// https://syzkaller.appspot.com/bug?id=264b703d22effb171549375ad8aa17704033f1ae // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } #define BITMASK(bf_off, bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type, htobe, addr, val, bf_off, bf_len) \ *(type*)(addr) = \ htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | \ (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } struct nlmsg { char* pos; int nesting; struct nlattr* nested[8]; char buf[4096]; }; static void netlink_init(struct nlmsg* nlmsg, int typ, int flags, const void* data, int size) { memset(nlmsg, 0, sizeof(*nlmsg)); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_type = typ; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; memcpy(hdr + 1, data, size); nlmsg->pos = (char*)(hdr + 1) + NLMSG_ALIGN(size); } static void netlink_attr(struct nlmsg* nlmsg, int typ, const void* data, int size) { struct nlattr* attr = (struct nlattr*)nlmsg->pos; attr->nla_len = sizeof(*attr) + size; attr->nla_type = typ; if (size > 0) memcpy(attr + 1, data, size); nlmsg->pos += NLMSG_ALIGN(attr->nla_len); } static int netlink_send_ext(struct nlmsg* nlmsg, int sock, uint16_t reply_type, int* reply_len, bool dofail) { if (nlmsg->pos > nlmsg->buf + sizeof(nlmsg->buf) || nlmsg->nesting) exit(1); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_len = nlmsg->pos - nlmsg->buf; struct sockaddr_nl addr; memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; ssize_t n = sendto(sock, nlmsg->buf, hdr->nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr)); if (n != (ssize_t)hdr->nlmsg_len) { if (dofail) exit(1); return -1; } n = recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); if (reply_len) *reply_len = 0; if (n < 0) { if (dofail) exit(1); return -1; } if (n < (ssize_t)sizeof(struct nlmsghdr)) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type == NLMSG_DONE) return 0; if (reply_len && hdr->nlmsg_type == reply_type) { *reply_len = n; return 0; } if (n < (ssize_t)(sizeof(struct nlmsghdr) + sizeof(struct nlmsgerr))) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type != NLMSG_ERROR) { errno = EINVAL; if (dofail) exit(1); return -1; } errno = -((struct nlmsgerr*)(hdr + 1))->error; return -errno; } static int netlink_send(struct nlmsg* nlmsg, int sock) { return netlink_send_ext(nlmsg, sock, 0, NULL, true); } static int netlink_query_family_id(struct nlmsg* nlmsg, int sock, const char* family_name, bool dofail) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = CTRL_CMD_GETFAMILY; netlink_init(nlmsg, GENL_ID_CTRL, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, CTRL_ATTR_FAMILY_NAME, family_name, strnlen(family_name, GENL_NAMSIZ - 1) + 1); int n = 0; int err = netlink_send_ext(nlmsg, sock, GENL_ID_CTRL, &n, dofail); if (err < 0) { return -1; } uint16_t id = 0; struct nlattr* attr = (struct nlattr*)(nlmsg->buf + NLMSG_HDRLEN + NLMSG_ALIGN(sizeof(genlhdr))); for (; (char*)attr < nlmsg->buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) { id = *(uint16_t*)(attr + 1); break; } } if (!id) { errno = EINVAL; return -1; } recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); return id; } static struct nlmsg nlmsg; #define WIFI_INITIAL_DEVICE_COUNT 2 #define WIFI_MAC_BASE \ { \ 0x08, 0x02, 0x11, 0x00, 0x00, 0x00 \ } #define WIFI_IBSS_BSSID \ { \ 0x50, 0x50, 0x50, 0x50, 0x50, 0x50 \ } #define WIFI_IBSS_SSID \ { \ 0x10, 0x10, 0x10, 0x10, 0x10, 0x10 \ } #define WIFI_DEFAULT_FREQUENCY 2412 #define WIFI_DEFAULT_SIGNAL 0 #define WIFI_DEFAULT_RX_RATE 1 #define HWSIM_CMD_REGISTER 1 #define HWSIM_CMD_FRAME 2 #define HWSIM_CMD_NEW_RADIO 4 #define HWSIM_ATTR_SUPPORT_P2P_DEVICE 14 #define HWSIM_ATTR_PERM_ADDR 22 #define IF_OPER_UP 6 struct join_ibss_props { int wiphy_freq; bool wiphy_freq_fixed; uint8_t* mac; uint8_t* ssid; int ssid_len; }; static int set_interface_state(const char* interface_name, int on) { struct ifreq ifr; int sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { return -1; } memset(&ifr, 0, sizeof(ifr)); strcpy(ifr.ifr_name, interface_name); int ret = ioctl(sock, SIOCGIFFLAGS, &ifr); if (ret < 0) { close(sock); return -1; } if (on) ifr.ifr_flags |= IFF_UP; else ifr.ifr_flags &= ~IFF_UP; ret = ioctl(sock, SIOCSIFFLAGS, &ifr); close(sock); if (ret < 0) { return -1; } return 0; } static int nl80211_set_interface(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, uint32_t iftype) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_SET_INTERFACE; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_IFTYPE, &iftype, sizeof(iftype)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int nl80211_join_ibss(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, struct join_ibss_props* props) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_JOIN_IBSS; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_SSID, props->ssid, props->ssid_len); netlink_attr(nlmsg, NL80211_ATTR_WIPHY_FREQ, &(props->wiphy_freq), sizeof(props->wiphy_freq)); if (props->mac) netlink_attr(nlmsg, NL80211_ATTR_MAC, props->mac, ETH_ALEN); if (props->wiphy_freq_fixed) netlink_attr(nlmsg, NL80211_ATTR_FREQ_FIXED, NULL, 0); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int get_ifla_operstate(struct nlmsg* nlmsg, int ifindex) { struct ifinfomsg info; memset(&info, 0, sizeof(info)); info.ifi_family = AF_UNSPEC; info.ifi_index = ifindex; int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (sock == -1) { return -1; } netlink_init(nlmsg, RTM_GETLINK, 0, &info, sizeof(info)); int n; int err = netlink_send_ext(nlmsg, sock, RTM_NEWLINK, &n, true); close(sock); if (err) { return -1; } struct rtattr* attr = IFLA_RTA(NLMSG_DATA(nlmsg->buf)); for (; RTA_OK(attr, n); attr = RTA_NEXT(attr, n)) { if (attr->rta_type == IFLA_OPERSTATE) return *((int32_t*)RTA_DATA(attr)); } return -1; } static int await_ifla_operstate(struct nlmsg* nlmsg, char* interface, int operstate) { int ifindex = if_nametoindex(interface); while (true) { usleep(1000); int ret = get_ifla_operstate(nlmsg, ifindex); if (ret < 0) return ret; if (ret == operstate) return 0; } return 0; } static int nl80211_setup_ibss_interface(struct nlmsg* nlmsg, int sock, int nl80211_family_id, char* interface, struct join_ibss_props* ibss_props) { int ifindex = if_nametoindex(interface); if (ifindex == 0) { return -1; } int ret = nl80211_set_interface(nlmsg, sock, nl80211_family_id, ifindex, NL80211_IFTYPE_ADHOC); if (ret < 0) { return -1; } ret = set_interface_state(interface, 1); if (ret < 0) { return -1; } ret = nl80211_join_ibss(nlmsg, sock, nl80211_family_id, ifindex, ibss_props); if (ret < 0) { return -1; } return 0; } static int hwsim80211_create_device(struct nlmsg* nlmsg, int sock, int hwsim_family, uint8_t mac_addr[ETH_ALEN]) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_NEW_RADIO; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, HWSIM_ATTR_SUPPORT_P2P_DEVICE, NULL, 0); netlink_attr(nlmsg, HWSIM_ATTR_PERM_ADDR, mac_addr, ETH_ALEN); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static void initialize_wifi_devices(void) { int rfkill = open("/dev/rfkill", O_RDWR); if (rfkill == -1) { if (errno != ENOENT && errno != EACCES) exit(1); } else { struct rfkill_event event = {0}; event.type = RFKILL_TYPE_ALL; event.op = RFKILL_OP_CHANGE_ALL; if (write(rfkill, &event, sizeof(event)) != (ssize_t)(sizeof(event))) exit(1); close(rfkill); } uint8_t mac_addr[6] = WIFI_MAC_BASE; int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return; } int hwsim_family_id = netlink_query_family_id(&nlmsg, sock, "MAC80211_HWSIM", true); int nl80211_family_id = netlink_query_family_id(&nlmsg, sock, "nl80211", true); uint8_t ssid[] = WIFI_IBSS_SSID; uint8_t bssid[] = WIFI_IBSS_BSSID; struct join_ibss_props ibss_props = {.wiphy_freq = WIFI_DEFAULT_FREQUENCY, .wiphy_freq_fixed = true, .mac = bssid, .ssid = ssid, .ssid_len = sizeof(ssid)}; for (int device_id = 0; device_id < WIFI_INITIAL_DEVICE_COUNT; device_id++) { mac_addr[5] = device_id; int ret = hwsim80211_create_device(&nlmsg, sock, hwsim_family_id, mac_addr); if (ret < 0) exit(1); char interface[6] = "wlan0"; interface[4] += device_id; if (nl80211_setup_ibss_interface(&nlmsg, sock, nl80211_family_id, interface, &ibss_props) < 0) exit(1); } for (int device_id = 0; device_id < WIFI_INITIAL_DEVICE_COUNT; device_id++) { char interface[6] = "wlan0"; interface[4] += device_id; int ret = await_ifla_operstate(&nlmsg, interface, IF_OPER_UP); if (ret < 0) exit(1); } close(sock); } #define MAX_FDS 30 static long syz_genetlink_get_family_id(volatile long name, volatile long sock_arg) { int fd = sock_arg; if (fd < 0) { fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } } struct nlmsg nlmsg_tmp; int ret = netlink_query_family_id(&nlmsg_tmp, fd, (char*)name, false); if ((int)sock_arg < 0) close(fd); if (ret < 0) { return -1; } return ret; } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void setup_binderfs() { if (mkdir("/dev/binderfs", 0777)) { } if (mount("binder", "/dev/binderfs", "binder", 0, NULL)) { } if (symlink("/dev/binderfs", "./binderfs")) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setsid(); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); sandbox_common(); drop_caps(); if (unshare(CLONE_NEWNET)) { } write_file("/proc/sys/net/ipv4/ping_group_range", "0 65535"); initialize_wifi_devices(); setup_binderfs(); loop(); exit(1); } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void close_fds() { for (int fd = 3; fd < MAX_FDS; fd++) close(fd); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); close_fds(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[3] = {0x0, 0xffffffffffffffff, 0x0}; void execute_one(void) { intptr_t res = 0; memcpy((void*)0x20000280, "nl80211\000", 8); res = -1; res = syz_genetlink_get_family_id(0x20000280, -1); if (res != -1) r[0] = res; res = syscall(__NR_socket, 0x10ul, 3ul, 0x10); if (res != -1) r[1] = res; memcpy((void*)0x20000000, "wlan0\000\000\000\000\000\000\000\000\000\000\000", 16); res = syscall(__NR_ioctl, r[1], 0x8933, 0x20000000ul); if (res != -1) r[2] = *(uint32_t*)0x20000010; *(uint64_t*)0x20002140 = 0; *(uint32_t*)0x20002148 = 0; *(uint64_t*)0x20002150 = 0x20002100; *(uint64_t*)0x20002100 = 0x20002300; *(uint32_t*)0x20002300 = 0x74c; *(uint16_t*)0x20002304 = r[0]; *(uint16_t*)0x20002306 = 1; *(uint32_t*)0x20002308 = 0; *(uint32_t*)0x2000230c = 0; *(uint8_t*)0x20002310 = 0x66; *(uint8_t*)0x20002311 = 0; *(uint16_t*)0x20002312 = 0; *(uint16_t*)0x20002314 = 8; *(uint16_t*)0x20002316 = 3; *(uint32_t*)0x20002318 = r[2]; *(uint16_t*)0x2000231c = 8; *(uint16_t*)0x2000231e = 0xb7; *(uint32_t*)0x20002320 = 0x1c; *(uint16_t*)0x20002324 = 8; *(uint16_t*)0x20002326 = 0xb7; *(uint32_t*)0x20002328 = 0x3d; *(uint16_t*)0x2000232c = 8; *(uint16_t*)0x2000232e = 0xa0; *(uint32_t*)0x20002330 = 0; *(uint16_t*)0x20002334 = 8; *(uint16_t*)0x20002336 = 0x26; *(uint32_t*)0x20002338 = 0x97b; *(uint16_t*)0x2000233c = 0x44; STORE_BY_BITMASK(uint16_t, , 0x2000233e, 0xb9, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x2000233f, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000233f, 1, 7, 1); *(uint16_t*)0x20002340 = 0x10; *(uint16_t*)0x20002342 = 0xba; *(uint16_t*)0x20002344 = 0x8b; *(uint16_t*)0x20002346 = 2; *(uint16_t*)0x20002348 = 1; *(uint16_t*)0x2000234a = 3; *(uint16_t*)0x2000234c = 0x7f; *(uint16_t*)0x2000234e = 4; *(uint16_t*)0x20002350 = 8; *(uint16_t*)0x20002352 = 0xba; *(uint16_t*)0x20002354 = 5; *(uint16_t*)0x20002356 = 0; *(uint16_t*)0x20002358 = 8; *(uint16_t*)0x2000235a = 0xbb; *(uint16_t*)0x2000235c = 9; *(uint16_t*)0x2000235e = -1; *(uint16_t*)0x20002360 = 0xe; *(uint16_t*)0x20002362 = 0xbb; *(uint16_t*)0x20002364 = 4; *(uint16_t*)0x20002366 = 6; *(uint16_t*)0x20002368 = 8; *(uint16_t*)0x2000236a = 0x8000; *(uint16_t*)0x2000236c = 0x8001; *(uint16_t*)0x20002370 = 0xe; *(uint16_t*)0x20002372 = 0xba; *(uint16_t*)0x20002374 = 0x80; *(uint16_t*)0x20002376 = 0xaa; *(uint16_t*)0x20002378 = 5; *(uint16_t*)0x2000237a = 1; *(uint16_t*)0x2000237c = 4; *(uint16_t*)0x20002380 = 8; *(uint16_t*)0x20002382 = 0xb7; *(uint32_t*)0x20002384 = 0x41; *(uint16_t*)0x20002388 = 4; *(uint16_t*)0x2000238a = 0xb8; *(uint16_t*)0x2000238c = 0x68c; STORE_BY_BITMASK(uint16_t, , 0x2000238e, 0xb9, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x2000238f, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000238f, 1, 7, 1); *(uint16_t*)0x20002390 = 0x12; *(uint16_t*)0x20002392 = 0xbb; *(uint16_t*)0x20002394 = 0x1ff; *(uint16_t*)0x20002396 = 0x200; *(uint16_t*)0x20002398 = 9; *(uint16_t*)0x2000239a = 1; *(uint16_t*)0x2000239c = 8; *(uint16_t*)0x2000239e = 0x100; *(uint16_t*)0x200023a0 = 4; *(uint16_t*)0x200023a4 = 0x102; *(uint16_t*)0x200023a6 = 0x7f; *(uint8_t*)0x200023a8 = 0x37; *(uint8_t*)0x200023a9 = 0x5c; *(uint8_t*)0x200023aa = 0x81; *(uint8_t*)0x200023ab = 5; memcpy((void*)0x200023ac, "\x0f\x00\xa8\xf4\xcf\x60\x39\xac\x4b\x6a\xb2\x45\x8e\x3f\x36\x16", 16); memcpy((void*)0x200023bc, "\x6c\xf8\x34\x33\x2e\xae\xd8\x93\x5d\x22\x91\x83\x2f\x75\xac\xee\x6c" "\x4d\xcc\x57\x3f\x4a\x0f\x4e\x94\x57\xcc\x01\x31\x6e\xc3\x07", 32); memcpy((void*)0x200023dc, "\xa1\x72\x76\x66\x8d\x73\xd1\x09\x1f\xa8\x47\xdb\x98\xb0\xa6\xc9\x18" "\x1c\x90\x09\xbe\xdf\x73\x89\x08\x8a\xab\x36\x80\x3c\x46\xfc", 32); *(uint8_t*)0x200023fc = 2; *(uint8_t*)0x200023fd = 0; *(uint8_t*)0x200023fe = 3; *(uint8_t*)0x200023ff = 0; *(uint8_t*)0x20002400 = 1; *(uint8_t*)0x20002401 = 0; *(uint8_t*)0x20002402 = 1; *(uint8_t*)0x20002403 = 0; *(uint8_t*)0x20002404 = 1; *(uint8_t*)0x20002405 = 0; *(uint8_t*)0x20002406 = 0x82; *(uint8_t*)0x20002407 = 0x72; STORE_BY_BITMASK(uint8_t, , 0x20002408, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20002408, 1, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20002408, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20002408, 0, 3, 3); STORE_BY_BITMASK(uint8_t, , 0x20002408, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002408, 0, 7, 1); *(uint8_t*)0x20002409 = 0xa; *(uint8_t*)0x2000240a = 0x40; *(uint32_t*)0x2000240b = 0x401; *(uint8_t*)0x2000240f = 8; *(uint8_t*)0x20002410 = 2; *(uint8_t*)0x20002411 = 0x11; *(uint8_t*)0x20002412 = 0; *(uint8_t*)0x20002413 = 0; *(uint8_t*)0x20002414 = 0; *(uint32_t*)0x20002415 = 0x20; *(uint32_t*)0x20002419 = 7; *(uint32_t*)0x2000241d = 4; *(uint8_t*)0x20002421 = 8; STORE_BY_BITMASK(uint8_t, , 0x20002422, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20002422, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20002422, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20002422, 0, 3, 5); *(uint8_t*)0x20002423 = 8; *(uint8_t*)0x20002424 = 2; *(uint8_t*)0x20002425 = 0x11; *(uint8_t*)0x20002426 = 0; *(uint8_t*)0x20002427 = 0; *(uint8_t*)0x20002428 = 1; *(uint32_t*)0x20002429 = 2; STORE_BY_BITMASK(uint8_t, , 0x2000242d, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x2000242d, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x2000242d, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x2000242d, 0, 3, 5); *(uint8_t*)0x2000242e = 8; *(uint8_t*)0x2000242f = 2; *(uint8_t*)0x20002430 = 0x11; *(uint8_t*)0x20002431 = 0; *(uint8_t*)0x20002432 = 0; *(uint8_t*)0x20002433 = 1; *(uint32_t*)0x20002434 = 2; STORE_BY_BITMASK(uint8_t, , 0x20002438, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20002438, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20002438, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20002438, 0, 3, 5); memset((void*)0x20002439, 255, 6); *(uint32_t*)0x2000243f = 6; STORE_BY_BITMASK(uint8_t, , 0x20002443, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20002443, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20002443, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20002443, 0, 3, 5); *(uint8_t*)0x20002444 = 8; *(uint8_t*)0x20002445 = 2; *(uint8_t*)0x20002446 = 0x11; *(uint8_t*)0x20002447 = 0; *(uint8_t*)0x20002448 = 0; *(uint8_t*)0x20002449 = 1; *(uint32_t*)0x2000244a = 7; STORE_BY_BITMASK(uint8_t, , 0x2000244e, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x2000244e, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x2000244e, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x2000244e, 0, 3, 5); memset((void*)0x2000244f, 255, 6); *(uint32_t*)0x20002455 = 3; STORE_BY_BITMASK(uint8_t, , 0x20002459, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20002459, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20002459, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20002459, 0, 3, 5); memset((void*)0x2000245a, 255, 6); *(uint32_t*)0x20002460 = 0x1ff; STORE_BY_BITMASK(uint8_t, , 0x20002464, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20002464, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20002464, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20002464, 0, 3, 5); memset((void*)0x20002465, 255, 6); *(uint32_t*)0x2000246b = 5; STORE_BY_BITMASK(uint8_t, , 0x2000246f, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x2000246f, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x2000246f, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x2000246f, 0, 3, 5); memset((void*)0x20002470, 255, 6); *(uint32_t*)0x20002476 = -1; *(uint8_t*)0x2000247a = 6; *(uint8_t*)0x2000247b = 2; *(uint16_t*)0x2000247c = 0x600; *(uint8_t*)0x2000247e = 0x2a; *(uint8_t*)0x2000247f = 1; STORE_BY_BITMASK(uint8_t, , 0x20002480, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20002480, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20002480, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20002480, 0, 3, 5); *(uint8_t*)0x20002481 = 0x72; *(uint8_t*)0x20002482 = 6; memset((void*)0x20002483, 3, 6); *(uint8_t*)0x20002489 = 0x2a; *(uint8_t*)0x2000248a = 1; STORE_BY_BITMASK(uint8_t, , 0x2000248b, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x2000248b, 1, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x2000248b, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x2000248b, 0, 3, 5); *(uint8_t*)0x2000248c = 0x20; *(uint8_t*)0x2000248d = 0; *(uint8_t*)0x2000248e = 0x75; *(uint8_t*)0x2000248f = 0x16; *(uint16_t*)0x20002490 = 1; *(uint16_t*)0x20002492 = 0xff; *(uint16_t*)0x20002494 = 5; memcpy((void*)0x20002496, "\xda\xfd\x1d\x8e\x98\x3f\x3d\xb7\x38\xf0\x4d\x8a\x95\xc4\x66\xfe", 16); *(uint16_t*)0x200024a8 = 0x10; STORE_BY_BITMASK(uint16_t, , 0x200024aa, 0x10e, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200024ab, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200024ab, 1, 7, 1); *(uint16_t*)0x200024ac = 4; *(uint16_t*)0x200024ae = 2; *(uint16_t*)0x200024b0 = 4; *(uint16_t*)0x200024b2 = 2; *(uint16_t*)0x200024b4 = 4; *(uint16_t*)0x200024b6 = 3; *(uint16_t*)0x200024b8 = 0xdd; *(uint16_t*)0x200024ba = 0xf; *(uint8_t*)0x200024bc = 4; *(uint8_t*)0x200024bd = 6; *(uint8_t*)0x200024be = 2; *(uint8_t*)0x200024bf = 0x80; *(uint16_t*)0x200024c0 = 6; *(uint16_t*)0x200024c2 = 8; *(uint8_t*)0x200024c4 = 3; *(uint8_t*)0x200024c5 = 1; *(uint8_t*)0x200024c6 = 0x3c; *(uint8_t*)0x200024c7 = 0x65; *(uint8_t*)0x200024c8 = 0x12; *(uint8_t*)0x200024c9 = 8; *(uint8_t*)0x200024ca = 2; *(uint8_t*)0x200024cb = 0x11; *(uint8_t*)0x200024cc = 0; *(uint8_t*)0x200024cd = 0; *(uint8_t*)0x200024ce = 1; *(uint8_t*)0x200024cf = 8; *(uint8_t*)0x200024d0 = 2; *(uint8_t*)0x200024d1 = 0x11; *(uint8_t*)0x200024d2 = 0; *(uint8_t*)0x200024d3 = 0; *(uint8_t*)0x200024d4 = 0; memset((void*)0x200024d5, 255, 6); *(uint8_t*)0x200024db = 0x83; *(uint8_t*)0x200024dc = 0x1f; STORE_BY_BITMASK(uint8_t, , 0x200024dd, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x200024dd, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x200024dd, 0, 7, 1); *(uint8_t*)0x200024de = 8; *(uint8_t*)0x200024df = 0x26; *(uint8_t*)0x200024e0 = 8; *(uint8_t*)0x200024e1 = 2; *(uint8_t*)0x200024e2 = 0x11; *(uint8_t*)0x200024e3 = 0; *(uint8_t*)0x200024e4 = 0; *(uint8_t*)0x200024e5 = 0; *(uint32_t*)0x200024e6 = 8; *(uint32_t*)0x200024ea = 4; *(uint32_t*)0x200024ee = 6; *(uint8_t*)0x200024f2 = 8; *(uint8_t*)0x200024f3 = 2; *(uint8_t*)0x200024f4 = 0x11; *(uint8_t*)0x200024f5 = 0; *(uint8_t*)0x200024f6 = 0; *(uint8_t*)0x200024f7 = 1; *(uint32_t*)0x200024f8 = 0xdd; *(uint8_t*)0x200024fc = 0x76; *(uint8_t*)0x200024fd = 6; *(uint8_t*)0x200024fe = 0x80; *(uint8_t*)0x200024ff = 6; *(uint16_t*)0x20002500 = 8; *(uint16_t*)0x20002502 = 1; *(uint8_t*)0x20002504 = 0x2d; *(uint8_t*)0x20002505 = 0x1a; *(uint16_t*)0x20002506 = 0x20; STORE_BY_BITMASK(uint8_t, , 0x20002508, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20002508, 5, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20002508, 0, 5, 3); *(uint64_t*)0x20002509 = 0x100000001; STORE_BY_BITMASK(uint64_t, , 0x20002511, 4, 0, 13); STORE_BY_BITMASK(uint64_t, , 0x20002512, 0, 5, 3); STORE_BY_BITMASK(uint64_t, , 0x20002513, 5, 0, 10); STORE_BY_BITMASK(uint64_t, , 0x20002514, 0, 2, 6); STORE_BY_BITMASK(uint64_t, , 0x20002515, 0, 0, 1); STORE_BY_BITMASK(uint64_t, , 0x20002515, 0, 1, 1); STORE_BY_BITMASK(uint64_t, , 0x20002515, 3, 2, 2); STORE_BY_BITMASK(uint64_t, , 0x20002515, 1, 4, 1); STORE_BY_BITMASK(uint64_t, , 0x20002515, 0, 5, 27); *(uint16_t*)0x20002519 = 0x300; *(uint32_t*)0x2000251b = 0xffff; *(uint8_t*)0x2000251f = 0x52; *(uint8_t*)0x20002520 = 0x82; *(uint8_t*)0x20002521 = 0x6d; STORE_BY_BITMASK(uint8_t, , 0x20002522, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20002522, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20002522, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20002522, 0, 3, 3); STORE_BY_BITMASK(uint8_t, , 0x20002522, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002522, 0, 7, 1); *(uint8_t*)0x20002523 = 0xc8; *(uint8_t*)0x20002524 = 3; *(uint32_t*)0x20002525 = 0x40; memset((void*)0x20002529, 255, 6); *(uint32_t*)0x2000252f = 3; memset((void*)0x20002533, 255, 6); *(uint32_t*)0x20002539 = 3; *(uint32_t*)0x2000253d = 1; *(uint8_t*)0x20002541 = 7; STORE_BY_BITMASK(uint8_t, , 0x20002542, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20002542, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20002542, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20002542, 0, 3, 5); *(uint8_t*)0x20002543 = 8; *(uint8_t*)0x20002544 = 2; *(uint8_t*)0x20002545 = 0x11; *(uint8_t*)0x20002546 = 0; *(uint8_t*)0x20002547 = 0; *(uint8_t*)0x20002548 = 0; *(uint32_t*)0x20002549 = 0x200; STORE_BY_BITMASK(uint8_t, , 0x2000254d, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x2000254d, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x2000254d, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x2000254d, 0, 3, 5); *(uint8_t*)0x2000254e = 8; *(uint8_t*)0x2000254f = 2; *(uint8_t*)0x20002550 = 0x11; *(uint8_t*)0x20002551 = 0; *(uint8_t*)0x20002552 = 0; *(uint8_t*)0x20002553 = 0; *(uint32_t*)0x20002554 = 1; STORE_BY_BITMASK(uint8_t, , 0x20002558, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20002558, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20002558, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20002558, 0, 3, 5); *(uint8_t*)0x20002559 = 8; *(uint8_t*)0x2000255a = 2; *(uint8_t*)0x2000255b = 0x11; *(uint8_t*)0x2000255c = 0; *(uint8_t*)0x2000255d = 0; *(uint8_t*)0x2000255e = 0; *(uint32_t*)0x2000255f = 4; STORE_BY_BITMASK(uint8_t, , 0x20002563, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20002563, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20002563, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20002563, 0, 3, 5); *(uint8_t*)0x20002564 = 8; *(uint8_t*)0x20002565 = 2; *(uint8_t*)0x20002566 = 0x11; *(uint8_t*)0x20002567 = 0; *(uint8_t*)0x20002568 = 0; *(uint8_t*)0x20002569 = 0; *(uint32_t*)0x2000256a = 7; STORE_BY_BITMASK(uint8_t, , 0x2000256e, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x2000256e, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x2000256e, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x2000256e, 0, 3, 5); *(uint8_t*)0x2000256f = 8; *(uint8_t*)0x20002570 = 2; *(uint8_t*)0x20002571 = 0x11; *(uint8_t*)0x20002572 = 0; *(uint8_t*)0x20002573 = 0; *(uint8_t*)0x20002574 = 0; *(uint32_t*)0x20002575 = 0x8002; STORE_BY_BITMASK(uint8_t, , 0x20002579, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20002579, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20002579, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20002579, 0, 3, 5); *(uint8_t*)0x2000257a = 8; *(uint8_t*)0x2000257b = 2; *(uint8_t*)0x2000257c = 0x11; *(uint8_t*)0x2000257d = 0; *(uint8_t*)0x2000257e = 0; *(uint8_t*)0x2000257f = 0; *(uint32_t*)0x20002580 = 0x800; STORE_BY_BITMASK(uint8_t, , 0x20002584, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20002584, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20002584, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20002584, 0, 3, 5); *(uint8_t*)0x20002585 = 8; *(uint8_t*)0x20002586 = 2; *(uint8_t*)0x20002587 = 0x11; *(uint8_t*)0x20002588 = 0; *(uint8_t*)0x20002589 = 0; *(uint8_t*)0x2000258a = 0; *(uint32_t*)0x2000258b = 5; *(uint8_t*)0x2000258f = 0x68; *(uint8_t*)0x20002590 = 4; *(uint16_t*)0x20002591 = 0xb05c; *(uint16_t*)0x20002593 = 8; *(uint16_t*)0x20002598 = 0x1e; *(uint16_t*)0x2000259a = 0x80; *(uint8_t*)0x2000259c = 0x8c; *(uint8_t*)0x2000259d = 0x18; *(uint16_t*)0x2000259e = 0xbd2; memcpy((void*)0x200025a0, "\x57\x0c\xd8\x12\x88\x26", 6); memcpy((void*)0x200025a6, "\x1c\x8c\x96\xab\x0b\xde\xd8\xdf\xe5\x2d\xba\x3f\x6d\x41\x04\x02", 16); *(uint16_t*)0x200025b8 = 9; *(uint16_t*)0x200025ba = 0xf; *(uint8_t*)0x200025bc = 1; *(uint8_t*)0x200025bd = 0; *(uint8_t*)0x200025be = 0x2a; *(uint8_t*)0x200025bf = 1; STORE_BY_BITMASK(uint8_t, , 0x200025c0, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200025c0, 1, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x200025c0, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x200025c0, 0, 3, 5); *(uint16_t*)0x200025c4 = 0x67; *(uint16_t*)0x200025c6 = 0xe; STORE_BY_BITMASK(uint8_t, , 0x200025c8, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x200025c8, 0, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x200025c8, 8, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x200025c9, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200025c9, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x200025c9, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x200025c9, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x200025c9, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x200025c9, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x200025c9, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x200025c9, 1, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x200025ca, 4, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x200025cb, 0, 7, 1); memset((void*)0x200025cc, 255, 6); *(uint8_t*)0x200025d2 = 8; *(uint8_t*)0x200025d3 = 2; *(uint8_t*)0x200025d4 = 0x11; *(uint8_t*)0x200025d5 = 0; *(uint8_t*)0x200025d6 = 0; *(uint8_t*)0x200025d7 = 0; memset((void*)0x200025d8, 80, 6); STORE_BY_BITMASK(uint16_t, , 0x200025de, 9, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x200025de, 0x20, 4, 12); STORE_BY_BITMASK(uint16_t, , 0x200025e0, 0, 0, 1); STORE_BY_BITMASK(uint16_t, , 0x200025e0, 0x1f, 1, 15); STORE_BY_BITMASK(uint8_t, , 0x200025e2, 1, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x200025e2, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x200025e2, 0, 4, 2); STORE_BY_BITMASK(uint8_t, , 0x200025e2, 2, 6, 2); STORE_BY_BITMASK(uint8_t, , 0x200025e3, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200025e3, 0, 1, 5); STORE_BY_BITMASK(uint8_t, , 0x200025e3, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x200025e3, 0, 7, 1); *(uint64_t*)0x200025e4 = 2; *(uint16_t*)0x200025ec = 6; *(uint16_t*)0x200025ee = 0x5002; *(uint8_t*)0x200025f0 = 0; *(uint8_t*)0x200025f1 = 6; memset((void*)0x200025f2, 2, 6); *(uint8_t*)0x200025f8 = 1; *(uint8_t*)0x200025f9 = 7; STORE_BY_BITMASK(uint8_t, , 0x200025fa, 6, 0, 7); STORE_BY_BITMASK(uint8_t, , 0x200025fa, 1, 7, 1); STORE_BY_BITMASK(uint8_t, , 0x200025fb, 0x48, 0, 7); STORE_BY_BITMASK(uint8_t, , 0x200025fb, 0, 7, 1); STORE_BY_BITMASK(uint8_t, , 0x200025fc, 0x36, 0, 7); STORE_BY_BITMASK(uint8_t, , 0x200025fc, 1, 7, 1); STORE_BY_BITMASK(uint8_t, , 0x200025fd, 5, 0, 7); STORE_BY_BITMASK(uint8_t, , 0x200025fd, 1, 7, 1); STORE_BY_BITMASK(uint8_t, , 0x200025fe, 0x6c, 0, 7); STORE_BY_BITMASK(uint8_t, , 0x200025fe, 0, 7, 1); STORE_BY_BITMASK(uint8_t, , 0x200025ff, 9, 0, 7); STORE_BY_BITMASK(uint8_t, , 0x200025ff, 1, 7, 1); STORE_BY_BITMASK(uint8_t, , 0x20002600, 0x1b, 0, 7); STORE_BY_BITMASK(uint8_t, , 0x20002600, 1, 7, 1); *(uint8_t*)0x20002601 = 3; *(uint8_t*)0x20002602 = 1; *(uint8_t*)0x20002603 = 0x2c; *(uint8_t*)0x20002604 = 4; *(uint8_t*)0x20002605 = 6; *(uint8_t*)0x20002606 = 2; *(uint8_t*)0x20002607 = 1; *(uint16_t*)0x20002608 = 1; *(uint16_t*)0x2000260a = 0x1ff; *(uint8_t*)0x2000260c = 6; *(uint8_t*)0x2000260d = 2; *(uint16_t*)0x2000260e = 2; *(uint8_t*)0x20002610 = 0x2a; *(uint8_t*)0x20002611 = 1; STORE_BY_BITMASK(uint8_t, , 0x20002612, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20002612, 1, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20002612, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20002612, 0, 3, 5); *(uint8_t*)0x20002613 = 0x72; *(uint8_t*)0x20002614 = 6; memset((void*)0x20002615, 3, 6); *(uint8_t*)0x2000261b = 0x76; *(uint8_t*)0x2000261c = 6; *(uint8_t*)0x2000261d = -1; *(uint8_t*)0x2000261e = 8; *(uint16_t*)0x2000261f = 6; *(uint16_t*)0x20002621 = 4; *(uint8_t*)0x20002623 = 0xdd; *(uint8_t*)0x20002624 = 6; memcpy((void*)0x20002625, "\xcb\x30\xe3\xbc\x0d\xb0", 6); *(uint16_t*)0x2000262c = 8; STORE_BY_BITMASK(uint16_t, , 0x2000262e, 0x10e, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x2000262f, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000262f, 1, 7, 1); *(uint16_t*)0x20002630 = 4; *(uint16_t*)0x20002632 = 3; *(uint16_t*)0x20002634 = 0x10; STORE_BY_BITMASK(uint16_t, , 0x20002636, 0x10e, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20002637, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20002637, 1, 7, 1); *(uint16_t*)0x20002638 = 4; *(uint16_t*)0x2000263a = 2; *(uint16_t*)0x2000263c = 4; *(uint16_t*)0x2000263e = 1; *(uint16_t*)0x20002640 = 4; *(uint16_t*)0x20002642 = 1; *(uint16_t*)0x20002644 = 8; *(uint16_t*)0x20002646 = 0xbb; *(uint16_t*)0x20002648 = 0x7ff; *(uint16_t*)0x2000264a = 2; *(uint16_t*)0x2000264c = 0x16c; *(uint16_t*)0x2000264e = 0x80; *(uint8_t*)0x20002650 = 0x84; *(uint8_t*)0x20002651 = 0x15; *(uint8_t*)0x20002652 = 0x1f; *(uint8_t*)0x20002653 = 0x11; STORE_BY_BITMASK(uint8_t, , 0x20002654, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x20002654, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002654, 0, 7, 1); *(uint8_t*)0x20002655 = 8; *(uint8_t*)0x20002656 = 2; *(uint8_t*)0x20002657 = 0x11; *(uint8_t*)0x20002658 = 0; *(uint8_t*)0x20002659 = 0; *(uint8_t*)0x2000265a = 1; *(uint32_t*)0x2000265b = 0x80; *(uint8_t*)0x2000265f = 8; *(uint8_t*)0x20002660 = 2; *(uint8_t*)0x20002661 = 0x11; *(uint8_t*)0x20002662 = 0; *(uint8_t*)0x20002663 = 0; *(uint8_t*)0x20002664 = 0; *(uint16_t*)0x20002665 = 0x2a; STORE_BY_BITMASK(uint8_t, , 0x20002667, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x20002667, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002667, 0, 7, 1); memset((void*)0x20002668, 255, 6); *(uint32_t*)0x2000266e = 0x99c; memset((void*)0x20002672, 255, 6); *(uint16_t*)0x20002678 = 2; STORE_BY_BITMASK(uint8_t, , 0x2000267a, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x2000267a, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x2000267a, 0, 7, 1); *(uint8_t*)0x2000267b = 8; *(uint8_t*)0x2000267c = 2; *(uint8_t*)0x2000267d = 0x11; *(uint8_t*)0x2000267e = 0; *(uint8_t*)0x2000267f = 0; *(uint8_t*)0x20002680 = 0; *(uint32_t*)0x20002681 = 8; *(uint16_t*)0x20002685 = 0; STORE_BY_BITMASK(uint8_t, , 0x20002687, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x20002687, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002687, 0, 7, 1); *(uint8_t*)0x20002688 = 8; *(uint8_t*)0x20002689 = 2; *(uint8_t*)0x2000268a = 0x11; *(uint8_t*)0x2000268b = 0; *(uint8_t*)0x2000268c = 0; *(uint8_t*)0x2000268d = 0; *(uint32_t*)0x2000268e = 0; *(uint16_t*)0x20002692 = 7; STORE_BY_BITMASK(uint8_t, , 0x20002694, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x20002694, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002694, 0, 7, 1); *(uint8_t*)0x20002695 = 8; *(uint8_t*)0x20002696 = 2; *(uint8_t*)0x20002697 = 0x11; *(uint8_t*)0x20002698 = 0; *(uint8_t*)0x20002699 = 0; *(uint8_t*)0x2000269a = 0; *(uint32_t*)0x2000269b = 1; memset((void*)0x2000269f, 255, 6); *(uint16_t*)0x200026a5 = 0x2f; STORE_BY_BITMASK(uint8_t, , 0x200026a7, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x200026a7, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x200026a7, 0, 7, 1); *(uint8_t*)0x200026a8 = 8; *(uint8_t*)0x200026a9 = 2; *(uint8_t*)0x200026aa = 0x11; *(uint8_t*)0x200026ab = 0; *(uint8_t*)0x200026ac = 0; *(uint8_t*)0x200026ad = 0; *(uint32_t*)0x200026ae = 1; *(uint16_t*)0x200026b2 = 0x16; STORE_BY_BITMASK(uint8_t, , 0x200026b4, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x200026b4, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x200026b4, 0, 7, 1); *(uint8_t*)0x200026b5 = 8; *(uint8_t*)0x200026b6 = 2; *(uint8_t*)0x200026b7 = 0x11; *(uint8_t*)0x200026b8 = 0; *(uint8_t*)0x200026b9 = 0; *(uint8_t*)0x200026ba = 0; *(uint32_t*)0x200026bb = 7; memset((void*)0x200026bf, 255, 6); *(uint16_t*)0x200026c5 = 0x3c; STORE_BY_BITMASK(uint8_t, , 0x200026c7, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x200026c7, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x200026c7, 0, 7, 1); memset((void*)0x200026c8, 255, 6); *(uint32_t*)0x200026ce = 4; *(uint16_t*)0x200026d2 = 0; STORE_BY_BITMASK(uint8_t, , 0x200026d4, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x200026d4, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x200026d4, 0, 7, 1); memset((void*)0x200026d5, 255, 6); *(uint32_t*)0x200026db = 0xfffffffc; *(uint8_t*)0x200026df = 8; *(uint8_t*)0x200026e0 = 2; *(uint8_t*)0x200026e1 = 0x11; *(uint8_t*)0x200026e2 = 0; *(uint8_t*)0x200026e3 = 0; *(uint8_t*)0x200026e4 = 1; *(uint16_t*)0x200026e5 = 0x21; STORE_BY_BITMASK(uint8_t, , 0x200026e7, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x200026e7, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x200026e7, 0, 7, 1); *(uint8_t*)0x200026e8 = 8; *(uint8_t*)0x200026e9 = 2; *(uint8_t*)0x200026ea = 0x11; *(uint8_t*)0x200026eb = 0; *(uint8_t*)0x200026ec = 0; *(uint8_t*)0x200026ed = 0; *(uint32_t*)0x200026ee = 0x10000; *(uint16_t*)0x200026f2 = 0xe; STORE_BY_BITMASK(uint8_t, , 0x200026f4, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x200026f4, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x200026f4, 0, 7, 1); *(uint8_t*)0x200026f5 = 8; *(uint8_t*)0x200026f6 = 2; *(uint8_t*)0x200026f7 = 0x11; *(uint8_t*)0x200026f8 = 0; *(uint8_t*)0x200026f9 = 0; *(uint8_t*)0x200026fa = 1; *(uint32_t*)0x200026fb = 0x3f; *(uint16_t*)0x200026ff = 0x33; STORE_BY_BITMASK(uint8_t, , 0x20002701, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x20002701, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002701, 0, 7, 1); memset((void*)0x20002702, 255, 6); *(uint32_t*)0x20002708 = 0xfb4f; *(uint16_t*)0x2000270c = 0x28; STORE_BY_BITMASK(uint8_t, , 0x2000270e, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x2000270e, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x2000270e, 0, 7, 1); memset((void*)0x2000270f, 255, 6); *(uint32_t*)0x20002715 = 0x1ff; memset((void*)0x20002719, 255, 6); *(uint16_t*)0x2000271f = 0x10; STORE_BY_BITMASK(uint8_t, , 0x20002721, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x20002721, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002721, 0, 7, 1); *(uint8_t*)0x20002722 = 8; *(uint8_t*)0x20002723 = 2; *(uint8_t*)0x20002724 = 0x11; *(uint8_t*)0x20002725 = 0; *(uint8_t*)0x20002726 = 0; *(uint8_t*)0x20002727 = 0; *(uint32_t*)0x20002728 = 0x7fff; *(uint8_t*)0x2000272c = 8; *(uint8_t*)0x2000272d = 2; *(uint8_t*)0x2000272e = 0x11; *(uint8_t*)0x2000272f = 0; *(uint8_t*)0x20002730 = 0; *(uint8_t*)0x20002731 = 0; *(uint16_t*)0x20002732 = 0x40; STORE_BY_BITMASK(uint8_t, , 0x20002734, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x20002734, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002734, 0, 7, 1); *(uint8_t*)0x20002735 = 8; *(uint8_t*)0x20002736 = 2; *(uint8_t*)0x20002737 = 0x11; *(uint8_t*)0x20002738 = 0; *(uint8_t*)0x20002739 = 0; *(uint8_t*)0x2000273a = 1; *(uint32_t*)0x2000273b = 2; *(uint16_t*)0x2000273f = 0x3d; STORE_BY_BITMASK(uint8_t, , 0x20002741, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x20002741, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002741, 0, 7, 1); memset((void*)0x20002742, 255, 6); *(uint32_t*)0x20002748 = 5; *(uint8_t*)0x2000274c = 8; *(uint8_t*)0x2000274d = 2; *(uint8_t*)0x2000274e = 0x11; *(uint8_t*)0x2000274f = 0; *(uint8_t*)0x20002750 = 0; *(uint8_t*)0x20002751 = 1; *(uint16_t*)0x20002752 = 0x2c; STORE_BY_BITMASK(uint8_t, , 0x20002754, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x20002754, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002754, 0, 7, 1); *(uint8_t*)0x20002755 = 8; *(uint8_t*)0x20002756 = 2; *(uint8_t*)0x20002757 = 0x11; *(uint8_t*)0x20002758 = 0; *(uint8_t*)0x20002759 = 0; *(uint8_t*)0x2000275a = 1; *(uint32_t*)0x2000275b = 3; memset((void*)0x2000275f, 255, 6); *(uint16_t*)0x20002765 = 0x42; *(uint8_t*)0x20002767 = 0x84; *(uint8_t*)0x20002768 = 0x4f; *(uint8_t*)0x20002769 = 0x3f; *(uint8_t*)0x2000276a = 5; STORE_BY_BITMASK(uint8_t, , 0x2000276b, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x2000276b, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x2000276b, 0, 7, 1); *(uint8_t*)0x2000276c = 8; *(uint8_t*)0x2000276d = 2; *(uint8_t*)0x2000276e = 0x11; *(uint8_t*)0x2000276f = 0; *(uint8_t*)0x20002770 = 0; *(uint8_t*)0x20002771 = 1; *(uint32_t*)0x20002772 = 0; *(uint16_t*)0x20002776 = 3; STORE_BY_BITMASK(uint8_t, , 0x20002778, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x20002778, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002778, 0, 7, 1); memset((void*)0x20002779, 255, 6); *(uint32_t*)0x2000277f = 0x28; *(uint16_t*)0x20002783 = 0x31; STORE_BY_BITMASK(uint8_t, , 0x20002785, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x20002785, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002785, 0, 7, 1); *(uint8_t*)0x20002786 = 8; *(uint8_t*)0x20002787 = 2; *(uint8_t*)0x20002788 = 0x11; *(uint8_t*)0x20002789 = 0; *(uint8_t*)0x2000278a = 0; *(uint8_t*)0x2000278b = 0; *(uint32_t*)0x2000278c = 0; *(uint8_t*)0x20002790 = 8; *(uint8_t*)0x20002791 = 2; *(uint8_t*)0x20002792 = 0x11; *(uint8_t*)0x20002793 = 0; *(uint8_t*)0x20002794 = 0; *(uint8_t*)0x20002795 = 1; *(uint16_t*)0x20002796 = 0; STORE_BY_BITMASK(uint8_t, , 0x20002798, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x20002798, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002798, 0, 7, 1); *(uint8_t*)0x20002799 = 8; *(uint8_t*)0x2000279a = 2; *(uint8_t*)0x2000279b = 0x11; *(uint8_t*)0x2000279c = 0; *(uint8_t*)0x2000279d = 0; *(uint8_t*)0x2000279e = 0; *(uint32_t*)0x2000279f = 1; *(uint16_t*)0x200027a3 = 0x1f; STORE_BY_BITMASK(uint8_t, , 0x200027a5, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x200027a5, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x200027a5, 0, 7, 1); memset((void*)0x200027a6, 255, 6); *(uint32_t*)0x200027ac = 0x99800000; *(uint8_t*)0x200027b0 = 8; *(uint8_t*)0x200027b1 = 2; *(uint8_t*)0x200027b2 = 0x11; *(uint8_t*)0x200027b3 = 0; *(uint8_t*)0x200027b4 = 0; *(uint8_t*)0x200027b5 = 0; *(uint16_t*)0x200027b6 = 0x3f; *(uint16_t*)0x200027b8 = 0x94; *(uint16_t*)0x200027ba = 0x80; *(uint8_t*)0x200027bc = 0x83; *(uint8_t*)0x200027bd = 0x25; STORE_BY_BITMASK(uint8_t, , 0x200027be, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x200027be, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x200027be, 0, 7, 1); *(uint8_t*)0x200027bf = 8; *(uint8_t*)0x200027c0 = 0; memset((void*)0x200027c1, 255, 6); *(uint32_t*)0x200027c7 = 0x8000; *(uint8_t*)0x200027cb = 8; *(uint8_t*)0x200027cc = 2; *(uint8_t*)0x200027cd = 0x11; *(uint8_t*)0x200027ce = 0; *(uint8_t*)0x200027cf = 0; *(uint8_t*)0x200027d0 = 0; *(uint32_t*)0x200027d1 = 2; *(uint32_t*)0x200027d5 = 4; *(uint8_t*)0x200027d9 = 8; *(uint8_t*)0x200027da = 2; *(uint8_t*)0x200027db = 0x11; *(uint8_t*)0x200027dc = 0; *(uint8_t*)0x200027dd = 0; *(uint8_t*)0x200027de = 0; *(uint32_t*)0x200027df = 0x7aae; *(uint8_t*)0x200027e3 = 4; *(uint8_t*)0x200027e4 = 6; *(uint8_t*)0x200027e5 = 6; *(uint8_t*)0x200027e6 = 0x80; *(uint16_t*)0x200027e7 = 8; *(uint16_t*)0x200027e9 = 9; *(uint8_t*)0x200027eb = 0x65; *(uint8_t*)0x200027ec = 0x12; memset((void*)0x200027ed, 80, 6); *(uint8_t*)0x200027f3 = 8; *(uint8_t*)0x200027f4 = 2; *(uint8_t*)0x200027f5 = 0x11; *(uint8_t*)0x200027f6 = 0; *(uint8_t*)0x200027f7 = 0; *(uint8_t*)0x200027f8 = 1; *(uint8_t*)0x200027f9 = 8; *(uint8_t*)0x200027fa = 2; *(uint8_t*)0x200027fb = 0x11; *(uint8_t*)0x200027fc = 0; *(uint8_t*)0x200027fd = 0; *(uint8_t*)0x200027fe = 0; *(uint8_t*)0x200027ff = 0x2a; *(uint8_t*)0x20002800 = 1; STORE_BY_BITMASK(uint8_t, , 0x20002801, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20002801, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20002801, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20002801, 0, 3, 5); *(uint8_t*)0x20002802 = 0x83; *(uint8_t*)0x20002803 = 0x1f; STORE_BY_BITMASK(uint8_t, , 0x20002804, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x20002804, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002804, 0, 7, 1); *(uint8_t*)0x20002805 = 0x14; *(uint8_t*)0x20002806 = 3; memset((void*)0x20002807, 255, 6); *(uint32_t*)0x2000280d = 2; *(uint32_t*)0x20002811 = 0xe443; *(uint32_t*)0x20002815 = 9; *(uint8_t*)0x20002819 = 8; *(uint8_t*)0x2000281a = 2; *(uint8_t*)0x2000281b = 0x11; *(uint8_t*)0x2000281c = 0; *(uint8_t*)0x2000281d = 0; *(uint8_t*)0x2000281e = 1; *(uint32_t*)0x2000281f = 8; *(uint8_t*)0x20002823 = 0x83; *(uint8_t*)0x20002824 = 0x25; STORE_BY_BITMASK(uint8_t, , 0x20002825, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x20002825, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002825, 0, 7, 1); *(uint8_t*)0x20002826 = 5; *(uint8_t*)0x20002827 = 5; *(uint8_t*)0x20002828 = 8; *(uint8_t*)0x20002829 = 2; *(uint8_t*)0x2000282a = 0x11; *(uint8_t*)0x2000282b = 0; *(uint8_t*)0x2000282c = 0; *(uint8_t*)0x2000282d = 0; *(uint32_t*)0x2000282e = 0xc; memset((void*)0x20002832, 255, 6); *(uint32_t*)0x20002838 = 0x7fffffff; *(uint32_t*)0x2000283c = 0xfffff481; *(uint8_t*)0x20002840 = 8; *(uint8_t*)0x20002841 = 2; *(uint8_t*)0x20002842 = 0x11; *(uint8_t*)0x20002843 = 0; *(uint8_t*)0x20002844 = 0; *(uint8_t*)0x20002845 = 1; *(uint32_t*)0x20002846 = 0xffff57e8; *(uint8_t*)0x2000284a = 0; *(uint8_t*)0x2000284b = 0; *(uint16_t*)0x2000284c = 0x10; STORE_BY_BITMASK(uint16_t, , 0x2000284e, 0x10e, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x2000284f, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000284f, 1, 7, 1); *(uint16_t*)0x20002850 = 4; *(uint16_t*)0x20002852 = 2; *(uint16_t*)0x20002854 = 4; *(uint16_t*)0x20002856 = 1; *(uint16_t*)0x20002858 = 4; *(uint16_t*)0x2000285a = 3; *(uint16_t*)0x2000285c = 0xc; STORE_BY_BITMASK(uint16_t, , 0x2000285e, 0x10e, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x2000285f, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000285f, 1, 7, 1); *(uint16_t*)0x20002860 = 4; *(uint16_t*)0x20002862 = 2; *(uint16_t*)0x20002864 = 4; *(uint16_t*)0x20002866 = 1; *(uint16_t*)0x20002868 = 0x84; *(uint16_t*)0x2000286a = 0xe; STORE_BY_BITMASK(uint8_t, , 0x2000286c, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x2000286c, 0, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x2000286c, 8, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x2000286d, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x2000286d, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x2000286d, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x2000286d, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x2000286d, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x2000286d, 0, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x2000286d, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x2000286d, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x2000286e, 0x80, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x2000286f, 0, 7, 1); *(uint8_t*)0x20002870 = 8; *(uint8_t*)0x20002871 = 2; *(uint8_t*)0x20002872 = 0x11; *(uint8_t*)0x20002873 = 0; *(uint8_t*)0x20002874 = 0; *(uint8_t*)0x20002875 = 1; *(uint8_t*)0x20002876 = 8; *(uint8_t*)0x20002877 = 2; *(uint8_t*)0x20002878 = 0x11; *(uint8_t*)0x20002879 = 0; *(uint8_t*)0x2000287a = 0; *(uint8_t*)0x2000287b = 1; memcpy((void*)0x2000287c, "\x71\x5b\xa9\xf4\x9e\x17", 6); STORE_BY_BITMASK(uint16_t, , 0x20002882, 6, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20002882, 0xd8, 4, 12); *(uint64_t*)0x20002884 = 0xb0a; *(uint16_t*)0x2000288c = 0x64; *(uint16_t*)0x2000288e = 0x1440; *(uint8_t*)0x20002890 = 0; *(uint8_t*)0x20002891 = 0; *(uint8_t*)0x20002892 = 1; *(uint8_t*)0x20002893 = 6; STORE_BY_BITMASK(uint8_t, , 0x20002894, 0x56, 0, 7); STORE_BY_BITMASK(uint8_t, , 0x20002894, 0, 7, 1); STORE_BY_BITMASK(uint8_t, , 0x20002895, 9, 0, 7); STORE_BY_BITMASK(uint8_t, , 0x20002895, 1, 7, 1); STORE_BY_BITMASK(uint8_t, , 0x20002896, 0x18, 0, 7); STORE_BY_BITMASK(uint8_t, , 0x20002896, 1, 7, 1); STORE_BY_BITMASK(uint8_t, , 0x20002897, 6, 0, 7); STORE_BY_BITMASK(uint8_t, , 0x20002897, 1, 7, 1); STORE_BY_BITMASK(uint8_t, , 0x20002898, 0x18, 0, 7); STORE_BY_BITMASK(uint8_t, , 0x20002898, 1, 7, 1); STORE_BY_BITMASK(uint8_t, , 0x20002899, 0xb, 0, 7); STORE_BY_BITMASK(uint8_t, , 0x20002899, 1, 7, 1); *(uint8_t*)0x2000289a = 4; *(uint8_t*)0x2000289b = 6; *(uint8_t*)0x2000289c = 0x7f; *(uint8_t*)0x2000289d = 5; *(uint16_t*)0x2000289e = 3; *(uint16_t*)0x200028a0 = 0x1b; *(uint8_t*)0x200028a2 = 5; *(uint8_t*)0x200028a3 = 3; *(uint8_t*)0x200028a4 = 0x7f; *(uint8_t*)0x200028a5 = 0x65; *(uint8_t*)0x200028a6 = 2; *(uint8_t*)0x200028a7 = 0x2a; *(uint8_t*)0x200028a8 = 1; STORE_BY_BITMASK(uint8_t, , 0x200028a9, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200028a9, 1, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x200028a9, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x200028a9, 0, 3, 5); *(uint8_t*)0x200028aa = 0x3c; *(uint8_t*)0x200028ab = 4; *(uint8_t*)0x200028ac = 0; *(uint8_t*)0x200028ad = 7; *(uint8_t*)0x200028ae = 0x99; *(uint8_t*)0x200028af = 0xed; *(uint8_t*)0x200028b0 = 0x2d; *(uint8_t*)0x200028b1 = 0x1a; *(uint16_t*)0x200028b2 = 0x800; STORE_BY_BITMASK(uint8_t, , 0x200028b4, 1, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x200028b4, 0, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x200028b4, 0, 5, 3); *(uint64_t*)0x200028b5 = 0x27df3fb8; STORE_BY_BITMASK(uint64_t, , 0x200028bd, 0, 0, 13); STORE_BY_BITMASK(uint64_t, , 0x200028be, 0, 5, 3); STORE_BY_BITMASK(uint64_t, , 0x200028bf, 5, 0, 10); STORE_BY_BITMASK(uint64_t, , 0x200028c0, 0, 2, 6); STORE_BY_BITMASK(uint64_t, , 0x200028c1, 0, 0, 1); STORE_BY_BITMASK(uint64_t, , 0x200028c1, 0, 1, 1); STORE_BY_BITMASK(uint64_t, , 0x200028c1, 3, 2, 2); STORE_BY_BITMASK(uint64_t, , 0x200028c1, 1, 4, 1); STORE_BY_BITMASK(uint64_t, , 0x200028c1, 0, 5, 27); *(uint16_t*)0x200028c5 = 1; *(uint32_t*)0x200028c7 = 8; *(uint8_t*)0x200028cb = 2; *(uint8_t*)0x200028cc = 0x72; *(uint8_t*)0x200028cd = 6; memset((void*)0x200028ce, 3, 6); *(uint8_t*)0x200028d4 = 0xdd; *(uint8_t*)0x200028d5 = 6; memcpy((void*)0x200028d6, "\x56\x22\xe9\x56\xbb\x0c", 6); *(uint8_t*)0x200028dc = 0xdd; *(uint8_t*)0x200028dd = 6; memcpy((void*)0x200028de, "\x62\xd1\xfb\xe6\x3f\xd2", 6); *(uint8_t*)0x200028e4 = 0xdd; *(uint8_t*)0x200028e5 = 6; memcpy((void*)0x200028e6, "\x6b\x2d\x58\xf5\x4c\xdc", 6); *(uint16_t*)0x200028ec = 0x6e; *(uint16_t*)0x200028ee = 0x2a; *(uint8_t*)0x200028f0 = 0x2a; *(uint8_t*)0x200028f1 = 1; STORE_BY_BITMASK(uint8_t, , 0x200028f2, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200028f2, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x200028f2, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x200028f2, 0, 3, 5); *(uint8_t*)0x200028f3 = 0x76; *(uint8_t*)0x200028f4 = 6; *(uint8_t*)0x200028f5 = 5; *(uint8_t*)0x200028f6 = 6; *(uint16_t*)0x200028f7 = 0x40; *(uint16_t*)0x200028f9 = 0x401; *(uint8_t*)0x200028fb = 5; *(uint8_t*)0x200028fc = 3; *(uint8_t*)0x200028fd = 0x9a; *(uint8_t*)0x200028fe = 0x1d; *(uint8_t*)0x200028ff = 0x7b; *(uint8_t*)0x20002900 = 0x83; *(uint8_t*)0x20002901 = 0x25; STORE_BY_BITMASK(uint8_t, , 0x20002902, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x20002902, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002902, 0, 7, 1); *(uint8_t*)0x20002903 = 0x40; *(uint8_t*)0x20002904 = 7; memset((void*)0x20002905, 255, 6); *(uint32_t*)0x2000290b = -1; memset((void*)0x2000290f, 255, 6); *(uint32_t*)0x20002915 = 4; *(uint32_t*)0x20002919 = 0xd6; *(uint8_t*)0x2000291d = 8; *(uint8_t*)0x2000291e = 2; *(uint8_t*)0x2000291f = 0x11; *(uint8_t*)0x20002920 = 0; *(uint8_t*)0x20002921 = 0; *(uint8_t*)0x20002922 = 1; *(uint32_t*)0x20002923 = 0x7ffffffe; *(uint8_t*)0x20002927 = 0x82; *(uint8_t*)0x20002928 = 0x2b; STORE_BY_BITMASK(uint8_t, , 0x20002929, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20002929, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20002929, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20002929, 0, 3, 3); STORE_BY_BITMASK(uint8_t, , 0x20002929, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20002929, 0, 7, 1); *(uint8_t*)0x2000292a = 0x1f; *(uint8_t*)0x2000292b = 8; *(uint32_t*)0x2000292c = 0x81; memset((void*)0x20002930, 255, 6); *(uint32_t*)0x20002936 = 3; *(uint8_t*)0x2000293a = 8; *(uint8_t*)0x2000293b = 2; *(uint8_t*)0x2000293c = 0x11; *(uint8_t*)0x2000293d = 0; *(uint8_t*)0x2000293e = 0; *(uint8_t*)0x2000293f = 0; *(uint32_t*)0x20002940 = 6; *(uint32_t*)0x20002944 = 1; *(uint8_t*)0x20002948 = 1; STORE_BY_BITMASK(uint8_t, , 0x20002949, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20002949, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20002949, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20002949, 0, 3, 5); memset((void*)0x2000294a, 255, 6); *(uint32_t*)0x20002950 = 8; *(uint8_t*)0x20002954 = 0x75; *(uint8_t*)0x20002955 = 4; *(uint16_t*)0x20002956 = 0; *(uint16_t*)0x20002958 = 0x32; *(uint16_t*)0x2000295c = 4; *(uint16_t*)0x2000295e = 0x91; *(uint16_t*)0x20002960 = 0xe; *(uint16_t*)0x20002962 = 0xbb; *(uint16_t*)0x20002964 = 9; *(uint16_t*)0x20002966 = 5; *(uint16_t*)0x20002968 = -1; *(uint16_t*)0x2000296a = 6; *(uint16_t*)0x2000296c = 2; *(uint16_t*)0x20002970 = 8; *(uint16_t*)0x20002972 = 0xbb; *(uint16_t*)0x20002974 = 0xdd62; *(uint16_t*)0x20002976 = 3; *(uint16_t*)0x20002978 = 0x22; *(uint16_t*)0x2000297a = 0x7f; *(uint8_t*)0x2000297c = 0x2d; *(uint8_t*)0x2000297d = 0x1a; *(uint16_t*)0x2000297e = 0x20; STORE_BY_BITMASK(uint8_t, , 0x20002980, 3, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20002980, 5, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20002980, 0, 5, 3); *(uint64_t*)0x20002981 = 0x400; STORE_BY_BITMASK(uint64_t, , 0x20002989, 0x3ff, 0, 13); STORE_BY_BITMASK(uint64_t, , 0x2000298a, 0, 5, 3); STORE_BY_BITMASK(uint64_t, , 0x2000298b, 7, 0, 10); STORE_BY_BITMASK(uint64_t, , 0x2000298c, 0, 2, 6); STORE_BY_BITMASK(uint64_t, , 0x2000298d, 0, 0, 1); STORE_BY_BITMASK(uint64_t, , 0x2000298d, 0, 1, 1); STORE_BY_BITMASK(uint64_t, , 0x2000298d, 3, 2, 2); STORE_BY_BITMASK(uint64_t, , 0x2000298d, 1, 4, 1); STORE_BY_BITMASK(uint64_t, , 0x2000298d, 0, 5, 27); *(uint16_t*)0x20002991 = 0x300; *(uint32_t*)0x20002993 = 9; *(uint8_t*)0x20002997 = 0x9b; *(uint8_t*)0x20002998 = 6; *(uint8_t*)0x20002999 = 0; *(uint16_t*)0x2000299c = 0x7b; *(uint16_t*)0x2000299e = 0xe; STORE_BY_BITMASK(uint8_t, , 0x200029a0, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x200029a0, 0, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x200029a0, 8, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x200029a1, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200029a1, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x200029a1, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x200029a1, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x200029a1, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x200029a1, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x200029a1, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x200029a1, 1, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x200029a2, 6, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x200029a3, 0, 7, 1); memset((void*)0x200029a4, 255, 6); *(uint8_t*)0x200029aa = 8; *(uint8_t*)0x200029ab = 2; *(uint8_t*)0x200029ac = 0x11; *(uint8_t*)0x200029ad = 0; *(uint8_t*)0x200029ae = 0; *(uint8_t*)0x200029af = 0; memset((void*)0x200029b0, 255, 6); STORE_BY_BITMASK(uint16_t, , 0x200029b6, 1, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x200029b6, 3, 4, 12); STORE_BY_BITMASK(uint16_t, , 0x200029b8, 0, 0, 1); STORE_BY_BITMASK(uint16_t, , 0x200029b8, 0, 1, 15); STORE_BY_BITMASK(uint8_t, , 0x200029ba, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x200029ba, 0, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x200029ba, 0, 4, 2); STORE_BY_BITMASK(uint8_t, , 0x200029ba, 0, 6, 2); STORE_BY_BITMASK(uint8_t, , 0x200029bb, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200029bb, 0, 1, 5); STORE_BY_BITMASK(uint8_t, , 0x200029bb, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x200029bb, 0, 7, 1); *(uint64_t*)0x200029bc = 0xfffffffffffffffc; *(uint16_t*)0x200029c4 = 0; *(uint16_t*)0x200029c6 = 0x2540; *(uint8_t*)0x200029c8 = 3; *(uint8_t*)0x200029c9 = 1; *(uint8_t*)0x200029ca = 0; *(uint8_t*)0x200029cb = 5; *(uint8_t*)0x200029cc = 3; *(uint8_t*)0x200029cd = 0; *(uint8_t*)0x200029ce = 0xbb; *(uint8_t*)0x200029cf = 0x36; *(uint8_t*)0x200029d0 = 0x25; *(uint8_t*)0x200029d1 = 3; *(uint8_t*)0x200029d2 = 0; *(uint8_t*)0x200029d3 = 0xb2; *(uint8_t*)0x200029d4 = 0x1f; *(uint8_t*)0x200029d5 = 0x3c; *(uint8_t*)0x200029d6 = 4; *(uint8_t*)0x200029d7 = 1; *(uint8_t*)0x200029d8 = 1; *(uint8_t*)0x200029d9 = 2; *(uint8_t*)0x200029da = 0x1f; *(uint8_t*)0x200029db = 0x2d; *(uint8_t*)0x200029dc = 0x1a; *(uint16_t*)0x200029dd = 0x2000; STORE_BY_BITMASK(uint8_t, , 0x200029df, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x200029df, 0, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x200029df, 0, 5, 3); *(uint64_t*)0x200029e0 = 0x867; STORE_BY_BITMASK(uint64_t, , 0x200029e8, 5, 0, 13); STORE_BY_BITMASK(uint64_t, , 0x200029e9, 0, 5, 3); STORE_BY_BITMASK(uint64_t, , 0x200029ea, 0x81, 0, 10); STORE_BY_BITMASK(uint64_t, , 0x200029eb, 0, 2, 6); STORE_BY_BITMASK(uint64_t, , 0x200029ec, 1, 0, 1); STORE_BY_BITMASK(uint64_t, , 0x200029ec, 1, 1, 1); STORE_BY_BITMASK(uint64_t, , 0x200029ec, 0, 2, 2); STORE_BY_BITMASK(uint64_t, , 0x200029ec, 0, 4, 1); STORE_BY_BITMASK(uint64_t, , 0x200029ec, 0, 5, 27); *(uint16_t*)0x200029f0 = 0x400; *(uint32_t*)0x200029f2 = 2; *(uint8_t*)0x200029f6 = 5; *(uint8_t*)0x200029f7 = 0x76; *(uint8_t*)0x200029f8 = 6; *(uint8_t*)0x200029f9 = 0x3f; *(uint8_t*)0x200029fa = 0xf8; *(uint16_t*)0x200029fb = 0x42; *(uint16_t*)0x200029fd = 5; *(uint8_t*)0x200029ff = 0xdd; *(uint8_t*)0x20002a00 = 6; memcpy((void*)0x20002a01, "\xc2\x33\x0a\x58\x9a\x82", 6); *(uint8_t*)0x20002a07 = 0xdd; *(uint8_t*)0x20002a08 = 6; memcpy((void*)0x20002a09, "\x48\x12\x0b\x7b\xd9\x85", 6); *(uint8_t*)0x20002a0f = 0xdd; *(uint8_t*)0x20002a10 = 6; memcpy((void*)0x20002a11, "\xff\xd3\xf5\xdb\x2c\xef", 6); *(uint16_t*)0x20002a18 = 0x28; STORE_BY_BITMASK(uint16_t, , 0x20002a1a, 0xb9, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20002a1b, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20002a1b, 1, 7, 1); *(uint16_t*)0x20002a1c = 0xa; *(uint16_t*)0x20002a1e = 0xbb; *(uint16_t*)0x20002a20 = 7; *(uint16_t*)0x20002a22 = 0x800; *(uint16_t*)0x20002a24 = 0x6798; *(uint16_t*)0x20002a28 = 0x11; *(uint16_t*)0x20002a2a = 0xf; *(uint8_t*)0x20002a2c = 0x3f; *(uint8_t*)0x20002a2d = 0; *(uint8_t*)0x20002a2e = 0x68; *(uint8_t*)0x20002a2f = 4; *(uint16_t*)0x20002a30 = 5; *(uint16_t*)0x20002a32 = 0xff; *(uint8_t*)0x20002a34 = 5; *(uint8_t*)0x20002a35 = 3; *(uint8_t*)0x20002a36 = 8; *(uint8_t*)0x20002a37 = 0xdb; *(uint8_t*)0x20002a38 = 0; *(uint16_t*)0x20002a3c = 4; *(uint16_t*)0x20002a3e = 0x91; *(uint16_t*)0x20002a40 = 8; *(uint16_t*)0x20002a42 = 0xb7; *(uint32_t*)0x20002a44 = 0x3b; *(uint16_t*)0x20002a48 = 4; *(uint16_t*)0x20002a4a = 0xb8; *(uint64_t*)0x20002108 = 0x74c; *(uint64_t*)0x20002158 = 1; *(uint64_t*)0x20002160 = 0; *(uint64_t*)0x20002168 = 0; *(uint32_t*)0x20002170 = 0x44; syscall(__NR_sendmsg, r[1], 0x20002140ul, 0ul); } int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); do_sandbox_none(); return 0; }