danial27@castor:~$ ./task3 foobar 10 i am foobar! ---------------------------------------------------------------------------------- danial27@castor:~$ objdump -d task3 task3: file format elf64-littleaarch64 Disassembly of section .text: 0000000000400078 <.text>: 400078: f940031d ldr x29, [x24] // load x29 with 2nd arg stored in x24 40007c: d65f03c0 ret // return from caller of JUMP10 400080: aa1803e0 mov x0, x24 // JUMP19/JUMP21: move exit code 0 in x24 into x0(exit code reg syscall) 400084: d2800ba8 mov x8, #0x5d // #93 // move exit syscall 93(0x5d) into x8(syscall register) 400088: d4000001 svc #0x0 // exit syscall using x0,x8 40008c: 6465656e .inst 0x6465656e ; undefined 400090: 61786520 .inst 0x61786520 ; undefined 400094: 796c7463 ldrh w3, [x3, #5690] 400098: 6f777420 uqshl v0.2d, v1.2d, #55 40009c: 67726120 .inst 0x67726120 ; undefined 4000a0: 6e656d75 umin v21.8h, v11.8h, v5.8h 4000a4: 000a7374 .inst 0x000a7374 ; undefined 4000a8: 00000a21 .inst 0x00000a21 ; undefined 4000ac: d503201f nop 4000b0: a9bd07e0 stp x0, x1, [sp, #-48]! // JUMP12/JUMP16/JUMP17/JUMP20/JUMP22: store pair of registers into sp shifted 6 bytes below stack 4000b4: a90123e2 stp x2, x8, [sp, #16] // store pair of registers 2 bytes above expanded sp 4000b8: f90017fe str x30, [sp, #40] // store x30/lr into address 5 bytes above sp (0x400148) 4000bc: aa1803e1 mov x1, x24 // move address stored in x24 (0x4001b4) into x1 (syscall address of text arg) 4000c0: 94000009 bl 0x4000e4 // branch with link to 0x4000e4 - JUMP13 4000c4: aa1d03e2 mov x2, x29 // move length of prefix string (5 if correct) into x2 (syscall length arg) 4000c8: d2800020 mov x0, #0x1 // #1 // move 1 into register x0 (syscall output type arg) 4000cc: d2800808 mov x8, #0x40 // #64 // move 64(x40) syscall write into x8(syscall register) 4000d0: d4000001 svc #0x0 // write syscall using args x0,x1,x2,x8 4000d4: f94017fe ldr x30, [sp, #40] // load x30/lr from address 5 bytes above sp (0x400148) 4000d8: a94123e2 ldp x2, x8, [sp, #16] // load pair of registers stored 2 bytes above expanded sp 4000dc: a8c307e0 ldp x0, x1, [sp], #48 // load pair of registers stored at stack and then restore back 4000e0: d65f03c0 ret // return from caller of JUMP12/JUMP16/JUMP20, JUMP17->JUMP18, JUMP22->JUMP21 4000e4: 9280001d mov x29, #0xffffffffffffffff // #-1 // JUMP13: move -1 into register x29 4000e8: 910007bd add x29, x29, #0x1 // JUMP14: increment x29 by 1 4000ec: 38401719 ldrb w25, [x24], #1 // load register byte from x24 one at a time 4000f0: 35ffffd9 cbnz w25, 0x4000e8 // check and branch to JUMP14 if register byte not zero 4000f4: d65f03c0 ret // return to caller of JUMP13 4000f8: a9bf63fe stp x30, x24, [sp, #-16]! //person // JUMP7: store new sp(x24) and lr(x30) 2 bytes below stack pointer 4000fc: f900031a str x26, [x24] //x24 // store 2nd arg from x26 into address stored in x24 400100: 91002318 add x24, x24, #0x8 // add 8(0x8) to address value stored in reg x24 400104: 94000014 bl 0x400154 // branch with link to 0x400154 - JUMP8 400108: a8c163fe ldp x30, x24, [sp], #16 // load pointers back from 2 bytes below stack 40010c: 10000739 adr x25, 0x4001f0 // store pc-relative address of 0x4001f0 in x25 400110: f9000b19 str x25, [x24, #16] //x24+2 // store pc-relative address into 2 byte shifted reg x24 (overwrites 0x4001c0) 400114: d65f03c0 ret // return to caller of JUMP7 400118: a9bf63fe stp x30, x24, [sp, #-16]! // JUMP9: store new sp and lr(x30) 2 bytes below stack pointer 40011c: f9400b19 ldr x25, [x24, #16] // load x25 with address stored in shifted x24 (0x4001f0) 400120: f9400739 ldr x25, [x25, #8] // load x25 with address stored in byte-shifted x25 (0x400078) 400124: d63f0320 blr x25 // branch with link to address in x25 - 0x400078 - JUMP10 400128: f10007bf cmp x29, #0x1 // compare 2nd arg with 1 (x29 - 1) 40012c: 54000088 b.hi 0x40013c // b.pmore // branch to 0x40013c if unsigned higher - JUMP11 400130: f84107fe ldr x30, [sp], #16 // store original link address back into x30/lr 400134: 100004b8 adr x24, 0x4001c8 // store address of (goo goo) text into x24 400138: 17ffffde b 0x4000b0 // branch to 0x4000b0 - JUMP22 (print goo goo) 40013c: f94003fe ldr x30, [sp] // JUMP11: store stack pointer into x30/lr (0x4001a8) 400140: 100003b8 adr x24, 0x4001b4 // store pc-relative address of 0x4001b4 into reg x24 400144: 97ffffdb bl 0x4000b0 // branch with link to 0x4000b0 - JUMP12 (print I am ) 400148: a8c163fe ldp x30, x24, [sp], #16 // load pair of sp and lr and restore stack pointer (x30=0x4001a8, sp=0xff440) 40014c: 91002318 add x24, x24, #0x8 // add 8(0x8) to address stored in reg x24 (0xff440->0xff448) 400150: 14000022 b 0x4001d8 // branch to address 0x4001d8 - JUMP15 400154: f9000319 str x25, [x24] //named //x24+1 // JUMP8: store 1st arg from x25 into address stored in x24 (1 byte above 2nd arg) 400158: 10000359 adr x25, 0x4001c0 // store pc-relative address of 0x4001c0 in x25 40015c: f9000719 str x25, [x24, #8] //x24+2 // store pc-relative address into address stored in shifted x24 (1 byte above 1st arg) 400160: d65f03c0 ret // return to caller of JUMP8 400164: f94003f8 ldr x24, [sp] // _start: load number of args provided (stored in stack) 400168: f1000f1f cmp x24, #0x3 // compare args to ensure there are 3 args (command plus to actual args) 40016c: 54000080 b.eq 0x40017c // b.none // if true, jump to 0x40017c - JUMP1 400170: 10fff8f8 adr x24, 0x40008c // else store address of (ERROR) text into x24 400174: 97ffffcf bl 0x4000b0 // branch with link to 0x4000b0 - JUMP20 (print ERROR) 400178: 17ffffc2 b 0x400080 // branch to 0x400080 - JUMP21 40017c: f9400ff8 ldr x24, [sp, #24] // JUMP1: load from stack shifted 3 bytes (sp -> command --> 1st arg --> 2nd arg) 400180: 94000020 bl 0x400200 // branch with link to 0x400200 - JUMP2 400184: d10083ff sub sp, sp, #0x20 // allocate space on stack 4 bytes (32 bits (0x20)) on stack 400188: 910003f8 mov x24, sp // move new stack pointer onto x24 40018c: f9401bf9 ldr x25, [sp, #48] // load x25 with stack pointer shifted 6 bytes (sp -> new alloc -> ... -> 1st arg) 400190: aa1d03fa mov x26, x29 // move 2nd arg from reg x29 to reg x26 400194: 97ffffd9 bl 0x4000f8 // branch with link to 0x4000f8 - JUMP7 400198: 910003f8 mov x24, sp // move original stack pointer onto x24 40019c: f9400b19 ldr x25, [x24, #16] // load x25 with pc-relative address from instr 0x4001f0 ignored? 4001a0: f9400339 ldr x25, [x25] // load x25 with value in x25? but stored 0x400118 4001a4: d63f0320 blr x25 // branch with link to subroutine at 0x400118 - JUMP9 4001a8: 910083ff add sp, sp, #0x20 // JUMP18: restore 4 bytes from stack pointer 4001ac: d2800018 mov x24, #0x0 // #0 // move 0 back into x24 4001b0: 17ffffb4 b 0x400080 // branch to 0x400080 - JUMP19 4001b4: 6d612069 ldp d9, d8, [x3, #-496] 4001b8: 00000020 .inst 0x00000020 ; undefined 4001bc: d503201f nop 4001c0: 004001d8 .inst 0x004001d8 ; undefined 4001c4: 00000000 .inst 0x00000000 ; undefined 4001c8: 206f6f67 .inst 0x206f6f67 ; undefined 4001cc: 0a6f6f67 bic w7, w27, w15, lsr #27 4001d0: 00000000 .inst 0x00000000 ; undefined 4001d4: d503201f nop 4001d8: f81f0ffe str x30, [sp, #-16]! // JUMP15: store x30/lr and expand sp by 2 bytes 4001dc: f9400318 ldr x24, [x24] // load arg 1 into x24 (already loaded?) 4001e0: 97ffffb4 bl 0x4000b0 // branch with link to 0x4000b0 - JUMP16 (print arg 1) 4001e4: f84107fe ldr x30, [sp], #16 // load x30/lr and restore sp 4001e8: 10fff618 adr x24, 0x4000a8 // store pc-relative address of 0x4000a8 back into x24 4001ec: 17ffffb1 b 0x4000b0 // branch to 0x4000b0 - JUMP17 (print !) 4001f0: 00400118 .inst 0x00400118 ; undefined 4001f4: 00000000 .inst 0x00000000 ; undefined 4001f8: 00400078 .inst 0x00400078 ; undefined 4001fc: 00000000 .inst 0x00000000 ; undefined 400200: d280001d mov x29, #0x0 // #0 // JUMP2: move number 0 into reg x29 400204: d280015a mov x26, #0xa // #10 // move number 10(0xa) into reg x26 400208: 38401719 ldrb w25, [x24], #1 // JUMP6: load register byte (individual char) from x24 (2nd arg) into w25 40020c: 340000f9 cbz w25, 0x400228 // check byte zero-terminated and branch to 0x400228 if so - JUMP3 400210: 7100c339 subs w25, w25, #0x30 // subtract 48(0x30) from register byte 400214: 540000a4 b.mi 0x400228 // b.first // branch if w25 negative(char below 0) - JUMP4 400218: 71002b3f cmp w25, #0xa // compare by doing w25 subtract 10(0xa) 40021c: 54000065 b.pl 0x400228 // b.nfrst // branch if above diff is positive(char above 9) - JUMP5 400220: 9b1a67bd madd x29, x29, x26, x25 // multiply x29 by 10 then add loaded register byte x25 (form original number again) 400224: 17fffff9 b 0x400208 // loop branch back to 0x400208 - JUMP6 400228: d65f03c0 ret // JUMP3/JUMP4/JUMP5: return to caller of JUMP2 ---------------------------------------------------------------------------------- danial27@castor:~$ xxd task3 00000000: 7f45 4c46 0201 0100 0000 0000 0000 0000 .ELF............ 00000010: 0200 b700 0100 0000 6401 4000 0000 0000 ........d.@..... 00000020: 4000 0000 0000 0000 4002 0000 0000 0000 @.......@....... 00000030: 0000 0000 4000 3800 0100 4000 0300 0200 ....@.8...@..... 00000040: 0100 0000 0500 0000 0000 0000 0000 0000 ................ 00000050: 0000 4000 0000 0000 0000 4000 0000 0000 ..@.......@..... 00000060: 2c02 0000 0000 0000 2c02 0000 0000 0000 ,.......,....... 00000070: 0000 0100 0000 0000 1d03 40f9 c003 5fd6 ..........@..._. 00000080: e003 18aa a80b 80d2 0100 00d4 6e65 6564 ............need 00000090: 2065 7861 6374 6c79 2074 776f 2061 7267 exactly two arg 000000a0: 756d 656e 7473 0a00 210a 0000 1f20 03d5 uments..!.... .. 000000b0: e007 bda9 e223 01a9 fe17 00f9 e103 18aa .....#.......... 000000c0: 0900 0094 e203 1daa 2000 80d2 0808 80d2 ........ ....... 000000d0: 0100 00d4 fe17 40f9 e223 41a9 e007 c3a8 ......@..#A..... 000000e0: c003 5fd6 1d00 8092 bd07 0091 1917 4038 .._...........@8 000000f0: d9ff ff35 c003 5fd6 fe63 bfa9 1a03 00f9 ...5.._..c...... 00000100: 1823 0091 1400 0094 fe63 c1a8 3907 0010 .#.......c..9... 00000110: 190b 00f9 c003 5fd6 fe63 bfa9 190b 40f9 ......_..c....@. 00000120: 3907 40f9 2003 3fd6 bf07 00f1 8800 0054 9.@. .?........T 00000130: fe07 41f8 b804 0010 deff ff17 fe03 40f9 ..A...........@. 00000140: b803 0010 dbff ff97 fe63 c1a8 1823 0091 .........c...#.. 00000150: 2200 0014 1903 00f9 5903 0010 1907 00f9 ".......Y....... 00000160: c003 5fd6 f803 40f9 1f0f 00f1 8000 0054 .._...@........T 00000170: f8f8 ff10 cfff ff97 c2ff ff17 f80f 40f9 ..............@. 00000180: 2000 0094 ff83 00d1 f803 0091 f91b 40f9 .............@. 00000190: fa03 1daa d9ff ff97 f803 0091 190b 40f9 ..............@. 000001a0: 3903 40f9 2003 3fd6 ff83 0091 1800 80d2 9.@. .?......... 000001b0: b4ff ff17 6920 616d 2000 0000 1f20 03d5 ....i am .... .. 000001c0: d801 4000 0000 0000 676f 6f20 676f 6f0a ..@.....goo goo. 000001d0: 0000 0000 1f20 03d5 fe0f 1ff8 1803 40f9 ..... ........@. 000001e0: b4ff ff97 fe07 41f8 18f6 ff10 b1ff ff17 ......A......... 000001f0: 1801 4000 0000 0000 7800 4000 0000 0000 ..@.....x.@..... 00000200: 1d00 80d2 5a01 80d2 1917 4038 f900 0034 ....Z.....@8...4 00000210: 39c3 0071 a400 0054 3f2b 0071 6500 0054 9..q...T?+.qe..T 00000220: bd67 1a9b f9ff ff17 c003 5fd6 002e 7368 .g........_...sh 00000230: 7374 7274 6162 002e 7465 7874 0000 0000 strtab..text.... 00000240: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000250: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000260: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000270: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000280: 0b00 0000 0100 0000 0600 0000 0000 0000 ................ 00000290: 7800 4000 0000 0000 7800 0000 0000 0000 x.@.....x....... 000002a0: b401 0000 0000 0000 0000 0000 0000 0000 ................ 000002b0: 0800 0000 0000 0000 0000 0000 0000 0000 ................ 000002c0: 0100 0000 0300 0000 0000 0000 0000 0000 ................ 000002d0: 0000 0000 0000 0000 2c02 0000 0000 0000 ........,....... 000002e0: 1100 0000 0000 0000 0000 0000 0000 0000 ................ 000002f0: 0100 0000 0000 0000 0000 0000 0000 0000 ................ ---------------------------------------------------------------------------------- danial27@castor:~$ readelf --sections task3 There are 3 section headers, starting at offset 0x240: Section Headers: [Nr] Name Type Address Offset Size EntSize Flags Link Info Align [ 0] NULL 0000000000000000 00000000 0000000000000000 0000000000000000 0 0 0 [ 1] .text PROGBITS 0000000000400078 00000078 00000000000001b4 0000000000000000 AX 0 0 8 [ 2] .shstrtab STRTAB 0000000000000000 0000022c 0000000000000011 0000000000000000 0 0 1 Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings), I (info), L (link order), O (extra OS processing required), G (group), T (TLS), C (compressed), x (unknown), o (OS specific), E (exclude), p (processor specific) 0x400078-