// https://syzkaller.appspot.com/bug?id=5b9d1e3232dc19d61832a76821bc5fc9b914b4cd // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include __attribute__((noreturn)) static void doexit(int status) { volatile unsigned i; syscall(__NR_exit_group, status); for (i = 0;; i++) { } } #include #include const int kFailStatus = 67; const int kRetryStatus = 69; static void fail(const char* msg, ...) { int e = errno; va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus); } static uint64_t current_time_ms() { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) fail("clock_gettime failed"); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } #define XT_TABLE_SIZE 1536 #define XT_MAX_ENTRIES 10 struct xt_counters { uint64_t pcnt, bcnt; }; struct ipt_getinfo { char name[32]; unsigned int valid_hooks; unsigned int hook_entry[5]; unsigned int underflow[5]; unsigned int num_entries; unsigned int size; }; struct ipt_get_entries { char name[32]; unsigned int size; void* entrytable[XT_TABLE_SIZE / sizeof(void*)]; }; struct ipt_replace { char name[32]; unsigned int valid_hooks; unsigned int num_entries; unsigned int size; unsigned int hook_entry[5]; unsigned int underflow[5]; unsigned int num_counters; struct xt_counters* counters; char entrytable[XT_TABLE_SIZE]; }; struct ipt_table_desc { const char* name; struct ipt_getinfo info; struct ipt_replace replace; }; static struct ipt_table_desc ipv4_tables[] = { {.name = "filter"}, {.name = "nat"}, {.name = "mangle"}, {.name = "raw"}, {.name = "security"}, }; static struct ipt_table_desc ipv6_tables[] = { {.name = "filter"}, {.name = "nat"}, {.name = "mangle"}, {.name = "raw"}, {.name = "security"}, }; #define IPT_BASE_CTL 64 #define IPT_SO_SET_REPLACE (IPT_BASE_CTL) #define IPT_SO_GET_INFO (IPT_BASE_CTL) #define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) struct arpt_getinfo { char name[32]; unsigned int valid_hooks; unsigned int hook_entry[3]; unsigned int underflow[3]; unsigned int num_entries; unsigned int size; }; struct arpt_get_entries { char name[32]; unsigned int size; void* entrytable[XT_TABLE_SIZE / sizeof(void*)]; }; struct arpt_replace { char name[32]; unsigned int valid_hooks; unsigned int num_entries; unsigned int size; unsigned int hook_entry[3]; unsigned int underflow[3]; unsigned int num_counters; struct xt_counters* counters; char entrytable[XT_TABLE_SIZE]; }; struct arpt_table_desc { const char* name; struct arpt_getinfo info; struct arpt_replace replace; }; static struct arpt_table_desc arpt_tables[] = { {.name = "filter"}, }; #define ARPT_BASE_CTL 96 #define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL) #define ARPT_SO_GET_INFO (ARPT_BASE_CTL) #define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1) static void checkpoint_iptables(struct ipt_table_desc* tables, int num_tables, int family, int level) { struct ipt_get_entries entries; socklen_t optlen; int fd, i; fd = socket(family, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(%d, SOCK_STREAM, IPPROTO_TCP)", family); for (i = 0; i < num_tables; i++) { struct ipt_table_desc* table = &tables[i]; strcpy(table->info.name, table->name); strcpy(table->replace.name, table->name); optlen = sizeof(table->info); if (getsockopt(fd, level, IPT_SO_GET_INFO, &table->info, &optlen)) { switch (errno) { case EPERM: case ENOENT: case ENOPROTOOPT: continue; } fail("getsockopt(IPT_SO_GET_INFO)"); } if (table->info.size > sizeof(table->replace.entrytable)) fail("table size is too large: %u", table->info.size); if (table->info.num_entries > XT_MAX_ENTRIES) fail("too many counters: %u", table->info.num_entries); memset(&entries, 0, sizeof(entries)); strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + table->info.size; if (getsockopt(fd, level, IPT_SO_GET_ENTRIES, &entries, &optlen)) fail("getsockopt(IPT_SO_GET_ENTRIES)"); table->replace.valid_hooks = table->info.valid_hooks; table->replace.num_entries = table->info.num_entries; table->replace.size = table->info.size; memcpy(table->replace.hook_entry, table->info.hook_entry, sizeof(table->replace.hook_entry)); memcpy(table->replace.underflow, table->info.underflow, sizeof(table->replace.underflow)); memcpy(table->replace.entrytable, entries.entrytable, table->info.size); } close(fd); } static void reset_iptables(struct ipt_table_desc* tables, int num_tables, int family, int level) { struct xt_counters counters[XT_MAX_ENTRIES]; struct ipt_get_entries entries; struct ipt_getinfo info; socklen_t optlen; int fd, i; fd = socket(family, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(%d, SOCK_STREAM, IPPROTO_TCP)", family); for (i = 0; i < num_tables; i++) { struct ipt_table_desc* table = &tables[i]; if (table->info.valid_hooks == 0) continue; memset(&info, 0, sizeof(info)); strcpy(info.name, table->name); optlen = sizeof(info); if (getsockopt(fd, level, IPT_SO_GET_INFO, &info, &optlen)) fail("getsockopt(IPT_SO_GET_INFO)"); if (memcmp(&table->info, &info, sizeof(table->info)) == 0) { memset(&entries, 0, sizeof(entries)); strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + entries.size; if (getsockopt(fd, level, IPT_SO_GET_ENTRIES, &entries, &optlen)) fail("getsockopt(IPT_SO_GET_ENTRIES)"); if (memcmp(table->replace.entrytable, entries.entrytable, table->info.size) == 0) continue; } table->replace.num_counters = info.num_entries; table->replace.counters = counters; optlen = sizeof(table->replace) - sizeof(table->replace.entrytable) + table->replace.size; if (setsockopt(fd, level, IPT_SO_SET_REPLACE, &table->replace, optlen)) fail("setsockopt(IPT_SO_SET_REPLACE)"); } close(fd); } static void checkpoint_arptables(void) { struct arpt_get_entries entries; socklen_t optlen; unsigned i; int fd; fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); for (i = 0; i < sizeof(arpt_tables) / sizeof(arpt_tables[0]); i++) { struct arpt_table_desc* table = &arpt_tables[i]; strcpy(table->info.name, table->name); strcpy(table->replace.name, table->name); optlen = sizeof(table->info); if (getsockopt(fd, SOL_IP, ARPT_SO_GET_INFO, &table->info, &optlen)) { switch (errno) { case EPERM: case ENOENT: case ENOPROTOOPT: continue; } fail("getsockopt(ARPT_SO_GET_INFO)"); } if (table->info.size > sizeof(table->replace.entrytable)) fail("table size is too large: %u", table->info.size); if (table->info.num_entries > XT_MAX_ENTRIES) fail("too many counters: %u", table->info.num_entries); memset(&entries, 0, sizeof(entries)); strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + table->info.size; if (getsockopt(fd, SOL_IP, ARPT_SO_GET_ENTRIES, &entries, &optlen)) fail("getsockopt(ARPT_SO_GET_ENTRIES)"); table->replace.valid_hooks = table->info.valid_hooks; table->replace.num_entries = table->info.num_entries; table->replace.size = table->info.size; memcpy(table->replace.hook_entry, table->info.hook_entry, sizeof(table->replace.hook_entry)); memcpy(table->replace.underflow, table->info.underflow, sizeof(table->replace.underflow)); memcpy(table->replace.entrytable, entries.entrytable, table->info.size); } close(fd); } static void reset_arptables() { struct xt_counters counters[XT_MAX_ENTRIES]; struct arpt_get_entries entries; struct arpt_getinfo info; socklen_t optlen; unsigned i; int fd; fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); for (i = 0; i < sizeof(arpt_tables) / sizeof(arpt_tables[0]); i++) { struct arpt_table_desc* table = &arpt_tables[i]; if (table->info.valid_hooks == 0) continue; memset(&info, 0, sizeof(info)); strcpy(info.name, table->name); optlen = sizeof(info); if (getsockopt(fd, SOL_IP, ARPT_SO_GET_INFO, &info, &optlen)) fail("getsockopt(ARPT_SO_GET_INFO)"); if (memcmp(&table->info, &info, sizeof(table->info)) == 0) { memset(&entries, 0, sizeof(entries)); strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + entries.size; if (getsockopt(fd, SOL_IP, ARPT_SO_GET_ENTRIES, &entries, &optlen)) fail("getsockopt(ARPT_SO_GET_ENTRIES)"); if (memcmp(table->replace.entrytable, entries.entrytable, table->info.size) == 0) continue; } table->replace.num_counters = info.num_entries; table->replace.counters = counters; optlen = sizeof(table->replace) - sizeof(table->replace.entrytable) + table->replace.size; if (setsockopt(fd, SOL_IP, ARPT_SO_SET_REPLACE, &table->replace, optlen)) fail("setsockopt(ARPT_SO_SET_REPLACE)"); } close(fd); } static void checkpoint_net_namespace(void) { checkpoint_arptables(); checkpoint_iptables(ipv4_tables, sizeof(ipv4_tables) / sizeof(ipv4_tables[0]), AF_INET, SOL_IP); checkpoint_iptables(ipv6_tables, sizeof(ipv6_tables) / sizeof(ipv6_tables[0]), AF_INET6, SOL_IPV6); } static void reset_net_namespace(void) { reset_arptables(); reset_iptables(ipv4_tables, sizeof(ipv4_tables) / sizeof(ipv4_tables[0]), AF_INET, SOL_IP); reset_iptables(ipv6_tables, sizeof(ipv6_tables) / sizeof(ipv6_tables[0]), AF_INET6, SOL_IPV6); } static void test(); void loop() { int iter; checkpoint_net_namespace(); for (iter = 0;; iter++) { int pid = fork(); if (pid < 0) fail("loop fork failed"); if (pid == 0) { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); test(); doexit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { int res = waitpid(-1, &status, __WALL | WNOHANG); if (res == pid) break; usleep(1000); if (current_time_ms() - start > 5 * 1000) { kill(-pid, SIGKILL); kill(pid, SIGKILL); while (waitpid(-1, &status, __WALL) != pid) { } break; } } reset_net_namespace(); } } long r[2]; void test() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 0xa, 6, 0); memcpy((void*)0x20991000, "\x66\x69\x6c\x74\x65\x72\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint32_t*)0x20991020 = 0xe; *(uint32_t*)0x20991024 = 4; *(uint32_t*)0x20991028 = 0x410; *(uint32_t*)0x2099102c = -1; *(uint32_t*)0x20991030 = 0x1c0; *(uint32_t*)0x20991034 = 0xd0; *(uint32_t*)0x20991038 = 0x1c0; *(uint32_t*)0x2099103c = -1; *(uint32_t*)0x20991040 = -1; *(uint32_t*)0x20991044 = 0x340; *(uint32_t*)0x20991048 = 0x340; *(uint32_t*)0x2099104c = 0x340; *(uint32_t*)0x20991050 = -1; *(uint32_t*)0x20991054 = 4; *(uint64_t*)0x20991058 = 0x201b1000; *(uint8_t*)0x20991060 = -1; *(uint8_t*)0x20991061 = 2; *(uint8_t*)0x20991062 = 0; *(uint8_t*)0x20991063 = 0; *(uint8_t*)0x20991064 = 0; *(uint8_t*)0x20991065 = 0; *(uint8_t*)0x20991066 = 0; *(uint8_t*)0x20991067 = 0; *(uint8_t*)0x20991068 = 0; *(uint8_t*)0x20991069 = 0; *(uint8_t*)0x2099106a = 0; *(uint8_t*)0x2099106b = 0; *(uint8_t*)0x2099106c = 0; *(uint8_t*)0x2099106d = 0; *(uint8_t*)0x2099106e = 0; *(uint8_t*)0x2099106f = 1; *(uint64_t*)0x20991070 = htobe64(0); *(uint64_t*)0x20991078 = htobe64(1); *(uint32_t*)0x20991080 = htobe32(0); *(uint32_t*)0x20991084 = htobe32(0); *(uint32_t*)0x20991088 = htobe32(0); *(uint32_t*)0x2099108c = htobe32(0); *(uint32_t*)0x20991090 = htobe32(0); *(uint32_t*)0x20991094 = htobe32(0); *(uint32_t*)0x20991098 = htobe32(0); *(uint32_t*)0x2099109c = htobe32(0); memcpy((void*)0x209910a0, "\x13\xbf\x32\x08\x74\x2c\xbd\xbd\xc2\x85\x28\xbb\x45\x28\xdc\x65", 16); *(uint8_t*)0x209910b0 = 0x73; *(uint8_t*)0x209910b1 = 0x79; *(uint8_t*)0x209910b2 = 0x7a; *(uint8_t*)0x209910b3 = 0; *(uint8_t*)0x209910b4 = 0; *(uint8_t*)0x209910c0 = 0; *(uint8_t*)0x209910c1 = 0; *(uint8_t*)0x209910c2 = 0; *(uint8_t*)0x209910c3 = 0; *(uint8_t*)0x209910c4 = 0; *(uint8_t*)0x209910c5 = 0; *(uint8_t*)0x209910c6 = 0; *(uint8_t*)0x209910c7 = 0; *(uint8_t*)0x209910c8 = 0; *(uint8_t*)0x209910c9 = 0; *(uint8_t*)0x209910ca = 0; *(uint8_t*)0x209910cb = 0; *(uint8_t*)0x209910cc = 0; *(uint8_t*)0x209910cd = 0; *(uint8_t*)0x209910ce = 0; *(uint8_t*)0x209910cf = 0; *(uint8_t*)0x209910d0 = 0; *(uint8_t*)0x209910d1 = 0; *(uint8_t*)0x209910d2 = 0; *(uint8_t*)0x209910d3 = 0; *(uint8_t*)0x209910d4 = 0; *(uint8_t*)0x209910d5 = 0; *(uint8_t*)0x209910d6 = 0; *(uint8_t*)0x209910d7 = 0; *(uint8_t*)0x209910d8 = 0; *(uint8_t*)0x209910d9 = 0; *(uint8_t*)0x209910da = 0; *(uint8_t*)0x209910db = 0; *(uint8_t*)0x209910dc = 0; *(uint8_t*)0x209910dd = 0; *(uint8_t*)0x209910de = 0; *(uint8_t*)0x209910df = 0; *(uint16_t*)0x209910e0 = 0; *(uint8_t*)0x209910e2 = 0; *(uint8_t*)0x209910e3 = 0; *(uint8_t*)0x209910e4 = 0; *(uint32_t*)0x209910e8 = 0; *(uint16_t*)0x209910ec = 0xa8; *(uint16_t*)0x209910ee = 0xd0; *(uint32_t*)0x209910f0 = 0; *(uint64_t*)0x209910f8 = 0; *(uint64_t*)0x20991100 = 0; *(uint16_t*)0x20991108 = 0x28; memcpy((void*)0x2099110a, "\x52\x45\x4a\x45\x43\x54\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20991127 = 0; *(uint32_t*)0x20991128 = 0; *(uint8_t*)0x20991130 = 0xfe; *(uint8_t*)0x20991131 = 0x80; *(uint8_t*)0x20991132 = 0; *(uint8_t*)0x20991133 = 0; *(uint8_t*)0x20991134 = 0; *(uint8_t*)0x20991135 = 0; *(uint8_t*)0x20991136 = 0; *(uint8_t*)0x20991137 = 0; *(uint8_t*)0x20991138 = 0; *(uint8_t*)0x20991139 = 0; *(uint8_t*)0x2099113a = 0; *(uint8_t*)0x2099113b = 0; *(uint8_t*)0x2099113c = 0; *(uint8_t*)0x2099113d = 0; *(uint8_t*)0x2099113e = 0; *(uint8_t*)0x2099113f = 0xaa; *(uint8_t*)0x20991140 = 0; *(uint8_t*)0x20991141 = 0; *(uint8_t*)0x20991142 = 0; *(uint8_t*)0x20991143 = 0; *(uint8_t*)0x20991144 = 0; *(uint8_t*)0x20991145 = 0; *(uint8_t*)0x20991146 = 0; *(uint8_t*)0x20991147 = 0; *(uint8_t*)0x20991148 = 0; *(uint8_t*)0x20991149 = 0; *(uint8_t*)0x2099114a = -1; *(uint8_t*)0x2099114b = -1; *(uint32_t*)0x2099114c = htobe32(0); *(uint32_t*)0x20991150 = htobe32(0); *(uint32_t*)0x20991154 = htobe32(0); *(uint32_t*)0x20991158 = htobe32(0); *(uint32_t*)0x2099115c = htobe32(0); *(uint32_t*)0x20991160 = htobe32(0); *(uint32_t*)0x20991164 = htobe32(0); *(uint32_t*)0x20991168 = htobe32(0); *(uint32_t*)0x2099116c = htobe32(0); memcpy((void*)0x20991170, "\x32\xca\x35\x8e\xf8\xc9\x96\x45\x08\x84\xdc\xaa\xba\x1e\xc8\x9c", 16); *(uint8_t*)0x20991180 = 0x73; *(uint8_t*)0x20991181 = 0x79; *(uint8_t*)0x20991182 = 0x7a; *(uint8_t*)0x20991183 = 0; *(uint8_t*)0x20991184 = 0; *(uint8_t*)0x20991190 = 0; *(uint8_t*)0x20991191 = 0; *(uint8_t*)0x20991192 = 0; *(uint8_t*)0x20991193 = 0; *(uint8_t*)0x20991194 = 0; *(uint8_t*)0x20991195 = 0; *(uint8_t*)0x20991196 = 0; *(uint8_t*)0x20991197 = 0; *(uint8_t*)0x20991198 = 0; *(uint8_t*)0x20991199 = 0; *(uint8_t*)0x2099119a = 0; *(uint8_t*)0x2099119b = 0; *(uint8_t*)0x2099119c = 0; *(uint8_t*)0x2099119d = 0; *(uint8_t*)0x2099119e = 0; *(uint8_t*)0x2099119f = 0; *(uint8_t*)0x209911a0 = 0; *(uint8_t*)0x209911a1 = 0; *(uint8_t*)0x209911a2 = 0; *(uint8_t*)0x209911a3 = 0; *(uint8_t*)0x209911a4 = 0; *(uint8_t*)0x209911a5 = 0; *(uint8_t*)0x209911a6 = 0; *(uint8_t*)0x209911a7 = 0; *(uint8_t*)0x209911a8 = 0; *(uint8_t*)0x209911a9 = 0; *(uint8_t*)0x209911aa = 0; *(uint8_t*)0x209911ab = 0; *(uint8_t*)0x209911ac = 0; *(uint8_t*)0x209911ad = 0; *(uint8_t*)0x209911ae = 0; *(uint8_t*)0x209911af = 0; *(uint16_t*)0x209911b0 = 0; *(uint8_t*)0x209911b2 = 0; *(uint8_t*)0x209911b3 = 0; *(uint8_t*)0x209911b4 = 0; *(uint32_t*)0x209911b8 = 0; *(uint16_t*)0x209911bc = 0xa8; *(uint16_t*)0x209911be = 0xf0; *(uint32_t*)0x209911c0 = 0; *(uint64_t*)0x209911c8 = 0; *(uint64_t*)0x209911d0 = 0; *(uint16_t*)0x209911d8 = 0x48; memcpy((void*)0x209911da, "\x4c\x45\x44\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x209911f7 = 0; memcpy((void*)0x209911f8, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00", 27); *(uint8_t*)0x20991213 = 0; *(uint32_t*)0x20991214 = 0; *(uint64_t*)0x20991218 = 0; *(uint8_t*)0x20991220 = 0; *(uint8_t*)0x20991221 = 0; *(uint8_t*)0x20991222 = 0; *(uint8_t*)0x20991223 = 0; *(uint8_t*)0x20991224 = 0; *(uint8_t*)0x20991225 = 0; *(uint8_t*)0x20991226 = 0; *(uint8_t*)0x20991227 = 0; *(uint8_t*)0x20991228 = 0; *(uint8_t*)0x20991229 = 0; *(uint8_t*)0x2099122a = 0; *(uint8_t*)0x2099122b = 0; *(uint8_t*)0x2099122c = 0; *(uint8_t*)0x2099122d = 0; *(uint8_t*)0x2099122e = 0; *(uint8_t*)0x2099122f = 0; *(uint8_t*)0x20991230 = 0; *(uint8_t*)0x20991231 = 0; *(uint8_t*)0x20991232 = 0; *(uint8_t*)0x20991233 = 0; *(uint8_t*)0x20991234 = 0; *(uint8_t*)0x20991235 = 0; *(uint8_t*)0x20991236 = 0; *(uint8_t*)0x20991237 = 0; *(uint8_t*)0x20991238 = 0; *(uint8_t*)0x20991239 = 0; *(uint8_t*)0x2099123a = 0; *(uint8_t*)0x2099123b = 0; *(uint8_t*)0x2099123c = 0; *(uint8_t*)0x2099123d = 0; *(uint8_t*)0x2099123e = 0; *(uint8_t*)0x2099123f = 0; *(uint8_t*)0x20991240 = 0; *(uint8_t*)0x20991241 = 0; *(uint8_t*)0x20991242 = 0; *(uint8_t*)0x20991243 = 0; *(uint8_t*)0x20991244 = 0; *(uint8_t*)0x20991245 = 0; *(uint8_t*)0x20991246 = 0; *(uint8_t*)0x20991247 = 0; *(uint8_t*)0x20991248 = 0; *(uint8_t*)0x20991249 = 0; *(uint8_t*)0x2099124a = 0; *(uint8_t*)0x2099124b = 0; *(uint8_t*)0x2099124c = 0; *(uint8_t*)0x2099124d = 0; *(uint8_t*)0x2099124e = 0; *(uint8_t*)0x2099124f = 0; *(uint8_t*)0x20991250 = 0; *(uint8_t*)0x20991251 = 0; *(uint8_t*)0x20991252 = 0; *(uint8_t*)0x20991253 = 0; *(uint8_t*)0x20991254 = 0; *(uint8_t*)0x20991255 = 0; *(uint8_t*)0x20991256 = 0; *(uint8_t*)0x20991257 = 0; *(uint8_t*)0x20991258 = 0; *(uint8_t*)0x20991259 = 0; *(uint8_t*)0x2099125a = 0; *(uint8_t*)0x2099125b = 0; *(uint8_t*)0x2099125c = 0; *(uint8_t*)0x2099125d = 0; *(uint8_t*)0x2099125e = 0; *(uint8_t*)0x2099125f = 0; *(uint8_t*)0x20991260 = 0; *(uint8_t*)0x20991261 = 0; *(uint8_t*)0x20991262 = 0; *(uint8_t*)0x20991263 = 0; *(uint8_t*)0x20991264 = 0; *(uint8_t*)0x20991265 = 0; *(uint8_t*)0x20991266 = 0; *(uint8_t*)0x20991267 = 0; *(uint8_t*)0x20991268 = 0; *(uint8_t*)0x20991269 = 0; *(uint8_t*)0x2099126a = 0; *(uint8_t*)0x2099126b = 0; *(uint8_t*)0x2099126c = 0; *(uint8_t*)0x2099126d = 0; *(uint8_t*)0x2099126e = 0; *(uint8_t*)0x2099126f = 0; *(uint8_t*)0x20991270 = 0; *(uint8_t*)0x20991271 = 0; *(uint8_t*)0x20991272 = 0; *(uint8_t*)0x20991273 = 0; *(uint8_t*)0x20991274 = 0; *(uint8_t*)0x20991275 = 0; *(uint8_t*)0x20991276 = 0; *(uint8_t*)0x20991277 = 0; *(uint8_t*)0x20991278 = 0; *(uint8_t*)0x20991279 = 0; *(uint8_t*)0x2099127a = 0; *(uint8_t*)0x2099127b = 0; *(uint8_t*)0x2099127c = 0; *(uint8_t*)0x2099127d = 0; *(uint8_t*)0x2099127e = 0; *(uint8_t*)0x2099127f = 0; *(uint8_t*)0x20991280 = 0; *(uint8_t*)0x20991281 = 0; *(uint8_t*)0x20991282 = 0; *(uint8_t*)0x20991283 = 0; *(uint8_t*)0x20991284 = 0; *(uint8_t*)0x20991285 = 0; *(uint8_t*)0x20991286 = 0; *(uint8_t*)0x20991287 = 0; *(uint8_t*)0x20991288 = 0; *(uint8_t*)0x20991289 = 0; *(uint8_t*)0x2099128a = 0; *(uint8_t*)0x2099128b = 0; *(uint8_t*)0x2099128c = 0; *(uint8_t*)0x2099128d = 0; *(uint8_t*)0x2099128e = 0; *(uint8_t*)0x2099128f = 0; *(uint8_t*)0x20991290 = 0; *(uint8_t*)0x20991291 = 0; *(uint8_t*)0x20991292 = 0; *(uint8_t*)0x20991293 = 0; *(uint8_t*)0x20991294 = 0; *(uint8_t*)0x20991295 = 0; *(uint8_t*)0x20991296 = 0; *(uint8_t*)0x20991297 = 0; *(uint8_t*)0x20991298 = 0; *(uint8_t*)0x20991299 = 0; *(uint8_t*)0x2099129a = 0; *(uint8_t*)0x2099129b = 0; *(uint8_t*)0x2099129c = 0; *(uint8_t*)0x2099129d = 0; *(uint8_t*)0x2099129e = 0; *(uint8_t*)0x2099129f = 0; *(uint8_t*)0x209912a0 = 0; *(uint8_t*)0x209912a1 = 0; *(uint8_t*)0x209912a2 = 0; *(uint8_t*)0x209912a3 = 0; *(uint8_t*)0x209912a4 = 0; *(uint8_t*)0x209912a5 = 0; *(uint8_t*)0x209912a6 = 0; *(uint8_t*)0x209912a7 = 0; *(uint32_t*)0x209912a8 = 0; *(uint16_t*)0x209912ac = 0x138; *(uint16_t*)0x209912ae = 0x180; *(uint32_t*)0x209912b0 = 0; *(uint64_t*)0x209912b8 = 0; *(uint64_t*)0x209912c0 = 0; *(uint16_t*)0x209912c8 = 0x68; memcpy((void*)0x209912ca, "\x69\x70\x72\x61\x6e\x67\x65\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x209912e7 = 1; *(uint8_t*)0x209912e8 = 0xfe; *(uint8_t*)0x209912e9 = 0x80; *(uint8_t*)0x209912ea = 0; *(uint8_t*)0x209912eb = 0; *(uint8_t*)0x209912ec = 0; *(uint8_t*)0x209912ed = 0; *(uint8_t*)0x209912ee = 0; *(uint8_t*)0x209912ef = 0; *(uint8_t*)0x209912f0 = 0; *(uint8_t*)0x209912f1 = 0; *(uint8_t*)0x209912f2 = 0; *(uint8_t*)0x209912f3 = 0; *(uint8_t*)0x209912f4 = 0; *(uint8_t*)0x209912f5 = 0; *(uint8_t*)0x209912f6 = 0; *(uint8_t*)0x209912f7 = 0; *(uint32_t*)0x209912f8 = htobe32(0); *(uint32_t*)0x20991308 = htobe32(-1); *(uint64_t*)0x20991318 = htobe64(0); *(uint64_t*)0x20991320 = htobe64(1); *(uint8_t*)0x20991328 = 1; *(uint16_t*)0x20991330 = 0x28; memcpy((void*)0x20991332, "\x68\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x2099134f = 0; *(uint8_t*)0x20991350 = 0; *(uint8_t*)0x20991351 = 0; *(uint16_t*)0x20991358 = 0x48; memcpy((void*)0x2099135a, "\x54\x45\x45\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20991377 = 1; *(uint8_t*)0x20991378 = 0xac; *(uint8_t*)0x20991379 = 0x14; *(uint8_t*)0x2099137a = 0; *(uint8_t*)0x2099137b = 0xaa; *(uint8_t*)0x20991388 = 0x73; *(uint8_t*)0x20991389 = 0x79; *(uint8_t*)0x2099138a = 0x7a; *(uint8_t*)0x2099138b = 0; *(uint8_t*)0x2099138c = 0; *(uint64_t*)0x20991398 = 0; *(uint8_t*)0x209913a0 = 0; *(uint8_t*)0x209913a1 = 0; *(uint8_t*)0x209913a2 = 0; *(uint8_t*)0x209913a3 = 0; *(uint8_t*)0x209913a4 = 0; *(uint8_t*)0x209913a5 = 0; *(uint8_t*)0x209913a6 = 0; *(uint8_t*)0x209913a7 = 0; *(uint8_t*)0x209913a8 = 0; *(uint8_t*)0x209913a9 = 0; *(uint8_t*)0x209913aa = 0; *(uint8_t*)0x209913ab = 0; *(uint8_t*)0x209913ac = 0; *(uint8_t*)0x209913ad = 0; *(uint8_t*)0x209913ae = 0; *(uint8_t*)0x209913af = 0; *(uint8_t*)0x209913b0 = 0; *(uint8_t*)0x209913b1 = 0; *(uint8_t*)0x209913b2 = 0; *(uint8_t*)0x209913b3 = 0; *(uint8_t*)0x209913b4 = 0; *(uint8_t*)0x209913b5 = 0; *(uint8_t*)0x209913b6 = 0; *(uint8_t*)0x209913b7 = 0; *(uint8_t*)0x209913b8 = 0; *(uint8_t*)0x209913b9 = 0; *(uint8_t*)0x209913ba = 0; *(uint8_t*)0x209913bb = 0; *(uint8_t*)0x209913bc = 0; *(uint8_t*)0x209913bd = 0; *(uint8_t*)0x209913be = 0; *(uint8_t*)0x209913bf = 0; *(uint8_t*)0x209913c0 = 0; *(uint8_t*)0x209913c1 = 0; *(uint8_t*)0x209913c2 = 0; *(uint8_t*)0x209913c3 = 0; *(uint8_t*)0x209913c4 = 0; *(uint8_t*)0x209913c5 = 0; *(uint8_t*)0x209913c6 = 0; *(uint8_t*)0x209913c7 = 0; *(uint8_t*)0x209913c8 = 0; *(uint8_t*)0x209913c9 = 0; *(uint8_t*)0x209913ca = 0; *(uint8_t*)0x209913cb = 0; *(uint8_t*)0x209913cc = 0; *(uint8_t*)0x209913cd = 0; *(uint8_t*)0x209913ce = 0; *(uint8_t*)0x209913cf = 0; *(uint8_t*)0x209913d0 = 0; *(uint8_t*)0x209913d1 = 0; *(uint8_t*)0x209913d2 = 0; *(uint8_t*)0x209913d3 = 0; *(uint8_t*)0x209913d4 = 0; *(uint8_t*)0x209913d5 = 0; *(uint8_t*)0x209913d6 = 0; *(uint8_t*)0x209913d7 = 0; *(uint8_t*)0x209913d8 = 0; *(uint8_t*)0x209913d9 = 0; *(uint8_t*)0x209913da = 0; *(uint8_t*)0x209913db = 0; *(uint8_t*)0x209913dc = 0; *(uint8_t*)0x209913dd = 0; *(uint8_t*)0x209913de = 0; *(uint8_t*)0x209913df = 0; *(uint8_t*)0x209913e0 = 0; *(uint8_t*)0x209913e1 = 0; *(uint8_t*)0x209913e2 = 0; *(uint8_t*)0x209913e3 = 0; *(uint8_t*)0x209913e4 = 0; *(uint8_t*)0x209913e5 = 0; *(uint8_t*)0x209913e6 = 0; *(uint8_t*)0x209913e7 = 0; *(uint8_t*)0x209913e8 = 0; *(uint8_t*)0x209913e9 = 0; *(uint8_t*)0x209913ea = 0; *(uint8_t*)0x209913eb = 0; *(uint8_t*)0x209913ec = 0; *(uint8_t*)0x209913ed = 0; *(uint8_t*)0x209913ee = 0; *(uint8_t*)0x209913ef = 0; *(uint8_t*)0x209913f0 = 0; *(uint8_t*)0x209913f1 = 0; *(uint8_t*)0x209913f2 = 0; *(uint8_t*)0x209913f3 = 0; *(uint8_t*)0x209913f4 = 0; *(uint8_t*)0x209913f5 = 0; *(uint8_t*)0x209913f6 = 0; *(uint8_t*)0x209913f7 = 0; *(uint8_t*)0x209913f8 = 0; *(uint8_t*)0x209913f9 = 0; *(uint8_t*)0x209913fa = 0; *(uint8_t*)0x209913fb = 0; *(uint8_t*)0x209913fc = 0; *(uint8_t*)0x209913fd = 0; *(uint8_t*)0x209913fe = 0; *(uint8_t*)0x209913ff = 0; *(uint8_t*)0x20991400 = 0; *(uint8_t*)0x20991401 = 0; *(uint8_t*)0x20991402 = 0; *(uint8_t*)0x20991403 = 0; *(uint8_t*)0x20991404 = 0; *(uint8_t*)0x20991405 = 0; *(uint8_t*)0x20991406 = 0; *(uint8_t*)0x20991407 = 0; *(uint8_t*)0x20991408 = 0; *(uint8_t*)0x20991409 = 0; *(uint8_t*)0x2099140a = 0; *(uint8_t*)0x2099140b = 0; *(uint8_t*)0x2099140c = 0; *(uint8_t*)0x2099140d = 0; *(uint8_t*)0x2099140e = 0; *(uint8_t*)0x2099140f = 0; *(uint8_t*)0x20991410 = 0; *(uint8_t*)0x20991411 = 0; *(uint8_t*)0x20991412 = 0; *(uint8_t*)0x20991413 = 0; *(uint8_t*)0x20991414 = 0; *(uint8_t*)0x20991415 = 0; *(uint8_t*)0x20991416 = 0; *(uint8_t*)0x20991417 = 0; *(uint8_t*)0x20991418 = 0; *(uint8_t*)0x20991419 = 0; *(uint8_t*)0x2099141a = 0; *(uint8_t*)0x2099141b = 0; *(uint8_t*)0x2099141c = 0; *(uint8_t*)0x2099141d = 0; *(uint8_t*)0x2099141e = 0; *(uint8_t*)0x2099141f = 0; *(uint8_t*)0x20991420 = 0; *(uint8_t*)0x20991421 = 0; *(uint8_t*)0x20991422 = 0; *(uint8_t*)0x20991423 = 0; *(uint8_t*)0x20991424 = 0; *(uint8_t*)0x20991425 = 0; *(uint8_t*)0x20991426 = 0; *(uint8_t*)0x20991427 = 0; *(uint32_t*)0x20991428 = 0; *(uint16_t*)0x2099142c = 0xa8; *(uint16_t*)0x2099142e = 0xd0; *(uint32_t*)0x20991430 = 0; *(uint64_t*)0x20991438 = 0; *(uint64_t*)0x20991440 = 0; *(uint16_t*)0x20991448 = 0x28; memcpy((void*)0x2099144a, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20991467 = 0; *(uint32_t*)0x20991468 = 0xfffffffe; syscall(__NR_setsockopt, r[0], 0x29, 0x40, 0x20991000, 0x470); r[1] = syscall(__NR_socket, 2, 0x80001, 0); memcpy((void*)0x20021000, "\x6e\x61\x74\x00\x00\x00\x00\x00\x02\x00\x00\x00" "\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint32_t*)0x20021020 = 0x1b; *(uint32_t*)0x20021024 = 4; *(uint32_t*)0x20021028 = 0x328; *(uint32_t*)0x2002102c = 0x70; *(uint32_t*)0x20021030 = 0; *(uint32_t*)0x20021034 = -1; *(uint32_t*)0x20021038 = 0x70; *(uint32_t*)0x2002103c = 0x70; *(uint32_t*)0x20021040 = 0; *(uint32_t*)0x20021044 = 0; *(uint32_t*)0x20021048 = -1; *(uint32_t*)0x2002104c = 0; *(uint32_t*)0x20021050 = 0; *(uint32_t*)0x20021054 = 4; *(uint64_t*)0x20021058 = 0x2001dfe5; *(uint32_t*)0x20021060 = htobe32(0xe0000001); *(uint32_t*)0x20021064 = htobe32(-1); *(uint32_t*)0x20021068 = htobe32(0); *(uint32_t*)0x2002106c = htobe32(0); *(uint8_t*)0x20021070 = 0x73; *(uint8_t*)0x20021071 = 0x79; *(uint8_t*)0x20021072 = 0x7a; *(uint8_t*)0x20021073 = 0; *(uint8_t*)0x20021074 = 0; memcpy((void*)0x20021080, "\x67\x72\x65\x74\x61\x70\xe3\x00\x00\xfe\xff\xff\x02\x00\x00\x00", 16); *(uint8_t*)0x20021090 = 2; *(uint8_t*)0x20021091 = 0; *(uint8_t*)0x20021092 = 0; *(uint8_t*)0x20021093 = 0; *(uint8_t*)0x20021094 = 0; *(uint8_t*)0x20021095 = 0; *(uint8_t*)0x20021096 = 0; *(uint8_t*)0x20021097 = 0; *(uint8_t*)0x20021098 = 0; *(uint8_t*)0x20021099 = 0; *(uint8_t*)0x2002109a = 0; *(uint8_t*)0x2002109b = 0; *(uint8_t*)0x2002109c = 0; *(uint8_t*)0x2002109d = 0; *(uint8_t*)0x2002109e = 0; *(uint8_t*)0x2002109f = 0; *(uint8_t*)0x200210a0 = 0; *(uint8_t*)0x200210a1 = 0; *(uint8_t*)0x200210a2 = 0; *(uint8_t*)0x200210a3 = 0; *(uint8_t*)0x200210a4 = 0; *(uint8_t*)0x200210a5 = 0; *(uint8_t*)0x200210a6 = 0; *(uint8_t*)0x200210a7 = 0; *(uint8_t*)0x200210a8 = 0; *(uint8_t*)0x200210a9 = 0; *(uint8_t*)0x200210aa = 0; *(uint8_t*)0x200210ab = 0; *(uint8_t*)0x200210ac = 0; *(uint8_t*)0x200210ad = 0; *(uint8_t*)0x200210ae = 0; *(uint8_t*)0x200210af = 0; *(uint16_t*)0x200210b0 = 0; *(uint8_t*)0x200210b2 = 0; *(uint8_t*)0x200210b3 = 0; *(uint32_t*)0x200210b4 = 0; *(uint16_t*)0x200210b8 = 0x70; *(uint16_t*)0x200210ba = 0xa8; *(uint32_t*)0x200210bc = 0; *(uint64_t*)0x200210c0 = 0; *(uint64_t*)0x200210c8 = 0; *(uint16_t*)0x200210d0 = 0x38; memcpy((void*)0x200210d2, "\x52\x45\x44\x49\x52\x45\x43\x54\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x200210ef = 0; *(uint32_t*)0x200210f0 = 1; *(uint32_t*)0x200210f4 = 0; *(uint32_t*)0x200210f8 = htobe32(0xe0000001); *(uint32_t*)0x200210fc = htobe32(0); *(uint16_t*)0x20021100 = 0; *(uint16_t*)0x20021102 = 0; *(uint8_t*)0x20021108 = 0xac; *(uint8_t*)0x20021109 = 0x14; *(uint8_t*)0x2002110a = 0; *(uint8_t*)0x2002110b = 0xbb; *(uint32_t*)0x2002110c = htobe32(0); *(uint32_t*)0x20021110 = htobe32(0); *(uint32_t*)0x20021114 = htobe32(0); memcpy((void*)0x20021118, "\x6e\x72\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint8_t*)0x20021128 = 0x73; *(uint8_t*)0x20021129 = 0x79; *(uint8_t*)0x2002112a = 0x7a; *(uint8_t*)0x2002112b = 0; *(uint8_t*)0x2002112c = 0; *(uint8_t*)0x20021138 = 0; *(uint8_t*)0x20021139 = 0; *(uint8_t*)0x2002113a = 0; *(uint8_t*)0x2002113b = 0; *(uint8_t*)0x2002113c = 0; *(uint8_t*)0x2002113d = 0; *(uint8_t*)0x2002113e = 0; *(uint8_t*)0x2002113f = 0; *(uint8_t*)0x20021140 = 0; *(uint8_t*)0x20021141 = 0; *(uint8_t*)0x20021142 = 0; *(uint8_t*)0x20021143 = 0; *(uint8_t*)0x20021144 = 0; *(uint8_t*)0x20021145 = 0; *(uint8_t*)0x20021146 = 0; *(uint8_t*)0x20021147 = 0; *(uint8_t*)0x20021148 = 0; *(uint8_t*)0x20021149 = 0; *(uint8_t*)0x2002114a = 0; *(uint8_t*)0x2002114b = 0; *(uint8_t*)0x2002114c = 0; *(uint8_t*)0x2002114d = 0; *(uint8_t*)0x2002114e = 0; *(uint8_t*)0x2002114f = 0; *(uint8_t*)0x20021150 = 0; *(uint8_t*)0x20021151 = 0; *(uint8_t*)0x20021152 = 0; *(uint8_t*)0x20021153 = 0; *(uint8_t*)0x20021154 = 0; *(uint8_t*)0x20021155 = 0; *(uint8_t*)0x20021156 = 0; *(uint8_t*)0x20021157 = 0; *(uint16_t*)0x20021158 = 0; *(uint8_t*)0x2002115a = 0; *(uint8_t*)0x2002115b = 0; *(uint32_t*)0x2002115c = 0; *(uint16_t*)0x20021160 = 0x70; *(uint16_t*)0x20021162 = 0xa8; *(uint32_t*)0x20021164 = 0; *(uint64_t*)0x20021168 = 0; *(uint64_t*)0x20021170 = 0; *(uint16_t*)0x20021178 = 0x38; memcpy((void*)0x2002117a, "\x52\x45\x44\x49\x52\x45\x43\x54\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20021197 = 0; *(uint32_t*)0x20021198 = 1; *(uint32_t*)0x2002119c = 0; *(uint32_t*)0x200211a0 = htobe32(0); *(uint8_t*)0x200211a4 = 0xac; *(uint8_t*)0x200211a5 = 0x14; *(uint8_t*)0x200211a6 = 0; *(uint8_t*)0x200211a7 = 0xbb; *(uint16_t*)0x200211a8 = 0; *(uint16_t*)0x200211aa = 0; *(uint8_t*)0x200211b0 = 0; *(uint8_t*)0x200211b1 = 0; *(uint8_t*)0x200211b2 = 0; *(uint8_t*)0x200211b3 = 0; *(uint8_t*)0x200211b4 = 0; *(uint8_t*)0x200211b5 = 0; *(uint8_t*)0x200211b6 = 0; *(uint8_t*)0x200211b7 = 0; *(uint8_t*)0x200211b8 = 0; *(uint8_t*)0x200211b9 = 0; *(uint8_t*)0x200211ba = 0; *(uint8_t*)0x200211bb = 0; *(uint8_t*)0x200211bc = 0; *(uint8_t*)0x200211bd = 0; *(uint8_t*)0x200211be = 0; *(uint8_t*)0x200211bf = 0; *(uint8_t*)0x200211c0 = 0; *(uint8_t*)0x200211c1 = 0; *(uint8_t*)0x200211c2 = 0; *(uint8_t*)0x200211c3 = 0; *(uint8_t*)0x200211c4 = 0; *(uint8_t*)0x200211c5 = 0; *(uint8_t*)0x200211c6 = 0; *(uint8_t*)0x200211c7 = 0; *(uint8_t*)0x200211c8 = 0; *(uint8_t*)0x200211c9 = 0; *(uint8_t*)0x200211ca = 0; *(uint8_t*)0x200211cb = 0; *(uint8_t*)0x200211cc = 0; *(uint8_t*)0x200211cd = 0; *(uint8_t*)0x200211ce = 0; *(uint8_t*)0x200211cf = 0; *(uint8_t*)0x200211d0 = 0; *(uint8_t*)0x200211d1 = 0; *(uint8_t*)0x200211d2 = 0; *(uint8_t*)0x200211d3 = 0; *(uint8_t*)0x200211d4 = 0; *(uint8_t*)0x200211d5 = 0; *(uint8_t*)0x200211d6 = 0; *(uint8_t*)0x200211d7 = 0; *(uint8_t*)0x200211d8 = 0; *(uint8_t*)0x200211d9 = 0; *(uint8_t*)0x200211da = 0; *(uint8_t*)0x200211db = 0; *(uint8_t*)0x200211dc = 0; *(uint8_t*)0x200211dd = 0; *(uint8_t*)0x200211de = 0; *(uint8_t*)0x200211df = 0; *(uint8_t*)0x200211e0 = 0; *(uint8_t*)0x200211e1 = 0; *(uint8_t*)0x200211e2 = 0; *(uint8_t*)0x200211e3 = 0; *(uint8_t*)0x200211e4 = 0; *(uint8_t*)0x200211e5 = 0; *(uint8_t*)0x200211e6 = 0; *(uint8_t*)0x200211e7 = 0; *(uint8_t*)0x200211e8 = 0; *(uint8_t*)0x200211e9 = 0; *(uint8_t*)0x200211ea = 0; *(uint8_t*)0x200211eb = 0; *(uint8_t*)0x200211ec = 0; *(uint8_t*)0x200211ed = 0; *(uint8_t*)0x200211ee = 0; *(uint8_t*)0x200211ef = 0; *(uint8_t*)0x200211f0 = 0; *(uint8_t*)0x200211f1 = 0; *(uint8_t*)0x200211f2 = 0; *(uint8_t*)0x200211f3 = 0; *(uint8_t*)0x200211f4 = 0; *(uint8_t*)0x200211f5 = 0; *(uint8_t*)0x200211f6 = 0; *(uint8_t*)0x200211f7 = 0; *(uint8_t*)0x200211f8 = 0; *(uint8_t*)0x200211f9 = 0; *(uint8_t*)0x200211fa = 0; *(uint8_t*)0x200211fb = 0; *(uint8_t*)0x200211fc = 0; *(uint8_t*)0x200211fd = 0; *(uint8_t*)0x200211fe = 0; *(uint8_t*)0x200211ff = 0; *(uint8_t*)0x20021200 = 0; *(uint8_t*)0x20021201 = 0; *(uint8_t*)0x20021202 = 0; *(uint8_t*)0x20021203 = 0; *(uint32_t*)0x20021204 = 0; *(uint16_t*)0x20021208 = 0x70; *(uint16_t*)0x2002120a = 0xa8; *(uint32_t*)0x2002120c = 0; *(uint64_t*)0x20021210 = 0; *(uint64_t*)0x20021218 = 0; *(uint16_t*)0x20021220 = 0x38; memcpy((void*)0x20021222, "\x53\x4e\x41\x54\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x2002123f = 0; *(uint32_t*)0x20021240 = 1; *(uint32_t*)0x20021244 = 0; *(uint32_t*)0x20021248 = htobe32(0xe0000002); *(uint8_t*)0x2002124c = 0xac; *(uint8_t*)0x2002124d = 0x14; *(uint8_t*)0x2002124e = 0; *(uint8_t*)0x2002124f = 0; *(uint16_t*)0x20021250 = 0; *(uint16_t*)0x20021252 = 0; *(uint32_t*)0x20021258 = htobe32(0); *(uint32_t*)0x2002125c = htobe32(0); *(uint32_t*)0x20021260 = htobe32(0); *(uint32_t*)0x20021264 = htobe32(0); memcpy((void*)0x20021268, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); memcpy((void*)0x20021278, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint8_t*)0x20021288 = 0; *(uint8_t*)0x20021289 = 0; *(uint8_t*)0x2002128a = 0; *(uint8_t*)0x2002128b = 0; *(uint8_t*)0x2002128c = 0; *(uint8_t*)0x2002128d = 0; *(uint8_t*)0x2002128e = 0; *(uint8_t*)0x2002128f = 0; *(uint8_t*)0x20021290 = 0; *(uint8_t*)0x20021291 = 0; *(uint8_t*)0x20021292 = 0; *(uint8_t*)0x20021293 = 0; *(uint8_t*)0x20021294 = 0; *(uint8_t*)0x20021295 = 0; *(uint8_t*)0x20021296 = 0; *(uint8_t*)0x20021297 = 0; *(uint8_t*)0x20021298 = 0; *(uint8_t*)0x20021299 = 0; *(uint8_t*)0x2002129a = 0; *(uint8_t*)0x2002129b = 0; *(uint8_t*)0x2002129c = 0; *(uint8_t*)0x2002129d = 0; *(uint8_t*)0x2002129e = 0; *(uint8_t*)0x2002129f = 0; *(uint8_t*)0x200212a0 = 0; *(uint8_t*)0x200212a1 = 0; *(uint8_t*)0x200212a2 = 0; *(uint8_t*)0x200212a3 = 0; *(uint8_t*)0x200212a4 = 0; *(uint8_t*)0x200212a5 = 0; *(uint8_t*)0x200212a6 = 0; *(uint8_t*)0x200212a7 = 0; *(uint16_t*)0x200212a8 = 0; *(uint8_t*)0x200212aa = 0; *(uint8_t*)0x200212ab = 0; *(uint32_t*)0x200212ac = 0; *(uint16_t*)0x200212b0 = 0x70; *(uint16_t*)0x200212b2 = 0x98; *(uint32_t*)0x200212b4 = 0; *(uint64_t*)0x200212b8 = 0; *(uint64_t*)0x200212c0 = 0; *(uint16_t*)0x200212c8 = 0x28; memcpy((void*)0x200212ca, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x200212e7 = 0; *(uint32_t*)0x200212e8 = 0; *(uint8_t*)0x200212f0 = 0; *(uint8_t*)0x200212f1 = 0; *(uint8_t*)0x200212f2 = 0; *(uint8_t*)0x200212f3 = 0; *(uint8_t*)0x200212f4 = 0; *(uint8_t*)0x200212f5 = 0; *(uint8_t*)0x200212f6 = 0; *(uint8_t*)0x200212f7 = 0; *(uint8_t*)0x200212f8 = 0; *(uint8_t*)0x200212f9 = 0; *(uint8_t*)0x200212fa = 0; *(uint8_t*)0x200212fb = 0; *(uint8_t*)0x200212fc = 0; *(uint8_t*)0x200212fd = 0; *(uint8_t*)0x200212fe = 0; *(uint8_t*)0x200212ff = 0; *(uint8_t*)0x20021300 = 0; *(uint8_t*)0x20021301 = 0; *(uint8_t*)0x20021302 = 0; *(uint8_t*)0x20021303 = 0; *(uint8_t*)0x20021304 = 0; *(uint8_t*)0x20021305 = 0; *(uint8_t*)0x20021306 = 0; *(uint8_t*)0x20021307 = 0; *(uint8_t*)0x20021308 = 0; *(uint8_t*)0x20021309 = 0; *(uint8_t*)0x2002130a = 0; *(uint8_t*)0x2002130b = 0; *(uint8_t*)0x2002130c = 0; *(uint8_t*)0x2002130d = 0; *(uint8_t*)0x2002130e = 0; *(uint8_t*)0x2002130f = 0; *(uint8_t*)0x20021310 = 0; *(uint8_t*)0x20021311 = 0; *(uint8_t*)0x20021312 = 0; *(uint8_t*)0x20021313 = 0; *(uint8_t*)0x20021314 = 0; *(uint8_t*)0x20021315 = 0; *(uint8_t*)0x20021316 = 0; *(uint8_t*)0x20021317 = 0; *(uint8_t*)0x20021318 = 0; *(uint8_t*)0x20021319 = 0; *(uint8_t*)0x2002131a = 0; *(uint8_t*)0x2002131b = 0; *(uint8_t*)0x2002131c = 0; *(uint8_t*)0x2002131d = 0; *(uint8_t*)0x2002131e = 0; *(uint8_t*)0x2002131f = 0; *(uint8_t*)0x20021320 = 0; *(uint8_t*)0x20021321 = 0; *(uint8_t*)0x20021322 = 0; *(uint8_t*)0x20021323 = 0; *(uint8_t*)0x20021324 = 0; *(uint8_t*)0x20021325 = 0; *(uint8_t*)0x20021326 = 0; *(uint8_t*)0x20021327 = 0; *(uint8_t*)0x20021328 = 0; *(uint8_t*)0x20021329 = 0; *(uint8_t*)0x2002132a = 0; *(uint8_t*)0x2002132b = 0; *(uint8_t*)0x2002132c = 0; *(uint8_t*)0x2002132d = 0; *(uint8_t*)0x2002132e = 0; *(uint8_t*)0x2002132f = 0; *(uint8_t*)0x20021330 = 0; *(uint8_t*)0x20021331 = 0; *(uint8_t*)0x20021332 = 0; *(uint8_t*)0x20021333 = 0; *(uint8_t*)0x20021334 = 0; *(uint8_t*)0x20021335 = 0; *(uint8_t*)0x20021336 = 0; *(uint8_t*)0x20021337 = 0; *(uint8_t*)0x20021338 = 0; *(uint8_t*)0x20021339 = 0; *(uint8_t*)0x2002133a = 0; *(uint8_t*)0x2002133b = 0; *(uint8_t*)0x2002133c = 0; *(uint8_t*)0x2002133d = 0; *(uint8_t*)0x2002133e = 0; *(uint8_t*)0x2002133f = 0; *(uint8_t*)0x20021340 = 0; *(uint8_t*)0x20021341 = 0; *(uint8_t*)0x20021342 = 0; *(uint8_t*)0x20021343 = 0; *(uint32_t*)0x20021344 = 0; *(uint16_t*)0x20021348 = 0x70; *(uint16_t*)0x2002134a = 0x98; *(uint32_t*)0x2002134c = 0; *(uint64_t*)0x20021350 = 0; *(uint64_t*)0x20021358 = 0; *(uint16_t*)0x20021360 = 0x28; memcpy((void*)0x20021362, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x2002137f = 0; *(uint32_t*)0x20021380 = 0x70; syscall(__NR_setsockopt, r[1], 0, 0x30, 0x20021000, 0x388); } int main() { for (;;) { loop(); } }