global _end global _init global main global _start global __x86.get_pc_thunk.bx global __libc_csu_init global __libc_csu_fini global _fini: function global _fp_hw global _IO_stdin_used global __data_start global data_start global __dso_handle global __TMC_END__ global __bss_start global _edata extern _ITM_registerTMCloneTable extern __isoc99_scanf@@GLIBC_2.7 extern _Jv_RegisterClasses extern __printf_chk@@GLIBC_2.3.4 extern __libc_start_main@@GLIBC_2.0 extern __gmon_start__ extern __stack_chk_fail@@GLIBC_2.4 extern _ITM_deregisterTMCloneTable extern __isoc99_scanf extern __printf_chk extern __libc_start_main extern __gmon_start__ extern __stack_chk_fail SECTION .interp align=1 noexecute db 2FH,6CH,69H,62H,2FH,6CH,64H,2DH db 6CH,69H,6EH,75H,78H,2EH,73H,6FH db 2EH,32H,00H SECTION .note.ABI-tag align=4 noexecute db 04H,00H,00H,00H,10H,00H,00H,00H db 01H,00H,00H,00H,47H,4EH,55H,00H db 00H,00H,00H,00H,02H,00H,00H,00H db 06H,00H,00H,00H,20H,00H,00H,00H SECTION .note.gnu.build-id align=4 noexecute db 04H,00H,00H,00H,14H,00H,00H,00H db 03H,00H,00H,00H,47H,4EH,55H,00H db 0DEH,0AFH,2CH,73H,0CCH,62H,0E9H,24H db 23H,56H,01H,0CFH,3FH,76H,90H,95H db 0E0H,75H,0D6H,05H SECTION .gnu.hash align=4 noexecute db 06H,00H,00H,00H,0ADH,4BH,0E3H,0C0H SECTION .dynsym align=4 noexecute db 0BH,00H,00H,00H,8CH,86H,04H,08H db 04H,00H,00H,00H,11H,00H,10H,00H SECTION .dynstr align=1 noexecute db 00H,6CH,69H,62H,63H,2EH,73H,6FH db 2EH,36H,00H,5FH,49H,4FH,5FH,73H db 74H,64H,69H,6EH,5FH,75H,73H,65H db 64H,00H,5FH,5FH,70H,72H,69H,6EH db 74H,66H,5FH,63H,68H,6BH,00H,5FH db 5FH,69H,73H,6FH,63H,39H,39H,5FH db 73H,63H,61H,6EH,66H,00H,5FH,5FH db 73H,74H,61H,63H,6BH,5FH,63H,68H db 6BH,5FH,66H,61H,69H,6CH,00H,5FH db 5FH,6CH,69H,62H,63H,5FH,73H,74H db 61H,72H,74H,5FH,6DH,61H,69H,6EH db 00H,5FH,5FH,67H,6DH,6FH,6EH,5FH db 73H,74H,61H,72H,74H,5FH,5FH,00H db 47H,4CH,49H,42H,43H,5FH,32H,2EH db 37H,00H,47H,4CH,49H,42H,43H,5FH db 32H,2EH,33H,2EH,34H,00H,47H,4CH db 49H,42H,43H,5FH,32H,2EH,30H,00H db 47H,4CH,49H,42H,43H,5FH,32H,2EH db 34H,00H SECTION .gnu.version align=2 noexecute db 00H,00H,02H,00H,00H,00H,03H,00H db 04H,00H,05H,00H,01H,00H SECTION .gnu.version_r align=4 noexecute db 17H,69H,69H,0DH,00H,00H,05H,00H db 74H,19H,69H,09H,00H,00H,04H,00H db 10H,69H,69H,0DH,00H,00H,03H,00H db 14H,69H,69H,0DH,00H,00H,02H,00H SECTION .rel.dyn align=4 noexecute db 0FCH,9FH,04H,08H,06H,02H,00H,00H SECTION .rel.plt align=4 noexecute db 0CH,0A0H,04H,08H,07H,01H,00H,00H db 10H,0A0H,04H,08H,07H,03H,00H,00H db 14H,0A0H,04H,08H,07H,04H,00H,00H db 18H,0A0H,04H,08H,07H,05H,00H,00H SECTION .init align=4 execute _init: push ebx sub esp,8 call __x86.get_pc_thunk.bx add ebx,7331 mov eax,dword [ebx-4H] test eax,eax jz ?_001 call ?_011 ?_001: add esp,8 pop ebx ret SECTION .plt align=16 execute ?_002: push dword [?_023] jmp near [?_024] db 00H,00H,00H,00H ?_003: jmp near [?_025] ?_004: push 0 jmp ?_002 ?_005: jmp near [?_026] ?_006: push 8 jmp ?_002 ?_007: jmp near [?_027] ?_008: push 16 jmp ?_002 ?_009: jmp near [?_028] ?_010: push 24 jmp ?_002 SECTION .plt.got align=8 execute ?_011: jmp near [?_022] ALIGN 8 SECTION .text align=16 execute main: lea ecx,[esp+4H] and esp,0FFFFFFF0H push dword [ecx-4H] push ebp mov ebp,esp push edi push esi push ebx push ecx sub esp,116 mov eax,dword [gs:14H] mov dword [ebp-1CH],eax xor eax,eax lea eax,[ebp-2CH] push eax lea eax,[ebp-30H] push eax lea eax,[ebp-34H] push eax lea eax,[ebp-38H] push eax lea eax,[ebp-3CH] push eax lea eax,[ebp-40H] push eax lea eax,[ebp-44H] push eax lea eax,[ebp-48H] push eax lea eax,[ebp-4CH] push eax lea eax,[ebp-20H] push eax lea eax,[ebp-24H] push eax lea eax,[ebp-28H] push eax push ?_020 call ?_009 mov edx,dword [ebp-28H] mov ecx,dword [ebp-20H] add esp,60 mov eax,dword [ebp-4CH] mov esi,dword [ebp-44H] mov ebx,dword [ebp-48H] sub eax,edx sub esi,ecx mov edi,eax mov dword [ebp-60H],esi mov dword [ebp-4CH],eax mov dword [ebp-44H],esi mov eax,dword [ebp-24H] mov esi,dword [ebp-3CH] mov dword [ebp-6CH],edi sub ebx,eax sub esi,eax mov dword [ebp-5CH],ebx mov dword [ebp-48H],ebx mov dword [ebp-68H],esi mov dword [ebp-3CH],esi mov esi,dword [ebp-34H] mov ebx,dword [ebp-40H] imul edi,dword [ebp-68H] sub esi,edx sub ebx,edx mov dword [ebp-34H],esi mov edx,esi mov esi,dword [ebp-30H] mov dword [ebp-64H],ebx mov dword [ebp-40H],ebx mov ebx,dword [ebp-38H] sub esi,eax mov eax,dword [ebp-2CH] mov dword [ebp-30H],esi sub ebx,ecx sub eax,ecx mov dword [ebp-38H],ebx imul edi,eax mov ecx,eax mov dword [ebp-2CH],eax mov eax,dword [ebp-5CH] imul ecx,dword [ebp-5CH] imul eax,ebx imul eax,edx add edi,eax mov eax,dword [ebp-60H] imul eax,dword [ebp-64H] imul eax,esi imul esi,dword [ebp-6CH] imul ecx,dword [ebp-64H] imul edx,dword [ebp-60H] add eax,edi imul edx,dword [ebp-68H] imul esi,ebx sub eax,esi sub eax,ecx sub eax,edx mov edx,715827883 mov edi,eax imul edx sar edi,31 sub edx,edi push edx push ?_021 push 1 call ?_007 add esp,16 mov eax,dword [ebp-1CH] xor eax,dword [gs:14H] jnz ?_012 lea esp,[ebp-10H] pop ecx pop ebx pop esi pop edi pop ebp lea esp,[ecx-4H] ret ?_012: call ?_003 _start: xor ebp,ebp pop esi mov ecx,esp and esp,0FFFFFFF0H push eax push esp push edx push __libc_csu_fini push __libc_csu_init push ecx push esi push main call ?_005 hlt ALIGN 8 __x86.get_pc_thunk.bx: mov ebx,dword [esp] ret ALIGN 16 deregister_tm_clones: mov eax,?_029 sub eax,134520868 cmp eax,6 jbe ?_013 mov eax,0 test eax,eax jz ?_013 push ebp mov ebp,esp sub esp,20 push _edata call eax add esp,16 leave ?_013: ret nop ALIGN 8 register_tm_clones: mov eax,_edata sub eax,134520868 sar eax,2 mov edx,eax shr edx,31 add eax,edx sar eax,1 jz ?_014 mov edx,0 test edx,edx jz ?_014 push ebp mov ebp,esp sub esp,16 push eax push _edata call edx add esp,16 leave ?_014: ret ALIGN 16 __do_global_dtors_aux: cmp byte [_edata],0 jnz ?_015 push ebp mov ebp,esp sub esp,8 call deregister_tm_clones mov byte [_edata],1 leave ?_015: ret ALIGN 8 frame_dummy: mov eax,__JCR_LIST__ mov edx,dword [eax] test edx,edx jnz ?_017 ?_016: jmp register_tm_clones ALIGN 8 ?_017: mov edx,0 test edx,edx jz ?_016 push ebp mov ebp,esp sub esp,20 push eax call edx add esp,16 leave jmp register_tm_clones ALIGN 8 __libc_csu_init: push ebp push edi push esi push ebx call __x86.get_pc_thunk.bx add ebx,6631 sub esp,12 mov ebp,dword [esp+20H] lea esi,[ebx-0F4H] call _init lea eax,[ebx-0F8H] sub esi,eax sar esi,2 test esi,esi jz ?_019 xor edi,edi ALIGN 8 ?_018: sub esp,4 push dword [esp+2CH] push dword [esp+2CH] push ebp call near [ebx+edi*4-0F8H] add edi,1 add esp,16 cmp edi,esi jnz ?_018 ?_019: add esp,12 pop ebx pop esi pop edi pop ebp ret ALIGN 8 __libc_csu_fini: ret SECTION .fini align=4 execute _fini: push ebx sub esp,8 call __x86.get_pc_thunk.bx add ebx,6531 add esp,8 pop ebx ret SECTION .rodata align=4 noexecute _fp_hw: dd 00000003H _IO_stdin_used: dd 00020001H ?_020: db 25H,64H,25H,64H,25H,64H,25H,64H db 25H,64H,25H,64H,25H,64H,25H,64H db 25H,64H,25H,64H,25H,64H ?_021: db 25H,64H,00H SECTION .eh_frame_hdr align=4 noexecute __GNU_EH_FRAME_HDR: db 01H,1BH,03H,3BH,28H,00H,00H,00H db 04H,00H,00H,00H,0D4H,0FCH,0FFH,0FFH db 44H,00H,00H,00H,34H,0FDH,0FFH,0FFH db 68H,00H,00H,00H,64H,0FFH,0FFH,0FFH db 0B0H,00H,00H,00H,0C4H,0FFH,0FFH,0FFH db 0FCH,00H,00H,00H SECTION .eh_frame align=4 noexecute db 01H,7AH,52H,00H,01H,7CH,08H,01H db 1BH,0CH,04H,04H,88H,01H,00H,00H db 88H,0FCH,0FFH,0FFH,50H,00H,00H,00H db 00H,0EH,08H,46H,0EH,0CH,4AH,0FH db 0BH,74H,04H,78H,00H,3FH,1AH,3BH db 2AH,32H,24H,22H,44H,00H,00H,00H db 40H,00H,00H,00H,0C4H,0FCH,0FFH,0FFH db 38H,01H,00H,00H,00H,44H,0CH,01H db 00H,47H,10H,05H,02H,75H,00H,46H db 0FH,03H,75H,70H,06H,10H,07H,02H db 75H,7CH,10H,06H,02H,75H,78H,10H db 03H,02H,75H,74H,03H,1AH,01H,0AH db 0C1H,0CH,01H,00H,41H,0C3H,41H,0C6H db 41H,0C7H,41H,0C5H,43H,0CH,04H,04H db 41H,0BH,00H,00H,48H,00H,00H,00H db 88H,00H,00H,00H,0ACH,0FEH,0FFH,0FFH db 5DH,00H,00H,00H,00H,41H,0EH,08H db 85H,02H,41H,0EH,0CH,87H,03H,41H db 0EH,10H,86H,04H,41H,0EH,14H,83H db 05H,4EH,0EH,20H,69H,0EH,24H,44H db 0EH,28H,44H,0EH,2CH,41H,0EH,30H db 4DH,0EH,20H,47H,0EH,14H,41H,0C3H db 0EH,10H,41H,0C6H,0EH,0CH,41H,0C7H db 0EH,08H,41H,0C5H,0EH,04H,00H,00H db 0C0H,0FEH,0FFH,0FFH,02H,00H,00H,00H __FRAME_END__: db 00H,00H,00H,00H SECTION .init_array align=4 noexecute __init_array_start: __frame_dummy_init_array_entry: db 0E0H,85H,04H,08H SECTION .fini_array align=4 noexecute __init_array_end: __do_global_dtors_aux_fini_array_entry: db 0C0H,85H,04H,08H SECTION .jcr align=4 noexecute __JCR_END__: __JCR_LIST__: db 00H,00H,00H,00H SECTION .dynamic align=4 noexecute _DYNAMIC: db 0CH,00H,00H,00H,54H,83H,04H,08H db 0DH,00H,00H,00H,74H,86H,04H,08H db 19H,00H,00H,00H,08H,9FH,04H,08H db 1AH,00H,00H,00H,0CH,9FH,04H,08H db 0F5H,0FEH,0FFH,6FH,0ACH,81H,04H,08H db 05H,00H,00H,00H,3CH,82H,04H,08H db 06H,00H,00H,00H,0CCH,81H,04H,08H db 03H,00H,00H,00H,00H,0A0H,04H,08H db 17H,00H,00H,00H,34H,83H,04H,08H db 11H,00H,00H,00H,2CH,83H,04H,08H db 0FEH,0FFH,0FFH,6FH,0DCH,82H,04H,08H db 0FFH,0FFH,0FFH,6FH,01H,00H,00H,00H db 0F0H,0FFH,0FFH,6FH,0CEH,82H,04H,08H SECTION .got align=4 noexecute ?_022: dd __gmon_start__ SECTION .got.plt align=4 noexecute _GLOBAL_OFFSET_TABLE_: db 14H,9FH,04H,08H ?_023: dd 00000000H ?_024: dd 00000000H ?_025: dd ?_004 ?_026: dd ?_006 ?_027: dd ?_008 ?_028: dd ?_010 SECTION .data align=4 noexecute __data_start: data_start: db 00H,00H,00H,00H __dso_handle: db 00H,00H,00H,00H SECTION .bss align=1 noexecute __TMC_END__: __bss_start: _edata: completed.7209: resb 3 ?_029: resb 1