API tools faq
paste
Guest User

Untitled

a guest
Jul 5th, 2018
131
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.10 KB | None | 0 0
raw download clone embed print report
  1. ================================================================================
  2. gdb$ disas main
  3. ================================================================================
  4. Dump of assembler code for function main:
  5. 0x08049021 <main+0>: push %ebp
  6. 0x08049022 <main+1>: mov %esp,%ebp
  7. 0x08049024 <main+3>: and $0xfffffff0,%esp
  8. 0x08049027 <main+6>: sub $0x20,%esp
  9. 0x0804902a <main+9>: movl $0x0,0x1c(%esp) ; (0x1c(%esp)) = 0
  10. ; while( 0x1c(%esp) <= 19 ){
  11. 0x08049032 <main+17>: jmp 0x8049055 <main+52>
  12. 0x08049034 <main+19>: mov 0x1c(%esp),%eax
  13. 0x08049038 <main+23>: add $0xd10,%eax ; %eax = (0x1c(%esp)) + 3344
  14. 0x0804903d <main+28>: mov %eax,(%esp)
  15. 0x08049040 <main+31>: call 0x8048c11 <setup>
  16. 0x08049045 <main+36>: mov %eax,0x18(%esp) ; 0x18(%esp) = setup(%eax)
  17. 0x08049049 <main+40>: cmpl $0x0,0x18(%esp) ; if( 0x18(%esp) > 0 )
  18. 0x0804904e <main+45>: jg 0x804905e <main+61> ; break;
  19. 0x08049050 <main+47>: addl $0x1,0x1c(%esp) ; (0x1c(%esp)) += 1
  20. 0x08049055 <main+52>: cmpl $0x13,0x1c(%esp)
  21. 0x0804905a <main+57>: jle 0x8049034 <main+19>
  22. 0x0804905c <main+59>: jmp 0x804905f <main+62>
  23. ;}
  24. 0x0804905e <main+61>: nop
  25. ;if( 0x18(%esp) > 0 ){
  26. 0x0804905f <main+62>: cmpl $0x0,0x18(%esp)
  27. 0x08049064 <main+67>: jle 0x8049094 <main+115>
  28. 0x08049066 <main+69>: mov 0x1c(%esp),%eax
  29.  
  30. 0x0804906a <main+73>: lea 0xd10(%eax),%edx ; %edx = (0x1c(%esp)) + 3344
  31. 0x08049070 <main+79>: mov $0x8049227,%eax ; %eax = "port: %d\n"
  32. 0x08049075 <main+84>: mov %edx,0x4(%esp) ;
  33. 0x08049079 <main+88>: mov %eax,(%esp) ;
  34. 0x0804907c <main+91>: call 0x804885c <printf@plt> ; printf("port: %d\n", (0x1c(%esp)) + 3344);
  35.  
  36. 0x08049081 <main+96>: mov 0x18(%esp),%eax
  37. 0x08049085 <main+100>: mov %eax,(%esp)
  38. 0x08049088 <main+103>: call 0x8048d59 <loop> ; loop( 0x18(%esp) )
  39. 0x0804908d <main+108>: mov $0x0,%eax
  40. 0x08049092 <main+113>: leave
  41. 0x08049093 <main+114>: ret ; return 0
  42. ; }else{
  43. 0x08049094 <main+115>: movl $0x8049231,(%esp)
  44. 0x0804909b <main+122>: call 0x80488ac <puts@plt> ; puts("Fail");
  45. 0x080490a0 <main+127>: movl $0x1,(%esp)
  46. 0x080490a7 <main+134>: call 0x80488fc <exit@plt> ; exit(1);
  47. ; }
  48. End of assembler dump.
  49.  
  50.  
  51.  
  52.  
  53. ================================================================================
  54. gdb$ disas setup
  55. ================================================================================
  56. Dump of assembler code for function setup:
  57. 0x08048c11 <setup+0>: push %ebp
  58. 0x08048c12 <setup+1>: mov %esp,%ebp
  59. 0x08048c14 <setup+3>: sub $0x38,%esp
  60. 0x08048c17 <setup+6>: movl $0x1,0x4(%esp)
  61. 0x08048c1f <setup+14>: movl $0x11,(%esp)
  62. 0x08048c26 <setup+21>: call 0x804873c <signal@plt> ; signal(0x11, 1)
  63. 0x08048c2b <setup+26>: movw $0x2,-0x1c(%ebp) ; -0x1c(%ebp) = 2
  64.  
  65. 0x08048c31 <setup+32>: movl $0x0,(%esp)
  66. 0x08048c38 <setup+39>: call 0x80488cc <htonl@plt> ; -0x18(%ebp) = htonl(0)
  67. 0x08048c3d <setup+44>: mov %eax,-0x18(%ebp)
  68.  
  69. 0x08048c40 <setup+47>: mov 0x8(%ebp),%eax
  70. 0x08048c43 <setup+50>: movzwl %ax,%eax
  71. 0x08048c46 <setup+53>: mov %eax,(%esp)
  72. 0x08048c49 <setup+56>: call 0x80487bc <htons@plt>
  73. 0x08048c4e <setup+61>: mov %ax,-0x1a(%ebp) ; -0x1a(%ebp) = htons((short)arg)
  74.  
  75. 0x08048c52 <setup+65>: movl $0x0,0x8(%esp)
  76. 0x08048c5a <setup+73>: movl $0x1,0x4(%esp)
  77. 0x08048c62 <setup+81>: movl $0x2,(%esp)
  78. 0x08048c69 <setup+88>: call 0x804881c <socket@plt> ; -0xc(%ebp) = socket(2,1,0)
  79. 0x08048c6e <setup+93>: mov %eax,-0xc(%ebp)
  80. ; if( -0xc(%ebp) == -1 ){
  81. 0x08048c71 <setup+96>: cmpl $0xffffffff,-0xc(%ebp)
  82. 0x08048c75 <setup+100>: jne 0x8048c8a <setup+121>
  83. 0x08048c77 <setup+102>: movl $0x80491ce,(%esp)
  84. 0x08048c7e <setup+109>: call 0x80487dc <perror@plt> ; perror("socket()")
  85. 0x08048c83 <setup+114>: mov $0xffffffff,%eax
  86. 0x08048c88 <setup+119>: jmp 0x8048ce9 <setup+216> ; return -1;
  87. ; }
  88. 0x08048c8a <setup+121>: lea -0x1c(%ebp),%eax
  89. 0x08048c8d <setup+124>: movl $0x10,0x8(%esp)
  90. 0x08048c95 <setup+132>: mov %eax,0x4(%esp)
  91. 0x08048c99 <setup+136>: mov -0xc(%ebp),%eax
  92. 0x08048c9c <setup+139>: mov %eax,(%esp)
  93. 0x08048c9f <setup+142>: call 0x804886c <bind@plt> ; %eax = bind(-0xc(%ebp), &(0x1c(%ebp)), 16);
  94. ; if( %eax != 0 ){
  95. 0x08048ca4 <setup+147>: test %eax,%eax
  96. 0x08048ca6 <setup+149>: je 0x8048cbb <setup+170>
  97. 0x08048ca8 <setup+151>: movl $0x80491d7,(%esp)
  98. 0x08048caf <setup+158>: call 0x80487dc <perror@plt> ; perror("bind()")
  99. 0x08048cb4 <setup+163>: mov $0xffffffff,%eax ; return -1
  100. 0x08048cb9 <setup+168>: jmp 0x8048ce9 <setup+216>
  101. ; }
  102. 0x08048cbb <setup+170>: movl $0xc8,0x4(%esp)
  103. 0x08048cc3 <setup+178>: mov -0xc(%ebp),%eax
  104. 0x08048cc6 <setup+181>: mov %eax,(%esp)
  105. 0x08048cc9 <setup+184>: call 0x804876c <listen@plt>
  106. 0x08048cce <setup+189>: cmp $0xffffffff,%eax
  107. 0x08048cd1 <setup+192>: jne 0x8048ce6 <setup+213>
  108. 0x08048cd3 <setup+194>: movl $0x80491de,(%esp) ;"listen()"
  109. 0x08048cda <setup+201>: call 0x80487dc <perror@plt>
  110. 0x08048cdf <setup+206>: mov $0xffffffff,%eax
  111. 0x08048ce4 <setup+211>: jmp 0x8048ce9 <setup+216>
  112. 0x08048ce6 <setup+213>: mov -0xc(%ebp),%eax
  113. 0x08048ce9 <setup+216>: leave
  114. 0x08048cea <setup+217>: ret
  115. End of assembler dump.
  116.  
  117.  
  118.  
  119.  
  120.  
  121. ================================================================================
  122. gdb$ disas loop
  123. ================================================================================
  124. Dump of assembler code for function loop:
  125. 0x08048d59 <loop+0>: push %ebp
  126. 0x08048d5a <loop+1>: mov %esp,%ebp
  127. 0x08048d5c <loop+3>: sub $0x38,%esp
  128. 0x08048d5f <loop+6>: movl $0x10,-0x24(%ebp)
  129. 0x08048d66 <loop+13>: lea -0x20(%ebp),%eax
  130. 0x08048d69 <loop+16>: lea -0x24(%ebp),%edx
  131. 0x08048d6c <loop+19>: mov %edx,0x8(%esp)
  132. 0x08048d70 <loop+23>: mov %eax,0x4(%esp)
  133. 0x08048d74 <loop+27>: mov 0x8(%ebp),%eax
  134. 0x08048d77 <loop+30>: mov %eax,(%esp)
  135. 0x08048d7a <loop+33>: call 0x804880c <accept@plt>
  136. 0x08048d7f <loop+38>: mov %eax,-0x10(%ebp)
  137. 0x08048d82 <loop+41>: cmpl $0xffffffff,-0x10(%ebp)
  138. 0x08048d86 <loop+45>: jne 0x8048d96 <loop+61>
  139. 0x08048d88 <loop+47>: movl $0x80491ee,(%esp)
  140. 0x08048d8f <loop+54>: call 0x80487dc <perror@plt>
  141. 0x08048d94 <loop+59>: jmp 0x8048de3 <loop+138>
  142. 0x08048d96 <loop+61>: call 0x80488bc <fork@plt>
  143. 0x08048d9b <loop+66>: mov %eax,-0xc(%ebp)
  144. 0x08048d9e <loop+69>: cmpl $0xffffffff,-0xc(%ebp)
  145. 0x08048da2 <loop+73>: jne 0x8048db2 <loop+89>
  146. 0x08048da4 <loop+75>: movl $0x80491e7,(%esp)
  147. 0x08048dab <loop+82>: call 0x80487dc <perror@plt>
  148. 0x08048db0 <loop+87>: jmp 0x8048de3 <loop+138>
  149. 0x08048db2 <loop+89>: cmpl $0x0,-0xc(%ebp)
  150. 0x08048db6 <loop+93>: jne 0x8048dd6 <loop+125>
  151. 0x08048db8 <loop+95>: mov 0x8(%ebp),%eax
  152. 0x08048dbb <loop+98>: mov %eax,0x4(%esp)
  153. 0x08048dbf <loop+102>: mov -0x10(%ebp),%eax
  154. 0x08048dc2 <loop+105>: mov %eax,(%esp)
  155. 0x08048dc5 <loop+108>: call 0x8048ec1 <handle>
  156. 0x08048dca <loop+113>: movl $0x0,(%esp)
  157. 0x08048dd1 <loop+120>: call 0x80488fc <exit@plt>
  158. 0x08048dd6 <loop+125>: mov -0x10(%ebp),%eax
  159. 0x08048dd9 <loop+128>: mov %eax,(%esp)
  160. 0x08048ddc <loop+131>: call 0x804887c <close@plt>
  161. 0x08048de1 <loop+136>: jmp 0x8048d66 <loop+13>
  162. 0x08048de3 <loop+138>: jmp 0x8048d66 <loop+13>
  163. End of assembler dump.
  164.  
  165.  
  166.  
  167.  
  168. ================================================================================
  169. gdb$ disas handle
  170. ================================================================================
  171. 0x08048ec1 <handle+0>: push %ebp
  172. 0x08048ec2 <handle+1>: mov %esp,%ebp
  173. 0x08048ec4 <handle+3>: sub $0x828,%esp
  174. 0x08048eca <handle+9>: movl $0x258,(%esp)
  175. 0x08048ed1 <handle+16>: call 0x804884c <alarm@plt> ; alarm( 600 )
  176.  
  177. 0x08048ed6 <handle+21>: movl $0x400,0x8(%esp)
  178. 0x08048ede <handle+29>: movl $0x0,0x4(%esp)
  179. 0x08048ee6 <handle+37>: lea -0x40c(%ebp),%eax
  180. 0x08048eec <handle+43>: mov %eax,(%esp)
  181. 0x08048eef <handle+46>: call 0x804877c <memset@plt> ; memset( &(-0x40c(%ebp)), 0, 1024 )
  182.  
  183. 0x08048ef4 <handle+51>: movl $0x400,0x8(%esp)
  184. 0x08048efc <handle+59>: movl $0x0,0x4(%esp)
  185. 0x08048f04 <handle+67>: lea -0x80c(%ebp),%eax
  186. 0x08048f0a <handle+73>: mov %eax,(%esp)
  187. 0x08048f0d <handle+76>: call 0x804877c <memset@plt> ; memset( &(-0x80c(%ebp)), 0, 1024 )
  188.  
  189. 0x08048f12 <handle+81>: movl $0x0,0xc(%esp)
  190. 0x08048f1a <handle+89>: movl $0xa,0x8(%esp)
  191. 0x08048f22 <handle+97>: movl $0x8049211,0x4(%esp) ;"username:"
  192. 0x08048f2a <handle+105>: mov 0x8(%ebp),%eax
  193. 0x08048f2d <handle+108>: mov %eax,(%esp)
  194. 0x08048f30 <handle+111>: call 0x804889c <send@plt> ; send( 0x8(%ebp), "username:", 0xa, 0 )
  195.  
  196. 0x08048f35 <handle+116>: movl $0x0,0xc(%esp)
  197. 0x08048f3d <handle+124>: movl $0x3ff,0x8(%esp)
  198. 0x08048f45 <handle+132>: lea -0x40c(%ebp),%eax
  199. 0x08048f4b <handle+138>: mov %eax,0x4(%esp)
  200. 0x08048f4f <handle+142>: mov 0x8(%ebp),%eax
  201. 0x08048f52 <handle+145>: mov %eax,(%esp)
  202. 0x08048f55 <handle+148>: call 0x804875c <recv@plt> ; -0xc(%ebp) = recv( 0x8(%ebp), &(-0x40c(%ebp)), 1023, 0 )
  203. 0x08048f5a <handle+153>: mov %eax,-0xc(%ebp)
  204. ; if( -0xc(%ebp) > 0 ){
  205. 0x08048f5d <handle+156>: cmpl $0x0,-0xc(%ebp)
  206. 0x08048f61 <handle+160>: jle 0x8048f71 <handle+176>
  207. 0x08048f63 <handle+162>: mov -0xc(%ebp),%eax
  208. 0x08048f66 <handle+165>: sub $0x1,%eax ; -0xc(%ebp) - 1
  209. 0x08048f69 <handle+168>: movb $0x0,-0x40c(%ebp,%eax,1) ; I think this is null terminating the buffer it doesn't receive anything
  210. ; }
  211. 0x08048f71 <handle+176>: movl $0x0,0xc(%esp)
  212. 0x08048f79 <handle+184>: movl $0xa,0x8(%esp)
  213. 0x08048f81 <handle+192>: movl $0x804921c,0x4(%esp); "password: "
  214. 0x08048f89 <handle+200>: mov 0x8(%ebp),%eax
  215. 0x08048f8c <handle+203>: mov %eax,(%esp)
  216. 0x08048f8f <handle+206>: call 0x804889c <send@plt> ; send( 0x8(%ebp), "password: ", 10, 0 )
  217.  
  218. 0x08048f94 <handle+211>: movl $0x0,0xc(%esp)
  219. 0x08048f9c <handle+219>: movl $0x3ff,0x8(%esp)
  220. 0x08048fa4 <handle+227>: lea -0x80c(%ebp),%eax
  221. 0x08048faa <handle+233>: mov %eax,0x4(%esp)
  222. 0x08048fae <handle+237>: mov 0x8(%ebp),%eax
  223. 0x08048fb1 <handle+240>: mov %eax,(%esp)
  224. 0x08048fb4 <handle+243>: call 0x804875c <recv@plt> ; -0xc(%ebp) = recv( 0x8(%ebp), &(-0x80c(%ebp)), 1023, 0 )
  225. 0x08048fb9 <handle+248>: mov %eax,-0xc(%ebp)
  226.  
  227. 0x08048fbc <handle+251>: cmpl $0x0,-0xc(%ebp)
  228. 0x08048fc0 <handle+255>: jle 0x8048fd0 <handle+271>
  229. 0x08048fc2 <handle+257>: mov -0xc(%ebp),%eax
  230. 0x08048fc5 <handle+260>: sub $0x1,%eax
  231. 0x08048fc8 <handle+263>: movb $0x0,-0x80c(%ebp,%eax,1)
  232.  
  233. 0x08048fd0 <handle+271>: lea -0x80c(%ebp),%eax
  234. 0x08048fd6 <handle+277>: mov %eax,0x4(%esp)
  235. 0x08048fda <handle+281>: lea -0x40c(%ebp),%eax
  236. 0x08048fe0 <handle+287>: mov %eax,(%esp)
  237. 0x08048fe3 <handle+290>: call 0x80489c4 <auth> ; -0xc(%ebp) = auth( -0x40c(%ebp), -0x80c(%ebp) )
  238. 0x08048fe8 <handle+295>: mov %eax,-0xc(%ebp)
  239.  
  240. 0x08048feb <handle+298>: cmpl $0x0,-0xc(%ebp)
  241. 0x08048fef <handle+302>: jne 0x8048ffd <handle+316>
  242. 0x08048ff1 <handle+304>: movl $0x1,(%esp)
  243. 0x08048ff8 <handle+311>: call 0x80488fc <exit@plt>
  244.  
  245. 0x08048ffd <handle+316>: lea -0x40c(%ebp),%eax
  246. 0x08049003 <handle+322>: mov %eax,(%esp)
  247. 0x08049006 <handle+325>: call 0x8048ad9 <findshell> ; %eax = findshell( &(-0x40c(%ebp)) )
  248.  
  249. 0x0804900b <handle+330>: mov 0x8(%ebp),%edx
  250. 0x0804900e <handle+333>: mov %edx,0x4(%esp)
  251. 0x08049012 <handle+337>: mov %eax,(%esp)
  252. 0x08049015 <handle+340>: call 0x8048bab <makeshell> ; makeshell( %eax, 0x8(%ebp) )
  253.  
  254. 0x0804901a <handle+345>: mov $0x0,%eax
  255. 0x0804901f <handle+350>: leave
  256. 0x08049020 <handle+351>: ret
  257. End of assembler dump.
  258.  
  259.  
  260.  
  261.  
  262. ================================================================================
  263. gdb$ disas auth
  264. ================================================================================
  265. Dump of assembler code for function auth:
  266. 0x080489c4 <auth+0>: push %ebp
  267. 0x080489c5 <auth+1>: mov %esp,%ebp
  268. 0x080489c7 <auth+3>: sub $0x28,%esp
  269. 0x080489ca <auth+6>: movl $0x0,-0xc(%ebp) ; -0xc(%ebp) = 0
  270. ; while( -0xc(%ebp) <= 1 ) {
  271. 0x080489d1 <auth+13>: jmp 0x8048ac8 <auth+260>
  272. 0x080489d6 <auth+18>: mov -0xc(%ebp),%eax
  273. 0x080489d9 <auth+21>: imul $0xc08,%eax,%eax
  274. 0x080489df <auth+27>: add $0x804a3e0,%eax ;"level3"
  275. 0x080489e4 <auth+32>: mov %eax,0x4(%esp)
  276. 0x080489e8 <auth+36>: mov 0x8(%ebp),%eax
  277. 0x080489eb <auth+39>: mov %eax,(%esp)
  278. 0x080489ee <auth+42>: call 0x80488ec <strcmp@plt> ; %eax = strcmp( username, "level3"+((-0xc(%ebp))*3080) );
  279. ; if( %eax != 0 ){
  280. 0x080489f3 <auth+47>: test %eax,%eax
  281. 0x080489f5 <auth+49>: jne 0x8048ac4 <auth+256>
  282.  
  283. 0x080489fb <auth+55>: mov -0xc(%ebp),%eax
  284. 0x080489fe <auth+58>: imul $0xc08,%eax,%eax
  285. 0x08048a04 <auth+64>: add $0x400,%eax
  286. 0x08048a09 <auth+69>: add $0x804a3e0,%eax ;"level3"
  287. 0x08048a0e <auth+74>: mov %eax,0x4(%esp)
  288. 0x08048a12 <auth+78>: mov 0xc(%ebp),%eax
  289. 0x08048a15 <auth+81>: mov %eax,(%esp)
  290. 0x08048a18 <auth+84>: call 0x80488ec <strcmp@plt> ; %eax = strcmp( 0xc(%ebp), "level3"+1024+(3080*(-0xc(%ebp))) )
  291. ; if( %eax != 0 ){
  292. 0x08048a1d <auth+89>: test %eax,%eax
  293. 0x08048a1f <auth+91>: jne 0x8048ac4 <auth+256>
  294.  
  295. 0x08048a25 <auth+97>: mov -0xc(%ebp),%eax
  296. 0x08048a28 <auth+100>: imul $0xc08,%eax,%eax
  297. 0x08048a2e <auth+106>: mov 0x804abe4(%eax),%eax
  298. 0x08048a34 <auth+112>: mov %eax,0x4(%esp)
  299. 0x08048a38 <auth+116>: mov 0x8(%ebp),%eax
  300. 0x08048a3b <auth+119>: mov %eax,(%esp)
  301. 0x08048a3e <auth+122>: call 0x804888c <initgroups@plt>
  302. 0x08048a43 <auth+127>: mov -0xc(%ebp),%eax
  303. 0x08048a46 <auth+130>: imul $0xc08,%eax,%eax
  304. 0x08048a4c <auth+136>: mov 0x804abe4(%eax),%ecx
  305. 0x08048a52 <auth+142>: mov -0xc(%ebp),%eax
  306. 0x08048a55 <auth+145>: imul $0xc08,%eax,%eax
  307. 0x08048a5b <auth+151>: mov 0x804abe4(%eax),%edx
  308. 0x08048a61 <auth+157>: mov -0xc(%ebp),%eax
  309. 0x08048a64 <auth+160>: imul $0xc08,%eax,%eax
  310. 0x08048a6a <auth+166>: mov 0x804abe4(%eax),%eax
  311. 0x08048a70 <auth+172>: mov %ecx,0x8(%esp)
  312. 0x08048a74 <auth+176>: mov %edx,0x4(%esp)
  313. 0x08048a78 <auth+180>: mov %eax,(%esp)
  314. 0x08048a7b <auth+183>: call 0x80487fc <setresgid@plt>
  315. 0x08048a80 <auth+188>: mov -0xc(%ebp),%eax
  316. 0x08048a83 <auth+191>: imul $0xc08,%eax,%eax
  317. 0x08048a89 <auth+197>: mov 0x804abe0(%eax),%ecx
  318. 0x08048a8f <auth+203>: mov -0xc(%ebp),%eax
  319. 0x08048a92 <auth+206>: imul $0xc08,%eax,%eax
  320. 0x08048a98 <auth+212>: mov 0x804abe0(%eax),%edx
  321. 0x08048a9e <auth+218>: mov -0xc(%ebp),%eax
  322. 0x08048aa1 <auth+221>: imul $0xc08,%eax,%eax
  323. 0x08048aa7 <auth+227>: mov 0x804abe0(%eax),%eax
  324. 0x08048aad <auth+233>: mov %ecx,0x8(%esp)
  325. 0x08048ab1 <auth+237>: mov %edx,0x4(%esp)
  326. 0x08048ab5 <auth+241>: mov %eax,(%esp)
  327. 0x08048ab8 <auth+244>: call 0x80487ec <setresuid@plt>
  328. 0x08048abd <auth+249>: mov $0x1,%eax
  329. 0x08048ac2 <auth+254>: jmp 0x8048ad7 <auth+275> ; break
  330. ; }
  331. ; }
  332. 0x08048ac4 <auth+256>: addl $0x1,-0xc(%ebp) ; -0xc(%ebp) += 1
  333.  
  334. 0x08048ac8 <auth+260>: cmpl $0x1,-0xc(%ebp)
  335. 0x08048acc <auth+264>: jle 0x80489d6 <auth+18>
  336. ; }
  337.  
  338. 0x08048ad2 <auth+270>: mov $0x0,%eax
  339. 0x08048ad7 <auth+275>: leave
  340. 0x08048ad8 <auth+276>: ret ; return 0
  341. End of assembler dump.
  342.  
  343.  
  344.  
  345.  
  346. ================================================================================
  347. gdb$ disas findshell
  348. ================================================================================
  349. 0x08048ad9 <findshell+0>: push %ebp
  350. 0x08048ada <findshell+1>: mov %esp,%ebp
  351. 0x08048adc <findshell+3>: sub $0x28,%esp
  352. 0x08048adf <findshell+6>: movl $0x0,-0xc(%ebp)
  353. 0x08048ae6 <findshell+13>: jmp 0x8048b25 <findshell+76>
  354. 0x08048ae8 <findshell+15>: mov -0xc(%ebp),%eax
  355. 0x08048aeb <findshell+18>: imul $0xc08,%eax,%eax
  356. 0x08048af1 <findshell+24>: add $0x804a3e0,%eax ;"level3"
  357. 0x08048af6 <findshell+29>: mov %eax,0x4(%esp)
  358. 0x08048afa <findshell+33>: mov 0x8(%ebp),%eax
  359. 0x08048afd <findshell+36>: mov %eax,(%esp)
  360. 0x08048b00 <findshell+39>: call 0x80488ec <strcmp@plt>
  361. 0x08048b05 <findshell+44>: test %eax,%eax
  362. 0x08048b07 <findshell+46>: jne 0x8048b21 <findshell+72>
  363. 0x08048b09 <findshell+48>: mov -0xc(%ebp),%eax
  364. 0x08048b0c <findshell+51>: imul $0xc08,%eax,%eax
  365. 0x08048b12 <findshell+57>: add $0x800,%eax
  366. 0x08048b17 <findshell+62>: add $0x804a3e0,%eax ;"level3"
  367. 0x08048b1c <findshell+67>: add $0x8,%eax
  368. 0x08048b1f <findshell+70>: jmp 0x8048b30 <findshell+87>
  369. 0x08048b21 <findshell+72>: addl $0x1,-0xc(%ebp)
  370. 0x08048b25 <findshell+76>: cmpl $0x1,-0xc(%ebp)
  371. 0x08048b29 <findshell+80>: jle 0x8048ae8 <findshell+15>
  372. 0x08048b2b <findshell+82>: mov $0x8049170,%eax ;"/usr/sbin/nologin"
  373. 0x08048b30 <findshell+87>: leave
  374. 0x08048b31 <findshell+88>: ret
  375. End of assembler dump.
  376.  
  377.  
  378.  
  379.  
  380. ================================================================================
  381. gdb$ disas makeshell
  382. ================================================================================
  383. Dump of assembler code for function makeshell:
  384. 0x08048bab <makeshell+0>: push %ebp
  385. 0x08048bac <makeshell+1>: mov %esp,%ebp
  386. 0x08048bae <makeshell+3>: sub $0x18,%esp
  387. 0x08048bb1 <makeshell+6>: movl $0x0,0x4(%esp)
  388. 0x08048bb9 <makeshell+14>: mov 0xc(%ebp),%eax
  389. 0x08048bbc <makeshell+17>: mov %eax,(%esp)
  390. 0x08048bbf <makeshell+20>: call 0x804882c <dup2@plt>
  391. 0x08048bc4 <makeshell+25>: movl $0x1,0x4(%esp)
  392. 0x08048bcc <makeshell+33>: mov 0xc(%ebp),%eax
  393. 0x08048bcf <makeshell+36>: mov %eax,(%esp)
  394. 0x08048bd2 <makeshell+39>: call 0x804882c <dup2@plt>
  395. 0x08048bd7 <makeshell+44>: movl $0x2,0x4(%esp)
  396. 0x08048bdf <makeshell+52>: mov 0xc(%ebp),%eax
  397. 0x08048be2 <makeshell+55>: mov %eax,(%esp)
  398. 0x08048be5 <makeshell+58>: call 0x804882c <dup2@plt>
  399. 0x08048bea <makeshell+63>: movl $0x0,0x8(%esp)
  400. 0x08048bf2 <makeshell+71>: movl $0x80491bf,0x4(%esp) ;"logind-session"
  401. 0x08048bfa <makeshell+79>: mov 0x8(%ebp),%eax
  402. 0x08048bfd <makeshell+82>: mov %eax,(%esp)
  403. 0x08048c00 <makeshell+85>: call 0x80487ac <execl@plt>
  404. 0x08048c05 <makeshell+90>: movl $0x2,(%esp)
  405. 0x08048c0c <makeshell+97>: call 0x80488fc <exit@plt>
  406. End of assembler dump.
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!