Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to deal with threads? #23

Closed
kotee4ko opened this issue Aug 13, 2021 · 0 comments
Closed

How to deal with threads? #23

kotee4ko opened this issue Aug 13, 2021 · 0 comments

Comments

@kotee4ko
Copy link

Hi. I'm trying to solve small smoke-test which i write myself.

Asm:

objdump -Mintel -d test

test:     формат файла elf64-x86-64


Дизассемблирование раздела .init:

0000000000001000 <_init>:
    1000:	48 83 ec 08          	sub    rsp,0x8
    1004:	48 8b 05 dd 2f 00 00 	mov    rax,QWORD PTR [rip+0x2fdd]        # 3fe8 <__gmon_start__@Base>
    100b:	48 85 c0             	test   rax,rax
    100e:	74 02                	je     1012 <_init+0x12>
    1010:	ff d0                	call   rax
    1012:	48 83 c4 08          	add    rsp,0x8
    1016:	c3                   	ret    

Дизассемблирование раздела .plt:

0000000000001020 <free@plt-0x10>:
    1020:	ff 35 e2 2f 00 00    	push   QWORD PTR [rip+0x2fe2]        # 4008 <_GLOBAL_OFFSET_TABLE_+0x8>
    1026:	ff 25 e4 2f 00 00    	jmp    QWORD PTR [rip+0x2fe4]        # 4010 <_GLOBAL_OFFSET_TABLE_+0x10>
    102c:	0f 1f 40 00          	nop    DWORD PTR [rax+0x0]

0000000000001030 <free@plt>:
    1030:	ff 25 e2 2f 00 00    	jmp    QWORD PTR [rip+0x2fe2]        # 4018 <free@GLIBC_2.2.5>
    1036:	68 00 00 00 00       	push   0x0
    103b:	e9 e0 ff ff ff       	jmp    1020 <_init+0x20>

0000000000001040 <recv@plt>:
    1040:	ff 25 da 2f 00 00    	jmp    QWORD PTR [rip+0x2fda]        # 4020 <recv@GLIBC_2.2.5>
    1046:	68 01 00 00 00       	push   0x1
    104b:	e9 d0 ff ff ff       	jmp    1020 <_init+0x20>

0000000000001050 <pthread_create@plt>:
    1050:	ff 25 d2 2f 00 00    	jmp    QWORD PTR [rip+0x2fd2]        # 4028 <pthread_create@GLIBC_2.2.5>
    1056:	68 02 00 00 00       	push   0x2
    105b:	e9 c0 ff ff ff       	jmp    1020 <_init+0x20>

0000000000001060 <__errno_location@plt>:
    1060:	ff 25 ca 2f 00 00    	jmp    QWORD PTR [rip+0x2fca]        # 4030 <__errno_location@GLIBC_2.2.5>
    1066:	68 03 00 00 00       	push   0x3
    106b:	e9 b0 ff ff ff       	jmp    1020 <_init+0x20>

0000000000001070 <fread@plt>:
    1070:	ff 25 c2 2f 00 00    	jmp    QWORD PTR [rip+0x2fc2]        # 4038 <fread@GLIBC_2.2.5>
    1076:	68 04 00 00 00       	push   0x4
    107b:	e9 a0 ff ff ff       	jmp    1020 <_init+0x20>

0000000000001080 <setsockopt@plt>:
    1080:	ff 25 ba 2f 00 00    	jmp    QWORD PTR [rip+0x2fba]        # 4040 <setsockopt@GLIBC_2.2.5>
    1086:	68 05 00 00 00       	push   0x5
    108b:	e9 90 ff ff ff       	jmp    1020 <_init+0x20>

0000000000001090 <fclose@plt>:
    1090:	ff 25 b2 2f 00 00    	jmp    QWORD PTR [rip+0x2fb2]        # 4048 <fclose@GLIBC_2.2.5>
    1096:	68 06 00 00 00       	push   0x6
    109b:	e9 80 ff ff ff       	jmp    1020 <_init+0x20>

00000000000010a0 <strlen@plt>:
    10a0:	ff 25 aa 2f 00 00    	jmp    QWORD PTR [rip+0x2faa]        # 4050 <strlen@GLIBC_2.2.5>
    10a6:	68 07 00 00 00       	push   0x7
    10ab:	e9 70 ff ff ff       	jmp    1020 <_init+0x20>

00000000000010b0 <htons@plt>:
    10b0:	ff 25 a2 2f 00 00    	jmp    QWORD PTR [rip+0x2fa2]        # 4058 <htons@GLIBC_2.2.5>
    10b6:	68 08 00 00 00       	push   0x8
    10bb:	e9 60 ff ff ff       	jmp    1020 <_init+0x20>

00000000000010c0 <send@plt>:
    10c0:	ff 25 9a 2f 00 00    	jmp    QWORD PTR [rip+0x2f9a]        # 4060 <send@GLIBC_2.2.5>
    10c6:	68 09 00 00 00       	push   0x9
    10cb:	e9 50 ff ff ff       	jmp    1020 <_init+0x20>

00000000000010d0 <printf@plt>:
    10d0:	ff 25 92 2f 00 00    	jmp    QWORD PTR [rip+0x2f92]        # 4068 <printf@GLIBC_2.2.5>
    10d6:	68 0a 00 00 00       	push   0xa
    10db:	e9 40 ff ff ff       	jmp    1020 <_init+0x20>

00000000000010e0 <rewind@plt>:
    10e0:	ff 25 8a 2f 00 00    	jmp    QWORD PTR [rip+0x2f8a]        # 4070 <rewind@GLIBC_2.2.5>
    10e6:	68 0b 00 00 00       	push   0xb
    10eb:	e9 30 ff ff ff       	jmp    1020 <_init+0x20>

00000000000010f0 <fputs@plt>:
    10f0:	ff 25 82 2f 00 00    	jmp    QWORD PTR [rip+0x2f82]        # 4078 <fputs@GLIBC_2.2.5>
    10f6:	68 0c 00 00 00       	push   0xc
    10fb:	e9 20 ff ff ff       	jmp    1020 <_init+0x20>

0000000000001100 <memset@plt>:
    1100:	ff 25 7a 2f 00 00    	jmp    QWORD PTR [rip+0x2f7a]        # 4080 <memset@GLIBC_2.2.5>
    1106:	68 0d 00 00 00       	push   0xd
    110b:	e9 10 ff ff ff       	jmp    1020 <_init+0x20>

0000000000001110 <close@plt>:
    1110:	ff 25 72 2f 00 00    	jmp    QWORD PTR [rip+0x2f72]        # 4088 <close@GLIBC_2.2.5>
    1116:	68 0e 00 00 00       	push   0xe
    111b:	e9 00 ff ff ff       	jmp    1020 <_init+0x20>

0000000000001120 <malloc_usable_size@plt>:
    1120:	ff 25 6a 2f 00 00    	jmp    QWORD PTR [rip+0x2f6a]        # 4090 <malloc_usable_size@GLIBC_2.2.5>
    1126:	68 0f 00 00 00       	push   0xf
    112b:	e9 f0 fe ff ff       	jmp    1020 <_init+0x20>

0000000000001130 <signal@plt>:
    1130:	ff 25 62 2f 00 00    	jmp    QWORD PTR [rip+0x2f62]        # 4098 <signal@GLIBC_2.2.5>
    1136:	68 10 00 00 00       	push   0x10
    113b:	e9 e0 fe ff ff       	jmp    1020 <_init+0x20>

0000000000001140 <ftell@plt>:
    1140:	ff 25 5a 2f 00 00    	jmp    QWORD PTR [rip+0x2f5a]        # 40a0 <ftell@GLIBC_2.2.5>
    1146:	68 11 00 00 00       	push   0x11
    114b:	e9 d0 fe ff ff       	jmp    1020 <_init+0x20>

0000000000001150 <malloc@plt>:
    1150:	ff 25 52 2f 00 00    	jmp    QWORD PTR [rip+0x2f52]        # 40a8 <malloc@GLIBC_2.2.5>
    1156:	68 12 00 00 00       	push   0x12
    115b:	e9 c0 fe ff ff       	jmp    1020 <_init+0x20>

0000000000001160 <listen@plt>:
    1160:	ff 25 4a 2f 00 00    	jmp    QWORD PTR [rip+0x2f4a]        # 40b0 <listen@GLIBC_2.2.5>
    1166:	68 13 00 00 00       	push   0x13
    116b:	e9 b0 fe ff ff       	jmp    1020 <_init+0x20>

0000000000001170 <fseek@plt>:
    1170:	ff 25 42 2f 00 00    	jmp    QWORD PTR [rip+0x2f42]        # 40b8 <fseek@GLIBC_2.2.5>
    1176:	68 14 00 00 00       	push   0x14
    117b:	e9 a0 fe ff ff       	jmp    1020 <_init+0x20>

0000000000001180 <bind@plt>:
    1180:	ff 25 3a 2f 00 00    	jmp    QWORD PTR [rip+0x2f3a]        # 40c0 <bind@GLIBC_2.2.5>
    1186:	68 15 00 00 00       	push   0x15
    118b:	e9 90 fe ff ff       	jmp    1020 <_init+0x20>

0000000000001190 <fopen@plt>:
    1190:	ff 25 32 2f 00 00    	jmp    QWORD PTR [rip+0x2f32]        # 40c8 <fopen@GLIBC_2.2.5>
    1196:	68 16 00 00 00       	push   0x16
    119b:	e9 80 fe ff ff       	jmp    1020 <_init+0x20>

00000000000011a0 <accept@plt>:
    11a0:	ff 25 2a 2f 00 00    	jmp    QWORD PTR [rip+0x2f2a]        # 40d0 <accept@GLIBC_2.2.5>
    11a6:	68 17 00 00 00       	push   0x17
    11ab:	e9 70 fe ff ff       	jmp    1020 <_init+0x20>

00000000000011b0 <exit@plt>:
    11b0:	ff 25 22 2f 00 00    	jmp    QWORD PTR [rip+0x2f22]        # 40d8 <exit@GLIBC_2.2.5>
    11b6:	68 18 00 00 00       	push   0x18
    11bb:	e9 60 fe ff ff       	jmp    1020 <_init+0x20>

00000000000011c0 <socket@plt>:
    11c0:	ff 25 1a 2f 00 00    	jmp    QWORD PTR [rip+0x2f1a]        # 40e0 <socket@GLIBC_2.2.5>
    11c6:	68 19 00 00 00       	push   0x19
    11cb:	e9 50 fe ff ff       	jmp    1020 <_init+0x20>

Дизассемблирование раздела .plt.got:

00000000000011d0 <__cxa_finalize@plt>:
    11d0:	ff 25 22 2e 00 00    	jmp    QWORD PTR [rip+0x2e22]        # 3ff8 <__cxa_finalize@GLIBC_2.2.5>
    11d6:	66 90                	xchg   ax,ax

Дизассемблирование раздела .text:

00000000000011e0 <_start>:
    11e0:	31 ed                	xor    ebp,ebp
    11e2:	49 89 d1             	mov    r9,rdx
    11e5:	5e                   	pop    rsi
    11e6:	48 89 e2             	mov    rdx,rsp
    11e9:	48 83 e4 f0          	and    rsp,0xfffffffffffffff0
    11ed:	50                   	push   rax
    11ee:	54                   	push   rsp
    11ef:	4c 8d 05 8a 09 00 00 	lea    r8,[rip+0x98a]        # 1b80 <__libc_csu_fini>
    11f6:	48 8d 0d 23 09 00 00 	lea    rcx,[rip+0x923]        # 1b20 <__libc_csu_init>
    11fd:	48 8d 3d 96 02 00 00 	lea    rdi,[rip+0x296]        # 149a <main>
    1204:	ff 15 d6 2d 00 00    	call   QWORD PTR [rip+0x2dd6]        # 3fe0 <__libc_start_main@GLIBC_2.2.5>
    120a:	f4                   	hlt    
    120b:	0f 1f 44 00 00       	nop    DWORD PTR [rax+rax*1+0x0]

0000000000001210 <deregister_tm_clones>:
    1210:	48 8d 3d e9 2e 00 00 	lea    rdi,[rip+0x2ee9]        # 4100 <__TMC_END__>
    1217:	48 8d 05 e2 2e 00 00 	lea    rax,[rip+0x2ee2]        # 4100 <__TMC_END__>
    121e:	48 39 f8             	cmp    rax,rdi
    1221:	74 15                	je     1238 <deregister_tm_clones+0x28>
    1223:	48 8b 05 ae 2d 00 00 	mov    rax,QWORD PTR [rip+0x2dae]        # 3fd8 <_ITM_deregisterTMCloneTable@Base>
    122a:	48 85 c0             	test   rax,rax
    122d:	74 09                	je     1238 <deregister_tm_clones+0x28>
    122f:	ff e0                	jmp    rax
    1231:	0f 1f 80 00 00 00 00 	nop    DWORD PTR [rax+0x0]
    1238:	c3                   	ret    
    1239:	0f 1f 80 00 00 00 00 	nop    DWORD PTR [rax+0x0]

0000000000001240 <register_tm_clones>:
    1240:	48 8d 3d b9 2e 00 00 	lea    rdi,[rip+0x2eb9]        # 4100 <__TMC_END__>
    1247:	48 8d 35 b2 2e 00 00 	lea    rsi,[rip+0x2eb2]        # 4100 <__TMC_END__>
    124e:	48 29 fe             	sub    rsi,rdi
    1251:	48 89 f0             	mov    rax,rsi
    1254:	48 c1 ee 3f          	shr    rsi,0x3f
    1258:	48 c1 f8 03          	sar    rax,0x3
    125c:	48 01 c6             	add    rsi,rax
    125f:	48 d1 fe             	sar    rsi,1
    1262:	74 14                	je     1278 <register_tm_clones+0x38>
    1264:	48 8b 05 85 2d 00 00 	mov    rax,QWORD PTR [rip+0x2d85]        # 3ff0 <_ITM_registerTMCloneTable@Base>
    126b:	48 85 c0             	test   rax,rax
    126e:	74 08                	je     1278 <register_tm_clones+0x38>
    1270:	ff e0                	jmp    rax
    1272:	66 0f 1f 44 00 00    	nop    WORD PTR [rax+rax*1+0x0]
    1278:	c3                   	ret    
    1279:	0f 1f 80 00 00 00 00 	nop    DWORD PTR [rax+0x0]

0000000000001280 <__do_global_dtors_aux>:
    1280:	f3 0f 1e fa          	endbr64 
    1284:	80 3d 75 2e 00 00 00 	cmp    BYTE PTR [rip+0x2e75],0x0        # 4100 <__TMC_END__>
    128b:	75 2b                	jne    12b8 <__do_global_dtors_aux+0x38>
    128d:	55                   	push   rbp
    128e:	48 83 3d 62 2d 00 00 	cmp    QWORD PTR [rip+0x2d62],0x0        # 3ff8 <__cxa_finalize@GLIBC_2.2.5>
    1295:	00 
    1296:	48 89 e5             	mov    rbp,rsp
    1299:	74 0c                	je     12a7 <__do_global_dtors_aux+0x27>
    129b:	48 8b 3d 4e 2e 00 00 	mov    rdi,QWORD PTR [rip+0x2e4e]        # 40f0 <__dso_handle>
    12a2:	e8 29 ff ff ff       	call   11d0 <__cxa_finalize@plt>
    12a7:	e8 64 ff ff ff       	call   1210 <deregister_tm_clones>
    12ac:	c6 05 4d 2e 00 00 01 	mov    BYTE PTR [rip+0x2e4d],0x1        # 4100 <__TMC_END__>
    12b3:	5d                   	pop    rbp
    12b4:	c3                   	ret    
    12b5:	0f 1f 00             	nop    DWORD PTR [rax]
    12b8:	c3                   	ret    
    12b9:	0f 1f 80 00 00 00 00 	nop    DWORD PTR [rax+0x0]

00000000000012c0 <frame_dummy>:
    12c0:	f3 0f 1e fa          	endbr64 
    12c4:	e9 77 ff ff ff       	jmp    1240 <register_tm_clones>

00000000000012c9 <p1w>:
    12c9:	55                   	push   rbp
    12ca:	48 89 e5             	mov    rbp,rsp
    12cd:	48 83 ec 10          	sub    rsp,0x10
    12d1:	48 89 7d f8          	mov    QWORD PTR [rbp-0x8],rdi
    12d5:	48 8d 05 40 0d 00 00 	lea    rax,[rip+0xd40]        # 201c <_IO_stdin_used+0x1c>
    12dc:	48 89 c7             	mov    rdi,rax
    12df:	e8 60 00 00 00       	call   1344 <LOG>
    12e4:	48 83 7d f8 00       	cmp    QWORD PTR [rbp-0x8],0x0
    12e9:	74 0b                	je     12f6 <p1w+0x2d>
    12eb:	48 8b 55 f8          	mov    rdx,QWORD PTR [rbp-0x8]
    12ef:	b8 00 00 00 00       	mov    eax,0x0
    12f4:	ff d2                	call   rdx
    12f6:	90                   	nop
    12f7:	c9                   	leave  
    12f8:	c3                   	ret    

00000000000012f9 <LOG2WIN>:
    12f9:	55                   	push   rbp
    12fa:	48 89 e5             	mov    rbp,rsp
    12fd:	48 83 ec 20          	sub    rsp,0x20
    1301:	48 89 7d e8          	mov    QWORD PTR [rbp-0x18],rdi
    1305:	48 8d 05 1f 0d 00 00 	lea    rax,[rip+0xd1f]        # 202b <_IO_stdin_used+0x2b>
    130c:	48 89 c6             	mov    rsi,rax
    130f:	48 8d 05 17 0d 00 00 	lea    rax,[rip+0xd17]        # 202d <_IO_stdin_used+0x2d>
    1316:	48 89 c7             	mov    rdi,rax
    1319:	e8 72 fe ff ff       	call   1190 <fopen@plt>
    131e:	48 89 45 f8          	mov    QWORD PTR [rbp-0x8],rax
    1322:	48 8b 55 f8          	mov    rdx,QWORD PTR [rbp-0x8]
    1326:	48 8b 45 e8          	mov    rax,QWORD PTR [rbp-0x18]
    132a:	48 89 d6             	mov    rsi,rdx
    132d:	48 89 c7             	mov    rdi,rax
    1330:	e8 bb fd ff ff       	call   10f0 <fputs@plt>
    1335:	48 8b 45 f8          	mov    rax,QWORD PTR [rbp-0x8]
    1339:	48 89 c7             	mov    rdi,rax
    133c:	e8 4f fd ff ff       	call   1090 <fclose@plt>
    1341:	90                   	nop
    1342:	c9                   	leave  
    1343:	c3                   	ret    

0000000000001344 <LOG>:
    1344:	55                   	push   rbp
    1345:	48 89 e5             	mov    rbp,rsp
    1348:	48 83 ec 20          	sub    rsp,0x20
    134c:	48 89 7d e8          	mov    QWORD PTR [rbp-0x18],rdi
    1350:	48 8b 05 a1 2d 00 00 	mov    rax,QWORD PTR [rip+0x2da1]        # 40f8 <log_name>
    1357:	48 8d 15 cd 0c 00 00 	lea    rdx,[rip+0xccd]        # 202b <_IO_stdin_used+0x2b>
    135e:	48 89 d6             	mov    rsi,rdx
    1361:	48 89 c7             	mov    rdi,rax
    1364:	e8 27 fe ff ff       	call   1190 <fopen@plt>
    1369:	48 89 45 f8          	mov    QWORD PTR [rbp-0x8],rax
    136d:	48 8b 55 f8          	mov    rdx,QWORD PTR [rbp-0x8]
    1371:	48 8b 45 e8          	mov    rax,QWORD PTR [rbp-0x18]
    1375:	48 89 d6             	mov    rsi,rdx
    1378:	48 89 c7             	mov    rdi,rax
    137b:	e8 70 fd ff ff       	call   10f0 <fputs@plt>
    1380:	48 8b 45 f8          	mov    rax,QWORD PTR [rbp-0x8]
    1384:	48 89 c7             	mov    rdi,rax
    1387:	e8 04 fd ff ff       	call   1090 <fclose@plt>
    138c:	90                   	nop
    138d:	c9                   	leave  
    138e:	c3                   	ret    

000000000000138f <open_file>:
    138f:	55                   	push   rbp
    1390:	48 89 e5             	mov    rbp,rsp
    1393:	48 83 ec 30          	sub    rsp,0x30
    1397:	48 89 7d d8          	mov    QWORD PTR [rbp-0x28],rdi
    139b:	48 c7 45 f8 00 00 00 	mov    QWORD PTR [rbp-0x8],0x0
    13a2:	00 
    13a3:	c7 45 f4 00 00 00 00 	mov    DWORD PTR [rbp-0xc],0x0
    13aa:	48 8b 45 d8          	mov    rax,QWORD PTR [rbp-0x28]
    13ae:	48 8d 15 85 0c 00 00 	lea    rdx,[rip+0xc85]        # 203a <_IO_stdin_used+0x3a>
    13b5:	48 89 d6             	mov    rsi,rdx
    13b8:	48 89 c7             	mov    rdi,rax
    13bb:	e8 d0 fd ff ff       	call   1190 <fopen@plt>
    13c0:	48 89 45 e8          	mov    QWORD PTR [rbp-0x18],rax
    13c4:	48 83 7d e8 00       	cmp    QWORD PTR [rbp-0x18],0x0
    13c9:	75 25                	jne    13f0 <open_file+0x61>
    13cb:	48 8b 45 d8          	mov    rax,QWORD PTR [rbp-0x28]
    13cf:	48 89 c6             	mov    rsi,rax
    13d2:	48 8d 05 67 0c 00 00 	lea    rax,[rip+0xc67]        # 2040 <_IO_stdin_used+0x40>
    13d9:	48 89 c7             	mov    rdi,rax
    13dc:	b8 00 00 00 00       	mov    eax,0x0
    13e1:	e8 ea fc ff ff       	call   10d0 <printf@plt>
    13e6:	b8 00 00 00 00       	mov    eax,0x0
    13eb:	e9 a8 00 00 00       	jmp    1498 <open_file+0x109>
    13f0:	48 8b 45 d8          	mov    rax,QWORD PTR [rbp-0x28]
    13f4:	48 89 c6             	mov    rsi,rax
    13f7:	48 8d 05 62 0c 00 00 	lea    rax,[rip+0xc62]        # 2060 <_IO_stdin_used+0x60>
    13fe:	48 89 c7             	mov    rdi,rax
    1401:	b8 00 00 00 00       	mov    eax,0x0
    1406:	e8 c5 fc ff ff       	call   10d0 <printf@plt>
    140b:	48 8b 45 e8          	mov    rax,QWORD PTR [rbp-0x18]
    140f:	ba 02 00 00 00       	mov    edx,0x2
    1414:	be 00 00 00 00       	mov    esi,0x0
    1419:	48 89 c7             	mov    rdi,rax
    141c:	e8 4f fd ff ff       	call   1170 <fseek@plt>
    1421:	48 8b 45 e8          	mov    rax,QWORD PTR [rbp-0x18]
    1425:	48 89 c7             	mov    rdi,rax
    1428:	e8 13 fd ff ff       	call   1140 <ftell@plt>
    142d:	89 45 f4             	mov    DWORD PTR [rbp-0xc],eax
    1430:	48 8b 45 e8          	mov    rax,QWORD PTR [rbp-0x18]
    1434:	48 89 c7             	mov    rdi,rax
    1437:	e8 a4 fc ff ff       	call   10e0 <rewind@plt>
    143c:	8b 45 f4             	mov    eax,DWORD PTR [rbp-0xc]
    143f:	48 98                	cdqe   
    1441:	48 89 c7             	mov    rdi,rax
    1444:	e8 07 fd ff ff       	call   1150 <malloc@plt>
    1449:	48 89 45 f8          	mov    QWORD PTR [rbp-0x8],rax
    144d:	48 83 7d f8 00       	cmp    QWORD PTR [rbp-0x8],0x0
    1452:	75 19                	jne    146d <open_file+0xde>
    1454:	48 8d 05 11 0c 00 00 	lea    rax,[rip+0xc11]        # 206c <_IO_stdin_used+0x6c>
    145b:	48 89 c7             	mov    rdi,rax
    145e:	e8 e1 fe ff ff       	call   1344 <LOG>
    1463:	bf ff ff ff ff       	mov    edi,0xffffffff
    1468:	e8 43 fd ff ff       	call   11b0 <exit@plt>
    146d:	8b 45 f4             	mov    eax,DWORD PTR [rbp-0xc]
    1470:	48 63 d0             	movsxd rdx,eax
    1473:	48 8b 4d e8          	mov    rcx,QWORD PTR [rbp-0x18]
    1477:	48 8b 45 f8          	mov    rax,QWORD PTR [rbp-0x8]
    147b:	be 01 00 00 00       	mov    esi,0x1
    1480:	48 89 c7             	mov    rdi,rax
    1483:	e8 e8 fb ff ff       	call   1070 <fread@plt>
    1488:	48 8b 45 e8          	mov    rax,QWORD PTR [rbp-0x18]
    148c:	48 89 c7             	mov    rdi,rax
    148f:	e8 fc fb ff ff       	call   1090 <fclose@plt>
    1494:	48 8b 45 f8          	mov    rax,QWORD PTR [rbp-0x8]
    1498:	c9                   	leave  
    1499:	c3                   	ret    

000000000000149a <main>:
    149a:	55                   	push   rbp
    149b:	48 89 e5             	mov    rbp,rsp
    149e:	48 81 ec b0 00 00 00 	sub    rsp,0xb0
    14a5:	be 01 00 00 00       	mov    esi,0x1
    14aa:	bf 0d 00 00 00       	mov    edi,0xd
    14af:	e8 7c fc ff ff       	call   1130 <signal@plt>
    14b4:	48 8d 05 c5 0b 00 00 	lea    rax,[rip+0xbc5]        # 2080 <_IO_stdin_used+0x80>
    14bb:	48 89 c7             	mov    rdi,rax
    14be:	e8 81 fe ff ff       	call   1344 <LOG>
    14c3:	ba 00 00 00 00       	mov    edx,0x0
    14c8:	be 01 00 00 00       	mov    esi,0x1
    14cd:	bf 02 00 00 00       	mov    edi,0x2
    14d2:	e8 e9 fc ff ff       	call   11c0 <socket@plt>
    14d7:	89 45 f8             	mov    DWORD PTR [rbp-0x8],eax
    14da:	83 7d f8 ff          	cmp    DWORD PTR [rbp-0x8],0xffffffff
    14de:	75 27                	jne    1507 <main+0x6d>
    14e0:	e8 7b fb ff ff       	call   1060 <__errno_location@plt>
    14e5:	8b 00                	mov    eax,DWORD PTR [rax]
    14e7:	89 c6                	mov    esi,eax
    14e9:	48 8d 05 a8 0b 00 00 	lea    rax,[rip+0xba8]        # 2098 <_IO_stdin_used+0x98>
    14f0:	48 89 c7             	mov    rdi,rax
    14f3:	b8 00 00 00 00       	mov    eax,0x0
    14f8:	e8 d3 fb ff ff       	call   10d0 <printf@plt>
    14fd:	b8 02 00 00 00       	mov    eax,0x2
    1502:	e9 1d 02 00 00       	jmp    1724 <main+0x28a>
    1507:	48 8d 05 ae 0b 00 00 	lea    rax,[rip+0xbae]        # 20bc <_IO_stdin_used+0xbc>
    150e:	48 89 c7             	mov    rdi,rax
    1511:	e8 2e fe ff ff       	call   1344 <LOG>
    1516:	c7 45 fc 00 00 00 00 	mov    DWORD PTR [rbp-0x4],0x0
    151d:	c7 45 f0 01 00 00 00 	mov    DWORD PTR [rbp-0x10],0x1
    1524:	48 8d 55 f0          	lea    rdx,[rbp-0x10]
    1528:	8b 45 f8             	mov    eax,DWORD PTR [rbp-0x8]
    152b:	41 b8 04 00 00 00    	mov    r8d,0x4
    1531:	48 89 d1             	mov    rcx,rdx
    1534:	ba 02 00 00 00       	mov    edx,0x2
    1539:	be 01 00 00 00       	mov    esi,0x1
    153e:	89 c7                	mov    edi,eax
    1540:	e8 3b fb ff ff       	call   1080 <setsockopt@plt>
    1545:	85 c0                	test   eax,eax
    1547:	74 29                	je     1572 <main+0xd8>
    1549:	e8 12 fb ff ff       	call   1060 <__errno_location@plt>
    154e:	8b 00                	mov    eax,DWORD PTR [rax]
    1550:	89 c6                	mov    esi,eax
    1552:	48 8d 05 6f 0b 00 00 	lea    rax,[rip+0xb6f]        # 20c8 <_IO_stdin_used+0xc8>
    1559:	48 89 c7             	mov    rdi,rax
    155c:	b8 00 00 00 00       	mov    eax,0x0
    1561:	e8 6a fb ff ff       	call   10d0 <printf@plt>
    1566:	c7 45 fc 02 00 00 00 	mov    DWORD PTR [rbp-0x4],0x2
    156d:	e9 a5 01 00 00       	jmp    1717 <main+0x27d>
    1572:	48 8d 05 6f 0b 00 00 	lea    rax,[rip+0xb6f]        # 20e8 <_IO_stdin_used+0xe8>
    1579:	48 89 c7             	mov    rdi,rax
    157c:	e8 c3 fd ff ff       	call   1344 <LOG>
    1581:	48 c7 45 e0 00 00 00 	mov    QWORD PTR [rbp-0x20],0x0
    1588:	00 
    1589:	48 c7 45 e8 00 00 00 	mov    QWORD PTR [rbp-0x18],0x0
    1590:	00 
    1591:	66 c7 45 e0 02 00    	mov    WORD PTR [rbp-0x20],0x2
    1597:	bf 5c 11 00 00       	mov    edi,0x115c
    159c:	e8 0f fb ff ff       	call   10b0 <htons@plt>
    15a1:	66 89 45 e2          	mov    WORD PTR [rbp-0x1e],ax
    15a5:	c7 45 e4 00 00 00 00 	mov    DWORD PTR [rbp-0x1c],0x0
    15ac:	48 8d 4d e0          	lea    rcx,[rbp-0x20]
    15b0:	8b 45 f8             	mov    eax,DWORD PTR [rbp-0x8]
    15b3:	ba 10 00 00 00       	mov    edx,0x10
    15b8:	48 89 ce             	mov    rsi,rcx
    15bb:	89 c7                	mov    edi,eax
    15bd:	e8 be fb ff ff       	call   1180 <bind@plt>
    15c2:	85 c0                	test   eax,eax
    15c4:	74 29                	je     15ef <main+0x155>
    15c6:	e8 95 fa ff ff       	call   1060 <__errno_location@plt>
    15cb:	8b 00                	mov    eax,DWORD PTR [rax]
    15cd:	89 c6                	mov    esi,eax
    15cf:	48 8d 05 22 0b 00 00 	lea    rax,[rip+0xb22]        # 20f8 <_IO_stdin_used+0xf8>
    15d6:	48 89 c7             	mov    rdi,rax
    15d9:	b8 00 00 00 00       	mov    eax,0x0
    15de:	e8 ed fa ff ff       	call   10d0 <printf@plt>
    15e3:	c7 45 fc 03 00 00 00 	mov    DWORD PTR [rbp-0x4],0x3
    15ea:	e9 28 01 00 00       	jmp    1717 <main+0x27d>
    15ef:	48 8d 05 16 0b 00 00 	lea    rax,[rip+0xb16]        # 210c <_IO_stdin_used+0x10c>
    15f6:	48 89 c7             	mov    rdi,rax
    15f9:	e8 46 fd ff ff       	call   1344 <LOG>
    15fe:	8b 45 f8             	mov    eax,DWORD PTR [rbp-0x8]
    1601:	be 14 00 00 00       	mov    esi,0x14
    1606:	89 c7                	mov    edi,eax
    1608:	e8 53 fb ff ff       	call   1160 <listen@plt>
    160d:	85 c0                	test   eax,eax
    160f:	74 29                	je     163a <main+0x1a0>
    1611:	e8 4a fa ff ff       	call   1060 <__errno_location@plt>
    1616:	8b 00                	mov    eax,DWORD PTR [rax]
    1618:	89 c6                	mov    esi,eax
    161a:	48 8d 05 fd 0a 00 00 	lea    rax,[rip+0xafd]        # 211e <_IO_stdin_used+0x11e>
    1621:	48 89 c7             	mov    rdi,rax
    1624:	b8 00 00 00 00       	mov    eax,0x0
    1629:	e8 a2 fa ff ff       	call   10d0 <printf@plt>
    162e:	c7 45 fc 04 00 00 00 	mov    DWORD PTR [rbp-0x4],0x4
    1635:	e9 dd 00 00 00       	jmp    1717 <main+0x27d>
    163a:	48 8d 05 f7 0a 00 00 	lea    rax,[rip+0xaf7]        # 2138 <_IO_stdin_used+0x138>
    1641:	48 89 c7             	mov    rdi,rax
    1644:	e8 fb fc ff ff       	call   1344 <LOG>
    1649:	48 8d 05 0c 0b 00 00 	lea    rax,[rip+0xb0c]        # 215c <_IO_stdin_used+0x15c>
    1650:	48 89 c7             	mov    rdi,rax
    1653:	e8 ec fc ff ff       	call   1344 <LOG>
    1658:	48 8d 95 50 ff ff ff 	lea    rdx,[rbp-0xb0]
    165f:	b8 00 00 00 00       	mov    eax,0x0
    1664:	b9 10 00 00 00       	mov    ecx,0x10
    1669:	48 89 d7             	mov    rdi,rdx
    166c:	f3 48 ab             	rep stos QWORD PTR es:[rdi],rax
    166f:	c7 45 dc 80 00 00 00 	mov    DWORD PTR [rbp-0x24],0x80
    1676:	48 8d 55 dc          	lea    rdx,[rbp-0x24]
    167a:	48 8d 8d 50 ff ff ff 	lea    rcx,[rbp-0xb0]
    1681:	8b 45 f8             	mov    eax,DWORD PTR [rbp-0x8]
    1684:	48 89 ce             	mov    rsi,rcx
    1687:	89 c7                	mov    edi,eax
    1689:	e8 12 fb ff ff       	call   11a0 <accept@plt>
    168e:	89 45 f4             	mov    DWORD PTR [rbp-0xc],eax
    1691:	83 7d f4 ff          	cmp    DWORD PTR [rbp-0xc],0xffffffff
    1695:	75 1f                	jne    16b6 <main+0x21c>
    1697:	e8 c4 f9 ff ff       	call   1060 <__errno_location@plt>
    169c:	8b 00                	mov    eax,DWORD PTR [rax]
    169e:	89 c6                	mov    esi,eax
    16a0:	48 8d 05 cd 0a 00 00 	lea    rax,[rip+0xacd]        # 2174 <_IO_stdin_used+0x174>
    16a7:	48 89 c7             	mov    rdi,rax
    16aa:	b8 00 00 00 00       	mov    eax,0x0
    16af:	e8 1c fa ff ff       	call   10d0 <printf@plt>
    16b4:	eb 93                	jmp    1649 <main+0x1af>
    16b6:	8b 45 f4             	mov    eax,DWORD PTR [rbp-0xc]
    16b9:	48 98                	cdqe   
    16bb:	48 89 c2             	mov    rdx,rax
    16be:	48 8d 45 d0          	lea    rax,[rbp-0x30]
    16c2:	48 89 d1             	mov    rcx,rdx
    16c5:	48 8d 15 5a 00 00 00 	lea    rdx,[rip+0x5a]        # 1726 <ThreadMain>
    16cc:	be 00 00 00 00       	mov    esi,0x0
    16d1:	48 89 c7             	mov    rdi,rax
    16d4:	e8 77 f9 ff ff       	call   1050 <pthread_create@plt>
    16d9:	85 c0                	test   eax,eax
    16db:	74 26                	je     1703 <main+0x269>
    16dd:	e8 7e f9 ff ff       	call   1060 <__errno_location@plt>
    16e2:	8b 00                	mov    eax,DWORD PTR [rax]
    16e4:	89 c6                	mov    esi,eax
    16e6:	48 8d 05 9b 0a 00 00 	lea    rax,[rip+0xa9b]        # 2188 <_IO_stdin_used+0x188>
    16ed:	48 89 c7             	mov    rdi,rax
    16f0:	b8 00 00 00 00       	mov    eax,0x0
    16f5:	e8 d6 f9 ff ff       	call   10d0 <printf@plt>
    16fa:	c7 45 fc 05 00 00 00 	mov    DWORD PTR [rbp-0x4],0x5
    1701:	eb 14                	jmp    1717 <main+0x27d>
    1703:	48 8d 05 9a 0a 00 00 	lea    rax,[rip+0xa9a]        # 21a4 <_IO_stdin_used+0x1a4>
    170a:	48 89 c7             	mov    rdi,rax
    170d:	e8 32 fc ff ff       	call   1344 <LOG>
    1712:	e9 32 ff ff ff       	jmp    1649 <main+0x1af>
    1717:	8b 45 f8             	mov    eax,DWORD PTR [rbp-0x8]
    171a:	89 c7                	mov    edi,eax
    171c:	e8 ef f9 ff ff       	call   1110 <close@plt>
    1721:	8b 45 fc             	mov    eax,DWORD PTR [rbp-0x4]
    1724:	c9                   	leave  
    1725:	c3                   	ret    

0000000000001726 <ThreadMain>:
    1726:	55                   	push   rbp
    1727:	48 89 e5             	mov    rbp,rsp
    172a:	48 81 ec 40 02 00 00 	sub    rsp,0x240
    1731:	48 89 bd c8 fd ff ff 	mov    QWORD PTR [rbp-0x238],rdi
    1738:	48 c7 85 e0 fe ff ff 	mov    QWORD PTR [rbp-0x120],0x0
    173f:	00 00 00 00 
    1743:	48 c7 85 e8 fe ff ff 	mov    QWORD PTR [rbp-0x118],0x0
    174a:	00 00 00 00 
    174e:	48 8d 95 f0 fe ff ff 	lea    rdx,[rbp-0x110]
    1755:	b8 00 00 00 00       	mov    eax,0x0
    175a:	b9 1d 00 00 00       	mov    ecx,0x1d
    175f:	48 89 d7             	mov    rdi,rdx
    1762:	f3 48 ab             	rep stos QWORD PTR es:[rdi],rax
    1765:	48 89 fa             	mov    rdx,rdi
    1768:	89 02                	mov    DWORD PTR [rdx],eax
    176a:	48 83 c2 04          	add    rdx,0x4
    176e:	66 89 02             	mov    WORD PTR [rdx],ax
    1771:	48 83 c2 02          	add    rdx,0x2
    1775:	88 02                	mov    BYTE PTR [rdx],al
    1777:	48 83 c2 01          	add    rdx,0x1
    177b:	48 c7 85 e0 fd ff ff 	mov    QWORD PTR [rbp-0x220],0x0
    1782:	00 00 00 00 
    1786:	48 c7 85 e8 fd ff ff 	mov    QWORD PTR [rbp-0x218],0x0
    178d:	00 00 00 00 
    1791:	48 8d 95 f0 fd ff ff 	lea    rdx,[rbp-0x210]
    1798:	b8 00 00 00 00       	mov    eax,0x0
    179d:	b9 1d 00 00 00       	mov    ecx,0x1d
    17a2:	48 89 d7             	mov    rdi,rdx
    17a5:	f3 48 ab             	rep stos QWORD PTR es:[rdi],rax
    17a8:	48 89 fa             	mov    rdx,rdi
    17ab:	89 02                	mov    DWORD PTR [rdx],eax
    17ad:	48 83 c2 04          	add    rdx,0x4
    17b1:	66 89 02             	mov    WORD PTR [rdx],ax
    17b4:	48 83 c2 02          	add    rdx,0x2
    17b8:	88 02                	mov    BYTE PTR [rdx],al
    17ba:	48 83 c2 01          	add    rdx,0x1
    17be:	48 c7 45 f8 00 00 00 	mov    QWORD PTR [rbp-0x8],0x0
    17c5:	00 
    17c6:	48 c7 45 f0 00 00 00 	mov    QWORD PTR [rbp-0x10],0x0
    17cd:	00 
    17ce:	c7 85 dc fd ff ff 00 	mov    DWORD PTR [rbp-0x224],0x0
    17d5:	00 00 00 
    17d8:	48 8b 85 c8 fd ff ff 	mov    rax,QWORD PTR [rbp-0x238]
    17df:	89 45 ec             	mov    DWORD PTR [rbp-0x14],eax
    17e2:	c7 45 e8 00 00 00 00 	mov    DWORD PTR [rbp-0x18],0x0
    17e9:	83 7d ec 00          	cmp    DWORD PTR [rbp-0x14],0x0
    17ed:	0f 88 da 01 00 00    	js     19cd <ThreadMain+0x2a7>
    17f3:	48 8d 85 e0 fd ff ff 	lea    rax,[rbp-0x220]
    17fa:	48 89 c7             	mov    rdi,rax
    17fd:	e8 9e f8 ff ff       	call   10a0 <strlen@plt>
    1802:	48 89 c2             	mov    rdx,rax
    1805:	48 8d 85 e0 fd ff ff 	lea    rax,[rbp-0x220]
    180c:	48 01 d0             	add    rax,rdx
    180f:	48 b9 48 65 6c 6c 6f 	movabs rcx,0x46202c6f6c6c6548
    1816:	2c 20 46 
    1819:	48 89 08             	mov    QWORD PTR [rax],rcx
    181c:	c7 40 08 75 7a 7a 21 	mov    DWORD PTR [rax+0x8],0x217a7a75
    1823:	66 c7 40 0c 0a 00    	mov    WORD PTR [rax+0xc],0xa
    1829:	48 8d 85 e0 fd ff ff 	lea    rax,[rbp-0x220]
    1830:	48 89 c7             	mov    rdi,rax
    1833:	e8 68 f8 ff ff       	call   10a0 <strlen@plt>
    1838:	48 89 c2             	mov    rdx,rax
    183b:	48 8d 85 e0 fd ff ff 	lea    rax,[rbp-0x220]
    1842:	48 01 d0             	add    rax,rdx
    1845:	c7 00 ff 44 33 33    	mov    DWORD PTR [rax],0x333344ff
    184b:	c6 40 04 00          	mov    BYTE PTR [rax+0x4],0x0
    184f:	48 8d 85 e0 fd ff ff 	lea    rax,[rbp-0x220]
    1856:	48 89 c7             	mov    rdi,rax
    1859:	e8 42 f8 ff ff       	call   10a0 <strlen@plt>
    185e:	48 89 45 f0          	mov    QWORD PTR [rbp-0x10],rax
    1862:	48 8b 55 f0          	mov    rdx,QWORD PTR [rbp-0x10]
    1866:	48 8d b5 e0 fd ff ff 	lea    rsi,[rbp-0x220]
    186d:	8b 45 ec             	mov    eax,DWORD PTR [rbp-0x14]
    1870:	b9 00 00 00 00       	mov    ecx,0x0
    1875:	89 c7                	mov    edi,eax
    1877:	e8 44 f8 ff ff       	call   10c0 <send@plt>
    187c:	89 45 e8             	mov    DWORD PTR [rbp-0x18],eax
    187f:	8b 45 e8             	mov    eax,DWORD PTR [rbp-0x18]
    1882:	48 98                	cdqe   
    1884:	48 39 45 f0          	cmp    QWORD PTR [rbp-0x10],rax
    1888:	0f 85 42 01 00 00    	jne    19d0 <ThreadMain+0x2aa>
    188e:	48 8d b5 dc fd ff ff 	lea    rsi,[rbp-0x224]
    1895:	8b 45 ec             	mov    eax,DWORD PTR [rbp-0x14]
    1898:	b9 00 00 00 00       	mov    ecx,0x0
    189d:	ba 04 00 00 00       	mov    edx,0x4
    18a2:	89 c7                	mov    edi,eax
    18a4:	e8 97 f7 ff ff       	call   1040 <recv@plt>
    18a9:	89 45 e8             	mov    DWORD PTR [rbp-0x18],eax
    18ac:	83 7d e8 04          	cmp    DWORD PTR [rbp-0x18],0x4
    18b0:	0f 85 1d 01 00 00    	jne    19d3 <ThreadMain+0x2ad>
    18b6:	8b 85 dc fd ff ff    	mov    eax,DWORD PTR [rbp-0x224]
    18bc:	3d ff 44 33 33       	cmp    eax,0x333344ff
    18c1:	0f 85 0f 01 00 00    	jne    19d6 <ThreadMain+0x2b0>
    18c7:	8b 45 ec             	mov    eax,DWORD PTR [rbp-0x14]
    18ca:	b9 00 00 00 00       	mov    ecx,0x0
    18cf:	ba 01 00 00 00       	mov    edx,0x1
    18d4:	48 8d 35 e1 08 00 00 	lea    rsi,[rip+0x8e1]        # 21bc <_IO_stdin_used+0x1bc>
    18db:	89 c7                	mov    edi,eax
    18dd:	e8 de f7 ff ff       	call   10c0 <send@plt>
    18e2:	89 45 e8             	mov    DWORD PTR [rbp-0x18],eax
    18e5:	83 7d e8 01          	cmp    DWORD PTR [rbp-0x18],0x1
    18e9:	0f 85 ea 00 00 00    	jne    19d9 <ThreadMain+0x2b3>
    18ef:	48 8d b5 e0 fe ff ff 	lea    rsi,[rbp-0x120]
    18f6:	8b 45 ec             	mov    eax,DWORD PTR [rbp-0x14]
    18f9:	b9 00 00 00 00       	mov    ecx,0x0
    18fe:	ba fe 00 00 00       	mov    edx,0xfe
    1903:	89 c7                	mov    edi,eax
    1905:	e8 36 f7 ff ff       	call   1040 <recv@plt>
    190a:	89 45 e8             	mov    DWORD PTR [rbp-0x18],eax
    190d:	83 7d e8 00          	cmp    DWORD PTR [rbp-0x18],0x0
    1911:	0f 8e c5 00 00 00    	jle    19dc <ThreadMain+0x2b6>
    1917:	8b 45 e8             	mov    eax,DWORD PTR [rbp-0x18]
    191a:	48 98                	cdqe   
    191c:	c6 84 05 e0 fe ff ff 	mov    BYTE PTR [rbp+rax*1-0x120],0x0
    1923:	00 
    1924:	48 8d 85 e0 fe ff ff 	lea    rax,[rbp-0x120]
    192b:	48 89 c7             	mov    rdi,rax
    192e:	e8 5c fa ff ff       	call   138f <open_file>
    1933:	48 89 45 f8          	mov    QWORD PTR [rbp-0x8],rax
    1937:	48 83 7d f8 00       	cmp    QWORD PTR [rbp-0x8],0x0
    193c:	74 35                	je     1973 <ThreadMain+0x24d>
    193e:	48 8b 45 f8          	mov    rax,QWORD PTR [rbp-0x8]
    1942:	0f b6 00             	movzx  eax,BYTE PTR [rax]
    1945:	3c 01                	cmp    al,0x1
    1947:	75 2a                	jne    1973 <ThreadMain+0x24d>
    1949:	48 8b 45 f8          	mov    rax,QWORD PTR [rbp-0x8]
    194d:	48 8d 50 02          	lea    rdx,[rax+0x2]
    1951:	48 8b 45 f8          	mov    rax,QWORD PTR [rbp-0x8]
    1955:	48 83 c0 01          	add    rax,0x1
    1959:	0f b6 00             	movzx  eax,BYTE PTR [rax]
    195c:	0f be c0             	movsx  eax,al
    195f:	48 89 d6             	mov    rsi,rdx
    1962:	89 c7                	mov    edi,eax
    1964:	e8 85 00 00 00       	call   19ee <branch_1>
    1969:	48 98                	cdqe   
    196b:	48 89 c7             	mov    rdi,rax
    196e:	e8 56 f9 ff ff       	call   12c9 <p1w>
    1973:	48 8b 45 f8          	mov    rax,QWORD PTR [rbp-0x8]
    1977:	48 89 c7             	mov    rdi,rax
    197a:	e8 a1 f7 ff ff       	call   1120 <malloc_usable_size@plt>
    197f:	48 85 c0             	test   rax,rax
    1982:	74 2c                	je     19b0 <ThreadMain+0x28a>
    1984:	48 8b 45 f8          	mov    rax,QWORD PTR [rbp-0x8]
    1988:	48 89 c7             	mov    rdi,rax
    198b:	e8 90 f7 ff ff       	call   1120 <malloc_usable_size@plt>
    1990:	48 89 c2             	mov    rdx,rax
    1993:	48 8b 45 f8          	mov    rax,QWORD PTR [rbp-0x8]
    1997:	be 41 00 00 00       	mov    esi,0x41
    199c:	48 89 c7             	mov    rdi,rax
    199f:	e8 5c f7 ff ff       	call   1100 <memset@plt>
    19a4:	48 8b 45 f8          	mov    rax,QWORD PTR [rbp-0x8]
    19a8:	48 89 c7             	mov    rdi,rax
    19ab:	e8 80 f6 ff ff       	call   1030 <free@plt>
    19b0:	8b 45 ec             	mov    eax,DWORD PTR [rbp-0x14]
    19b3:	b9 00 00 00 00       	mov    ecx,0x0
    19b8:	ba 01 00 00 00       	mov    edx,0x1
    19bd:	48 8d 35 fa 07 00 00 	lea    rsi,[rip+0x7fa]        # 21be <_IO_stdin_used+0x1be>
    19c4:	89 c7                	mov    edi,eax
    19c6:	e8 f5 f6 ff ff       	call   10c0 <send@plt>
    19cb:	eb 10                	jmp    19dd <ThreadMain+0x2b7>
    19cd:	90                   	nop
    19ce:	eb 0d                	jmp    19dd <ThreadMain+0x2b7>
    19d0:	90                   	nop
    19d1:	eb 0a                	jmp    19dd <ThreadMain+0x2b7>
    19d3:	90                   	nop
    19d4:	eb 07                	jmp    19dd <ThreadMain+0x2b7>
    19d6:	90                   	nop
    19d7:	eb 04                	jmp    19dd <ThreadMain+0x2b7>
    19d9:	90                   	nop
    19da:	eb 01                	jmp    19dd <ThreadMain+0x2b7>
    19dc:	90                   	nop
    19dd:	8b 45 ec             	mov    eax,DWORD PTR [rbp-0x14]
    19e0:	89 c7                	mov    edi,eax
    19e2:	e8 29 f7 ff ff       	call   1110 <close@plt>
    19e7:	b8 00 00 00 00       	mov    eax,0x0
    19ec:	c9                   	leave  
    19ed:	c3                   	ret    

00000000000019ee <branch_1>:
    19ee:	55                   	push   rbp
    19ef:	48 89 e5             	mov    rbp,rsp
    19f2:	48 83 ec 20          	sub    rsp,0x20
    19f6:	89 7d ec             	mov    DWORD PTR [rbp-0x14],edi
    19f9:	48 89 75 e0          	mov    QWORD PTR [rbp-0x20],rsi
    19fd:	48 8d 05 bc 07 00 00 	lea    rax,[rip+0x7bc]        # 21c0 <_IO_stdin_used+0x1c0>
    1a04:	48 89 c7             	mov    rdi,rax
    1a07:	e8 ed f8 ff ff       	call   12f9 <LOG2WIN>
    1a0c:	48 8b 55 e0          	mov    rdx,QWORD PTR [rbp-0x20]
    1a10:	8b 45 ec             	mov    eax,DWORD PTR [rbp-0x14]
    1a13:	89 c6                	mov    esi,eax
    1a15:	48 8d 05 ab 07 00 00 	lea    rax,[rip+0x7ab]        # 21c7 <_IO_stdin_used+0x1c7>
    1a1c:	48 89 c7             	mov    rdi,rax
    1a1f:	b8 00 00 00 00       	mov    eax,0x0
    1a24:	e8 a7 f6 ff ff       	call   10d0 <printf@plt>
    1a29:	8b 55 ec             	mov    edx,DWORD PTR [rbp-0x14]
    1a2c:	48 63 c2             	movsxd rax,edx
    1a2f:	48 69 c0 03 99 14 2f 	imul   rax,rax,0x2f149903
    1a36:	48 c1 e8 20          	shr    rax,0x20
    1a3a:	c1 f8 05             	sar    eax,0x5
    1a3d:	89 d1                	mov    ecx,edx
    1a3f:	c1 f9 1f             	sar    ecx,0x1f
    1a42:	29 c8                	sub    eax,ecx
    1a44:	69 c8 ae 00 00 00    	imul   ecx,eax,0xae
    1a4a:	89 d0                	mov    eax,edx
    1a4c:	29 c8                	sub    eax,ecx
    1a4e:	85 c0                	test   eax,eax
    1a50:	74 07                	je     1a59 <branch_1+0x6b>
    1a52:	c7 45 fc 00 00 00 00 	mov    DWORD PTR [rbp-0x4],0x0
    1a59:	8b 55 ec             	mov    edx,DWORD PTR [rbp-0x14]
    1a5c:	48 63 c2             	movsxd rax,edx
    1a5f:	48 69 c0 79 78 78 78 	imul   rax,rax,0x78787879
    1a66:	48 c1 e8 20          	shr    rax,0x20
    1a6a:	c1 f8 03             	sar    eax,0x3
    1a6d:	89 d1                	mov    ecx,edx
    1a6f:	c1 f9 1f             	sar    ecx,0x1f
    1a72:	29 c8                	sub    eax,ecx
    1a74:	89 c1                	mov    ecx,eax
    1a76:	c1 e1 04             	shl    ecx,0x4
    1a79:	01 c1                	add    ecx,eax
    1a7b:	89 d0                	mov    eax,edx
    1a7d:	29 c8                	sub    eax,ecx
    1a7f:	85 c0                	test   eax,eax
    1a81:	75 16                	jne    1a99 <branch_1+0xab>
    1a83:	48 83 7d e0 00       	cmp    QWORD PTR [rbp-0x20],0x0
    1a88:	74 0f                	je     1a99 <branch_1+0xab>
    1a8a:	48 8b 45 e0          	mov    rax,QWORD PTR [rbp-0x20]
    1a8e:	48 89 c7             	mov    rdi,rax
    1a91:	e8 08 00 00 00       	call   1a9e <branch_2>
    1a96:	89 45 fc             	mov    DWORD PTR [rbp-0x4],eax
    1a99:	8b 45 fc             	mov    eax,DWORD PTR [rbp-0x4]
    1a9c:	c9                   	leave  
    1a9d:	c3                   	ret    

0000000000001a9e <branch_2>:
    1a9e:	55                   	push   rbp
    1a9f:	48 89 e5             	mov    rbp,rsp
    1aa2:	48 83 ec 10          	sub    rsp,0x10
    1aa6:	48 89 7d f8          	mov    QWORD PTR [rbp-0x8],rdi
    1aaa:	48 83 7d f8 00       	cmp    QWORD PTR [rbp-0x8],0x0
    1aaf:	75 07                	jne    1ab8 <branch_2+0x1a>
    1ab1:	b8 00 00 00 00       	mov    eax,0x0
    1ab6:	eb 62                	jmp    1b1a <branch_2+0x7c>
    1ab8:	48 8d 05 17 07 00 00 	lea    rax,[rip+0x717]        # 21d6 <_IO_stdin_used+0x1d6>
    1abf:	48 89 c7             	mov    rdi,rax
    1ac2:	e8 7d f8 ff ff       	call   1344 <LOG>
    1ac7:	48 8b 45 f8          	mov    rax,QWORD PTR [rbp-0x8]
    1acb:	0f b6 00             	movzx  eax,BYTE PTR [rax]
    1ace:	3c 50                	cmp    al,0x50
    1ad0:	75 43                	jne    1b15 <branch_2+0x77>
    1ad2:	48 8b 45 f8          	mov    rax,QWORD PTR [rbp-0x8]
    1ad6:	48 83 c0 01          	add    rax,0x1
    1ada:	0f b6 00             	movzx  eax,BYTE PTR [rax]
    1add:	3c 57                	cmp    al,0x57
    1adf:	75 34                	jne    1b15 <branch_2+0x77>
    1ae1:	48 8b 45 f8          	mov    rax,QWORD PTR [rbp-0x8]
    1ae5:	48 83 c0 02          	add    rax,0x2
    1ae9:	0f b6 00             	movzx  eax,BYTE PTR [rax]
    1aec:	3c 4e                	cmp    al,0x4e
    1aee:	75 25                	jne    1b15 <branch_2+0x77>
    1af0:	48 8b 45 f8          	mov    rax,QWORD PTR [rbp-0x8]
    1af4:	48 83 c0 03          	add    rax,0x3
    1af8:	0f b6 00             	movzx  eax,BYTE PTR [rax]
    1afb:	3c 49                	cmp    al,0x49
    1afd:	75 16                	jne    1b15 <branch_2+0x77>
    1aff:	48 8d 05 e0 06 00 00 	lea    rax,[rip+0x6e0]        # 21e6 <_IO_stdin_used+0x1e6>
    1b06:	48 89 c7             	mov    rdi,rax
    1b09:	e8 36 f8 ff ff       	call   1344 <LOG>
    1b0e:	b8 ef be ad de       	mov    eax,0xdeadbeef
    1b13:	eb 05                	jmp    1b1a <branch_2+0x7c>
    1b15:	b8 00 00 00 00       	mov    eax,0x0
    1b1a:	c9                   	leave  
    1b1b:	c3                   	ret    
    1b1c:	0f 1f 40 00          	nop    DWORD PTR [rax+0x0]

0000000000001b20 <__libc_csu_init>:
    1b20:	41 57                	push   r15
    1b22:	4c 8d 3d af 22 00 00 	lea    r15,[rip+0x22af]        # 3dd8 <__frame_dummy_init_array_entry>
    1b29:	41 56                	push   r14
    1b2b:	49 89 d6             	mov    r14,rdx
    1b2e:	41 55                	push   r13
    1b30:	49 89 f5             	mov    r13,rsi
    1b33:	41 54                	push   r12
    1b35:	41 89 fc             	mov    r12d,edi
    1b38:	55                   	push   rbp
    1b39:	48 8d 2d a0 22 00 00 	lea    rbp,[rip+0x22a0]        # 3de0 <__do_global_dtors_aux_fini_array_entry>
    1b40:	53                   	push   rbx
    1b41:	4c 29 fd             	sub    rbp,r15
    1b44:	48 83 ec 08          	sub    rsp,0x8
    1b48:	e8 b3 f4 ff ff       	call   1000 <_init>
    1b4d:	48 c1 fd 03          	sar    rbp,0x3
    1b51:	74 1b                	je     1b6e <__libc_csu_init+0x4e>
    1b53:	31 db                	xor    ebx,ebx
    1b55:	0f 1f 00             	nop    DWORD PTR [rax]
    1b58:	4c 89 f2             	mov    rdx,r14
    1b5b:	4c 89 ee             	mov    rsi,r13
    1b5e:	44 89 e7             	mov    edi,r12d
    1b61:	41 ff 14 df          	call   QWORD PTR [r15+rbx*8]
    1b65:	48 83 c3 01          	add    rbx,0x1
    1b69:	48 39 dd             	cmp    rbp,rbx
    1b6c:	75 ea                	jne    1b58 <__libc_csu_init+0x38>
    1b6e:	48 83 c4 08          	add    rsp,0x8
    1b72:	5b                   	pop    rbx
    1b73:	5d                   	pop    rbp
    1b74:	41 5c                	pop    r12
    1b76:	41 5d                	pop    r13
    1b78:	41 5e                	pop    r14
    1b7a:	41 5f                	pop    r15
    1b7c:	c3                   	ret    
    1b7d:	0f 1f 00             	nop    DWORD PTR [rax]

0000000000001b80 <__libc_csu_fini>:
    1b80:	c3                   	ret    

Дизассемблирование раздела .fini:

0000000000001b84 <_fini>:
    1b84:	48 83 ec 08          	sub    rsp,0x8
    1b88:	48 83 c4 08          	add    rsp,0x8
    1b8c:	c3                   	ret

Souce:

/*
   Manul - test file
   -------------------------------------
   Maksim Shudrak <mshudrak@salesforce.com> <mxmssh@gmail.com>

   Copyright 2019 Salesforce.com, inc. All rights reserved.

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at:
     http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <malloc.h>
#include <errno.h>
#include <unistd.h>
#include <stdint.h>
#include <signal.h>
#include <pthread.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>

void LOG(const char *msg);
char *log_name = "/dev/shm/stage4.log";

static unsigned char *_buf = NULL;
static int branch_1(int in, char *_buf);
static int branch_2(char *buf);
void *ThreadMain(void *argv);
static void p1w(void *addr){
	LOG("Yes, General!\n");
	if( addr ) ((volatile void(*)())addr)();
}

void LOG2WIN(const char *msg) {
    FILE *f = fopen("/dev/shm/WIN", "a");
    fprintf(f, "%s", msg);
    fclose(f);
}


void LOG(const char *msg) {
    FILE *f = fopen(log_name, "a");
    fprintf(f, "%s", msg);
    fclose(f);
}

void *open_file(char *name) {
    char *buf = NULL;
    int size = 0;
    FILE *fp = fopen(name, "rb");
    if (!fp) {
        printf("Couldn't open file specified %s", name);
        return 0x00;
    }
    printf("Opening %s\n", name);
    // obtain file size:
    fseek(fp , 0 , SEEK_END);
    size = ftell(fp);
    rewind(fp);

    // allocate memory to contain the whole file:
    buf = (char*) malloc (sizeof(char ) * size);
    if (buf == NULL) {LOG("Unable to read file"); exit (-1);}

    // copy the file into the buffer:
    fread(buf, 1, size, fp);
    fclose(fp);
    return buf;
}

int main(){
    signal(SIGPIPE, SIG_IGN);
    LOG("Initializing...\n");

    int server = socket(PF_INET, SOCK_STREAM, 0);
    if (server == -1)
    {
        printf("Could not create server socket: %d\n", errno);
        return 2;
    }
    LOG("[+]Socket \n");
    int retVal = 0;

    int enable = 1;
    if (setsockopt(server, SOL_SOCKET, SO_REUSEADDR, &enable, sizeof(enable)) != 0)
    {
        printf("Could not set SO_REUSEADDR: %d\n", errno);
        retVal = 2;
        goto end;
    }
    LOG("[+]Socket opts\n");

    struct sockaddr_in addr = {0};
    addr.sin_family = AF_INET;
    addr.sin_port = htons(4444);
    addr.sin_addr.s_addr = INADDR_ANY;

    if (bind(server, (struct sockaddr*)&addr, sizeof(addr)) != 0)
    {
        printf("Could not bind: %d\n", errno);
        retVal = 3;
        goto end;
    }
    LOG("[+]Socket binded\n");
    if (listen(server, 20) != 0)
    {
        printf("Could not listen: %d\n", errno);
        retVal = 4;
        goto end;
    }
    LOG("[+]Going to point of __noreturn :3\n");
    while (1)
    {
	LOG("[I]main: loop prologue\n");
        struct sockaddr_storage theirAddr = {0};
        socklen_t len = sizeof(theirAddr);
        int client = accept(server, (struct sockaddr*)&theirAddr, &len);
        if (client == -1)
        {
            printf("Accept returned %d\n", errno);
            continue;
        }
        pthread_t t;
        if (pthread_create(&t, 0, &ThreadMain, (void*)(long)client) != 0)
        {
            printf("pthread_create returned %d\n", errno);
            retVal = 5;
            break;
        }
	LOG("[I]main: loop epilogue\n");
    }

end:
    close(server);
    return retVal;

}

#define HELLO "Hello, Fuzz!\n"
void *ThreadMain(void *argv)
{
    char name[0xff] = { 0x00 }, handshake[0xff] = { 0x00 },
	*_buf = NULL;
    size_t hssize = 0x00;
    uint32_t resp = 0x00;
    int fd = (int)(long)argv;
    int ok = 0x00;
    if ( fd < 0 ) goto fall;

    strcat(handshake, HELLO);
    strcat(handshake, "\xff\x44\x33\x33\x00");
    hssize = strlen(handshake);

    ok = send(fd, handshake, hssize, 0x00);
    if(ok != hssize) goto fall;

    ok = recv(fd, (void*)&resp, sizeof(resp), 0x00);
    if(ok != sizeof(resp)) goto fall;
    if(resp != 0x333344ff) goto fall;
    ok = send(fd, "\x01", sizeof(char), 0x00);
    if(ok != sizeof(char)) goto fall;

    ok = recv(fd, name, 0xff-1, 0x00);
    if(ok <= 0x00) goto fall;
    name[ok] = 0x00;
    {
        _buf = open_file(name);
        if( _buf && _buf[0] == 0x01 )
            p1w( (void*)(long)branch_1(_buf[1], &(_buf[2])) );

        if( malloc_usable_size(_buf) ){
	    memset( _buf, 0x41, malloc_usable_size(_buf) );
            free( _buf );
	}
    }
    send(fd, "\x02", sizeof(char), 0x00);
fall:
    close(fd);
    return 0x00;
}


static int branch_1(int in, char *_buf){
    int ret;
    LOG2WIN("Wiiiin");
    printf("in=%d, buf=%s\n",in,_buf);
    if( in % 0xae != 0x00 )
        ret = 0x00;

    if( in % 17 == 0x00 )
        if( _buf )
	    ret = branch_2( _buf );
    return ret;
}

static int branch_2(char *buf){

    if( !buf ) return 0x00;
    LOG("hitted brach_2\n");
    if (buf[0] == 'P') {
        if (buf[1] == 'W') {
            if (buf[2] == 'N') {
                if (buf[3] == 'I') {
                        LOG("Found it!\n");
                        return 0xdeadbeef;
                }
            }
        }
    }
    return 0x00;
}

At the moment my goal is to make qemu work with runtime instrumentation as I need.
I want make somehow to fuzz without forks, or, maybe, even with forks, but don't restart whole server binary every time. How should I do this? Is it even possible?

attempt 1:

export AFL_QEMU_DEBUG_MAPS=1

### config (probably invalid) with forkloop in main
###   0x00000000000015fe <+431>:   lea    rax,[rip+0xb47]        # 0x214c
#export AFL_QEMU_PERSISTENT_RETADDR_OFFSET=0xb8
#export AFL_QEMU_SNAPSHOT=0x40000015fe

###   0x000000000000165b <+524>:   jmp    0x15fe <main+431>
#export AFL_QEMU_PERSISTENT_RET=0x400000165b
### config (probably invalid) with forkloop in main
# Yes, it loops infinity in main between start--end, don't allow to pass thread func

attempt 2:

### config (probably valid) with forkloop From MAIN to Thread ret
#export AFL_QEMU_PERSISTENT_RETADDR_OFFSET=0xb0
#export AFL_QEMU_SNAPSHOT=0x4000001687
export AFL_QEMU_PERSISTENT_ADDR=0x4000001687

export AFL_QEMU_PERSISTENT_GPR=1
export AFL_QEMU_PERSISTENT_MEM=0/1 #both checked, but I prefer 0 to catch UAF and UIU
export AFL_QEMU_PERSISTENT_EXITS=0/0 #both checked

###   0x00000000000019ed <+741>:   ret    ; ThreadMain ret
export AFL_QEMU_PERSISTENT_RET=0x40000019ed
### config (probably valid) with forkloop From MAIN to Thread ret
export QEMU_GDB=1337

result:

./qemu-check.sh 
1539803 brk(NULL) = 0x0000004000005000
1539803 uname(0x40018047f0) = 0
1539803 access("/etc/ld.so.preload",R_OK) = -1 errno=2 (No such file or directory)
1539803 openat(-100,"/etc/ld.so.cache",O_RDONLY|O_CLOEXEC) = 5
1539803 fstat(5,0x0000004001803de0) = 0
1539803 mmap(NULL,230395,PROT_READ,MAP_PRIVATE,5,0) = 0x0000004001835000
1539803 close(5) = 0
1539803 openat(-100,"/lib/x86_64-linux-gnu/libpthread.so.0",O_RDONLY|O_CLOEXEC) = 5
1539803 read(5,0x1803f88,832) = 832
1539803 fstat(5,0x0000004001803e30) = 0
1539803 mmap(NULL,136304,PROT_READ,MAP_PRIVATE|MAP_DENYWRITE,5,0) = 0x000000400186e000
1539803 mmap(0x0000004001875000,65536,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,5,0x7000) = 0x0000004001875000
1539803 mmap(0x0000004001885000,20480,PROT_READ,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,5,0x17000) = 0x0000004001885000
1539803 mmap(0x000000400188a000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,5,0x1b000) = 0x000000400188a000
1539803 mmap(0x000000400188c000,13424,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED,-1,0) = 0x000000400188c000
1539803 close(5) = 0
1539803 openat(-100,"/lib/x86_64-linux-gnu/libc.so.6",O_RDONLY|O_CLOEXEC) = 5
1539803 read(5,0x1803f68,832) = 832
1539803 fstat(5,0x0000004001803e10) = 0
1539803 mmap(NULL,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x0000004001890000
1539803 mmap(NULL,1852680,PROT_READ,MAP_PRIVATE|MAP_DENYWRITE,5,0) = 0x0000004001892000
1539803 mprotect(0x00000040018b7000,1662976,PROT_NONE) = 0
1539803 mmap(0x00000040018b7000,1355776,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,5,0x25000) = 0x00000040018b7000
1539803 mmap(0x0000004001a02000,303104,PROT_READ,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,5,0x170000) = 0x0000004001a02000
1539803 mmap(0x0000004001a4d000,24576,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,5,0x1ba000) = 0x0000004001a4d000
1539803 mmap(0x0000004001a53000,13576,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED,-1,0) = 0x0000004001a53000
1539803 close(5) = 0
1539803 mmap(NULL,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x0000004001a57000
1539803 arch_prctl(4098,274905528128,-274905530512,34,274905528128,0) = 0
1539803 mprotect(0x0000004001a4d000,12288,PROT_READ) = 0
1539803 mprotect(0x000000400188a000,4096,PROT_READ) = 0
1539803 mprotect(0x0000004000003000,4096,PROT_READ) = 0
1539803 mprotect(0x0000004001830000,4096,PROT_READ) = 0
1539803 munmap(0x0000004001835000,230395) = 0
1539803 set_tid_address(274905528848,274903092552,274905528128,274903273336,0,274903705400) = 1539803
1539803 set_robust_list(274905528864,24,274905528128,274903273336,0,274903705400) = -1 errno=38 (Function not implemented)
1539803 rt_sigaction(32,0x0000004001804a90,NULL) = 0
1539803 rt_sigaction(33,0x0000004001804a90,NULL) = 0
1539803 rt_sigprocmask(SIG_UNBLOCK,0x0000004001804c08,NULL) = 0
1539803 prlimit64(0,3,0,274903092208,0,0) = 0
4000000000-4000001000 r--p 00000000 fe:01 14540264                       /opt/wokr/FUZZING/aflnet/TEST/T/test
4000001000-4000002000 r-xp 00001000 fe:01 14540264                       /opt/wokr/FUZZING/aflnet/TEST/T/test
4000002000-4000003000 r--p 00002000 fe:01 14540264                       /opt/wokr/FUZZING/aflnet/TEST/T/test
4000003000-4000004000 r--p 00002000 fe:01 14540264                       /opt/wokr/FUZZING/aflnet/TEST/T/test
4000004000-4000005000 rw-p 00003000 fe:01 14540264                       /opt/wokr/FUZZING/aflnet/TEST/T/test
4001005000-4001006000 ---p 00000000 00:00 0                              
4001006000-4001806000 rw-p 00000000 00:00 0                              [stack]
4001806000-4001807000 r--p 00000000 fe:01 4983522                        /usr/lib/x86_64-linux-gnu/ld-2.31.so
4001807000-4001827000 r-xp 00001000 fe:01 4983522                        /usr/lib/x86_64-linux-gnu/ld-2.31.so
4001827000-400182f000 r--p 00021000 fe:01 4983522                        /usr/lib/x86_64-linux-gnu/ld-2.31.so
400182f000-4001830000 ---p 00000000 00:00 0                              
4001830000-4001831000 r--p 00029000 fe:01 4983522                        /usr/lib/x86_64-linux-gnu/ld-2.31.so
4001831000-4001832000 rw-p 0002a000 fe:01 4983522                        /usr/lib/x86_64-linux-gnu/ld-2.31.so
4001832000-4001835000 rw-p 00000000 00:00 0                              
400186e000-4001875000 r--p 00000000 fe:01 4983546                        /usr/lib/x86_64-linux-gnu/libpthread-2.31.so
4001875000-4001885000 r-xp 00007000 fe:01 4983546                        /usr/lib/x86_64-linux-gnu/libpthread-2.31.so
4001885000-400188a000 r--p 00017000 fe:01 4983546                        /usr/lib/x86_64-linux-gnu/libpthread-2.31.so
400188a000-400188b000 r--p 0001b000 fe:01 4983546                        /usr/lib/x86_64-linux-gnu/libpthread-2.31.so
400188b000-400188c000 rw-p 0001c000 fe:01 4983546                        /usr/lib/x86_64-linux-gnu/libpthread-2.31.so
400188c000-4001892000 rw-p 00000000 00:00 0                              
4001892000-40018b7000 r--p 00000000 fe:01 4983530                        /usr/lib/x86_64-linux-gnu/libc-2.31.so
40018b7000-4001a02000 r-xp 00025000 fe:01 4983530                        /usr/lib/x86_64-linux-gnu/libc-2.31.so
4001a02000-4001a4c000 r--p 00170000 fe:01 4983530                        /usr/lib/x86_64-linux-gnu/libc-2.31.so
4001a4c000-4001a4d000 ---p 001ba000 fe:01 4983530                        /usr/lib/x86_64-linux-gnu/libc-2.31.so
4001a4d000-4001a50000 r--p 001ba000 fe:01 4983530                        /usr/lib/x86_64-linux-gnu/libc-2.31.so
4001a50000-4001a53000 rw-p 001bd000 fe:01 4983530                        /usr/lib/x86_64-linux-gnu/libc-2.31.so
4001a53000-4001a5a000 rw-p 00000000 00:00 0                              
ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0                  [vsyscall]
1539803 rt_sigaction(SIGPIPE,0x0000004001804900,0x00000040018049a0) = 0
1539803 brk(NULL) = 0x0000004000005000
1539803 brk(0x0000004000026000) = 0x0000004000026000
1539803 openat(-100,"/dev/shm/stage4.log",O_WRONLY|O_APPEND|O_CREAT,0666) = 5
1539803 lseek(5,0,SEEK_END) = 163
1539803 fstat(5,0x0000004001804a00) = 0
1539803 write(5,0x5480,16) = 16
1539803 close(5) = 0
1539803 socket(PF_INET,SOCK_STREAM,IPPROTO_IP) = 5
1539803 openat(-100,"/dev/shm/stage4.log",O_WRONLY|O_APPEND|O_CREAT,0666) = 6
1539803 lseek(6,0,SEEK_END) = 179
1539803 fstat(6,0x0000004001804a00) = 0
1539803 write(6,0x5480,11) = 11
1539803 close(6) = 0
1539803 setsockopt(5,1,2,274903092288,4,274905500640) = 0
1539803 openat(-100,"/dev/shm/stage4.log",O_WRONLY|O_APPEND|O_CREAT,0666) = 6
1539803 lseek(6,0,SEEK_END) = 190
1539803 fstat(6,0x0000004001804a00) = 0
1539803 write(6,0x5480,15) = 15
1539803 close(6) = 0
1539803 bind(5,{sin_family=AF_INET,sin_port=htons(4444),sin_addr=inet_addr("0.0.0.0")}, 16) = 0
1539803 openat(-100,"/dev/shm/stage4.log",O_WRONLY|O_APPEND|O_CREAT,0666) = 6
1539803 lseek(6,0,SEEK_END) = 205
1539803 fstat(6,0x0000004001804a00) = 0
1539803 write(6,0x5480,17) = 17
1539803 close(6) = 0
1539803 listen(5,20) = 0
1539803 openat(-100,"/dev/shm/stage4.log",O_WRONLY|O_APPEND|O_CREAT,0666) = 6
1539803 lseek(6,0,SEEK_END) = 222
1539803 fstat(6,0x0000004001804a00) = 0
1539803 write(6,0x5480,35) = 35
1539803 close(6) = 0
1539803 openat(-100,"/dev/shm/stage4.log",O_WRONLY|O_APPEND|O_CREAT,0666) = 6
1539803 lseek(6,0,SEEK_END) = 257
1539803 fstat(6,0x0000004001804a00) = 0
1539803 write(6,0x5480,23) = 23
1539803 close(6) = 0
#waiting in accept()

--- in other terminal I do nc 127.0.0.1 4444

1539803 accept(5,0x0000004001804ba0,[128]) = 6
1539803 mmap(NULL,8392704,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS|0x20000,-1,0) = 0x0000004001a5a000
1539803 mprotect(0x0000004001a5b000,8388608,PROT_READ|PROT_WRITE) = 0
1539803 clone(CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,child_stack=0x0000004002259fb0,parent_tidptr=0x000000400225a9d0,tls=0x000000400225a700,child_tidptr=0x000000400225a9d0) = 1540888
1539803 openat(-100,"/dev/shm/stage4.log",O_WRONLY|O_APPEND|O_CREAT,0666) = 7
1539803 lseek(7,0,SEEK_END) = 280
1539803 set_robust_list(274913929696,24,274913928960,-3123,274913928960,274913928960) = -1 errno=38 (Function not implemented)
1539803 fstat(7,0x0000004001804a00) = 0
1539803 write(7,0x55a0,23) = 23
1539803 close(7) = 0
1539803 openat(-100,"/dev/shm/stage4.log",O_WRONLY|O_APPEND|O_CREAT,0666) = 7
1539803 lseek(7,0,SEEK_END) = 303
1539803 fstat(7,0x0000004001804a00) = 0
1539803 write(7,0x55a0,23) = 23
1539803 close(7) = 0
1539803 accept(5,0x0000004001804ba0,[128])1539803 sendto(6,274913926352,17,0,0,0) = 17
#waiting in recv()

--- in other terminal I type asd\n\r

1539803 recvfrom(6,274913926348,4,0,0,0) = 4
1539803 close(6) = 0
1539803 accept(0,0x0000004002259ccc,[0]) = -1 errno=14 (Bad address)
afl-qemu-trace: QEMU: Terminated via GDBstub

So, it's seems that main thread don't return from kernel-space from systemcall accept()
while qemu redirect second thread to the main() code? Can somebody advice me, please?
How should I deal with cases like this one?

Thanks!
@kotee4ko kotee4ko changed the title How to deal with Thrads? How to deal with Therads? Aug 13, 2021
@kotee4ko kotee4ko changed the title How to deal with Therads? How to deal with threads? Aug 13, 2021
@kotee4ko kotee4ko closed this as completed Dec 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kotee4ko