47 14 20 74 6f 20    movl   $0x206f7420,0x14(%edi)
 80493c3:       c7 47 18 72 65 73 6f    movl   $0x6f736572,0x18(%edi)
 80493ca:       c7 47 1c 6c 76 65 20    movl   $0x2065766c,0x1c(%edi)
 80493d1:       c7 47 20 73 65 72 76    movl   $0x76726573,0x20(%edi)
 80493d8:       c7 47 24 65 72 20 61    movl   $0x61207265,0x24(%edi)
 80493df:       c7 47 28 64 64 72 65    movl   $0x65726464,0x28(%edi)
 80493e6:       66 c7 47 2c 73 73       movw   $0x7373,0x2c(%edi)
 80493ec:       c6 47 2e 00             movb   $0x0,0x2e(%edi)
 80493f0:       89 34 24                mov    %esi,(%esp)
 80493f3:       e8 5c f4 ff ff          call   8048854 <close@plt>
 80493f8:       b8 ff ff ff ff          mov    $0xffffffff,%eax
 80493fd:       e9 9b 00 00 00          jmp    804949d <init_driver+0x1cd>
 8049402:       8d 5d e4                lea    0xffffffe4(%ebp),%ebx
 8049405:       c7 45 e4 00 00 00 00    movl   $0x0,0xffffffe4(%ebp)
 804940c:       c7 45 e8 00 00 00 00    movl   $0x0,0xffffffe8(%ebp)
 8049413:       c7 45 ec 00 00 00 00    movl   $0x0,0xffffffec(%ebp)
 804941a:       c7 45 f0 00 00 00 00    movl   $0x0,0xfffffff0(%ebp)
 8049421:       66 c7 45 e4 02 00       movw   $0x2,0xffffffe4(%ebp)
 8049427:       8d 55 e8                lea    0xffffffe8(%ebp),%edx
 804942a:       8b 40 0c                mov    0xc(%eax),%eax
 804942d:       89 44 24 08             mov    %eax,0x8(%esp)
 8049431:       89 54 24 04             mov    %edx,0x4(%esp)
 8049435:       8b 41 10                mov    0x10(%ecx),%eax
 8049438:       8b 00                   mov    (%eax),%eax
 804943a:       89 04 24                mov    %eax,(%esp)
 804943d:       e8 92 f3 ff ff          call   80487d4 <bcopy@plt>
 8049442:       66 c7 45 e6 47 26       movw   $0x2647,0xffffffe6(%ebp)
 8049448:       c7 44 24 08 10 00 00    movl   $0x10,0x8(%esp)
 804944f:       00 
 8049450:       89 5c 24 04             mov    %ebx,0x4(%esp)
 8049454:       89 34 24                mov    %esi,(%esp)
 8049457:       e8 b8 f2 ff ff          call   8048714 <connect@plt>
 804945c:       85 c0                   test   %eax,%eax
 804945e:       79 27                   jns    8049487 <init_driver+0x1b7>
 8049460:       c7 44 24 08 84 a4 04    movl   $0x804a484,0x8(%esp)
 8049467:       08 
 8049468:       c7 44 24 04 f4 a4 04    movl   $0x804a4f4,0x4(%esp)
 804946f:       08 
 8049470:       89 3c 24                mov    %edi,(%esp)
 8049473:       e8 7c f2 ff ff          call   80486f4 <sprintf@plt>
 8049478:       89 34 24                mov    %esi,(%esp)
 804947b:       e8 d4 f3 ff ff          call   8048854 <close@plt>
 8049480:       b8 ff ff ff ff          mov    $0xffffffff,%eax
 8049485:       eb 16                   jmp    804949d <init_driver+0x1cd>
 8049487:       89 34 24                mov    %esi,(%esp)
 804948a:       e8 c5 f3 ff ff          call   8048854 <close@plt>
 804948f:       66 c7 07 4f 4b          movw   $0x4b4f,(%edi)
 8049494:       c6 47 02 00             movb   $0x0,0x2(%edi)
 8049498:       b8 00 00 00 00          mov    $0x0,%eax
 804949d:       83 c4 1c                add    $0x1c,%esp
 80494a0:       5b                      pop    %ebx
 80494a1:       5e                      pop    %esi
 80494a2:       5f                      pop    %edi
 80494a3:       5d                      pop    %ebp
 80494a4:       c3                      ret    

080494a5 <init_timeout>:
 80494a5:       55                      push   %ebp
 80494a6:       89 e5                   mov    %esp,%ebp
 80494a8:       53                      push   %ebx
 80494a9:       83 ec 14                sub    $0x14,%esp
 80494ac:       8b 5d 08                mov    0x8(%ebp),%ebx
 80494af:       85 db                   test   %ebx,%ebx
 80494b1:       74 25                   je     80494d8 <init_timeout+0x33>
 80494b3:       c7 44 24 04 0b 9e 04    movl   $0x8049e0b,0x4(%esp)
 80494ba:       08 
 80494bb:       c7 04 24 0e 00 00 00    movl   $0xe,(%esp)
 80494c2:       e8 7d f2 ff ff          call   8048744 <signal@plt>
 80494c7:       89 d8                   mov    %ebx,%eax
 80494c9:       c1 f8 1f                sar    $0x1f,%eax
 80494cc:       f7 d0                   not    %eax
 80494ce:       21 d8                   and    %ebx,%eax
 80494d0:       89 04 24                mov    %eax,(%esp)
 80494d3:       e8 2c f3 ff ff          call   8048804 <alarm@plt>
 80494d8:       83 c4 14                add    $0x14,%esp
 80494db:       5b                      pop    %ebx
 80494dc:       5d                      pop    %ebp
 80494dd:       c3                      ret    

080494de <rio_readlineb>:
 80494de:       55                      push   %ebp
 80494df:       89 e5                   mov    %esp,%ebp
 80494e1:       57                      push   %edi
 80494e2:       56                      push   %esi
 80494e3:       53                      push   %ebx
 80494e4:       83 ec 2c                sub    $0x2c,%esp
 80494e7:       89 c3                   mov    %eax,%ebx
 80494e9:       89 4d d8                mov    %ecx,0xffffffd8(%ebp)
 80494ec:       89 55 dc                mov    %edx,0xffffffdc(%ebp)
 80494ef:       89 55 e0                mov    %edx,0xffffffe0(%ebp)
 80494f2:       bf 01 00 00 00          mov    $0x1,%edi
 80494f7:       83 f9 01                cmp    $0x1,%ecx
 80494fa:       77 3d                   ja     8049539 <rio_readlineb+0x5b>
 80494fc:       e9 9b 00 00 00          jmp    804959c <rio_readlineb+0xbe>
 8049501:       8d 73 0c                lea    0xc(%ebx),%esi
 8049504:       c7 44 24 08 00 20 00    movl   $0x2000,0x8(%esp)
 804950b:       00 
 804950c:       89 74 24 04             mov    %esi,0x4(%esp)
 8049510:       8b 03                   mov    (%ebx),%eax
 8049512:       89 04 24                mov    %eax,(%esp)
 8049515:       e8 9a f2 ff ff          call   80487b4 <read@plt>
 804951a:       89 43 04                mov    %eax,0x4(%ebx)
 804951d:       85 c0                   test   %eax,%eax
 804951f:       79 11                   jns    8049532 <rio_readlineb+0x54>
 8049521:       e8 be f1 ff ff          call   80486e4 <__errno_location@plt>
 8049526:       83 38 04                cmpl   $0x4,(%eax)
 8049529:       74 0e                   je     8049539 <rio_readlineb+0x5b>
 804952b:       b8 ff ff ff ff          mov    $0xffffffff,%eax
 8049530:       eb 49                   jmp    804957b <rio_readlineb+0x9d>
 8049532:       85 c0                   test   %eax,%eax
 8049534:       74 79                   je     80495af <rio_readlineb+0xd1>
 8049536:       89 73 08                mov    %esi,0x8(%ebx)
 8049539:       83 7b 04 00             cmpl   $0x0,0x4(%ebx)
 804953d:       8d 76 00                lea    0x0(%esi),%esi
 8049540:       7e bf                   jle    8049501 <rio_readlineb+0x23>
 8049542:       8d 55 f3                lea    0xfffffff3(%ebp),%edx
 8049545:       8b 43 08                mov    0x8(%ebx),%eax
 8049548:       c7 44 24 08 01 00 00    movl   $0x1,0x8(%esp)
 804954f:       00 
 8049550:       89 44 24 04             mov    %eax,0x4(%esp)
 8049554:       89 14 24                mov    %edx,(%esp)
 8049557:       e8 98 f2 ff ff          call   80487f4 <memcpy@plt>
 804955c:       83 43 08 01             addl   $0x1,0x8(%ebx)
 8049560:       83 6b 04 01             subl   $0x1,0x4(%ebx)
 8049564:       0f b6 45 f3             movzbl 0xfffffff3(%ebp),%eax
 8049568:       8b 55 dc                mov    0xffffffdc(%ebp),%edx
 804956b:       88 44 17 ff             mov    %al,0xffffffff(%edi,%edx,1)
 804956f:       83 45 e0 01             addl   $0x1,0xffffffe0(%ebp)
 8049573:       80 7d f3 0a             cmpb   $0xa,0xfffffff3(%ebp)
 8049577:       75 19                   jne    8049592 <rio_readlineb+0xb4>
 8049579:       eb 2c                   jmp    80495a7 <rio_readlineb+0xc9>
 804957b:       85 c0                   test   %eax,%eax
 804957d:       74 07                   je     8049586 <rio_readlineb+0xa8>
 804957f:       bf ff ff ff ff          mov    $0xffffffff,%edi
 8049584:       eb 30                   jmp    80495b6 <rio_readlineb+0xd8>
 8049586:       83 ff 01                cmp    $0x1,%edi
 8049589:       75 1c                   jne    80495a7 <rio_readlineb+0xc9>
 804958b:       66 bf 00 00             mov    $0x0,%di
 804958f:       90                      nop    
 8049590:       eb 24                   jmp    80495b6 <rio_readlineb+0xd8>
 8049592:       83 c7 01                add    $0x1,%edi
 8049595:       3b 7d d8                cmp    0xffffffd8(%ebp),%edi
 8049598:       75 9f                   jne    8049539 <rio_readlineb+0x5b>
 804959a:       eb 0b                   jmp    80495a7 <rio_readlineb+0xc9>
 804959c:       8b 45 dc                mov    0xffffffdc(%ebp),%eax
 804959f:       89 45 e0                mov    %eax,0xffffffe0(%ebp)
 80495a2:       bf 01 00 00 00          mov    $0x1,%edi
 80495a7:       8b 55 e0                mov    0xffffffe0(%ebp),%edx
 80495aa:       c6 02 00                movb   $0x0,(%edx)
 80495ad:       eb 07                   jmp    80495b6 <rio_readlineb+0xd8>
 80495af:       b8 00 00 00 00          mov    $0x0,%eax
 80495b4:       eb c5                   jmp    804957b <rio_readlineb+0x9d>
 80495b6:       89 f8                   mov    %edi,%eax
 80495b8:       83 c4 2c                add    $0x2c,%esp
 80495bb:       5b                      pop    %ebx
 80495bc:       5e                      pop    %esi
 80495bd:       5f                      pop    %edi
 80495be:       5d                      pop    %ebp
 80495bf:       c3                      ret    

080495c0 <submitr>:
 80495c0:       55                      push   %ebp
 80495c1:       89 e5                   mov    %esp,%ebp
 80495c3:       57                      push   %edi
 80495c4:       56                      push   %esi
 80495c5:       53                      push   %ebx
 80495c6:       81 ec 5c a0 00 00       sub    $0xa05c,%esp
 80495cc:       8b 75 0c                mov    0xc(%ebp),%esi
 80495cf:       c7 85 d4 7f ff ff 00    movl   $0x0,0xffff7fd4(%ebp)
 80495d6:       00 00 00 
 80495d9:       c7 44 24 08 00 00 00    movl   $0x0,0x8(%esp)
 80495e0:       00 
 80495e1:       c7 44 24 04 01 00 00    movl   $0x1,0x4(%esp)
 80495e8:       00 
 80495e9:       c7 04 24 02 00 00 00    movl   $0x2,(%esp)
 80495f0:       e8 cf f1 ff ff          call   80487c4 <socket@plt>
 80495f5:       89 85 bc 5f ff ff       mov    %eax,0xffff5fbc(%ebp)
 80495fb:       85 c0                   test   %eax,%eax
 80495fd:       79 51                   jns    8049650 <submitr+0x90>
 80495ff:       8b 45 20                mov    0x20(%ebp),%eax
 8049602:       c7 00 45 72 72 6f       movl   $0x6f727245,(%eax)
 8049608:       c7 40 04 72 3a 20 43    movl   $0x43203a72,0x4(%eax)
 804960f:       c7 40 08 6c 69 65 6e    movl   $0x6e65696c,0x8(%eax)
 8049616:       c7 40 0c 74 20 75 6e    movl   $0x6e752074,0xc(%eax)
 804961d:       c7 40 10 61 62 6c 65    movl   $0x656c6261,0x10(%eax)
 8049624:       c7 40 14 20 74 6f 20    movl   $0x206f7420,0x14(%eax)
 804962b:       c7 40 18 63 72 65 61    movl   $0x61657263,0x18(%eax)
 8049632:       c7 40 1c 74 65 20 73    movl   $0x73206574,0x1c(%eax)
 8049639:       c7 40 20 6f 63 6b 65    movl   $0x656b636f,0x20(%eax)
 8049640:       66 c7 40 24 74 00       movw   $0x74,0x24(%eax)
 8049646:       b9 ff ff ff ff          mov    $0xffffffff,%ecx
 804964b:       e9 17 07 00 00          jmp    8049d67 <submitr+0x7a7>
 8049650:       8b 45 08                mov    0x8(%ebp),%eax
 8049653:       89 04 24                mov    %eax,(%esp)
 8049656:       e8 79 f2 ff ff          call   80488d4 <gethostbyname@plt>
 804965b:       89 c1                   mov    %eax,%ecx
 804965d:       85 c0                   test   %eax,%eax
 804965f:       75 71                   jne    80496d2 <submitr+0x112>
 8049661:       8b 4d 20                mov    0x20(%ebp),%ecx
 8049664:       c7 01 45 72 72 6f       movl   $0x6f727245,(%ecx)
 804966a:       c7 41 04 72 3a 20 44    movl   $0x44203a72,0x4(%ecx)
 8049671:       c7 41 08 4e 53 20 69    movl   $0x6920534e,0x8(%ecx)
 8049678:       c7 41 0c 73 20 75 6e    movl   $0x6e752073,0xc(%ecx)
 804967f:       c7 41 10 61 62 6c 65    movl   $0x656c6261,0x10(%ecx)
 8049686:       c7 41 14 20 74 6f 20    movl   $0x206f7420,0x14(%ecx)
 804968d:       c7 41 18 72 65 73 6f    movl   $0x6f736572,0x18(%ecx)
 8049694:       c7 41 1c 6c 76 65 20    movl   $0x2065766c,0x1c(%ecx)
 804969b:       c7 41 20 73 65 72 76    movl   $0x76726573,0x20(%ecx)
 80496a2:       c7 41 24 65 72 20 61    movl   $0x61207265,0x24(%ecx)
 80496a9:       c7 41 28 64 64 72 65    movl   $0x65726464,0x28(%ecx)
 80496b0:       66 c7 41 2c 73 73       movw   $0x7373,0x2c(%ecx)
 80496b6:       c6 41 2e 00             movb   $0x0,0x2e(%ecx)
 80496ba:       8b 9d bc 5f ff ff       mov    0xffff5fbc(%ebp),%ebx
 80496c0:       89 1c 24                mov    %ebx,(%esp)
 80496c3:       e8 8c f1 ff ff          call   8048854 <close@plt>
 80496c8:       b9 ff ff ff ff          mov    $0xffffffff,%ecx
 80496cd:       e9 95 06 00 00          jmp    8049d67 <submitr+0x7a7>
 80496d2:       8d 5d e4                lea    0xffffffe4(%ebp),%ebx
 80496d5:       c7 45 e4 00 00 00 00    movl   $0x0,0xffffffe4(%ebp)
 80496dc:       c7 45 e8 00 00 00 00    movl   $0x0,0xffffffe8(%ebp)
 80496e3:       c7 45 ec 00 00 00 00    movl   $0x0,0xffffffec(%ebp)
 80496ea:       c7 45 f0 00 00 00 00    movl   $0x0,0xfffffff0(%ebp)
 80496f1:       66 c7 45 e4 02 00       movw   $0x2,0xffffffe4(%ebp)
 80496f7:       8d 55 e8                lea    0xffffffe8(%ebp),%edx
 80496fa:       8b 40 0c                mov    0xc(%eax),%eax
 80496fd:       89 44 24 08             mov    %eax,0x8(%esp)
 8049701:       89 54 24 04             mov    %edx,0x4(%esp)
 8049705:       8b 41 10                mov    0x10(%ecx),%eax
 8049708:       8b 00                   mov    (%eax),%eax
 804970a:       89 04 24                mov    %eax,(%esp)
 804970d:       e8 c2 f0 ff ff          call   80487d4 <bcopy@plt>
 8049712:       89 f0                   mov    %esi,%eax
 8049714:       66 c1 c8 08             ror    $0x8,%ax
 8049718:       66 89 45 e6             mov    %ax,0xffffffe6(%ebp)
 804971c:       c7 44 24 08 10 00 00    movl   $0x10,0x8(%esp)
 8049723:       00 
 8049724:       89 5c 24 04             mov    %ebx,0x4(%esp)
 8049728:       8b 85 bc 5f ff ff       mov    0xffff5fbc(%ebp),%eax
 804972e:       89 04 24                mov    %eax,(%esp)
 8049731:       e8 de ef ff ff          call   8048714 <connect@plt>
 8049736:       85 c0                   test   %eax,%eax
 8049738:       79 63                   jns    804979d <submitr+0x1dd>
 804973a:       8b 4d 20                mov    0x20(%ebp),%ecx
 804973d:       c7 01 45 72 72 6f       movl   $0x6f727245,(%ecx)
 8049743:       c7 41 04 72 3a 20 55    movl   $0x55203a72,0x4(%ecx)
 804974a:       c7 41 08 6e 61 62 6c    movl   $0x6c62616e,0x8(%ecx)
 8049751:       c7 41 0c 65 20 74 6f    movl   $0x6f742065,0xc(%ecx)
 8049758:       c7 41 10 20 63 6f 6e    movl   $0x6e6f6320,0x10(%ecx)
 804975f:       c7 41 14 6e 65 63 74    movl   $0x7463656e,0x14(%ecx)
 8049766:       c7 41 18 20 74 6f 20    movl   $0x206f7420,0x18(%ecx)
 804976d:       c7 41 1c 74 68 65 20    movl   $0x20656874,0x1c(%ecx)
 8049774:       c7 41 20 73 65 72 76    movl   $0x76726573,0x20(%ecx)
 804977b:       66 c7 41 24 65 72       movw   $0x7265,0x24(%ecx)
 8049781:       c6 41 26 00             movb   $0x0,0x26(%ecx)
 8049785:       8b 9d bc 5f ff ff       mov    0xffff5fbc(%ebp),%ebx
 804978b:       89 1c 24                mov    %ebx,(%esp)
 804978e:       e8 c1 f0 ff ff          call   8048854 <close@plt>
 8049793:       b9 ff ff ff ff          mov    $0xffffffff,%ecx
 8049798:       e9 ca 05 00 00          jmp    8049d67 <submitr+0x7a7>
 804979d:       bb ff ff ff ff          mov    $0xffffffff,%ebx
 80497a2:       8b 7d 1c                mov    0x1c(%ebp),%edi
 80497a5:       fc                      cld    
 80497a6:       89 d9                   mov    %ebx,%ecx
 80497a8:       b8 00 00 00 00          mov    $0x0,%eax
 80497ad:       f2 ae                   repnz scas %es:(%edi),%al
 80497af:       89 ce                   mov    %ecx,%esi
 80497b1:       f7 d6                   not    %esi
 80497b3:       8b 7d 10                mov    0x10(%ebp),%edi
 80497b6:       89 d9                   mov    %ebx,%ecx
 80497b8:       f2 ae                   repnz scas %es:(%edi),%al
 80497ba:       89 ca                   mov    %ecx,%edx
 80497bc:       f7 d2                   not    %edx
 80497be:       8b 7d 14                mov    0x14(%ebp),%edi
 80497c1:       89 d9                   mov    %ebx,%ecx
 80497c3:       f2 ae                   repnz scas %es:(%edi),%al
 80497c5:       f7 d1                   not    %ecx
 80497c7:       89 8d b8 5f ff ff       mov    %ecx,0xffff5fb8(%ebp)
 80497cd:       8b 7d 18                mov    0x18(%ebp),%edi
 80497d0:       89 d9                   mov    %ebx,%ecx
 80497d2:       f2 ae                   repnz scas %es:(%edi),%al
 80497d4:       f7 d1                   not    %ecx
 80497d6:       8b 9d b8 5f ff ff       mov    0xffff5fb8(%ebp),%ebx
 80497dc:       8d 44 13 7e             lea    0x7e(%ebx,%edx,1),%eax
 80497e0:       8d 4c 01 ff             lea    0xffffffff(%ecx,%eax,1),%ecx
 80497e4:       8d 44 76 fd             lea    0xfffffffd(%esi,%esi,2),%eax
 80497e8:       01 c1                   add    %eax,%ecx
 80497ea:       81 f9 00 20 00 00       cmp    $0x2000,%ecx
 80497f0:       76 7c                   jbe    804986e <submitr+0x2ae>
 80497f2:       8b 45 20                mov    0x20(%ebp),%eax
 80497f5:       c7 00 45 72 72 6f       movl   $0x6f727245,(%eax)
 80497fb:       c7 40 04 72 3a 20 52    movl   $0x52203a72,0x4(%eax)
 8049802:       c7 40 08 65 73 75 6c    movl   $0x6c757365,0x8(%eax)
 8049809:       c7 40 0c 74 20 73 74    movl   $0x74732074,0xc(%eax)
 8049810:       c7 40 10 72 69 6e 67    movl   $0x676e6972,0x10(%eax)
 8049817:       c7 40 14 20 74 6f 6f    movl   $0x6f6f7420,0x14(%eax)
 804981e:       c7 40 18 20 6c 61 72    movl   $0x72616c20,0x18(%eax)
 8049825:       c7 40 1c 67 65 2e 20    movl   $0x202e6567,0x1c(%eax)
 804982c:       c7 40 20 49 6e 63 72    movl   $0x72636e49,0x20(%eax)
 8049833:       c7 40 24 65 61 73 65    movl   $0x65736165,0x24(%eax)
 804983a:       c7 40 28 20 53 55 42    movl   $0x42555320,0x28(%eax)
 8049841:       c7 40 2c 4d 49 54 52    movl   $0x5254494d,0x2c(%eax)
 8049848:       c7 40 30 5f 4d 41 58    movl   $0x58414d5f,0x30(%eax)
 804984f:       c7 40 34 42 55 46 00    movl   $0x465542,0x34(%eax)
 8049856:       8b 8d bc 5f ff ff       mov    0xffff5fbc(%ebp),%ecx
 804985c:       89 0c 24                mov    %ecx,(%esp)
 804985f:       e8 f0 ef ff ff          call   8048854 <close@plt>
 8049864:       b9 ff ff ff ff          mov    $0xffffffff,%ecx
 8049869:       e9 f9 04 00 00          jmp    8049d67 <submitr+0x7a7>
 804986e:       8d 9d d8 9f ff ff       lea    0xffff9fd8(%ebp),%ebx
 8049874:       c7 44 24 08 00 20 00    movl   $0x2000,0x8(%esp)
 804987b:       00 
 804987c:       c7 44 24 04 00 00 00    movl   $0x0,0x4(%esp)
 8049883:       00 
 8049884:       89 1c 24                mov    %ebx,(%esp)
 8049887:       e8 f8 ee ff ff          call   8048784 <memset@plt>
 804988c:       8b 45 1c                mov    0x1c(%ebp),%eax
 804988f:       89 85 c0 5f ff ff       mov    %eax,0xffff5fc0(%ebp)
 8049895:       89 c7                   mov    %eax,%edi
 8049897:       fc                      cld    
 8049898:       b9 ff ff ff ff          mov    $0xffffffff,%ecx
 804989d:       b8 00 00 00 00          mov    $0x0,%eax
 80498a2:       f2 ae                   repnz scas %es:(%edi),%al
 80498a4:       f7 d1                   not    %ecx
 80498a6:       89 cf                   mov    %ecx,%edi
 80498a8:       83 ef 01                sub    $0x1,%edi
 80498ab:       0f 84 f1 03 00 00       je     8049ca2 <submitr+0x6e2>
 80498b1:       be 00 00 00 00          mov    $0x0,%esi
 80498b6:       8b 8d c0 5f ff ff       mov    0xffff5fc0(%ebp),%ecx
 80498bc:       0f b6 14 0e             movzbl (%esi,%ecx,1),%edx
 80498c0:       80 fa 2a                cmp    $0x2a,%dl
 80498c3:       74 24                   je     80498e9 <submitr+0x329>
 80498c5:       80 fa 2d                cmp    $0x2d,%dl
 80498c8:       74 1f                   je     80498e9 <submitr+0x329>
 80498ca:       80 fa 2e                cmp    $0x2e,%dl
 80498cd:       74 1a                   je     80498e9 <submitr+0x329>
 80498cf:       80 fa 5f                cmp    $0x5f,%dl
 80498d2:       74 15                   je     80498e9 <submitr+0x329>
 80498d4:       8d 42 d0                lea    0xffffffd0(%edx),%eax
 80498d7:       3c 09                   cmp    $0x9,%al
 80498d9:       76 0e                   jbe    80498e9 <submitr+0x329>
 80498db:       8d 42 bf                lea    0xffffffbf(%edx),%eax
 80498de:       3c 19                   cmp    $0x19,%al
 80498e0:       76 07                   jbe    80498e9 <submitr+0x329>
 80498e2:       8d 42 9f                lea    0xffffff9f(%edx),%eax
 80498e5:       3c 19                   cmp    $0x19,%al
 80498e7:       77 07                   ja     80498f0 <submitr+0x330>
 80498e9:       88 13                   mov    %dl,(%ebx)
 80498eb:       83 c3 01                add    $0x1,%ebx
 80498ee:       eb 56                   jmp    8049946 <submitr+0x386>
 80498f0:       80 fa 20                cmp    $0x20,%dl
 80498f3:       75 08                   jne    80498fd <submitr+0x33d>
 80498f5:       c6 03 2b                movb   $0x2b,(%ebx)
 80498f8:       83 c3 01                add    $0x1,%ebx
 80498fb:       eb 49                   jmp    8049946 <submitr+0x386>
 80498fd:       8d 42 e0                lea    0xffffffe0(%edx),%eax
 8049900:       3c 5f                   cmp    $0x5f,%al
 8049902:       76 05                   jbe    8049909 <submitr+0x349>
 8049904:       80 fa 09                cmp    $0x9,%dl
 8049907:       75 4d                   jne    8049956 <submitr+0x396>
 8049909:       0f b6 c2                movzbl %dl,%eax
 804990c:       89 44 24 08             mov    %eax,0x8(%esp)
 8049910:       c7 44 24 04 b0 a4 04    movl   $0x804a4b0,0x4(%esp)
 8049917:       08 
 8049918:       8d 85 cc 5f ff ff       lea    0xffff5fcc(%ebp),%eax
 804991e:       89 04 24                mov    %eax,(%esp)
 8049921:       e8 ce ed ff ff          call   80486f4 <sprintf@plt>
 8049926:       0f b6 85 cc 5f ff ff    movzbl 0xffff5fcc(%ebp),%eax
 804992d:       88 03                   mov    %al,(%ebx)
 804992f:       0f b6 85 cd 5f ff ff    movzbl 0xffff5fcd(%ebp),%eax
 8049936:       88 43 01                mov    %al,0x1(%ebx)
 8049939:       0f b6 85 ce 5f ff ff    movzbl 0xffff5fce(%ebp),%eax
 8049940:       88 43 02                mov    %al,0x2(%ebx)
 8049943:       83 c3 03                add    $0x3,%ebx
 8049946:       83 c6 01                add    $0x1,%esi
 8049949:       39 fe                   cmp    %edi,%esi
 804994b:       0f 84 51 03 00 00       je     8049ca2 <submitr+0x6e2>
 8049951:       e9 60 ff ff ff          jmp    80498b6 <submitr+0x2f6>
 8049956:       c7 44 24 08 43 00 00    movl   $0x43,0x8(%esp)
 804995d:       00 
 804995e:       c7 44 24 04 1c a5 04    movl   $0x804a51c,0x4(%esp)
 8049965:       08 
 8049966:       8b 5d 20                mov    0x20(%ebp),%ebx
 8049969:       89 1c 24                mov    %ebx,(%esp)
 804996c:       e8 83 ee ff ff          call   80487f4 <memcpy@plt>
 8049971:       8b 85 bc 5f ff ff       mov    0xffff5fbc(%ebp),%eax
 8049977:       89 04 24                mov    %eax,(%esp)
 804997a:       e8 d5 ee ff ff          call   8048854 <close@plt>
 804997f:       b9 ff ff ff ff          mov    $0xffffffff,%ecx
 8049984:       e9 de 03 00 00          jmp    8049d67 <submitr+0x7a7>
 8049989:       01 c6                   add    %eax,%esi
 804998b:       89 5c 24 08             mov    %ebx,0x8(%esp)
 804998f:       89 74 24 04             mov    %esi,0x4(%esp)
 8049993:       8b 8d bc 5f ff ff       mov    0xffff5fbc(%ebp),%ecx
 8049999:       89 0c 24                mov    %ecx,(%esp)
 804999c:       e8 d3 ed ff ff          call   8048774 <write@plt>
 80499a1:       85 c0                   test   %eax,%eax
 80499a3:       7f 12                   jg     80499b7 <submitr+0x3f7>
 80499a5:       e8 3a ed ff ff          call   80486e4 <__errno_location@plt>
 80499aa:       83 38 04                cmpl   $0x4,(%eax)
 80499ad:       8d 76 00                lea    0x0(%esi),%esi
 80499b0:       75 10                   jne    80499c2 <submitr+0x402>
 80499b2:       b8 00 00 00 00          mov    $0x0,%eax
 80499b7:       29 c3                   sub    %eax,%ebx
 80499b9:       75 ce                   jne    8049989 <submitr+0x3c9>
 80499bb:       85 ff                   test   %edi,%edi
 80499bd:       8d 76 00                lea    0x0(%esi),%esi
 80499c0:       79 67                   jns    8049a29 <submitr+0x469>
 80499c2:       8b 5d 20                mov    0x20(%ebp),%ebx
 80499c5:       c7 03 45 72 72 6f       movl   $0x6f727245,(%ebx)
 80499cb:       c7 43 04 72 3a 20 43    movl   $0x43203a72,0x4(%ebx)
 80499d2:       c7 43 08 6c 69 65 6e    movl   $0x6e65696c,0x8(%ebx)
 80499d9:       c7 43 0c 74 20 75 6e    movl   $0x6e752074,0xc(%ebx)
 80499e0:       c7 43 10 61 62 6c 65    movl   $0x656c6261,0x10(%ebx)
 80499e7:       c7 43 14 20 74 6f 20    movl   $0x206f7420,0x14(%ebx)
 80499ee:       c7 43 18 77 72 69 74    movl   $0x74697277,0x18(%ebx)
 80499f5:       c7 43 1c 65 20 74 6f    movl   $0x6f742065,0x1c(%ebx)
 80499fc:       c7 43 20 20 74 68 65    movl   $0x65687420,0x20(%ebx)
 8049a03:       c7 43 24 20 73 65 72    movl   $0x72657320,0x24(%ebx)
 8049a0a:       c7 43 28 76 65 72 00    movl   $0x726576,0x28(%ebx)
 8049a11:       8b 85 bc 5f ff ff       mov    0xffff5fbc(%ebp),%eax
 8049a17:       89 04 24                mov    %eax,(%esp)
 8049a1a:       e8 35 ee ff ff          call   8048854 <close@plt>
 8049a1f:       b9 ff ff ff ff          mov    $0xffffffff,%ecx
 8049a24:       e9 3e 03 00 00          jmp    8049d67 <submitr+0x7a7>
 8049a29:       8b 8d bc 5f ff ff       mov    0xffff5fbc(%ebp),%ecx
 8049a2f:       89 8d d8 df ff ff       mov    %ecx,0xffffdfd8(%ebp)
 8049a35:       c7 85 dc df ff ff 00    movl   $0x0,0xffffdfdc(%ebp)
 8049a3c:       00 00 00 
 8049a3f:       8d 85 d8 df ff ff       lea    0xffffdfd8(%ebp),%eax
 8049a45:       8d 95 e4 df ff ff       lea    0xffffdfe4(%ebp),%edx
 8049a4b:       89 95 e0 df ff ff       mov    %edx,0xffffdfe0(%ebp)
 8049a51:       8d 95 d8 bf ff ff       lea    0xffffbfd8(%ebp),%edx
 8049a57:       b9 00 20 00 00          mov    $0x2000,%ecx
 8049a5c:       e8 7d fa ff ff          call   80494de <rio_readlineb>
 8049a61:       85 c0                   test   %eax,%eax
 8049a63:       7f 7b                   jg     8049ae0 <submitr+0x520>
 8049a65:       8b 5d 20                mov    0x20(%ebp),%ebx
 8049a68:       c7 03 45 72 72 6f       movl   $0x6f727245,(%ebx)
 8049a6e:       c7 43 04 72 3a 20 43    movl   $0x43203a72,0x4(%ebx)
 8049a75:       c7 43 08 6c 69 65 6e    movl   $0x6e65696c,0x8(%ebx)
 8049a7c:       c7 43 0c 74 20 75 6e    movl   $0x6e752074,0xc(%ebx)
 8049a83:       c7 43 10 61 62 6c 65    movl   $0x656c6261,0x10(%ebx)
 8049a8a:       c7 43 14 20 74 6f 20    movl   $0x206f7420,0x14(%ebx)
 8049a91:       c7 43 18 72 65 61 64    movl   $0x64616572,0x18(%ebx)
 8049a98:       c7 43 1c 20 66 69 72    movl   $0x72696620,0x1c(%ebx)
 8049a9f:       c7 43 20 73 74 20 68    movl   $0x68207473,0x20(%ebx)
 8049aa6:       c7 43 24 65 61 64 65    movl   $0x65646165,0x24(%ebx)
 8049aad:       c7 43 28 72 20 66 72    movl   $0x72662072,0x28(%ebx)
 8049ab4:       c7 43 2c 6f 6d 20 73    movl   $0x73206d6f,0x2c(%ebx)
 8049abb:       c7 43 30 65 72 76 65    movl   $0x65767265,0x30(%ebx)
 8049ac2:       66 c7 43 34 72 00       movw   $0x72,0x34(%ebx)
 8049ac8:       8b 85 bc 5f ff ff       mov    0xffff5fbc(%ebp),%eax
 8049ace:       89 04 24                mov    %eax,(%esp)
 8049ad1:       e8 7e ed ff ff          call   8048854 <close@plt>
 8049ad6:       b9 ff ff ff ff          mov    $0xffffffff,%ecx
 8049adb:       e9 87 02 00 00          jmp    8049d67 <submitr+0x7a7>
 8049ae0:       8d 9d d4 5f ff ff       lea    0xffff5fd4(%ebp),%ebx
 8049ae6:       89 5c 24 10             mov    %ebx,0x10(%esp)
 8049aea:       8d 85 d4 7f ff ff       lea    0xffff7fd4(%ebp),%eax
 8049af0:       89 44 24 0c             mov    %eax,0xc(%esp)
 8049af4:       8d 85 d8 7f ff ff       lea    0xffff7fd8(%ebp),%eax
 8049afa:       89 44 24 08             mov    %eax,0x8(%esp)
 8049afe:       c7 44 24 04 b7 a4 04    movl   $0x804a4b7,0x4(%esp)
 8049b05:       08 
 8049b06:       8d 85 d8 bf ff ff       lea    0xffffbfd8(%ebp),%eax
 8049b0c:       89 04 24                mov    %eax,(%esp)
 8049b0f:       e8 a0 ed ff ff          call   80488b4 <sscanf@plt>
 8049b14:       8b 85 d4 7f ff ff       mov    0xffff7fd4(%ebp),%eax
 8049b1a:       3d c8 00 00 00          cmp    $0xc8,%eax
 8049b1f:       74 51                   je     8049b72 <submitr+0x5b2>
 8049b21:       89 5c 24 0c             mov    %ebx,0xc(%esp)
 8049b25:       89 44 24 08             mov    %eax,0x8(%esp)
 8049b29:       c7 44 24 04 60 a5 04    movl   $0x804a560,0x4(%esp)
 8049b30:       08 
 8049b31:       8b 4d 20                mov    0x20(%ebp),%ecx
 8049b34:       89 0c 24                mov    %ecx,(%esp)
 8049b37:       e8 b8 eb ff ff          call   80486f4 <sprintf@plt>
 8049b3c:       8b 9d bc 5f ff ff       mov    0xffff5fbc(%ebp),%ebx
 8049b42:       89 1c 24                mov    %ebx,(%esp)
 8049b45:       e8 0a ed ff ff          call   8048854 <close@plt>
 8049b4a:       b9 ff ff ff ff          mov    $0xffffffff,%ecx
 8049b4f:       e9 13 02 00 00          jmp    8049d67 <submitr+0x7a7>
 8049b54:       8d 95 d8 bf ff ff       lea    0xffffbfd8(%ebp),%edx
 8049b5a:       8d 85 d8 df ff ff       lea    0xffffdfd8(%ebp),%eax
 8049b60:       b9 00 20 00 00          mov    $0x2000,%ecx
 8049b65:       e8 74 f9 ff ff          call   80494de <rio_readlineb>
 8049b6a:       85 c0                   test   %eax,%eax
 8049b6c:       0f 8e 88 01 00 00       jle    8049cfa <submitr+0x73a>
 8049b72:       8d 9d d8 bf ff ff       lea    0xffffbfd8(%ebp),%ebx
 8049b78:       0f b6 95 d8 bf ff ff    movzbl 0xffffbfd8(%ebp),%edx
 8049b7f:       0f b6 05 c8 a4 04 08    movzbl 0x804a4c8,%eax
 8049b86:       39 c2                   cmp    %eax,%edx
 8049b88:       75 ca                   jne    8049b54 <submitr+0x594>
 8049b8a:       0f b6 95 d9 bf ff ff    movzbl 0xffffbfd9(%ebp),%edx
 8049b91:       0f b6 05 c9 a4 04 08    movzbl 0x804a4c9,%eax
 8049b98:       39 c2                   cmp    %eax,%edx
 8049b9a:       75 b8                   jne    8049b54 <submitr+0x594>
 8049b9c:       0f b6 95 da bf ff ff    movzbl 0xffffbfda(%ebp),%edx
 8049ba3:       0f b6 05 ca a4 04 08    movzbl 0x804a4ca,%eax
 8049baa:       39 c2                   cmp    %eax,%edx
 8049bac:       75 a6                   jne    8049b54 <submitr+0x594>
 8049bae:       8d 85 d8 df ff ff       lea    0xffffdfd8(%ebp),%eax
 8049bb4:       b9 00 20 00 00          mov    $0x2000,%ecx
 8049bb9:       89 da                   mov    %ebx,%edx
 8049bbb:       e8 1e f9 ff ff          call   80494de <rio_readlineb>
 8049bc0:       85 c0                   test   %eax,%eax
 8049bc2:       7f 7c                   jg     8049c40 <submitr+0x680>
 8049bc4:       8b 45 20                mov    0x20(%ebp),%eax
 8049bc7:       c7 00 45 72 72 6f       movl   $0x6f727245,(%eax)
 8049bcd:       c7 40 04 72 3a 20 43    movl   $0x43203a72,0x4(%eax)
 8049bd4:       c7 40 08 6c 69 65 6e    movl   $0x6e65696c,0x8(%eax)
 8049bdb:       c7 40 0c 74 20 75 6e    movl   $0x6e752074,0xc(%eax)
 8049be2:       c7 40 10 61 62 6c 65    movl   $0x656c6261,0x10(%eax)
 8049be9:       c7 40 14 20 74 6f 20    movl   $0x206f7420,0x14(%eax)
 8049bf0:       c7 40 18 72 65 61 64    movl   $0x64616572,0x18(%eax)
 8049bf7:       c7 40 1c 20 73 74 61    movl   $0x61747320,0x1c(%eax)
 8049bfe:       c7 40 20 74 75 73 20    movl   $0x20737574,0x20(%eax)
 8049c05:       c7 40 24 6d 65 73 73    movl   $0x7373656d,0x24(%eax)
 8049c0c:       c7 40 28 61 67 65 20    movl   $0x20656761,0x28(%eax)
 8049c13:       c7 40 2c 66 72 6f 6d    movl   $0x6d6f7266,0x2c(%eax)
 8049c1a:       c7 40 30 20 73 65 72    movl   $0x72657320,0x30(%eax)
 8049c21:       c7 40 34 76 65 72 00    movl   $0x726576,0x34(%eax)
 8049c28:       8b 8d bc 5f ff ff       mov    0xffff5fbc(%ebp),%ecx
 8049c2e:       89 0c 24                mov    %ecx,(%esp)
 8049c31:       e8 1e ec ff ff          call   8048854 <close@plt>
 8049c36:       b9 ff ff ff ff          mov    $0xffffffff,%ecx
 8049c3b:       e9 27 01 00 00          jmp    8049d67 <submitr+0x7a7>
 8049c40:       8d 85 d8 bf ff ff       lea    0xffffbfd8(%ebp),%eax
 8049c46:       89 44 24 04             mov    %eax,0x4(%esp)
 8049c4a:       8b 5d 20                mov    0x20(%ebp),%ebx
 8049c4d:       89 1c 24                mov    %ebx,(%esp)
 8049c50:       e8 bf eb ff ff          call   8048814 <strcpy@plt>
 8049c55:       8b 85 bc 5f ff ff       mov    0xffff5fbc(%ebp),%eax
 8049c5b:       89 04 24                mov    %eax,(%esp)
 8049c5e:       e8 f1 eb ff ff          call   8048854 <close@plt>
 8049c63:       0f b6 13                movzbl (%ebx),%edx
 8049c66:       0f b6 05 cb a4 04 08    movzbl 0x804a4cb,%eax
 8049c6d:       39 c2                   cmp    %eax,%edx
 8049c6f:       75 27                   jne    8049c98 <submitr+0x6d8>
 8049c71:       0f b6 53 01             movzbl 0x1(%ebx),%edx
 8049c75:       0f b6 05 cc a4 04 08    movzbl 0x804a4cc,%eax
 8049c7c:       39 c2                   cmp    %eax,%edx
 8049c7e:       75 18                   jne    8049c98 <submitr+0x6d8>
 8049c80:       0f b6 53 02             movzbl 0x2(%ebx),%edx
 8049c84:       0f b6 05 cd a4 04 08    movzbl 0x804a4cd,%eax
 8049c8b:       b9 00 00 00 00          mov    $0x0,%ecx
 8049c90:       39 c2                   cmp    %eax,%edx
 8049c92:       0f 84 cf 00 00 00       je     8049d67 <submitr+0x7a7>
 8049c98:       b9 ff ff ff ff          mov    $0xffffffff,%ecx
 8049c9d:       e9 c5 00 00 00          jmp    8049d67 <submitr+0x7a7>
 8049ca2:       8d 85 d8 9f ff ff       lea    0xffff9fd8(%ebp),%eax
 8049ca8:       89 44 24 14             mov    %eax,0x14(%esp)
 8049cac:       8b 4d 18                mov    0x18(%ebp),%ecx
 8049caf:       89 4c 24 10             mov    %ecx,0x10(%esp)
 8049cb3:       8b 5d 14                mov    0x14(%ebp),%ebx
 8049cb6:       89 5c 24 0c             mov    %ebx,0xc(%esp)
 8049cba:       8b 45 10                mov    0x10(%ebp),%eax
 8049cbd:       89 44 24 08             mov    %eax,0x8(%esp)
 8049cc1:       c7 44 24 04 90 a5 04    movl   $0x804a590,0x4(%esp)
 8049cc8:       08 
 8049cc9:       8d b5 d8 bf ff ff       lea    0xffffbfd8(%ebp),%esi
 8049ccf:       89 34 24                mov    %esi,(%esp)
 8049cd2:       e8 1d ea ff ff          call   80486f4 <sprintf@plt>
 8049cd7:       89 f7                   mov    %esi,%edi
 8049cd9:       fc                      cld    
 8049cda:       b9 ff ff ff ff          mov    $0xffffffff,%ecx
 8049cdf:       b8 00 00 00 00          mov    $0x0,%eax
 8049ce4:       f2 ae                   repnz scas %es:(%edi),%al
 8049ce6:       f7 d1                   not    %ecx
 8049ce8:       89 cf                   mov    %ecx,%edi
 8049cea:       83 ef 01                sub    $0x1,%edi
 8049ced:       0f 84 36 fd ff ff       je     8049a29 <submitr+0x469>
 8049cf3:       89 fb                   mov    %edi,%ebx
 8049cf5:       e9 91 fc ff ff          jmp    804998b <submitr+0x3cb>
 8049cfa:       8b 4d 20                mov    0x20(%ebp),%ecx
 8049cfd:       c7 01 45 72 72 6f       movl   $0x6f727245,(%ecx)
 8049d03:       c7 41 04 72 3a 20 43    movl   $0x43203a72,0x4(%ecx)
 8049d0a:       c7 41 08 6c 69 65 6e    movl   $0x6e65696c,0x8(%ecx)
 8049d11:       c7 41 0c 74 20 75 6e    movl   $0x6e752074,0xc(%ecx)
 8049d18:       c7 41 10 61 62 6c 65    movl   $0x656c6261,0x10(%ecx)
 8049d1f:       c7 41 14 20 74 6f 20    movl   $0x206f7420,0x14(%ecx)
 8049d26:       c7 41 18 72 65 61 64    movl   $0x64616572,0x18(%ecx)
 8049d2d:       c7 41 1c 20 68 65 61    movl   $0x61656820,0x1c(%ecx)
 8049d34:       c7 41 20 64 65 72 73    movl   $0x73726564,0x20(%ecx)
 8049d3b:       c7 41 24 20 66 72 6f    movl   $0x6f726620,0x24(%ecx)
 8049d42:       c7 41 28 6d 20 73 65    movl   $0x6573206d,0x28(%ecx)
 8049d49:       c7 41 2c 72 76 65 72    movl   $0x72657672,0x2c(%ecx)
 8049d50:       c6 41 30 00             movb   $0x0,0x30(%ecx)
 8049d54:       8b 9d bc 5f ff ff       mov    0xffff5fbc(%ebp),%ebx
 8049d5a:       89 1c 24                mov    %ebx,(%esp)
 8049d5d:       e8 f2 ea ff ff          call   8048854 <close@plt>
 8049d62:       b9 ff ff ff ff          mov    $0xffffffff,%ecx
 8049d67:       89 c8                   mov    %ecx,%eax
 8049d69:       81 c4 5c a0 00 00       add    $0xa05c,%esp
 8049d6f:       5b                      pop    %ebx
 8049d70:       5e                      pop    %esi
 8049d71:       5f                      pop    %edi
 8049d72:       5d                      pop    %ebp
 8049d73:       c3                      ret    

08049d74 <driver_post>:
 8049d74:       55                      push   %ebp
 8049d75:       89 e5                   mov    %esp,%ebp
 8049d77:       83 ec 28                sub    $0x28,%esp
 8049d7a:       89 5d f8                mov    %ebx,0xfffffff8(%ebp)
 8049d7d:       89 75 fc                mov    %esi,0xfffffffc(%ebp)
 8049d80:       8b 4d 08                mov    0x8(%ebp),%ecx
 8049d83:       8b 75 0c                mov    0xc(%ebp),%esi
 8049d86:       8b 5d 14                mov    0x14(%ebp),%ebx
 8049d89:       83 7d 10 00             cmpl   $0x0,0x10(%ebp)
 8049d8d:       74 20                   je     8049daf <driver_post+0x3b>
 8049d8f:       89 74 24 04             mov    %esi,0x4(%esp)
 8049d93:       c7 04 24 ce a4 04 08    movl   $0x804a4ce,(%esp)
 8049d9a:       e8 85 ea ff ff          call   8048824 <printf@plt>
 8049d9f:       66 c7 03 4f 4b          movw   $0x4b4f,(%ebx)
 8049da4:       c6 43 02 00             movb   $0x0,0x2(%ebx)
 8049da8:       b8 00 00 00 00          mov    $0x0,%eax
 8049dad:       eb 52                   jmp    8049e01 <driver_post+0x8d>
 8049daf:       85 c9                   test   %ecx,%ecx
 8049db1:       74 40                   je     8049df3 <driver_post+0x7f>
 8049db3:       0f b6 11                movzbl (%ecx),%edx
 8049db6:       0f b6 05 ca a4 04 08    movzbl 0x804a4ca,%eax
 8049dbd:       39 c2                   cmp    %eax,%edx
 8049dbf:       74 32                   je     8049df3 <driver_post+0x7f>
 8049dc1:       89 5c 24 18             mov    %ebx,0x18(%esp)
 8049dc5:       89 74 24 14             mov    %esi,0x14(%esp)
 8049dc9:       c7 44 24 10 e5 a4 04    movl   $0x804a4e5,0x10(%esp)
 8049dd0:       08 
 8049dd1:       89 4c 24 0c             mov    %ecx,0xc(%esp)
 8049dd5:       c7 44 24 08 ec a4 04    movl   $0x804a4ec,0x8(%esp)
 8049ddc:       08 
 8049ddd:       c7 44 24 04 26 47 00    movl   $0x4726,0x4(%esp)
 8049de4:       00 
 8049de5:       c7 04 24 84 a4 04 08    movl   $0x804a484,(%esp)
 8049dec:       e8 cf f7 ff ff          call   80495c0 <submitr>
 8049df1:       eb 0e                   jmp    8049e01 <driver_post+0x8d>
 8049df3:       66 c7 03 4f 4b          movw   $0x4b4f,(%ebx)
 8049df8:       c6 43 02 00             movb   $0x0,0x2(%ebx)
 8049dfc:       b8 00 00 00 00          mov    $0x0,%eax
 8049e01:       8b 5d f8                mov    0xfffffff8(%ebp),%ebx
 8049e04:       8b 75 fc                mov    0xfffffffc(%ebp),%esi
 8049e07:       89 ec                   mov    %ebp,%esp
 8049e09:       5d                      pop    %ebp
 8049e0a:       c3                      ret    

08049e0b <sigalrm_handler>:
 8049e0b:       55                      push   %ebp
 8049e0c:       89 e5                   mov    %esp,%ebp
 8049e0e:       83 ec 18                sub    $0x18,%esp
 8049e11:       c7 44 24 08 00 00 00    movl   $0x0,0x8(%esp)
 8049e18:       00 
 8049e19:       c7 44 24 04 dc a5 04    movl   $0x804a5dc,0x4(%esp)
 8049e20:       08 
 8049e21:       a1 c0 c1 04 08          mov    0x804c1c0,%eax
 8049e26:       89 04 24                mov    %eax,(%esp)
 8049e29:       e8 46 ea ff ff          call   8048874 <fprintf@plt>
 8049e2e:       c7 04 24 01 00 00 00    movl   $0x1,(%esp)
 8049e35:       e8 ba ea ff ff          call   80488f4 <exit@plt>
 8049e3a:       90                      nop    
 8049e3b:       90                      nop    
 8049e3c:       90                      nop    
 8049e3d:       90                      nop    
 8049e3e:       90                      nop    
 8049e3f:       90                      nop    

08049e40 <hash>:
 8049e40:       55                      push   %ebp
 8049e41:       89 e5                   mov    %esp,%ebp
 8049e43:       8b 4d 08                mov    0x8(%ebp),%ecx
 8049e46:       0f b6 11                movzbl (%ecx),%edx
 8049e49:       b8 00 00 00 00          mov    $0x0,%eax
 8049e4e:       84 d2                   test   %dl,%dl
 8049e50:       74 19                   je     8049e6b <hash+0x2b>
 8049e52:       b8 00 00 00 00          mov    $0x0,%eax
 8049e57:       0f be d2                movsbl %dl,%edx
 8049e5a:       6b c0 67                imul   $0x67,%eax,%eax
 8049e5d:       8d 04 02                lea    (%edx,%eax,1),%eax
 8049e60:       0f b6 51 01             movzbl 0x1(%ecx),%edx
 8049e64:       83 c1 01                add    $0x1,%ecx
 8049e67:       84 d2                   test   %dl,%dl
 8049e69:       75 ec                   jne    8049e57 <hash+0x17>
 8049e6b:       5d                      pop    %ebp
 8049e6c:       c3                      ret    

08049e6d <check>:
 8049e6d:       55                      push   %ebp
 8049e6e:       89 e5                   mov    %esp,%ebp
 8049e70:       8b 55 08                mov    0x8(%ebp),%edx
 8049e73:       89 d0                   mov    %edx,%eax
 8049e75:       c1 e8 1c                shr    $0x1c,%eax
 8049e78:       85 c0                   test   %eax,%eax
 8049e7a:       74 1c                   je     8049e98 <check+0x2b>
 8049e7c:       b9 00 00 00 00          mov    $0x0,%ecx
 8049e81:       89 d0                   mov    %edx,%eax
 8049e83:       d3 e8                   shr    %cl,%eax
 8049e85:       3c 0a                   cmp    $0xa,%al
 8049e87:       74 0f                   je     8049e98 <check+0x2b>
 8049e89:       83 c1 08                add    $0x8,%ecx
 8049e8c:       83 f9 20                cmp    $0x20,%ecx
 8049e8f:       75 f0                   jne    8049e81 <check+0x14>
 8049e91:       b8 01 00 00 00          mov    $0x1,%eax
 8049e96:       eb 05                   jmp    8049e9d <check+0x30>
 8049e98:       b8 00 00 00 00          mov    $0x0,%eax
 8049e9d:       5d                      pop    %ebp
 8049e9e:       66 90                   xchg   %ax,%ax
 8049ea0:       c3                      ret    

08049ea1 <gencookie>:
 8049ea1:       55                      push   %ebp
 8049ea2:       89 e5                   mov    %esp,%ebp
 8049ea4:       53                      push   %ebx
 8049ea5:       83 ec 04                sub    $0x4,%esp
 8049ea8:       8b 45 08                mov    0x8(%ebp),%eax
 8049eab:       89 04 24                mov    %eax,(%esp)
 8049eae:       e8 8d ff ff ff          call   8049e40 <hash>
 8049eb3:       89 04 24                mov    %eax,(%esp)
 8049eb6:       e8 49 e8 ff ff          call   8048704 <srand@plt>
 8049ebb:       e8 e4 e9 ff ff          call   80488a4 <rand@plt>
 8049ec0:       89 c3                   mov    %eax,%ebx
 8049ec2:       89 04 24                mov    %eax,(%esp)
 8049ec5:       e8 a3 ff ff ff          call   8049e6d <check>
 8049eca:       85 c0                   test   %eax,%eax
 8049ecc:       74 ed                   je     8049ebb <gencookie+0x1a>
 8049ece:       89 d8                   mov    %ebx,%eax
 8049ed0:       83 c4 04                add    $0x4,%esp
 8049ed3:       5b                      pop    %ebx
 8049ed4:       5d                      pop    %ebp
 8049ed5:       c3                      ret    
 8049ed6:       90                      nop    
 8049ed7:       90                      nop    
 8049ed8:       90                      nop    
 8049ed9:       90                      nop    
 8049eda:       90                      nop    
 8049edb:       90                      nop    
 8049edc:       90                      nop    
 8049edd:       90                      nop    
 8049ede:       90                      nop    
 8049edf:       90                      nop    

08049ee0 <__libc_csu_fini>:
 8049ee0:       55                      push   %ebp
 8049ee1:       89 e5                   mov    %esp,%ebp
 8049ee3:       5d                      pop    %ebp
 8049ee4:       c3                      ret    
 8049ee5:       8d 74 26 00             lea    0x0(%esi),%esi
 8049ee9:       8d bc 27 00 00 00 00    lea    0x0(%edi),%edi

08049ef0 <__libc_csu_init>:
 8049ef0:       55                      push   %ebp
 8049ef1:       89 e5                   mov    %esp,%ebp
 8049ef3:       57                      push   %edi
 8049ef4:       56                      push   %esi
 8049ef5:       53                      push   %ebx
 8049ef6:       e8 5e 00 00 00          call   8049f59 <__i686.get_pc_thunk.bx>
 8049efb:       81 c3 e5 11 00 00       add    $0x11e5,%ebx
 8049f01:       83 ec 1c                sub    $0x1c,%esp
 8049f04:       e8 b3 e7 ff ff          call   80486bc <_init>
 8049f09:       8d 83 20 ff ff ff       lea    0xffffff20(%ebx),%eax
 8049f0f:       89 45 f0                mov    %eax,0xfffffff0(%ebp)
 8049f12:       8d 83 20 ff ff ff       lea    0xffffff20(%ebx),%eax
 8049f18:       29 45 f0                sub    %eax,0xfffffff0(%ebp)
 8049f1b:       c1 7d f0 02             sarl   $0x2,0xfffffff0(%ebp)
 8049f1f:       8b 55 f0                mov    0xfffffff0(%ebp),%edx
 8049f22:       85 d2                   test   %edx,%edx
 8049f24:       74 2b                   je     8049f51 <__libc_csu_init+0x61>
 8049f26:       31 ff                   xor    %edi,%edi
 8049f28:       89 c6                   mov    %eax,%esi
 8049f2a:       8d b6 00 00 00 00       lea    0x0(%esi),%esi
 8049f30:       8b 45 10                mov    0x10(%ebp),%eax
 8049f33:       83 c7 01                add    $0x1,%edi
 8049f36:       89 44 24 08             mov    %eax,0x8(%esp)
 8049f3a:       8b 45 0c                mov    0xc(%ebp),%eax
 8049f3d:       89 44 24 04             mov    %eax,0x4(%esp)
 8049f41:       8b 45 08                mov    0x8(%ebp),%eax
 8049f44:       89 04 24                mov    %eax,(%esp)
 8049f47:       ff 16                   call   *(%esi)
 8049f49:       83 c6 04                add    $0x4,%esi
 8049f4c:       39 7d f0                cmp    %edi,0xfffffff0(%ebp)
 8049f4f:       75 df                   jne    8049f30 <__libc_csu_init+0x40>
 8049f51:       83 c4 1c                add    $0x1c,%esp
 8049f54:       5b                      pop    %ebx
 8049f55:       5e                      pop    %esi
 8049f56:       5f                      pop    %edi
 8049f57:       5d                      pop    %ebp
 8049f58:       c3                      ret    

08049f59 <__i686.get_pc_thunk.bx>:
 8049f59:       8b 1c 24                mov    (%esp),%ebx
 8049f5c:       c3                      ret    
 8049f5d:       90                      nop    
 8049f5e:       90                      nop    
 8049f5f:       90                      nop    

08049f60 <__do_global_ctors_aux>:
 8049f60:       55                      push   %ebp
 8049f61:       89 e5                   mov    %esp,%ebp
 8049f63:       53                      push   %ebx
 8049f64:       bb 00 b0 04 08          mov    $0x804b000,%ebx
 8049f69:       83 ec 04                sub    $0x4,%esp
 8049f6c:       a1 00 b0 04 08          mov    0x804b000,%eax
 8049f71:       83 f8 ff                cmp    $0xffffffff,%eax
 8049f74:       74 0c                   je     8049f82 <__do_global_ctors_aux+0x22>
 8049f76:       83 eb 04                sub    $0x4,%ebx
 8049f79:       ff d0                   call   *%eax
 8049f7b:       8b 03                   mov    (%ebx),%eax
 8049f7d:       83 f8 ff                cmp    $0xffffffff,%eax
 8049f80:       75 f4                   jne    8049f76 <__do_global_ctors_aux+0x16>
 8049f82:       83 c4 04                add    $0x4,%esp
 8049f85:       5b                      pop    %ebx
 8049f86:       5d                      pop    %ebp
 8049f87:       c3                      ret    
Disassembly of section .fini:

08049f88 <_fini>:
 8049f88:       55                      push   %ebp
 8049f89:       89 e5                   mov    %esp,%ebp
 8049f8b:       53                      push   %ebx
 8049f8c:       83 ec 04                sub    $0x4,%esp
 8049f8f:       e8 00 00 00 00          call   8049f94 <_fini+0xc>
 8049f94:       5b                      pop    %ebx
 8049f95:       81 c3 4c 11 00 00       add    $0x114c,%ebx
 8049f9b:       e8 c0 e9 ff ff          call   8048960 <__do_global_dtors_aux>
 8049fa0:       59                      pop    %ecx
 8049fa1:       5b                      pop    %ebx
 8049fa2:       c9                      leave  
 8049fa3:       c3                      ret   

Open in new window

0
jps154
Asked:
jps154
  • 3
1 Solution
 
jps154Author Commented:
What I've been using gdb to monitor the ebp, but I can't figure out a way to override the pointer to 0x8048b84, which resets %eax to 1.  (I can get get %eax set to my cookie, but it gets reset by the next instruction.)
0
 
jps154Author Commented:
Nevermind.  I was able to figure it out myself.  The trick was to have the pointer to the exploit code further down the stack.  (higher %ebp address)
0
 
jps154Author Commented:
I was able to figure it out myself with some assistance from two other threads on this site.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now