比赛没有多少时间参加,赛后复盘了下,感觉时间够是能做出来的,就是年纪大了,思维定势太厉害,不好纠正。
程序用ptrace分父子进程,父进程调试子进程,子进程中有很多代码片段,父进程用int3进行断点调试,同时负责调度执行的代码段,实现类似虚拟机的功能。
开始的时候用IDA设置断点,慢慢跟踪代码的执行,发现太慢了,跑完一遍都需要20多分钟。
后来干脆把父进程的处理逻辑复制出现,用python模拟代码执行:
python
arrayaddr=0x606AC0
ins_array=[0x0000000000607160, 0x0000000000607FE0, 0x0000000000401EB4, 0x00000000004009F7, 0x0000000000607540, 0x00000000004008D0, 0x0000000000401EA5, 0x0000000000400AFD, 0x0000000000000000, 0x0000000000606F00, 0x0000000000000000, 0x0000000000400B03, 0x0000000000607DC0, 0x0000000000607E00, 0x0000000000401EB4, 0x0000000000400B6E, 0x0000000000607920, 0x0000000000400870, 0x0000000000401EA5, 0x0000000000400B79, 0x0000000000608000, 0x0000000000607460, 0x0000000000401CA6, 0x0000000000400B7C, 0x00000000006077C0, 0x0000000000607EA0, 0x0000000000401D22, 0x0000000000400B81, 0x00000000006071E0, 0x0000000000607BA0, 0x0000000000401EB4, 0x0000000000400BAB, 0x0000000000607140, 0x0000000000608120, 0x0000000000401D22, 0x0000000000400BBE, 0x0000000000607840, 0x0000000000400830, 0x0000000000401EA5, 0x0000000000400BEB, 0x00000000006070A0, 0x0000000000400870, 0x0000000000401EA5, 0x0000000000400BF8, 0x0000000000607BE0, 0x0000000000607120, 0x0000000000401EB4, 0x0000000000400BFE, 0x0000000000607AC0, 0x0000000000607F60, 0x0000000000401EB4, 0x0000000000400C10, 0x0000000000607600, 0x0000000000607D20, 0x0000000000401D5B, 0x0000000000400C25, 0x0000000000607B80, 0x0000000000607BA0, 0x0000000000401EB4, 0x0000000000400C34, 0x0000000000000000, 0x0000000000608100, 0x0000000000000000, 0x0000000000400C47, 0x0000000000606B80, 0x0000000000400900, 0x0000000000401EA5, 0x0000000000400C4F, 0x0000000000607B60, 0x0000000000606EE0, 0x0000000000401CA6, 0x0000000000400C74, 0x00000000006072C0, 0x0000000000607A80, 0x0000000000401CA6, 0x0000000000400C7C, 0x0000000000607CA0, 0x0000000000607F40, 0x0000000000401CA6, 0x0000000000400C84, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x0000000000400C8C, 0x0000000000607280, 0x0000000000606FC0, 0x0000000000401EB4, 0x0000000000400C96, 0x0000000000000000, 0x0000000000607A20, 0x0000000000000000, 0x0000000000400CCF, 0x00000000006079C0, 0x0000000000608060, 0x0000000000401EB4, 0x0000000000400CDF, 0x0000000000000000, 0x00000000006080C0, 0x0000000000000000, 0x0000000000400D1F, 0x0000000000607040, 0x0000000000400810, 0x0000000000401EA5, 0x0000000000400D45, 0x0000000000608020, 0x0000000000607E00, 0x0000000000401EB4, 0x0000000000400D4D, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x0000000000400D58, 0x0000000000000000, 0x0000000000607620, 0x0000000000000000, 0x0000000000400D5B, 0x0000000000606D60, 0x0000000000607120, 0x0000000000401EB4, 0x0000000000400D90, 0x0000000000000000, 0x0000000000607520, 0x0000000000000000, 0x0000000000400DA3, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x0000000000400DDB, 0x0000000000607480, 0x0000000000607340, 0x0000000000401D5B, 0x0000000000400DE0, 0x0000000000606BC0, 0x0000000000400900, 0x0000000000401EA5, 0x0000000000400DEF, 0x0000000000606CA0, 0x0000000000606B00, 0x0000000000401CA6, 0x0000000000400E1A, 0x0000000000000000, 0x00000000006080C0, 0x0000000000000000, 0x0000000000400E22, 0x00000000006077E0, 0x0000000000608060, 0x0000000000401EB4, 0x0000000000400E3A, 0x0000000000606DE0, 0x0000000000400810, 0x0000000000401EA5, 0x0000000000400E55, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x0000000000400E5D, 0x0000000000607100, 0x0000000000606D40, 0x0000000000401D5B, 0x0000000000400F5C, 0x0000000000607EC0, 0x0000000000607860, 0x0000000000401DCD, 0x0000000000400F6A, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x0000000000400F7A, 0x0000000000000000, 0x0000000000607960, 0x0000000000000000, 0x0000000000400F83, 0x0000000000606B20, 0x00000000006080E0, 0x0000000000401CA6, 0x0000000000400FB1, 0x0000000000606C00, 0x0000000000400810, 0x0000000000401EA5, 0x0000000000400FC1, 0x0000000000607080, 0x0000000000607C80, 0x0000000000401EB4, 0x0000000000400FC9, 0x00000000006079E0, 0x0000000000607780, 0x0000000000401EB4, 0x0000000000400FDB, 0x0000000000000000, 0x0000000000606B60, 0x0000000000000000, 0x0000000000400FEE, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x0000000000400FF6, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x0000000000400FF9, 0x0000000000606D40, 0x0000000000400820, 0x0000000000401EA5, 0x0000000000400FFB, 0x0000000000607B40, 0x0000000000606FC0, 0x0000000000401EB4, 0x0000000000400FFC, 0x0000000000000000, 0x0000000000608120, 0x0000000000000000, 0x0000000000401010, 0x0000000000607260, 0x00000000004008A0, 0x0000000000401EA5, 0x0000000000401018, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x0000000000401032, 0x0000000000000000, 0x0000000000606D00, 0x0000000000000000, 0x0000000000401034, 0x0000000000607060, 0x0000000000607C80, 0x0000000000401EB4, 0x000000000040104D, 0x00000000006071C0, 0x0000000000606C40, 0x0000000000401EB4, 0x0000000000401060, 0x0000000000000000, 0x0000000000608100, 0x0000000000000000, 0x0000000000401073, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x0000000000401080, 0x0000000000000000, 0x0000000000606B60, 0x0000000000000000, 0x000000000040117F, 0x0000000000607C40, 0x00000000004008A0, 0x0000000000401EA5, 0x0000000000401184, 0x0000000000607CC0, 0x0000000000607120, 0x0000000000401EB4, 0x000000000040119E, 0x0000000000608140, 0x0000000000607C80, 0x0000000000401EB4, 0x00000000004011B1, 0x0000000000000000, 0x0000000000607A40, 0x0000000000000000, 0x00000000004011C4, 0x0000000000000000, 0x0000000000606CE0, 0x0000000000000000, 0x00000000004011FF, 0x0000000000000000, 0x0000000000607C00, 0x0000000000000000, 0x000000000040120A, 0x0000000000000000, 0x0000000000606FA0, 0x0000000000000000, 0x000000000040120B, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x000000000040120C, 0x00000000006078C0, 0x0000000000608060, 0x0000000000401EB4, 0x0000000000401213, 0x0000000000607D00, 0x0000000000608060, 0x0000000000401EB4, 0x000000000040122E, 0x0000000000607400, 0x0000000000607E00, 0x0000000000401EB4, 0x0000000000401249, 0x0000000000607420, 0x0000000000400810, 0x0000000000401EA5, 0x0000000000401254, 0x0000000000000000, 0x0000000000607F80, 0x0000000000000000, 0x000000000040125C, 0x0000000000607500, 0x0000000000607220, 0x0000000000401EB4, 0x000000000040129F, 0x00000000006074E0, 0x0000000000400810, 0x0000000000401EA5, 0x00000000004012AA, 0x0000000000606DC0, 0x00000000004008D0, 0x0000000000401EA5, 0x00000000004012B2, 0x0000000000000000, 0x00000000006078E0, 0x0000000000000000, 0x00000000004012B8, 0x0000000000607340, 0x0000000000400820, 0x0000000000401EA5, 0x00000000004012C0, 0x0000000000000000, 0x0000000000607C00, 0x0000000000000000, 0x00000000004012C1, 0x0000000000000000, 0x0000000000607B00, 0x0000000000000000, 0x00000000004012C3, 0x0000000000606F60, 0x0000000000400810, 0x0000000000401EA5, 0x00000000004012E7, 0x00000000006080A0, 0x0000000000608060, 0x0000000000401EB4, 0x00000000004012EF, 0x0000000000607000, 0x0000000000606E80, 0x0000000000401CA6, 0x000000000040130A, 0x0000000000606F20, 0x00000000006074A0, 0x0000000000401D5B, 0x0000000000401312, 0x0000000000606F40, 0x0000000000607E80, 0x0000000000401EB4, 0x0000000000401319, 0x0000000000607C60, 0x0000000000606FC0, 0x0000000000401EB4, 0x0000000000401324, 0x0000000000607980, 0x0000000000607C80, 0x0000000000401EB4, 0x000000000040132A, 0x0000000000000000, 0x00000000006077A0, 0x0000000000000000, 0x000000000040133D, 0x0000000000000000, 0x0000000000606D00, 0x0000000000000000, 0x000000000040137F, 0x0000000000607D20, 0x0000000000400820, 0x0000000000401EA5, 0x000000000040138A, 0x00000000006070C0, 0x0000000000606E40, 0x0000000000401CA6, 0x000000000040138B, 0x0000000000000000, 0x0000000000607A40, 0x0000000000000000, 0x0000000000401390, 0x0000000000607320, 0x0000000000400810, 0x0000000000401EA5, 0x00000000004013C3, 0x00000000006075A0, 0x0000000000606C40, 0x0000000000401EB4, 0x00000000004013CE, 0x00000000006078A0, 0x0000000000606FC0, 0x0000000000401EB4, 0x00000000004013E0, 0x0000000000607680, 0x0000000000606C40, 0x0000000000401EB4, 0x00000000004013F4, 0x0000000000606AE0, 0x0000000000607540, 0x0000000000401F0C, 0x0000000000401407, 0x0000000000607AE0, 0x0000000000606DC0, 0x0000000000401EB4, 0x000000000040140F, 0x0000000000607440, 0x0000000000400810, 0x0000000000401EA5, 0x000000000040141C, 0x00000000006076E0, 0x0000000000400860, 0x0000000000401EA5, 0x000000000040142F, 0x0000000000000000, 0x0000000000607A20, 0x0000000000000000, 0x0000000000401441, 0x0000000000607940, 0x0000000000607F60, 0x0000000000401EB4, 0x0000000000401476, 0x0000000000606E20, 0x00000000006075C0, 0x0000000000401CA6, 0x000000000040148B, 0x0000000000000000, 0x0000000000607EA0, 0x0000000000000000, 0x0000000000401490, 0x0000000000000000, 0x0000000000607FA0, 0x0000000000000000, 0x0000000000401498, 0x0000000000607180, 0x0000000000400820, 0x0000000000401EA5, 0x00000000004014A0, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x00000000004014A1, 0x00000000006075E0, 0x0000000000606DC0, 0x0000000000401EB4, 0x00000000004014AD, 0x0000000000000000, 0x0000000000607900, 0x0000000000000000, 0x00000000004014BD, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x00000000004014C4, 0x0000000000607BC0, 0x0000000000606FC0, 0x0000000000401EB4, 0x00000000004014C7, 0x0000000000000000, 0x0000000000607020, 0x0000000000000000, 0x00000000004014CD, 0x0000000000607240, 0x0000000000607DA0, 0x0000000000401CA6, 0x00000000004014D5, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x00000000004014DA, 0x0000000000000000, 0x0000000000607D60, 0x0000000000000000, 0x00000000004014DC, 0x0000000000607F20, 0x00000000006076A0, 0x0000000000401EB4, 0x00000000004014F1, 0x0000000000000000, 0x0000000000606F00, 0x0000000000000000, 0x00000000004014FA, 0x0000000000606C80, 0x0000000000607780, 0x0000000000401EB4, 0x0000000000401505, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x0000000000401518, 0x0000000000000000, 0x0000000000607FA0, 0x0000000000000000, 0x000000000040151A, 0x00000000006076C0, 0x0000000000607BA0, 0x0000000000401EB4, 0x0000000000401525, 0x0000000000607700, 0x0000000000400840, 0x0000000000401EA5, 0x0000000000401538, 0x0000000000607880, 0x0000000000607760, 0x0000000000401CA6, 0x0000000000401561, 0x0000000000607200, 0x0000000000607640, 0x0000000000401C31, 0x0000000000401566, 0x0000000000606C20, 0x0000000000607120, 0x0000000000401EB4, 0x0000000000401576, 0x00000000006071A0, 0x0000000000400900, 0x0000000000401EA5, 0x0000000000401589, 0x00000000006070E0, 0x0000000000400820, 0x0000000000401EA5, 0x000000000040158A, 0x0000000000607820, 0x00000000006076A0, 0x0000000000401EB4, 0x000000000040158B, 0x0000000000607E40, 0x00000000004008C0, 0x0000000000401EA5, 0x0000000000401594, 0x0000000000606EC0, 0x0000000000607F00, 0x0000000000401CA6, 0x000000000040159C, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x00000000004015A1, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x00000000004015AD, 0x0000000000607660, 0x0000000000607E60, 0x0000000000401CA6, 0x00000000004015B2, 0x0000000000607E20, 0x0000000000607BA0, 0x0000000000401EB4, 0x00000000004015BA, 0x0000000000607D40, 0x0000000000607F60, 0x0000000000401EB4, 0x00000000004015CC, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x00000000004015E1, 0x00000000006073E0, 0x0000000000606FC0, 0x0000000000401EB4, 0x00000000004015E3, 0x0000000000607AA0, 0x00000000006070E0, 0x0000000000401D5B, 0x0000000000401612, 0x0000000000607360, 0x0000000000607E80, 0x0000000000401EB4, 0x0000000000401633, 0x0000000000606BE0, 0x00000000004008A0, 0x0000000000401EA5, 0x000000000040163E, 0x00000000006079A0, 0x0000000000606FC0, 0x0000000000401EB4, 0x0000000000401658, 0x0000000000606EA0, 0x0000000000607F60, 0x0000000000401EB4, 0x000000000040165E, 0x0000000000608040, 0x0000000000607960, 0x0000000000401D22, 0x0000000000401672, 0x0000000000607A60, 0x0000000000606FC0, 0x0000000000401EB4, 0x0000000000401684, 0x0000000000000000, 0x0000000000607B00, 0x0000000000000000, 0x00000000004016BF, 0x0000000000606B40, 0x0000000000400900, 0x0000000000401EA5, 0x0000000000401702, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x0000000000401703, 0x0000000000607B20, 0x0000000000606FC0, 0x0000000000401EB4, 0x000000000040170A, 0x00000000006072E0, 0x0000000000606CC0, 0x0000000000401CA6, 0x0000000000401713, 0x0000000000607C20, 0x0000000000607220, 0x0000000000401EB4, 0x000000000040171B, 0x0000000000000000, 0x00000000006078E0, 0x0000000000000000, 0x0000000000401726, 0x0000000000607380, 0x0000000000607220, 0x0000000000401EB4, 0x00000000004017B9, 0x0000000000606E60, 0x0000000000606FC0, 0x0000000000401EB4, 0x00000000004017C4, 0x0000000000000000, 0x0000000000607620, 0x0000000000000000, 0x00000000004017D1, 0x00000000006072A0, 0x0000000000606C40, 0x0000000000401EB4, 0x00000000004017E1, 0x0000000000607800, 0x0000000000607180, 0x0000000000401D5B, 0x00000000004017F4, 0x0000000000607FC0, 0x0000000000400810, 0x0000000000401EA5, 0x0000000000401802, 0x0000000000000000, 0x0000000000607F80, 0x0000000000000000, 0x000000000040180D, 0x0000000000000000, 0x0000000000607D60, 0x0000000000000000, 0x0000000000401831, 0x0000000000000000, 0x0000000000607900, 0x0000000000000000, 0x0000000000401839, 0x0000000000000000, 0x0000000000607020, 0x0000000000000000, 0x0000000000401843, 0x0000000000606BA0, 0x0000000000607780, 0x0000000000401EB4, 0x000000000040184E, 0x0000000000606FE0, 0x0000000000606FC0, 0x0000000000401EB4, 0x000000000040185B, 0x0000000000000000, 0x0000000000606D20, 0x0000000000000000, 0x0000000000401864, 0x0000000000607580, 0x0000000000606FC0, 0x0000000000401EB4, 0x00000000004018A3, 0x0000000000606C60, 0x0000000000607DE0, 0x0000000000401CA6, 0x00000000004018B7, 0x00000000006073A0, 0x0000000000606E00, 0x0000000000401CA6, 0x00000000004018BC, 0x0000000000000000, 0x0000000000606FA0, 0x0000000000000000, 0x00000000004018CC, 0x00000000006073C0, 0x0000000000400810, 0x0000000000401EA5, 0x00000000004018CE, 0x0000000000000000, 0x0000000000000000, 0x0000000000401E96, 0x00000000004018E2, 0x0000000000607560, 0x0000000000607220, 0x0000000000401EB4, 0x00000000004018E5, 0x0000000000000000, 0x0000000000607520, 0x0000000000000000, 0x00000000004018F0, 0x0000000000000000, 0x00000000006077A0, 0x0000000000000000, 0x000000000040193C, 0x0000000000000000, 0x0000000000606D20, 0x0000000000000000, 0x0000000000401953, 0x0000000000607EE0, 0x0000000000608060, 0x0000000000401EB4, 0x000000000040195E, 0x0000000000607300, 0x0000000000607740, 0x0000000000401C31, 0x00000000004019A2, 0x0000000000607D80, 0x0000000000607E00, 0x0000000000401EB4, 0x00000000004019AC, 0x0000000000606DA0, 0x0000000000608080, 0x0000000000401C31, 0x00000000004019B7, 0x0000000000000000, 0x0000000000606CE0, 0x0000000000000000, 0x00000000004019CA, 0x0000000000607CE0, 0x0000000000607780, 0x0000000000401EB4, 0x00000000004019D2]
checkdict={0x401e96:'2',0x401eb4:'4',0x401ea5:'3',0x401ca6:'unsign_equ',0x401d22:'unsign_notequ',0x401d5b:'if_zf_equ_1',0x401dcd:'if_sf_equ_0',0x401f0c:'sign_greatThan',0x401c31:'sign_lessThan'}
ins_dict={}
funcdict={0x400810:'_puts',0x400820:'__stack_chk_fail_ptr',0x400830:'_printf',0x400840:'_memset',0x400850:'_alarm',0x400860:'_read',0x400870:'_srand',0x400880:'_signal',0x400890:'_ptrace',0x4008A0:'_setvbuf',0x4008B0:'_perror',0x4008C0:'_atoi',0x4008D0:'_exit',0x4008E0:'_wait',0x4008F0:'_fork',0x400900:'_rand'}
# Define funarray before using it
for i in range(len(ins_array)//4):
nextnode=ins_array[i*4]
func=ins_array[i*4+1]
check=ins_array[i*4+2]
ret=ins_array[i*4+3]
ins_dict[arrayaddr+i*32]=(nextnode,func,check,ret)
f=open('g:\\share\\2025\\20251018\\asm.txt','r')
lines=f.readlines()
f.close()
asmlines={}
asmaddr=0x4009f7
asmline=''
for line in lines:
parts=line.split()
addr=int(parts[0],16)
if parts[1]=='CC':
asmlines[asmaddr]=asmline
asmaddr=addr+1
asmline=''
else:
asmline+=f"{addr:08x}:"+line[16:]
start=arrayaddr
stack=[0x606AC0]
switchs={}
fixswitchs={0x607c00:1,0x606fa0:1,0x606fa0:1}
count=0
while True:
if start not in ins_dict:
print('end of Exec chain',hex(start))
break
nextnode,func,check,ret=ins_dict[start]
print(count,len(stack),hex(start),'checkaddr:',hex(check),hex(stack[-1] if stack else 0))
if check>0:
if checkdict[check]=='2':
start=stack.pop()
elif checkdict[check]=='3':
print('call systemfunc',funcdict[func])
#stack.append(ret)
start=nextnode
elif checkdict[check]=='4':
print('call',hex(func))
stack.append(nextnode)
start=func
else:
print('call check function',checkdict[check])
print('branch false',hex(nextnode))
print(' true',hex(func))
if start in fixswitchs:
if fixswitchs[start]:
start=func
else:
start=nextnode
elif start in switchs and check in switchs[start]:
switchs[start][check]=1-switchs[start][check]
if switchs[start][check]:
start=func
else:
start=nextnode
else:
switchs[start]={check:0}
start=nextnode
else:
start=func
rip=ins_dict[start][3]
print(asmlines[rip])
count+=1同时用汇编工具导出一份4009f7函数的汇编代码片段:
asm
00000000004009F7 55 PUSH RBP
00000000004009F8 4889E5 MOV RBP,RSP
00000000004009FB 53 PUSH RBX
00000000004009FC 4881ECE8010000 SUB RSP,00000000000001E8
0000000000400A03 64488B042528000000 MOV RAX,QWORD PTR FS:[0000000000000028]
0000000000400A0C 488945E8 MOV QWORD PTR [RBP-18],RAX
0000000000400A10 31C0 XOR EAX,EAX
0000000000400A12 C685A0FEFFFFE2 MOV BYTE PTR [RBP-00000160],E2
0000000000400A19 C685A1FEFFFF8B MOV BYTE PTR [RBP-0000015F],8B
0000000000400A20 C685A2FEFFFF55 MOV BYTE PTR [RBP-0000015E],55
0000000000400A27 C685A3FEFFFF38 MOV BYTE PTR [RBP-0000015D],38
0000000000400A2E C685A4FEFFFF69 MOV BYTE PTR [RBP-0000015C],69
0000000000400A35 C685A5FEFFFFFA MOV BYTE PTR [RBP-0000015B],FA
0000000000400A3C C685A6FEFFFF80 MOV BYTE PTR [RBP-0000015A],80
0000000000400A43 C685A7FEFFFFC2 MOV BYTE PTR [RBP-00000159],C2
0000000000400A4A C685A8FEFFFF64 MOV BYTE PTR [RBP-00000158],64
0000000000400A51 C685A9FEFFFF4E MOV BYTE PTR [RBP-00000157],4E
0000000000400A58 C685AAFEFFFF7F MOV BYTE PTR [RBP-00000156],7F
0000000000400A5F C685ABFEFFFFE7 MOV BYTE PTR [RBP-00000155],E7
0000000000400A66 C685ACFEFFFF13 MOV BYTE PTR [RBP-00000154],13
0000000000400A6D C685ADFEFFFF06 MOV BYTE PTR [RBP-00000153],06
0000000000400A74 C685AEFEFFFF14 MOV BYTE PTR [RBP-00000152],14
0000000000400A7B C685AFFEFFFFC5 MOV BYTE PTR [RBP-00000151],C5
0000000000400A82 C685B0FEFFFFC0 MOV BYTE PTR [RBP-00000150],C0
0000000000400A89 C685B1FEFFFF13 MOV BYTE PTR [RBP-0000014F],13
0000000000400A90 C685B2FEFFFFD3 MOV BYTE PTR [RBP-0000014E],D3
0000000000400A97 C685B3FEFFFF12 MOV BYTE PTR [RBP-0000014D],12
0000000000400A9E C685B4FEFFFF6B MOV BYTE PTR [RBP-0000014C],6B
0000000000400AA5 C685B5FEFFFFBD MOV BYTE PTR [RBP-0000014B],BD
0000000000400AAC C685B6FEFFFFF2 MOV BYTE PTR [RBP-0000014A],F2
0000000000400AB3 C685B7FEFFFFC7 MOV BYTE PTR [RBP-00000149],C7
0000000000400ABA C685B8FEFFFF88 MOV BYTE PTR [RBP-00000148],88
0000000000400AC1 C685B9FEFFFF44 MOV BYTE PTR [RBP-00000147],44
0000000000400AC8 C685BAFEFFFF3E MOV BYTE PTR [RBP-00000146],3E
0000000000400ACF C685BBFEFFFF09 MOV BYTE PTR [RBP-00000145],09
0000000000400AD6 C685BCFEFFFFE8 MOV BYTE PTR [RBP-00000144],E8
0000000000400ADD C685BDFEFFFFA3 MOV BYTE PTR [RBP-00000143],A3
0000000000400AE4 C685BEFEFFFF83 MOV BYTE PTR [RBP-00000142],83
0000000000400AEB C685BFFEFFFF30 MOV BYTE PTR [RBP-00000141],30
0000000000400AF2 488D85A0FEFFFF LEA RAX,[RBP-00000160]
0000000000400AF9 4889C7 MOV RDI,RAX
0000000000400AFC CC INT 3
0000000000400AFD BFFFFFFFFF MOV EDI,FFFFFFFF
0000000000400B02 CC INT 3
0000000000400B03 8B8540FEFFFF MOV EAX,DWORD PTR [RBP-000001C0]
0000000000400B09 2B8538FEFFFF SUB EAX,DWORD PTR [RBP-000001C8]
0000000000400B0F 8D148500000000 LEA EDX,[RAX*4+00000000]
0000000000400B16 8B8544FEFFFF MOV EAX,DWORD PTR [RBP-000001BC]
0000000000400B1C 01D0 ADD EAX,EDX
0000000000400B1E 4863D0 MOVSXD RDX,EAX
0000000000400B21 488B8570FEFFFF MOV RAX,QWORD PTR [RBP-00000190]
0000000000400B28 4801D0 ADD RAX,RDX
0000000000400B2B 0FB630 MOVZX ESI,BYTE PTR [RAX]
0000000000400B2E 8B8544FEFFFF MOV EAX,DWORD PTR [RBP-000001BC]
0000000000400B34 4898 CDQE
0000000000400B36 0FB68C057CFEFFFF MOVZX ECX,BYTE PTR [RBP+RAX-00000184]
0000000000400B3E 8B8540FEFFFF MOV EAX,DWORD PTR [RBP-000001C0]
0000000000400B44 8D148500000000 LEA EDX,[RAX*4+00000000]
0000000000400B4B 8B8544FEFFFF MOV EAX,DWORD PTR [RBP-000001BC]
0000000000400B51 01D0 ADD EAX,EDX
0000000000400B53 4863D0 MOVSXD RDX,EAX
0000000000400B56 488B8570FEFFFF MOV RAX,QWORD PTR [RBP-00000190]
0000000000400B5D 4801D0 ADD RAX,RDX
0000000000400B60 31CE XOR ESI,ECX
0000000000400B62 89F2 MOV EDX,ESI
0000000000400B64 8810 MOV BYTE PTR [RAX],DL
0000000000400B66 838544FEFFFF01 ADD DWORD PTR [RBP-000001BC],00000001
0000000000400B6D CC INT 3
0000000000400B6E 488B8548FEFFFF MOV RAX,QWORD PTR [RBP-000001B8]
0000000000400B75 4889C7 MOV RDI,RAX
0000000000400B78 CC INT 3
0000000000400B79 89C7 MOV EDI,EAX
0000000000400B7B CC INT 3
0000000000400B7C 837DF807 CMP DWORD PTR [RBP-08],00000007
0000000000400B80 CC INT 3
0000000000400B81 31D8 XOR EAX,EBX
0000000000400B83 88851EFEFFFF MOV BYTE PTR [RBP-000001E2],AL
0000000000400B89 0FB6951EFEFFFF MOVZX EDX,BYTE PTR [RBP-000001E2]
0000000000400B90 488B0DB15E2000 MOV RCX,QWORD PTR [0000000000606A48]
0000000000400B97 8B8520FEFFFF MOV EAX,DWORD PTR [RBP-000001E0]
0000000000400B9D 4898 CDQE
0000000000400B9F 4801C8 ADD RAX,RCX
0000000000400BA2 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000400BA5 0FBEC0 MOVSX EAX,AL
0000000000400BA8 39C2 CMP EDX,EAX
0000000000400BAA CC INT 3
0000000000400BAB 89C3 MOV EBX,EAX
0000000000400BAD 488B45D8 MOV RAX,QWORD PTR [RBP-28]
0000000000400BB1 4883C001 ADD RAX,0000000000000001
0000000000400BB5 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000400BB8 0FB6C0 MOVZX EAX,AL
0000000000400BBB 89C7 MOV EDI,EAX
0000000000400BBD CC INT 3
0000000000400BBE 31D8 XOR EAX,EBX
0000000000400BC0 88851EFEFFFF MOV BYTE PTR [RBP-000001E2],AL
0000000000400BC6 0FB6951EFEFFFF MOVZX EDX,BYTE PTR [RBP-000001E2]
0000000000400BCD 488B0D745E2000 MOV RCX,QWORD PTR [0000000000606A48]
0000000000400BD4 8B8520FEFFFF MOV EAX,DWORD PTR [RBP-000001E0]
0000000000400BDA 83C011 ADD EAX,00000011
0000000000400BDD 4898 CDQE
0000000000400BDF 4801C8 ADD RAX,RCX
0000000000400BE2 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000400BE5 0FBEC0 MOVSX EAX,AL
0000000000400BE8 39C2 CMP EDX,EAX
0000000000400BEA CC INT 3
0000000000400BEB 488D3D293D0000 LEA RDI,[000000000040491B]
0000000000400BF2 B800000000 MOV EAX,00000000
0000000000400BF7 CC INT 3
0000000000400BF8 BF00000100 MOV EDI,00010000
0000000000400BFD CC INT 3
0000000000400BFE 31D8 XOR EAX,EBX
0000000000400C00 8845E6 MOV BYTE PTR [RBP-1A],AL
0000000000400C03 488B45D8 MOV RAX,QWORD PTR [RBP-28]
0000000000400C07 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000400C0A 0FB6C0 MOVZX EAX,AL
0000000000400C0D 89C7 MOV EDI,EAX
0000000000400C0F CC INT 3
0000000000400C10 55 PUSH RBP
0000000000400C11 4889E5 MOV RBP,RSP
0000000000400C14 53 PUSH RBX
0000000000400C15 4883EC08 SUB RSP,0000000000000008
0000000000400C19 89F8 MOV EAX,EDI
0000000000400C1B 8845F4 MOV BYTE PTR [RBP-0C],AL
0000000000400C1E 0FB645F4 MOVZX EAX,BYTE PTR [RBP-0C]
0000000000400C22 89C7 MOV EDI,EAX
0000000000400C24 CC INT 3
0000000000400C25 90 NOP
0000000000400C26 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400C2A 644833042528000000 XOR RAX,QWORD PTR FS:[0000000000000028]
0000000000400C33 CC INT 3
0000000000400C34 31C3 XOR EBX,EAX
0000000000400C36 488B45D8 MOV RAX,QWORD PTR [RBP-28]
0000000000400C3A 4883C003 ADD RAX,0000000000000003
0000000000400C3E 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000400C41 0FB6C0 MOVZX EAX,AL
0000000000400C44 89C7 MOV EDI,EAX
0000000000400C46 CC INT 3
0000000000400C47 838540FEFFFF01 ADD DWORD PTR [RBP-000001C0],00000001
0000000000400C4E CC INT 3
0000000000400C4F 8B8520FEFFFF MOV EAX,DWORD PTR [RBP-000001E0]
0000000000400C55 4898 CDQE
0000000000400C57 0FB69405C0FEFFFF MOVZX EDX,BYTE PTR [RBP+RAX-00000140]
0000000000400C5F 8B8520FEFFFF MOV EAX,DWORD PTR [RBP-000001E0]
0000000000400C65 4898 CDQE
0000000000400C67 0FB68405A0FEFFFF MOVZX EAX,BYTE PTR [RBP+RAX-00000160]
0000000000400C6F 31D0 XOR EAX,EDX
0000000000400C71 89C3 MOV EBX,EAX
0000000000400C73 CC INT 3
0000000000400C74 83BD20FEFFFF0F CMP DWORD PTR [RBP-000001E0],0000000F
0000000000400C7B CC INT 3
0000000000400C7C 83BD20FEFFFF0F CMP DWORD PTR [RBP-000001E0],0000000F
0000000000400C83 CC INT 3
0000000000400C84 83BD44FEFFFF03 CMP DWORD PTR [RBP-000001BC],00000003
0000000000400C8B CC INT 3
0000000000400C8C 4881C4E8010000 ADD RSP,00000000000001E8
0000000000400C93 5B POP RBX
0000000000400C94 5D POP RBP
0000000000400C95 CC INT 3
0000000000400C96 31C3 XOR EBX,EAX
0000000000400C98 89DA MOV EDX,EBX
0000000000400C9A 488B45D8 MOV RAX,QWORD PTR [RBP-28]
0000000000400C9E 4883C002 ADD RAX,0000000000000002
0000000000400CA2 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000400CA5 31C2 XOR EDX,EAX
0000000000400CA7 488B45D8 MOV RAX,QWORD PTR [RBP-28]
0000000000400CAB 4883C003 ADD RAX,0000000000000003
0000000000400CAF 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000400CB2 31D0 XOR EAX,EDX
0000000000400CB4 8845E4 MOV BYTE PTR [RBP-1C],AL
0000000000400CB7 488B45D8 MOV RAX,QWORD PTR [RBP-28]
0000000000400CBB 0FB618 MOVZX EBX,BYTE PTR [RAX]
0000000000400CBE 488B45D8 MOV RAX,QWORD PTR [RBP-28]
0000000000400CC2 4883C001 ADD RAX,0000000000000001
0000000000400CC6 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000400CC9 0FB6C0 MOVZX EAX,AL
0000000000400CCC 89C7 MOV EDI,EAX
0000000000400CCE CC INT 3
0000000000400CCF 55 PUSH RBP
0000000000400CD0 4889E5 MOV RBP,RSP
0000000000400CD3 48897DE8 MOV QWORD PTR [RBP-18],RDI
0000000000400CD7 C745FC00000000 MOV DWORD PTR [RBP-04],00000000
0000000000400CDE CC INT 3
0000000000400CDF 488D85C0FEFFFF LEA RAX,[RBP-00000140]
0000000000400CE6 48898558FEFFFF MOV QWORD PTR [RBP-000001A8],RAX
0000000000400CED 488D85F0FEFFFF LEA RAX,[RBP-00000110]
0000000000400CF4 48898560FEFFFF MOV QWORD PTR [RBP-000001A0],RAX
0000000000400CFB C78530FEFFFF0A000000 MOV DWORD PTR [RBP-000001D0],0000000A
0000000000400D05 488B8D60FEFFFF MOV RCX,QWORD PTR [RBP-000001A0]
0000000000400D0C 488B8558FEFFFF MOV RAX,QWORD PTR [RBP-000001A8]
0000000000400D13 BA00000000 MOV EDX,00000000
0000000000400D18 4889CE MOV RSI,RCX
0000000000400D1B 4889C7 MOV RDI,RAX
0000000000400D1E CC INT 3
0000000000400D1F 55 PUSH RBP
0000000000400D20 4889E5 MOV RBP,RSP
0000000000400D23 4883EC30 SUB RSP,0000000000000030
0000000000400D27 48897DD8 MOV QWORD PTR [RBP-28],RDI
0000000000400D2B 8975D4 MOV DWORD PTR [RBP-2C],ESI
0000000000400D2E 64488B042528000000 MOV RAX,QWORD PTR FS:[0000000000000028]
0000000000400D37 488945F8 MOV QWORD PTR [RBP-08],RAX
0000000000400D3B 31C0 XOR EAX,EAX
0000000000400D3D C745F000000000 MOV DWORD PTR [RBP-10],00000000
0000000000400D44 CC INT 3
0000000000400D45 488D3D543D0000 LEA RDI,[0000000000404AA0]
0000000000400D4C CC INT 3
0000000000400D4D 488B8558FEFFFF MOV RAX,QWORD PTR [RBP-000001A8]
0000000000400D54 4889C7 MOV RDI,RAX
0000000000400D57 CC INT 3
0000000000400D58 90 NOP
0000000000400D59 5D POP RBP
0000000000400D5A CC INT 3
0000000000400D5B 8B45FC MOV EAX,DWORD PTR [RBP-04]
0000000000400D5E 4863D0 MOVSXD RDX,EAX
0000000000400D61 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400D65 4801D0 ADD RAX,RDX
0000000000400D68 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000400D6B 0FB6C0 MOVZX EAX,AL
0000000000400D6E 8B55FC MOV EDX,DWORD PTR [RBP-04]
0000000000400D71 4863CA MOVSXD RCX,EDX
0000000000400D74 488B55E8 MOV RDX,QWORD PTR [RBP-18]
0000000000400D78 4801D1 ADD RCX,RDX
0000000000400D7B 4863D0 MOVSXD RDX,EAX
0000000000400D7E 488D059B522000 LEA RAX,[0000000000606020]
0000000000400D85 0FB60402 MOVZX EAX,BYTE PTR [RDX+RAX]
0000000000400D89 8801 MOV BYTE PTR [RCX],AL
0000000000400D8B 8345FC01 ADD DWORD PTR [RBP-04],00000001
0000000000400D8F CC INT 3
0000000000400D90 89C3 MOV EBX,EAX
0000000000400D92 488B45D8 MOV RAX,QWORD PTR [RBP-28]
0000000000400D96 4883C001 ADD RAX,0000000000000001
0000000000400D9A 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000400D9D 0FB6C0 MOVZX EAX,AL
0000000000400DA0 89C7 MOV EDI,EAX
0000000000400DA2 CC INT 3
0000000000400DA3 8B8544FEFFFF MOV EAX,DWORD PTR [RBP-000001BC]
0000000000400DA9 4898 CDQE
0000000000400DAB 0FB684057CFEFFFF MOVZX EAX,BYTE PTR [RBP+RAX-00000184]
0000000000400DB3 0FB6C0 MOVZX EAX,AL
0000000000400DB6 4863D0 MOVSXD RDX,EAX
0000000000400DB9 488D0560522000 LEA RAX,[0000000000606020]
0000000000400DC0 0FB61402 MOVZX EDX,BYTE PTR [RDX+RAX]
0000000000400DC4 8B8544FEFFFF MOV EAX,DWORD PTR [RBP-000001BC]
0000000000400DCA 4898 CDQE
0000000000400DCC 8894057CFEFFFF MOV BYTE PTR [RBP+RAX-00000184],DL
0000000000400DD3 838544FEFFFF01 ADD DWORD PTR [RBP-000001BC],00000001
0000000000400DDA CC INT 3
0000000000400DDB 3245FC XOR AL,BYTE PTR [RBP-04]
0000000000400DDE C9 LEAVE
0000000000400DDF CC INT 3
0000000000400DE0 90 NOP
0000000000400DE1 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400DE5 644833042528000000 XOR RAX,QWORD PTR FS:[0000000000000028]
0000000000400DEE CC INT 3
0000000000400DEF 8B8520FEFFFF MOV EAX,DWORD PTR [RBP-000001E0]
0000000000400DF5 83C010 ADD EAX,00000010
0000000000400DF8 4898 CDQE
0000000000400DFA 0FB69405C0FEFFFF MOVZX EDX,BYTE PTR [RBP+RAX-00000140]
0000000000400E02 8B8520FEFFFF MOV EAX,DWORD PTR [RBP-000001E0]
0000000000400E08 83C010 ADD EAX,00000010
0000000000400E0B 4898 CDQE
0000000000400E0D 0FB68405A0FEFFFF MOVZX EAX,BYTE PTR [RBP+RAX-00000160]
0000000000400E15 31D0 XOR EAX,EDX
0000000000400E17 89C3 MOV EBX,EAX
0000000000400E19 CC INT 3
0000000000400E1A 83BD44FEFFFF03 CMP DWORD PTR [RBP-000001BC],00000003
0000000000400E21 CC INT 3
0000000000400E22 8B45F0 MOV EAX,DWORD PTR [RBP-10]
0000000000400E25 4863D0 MOVSXD RDX,EAX
0000000000400E28 488B45D8 MOV RAX,QWORD PTR [RBP-28]
0000000000400E2C 4801C2 ADD RDX,RAX
0000000000400E2F 0FB645EF MOVZX EAX,BYTE PTR [RBP-11]
0000000000400E33 8802 MOV BYTE PTR [RDX],AL
0000000000400E35 8345F001 ADD DWORD PTR [RBP-10],00000001
0000000000400E39 CC INT 3
0000000000400E3A 8B9534FEFFFF MOV EDX,DWORD PTR [RBP-000001CC]
0000000000400E40 488B8D60FEFFFF MOV RCX,QWORD PTR [RBP-000001A0]
0000000000400E47 488B8558FEFFFF MOV RAX,QWORD PTR [RBP-000001A8]
0000000000400E4E 4889CE MOV RSI,RCX
0000000000400E51 4889C7 MOV RDI,RAX
0000000000400E54 CC INT 3
0000000000400E55 488D3DFC3B0000 LEA RDI,[0000000000404A58]
0000000000400E5C CC INT 3
0000000000400E5D 55 PUSH RBP
0000000000400E5E 4889E5 MOV RBP,RSP
0000000000400E61 48897DE8 MOV QWORD PTR [RBP-18],RDI
0000000000400E65 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400E69 0FB6400D MOVZX EAX,BYTE PTR [RAX+0D]
0000000000400E6D 8845FF MOV BYTE PTR [RBP-01],AL
0000000000400E70 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400E74 488D500D LEA RDX,[RAX+0D]
0000000000400E78 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400E7C 0FB64009 MOVZX EAX,BYTE PTR [RAX+09]
0000000000400E80 8802 MOV BYTE PTR [RDX],AL
0000000000400E82 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400E86 488D5009 LEA RDX,[RAX+09]
0000000000400E8A 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400E8E 0FB64005 MOVZX EAX,BYTE PTR [RAX+05]
0000000000400E92 8802 MOV BYTE PTR [RDX],AL
0000000000400E94 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400E98 488D5005 LEA RDX,[RAX+05]
0000000000400E9C 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400EA0 0FB64001 MOVZX EAX,BYTE PTR [RAX+01]
0000000000400EA4 8802 MOV BYTE PTR [RDX],AL
0000000000400EA6 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400EAA 488D5001 LEA RDX,[RAX+01]
0000000000400EAE 0FB645FF MOVZX EAX,BYTE PTR [RBP-01]
0000000000400EB2 8802 MOV BYTE PTR [RDX],AL
0000000000400EB4 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400EB8 0FB64002 MOVZX EAX,BYTE PTR [RAX+02]
0000000000400EBC 8845FF MOV BYTE PTR [RBP-01],AL
0000000000400EBF 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400EC3 488D5002 LEA RDX,[RAX+02]
0000000000400EC7 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400ECB 0FB6400A MOVZX EAX,BYTE PTR [RAX+0A]
0000000000400ECF 8802 MOV BYTE PTR [RDX],AL
0000000000400ED1 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400ED5 488D500A LEA RDX,[RAX+0A]
0000000000400ED9 0FB645FF MOVZX EAX,BYTE PTR [RBP-01]
0000000000400EDD 8802 MOV BYTE PTR [RDX],AL
0000000000400EDF 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400EE3 0FB64006 MOVZX EAX,BYTE PTR [RAX+06]
0000000000400EE7 8845FF MOV BYTE PTR [RBP-01],AL
0000000000400EEA 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400EEE 488D5006 LEA RDX,[RAX+06]
0000000000400EF2 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400EF6 0FB6400E MOVZX EAX,BYTE PTR [RAX+0E]
0000000000400EFA 8802 MOV BYTE PTR [RDX],AL
0000000000400EFC 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400F00 488D500E LEA RDX,[RAX+0E]
0000000000400F04 0FB645FF MOVZX EAX,BYTE PTR [RBP-01]
0000000000400F08 8802 MOV BYTE PTR [RDX],AL
0000000000400F0A 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400F0E 0FB64003 MOVZX EAX,BYTE PTR [RAX+03]
0000000000400F12 8845FF MOV BYTE PTR [RBP-01],AL
0000000000400F15 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400F19 488D5003 LEA RDX,[RAX+03]
0000000000400F1D 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400F21 0FB64007 MOVZX EAX,BYTE PTR [RAX+07]
0000000000400F25 8802 MOV BYTE PTR [RDX],AL
0000000000400F27 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400F2B 488D5007 LEA RDX,[RAX+07]
0000000000400F2F 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400F33 0FB6400B MOVZX EAX,BYTE PTR [RAX+0B]
0000000000400F37 8802 MOV BYTE PTR [RDX],AL
0000000000400F39 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400F3D 488D500B LEA RDX,[RAX+0B]
0000000000400F41 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400F45 0FB6400F MOVZX EAX,BYTE PTR [RAX+0F]
0000000000400F49 8802 MOV BYTE PTR [RDX],AL
0000000000400F4B 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400F4F 488D500F LEA RDX,[RAX+0F]
0000000000400F53 0FB645FF MOVZX EAX,BYTE PTR [RBP-01]
0000000000400F57 8802 MOV BYTE PTR [RDX],AL
0000000000400F59 90 NOP
0000000000400F5A 5D POP RBP
0000000000400F5B CC INT 3
0000000000400F5C 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000400F60 644833042528000000 XOR RAX,QWORD PTR FS:[0000000000000028]
0000000000400F69 CC INT 3
0000000000400F6A 55 PUSH RBP
0000000000400F6B 4889E5 MOV RBP,RSP
0000000000400F6E 89F8 MOV EAX,EDI
0000000000400F70 8845FC MOV BYTE PTR [RBP-04],AL
0000000000400F73 0FB645FC MOVZX EAX,BYTE PTR [RBP-04]
0000000000400F77 84C0 TEST AL,AL
0000000000400F79 CC INT 3
0000000000400F7A 31D8 XOR EAX,EBX
0000000000400F7C 4883C408 ADD RSP,0000000000000008
0000000000400F80 5B POP RBX
0000000000400F81 5D POP RBP
0000000000400F82 CC INT 3
0000000000400F83 0FB68D7CFEFFFF MOVZX ECX,BYTE PTR [RBP-00000184]
0000000000400F8A 8B8540FEFFFF MOV EAX,DWORD PTR [RBP-000001C0]
0000000000400F90 99 CDQ
0000000000400F91 F7BD38FEFFFF IDIV EAX,DWORD PTR [RBP-000001C8]
0000000000400F97 83E801 SUB EAX,00000001
0000000000400F9A 4863D0 MOVSXD RDX,EAX
0000000000400F9D 488D058C3B0000 LEA RAX,[0000000000404B30]
0000000000400FA4 0FB60402 MOVZX EAX,BYTE PTR [RDX+RAX]
0000000000400FA8 31C8 XOR EAX,ECX
0000000000400FAA 88857CFEFFFF MOV BYTE PTR [RBP-00000184],AL
0000000000400FB0 CC INT 3
0000000000400FB1 8B8528FEFFFF MOV EAX,DWORD PTR [RBP-000001D8]
0000000000400FB7 83E801 SUB EAX,00000001
0000000000400FBA 39852CFEFFFF CMP DWORD PTR [RBP-000001D4],EAX
0000000000400FC0 CC INT 3
0000000000400FC1 488D3D203B0000 LEA RDI,[0000000000404AE8]
0000000000400FC8 CC INT 3
0000000000400FC9 31D8 XOR EAX,EBX
0000000000400FCB 8845E4 MOV BYTE PTR [RBP-1C],AL
0000000000400FCE 488B45D8 MOV RAX,QWORD PTR [RBP-28]
0000000000400FD2 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000400FD5 0FB6C0 MOVZX EAX,AL
0000000000400FD8 89C7 MOV EDI,EAX
0000000000400FDA CC INT 3
0000000000400FDB 89C3 MOV EBX,EAX
0000000000400FDD 488B45D8 MOV RAX,QWORD PTR [RBP-28]
0000000000400FE1 4883C001 ADD RAX,0000000000000001
0000000000400FE5 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000400FE8 0FB6C0 MOVZX EAX,AL
0000000000400FEB 89C7 MOV EDI,EAX
0000000000400FED CC INT 3
0000000000400FEE C745F800000000 MOV DWORD PTR [RBP-08],00000000
0000000000400FF5 CC INT 3
0000000000400FF6 90 NOP
0000000000400FF7 5D POP RBP
0000000000400FF8 CC INT 3
0000000000400FF9 C9 LEAVE
0000000000400FFA CC INT 3
0000000000400FFB CC INT 3
0000000000400FFC 55 PUSH RBP
0000000000400FFD 4889E5 MOV RBP,RSP
0000000000401000 4883EC08 SUB RSP,0000000000000008
0000000000401004 89F8 MOV EAX,EDI
0000000000401006 8845FC MOV BYTE PTR [RBP-04],AL
0000000000401009 0FB645FC MOVZX EAX,BYTE PTR [RBP-04]
000000000040100D 89C7 MOV EDI,EAX
000000000040100F CC INT 3
0000000000401010 838524FEFFFF01 ADD DWORD PTR [RBP-000001DC],00000001
0000000000401017 CC INT 3
0000000000401018 488B05515A2000 MOV RAX,QWORD PTR [0000000000606A70]
000000000040101F B900000000 MOV ECX,00000000
0000000000401024 BA02000000 MOV EDX,00000002
0000000000401029 BE00000000 MOV ESI,00000000
000000000040102E 4889C7 MOV RDI,RAX
0000000000401031 CC INT 3
0000000000401032 C9 LEAVE
0000000000401033 CC INT 3
0000000000401034 89C2 MOV EDX,EAX
0000000000401036 8B8520FEFFFF MOV EAX,DWORD PTR [RBP-000001E0]
000000000040103C 4898 CDQE
000000000040103E 88940580FEFFFF MOV BYTE PTR [RBP+RAX-00000180],DL
0000000000401045 838520FEFFFF01 ADD DWORD PTR [RBP-000001E0],00000001
000000000040104C CC INT 3
000000000040104D 31C3 XOR EBX,EAX
000000000040104F 488B45D8 MOV RAX,QWORD PTR [RBP-28]
0000000000401053 4883C003 ADD RAX,0000000000000003
0000000000401057 0FB600 MOVZX EAX,BYTE PTR [RAX]
000000000040105A 0FB6C0 MOVZX EAX,AL
000000000040105D 89C7 MOV EDI,EAX
000000000040105F CC INT 3
0000000000401060 31C3 XOR EBX,EAX
0000000000401062 488B45D8 MOV RAX,QWORD PTR [RBP-28]
0000000000401066 4883C002 ADD RAX,0000000000000002
000000000040106A 0FB600 MOVZX EAX,BYTE PTR [RAX]
000000000040106D 0FB6C0 MOVZX EAX,AL
0000000000401070 89C7 MOV EDI,EAX
0000000000401072 CC INT 3
0000000000401073 8B8538FEFFFF MOV EAX,DWORD PTR [RBP-000001C8]
0000000000401079 898540FEFFFF MOV DWORD PTR [RBP-000001C0],EAX
000000000040107F CC INT 3
0000000000401080 55 PUSH RBP
0000000000401081 4889E5 MOV RBP,RSP
0000000000401084 48897DE8 MOV QWORD PTR [RBP-18],RDI
0000000000401088 488B45E8 MOV RAX,QWORD PTR [RBP-18]
000000000040108C 0FB64001 MOVZX EAX,BYTE PTR [RAX+01]
0000000000401090 8845FF MOV BYTE PTR [RBP-01],AL
0000000000401093 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000401097 488D5001 LEA RDX,[RAX+01]
000000000040109B 488B45E8 MOV RAX,QWORD PTR [RBP-18]
000000000040109F 0FB64005 MOVZX EAX,BYTE PTR [RAX+05]
00000000004010A3 8802 MOV BYTE PTR [RDX],AL
00000000004010A5 488B45E8 MOV RAX,QWORD PTR [RBP-18]
00000000004010A9 488D5005 LEA RDX,[RAX+05]
00000000004010AD 488B45E8 MOV RAX,QWORD PTR [RBP-18]
00000000004010B1 0FB64009 MOVZX EAX,BYTE PTR [RAX+09]
00000000004010B5 8802 MOV BYTE PTR [RDX],AL
00000000004010B7 488B45E8 MOV RAX,QWORD PTR [RBP-18]
00000000004010BB 488D5009 LEA RDX,[RAX+09]
00000000004010BF 488B45E8 MOV RAX,QWORD PTR [RBP-18]
00000000004010C3 0FB6400D MOVZX EAX,BYTE PTR [RAX+0D]
00000000004010C7 8802 MOV BYTE PTR [RDX],AL
00000000004010C9 488B45E8 MOV RAX,QWORD PTR [RBP-18]
00000000004010CD 488D500D LEA RDX,[RAX+0D]
00000000004010D1 0FB645FF MOVZX EAX,BYTE PTR [RBP-01]
00000000004010D5 8802 MOV BYTE PTR [RDX],AL
00000000004010D7 488B45E8 MOV RAX,QWORD PTR [RBP-18]
00000000004010DB 0FB64002 MOVZX EAX,BYTE PTR [RAX+02]
00000000004010DF 8845FF MOV BYTE PTR [RBP-01],AL
00000000004010E2 488B45E8 MOV RAX,QWORD PTR [RBP-18]
00000000004010E6 488D5002 LEA RDX,[RAX+02]
00000000004010EA 488B45E8 MOV RAX,QWORD PTR [RBP-18]
00000000004010EE 0FB6400A MOVZX EAX,BYTE PTR [RAX+0A]
00000000004010F2 8802 MOV BYTE PTR [RDX],AL
00000000004010F4 488B45E8 MOV RAX,QWORD PTR [RBP-18]
00000000004010F8 488D500A LEA RDX,[RAX+0A]
00000000004010FC 0FB645FF MOVZX EAX,BYTE PTR [RBP-01]
0000000000401100 8802 MOV BYTE PTR [RDX],AL
0000000000401102 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000401106 0FB64006 MOVZX EAX,BYTE PTR [RAX+06]
000000000040110A 8845FF MOV BYTE PTR [RBP-01],AL
000000000040110D 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000401111 488D5006 LEA RDX,[RAX+06]
0000000000401115 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000401119 0FB6400E MOVZX EAX,BYTE PTR [RAX+0E]
000000000040111D 8802 MOV BYTE PTR [RDX],AL
000000000040111F 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000401123 488D500E LEA RDX,[RAX+0E]
0000000000401127 0FB645FF MOVZX EAX,BYTE PTR [RBP-01]
000000000040112B 8802 MOV BYTE PTR [RDX],AL
000000000040112D 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000401131 0FB6400F MOVZX EAX,BYTE PTR [RAX+0F]
0000000000401135 8845FF MOV BYTE PTR [RBP-01],AL
0000000000401138 488B45E8 MOV RAX,QWORD PTR [RBP-18]
000000000040113C 488D500F LEA RDX,[RAX+0F]
0000000000401140 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000401144 0FB6400B MOVZX EAX,BYTE PTR [RAX+0B]
0000000000401148 8802 MOV BYTE PTR [RDX],AL
000000000040114A 488B45E8 MOV RAX,QWORD PTR [RBP-18]
000000000040114E 488D500B LEA RDX,[RAX+0B]
0000000000401152 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000401156 0FB64007 MOVZX EAX,BYTE PTR [RAX+07]
000000000040115A 8802 MOV BYTE PTR [RDX],AL
000000000040115C 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000401160 488D5007 LEA RDX,[RAX+07]
0000000000401164 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000401168 0FB64003 MOVZX EAX,BYTE PTR [RAX+03]
000000000040116C 8802 MOV BYTE PTR [RDX],AL
000000000040116E 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000401172 488D5003 LEA RDX,[RAX+03]
0000000000401176 0FB645FF MOVZX EAX,BYTE PTR [RBP-01]
000000000040117A 8802 MOV BYTE PTR [RDX],AL
000000000040117C 90 NOP
000000000040117D 5D POP RBP
000000000040117E CC INT 3
000000000040117F 8345F801 ADD DWORD PTR [RBP-08],00000001
0000000000401183 CC INT 3
0000000000401184 488B05D5582000 MOV RAX,QWORD PTR [0000000000606A60]
000000000040118B B900000000 MOV ECX,00000000
0000000000401190 BA02000000 MOV EDX,00000002
0000000000401195 BE00000000 MOV ESI,00000000
000000000040119A 4889C7 MOV RDI,RAX
000000000040119D CC INT 3
000000000040119E 31C3 XOR EBX,EAX
00000000004011A0 488B45D8 MOV RAX,QWORD PTR [RBP-28]
00000000004011A4 4883C002 ADD RAX,0000000000000002
00000000004011A8 0FB600 MOVZX EAX,BYTE PTR [RAX]
00000000004011AB 0FB6C0 MOVZX EAX,AL
00000000004011AE 89C7 MOV EDI,EAX
00000000004011B0 CC INT 3
00000000004011B1 31C3 XOR EBX,EAX
00000000004011B3 488B45D8 MOV RAX,QWORD PTR [RBP-28]
00000000004011B7 4883C002 ADD RAX,0000000000000002
00000000004011BB 0FB600 MOVZX EAX,BYTE PTR [RAX]
00000000004011BE 0FB6C0 MOVZX EAX,AL
00000000004011C1 89C7 MOV EDI,EAX
00000000004011C3 CC INT 3
00000000004011C4 488D8580FEFFFF LEA RAX,[RBP-00000180]
00000000004011CB 48898568FEFFFF MOV QWORD PTR [RBP-00000198],RAX
00000000004011D2 488D85F0FEFFFF LEA RAX,[RBP-00000110]
00000000004011D9 48898570FEFFFF MOV QWORD PTR [RBP-00000190],RAX
00000000004011E0 C78538FEFFFF04000000 MOV DWORD PTR [RBP-000001C8],00000004
00000000004011EA C7853CFEFFFF0A000000 MOV DWORD PTR [RBP-000001C4],0000000A
00000000004011F4 C78540FEFFFF00000000 MOV DWORD PTR [RBP-000001C0],00000000
00000000004011FE CC INT 3
00000000004011FF C78520FEFFFF00000000 MOV DWORD PTR [RBP-000001E0],00000000
0000000000401209 CC INT 3
000000000040120A CC INT 3
000000000040120B CC INT 3
000000000040120C 4883C428 ADD RSP,0000000000000028
0000000000401210 5B POP RBX
0000000000401211 5D POP RBP
0000000000401212 CC INT 3
0000000000401213 8B952CFEFFFF MOV EDX,DWORD PTR [RBP-000001D4]
0000000000401219 488B8D50FEFFFF MOV RCX,QWORD PTR [RBP-000001B0]
0000000000401220 488B8548FEFFFF MOV RAX,QWORD PTR [RBP-000001B8]
0000000000401227 4889CE MOV RSI,RCX
000000000040122A 4889C7 MOV RDI,RAX
000000000040122D CC INT 3
000000000040122E 8B9528FEFFFF MOV EDX,DWORD PTR [RBP-000001D8]
0000000000401234 488B8D50FEFFFF MOV RCX,QWORD PTR [RBP-000001B0]
000000000040123B 488B8548FEFFFF MOV RAX,QWORD PTR [RBP-000001B8]
0000000000401242 4889CE MOV RSI,RCX
0000000000401245 4889C7 MOV RDI,RAX
0000000000401248 CC INT 3
0000000000401249 488B8558FEFFFF MOV RAX,QWORD PTR [RBP-000001A8]
0000000000401250 4889C7 MOV RDI,RAX
0000000000401253 CC INT 3
0000000000401254 488D3D25370000 LEA RDI,[0000000000404980]
000000000040125B CC INT 3
000000000040125C 31D8 XOR EAX,EBX
000000000040125E 8845E7 MOV BYTE PTR [RBP-19],AL
0000000000401261 0FB655E4 MOVZX EDX,BYTE PTR [RBP-1C]
0000000000401265 488B45D8 MOV RAX,QWORD PTR [RBP-28]
0000000000401269 8810 MOV BYTE PTR [RAX],DL
000000000040126B 488B45D8 MOV RAX,QWORD PTR [RBP-28]
000000000040126F 488D5001 LEA RDX,[RAX+01]
0000000000401273 0FB645E5 MOVZX EAX,BYTE PTR [RBP-1B]
0000000000401277 8802 MOV BYTE PTR [RDX],AL
0000000000401279 488B45D8 MOV RAX,QWORD PTR [RBP-28]
000000000040127D 488D5002 LEA RDX,[RAX+02]
0000000000401281 0FB645E6 MOVZX EAX,BYTE PTR [RBP-1A]
0000000000401285 8802 MOV BYTE PTR [RDX],AL
0000000000401287 488B45D8 MOV RAX,QWORD PTR [RBP-28]
000000000040128B 488D5003 LEA RDX,[RAX+03]
000000000040128F 0FB645E7 MOVZX EAX,BYTE PTR [RBP-19]
0000000000401293 8802 MOV BYTE PTR [RDX],AL
0000000000401295 8345E001 ADD DWORD PTR [RBP-20],00000001
0000000000401299 488345D804 ADD QWORD PTR [RBP-28],0000000000000004
000000000040129E CC INT 3
000000000040129F 488B8558FEFFFF MOV RAX,QWORD PTR [RBP-000001A8]
00000000004012A6 4889C7 MOV RDI,RAX
00000000004012A9 CC INT 3
00000000004012AA 488D3D17370000 LEA RDI,[00000000004049C8]
00000000004012B1 CC INT 3
00000000004012B2 BF01000000 MOV EDI,00000001
00000000004012B7 CC INT 3
00000000004012B8 C745FC00000000 MOV DWORD PTR [RBP-04],00000000
00000000004012BF CC INT 3
00000000004012C0 CC INT 3
00000000004012C1 90 NOP
00000000004012C2 CC INT 3
00000000004012C3 55 PUSH RBP
00000000004012C4 4889E5 MOV RBP,RSP
00000000004012C7 53 PUSH RBX
00000000004012C8 4883EC28 SUB RSP,0000000000000028
00000000004012CC 48897DD8 MOV QWORD PTR [RBP-28],RDI
00000000004012D0 64488B042528000000 MOV RAX,QWORD PTR FS:[0000000000000028]
00000000004012D9 488945E8 MOV QWORD PTR [RBP-18],RAX
00000000004012DD 31C0 XOR EAX,EAX
00000000004012DF C745E000000000 MOV DWORD PTR [RBP-20],00000000
00000000004012E6 CC INT 3
00000000004012E7 488D3D22370000 LEA RDI,[0000000000404A10]
00000000004012EE CC INT 3
00000000004012EF 8B9530FEFFFF MOV EDX,DWORD PTR [RBP-000001D0]
00000000004012F5 488B8D60FEFFFF MOV RCX,QWORD PTR [RBP-000001A0]
00000000004012FC 488B8558FEFFFF MOV RAX,QWORD PTR [RBP-000001A8]
0000000000401303 4889CE MOV RSI,RCX
0000000000401306 4889C7 MOV RDI,RAX
0000000000401309 CC INT 3
000000000040130A 83BD44FEFFFF03 CMP DWORD PTR [RBP-000001BC],00000003
0000000000401311 CC INT 3
0000000000401312 0FB645EF MOVZX EAX,BYTE PTR [RBP-11]
0000000000401316 3C0A CMP AL,0A
0000000000401318 CC INT 3
0000000000401319 488B8558FEFFFF MOV RAX,QWORD PTR [RBP-000001A8]
0000000000401320 4889C7 MOV RDI,RAX
0000000000401323 CC INT 3
0000000000401324 0FB6C0 MOVZX EAX,AL
0000000000401327 89C7 MOV EDI,EAX
0000000000401329 CC INT 3
000000000040132A 89C3 MOV EBX,EAX
000000000040132C 488B45D8 MOV RAX,QWORD PTR [RBP-28]
0000000000401330 4883C001 ADD RAX,0000000000000001
0000000000401334 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000401337 0FB6C0 MOVZX EAX,AL
000000000040133A 89C7 MOV EDI,EAX
000000000040133C CC INT 3
000000000040133D 8B45FC MOV EAX,DWORD PTR [RBP-04]
0000000000401340 4863D0 MOVSXD RDX,EAX
0000000000401343 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000401347 4801D0 ADD RAX,RDX
000000000040134A 0FB630 MOVZX ESI,BYTE PTR [RAX]
000000000040134D 8B45DC MOV EAX,DWORD PTR [RBP-24]
0000000000401350 C1E004 SHL EAX,04
0000000000401353 89C2 MOV EDX,EAX
0000000000401355 8B45FC MOV EAX,DWORD PTR [RBP-04]
0000000000401358 01D0 ADD EAX,EDX
000000000040135A 4863D0 MOVSXD RDX,EAX
000000000040135D 488B45E0 MOV RAX,QWORD PTR [RBP-20]
0000000000401361 4801D0 ADD RAX,RDX
0000000000401364 0FB608 MOVZX ECX,BYTE PTR [RAX]
0000000000401367 8B45FC MOV EAX,DWORD PTR [RBP-04]
000000000040136A 4863D0 MOVSXD RDX,EAX
000000000040136D 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000401371 4801D0 ADD RAX,RDX
0000000000401374 31CE XOR ESI,ECX
0000000000401376 89F2 MOV EDX,ESI
0000000000401378 8810 MOV BYTE PTR [RAX],DL
000000000040137A 8345FC01 ADD DWORD PTR [RBP-04],00000001
000000000040137E CC INT 3
000000000040137F C78520FEFFFF00000000 MOV DWORD PTR [RBP-000001E0],00000000
0000000000401389 CC INT 3
000000000040138A CC INT 3
000000000040138B 837DFC0F CMP DWORD PTR [RBP-04],0000000F
000000000040138F CC INT 3
0000000000401390 8B8540FEFFFF MOV EAX,DWORD PTR [RBP-000001C0]
0000000000401396 4863D0 MOVSXD RDX,EAX
0000000000401399 488B8568FEFFFF MOV RAX,QWORD PTR [RBP-00000198]
00000000004013A0 4801D0 ADD RAX,RDX
00000000004013A3 8B9540FEFFFF MOV EDX,DWORD PTR [RBP-000001C0]
00000000004013A9 4863CA MOVSXD RCX,EDX
00000000004013AC 488B9570FEFFFF MOV RDX,QWORD PTR [RBP-00000190]
00000000004013B3 4801CA ADD RDX,RCX
00000000004013B6 0FB600 MOVZX EAX,BYTE PTR [RAX]
00000000004013B9 8802 MOV BYTE PTR [RDX],AL
00000000004013BB 838540FEFFFF01 ADD DWORD PTR [RBP-000001C0],00000001
00000000004013C2 CC INT 3
00000000004013C3 488B057E562000 MOV RAX,QWORD PTR [0000000000606A48]
00000000004013CA 4889C7 MOV RDI,RAX
00000000004013CD CC INT 3
00000000004013CE 31D8 XOR EAX,EBX
00000000004013D0 8845E5 MOV BYTE PTR [RBP-1B],AL
00000000004013D3 488B45D8 MOV RAX,QWORD PTR [RBP-28]
00000000004013D7 0FB600 MOVZX EAX,BYTE PTR [RAX]
00000000004013DA 0FB6C0 MOVZX EAX,AL
00000000004013DD 89C7 MOV EDI,EAX
00000000004013DF CC INT 3
00000000004013E0 55 PUSH RBP
00000000004013E1 4889E5 MOV RBP,RSP
00000000004013E4 4883EC08 SUB RSP,0000000000000008
00000000004013E8 89F8 MOV EAX,EDI
00000000004013EA 8845FC MOV BYTE PTR [RBP-04],AL
00000000004013ED 0FB645FC MOVZX EAX,BYTE PTR [RBP-04]
00000000004013F1 89C7 MOV EDI,EAX
00000000004013F3 CC INT 3
00000000004013F4 31C3 XOR EBX,EAX
00000000004013F6 488B45D8 MOV RAX,QWORD PTR [RBP-28]
00000000004013FA 4883C003 ADD RAX,0000000000000003
00000000004013FE 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000401401 0FB6C0 MOVZX EAX,AL
0000000000401404 89C7 MOV EDI,EAX
0000000000401406 CC INT 3
0000000000401407 8945F4 MOV DWORD PTR [RBP-0C],EAX
000000000040140A 837DF400 CMP DWORD PTR [RBP-0C],00000000
000000000040140E CC INT 3
000000000040140F 488D45E0 LEA RAX,[RBP-20]
0000000000401413 BE10000000 MOV ESI,00000010
0000000000401418 4889C7 MOV RDI,RAX
000000000040141B CC INT 3
000000000040141C 55 PUSH RBP
000000000040141D 4889E5 MOV RBP,RSP
0000000000401420 4883EC10 SUB RSP,0000000000000010
0000000000401424 897DFC MOV DWORD PTR [RBP-04],EDI
0000000000401427 488D3DFF340000 LEA RDI,[000000000040492D]
000000000040142E CC INT 3
000000000040142F 488D45EF LEA RAX,[RBP-11]
0000000000401433 BA01000000 MOV EDX,00000001
0000000000401438 4889C6 MOV RSI,RAX
000000000040143B BF00000000 MOV EDI,00000000
0000000000401440 CC INT 3
0000000000401441 8B45FC MOV EAX,DWORD PTR [RBP-04]
0000000000401444 4863D0 MOVSXD RDX,EAX
0000000000401447 488B45E8 MOV RAX,QWORD PTR [RBP-18]
000000000040144B 4801D0 ADD RAX,RDX
000000000040144E 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000401451 0FB6C0 MOVZX EAX,AL
0000000000401454 8B55FC MOV EDX,DWORD PTR [RBP-04]
0000000000401457 4863CA MOVSXD RCX,EDX
000000000040145A 488B55E8 MOV RDX,QWORD PTR [RBP-18]
000000000040145E 4801D1 ADD RCX,RDX
0000000000401461 4863D0 MOVSXD RDX,EAX
0000000000401464 488D05B54C2000 LEA RAX,[0000000000606120]
000000000040146B 0FB60402 MOVZX EAX,BYTE PTR [RDX+RAX]
000000000040146F 8801 MOV BYTE PTR [RCX],AL
0000000000401471 8345FC01 ADD DWORD PTR [RBP-04],00000001
0000000000401475 CC INT 3
0000000000401476 55 PUSH RBP
0000000000401477 4889E5 MOV RBP,RSP
000000000040147A 53 PUSH RBX
000000000040147B 4883EC08 SUB RSP,0000000000000008
000000000040147F 89F8 MOV EAX,EDI
0000000000401481 8845F4 MOV BYTE PTR [RBP-0C],AL
0000000000401484 0FB645F4 MOVZX EAX,BYTE PTR [RBP-0C]
0000000000401488 89C7 MOV EDI,EAX
000000000040148A CC INT 3
000000000040148B 837DFC0F CMP DWORD PTR [RBP-04],0000000F
000000000040148F CC INT 3
0000000000401490 838524FEFFFF01 ADD DWORD PTR [RBP-000001DC],00000001
0000000000401497 CC INT 3
0000000000401498 838534FEFFFF01 ADD DWORD PTR [RBP-000001CC],00000001
000000000040149F CC INT 3
00000000004014A0 CC INT 3
00000000004014A1 31D8 XOR EAX,EBX
00000000004014A3 3245F4 XOR AL,BYTE PTR [RBP-0C]
00000000004014A6 4883C408 ADD RSP,0000000000000008
00000000004014AA 5B POP RBX
00000000004014AB 5D POP RBP
00000000004014AC CC INT 3
00000000004014AD 488D85C0FEFFFF LEA RAX,[RBP-00000140]
00000000004014B4 BE21000000 MOV ESI,00000021
00000000004014B9 4889C7 MOV RDI,RAX
00000000004014BC CC INT 3
00000000004014BD 0FB645FC MOVZX EAX,BYTE PTR [RBP-04]
00000000004014C1 01C0 ADD EAX,EAX
00000000004014C3 CC INT 3
00000000004014C4 90 NOP
00000000004014C5 5D POP RBP
00000000004014C6 CC INT 3
00000000004014C7 0FB6C0 MOVZX EAX,AL
00000000004014CA 89C7 MOV EDI,EAX
00000000004014CC CC INT 3
00000000004014CD 83852CFEFFFF01 ADD DWORD PTR [RBP-000001D4],00000001
00000000004014D4 CC INT 3
00000000004014D5 837DFC1F CMP DWORD PTR [RBP-04],0000001F
00000000004014D9 CC INT 3
00000000004014DA 5D POP RBP
00000000004014DB CC INT 3
00000000004014DC C78524FEFFFF00000000 MOV DWORD PTR [RBP-000001DC],00000000
00000000004014E6 C78520FEFFFF00000000 MOV DWORD PTR [RBP-000001E0],00000000
00000000004014F0 CC INT 3
00000000004014F1 89C3 MOV EBX,EAX
00000000004014F3 0FB645F4 MOVZX EAX,BYTE PTR [RBP-0C]
00000000004014F7 89C7 MOV EDI,EAX
00000000004014F9 CC INT 3
00000000004014FA C78544FEFFFF00000000 MOV DWORD PTR [RBP-000001BC],00000000
0000000000401504 CC INT 3
0000000000401505 31C3 XOR EBX,EAX
0000000000401507 488B45D8 MOV RAX,QWORD PTR [RBP-28]
000000000040150B 4883C002 ADD RAX,0000000000000002
000000000040150F 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000401512 0FB6C0 MOVZX EAX,AL
0000000000401515 89C7 MOV EDI,EAX
0000000000401517 CC INT 3
0000000000401518 C9 LEAVE
0000000000401519 CC INT 3
000000000040151A C78534FEFFFF01000000 MOV DWORD PTR [RBP-000001CC],00000001
0000000000401524 CC INT 3
0000000000401525 31C3 XOR EBX,EAX
0000000000401527 488B45D8 MOV RAX,QWORD PTR [RBP-28]
000000000040152B 4883C002 ADD RAX,0000000000000002
000000000040152F 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000401532 0FB6C0 MOVZX EAX,AL
0000000000401535 89C7 MOV EDI,EAX
0000000000401537 CC INT 3
0000000000401538 55 PUSH RBP
0000000000401539 4889E5 MOV RBP,RSP
000000000040153C 4883EC20 SUB RSP,0000000000000020
0000000000401540 64488B042528000000 MOV RAX,QWORD PTR FS:[0000000000000028]
0000000000401549 488945F8 MOV QWORD PTR [RBP-08],RAX
000000000040154D 31C0 XOR EAX,EAX
000000000040154F 488D45E0 LEA RAX,[RBP-20]
0000000000401553 BA14000000 MOV EDX,00000014
0000000000401558 BE00000000 MOV ESI,00000000
000000000040155D 4889C7 MOV RDI,RAX
0000000000401560 CC INT 3
0000000000401561 837DFC0F CMP DWORD PTR [RBP-04],0000000F
0000000000401565 CC INT 3
0000000000401566 8B8538FEFFFF MOV EAX,DWORD PTR [RBP-000001C8]
000000000040156C C1E002 SHL EAX,02
000000000040156F 398540FEFFFF CMP DWORD PTR [RBP-000001C0],EAX
0000000000401575 CC INT 3
0000000000401576 31C3 XOR EBX,EAX
0000000000401578 488B45D8 MOV RAX,QWORD PTR [RBP-28]
000000000040157C 4883C003 ADD RAX,0000000000000003
0000000000401580 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000401583 0FB6C0 MOVZX EAX,AL
0000000000401586 89C7 MOV EDI,EAX
0000000000401588 CC INT 3
0000000000401589 CC INT 3
000000000040158A CC INT 3
000000000040158B 89C3 MOV EBX,EAX
000000000040158D 0FB645F4 MOVZX EAX,BYTE PTR [RBP-0C]
0000000000401591 89C7 MOV EDI,EAX
0000000000401593 CC INT 3
0000000000401594 488D45E0 LEA RAX,[RBP-20]
0000000000401598 4889C7 MOV RDI,RAX
000000000040159B CC INT 3
000000000040159C 837DE003 CMP DWORD PTR [RBP-20],00000003
00000000004015A0 CC INT 3
00000000004015A1 31D8 XOR EAX,EBX
00000000004015A3 3245F4 XOR AL,BYTE PTR [RBP-0C]
00000000004015A6 4883C408 ADD RSP,0000000000000008
00000000004015AA 5B POP RBX
00000000004015AB 5D POP RBP
00000000004015AC CC INT 3
00000000004015AD 3245FC XOR AL,BYTE PTR [RBP-04]
00000000004015B0 C9 LEAVE
00000000004015B1 CC INT 3
00000000004015B2 83BD24FEFFFF1F CMP DWORD PTR [RBP-000001DC],0000001F
00000000004015B9 CC INT 3
00000000004015BA 31D8 XOR EAX,EBX
00000000004015BC 8845E6 MOV BYTE PTR [RBP-1A],AL
00000000004015BF 488B45D8 MOV RAX,QWORD PTR [RBP-28]
00000000004015C3 0FB600 MOVZX EAX,BYTE PTR [RAX]
00000000004015C6 0FB6C0 MOVZX EAX,AL
00000000004015C9 89C7 MOV EDI,EAX
00000000004015CB CC INT 3
00000000004015CC 55 PUSH RBP
00000000004015CD 4889E5 MOV RBP,RSP
00000000004015D0 53 PUSH RBX
00000000004015D1 4883EC08 SUB RSP,0000000000000008
00000000004015D5 89F8 MOV EAX,EDI
00000000004015D7 8845F4 MOV BYTE PTR [RBP-0C],AL
00000000004015DA 0FB645F4 MOVZX EAX,BYTE PTR [RBP-0C]
00000000004015DE 89C7 MOV EDI,EAX
00000000004015E0 CC INT 3
00000000004015E1 C9 LEAVE
00000000004015E2 CC INT 3
00000000004015E3 89C2 MOV EDX,EAX
00000000004015E5 488B45D8 MOV RAX,QWORD PTR [RBP-28]
00000000004015E9 4883C001 ADD RAX,0000000000000001
00000000004015ED 0FB600 MOVZX EAX,BYTE PTR [RAX]
00000000004015F0 31C2 XOR EDX,EAX
00000000004015F2 488B45D8 MOV RAX,QWORD PTR [RBP-28]
00000000004015F6 4883C002 ADD RAX,0000000000000002
00000000004015FA 0FB600 MOVZX EAX,BYTE PTR [RAX]
00000000004015FD 31C2 XOR EDX,EAX
00000000004015FF 89D3 MOV EBX,EDX
0000000000401601 488B45D8 MOV RAX,QWORD PTR [RBP-28]
0000000000401605 4883C003 ADD RAX,0000000000000003
0000000000401609 0FB600 MOVZX EAX,BYTE PTR [RAX]
000000000040160C 0FB6C0 MOVZX EAX,AL
000000000040160F 89C7 MOV EDI,EAX
0000000000401611 CC INT 3
0000000000401612 8B45F0 MOV EAX,DWORD PTR [RBP-10]
0000000000401615 4863D0 MOVSXD RDX,EAX
0000000000401618 488B45D8 MOV RAX,QWORD PTR [RBP-28]
000000000040161C 4801D0 ADD RAX,RDX
000000000040161F C60000 MOV BYTE PTR [RAX],00
0000000000401622 8B45F0 MOV EAX,DWORD PTR [RBP-10]
0000000000401625 488B4DF8 MOV RCX,QWORD PTR [RBP-08]
0000000000401629 6448330C2528000000 XOR RCX,QWORD PTR FS:[0000000000000028]
0000000000401632 CC INT 3
0000000000401633 488B8548FEFFFF MOV RAX,QWORD PTR [RBP-000001B8]
000000000040163A 4889C7 MOV RDI,RAX
000000000040163D CC INT 3
000000000040163E 488B053B542000 MOV RAX,QWORD PTR [0000000000606A80]
0000000000401645 B900000000 MOV ECX,00000000
000000000040164A BA02000000 MOV EDX,00000002
000000000040164F BE00000000 MOV ESI,00000000
0000000000401654 4889C7 MOV RDI,RAX
0000000000401657 CC INT 3
0000000000401658 0FB6C0 MOVZX EAX,AL
000000000040165B 89C7 MOV EDI,EAX
000000000040165D CC INT 3
000000000040165E 55 PUSH RBP
000000000040165F 4889E5 MOV RBP,RSP
0000000000401662 4883EC08 SUB RSP,0000000000000008
0000000000401666 89F8 MOV EAX,EDI
0000000000401668 8845FC MOV BYTE PTR [RBP-04],AL
000000000040166B 0FB645FC MOVZX EAX,BYTE PTR [RBP-04]
000000000040166F 89C7 MOV EDI,EAX
0000000000401671 CC INT 3
0000000000401672 8B8540FEFFFF MOV EAX,DWORD PTR [RBP-000001C0]
0000000000401678 99 CDQ
0000000000401679 F7BD38FEFFFF IDIV EAX,DWORD PTR [RBP-000001C8]
000000000040167F 89D0 MOV EAX,EDX
0000000000401681 85C0 TEST EAX,EAX
0000000000401683 CC INT 3
0000000000401684 31C3 XOR EBX,EAX
0000000000401686 89DA MOV EDX,EBX
0000000000401688 488B45D8 MOV RAX,QWORD PTR [RBP-28]
000000000040168C 4883C003 ADD RAX,0000000000000003
0000000000401690 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000401693 31D0 XOR EAX,EDX
0000000000401695 8845E5 MOV BYTE PTR [RBP-1B],AL
0000000000401698 488B45D8 MOV RAX,QWORD PTR [RBP-28]
000000000040169C 0FB610 MOVZX EDX,BYTE PTR [RAX]
000000000040169F 488B45D8 MOV RAX,QWORD PTR [RBP-28]
00000000004016A3 4883C001 ADD RAX,0000000000000001
00000000004016A7 0FB600 MOVZX EAX,BYTE PTR [RAX]
00000000004016AA 89D3 MOV EBX,EDX
00000000004016AC 31C3 XOR EBX,EAX
00000000004016AE 488B45D8 MOV RAX,QWORD PTR [RBP-28]
00000000004016B2 4883C002 ADD RAX,0000000000000002
00000000004016B6 0FB600 MOVZX EAX,BYTE PTR [RAX]
00000000004016B9 0FB6C0 MOVZX EAX,AL
00000000004016BC 89C7 MOV EDI,EAX
00000000004016BE CC INT 3
00000000004016BF 31D8 XOR EAX,EBX
00000000004016C1 8845E7 MOV BYTE PTR [RBP-19],AL
00000000004016C4 0FB655E4 MOVZX EDX,BYTE PTR [RBP-1C]
00000000004016C8 488B45D8 MOV RAX,QWORD PTR [RBP-28]
00000000004016CC 8810 MOV BYTE PTR [RAX],DL
00000000004016CE 488B45D8 MOV RAX,QWORD PTR [RBP-28]
00000000004016D2 488D5001 LEA RDX,[RAX+01]
00000000004016D6 0FB645E5 MOVZX EAX,BYTE PTR [RBP-1B]
00000000004016DA 8802 MOV BYTE PTR [RDX],AL
00000000004016DC 488B45D8 MOV RAX,QWORD PTR [RBP-28]
00000000004016E0 488D5002 LEA RDX,[RAX+02]
00000000004016E4 0FB645E6 MOVZX EAX,BYTE PTR [RBP-1A]
00000000004016E8 8802 MOV BYTE PTR [RDX],AL
00000000004016EA 488B45D8 MOV RAX,QWORD PTR [RBP-28]
00000000004016EE 488D5003 LEA RDX,[RAX+03]
00000000004016F2 0FB645E7 MOVZX EAX,BYTE PTR [RBP-19]
00000000004016F6 8802 MOV BYTE PTR [RDX],AL
00000000004016F8 8345E001 ADD DWORD PTR [RBP-20],00000001
00000000004016FC 488345D804 ADD QWORD PTR [RBP-28],0000000000000004
0000000000401701 CC INT 3
0000000000401702 CC INT 3
0000000000401703 4883C428 ADD RSP,0000000000000028
0000000000401707 5B POP RBX
0000000000401708 5D POP RBP
0000000000401709 CC INT 3
000000000040170A 89C3 MOV EBX,EAX
000000000040170C 0FB645F4 MOVZX EAX,BYTE PTR [RBP-0C]
0000000000401710 89C7 MOV EDI,EAX
0000000000401712 CC INT 3
0000000000401713 83BD20FEFFFF0F CMP DWORD PTR [RBP-000001E0],0000000F
000000000040171A CC INT 3
000000000040171B 488B8548FEFFFF MOV RAX,QWORD PTR [RBP-000001B8]
0000000000401722 4889C7 MOV RDI,RAX
0000000000401725 CC INT 3
0000000000401726 8B45F8 MOV EAX,DWORD PTR [RBP-08]
0000000000401729 C1E005 SHL EAX,05
000000000040172C 89C2 MOV EDX,EAX
000000000040172E 8B45FC MOV EAX,DWORD PTR [RBP-04]
0000000000401731 01D0 ADD EAX,EDX
0000000000401733 4863D0 MOVSXD RDX,EAX
0000000000401736 488D05E3482000 LEA RAX,[0000000000606020]
000000000040173D 0FB63402 MOVZX ESI,BYTE PTR [RDX+RAX]
0000000000401741 8B45FC MOV EAX,DWORD PTR [RBP-04]
0000000000401744 4863D0 MOVSXD RDX,EAX
0000000000401747 488B45E8 MOV RAX,QWORD PTR [RBP-18]
000000000040174B 4801D0 ADD RAX,RDX
000000000040174E 0FB608 MOVZX ECX,BYTE PTR [RAX]
0000000000401751 8B45F8 MOV EAX,DWORD PTR [RBP-08]
0000000000401754 C1E005 SHL EAX,05
0000000000401757 89C2 MOV EDX,EAX
0000000000401759 8B45FC MOV EAX,DWORD PTR [RBP-04]
000000000040175C 01D0 ADD EAX,EDX
000000000040175E 31F1 XOR ECX,ESI
0000000000401760 4863D0 MOVSXD RDX,EAX
0000000000401763 488D05B6482000 LEA RAX,[0000000000606020]
000000000040176A 880C02 MOV BYTE PTR [RDX+RAX],CL
000000000040176D 8B45F8 MOV EAX,DWORD PTR [RBP-08]
0000000000401770 C1E005 SHL EAX,05
0000000000401773 89C2 MOV EDX,EAX
0000000000401775 8B45FC MOV EAX,DWORD PTR [RBP-04]
0000000000401778 01D0 ADD EAX,EDX
000000000040177A 4863D0 MOVSXD RDX,EAX
000000000040177D 488D059C492000 LEA RAX,[0000000000606120]
0000000000401784 0FB63402 MOVZX ESI,BYTE PTR [RDX+RAX]
0000000000401788 8B45FC MOV EAX,DWORD PTR [RBP-04]
000000000040178B 4863D0 MOVSXD RDX,EAX
000000000040178E 488B45E8 MOV RAX,QWORD PTR [RBP-18]
0000000000401792 4801D0 ADD RAX,RDX
0000000000401795 0FB608 MOVZX ECX,BYTE PTR [RAX]
0000000000401798 8B45F8 MOV EAX,DWORD PTR [RBP-08]
000000000040179B C1E005 SHL EAX,05
000000000040179E 89C2 MOV EDX,EAX
00000000004017A0 8B45FC MOV EAX,DWORD PTR [RBP-04]
00000000004017A3 01D0 ADD EAX,EDX
00000000004017A5 31F1 XOR ECX,ESI
00000000004017A7 4863D0 MOVSXD RDX,EAX
00000000004017AA 488D056F492000 LEA RAX,[0000000000606120]
00000000004017B1 880C02 MOV BYTE PTR [RDX+RAX],CL
00000000004017B4 8345FC01 ADD DWORD PTR [RBP-04],00000001
00000000004017B8 CC INT 3
00000000004017B9 488B8548FEFFFF MOV RAX,QWORD PTR [RBP-000001B8]
00000000004017C0 4889C7 MOV RDI,RAX
00000000004017C3 CC INT 3
00000000004017C4 488B45D8 MOV RAX,QWORD PTR [RBP-28]
00000000004017C8 0FB600 MOVZX EAX,BYTE PTR [RAX]
00000000004017CB 0FB6C0 MOVZX EAX,AL
00000000004017CE 89C7 MOV EDI,EAX
00000000004017D0 CC INT 3
00000000004017D1 55 PUSH RBP
00000000004017D2 4889E5 MOV RBP,RSP
00000000004017D5 48897DE8 MOV QWORD PTR [RBP-18],RDI
00000000004017D9 C745FC00000000 MOV DWORD PTR [RBP-04],00000000
00000000004017E0 CC INT 3
00000000004017E1 89C3 MOV EBX,EAX
00000000004017E3 488B45D8 MOV RAX,QWORD PTR [RBP-28]
00000000004017E7 4883C001 ADD RAX,0000000000000001
00000000004017EB 0FB600 MOVZX EAX,BYTE PTR [RAX]
00000000004017EE 0FB6C0 MOVZX EAX,AL
00000000004017F1 89C7 MOV EDI,EAX
00000000004017F3 CC INT 3
00000000004017F4 488B4DF8 MOV RCX,QWORD PTR [RBP-08]
00000000004017F8 6448330C2528000000 XOR RCX,QWORD PTR FS:[0000000000000028]
0000000000401801 CC INT 3
0000000000401802 488B0537522000 MOV RAX,QWORD PTR [0000000000606A40]
0000000000401809 4889C7 MOV RDI,RAX
000000000040180C CC INT 3
000000000040180D 55 PUSH RBP
000000000040180E 4889E5 MOV RBP,RSP
0000000000401811 53 PUSH RBX
0000000000401812 4883EC28 SUB RSP,0000000000000028
0000000000401816 48897DD8 MOV QWORD PTR [RBP-28],RDI
000000000040181A 64488B042528000000 MOV RAX,QWORD PTR FS:[0000000000000028]
0000000000401823 488945E8 MOV QWORD PTR [RBP-18],RAX
0000000000401827 31C0 XOR EAX,EAX
0000000000401829 C745E000000000 MOV DWORD PTR [RBP-20],00000000
0000000000401830 CC INT 3
0000000000401831 838520FEFFFF01 ADD DWORD PTR [RBP-000001E0],00000001
0000000000401838 CC INT 3
0000000000401839 0FB645FC MOVZX EAX,BYTE PTR [RBP-04]
000000000040183D 01C0 ADD EAX,EAX
000000000040183F 83F01B XOR EAX,0000001B
0000000000401842 CC INT 3
0000000000401843 C7852CFEFFFF01000000 MOV DWORD PTR [RBP-000001D4],00000001
000000000040184D CC INT 3
000000000040184E 488B45D8 MOV RAX,QWORD PTR [RBP-28]
0000000000401852 0FB600 MOVZX EAX,BYTE PTR [RAX]
0000000000401855 0FB6C0 MOVZX EAX,AL
0000000000401858 89C7 MOV EDI,EAX
000000000040185A CC INT 3
000000000040185B 31C3 XOR EBX,EAX
000000000040185D 0FB645F4 MOVZX EAX,BYTE PTR [RBP-0C]
0000000000401861 89C7 MOV EDI,EAX
0000000000401863 CC INT 3
0000000000401864 8B8540FEFFFF MOV EAX,DWORD PTR [RBP-000001C0]
000000000040186A 83E801 SUB EAX,00000001
000000000040186D 8D148500000000 LEA EDX,[RAX*4+00000000]
0000000000401874 8B8544FEFFFF MOV EAX,DWORD PTR [RBP-000001BC]
000000000040187A 01D0 ADD EAX,EDX
000000000040187C 4863D0 MOVSXD RDX,EAX
000000000040187F 488B8570FEFFFF MOV RAX,QWORD PTR [RBP-00000190]
0000000000401886 4801D0 ADD RAX,RDX
0000000000401889 0FB610 MOVZX EDX,BYTE PTR [RAX]
000000000040188C 8B8544FEFFFF MOV EAX,DWORD PTR [RBP-000001BC]
0000000000401892 4898 CDQE
0000000000401894 8894057CFEFFFF MOV BYTE PTR [RBP+RAX-00000184],DL
000000000040189B 838544FEFFFF01 ADD DWORD PTR [RBP-000001BC],00000001
00000000004018A2 CC INT 3
00000000004018A3 55 PUSH RBP
00000000004018A4 4889E5 MOV RBP,RSP
00000000004018A7 4883EC08 SUB RSP,0000000000000008
00000000004018AB 89F8 MOV EAX,EDI
00000000004018AD 8845FC MOV BYTE PTR [RBP-04],AL
00000000004018B0 0FB645FC MOVZX EAX,BYTE PTR [RBP-04]
00000000004018B4 89C7 MOV EDI,EAX
00000000004018B6 CC INT 3
00000000004018B7 837DE003 CMP DWORD PTR [RBP-20],00000003
00000000004018BB CC INT 3
00000000004018BC 8B8530FEFFFF MOV EAX,DWORD PTR [RBP-000001D0]
00000000004018C2 83E801 SUB EAX,00000001
00000000004018C5 398534FEFFFF CMP DWORD PTR [RBP-000001CC],EAX
00000000004018CB CC INT 3
00000000004018CC 90 NOP
00000000004018CD CC INT 3
00000000004018CE 55 PUSH RBP
00000000004018CF 4889E5 MOV RBP,RSP
00000000004018D2 4883EC20 SUB RSP,0000000000000020
00000000004018D6 48897DE8 MOV QWORD PTR [RBP-18],RDI
00000000004018DA 488D3D57300000 LEA RDI,[0000000000404938]
00000000004018E1 CC INT 3
00000000004018E2 90 NOP
00000000004018E3 C9 LEAVE
00000000004018E4 CC INT 3
00000000004018E5 488B8558FEFFFF MOV RAX,QWORD PTR [RBP-000001A8]
00000000004018EC 4889C7 MOV RDI,RAX
00000000004018EF CC INT 3
00000000004018F0 0FB6857CFEFFFF MOVZX EAX,BYTE PTR [RBP-00000184]
00000000004018F7 88851FFEFFFF MOV BYTE PTR [RBP-000001E1],AL
00000000004018FD 0FB6857DFEFFFF MOVZX EAX,BYTE PTR [RBP-00000183]
0000000000401904 88857CFEFFFF MOV BYTE PTR [RBP-00000184],AL
000000000040190A 0FB6857EFEFFFF MOVZX EAX,BYTE PTR [RBP-00000182]
0000000000401911 88857DFEFFFF MOV BYTE PTR [RBP-00000183],AL
0000000000401917 0FB6857FFEFFFF MOVZX EAX,BYTE PTR [RBP-00000181]
000000000040191E 88857EFEFFFF MOV BYTE PTR [RBP-00000182],AL
0000000000401924 0FB6851FFEFFFF MOVZX EAX,BYTE PTR [RBP-000001E1]
000000000040192B 88857FFEFFFF MOV BYTE PTR [RBP-00000181],AL
0000000000401931 C78544FEFFFF00000000 MOV DWORD PTR [RBP-000001BC],00000000
000000000040193B CC INT 3
000000000040193C 55 PUSH RBP
000000000040193D 4889E5 MOV RBP,RSP
0000000000401940 48897DE8 MOV QWORD PTR [RBP-18],RDI
0000000000401944 488975E0 MOV QWORD PTR [RBP-20],RSI
0000000000401948 8955DC MOV DWORD PTR [RBP-24],EDX
000000000040194B C745FC00000000 MOV DWORD PTR [RBP-04],00000000
0000000000401952 CC INT 3
0000000000401953 C78544FEFFFF00000000 MOV DWORD PTR [RBP-000001BC],00000000
000000000040195D CC INT 3
000000000040195E 488D85C0FEFFFF LEA RAX,[RBP-00000140]
0000000000401965 4883C010 ADD RAX,0000000000000010
0000000000401969 48898548FEFFFF MOV QWORD PTR [RBP-000001B8],RAX
0000000000401970 488D85F0FEFFFF LEA RAX,[RBP-00000110]
0000000000401977 48898550FEFFFF MOV QWORD PTR [RBP-000001B0],RAX
000000000040197E C78528FEFFFF0A000000 MOV DWORD PTR [RBP-000001D8],0000000A
0000000000401988 488B8D50FEFFFF MOV RCX,QWORD PTR [RBP-000001B0]
000000000040198F 488B8548FEFFFF MOV RAX,QWORD PTR [RBP-000001B8]
0000000000401996 BA00000000 MOV EDX,00000000
000000000040199B 4889CE MOV RSI,RCX
000000000040199E 4889C7 MOV RDI,RAX
00000000004019A1 CC INT 3
00000000004019A2 8B45D4 MOV EAX,DWORD PTR [RBP-2C]
00000000004019A5 83E801 SUB EAX,00000001
00000000004019A8 3945F0 CMP DWORD PTR [RBP-10],EAX
00000000004019AB CC INT 3
00000000004019AC 488B8548FEFFFF MOV RAX,QWORD PTR [RBP-000001B8]
00000000004019B3 4889C7 MOV RDI,RAX
00000000004019B6 CC INT 3
00000000004019B7 8B853CFEFFFF MOV EAX,DWORD PTR [RBP-000001C4]
00000000004019BD 83C001 ADD EAX,00000001
00000000004019C0 C1E002 SHL EAX,02
00000000004019C3 398540FEFFFF CMP DWORD PTR [RBP-000001C0],EAX
00000000004019C9 CC INT 3
00000000004019CA 838520FEFFFF01 ADD DWORD PTR [RBP-000001E0],00000001
00000000004019D1 CC INT 3
00000000004019D2 31C3 XOR EBX,EAX
00000000004019D4 488B45D8 MOV RAX,QWORD PTR [RBP-28]
00000000004019D8 4883C003 ADD RAX,0000000000000003
00000000004019DC 0FB600 MOVZX EAX,BYTE PTR [RAX]
00000000004019DF 0FB6C0 MOVZX EAX,AL
00000000004019E2 89C7 MOV EDI,EAX
00000000004019E4 CC INT 3然后模拟运行,输出程序执行的汇编代码。
然后肉眼判断该代码,知道大概逻辑如下:
1、输出程序logo
2、输入flag
3、修改AES的sbox
4、srand(0x10000),然后用rand()获取16字节key
5、用key加密flag
6、对加密结果xor固定字符串
7、srand(rand()),再rand()出长度为32的字节
8、对随机串异或"Congratulations!This is the correct flag!"(注意,这里少一个空格)
9、比较6和8的结果,一致则判断flag正确
最终写出计算脚本:
python
from ctypes import *
from Crypto.Cipher import AES
def xor(a,b):
return bytes([i^j for i,j in zip(a,b)])
libc = cdll.LoadLibrary('/lib/x86_64-linux-gnu/libc.so.6')
libc.srand(0x10000)
aeskey=[]
for i in range(16):
aeskey.append(libc.rand()&0xff)
libc.srand(libc.rand())
randstr=[]
for i in range(32):
x=libc.rand()
randstr.append(x&0xff)
cipher=AES.new(bytes(aeskey),AES.MODE_ECB)
pt=cipher.decrypt(xor(xor(bytes.fromhex('E28B553869FA80C2644E7FE7130614C5C013D3126BBDF2C788443E09E8A38330'),bytes(randstr)),b'Congratulations!This is the correct flag!'))
print(f'flag{{{pt.decode()}}}')