Check out my first novel, midnight's simulacra!

Libcudest: Difference between revisions

From dankwiki
 
(37 intermediate revisions by the same user not shown)
Line 1: Line 1:
Reverse engineering of [[CUDA]] ioctls in the 3.0 SDK (195.36.15 driver, GTS 360M, amd64). CUDA primarily communicates with the NVIDIA closed-source driver via several hundred undocumented ioctl()s.  
__INDEX__
Reverse engineering of the [[CUDA]] system. CUDA primarily communicates with the NVIDIA closed-source driver via several dozen undocumented ioctl()s. My open source implementation, libcudest, is located at [http://github.com/dankamongmen/libcudest GitHub]. Sundry utilities for reverse engineering are also within this repository, though recent modifications to [http://kadu.net/~joi/valgrind-mmt.git/ valgrind-mmt] have rather superseded my tools.


My open source implementation, libcudest, is located at [http://github.com/dankamongmen/libcudest GitHub]. It began as a project for Hyesoon Kim's CS4803DGC at the Georgia Institute of Technology.
libcudest began as a project for Hyesoon Kim's [[Grad school|CS4803DGC]] at the Georgia Institute of Technology.
==Environment variables==
==Driver versions==
Determined via binary analysis and a shimmed <tt>getenv(3)</tt>:
Newer drivers can be used with older CUDA versions, but the converse is not true. The "CUDA macroversion" listed below is the first CUDA release designed explicitly for use with the listed drivers.
{| border="1" class="sortable"
{| border="1"
! Variable
! Version
! CUDA macroversion
! Notes
! Notes
|-
|-
| CUDA_API_TRACE_PTR
| 195.36.15
| 3.0
|
|-
| 195.36.24
| 3.0
|
|-
| 195.36.31
| 3.0
|
|
|-
|-
| CUDA_AMODEL_GPU
| 256.22
| 3.1-beta
|
|
|-
|-
| CUDA_AMODEL_DLL
| 256.29
| 3.1-beta
|
|
|-
|-
| CUDA_INJECTION64_PATH
| 256.35
| 3.1-beta
|
|
|-
|}
==CUDA Environment variables==
Discovered via binary analysis and a shimmed <tt>getenv(3)</tt>. Effects determined via blackbox and binary analyses:
{| border="1"
! Variable
! Notes
! Documented?
! Effects
|-
|-
| __RM_NO_VERSION_CHECK
| __RM_NO_VERSION_CHECK
|
|
| N
| Also checked by nvidia-smi
|-
| COMPUTE_PROFILE
|
| Y
| If set to 1, profiling will be performed. Implies CUDA_LAUNCH_BLOCKING.
|-
| COMPUTE_PROFILE_CONFIG
|
| Y
| Specifies a profiler configuration file. Only checked if COMPUTE_PROFILE is set.
|-
| COMPUTE_PROFILE_CSV
|
| Y
| If set to 1, a profiling data will be written in CSV format. Only checked if COMPUTE_PROFILE is set.
|-
|-
| CUDA_MEMCHECK
| COMPUTE_PROFILE_LOG
|
|
| Y
| Specifies profiler output file (default: "./cuda_profile.log"). Only checked if COMPUTE_PROFILE is set.
|-
|-
| CUDA_EMULATION_MODE
| CUDA_AMODEL_DLL
|
| N
|
|
|-
|-
| CUDA_HEAP_RANGE
| CUDA_AMODEL_GPU
|
| N
|
|
|-
|-
| CUDA_MEMORY_LOG
| CUDA_API_TRACE_PTR
|
| N
|
|
|-
|-
| CUDA_CACHE_DISABLE
| CUDA_CACHE_DISABLE
|
| Y
| If this is unset, the code cache will be used.
|-
| CUDA_CACHE_MAXSIZE
|
| Y
|
|
|-
|-
| CUDA_CACHE_PATH
| CUDA_CACHE_PATH
|
|
| Y
| If this is set, it overrides the code cache's default path of $HOME/.nv/ComputeCache
|-
|-
| CUDA_CACHE_MAXSIZE
| CUDA_DEVCODE_CACHE
|
|
| Y
| PTX compilation cache.
|-
|-
| CUDA_DEVCODE_PATH
| CUDA_DEVCODE_PATH
|
| Y
| Search path for fat binaries.
|-
| CUDA_EMULATION_MODE
|
|
|
|
|-
|-
| CUDA_DEVCODE_CACHE
| CUDA_FORCE_PTX_JIT
|
|
|
|-
| CUDA_HEAP_RANGE
| Checked each time a context is created
|
|
|-
| CUDA_INJECTION64_PATH
|
|
|
|
|-
|-
| CUDA_LAUNCH_BLOCKING
| CUDA_LAUNCH_BLOCKING
|
|
| Y (CUDA 3.0 Programmer's Guide, 3.2.6.1)
| Forces synchronization of host threads on GPU kernels.
|-
|-
| CUDA_FORCE_PTX_JIT
| CUDA_MEMCHECK
| Checked each time a context is created
|
|
|-
| CUDA_MEMORY_LOG
| Checked each time a context is created
|
|
|
|
|-
|-
| CUDA_PROFILE
| CUDA_VISIBLE_DEVICES
|
|
|
|
|-
|-
|}
|}
Line 82: Line 173:
! notes
! notes
! [http://nouveau.freedesktop.org/wiki/HwIntroduction Nouveau name]
! [http://nouveau.freedesktop.org/wiki/HwIntroduction Nouveau name]
| block range
! block range
|-
|-
| reg_addr + 0x0000
| reg_addr + 0x0000
Line 121: Line 212:
|-
|-
! COLSPAN="5" style="background:#efefef;" | /dev/nvidiactl
! COLSPAN="5" style="background:#efefef;" | /dev/nvidiactl
|-
| 0xcf
NV_ESC_FREE_OS_EVENT
|
|
|
|
|-
| 0xd1
NV_ESC_STATUS_CODE
|
|
|
|
|-
| 0xd2
NV_ESC_CHECK_VERSION_STR
| 0x048
| stack
| cuInit
|
* Performed immediately following opening of the nvidiactl device
<pre>typedef struct nv_ioctl_rm_api_version
{
    NvU32 cmd;
    NvU32 reply;
    char versionString[NV_RM_API_VERSION_STRING_LENGTH];
} nv_ioctl_rm_api_version_t;
#define NV_RM_API_VERSION_CMD_STRICT        0
#define NV_RM_API_VERSION_CMD_RELAXED      '1'
#define NV_RM_API_VERSION_CMD_OVERRIDE      '2'
#define NV_RM_API_VERSION_REPLY_UNRECOGNIZED 0
#define NV_RM_API_VERSION_REPLY_RECOGNIZED  1</pre>
* 0x312e 3633 2e35 3931 35ull == 195.36.15
** '1' '.' '6' '3' '.' '5' '9' '1', '5'
** looks like: all version chars in ascii. first 8 reversed, then any left follow?
* All other bytes are 0.
* Writes result to first 8 bytes (0x00000001), leaves others untouched
|-
| 0xca
NV_ESC_ENV_INFO
| 0x004
| anonymous page
| cuInit
|
* Seems to ignore input value.
* Writes result value (0x00000001).
<pre>typedef struct nv_ioctl_env_info
{
    NvU32 pat_supported;
} nv_ioctl_env_info_t;</pre>
|-
|-
| 0xc8
| 0xc8
Line 222: Line 260:
     f3080000-f3083fff : 0000:01:00.1
     f3080000-f3083fff : 0000:01:00.1
       f3080000-f3083fff : ICH HD audio</pre>
       f3080000-f3083fff : ICH HD audio</pre>
|-
| 0xca
NV_ESC_ENV_INFO
| 0x004
| anonymous page
| cuInit
|
* Seems to ignore input value.
* Writes result value (0x00000001).
<pre>typedef struct nv_ioctl_env_info
{
    NvU32 pat_supported;
} nv_ioctl_env_info_t;</pre>
|-
| 0xce
NV_ESC_ALLOC_OS_EVENT
| 0x14
|
|
|
|-
| 0xcf
NV_ESC_FREE_OS_EVENT
|
|
|
|
|-
| 0xd1
NV_ESC_STATUS_CODE
|
|
|
|
|-
| 0xd2
NV_ESC_CHECK_VERSION_STR
| 0x048
| stack
| cuInit
|
* Performed immediately following opening of the nvidiactl device
<pre>typedef struct nv_ioctl_rm_api_version
{
    NvU32 cmd;
    NvU32 reply;
    char versionString[NV_RM_API_VERSION_STRING_LENGTH];
} nv_ioctl_rm_api_version_t;
#define NV_RM_API_VERSION_CMD_STRICT        0
#define NV_RM_API_VERSION_CMD_RELAXED      '1'
#define NV_RM_API_VERSION_CMD_OVERRIDE      '2'
#define NV_RM_API_VERSION_REPLY_UNRECOGNIZED 0
#define NV_RM_API_VERSION_REPLY_RECOGNIZED  1</pre>
* 0x312e 3633 2e35 3931 35ull == 195.36.15
** '1' '.' '6' '3' '.' '5' '9' '1', '5'
** looks like: all version chars in ascii. first 8 reversed, then any left follow?
* All other bytes are 0.
* Writes result to first 8 bytes (0x00000001), leaves others untouched
|-
|-
| 0x22
| 0x22
Line 233: Line 331:
* First value is used as first input word to the majority of subsequent ioctls
* First value is used as first input word to the majority of subsequent ioctls
* Second value ranges over (at least) 41--65...
* Second value ranges over (at least) 41--65...
* '''Not sent in 256.22/3.10...'''
|-
|-
| 0x2a
| 0x2a
Line 239: Line 338:
| cuInit
| cuInit
|
|
* Inputs:
* [[#GPU methods|GPU method]] invocation. Second and third words specify the method being called. Fifth and sixth specify the address being passed; seventh and eighth the size thereof.
Sample inputs:
<pre>0x7fffffffd310: 3251635025 3251635025 533 0
<pre>0x7fffffffd310: 3251635025 3251635025 533 0
0x7fffffffd320: 4294955888 32767 132 0</pre>
0x7fffffffd320: 4294955888 32767 132 0</pre>
* Outputs are unchanged
* First and second words are *not* always equivalent.
* Outputs are usually unchanged, but not always:
<pre>ioctl 2a, 32-byte param, fd 3 0xc1d04214 0x5c000002 0x2080012f 0x00000000
0x0010 0x950713f0 0x00007fff 0x000000a8 0x00000000
GPU method 0x5c000002:2080012f 0x00000000 0x00000000 0x00000000 0x00000000
0x0010 0x00000000 0x00000000 0x00000000 0x00000000
0x0020 0x00000000 0x00000000 0x00000000 0x00000000
0x0030 0x00000000 0x00000000 0x00000000 0x00000000
0x0040 0x00000000 0x00000000 0x00000000 0x00000000
0x0050 0x00000000 0x00000000 0x00000000 0x00000000
0x0060 0x00000000 0x00000000 0x00000000 0x00000000
0x0070 0x00000000 0x00000000 0x00000000 0x00000000
0x0080 0x00000000 0x00000000 0x00000000 0x00000000
0x0090 0x00000000 0x00000000 0x00000000 0x00000000
0x00a0 0x00000000 0x00000000
RESULT: 0 0xc1d04214 0x5c000002 0x2080012f 0x00000000
0x0010 0x950713f0 0x00007fff 0x000000a8 0x00000029
GPU method 0x5c000002:2080012f **************MODIFICATION FROM CALL
0x00000000 0x00000000 0x00000000 0x00000000
0x0010 0x00000000 0x00000000 0x00000000 0x00000000
0x0020 0x00000000 0x00000000 0x00000000 0x00000000
0x0030 0x00000000 0x00000000 0x00000000 0x00000000
0x0040 0x00000000 0x00000000 0x00000000 0x00000000
0x0050 0x00000000 0x00000000 0x00000000 0x00000000
0x0060 0x00000000 0x00000000 0x00000000 0x00000000
0x0070 0x00000000 0x00000000 0x00000000 0x00000000
0x0080 0x00000000 0x00000000 0x00000000 0x00000000
0x0090 0x00000000 0x00000000 0x00000000 0x00000000
0x00a0 0x00000000 0x00000000 </pre>
|-
|-
| 0x2b
| 0x2b
Line 249: Line 377:
| cuInit
| cuInit
|
|
* GPU object creation(?)
|-
|-
| 0x4d
| 0x4d
Line 279: Line 408:
* Invoked if mmap() returns MAP_FAILED, prior to failing out
* Invoked if mmap() returns MAP_FAILED, prior to failing out
|-
|-
! colspan="5" style="background:#ffdead;" | /dev/nvidiaX
| 0x54
|-
| 0x30
| 0x32
| 0x014
| stack
| cuInit
|
* Performed several times in succession
|-
| 0x37
| 0x020
| stack
| cuInit
|
* Follows burst of 3x 0x32's, then interwoven with bursts of 2a's
|-
|}
 
==disassembly==
This disassembly makes use of <tt>libcuda.so.195.36.15</tt> (0867d66be617faab3782fa0ba19ec9ba, 7404990 bytes). Symbols were extracted via <tt>objdump -T</tt>.
AMD64 ABI:
* Integer arguments via RDI, RSI, RDX, RCX, R8 and R9, then stack
* FP arguments in XMM0..XMM7, then stack
* Return value in RAX
{| border="1" class="sortable"
! location (.text is 000000000007fd10)
! length
! symbol
! notes
|-
| ebce0
|
|
|
|
|<code>
  ebce0: 41 55                push  %r13
  ebce2: 49 89 fd            mov    %rdi,%r13
  ebce5: 41 54                push  %r12
  ebce7: 49 89 f4            mov    %rsi,%r12
  ebcea: 55                  push  %rbp
  ebceb: 53                  push  %rbx
  ebcec: 48 83 ec 08          sub    $0x8,%rsp
  ebcf0: 8b 35 2a 49 72 00    mov    0x72492a(%rip),%esi        # 810620 <__isinff@plt+0x790920>
  ebcf6: 85 f6                test  %esi,%esi
  ebcf8: 0f 84 16 01 00 00    je    ebe14 <__isinff@plt+0x6c114>
  ebcfe: 8b 0d 2c 49 72 00    mov    0x72492c(%rip),%ecx        # 810630 <__isinff@plt+0x790930>
  ebd04: 85 c9                test  %ecx,%ecx
  ebd06: 0f 8e 08 01 00 00    jle    ebe14 <__isinff@plt+0x6c114>
  ebd0c: 48 8d 1d 0d 49 72 00 lea    0x72490d(%rip),%rbx        # 810620 <__isinff@plt+0x790920>
  ebd13: 31 ed                xor    %ebp,%ebp
  ebd15: 48 8b 7b 28          mov    0x28(%rbx),%rdi
  ebd19: 4c 89 e2            mov    %r12,%rdx
  ebd1c: 4c 89 ee            mov    %r13,%rsi
  ebd1f: ff c5                inc    %ebp
  ebd21: ff 53 20            callq  *0x20(%rbx)
  ebd24: 48 83 c3 18          add    $0x18,%rbx
  ebd28: 39 2d 02 49 72 00    cmp    %ebp,0x724902(%rip)        # 810630 <__isinff@plt+0x790930>
  ebd2e: 0f 8e e0 00 00 00    jle    ebe14 <__isinff@plt+0x6c114>
  ebd34: 48 8b 7b 28          mov    0x28(%rbx),%rdi
  ebd38: 4c 89 e2            mov    %r12,%rdx
  ebd3b: 4c 89 ee            mov    %r13,%rsi
  ebd3e: ff 53 20            callq  *0x20(%rbx)
  ebd41: 8d 45 01            lea    0x1(%rbp),%eax
  ebd44: 39 05 e6 48 72 00    cmp    %eax,0x7248e6(%rip)        # 810630 <__isinff@plt+0x790930>
  ebd4a: 48 8d 4b 18          lea    0x18(%rbx),%rcx
  ebd4e: 0f 8e c0 00 00 00    jle    ebe14 <__isinff@plt+0x6c114>
  ebd54: 48 8b 79 28          mov    0x28(%rcx),%rdi
  ebd58: 4c 89 e2            mov    %r12,%rdx
  ebd5b: 4c 89 ee            mov    %r13,%rsi
  ebd5e: ff 51 20            callq  *0x20(%rcx)
  ebd61: 8d 55 02            lea    0x2(%rbp),%edx
  ebd64: 39 15 c6 48 72 00    cmp    %edx,0x7248c6(%rip)        # 810630 <__isinff@plt+0x790930>
  ebd6a: 48 8d 4b 30          lea    0x30(%rbx),%rcx
  ebd6e: 0f 8e a0 00 00 00    jle    ebe14 <__isinff@plt+0x6c114>
  ebd74: 48 8b 79 28          mov    0x28(%rcx),%rdi
  ebd78: 4c 89 e2            mov    %r12,%rdx
  ebd7b: 4c 89 ee            mov    %r13,%rsi
  ebd7e: ff 51 20            callq  *0x20(%rcx)
  ebd81: 8d 7d 03            lea    0x3(%rbp),%edi
  ebd84: 39 3d a6 48 72 00    cmp    %edi,0x7248a6(%rip)        # 810630 <__isinff@plt+0x790930>
  ebd8a: 48 8d 4b 48          lea    0x48(%rbx),%rcx
  ebd8e: 0f 8e 80 00 00 00    jle    ebe14 <__isinff@plt+0x6c114>
  ebd94: 48 8b 79 28          mov    0x28(%rcx),%rdi
  ebd98: 4c 89 e2            mov    %r12,%rdx
  ebd9b: 4c 89 ee            mov    %r13,%rsi
  ebd9e: ff 51 20            callq  *0x20(%rcx)
  ebda1: 44 8d 45 04          lea    0x4(%rbp),%r8d
  ebda5: 44 39 05 84 48 72 00 cmp    %r8d,0x724884(%rip)        # 810630 <__isinff@plt+0x790930>
  ebdac: 48 8d 4b 60          lea    0x60(%rbx),%rcx
  ebdb0: 7e 62                jle    ebe14 <__isinff@plt+0x6c114>
  ebdb2: 48 8b 79 28          mov    0x28(%rcx),%rdi
  ebdb6: 4c 89 e2            mov    %r12,%rdx
  ebdb9: 4c 89 ee            mov    %r13,%rsi
  ebdbc: ff 51 20            callq  *0x20(%rcx)
  ebdbf: 44 8d 4d 05          lea    0x5(%rbp),%r9d
  ebdc3: 44 39 0d 66 48 72 00 cmp    %r9d,0x724866(%rip)        # 810630 <__isinff@plt+0x790930>
  ebdca: 48 8d 4b 78          lea    0x78(%rbx),%rcx
  ebdce: 7e 44                jle    ebe14 <__isinff@plt+0x6c114>
  ebdd0: 48 8b 79 28          mov    0x28(%rcx),%rdi
  ebdd4: 4c 89 e2            mov    %r12,%rdx
  ebdd7: 4c 89 ee            mov    %r13,%rsi
  ebdda: ff 51 20            callq  *0x20(%rcx)
  ebddd: 44 8d 55 06          lea    0x6(%rbp),%r10d
  ebde1: 44 39 15 48 48 72 00 cmp    %r10d,0x724848(%rip)        # 810630 <__isinff@plt+0x790930>
  ebde8: 48 8d 8b 90 00 00 00 lea    0x90(%rbx),%rcx
  ebdef: 7e 23                jle    ebe14 <__isinff@plt+0x6c114>
  ebdf1: 48 8b 79 28          mov    0x28(%rcx),%rdi
  ebdf5: 4c 89 e2            mov    %r12,%rdx
  ebdf8: 4c 89 ee            mov    %r13,%rsi
  ebdfb: 83 c5 07            add    $0x7,%ebp
  ebdfe: 48 81 c3 a8 00 00 00 add    $0xa8,%rbx
  ebe05: ff 51 20            callq  *0x20(%rcx)
  ebe08: 39 2d 22 48 72 00    cmp    %ebp,0x724822(%rip)        # 810630 <__isinff@plt+0x790930>
  ebe0e: 0f 8f 01 ff ff ff    jg    ebd15 <__isinff@plt+0x6c015>
  ebe14: 48 83 c4 08          add    $0x8,%rsp
  ebe18: 5b                  pop    %rbx
  ebe19: 5d                  pop    %rbp
  ebe1a: 41 5c                pop    %r12
  ebe1c: 41 5d                pop    %r13
  ebe1e: c3                  retq
</code>
|-
| 5c7850
|
|
| Pthread_setspecific()
|<code>
  5c7850: ff cf                dec    %edi
  5c7852: e9 e9 7c ab ff      jmpq  7f540 <pthread_setspecific@plt>
</code>
|-
|-
 
| 0x57
| 5c7860
| 0x038
|
| Pthread_getspecific()
|<code>
  5c7860: ff cf                dec    %edi
  5c7862: e9 49 83 ab ff      jmpq  7fbb0 <pthread_getspecific@plt>
</code>
|-
| 905d0
|
| "lookupContext()"
|<code>
// Check for 0x321cbda00, the "driver deinitialized" magic constant. Return 4 if set.
 
  905d0:      48 8b 05 91 e0 77 00    mov    0x77e091(%rip),%rax        # 80e668 <__isinff@plt+0x78e968>              push  %rbx
  905d8:      b9 04 00 00 00          mov    $0x4,%ecx
  905dd:      48 89 fb                mov    %rdi,%rbx
  905e0:      8b 90 88 01 00 00      mov    0x188(%rax),%edx
  905e6:      81 fa 00 ba 1c 32      cmp    $0x321cba00,%edx
  905ec:      74 0a                  je    905f8 <__isinff@plt+0x108f8>
 
// Check for 0xabc123, the "driver initialized" magic constant. Return 3 if unset.
 
  905ee:      81 fa 23 c1 ab 00      cmp    $0xabc123,%edx
  905f4:      b1 03                  mov    $0x3,%cl
  905f6:      74 08                  je    90600 <__isinff@plt+0x10900>
  905f8:      5b                      pop    %rbx
  905f9:      89 c8                  mov    %ecx,%eax
  905fb:      c3                      retq 
  905fc:      66 66 66 90            xchg  %ax,%ax
 
// Also return 3 (DRIVER_UNINITIALIZED) if we were passed an uninitialized key.
 
  90600:      30 c9                  xor    %cl,%cl
  90602:      48 85 ff                test  %rdi,%rdi
  90605:      74 f1                  je    905f8 <__isinff@plt+0x108f8>
 
// Call pthread_getspecific()
 
  90607:      8b 38                  mov    (%rax),%edi
  90609:      e8 52 72 53 00          callq  5c7860 <__isinff@plt+0x547b60>
 
// Check for NULL from pthread_getspecific(). Return 201 (INVALID_CONTEXT) in that case.
 
  9060e:      48 85 c0                test  %rax,%rax
  90611:      48 89 03                mov    %rax,(%rbx)
  90614:      b9 c9 00 00 00          mov    $0xc9,%ecx
  90619:      74 dd                  je    905f8 <__isinff@plt+0x108f8>
 
// We had a valid context object. Return 0x338 bytes into it.
 
  9061b:      8b 88 38 03 00 00      mov    0x338(%rax),%ecx
  90621:      5b                      pop    %rbx
  90622:      89 c8                  mov    %ecx,%eax
  90624:      c3                      retq
</code>
|-
| ebcd0
|
|  
|  
|<code>
  ebcd0:      31 c0                  xor    %eax,%eax
  ebcd2:      83 3d 4b 49 72 00 00    cmpl  $0x0,0x72494b(%rip)        # 810624 <__isinff@plt+0x790924>
  ebcd9:      0f 95 c0                setne  %al
  ebcdc:      c3                      retq
</code>
|-
|81460
|
|
|
|
|<code>
  81460: 53                  push  %rbx
  81461: 89 fb                mov    %edi,%ebx
  81463: e8 b8 f2 00 00      callq  90720 <__isinff@plt+0x10a20>
  81468: 85 db                test  %ebx,%ebx
  8146a: 74 07                je    81473 <__isinff@plt+0x1773>
  8146c: 5b                  pop    %rbx
  8146d: b8 01 00 00 00      mov    $0x1,%eax
  81472: c3                  retq 
  81473: 5b                  pop    %rbx
  81474: e9 07 f4 00 00      jmpq  90880 <__isinff@plt+0x10b80>
</code>
|-
|-
| 90720
| 0x58
|
| 0x28
|
|
|<code>
  90720: 53                  push  %rbx
  90721: 48 8b 1d 40 df 77 00 mov    0x77df40(%rip),%rbx        # 80e668 <__isinff@plt+0x78e968>
  90728: 8b 83 80 01 00 00    mov    0x180(%rbx),%eax
  9072e: 85 c0                test  %eax,%eax
  90730: 74 02                je    90734 <__isinff@plt+0x10a34>
  90732: 5b                  pop    %rbx
  90733: c3                  retq 
  90734: 48 8d bb 78 01 00 00 lea    0x178(%rbx),%rdi
  9073b: 31 d2                xor    %edx,%edx
  9073d: be 01 00 00 00      mov    $0x1,%esi
  90742: e8 b9 69 53 00      callq  5c7100 <__isinff@plt+0x547400>
  90747: 85 c0                test  %eax,%eax
  90749: 0f 84 9a 00 00 00    je    907e9 <__isinff@plt+0x10ae9>
  9074f: 44 8b 9b 80 01 00 00 mov    0x180(%rbx),%r11d
  90756: 45 85 db            test  %r11d,%r11d
  90759: 75 d7                jne    90732 <__isinff@plt+0x10a32>
  9075b: e8 20 70 53 00      callq  5c7780 <__isinff@plt+0x547a80>
  90760: 8b 93 80 01 00 00    mov    0x180(%rbx),%edx
  90766: 85 d2                test  %edx,%edx
  90768: 75 c8                jne    90732 <__isinff@plt+0x10a32>
  9076a: e8 11 70 53 00      callq  5c7780 <__isinff@plt+0x547a80>
  9076f: 8b 8b 80 01 00 00    mov    0x180(%rbx),%ecx
  90775: 85 c9                test  %ecx,%ecx
  90777: 75 b9                jne    90732 <__isinff@plt+0x10a32>
  90779: e8 02 70 53 00      callq  5c7780 <__isinff@plt+0x547a80>
  9077e: 8b b3 80 01 00 00    mov    0x180(%rbx),%esi
  90784: 85 f6                test  %esi,%esi
  90786: 75 aa                jne    90732 <__isinff@plt+0x10a32>
  90788: e8 f3 6f 53 00      callq  5c7780 <__isinff@plt+0x547a80>
  9078d: 8b bb 80 01 00 00    mov    0x180(%rbx),%edi
  90793: 85 ff                test  %edi,%edi
  90795: 75 9b                jne    90732 <__isinff@plt+0x10a32>
  90797: e8 e4 6f 53 00      callq  5c7780 <__isinff@plt+0x547a80>
  9079c: 44 8b 83 80 01 00 00 mov    0x180(%rbx),%r8d
  907a3: 45 85 c0            test  %r8d,%r8d
  907a6: 75 8a                jne    90732 <__isinff@plt+0x10a32>
  907a8: e8 d3 6f 53 00      callq  5c7780 <__isinff@plt+0x547a80>
  907ad: 44 8b 8b 80 01 00 00 mov    0x180(%rbx),%r9d
  907b4: 45 85 c9            test  %r9d,%r9d
  907b7: 0f 85 75 ff ff ff    jne    90732 <__isinff@plt+0x10a32>
  907bd: e8 be 6f 53 00      callq  5c7780 <__isinff@plt+0x547a80>
  907c2: 44 8b 93 80 01 00 00 mov    0x180(%rbx),%r10d
  907c9: 45 85 d2            test  %r10d,%r10d
  907cc: 0f 85 60 ff ff ff    jne    90732 <__isinff@plt+0x10a32>
  907d2: e8 a9 6f 53 00      callq  5c7780 <__isinff@plt+0x547a80>
  907d7: 44 8b 9b 80 01 00 00 mov    0x180(%rbx),%r11d
  907de: 45 85 db            test  %r11d,%r11d
  907e1: 0f 84 74 ff ff ff    je    9075b <__isinff@plt+0x10a5b>
  907e7: 5b                  pop    %rbx
  907e8: c3                  retq 
</code>
|-
|0x90880
|
|
|
|
|<code>
  90880:      41 54                  push  %r12
  90882:      55                      push  %rbp
  90883:      53                      push  %rbx
  90884:      31 db                  xor    %ebx,%ebx
  90886:      48 81 ec 00 08 00 00    sub    $0x800,%rsp
  9088d:      e8 8e fe ff ff          callq  90720 <__isinff@plt+0x10a20>
  90892:      48 8b 2d cf dd 77 00    mov    0x77ddcf(%rip),%rbp        # 80e668 <__isinff@plt+0x78e968>8            lea    0x8(%rbp),%rdi
  9089d:      e8 1e 6f 53 00          callq  5c77c0 <__isinff@plt+0x547ac0>
  908a2:      81 bd 88 01 00 00 23    cmpl  $0xabc123,0x188(%rbp)
  908a9:      c1 ab 00
  908ac:      0f 84 16 01 00 00      je    909c8 <__isinff@plt+0x10cc8>
  908b2:      4c 8d a4 24 00 04 00    lea    0x400(%rsp),%r12
  908b9:      00
  908ba:      48 8d 3d eb 77 53 00    lea    0x5377eb(%rip),%rdi        # 5c80ac <__isinff@plt+0x5483ac>0 00          mov    $0x400,%edx
  908c6:      c6 84 24 00 04 00 00    movb  $0x0,0x400(%rsp)
  908cd:      00
  908ce:      c6 04 24 00            movb  $0x0,(%rsp)
  908d2:      4c 89 e6                mov    %r12,%rsi
  908d5:      e8 76 70 53 00          callq  5c7950 <__isinff@plt+0x547c50>
  908da:      48 8d 3d cb 76 53 00    lea    0x5376cb(%rip),%rdi        # 5c7fac <__isinff@plt+0x5482ac>              mov    %rsp,%rsi
  908e4:      ba 00 04 00 00          mov    $0x400,%edx
  908e9:      e8 62 70 53 00          callq  5c7950 <__isinff@plt+0x547c50>
  908ee:      80 3c 24 00            cmpb  $0x0,(%rsp)
  908f2:      0f 85 e8 00 00 00      jne    909e0 <__isinff@plt+0x10ce0>
  908f8:      c7 85 c0 03 00 00 00    movl  $0x0,0x3c0(%rbp)
  908ff:      00 00 00
  90902:      e8 89 6e 53 00          callq  5c7790 <__isinff@plt+0x547a90>
  90907:      48 8d bd a0 01 00 00    lea    0x1a0(%rbp),%rdi
  9090e:      31 f6                  xor    %esi,%esi
  90910:      ba 00 01 00 00          mov    $0x100,%edx
  90915:      89 85 90 04 00 00      mov    %eax,0x490(%rbp)
  9091b:      c7 85 a0 04 00 00 00    movl  $0x0,0x4a0(%rbp)
  90922:      00 00 00
  90925:      48 c7 85 98 04 00 00    movq  $0x0,0x498(%rbp)
  9092c:      00 00 00 00
  90930:      c7 85 b0 03 00 00 00    movl  $0x0,0x3b0(%rbp)
  90937:      00 00 00
  9093a:      c7 85 a0 02 00 00 00    movl  $0x0,0x2a0(%rbp)
  90941:      00 00 00
  90944:      c7 85 94 01 00 00 00    movl  $0x0,0x194(%rbp)
  9094b:      00 00 00
  9094e:      e8 3d f0 fe ff          callq  7f990 <memset@plt>
  90953:      48 8d bd c0 04 00 00    lea    0x4c0(%rbp),%rdi
  9095a:      e8 b1 c4 00 00          callq  9ce10 <__isinff@plt+0x1d110>
  9095f:      e8 cc 1e 07 00          callq  102830 <__isinff@plt+0x82b30>
  90964:      85 c0                  test  %eax,%eax
  90966:      89 c3                  mov    %eax,%ebx
  90968:      0f 84 9a 00 00 00      je    90a08 <__isinff@plt+0x10d08>
  9096e:      48 8b bd b8 03 00 00    mov    0x3b8(%rbp),%rdi
  90975:      48 85 ff                test  %rdi,%rdi
  90978:      74 10                  je    9098a <__isinff@plt+0x10c8a>
  9097a:      e8 d1 a8 00 00          callq  9b250 <__isinff@plt+0x1b550>
  9097f:      48 c7 85 b8 03 00 00    movq  $0x0,0x3b8(%rbp)
  90986:      00 00 00 00
  9098a:      85 db                  test  %ebx,%ebx
  9098c:      75 72                  jne    90a00 <__isinff@plt+0x10d00>
  9098e:      c7 85 88 01 00 00 23    movl  $0xabc123,0x188(%rbp)
  90995:      c1 ab 00
  90998:      c7 85 94 04 00 00 00    movl  $0x0,0x494(%rbp)
  9099f:      00 00 00
  909a2:      e8 79 b4 05 00          callq  ebe20 <__isinff@plt+0x6c120>
  909a7:      e8 24 b3 05 00          callq  ebcd0 <__isinff@plt+0x6bfd0>
  909ac:      84 c0                  test  %al,%al
  909ae:      0f 85 ac 00 00 00      jne    90a60 <__isinff@plt+0x10d60>
  909b4:      e8 b7 20 07 00          callq  102a70 <__isinff@plt+0x82d70>
  909b9:      31 db                  xor    %ebx,%ebx
  909bb:      e8 10 b3 05 00          callq  ebcd0 <__isinff@plt+0x6bfd0>
  909c0:      84 c0                  test  %al,%al
  909c2:      0f 85 7f 00 00 00      jne    90a47 <__isinff@plt+0x10d47>
  909c8:      48 8d 7d 08            lea    0x8(%rbp),%rdi
  909cc:      e8 df 6d 53 00          callq  5c77b0 <__isinff@plt+0x547ab0>
  909d1:      48 81 c4 00 08 00 00    add    $0x800,%rsp
  909d8:      89 d8                  mov    %ebx,%eax
  909da:      5b                      pop    %rbx
  909db:      5d                      pop    %rbp
  909dc:      41 5c                  pop    %r12
  909de:      c3                      retq 
  909df:      90                      nop
  909e0:      80 bc 24 00 04 00 00    cmpb  $0x0,0x400(%rsp)
  909e7:      00
  909e8:      0f 84 0a ff ff ff      je    908f8 <__isinff@plt+0x10bf8>
  909ee:      c7 85 c0 03 00 00 01    movl  $0x1,0x3c0(%rbp)
  909f5:      00 00 00
  909f8:      e9 05 ff ff ff          jmpq  90902 <__isinff@plt+0x10c02>
  909fd:      66 66 90                xchg  %ax,%ax
  90a00:      89 9d 88 01 00 00      mov    %ebx,0x188(%rbp)
  90a06:      eb c0                  jmp    909c8 <__isinff@plt+0x10cc8>
  90a08:      48 8b 3d 19 e5 77 00    mov    0x77e519(%rip),%rdi        # 80ef28 <__isinff@plt+0x78f228>
  90a0f:      b3 02                  mov    $0x2,%bl
  90a11:      e8 6a 6e 53 00          callq  5c7880 <__isinff@plt+0x547b80>
  90a16:      85 c0                  test  %eax,%eax
  90a18:      89 45 00                mov    %eax,0x0(%rbp)
  90a1b:      0f 84 4d ff ff ff      je    9096e <__isinff@plt+0x10c6e>
  90a21:      be 01 00 00 00          mov    $0x1,%esi
  90a26:      4c 89 e7                mov    %r12,%rdi
  90a29:      e8 a2 66 53 00          callq  5c70d0 <__isinff@plt+0x5473d0>
  90a2e:      f6 84 24 0a 04 00 00    testb  $0x8,0x40a(%rsp)
  90a35:      08
  90a36:      75 3b                  jne    90a73 <__isinff@plt+0x10d73>
  90a38:      e8 23 bc 01 00          callq  ac660 <__isinff@plt+0x2c960>
  90a3d:      e8 ce b5 05 00          callq  ec010 <__isinff@plt+0x6c310>
  90a42:      e9 47 ff ff ff          jmpq  9098e <__isinff@plt+0x10c8e>
  90a47:      48 8b 3d 0a cd 77 00    mov    0x77cd0a(%rip),%rdi        # 80d758 <__isinff@plt+0x78da58>
  90a4e:      31 f6                  xor    %esi,%esi
  90a50:      e8 8b b2 05 00          callq  ebce0 <__isinff@plt+0x6bfe0>
  90a55:      e9 6e ff ff ff          jmpq  909c8 <__isinff@plt+0x10cc8>
  90a5a:      66 66 90                xchg  %ax,%ax
  90a5d:      66 66 90                xchg  %ax,%ax
  90a60:      48 8b 3d b1 dd 77 00    mov    0x77ddb1(%rip),%rdi        # 80e818 <__isinff@plt+0x78eb18>
  90a67:      31 f6                  xor    %esi,%esi
  90a69:      e8 72 b2 05 00          callq  ebce0 <__isinff@plt+0x6bfe0>
  90a6e:      e9 41 ff ff ff          jmpq  909b4 <__isinff@plt+0x10cb4>
  90a73:      83 8d a4 04 00 00 01    orl    $0x1,0x4a4(%rbp)
  90a7a:      eb bc                  jmp    90a38 <__isinff@plt+0x10d38>
  90a7c:      66 66 66 90            xchg  %ax,%ax
  90a80:      53                      push  %rbx
  90a81:      48 8b 1d e0 db 77 00    mov    0x77dbe0(%rip),%rbx        # 80e668 <__isinff@plt+0x78e968>
  90a88:      8b 3b                  mov    (%rbx),%edi
  90a8a:      85 ff                  test  %edi,%edi
  90a8c:      75 12                  jne    90aa0 <__isinff@plt+0x10da0>
  90a8e:      c7 83 88 01 00 00 00    movl  $0x321cba00,0x188(%rbx)
  90a95:      ba 1c 32
  90a98:      5b                      pop    %rbx
  90a99:      c3                      retq
</code>
|-
|-
|0x10a6a0
| 0x59
|0x18c
| 0x10
|cuCtxSynchronize
|
|
|-
|0x10a830
|0x253
|cuInit
|<code>
  10a830:      48 89 5c 24 e0          mov    %rbx,-0x20(%rsp)
  10a835:      48 89 6c 24 e8          mov    %rbp,-0x18(%rsp)
  10a83a:      89 fd                  mov    %edi,%ebp
  10a83c:      4c 89 64 24 f0          mov    %r12,-0x10(%rsp)
  10a841:      4c 89 6c 24 f8          mov    %r13,-0x8(%rsp)
  10a846:      48 81 ec 88 00 00 00    sub    $0x88,%rsp
  10a84d:      48 c7 44 24 48 00 00    movq  $0x0,0x48(%rsp)
  10a854:      00 00
  10a856:      e8 75 14 fe ff          callq  ebcd0 <__isinff@plt+0x6bfd0>
  10a85b:      84 c0                  test  %al,%al
  10a85d:      89 c3                  mov    %eax,%ebx
  10a85f:      0f 85 52 01 00 00      jne    10a9b7 <__isinff@plt+0x8acb7>
  10a865:      45 31 ed                xor    %r13d,%r13d
  10a868:      44 8b 0d a5 5f 70 00    mov    0x705fa5(%rip),%r9d        # 810814 <__isinff@plt+0x790b14>
  10a86f:      45 85 c9                test  %r9d,%r9d
  10a872:      0f 84 08 01 00 00      je    10a980 <__isinff@plt+0x8ac80>
// first-time initialization sequence returns to here
  10a878:      89 ef                  mov    %ebp,%edi
  10a87a:      e8 e1 6b f7 ff          callq  81460 <__isinff@plt+0x1760>
  10a87f:      44 8b 15 8e 5f 70 00    mov    0x705f8e(%rip),%r10d        # 810814 <__isinff@plt+0x790b14>
  10a886:      41 89 c4                mov    %eax,%r12d
  10a889:      45 85 d2                test  %r10d,%r10d
  10a88c:      0f 84 b4 00 00 00      je    10a946 <__isinff@plt+0x8ac46>
  10a892:      84 db                  test  %bl,%bl
  10a894:      0f 95 c3                setne  %bl
  10a897:      44 84 eb                test  %r13b,%bl
  10a89a:      75 24                  jne    10a8c0 <__isinff@plt+0x8abc0>
  10a89c:      44 89 e0                mov    %r12d,%eax
  10a89f:      48 8b 5c 24 68          mov    0x68(%rsp),%rbx
  10a8a4:      48 8b 6c 24 70          mov    0x70(%rsp),%rbp
  10a8a9:      4c 8b 64 24 78          mov    0x78(%rsp),%r12
  10a8ae:      4c 8b ac 24 80 00 00    mov    0x80(%rsp),%r13
  10a8b5:      00
  10a8b6:      48 81 c4 88 00 00 00    add    $0x88,%rsp
  10a8bd:      c3                      retq 
  10a8be:      66 90                  xchg  %ax,%ax
  10a8c0:      fc                      cld   
  10a8c1:      31 c0                  xor    %eax,%eax
  10a8c3:      b9 08 00 00 00          mov    $0x8,%ecx
  10a8c8:      48 89 e7                mov    %rsp,%rdi
  10a8cb:      f3 48 ab                rep stos %rax,%es:(%rdi)
  10a8ce:      4c 8b 2d 93 3d 70 00    mov    0x703d93(%rip),%r13        # 80e668 <__isinff@plt+0x78e968>
  10a8d5:      89 6c 24 50            mov    %ebp,0x50(%rsp)
  10a8d9:      48 8d 6c 24 50          lea    0x50(%rsp),%rbp
  10a8de:      41 8b 7d 00            mov    0x0(%r13),%edi
  10a8e2:      e8 79 cf 4b 00          callq  5c7860 <__isinff@plt+0x547b60>
  10a8e7:      4c 8d 1d 75 0a 4d 00    lea    0x4d0a75(%rip),%r11        # 5db363 <__isinff@plt+0x55b663>
  10a8ee:      48 89 c2                mov    %rax,%rdx
  10a8f1:      48 89 04 24            mov    %rax,(%rsp)
  10a8f5:      31 c0                  xor    %eax,%eax
  10a8f7:      48 85 d2                test  %rdx,%rdx
  10a8fa:      48 c7 44 24 08 00 00    movq  $0x0,0x8(%rsp)
  10a901:      00 00
  10a903:      c7 44 24 10 01 00 00    movl  $0x1,0x10(%rsp)
  10a90a:      00
  10a90b:      4c 89 5c 24 18          mov    %r11,0x18(%rsp)
  10a910:      48 89 6c 24 20          mov    %rbp,0x20(%rsp)
  10a915:      74 07                  je    10a91e <__isinff@plt+0x8ac1e>
  10a917:      48 8b 82 f0 03 00 00    mov    0x3f0(%rdx),%rax
  10a91e:      48 8b 74 24 48          mov    0x48(%rsp),%rsi
  10a923:      48 8b 3d 16 43 70 00    mov    0x704316(%rip),%rdi        # 80ec40 <__isinff@plt+0x78ef40>
  10a92a:      48 89 44 24 28          mov    %rax,0x28(%rsp)
  10a92f:      44 89 64 24 38          mov    %r12d,0x38(%rsp)
  10a934:      48 89 74 24 30          mov    %rsi,0x30(%rsp)
  10a939:      48 89 e6                mov    %rsp,%rsi
  10a93c:      e8 9f 13 fe ff          callq  ebce0 <__isinff@plt+0x6bfe0>
  10a941:      e9 56 ff ff ff          jmpq  10a89c <__isinff@plt+0x8ab9c>
  10a946:      48 8d 3d 8d 00 4d 00    lea    0x4d008d(%rip),%rdi        # 5da9da <__isinff@plt+0x55acda>
  10a94d:      e8 0e 4b f7 ff          callq  7f460 <getenv@plt>
  10a952:      48 85 c0                test  %rax,%rax
  10a955:      74 17                  je    10a96e <__isinff@plt+0x8ac6e>
  10a957:      31 c9                  xor    %ecx,%ecx
  10a959:      ba 0a 00 00 00          mov    $0xa,%edx
  10a95e:      31 f6                  xor    %esi,%esi
  10a960:      48 89 c7                mov    %rax,%rdi
  10a963:      e8 c8 4f f7 ff          callq  7f930 <__strtol_internal@plt>
  10a968:      89 05 aa 5e 70 00      mov    %eax,0x705eaa(%rip)        # 810818 <__isinff@plt+0x790b18>
  10a96e:      c7 05 9c 5e 70 00 01    movl  $0x1,0x705e9c(%rip)        # 810814 <__isinff@plt+0x790b14>
  10a975:      00 00 00
  10a978:      e9 15 ff ff ff          jmpq  10a892 <__isinff@plt+0x8ab92>
  10a97d:      66 66 90                xchg  %ax,%ax
// first-time initialization sequence.
  10a980:      48 8d 3d 53 00 4d 00    lea    0x4d0053(%rip),%rdi        # 5da9da <__isinff@plt+0x55acda> "CUDA_API_TRACE_PTR"
  10a987:      e8 d4 4a f7 ff          callq  7f460 <getenv@plt>
  10a98c:      48 85 c0                test  %rax,%rax
  10a98f:      74 17                  je    10a9a8 <__isinff@plt+0x8aca8>
// we go to 10a9a8 if CUDA_API_TRACE_PTR is unset
  10a991:      31 c9                  xor    %ecx,%ecx
  10a993:      ba 0a 00 00 00          mov    $0xa,%edx
  10a998:      31 f6                  xor    %esi,%esi
  10a99a:      48 89 c7                mov    %rax,%rdi
  10a99d:      e8 8e 4f f7 ff          callq  7f930 <__strtol_internal@plt>
  10a9a2:      89 05 70 5e 70 00      mov    %eax,0x705e70(%rip)        # 810818 <__isinff@plt+0x790b18>
// set cudaInitialized to 1
  10a9a8:      c7 05 62 5e 70 00 01    movl  $0x1,0x705e62(%rip)        # 810814 <__isinff@plt+0x790b14>
  10a9af:      00 00 00
  10a9b2:      e9 c1 fe ff ff          jmpq  10a878 <__isinff@plt+0x8ab78>
  10a9b7:      31 ff                  xor    %edi,%edi
  10a9b9:      e8 12 5c f8 ff          callq  905d0 <__isinff@plt+0x108d0>
  10a9be:      85 c0                  test  %eax,%eax
  10a9c0:      0f 85 9f fe ff ff      jne    10a865 <__isinff@plt+0x8ab65>
  10a9c6:      fc                      cld   
  10a9c7:      31 c0                  xor    %eax,%eax
  10a9c9:      b9 07 00 00 00          mov    $0x7,%ecx
  10a9ce:      48 89 e7                mov    %rsp,%rdi
  10a9d1:      f3 48 ab                rep stos %rax,%es:(%rdi)
  10a9d4:      48 8b 05 8d 3c 70 00    mov    0x703c8d(%rip),%rax        # 80e668 <__isinff@plt+0x78e968>
  10a9db:      89 6c 24 50            mov    %ebp,0x50(%rsp)
  10a9df:      8b 38                  mov    (%rax),%edi
  10a9e1:      e8 7a ce 4b 00          callq  5c7860 <__isinff@plt+0x547b60>
  10a9e6:      48 85 c0                test  %rax,%rax
  10a9e9:      48 89 04 24            mov    %rax,(%rsp)
  10a9ed:      74 69                  je    10aa58 <__isinff@plt+0x8ad58>
  10a9ef:      48 ff 80 f0 03 00 00    incq  0x3f0(%rax)
  10a9f6:      48 8d 54 24 50          lea    0x50(%rsp),%rdx
  10a9fb:      48 8d 35 61 09 4d 00    lea    0x4d0961(%rip),%rsi        # 5db363 <__isinff@plt+0x55b663>
  10aa02:      48 8b 04 24            mov    (%rsp),%rax
  10aa06:      48 c7 44 24 08 00 00    movq  $0x0,0x8(%rsp)
  10aa0d:      00 00
  10aa0f:      48 89 54 24 20          mov    %rdx,0x20(%rsp)
  10aa14:      31 d2                  xor    %edx,%edx
  10aa16:      c7 44 24 10 01 00 00    movl  $0x1,0x10(%rsp)
  10aa1d:      00
  10aa1e:      48 89 74 24 18          mov    %rsi,0x18(%rsp)
  10aa23:      48 85 c0                test  %rax,%rax
  10aa26:      74 07                  je    10aa2f <__isinff@plt+0x8ad2f>
  10aa28:      48 8b 90 f0 03 00 00    mov    0x3f0(%rax),%rdx
  10aa2f:      48 8b 3d ea 35 70 00    mov    0x7035ea(%rip),%rdi        # 80e020 <__isinff@plt+0x78e320>
  10aa36:      4c 8d 44 24 48          lea    0x48(%rsp),%r8
  10aa3b:      48 89 e6                mov    %rsp,%rsi
  10aa3e:      41 bd 01 00 00 00      mov    $0x1,%r13d
  10aa44:      48 89 54 24 28          mov    %rdx,0x28(%rsp)
  10aa49:      4c 89 44 24 30          mov    %r8,0x30(%rsp)
  10aa4e:      e8 8d 12 fe ff          callq  ebce0 <__isinff@plt+0x6bfe0>
  10aa53:      e9 10 fe ff ff          jmpq  10a868 <__isinff@plt+0x8ab68>
  10aa58:      4c 8d 05 04 09 4d 00    lea    0x4d0904(%rip),%r8        # 5db363 <__isinff@plt+0x55b663>
  10aa5f:      4c 8d 64 24 50          lea    0x50(%rsp),%r12
  10aa64:      31 d2                  xor    %edx,%edx
  10aa66:      48 c7 44 24 08 00 00    movq  $0x0,0x8(%rsp)
  10aa6d:      00 00
  10aa6f:      c7 44 24 10 01 00 00    movl  $0x1,0x10(%rsp)
  10aa76:      00
  10aa77:      4c 89 44 24 18          mov    %r8,0x18(%rsp)
  10aa7c:      4c 89 64 24 20          mov    %r12,0x20(%rsp)
  10aa81:      eb ac                  jmp    10aa2f <__isinff@plt+0x8ad2f>
  10aa83:      66 66 66 90            xchg  %ax,%ax
  10aa87:      66 66 90                xchg  %ax,%ax
  10aa8a:      66 66 90                xchg  %ax,%ax
  10aa8d:      66 66 90                xchg  %ax,%ax</code>
|-
|0x10aa90
|0x272
|cuGetExportTable
|
|
|-
|0x10ad10
|0x286
|cuGraphicsUnmapResources
|
|
|-
|-
|0x10afa0
! colspan="5" style="background:#ffdead;" | /dev/nvidiaX
|0x286
|cuGraphicsMapResources
|
|-
|-
|0x10b230
| 0x32
|0x272
| 0x014
|cuGraphicsResourceSetMapFlags
| stack
| cuInit
|
|
* Performed several times in succession
|-
|-
|0x10b4b0
| 0x37
|0x28e
| 0x020
|cuGraphicsResourceGetMappedPointer
| stack
| cuInit
|
|
* Follows burst of 3x 0x32's, then interwoven with bursts of 2a's
|-
|-
|0x10b740
|}
|0x2b2
==GPU methods==
|cuGraphicsSubResourceGetMappedArray
{| border="1" class="sortable"
|
! Code
|-
! Param size
|0x10ba00
! Notes
|0x24d
|cuGraphicsUnregisterResource
|
|-
|0x10bc50
|0x245
|cuStreamDestroy
|
|-
|0x10bea0
|0x245
|cuStreamSynchronize
|
|-
|0x10c0f0
|0x245
|cuStreamQuery
|
|-
|0x10c340
|0x272
|cuStreamCreate
|
|-
|0x10c5c0
|0x28e
|cuEventElapsedTime
|
|-
|0x10c850
|0x24d
|cuEventDestroy
|
|-
|0x10caa0
|0x24d
|cuEventSynchronize
|
|-
|0x10ccf0
|0x24d
|cuEventQuery
|
|-
|0x10cf40
|0x261
|cuEventRecord
|
|-
|0x10d1b0
|0x272
|cuEventCreate
|
|-
|0x10d430
|0x2aa
|cuLaunchGridAsync
|
|-
|0x10d6e0
|0x28e
|cuLaunchGrid
|
|-
|0x10d970
|0x24d
|cuLaunch
|
|-
|0x10dbc0
|0x28e
|cuParamSetTexRef
|
|-
|0x10de50
|0x2b9
|cuParamSetv
|
|-
|0x10e110
|0x2b5
|cuParamSetf
|
|-
|0x10e3d0
|0x28e
|cuParamSeti
|
|-
|0x10e660
|0x272
|cuParamSetSize
|
|-
|0x10e8e0
|0x272
|cuTexRefGetFlags
|
|-
|0x10eb60
|0x28e
|cuTexRefGetFormat
|
|-
|0x10edf0
|0x272
|cuTexRefGetFilterMode
|
|-
|0x10f070
|0x28e
|cuTexRefGetAddressMode
|
|-
|0x10f300
|0x272
|cuTexRefGetArray
|
|-
|0x10f580
|0x272
|cuTexRefGetAddress
|
|-
|0x10f800
|0x272
|cuTexRefSetFlags
|
|-
|0x10fa80
|0x272
|cuTexRefSetFilterMode
|
|-
|0x10fd00
|0x28e
|cuTexRefSetAddressMode
|
|-
|0x10ff90
|0x28e
|cuTexRefSetFormat
|
|-
|0x11a0d0
|0x28e
|cuCtxCreate
|
|-
|0x11a360
|0x28e
|cuDeviceGetAttribute
|
|-
|0x11a5f0
|0x272
|cuDeviceGetProperties
|
|-
|0x11a870
|0x272
|cuDeviceTotalMem
|
|-
|0x11aaf0
|0x28e
|cuDeviceComputeCapability
|
|-
|0x11ad80
|0x28e
|cuDeviceGetName
|
|-
|0x11b010
|0x24d
|cuDeviceGetCount
|<code>
  11b010:      48 89 5c 24 e0          mov    %rbx,-0x20(%rsp)
  11b015:      48 89 6c 24 e8          mov    %rbp,-0x18(%rsp)
  11b01a:      48 89 fd                mov    %rdi,%rbp
  11b01d:      4c 89 64 24 f0          mov    %r12,-0x10(%rsp)
  11b022:      4c 89 6c 24 f8          mov    %r13,-0x8(%rsp)
  11b027:      48 83 ec 78            sub    $0x78,%rsp
  11b02b:      48 c7 44 24 48 00 00    movq  $0x0,0x48(%rsp)
  11b032:      00 00
  11b034:      e8 97 0c fd ff          callq  ebcd0 <__isinff@plt+0x6bfd0>
  11b039:      84 c0                  test  %al,%al
  11b03b:      89 c3                  mov    %eax,%ebx
  11b03d:      0f 85 4d 01 00 00      jne    11b190 <__isinff@plt+0x9b490>
  11b043:      45 31 ed                xor    %r13d,%r13d
  11b046:      44 8b 0d c7 57 6f 00    mov    0x6f57c7(%rip),%r9d        # 810814 <__isinff@plt+0x790b14>
  11b04d:      45 85 c9                test  %r9d,%r9d
  11b050:      0f 84 01 01 00 00      je    11b157 <__isinff@plt+0x9b457>
  11b056:      48 89 ef                mov    %rbp,%rdi
 
// Perform the basic driver-initialization checks
 
  11b059:      e8 42 5b f6 ff          callq  80ba0 <__isinff@plt+0xea0>
  11b05e:      44 8b 15 af 57 6f 00    mov    0x6f57af(%rip),%r10d        # 810814 <__isinff@plt+0x790b14>
  11b065:      41 89 c4                mov    %eax,%r12d
  11b068:      45 85 d2                test  %r10d,%r10d
  11b06b:      0f 84 af 00 00 00      je    11b120 <__isinff@plt+0x9b420>
  11b071:      84 db                  test  %bl,%bl
  11b073:      0f 95 c3                setne  %bl
  11b076:      44 84 eb                test  %r13b,%bl
  11b079:      75 1c                  jne    11b097 <__isinff@plt+0x9b397>
  11b07b:      44 89 e0                mov    %r12d,%eax
  11b07e:      48 8b 5c 24 58          mov    0x58(%rsp),%rbx
  11b083:      48 8b 6c 24 60          mov    0x60(%rsp),%rbp
  11b088:      4c 8b 64 24 68          mov    0x68(%rsp),%r12
  11b08d:      4c 8b 6c 24 70          mov    0x70(%rsp),%r13
  11b092:      48 83 c4 78            add    $0x78,%rsp
  11b096:      c3                      retq
 
// handle weird case
 
  11b097:      fc                      cld   
  11b098:      31 c0                  xor    %eax,%eax
  11b09a:      b9 08 00 00 00          mov    $0x8,%ecx
  11b09f:      48 89 e7                mov    %rsp,%rdi
  11b0a2:      f3 48 ab                rep stos %rax,%es:(%rdi)
  11b0a5:      4c 8b 2d bc 35 6f 00    mov    0x6f35bc(%rip),%r13        # 80e668 <__isinff@plt+0x78e968>
  11b0ac:      48 89 6c 24 40          mov    %rbp,0x40(%rsp)
  11b0b1:      48 8d 6c 24 40          lea    0x40(%rsp),%rbp
  11b0b6:      41 8b 7d 00            mov    0x0(%r13),%edi
  11b0ba:      e8 a1 c7 4a 00          callq  5c7860 <__isinff@plt+0x547b60>
  11b0bf:      4c 8d 1d 6a 02 4c 00    lea    0x4c026a(%rip),%r11        # 5db330 <__isinff@plt+0x55b630>
  11b0c6:      48 89 c2                mov    %rax,%rdx
  11b0c9:      48 89 04 24            mov    %rax,(%rsp)
  11b0cd:      31 c0                  xor    %eax,%eax
  11b0cf:      48 85 d2                test  %rdx,%rdx
  11b0d2:      48 c7 44 24 08 00 00    movq  $0x0,0x8(%rsp)
  11b0d9:      00 00
  11b0db:      c7 44 24 10 04 00 00    movl  $0x4,0x10(%rsp)
  11b0e2:      00
  11b0e3:      4c 89 5c 24 18          mov    %r11,0x18(%rsp)
  11b0e8:      48 89 6c 24 20          mov    %rbp,0x20(%rsp)
  11b0ed:      74 07                  je    11b0f6 <__isinff@plt+0x9b3f6>
  11b0ef:      48 8b 82 f0 03 00 00    mov    0x3f0(%rdx),%rax
  11b0f6:      48 8b 74 24 48          mov    0x48(%rsp),%rsi
  11b0fb:      48 8b 3d 3e 3b 6f 00    mov    0x6f3b3e(%rip),%rdi        # 80ec40 <__isinff@plt+0x78ef40>
  11b102:      48 89 44 24 28          mov    %rax,0x28(%rsp)
  11b107:      44 89 64 24 38          mov    %r12d,0x38(%rsp)
  11b10c:      48 89 74 24 30          mov    %rsi,0x30(%rsp)
  11b111:      48 89 e6                mov    %rsp,%rsi
  11b114:      e8 c7 0b fd ff          callq  ebce0 <__isinff@plt+0x6bfe0>
  11b119:      e9 5d ff ff ff          jmpq  11b07b <__isinff@plt+0x9b37b>
  11b11e:      66 90                  xchg  %ax,%ax
 
// Handler for no-context case
 
  11b120:      48 8d 3d b3 f8 4b 00    lea    0x4bf8b3(%rip),%rdi        # 5da9da <__isinff@plt+0x55acda>
  11b127:      e8 34 43 f6 ff          callq  7f460 <getenv@plt>
  11b12c:      48 85 c0                test  %rax,%rax
  11b12f:      74 17                  je    11b148 <__isinff@plt+0x9b448>
  11b131:      31 c9                  xor    %ecx,%ecx
  11b133:      ba 0a 00 00 00          mov    $0xa,%edx
  11b138:      31 f6                  xor    %esi,%esi
  11b13a:      48 89 c7                mov    %rax,%rdi
  11b13d:      e8 ee 47 f6 ff          callq  7f930 <__strtol_internal@plt>
  11b142:      89 05 d0 56 6f 00      mov    %eax,0x6f56d0(%rip)        # 810818 <__isinff@plt+0x790b18>
  11b148:      c7 05 c2 56 6f 00 01    movl  $0x1,0x6f56c2(%rip)        # 810814 <__isinff@plt+0x790b14>
  11b14f:      00 00 00
  11b152:      e9 1a ff ff ff          jmpq  11b071 <__isinff@plt+0x9b371>
  11b157:      48 8d 3d 7c f8 4b 00    lea    0x4bf87c(%rip),%rdi        # 5da9da <__isinff@plt+0x55acda>
  11b15e:      e8 fd 42 f6 ff          callq  7f460 <getenv@plt>
  11b163:      48 85 c0                test  %rax,%rax
  11b166:      74 17                  je    11b17f <__isinff@plt+0x9b47f>
  11b168:      31 c9                  xor    %ecx,%ecx
  11b16a:      ba 0a 00 00 00          mov    $0xa,%edx
  11b16f:      31 f6                  xor    %esi,%esi
  11b171:      48 89 c7                mov    %rax,%rdi
  11b174:      e8 b7 47 f6 ff          callq  7f930 <__strtol_internal@plt>
  11b179:      89 05 99 56 6f 00      mov    %eax,0x6f5699(%rip)        # 810818 <__isinff@plt+0x790b18>
  11b17f:      c7 05 8b 56 6f 00 01    movl  $0x1,0x6f568b(%rip)        # 810814 <__isinff@plt+0x790b14>
  11b186:      00 00 00
  11b189:      e9 c8 fe ff ff          jmpq  11b056 <__isinff@plt+0x9b356>
  11b18e:      66 90                  xchg  %ax,%ax
  11b190:      31 ff                  xor    %edi,%edi
  11b192:      e8 39 54 f7 ff          callq  905d0 <__isinff@plt+0x108d0>
  11b197:      85 c0                  test  %eax,%eax
  11b199:      0f 85 a4 fe ff ff      jne    11b043 <__isinff@plt+0x9b343>
  11b19f:      fc                      cld   
  11b1a0:      31 c0                  xor    %eax,%eax
  11b1a2:      b9 07 00 00 00          mov    $0x7,%ecx
  11b1a7:      48 89 e7                mov    %rsp,%rdi
  11b1aa:      f3 48 ab                rep stos %rax,%es:(%rdi)
  11b1ad:      48 8b 05 b4 34 6f 00    mov    0x6f34b4(%rip),%rax        # 80e668 <__isinff@plt+0x78e968>
  11b1b4:      48 89 6c 24 40          mov    %rbp,0x40(%rsp)
  11b1b9:      8b 38                  mov    (%rax),%edi
  11b1bb:      e8 a0 c6 4a 00          callq  5c7860 <__isinff@plt+0x547b60>
  11b1c0:      48 85 c0                test  %rax,%rax
  11b1c3:      48 89 04 24            mov    %rax,(%rsp)
  11b1c7:      74 69                  je    11b232 <__isinff@plt+0x9b532>
  11b1c9:      48 ff 80 f0 03 00 00    incq  0x3f0(%rax)
  11b1d0:      48 8d 54 24 40          lea    0x40(%rsp),%rdx
  11b1d5:      48 8d 35 54 01 4c 00    lea    0x4c0154(%rip),%rsi        # 5db330 <__isinff@plt+0x55b630>
  11b1dc:      48 8b 04 24            mov    (%rsp),%rax
  11b1e0:      48 c7 44 24 08 00 00    movq  $0x0,0x8(%rsp)
  11b1e7:      00 00
  11b1e9:      48 89 54 24 20          mov    %rdx,0x20(%rsp)
  11b1ee:      31 d2                  xor    %edx,%edx
  11b1f0:      c7 44 24 10 04 00 00    movl  $0x4,0x10(%rsp)
  11b1f7:      00
  11b1f8:      48 89 74 24 18          mov    %rsi,0x18(%rsp)
  11b1fd:      48 85 c0                test  %rax,%rax
  11b200:      74 07                  je    11b209 <__isinff@plt+0x9b509>
  11b202:      48 8b 90 f0 03 00 00    mov    0x3f0(%rax),%rdx
  11b209:      48 8b 3d 10 2e 6f 00    mov    0x6f2e10(%rip),%rdi        # 80e020 <__isinff@plt+0x78e320>
  11b210:      4c 8d 44 24 48          lea    0x48(%rsp),%r8
  11b215:      48 89 e6                mov    %rsp,%rsi
  11b218:      41 bd 01 00 00 00      mov    $0x1,%r13d
  11b21e:      48 89 54 24 28          mov    %rdx,0x28(%rsp)
  11b223:      4c 89 44 24 30          mov    %r8,0x30(%rsp)
  11b228:      e8 b3 0a fd ff          callq  ebce0 <__isinff@plt+0x6bfe0>
  11b22d:      e9 14 fe ff ff          jmpq  11b046 <__isinff@plt+0x9b346>
  11b232:      4c 8d 05 f7 00 4c 00    lea    0x4c00f7(%rip),%r8        # 5db330 <__isinff@plt+0x55b630>
  11b239:      4c 8d 64 24 40          lea    0x40(%rsp),%r12
  11b23e:      31 d2                  xor    %edx,%edx
  11b240:      48 c7 44 24 08 00 00    movq  $0x0,0x8(%rsp)
  11b247:      00 00
  11b249:      c7 44 24 10 04 00 00    movl  $0x4,0x10(%rsp)
  11b250:      00
  11b251:      4c 89 44 24 18          mov    %r8,0x18(%rsp)
  11b256:      4c 89 64 24 20          mov    %r12,0x20(%rsp)
  11b25b:      eb ac                  jmp    11b209 <__isinff@plt+0x9b509>
  11b25d:      66 66 90                xchg  %ax,%ax
  11b260:      48 89 5c 24 d8          mov    %rbx,-0x28(%rsp)
  11b265:      48 89 6c 24 e0          mov    %rbp,-0x20(%rsp)
  11b26a:      48 89 fd                mov    %rdi,%rbp
  11b26d:      4c 89 64 24 e8          mov    %r12,-0x18(%rsp)
  11b272:      4c 89 6c 24 f0          mov    %r13,-0x10(%rsp)
  11b277:      41 89 f4                mov    %esi,%r12d
  11b27a:      4c 89 74 24 f8          mov    %r14,-0x8(%rsp)
  11b27f:      48 81 ec 88 00 00 00    sub    $0x88,%rsp
  11b286:      48 c7 44 24 58 00 00    movq  $0x0,0x58(%rsp)
  11b28d:      00 00
  11b28f:      e8 3c 0a fd ff          callq  ebcd0 <__isinff@plt+0x6bfd0>
  11b294:      84 c0                  test  %al,%al
  11b296:      89 c3                  mov    %eax,%ebx
  11b298:      0f 85 62 01 00 00      jne    11b400 <__isinff@plt+0x9b700>
  11b29e:      45 31 f6                xor    %r14d,%r14d
  11b2a1:      44 8b 0d 6c 55 6f 00    mov    0x6f556c(%rip),%r9d        # 810814 <__isinff@plt+0x790b14>
  11b2a8:      45 85 c9                test  %r9d,%r9d
  11b2ab:      0f 84 16 01 00 00      je    11b3c7 <__isinff@plt+0x9b6c7>
  11b2b1:      44 89 e6                mov    %r12d,%esi
  11b2b4:      48 89 ef                mov    %rbp,%rdi
  11b2b7:      e8 34 5b f6 ff          callq  80df0 <__isinff@plt+0x10f0>
  11b2bc:      44 8b 15 51 55 6f 00    mov    0x6f5551(%rip),%r10d        # 810814 <__isinff@plt+0x790b14>
  11b2c3:      41 89 c5                mov    %eax,%r13d
  11b2c6:      45 85 d2                test  %r10d,%r10d
  11b2c9:      0f 84 c1 00 00 00      je    11b390 <__isinff@plt+0x9b690>
  11b2cf:      84 db                  test  %bl,%bl
  11b2d1:      0f 95 c3                setne  %bl
  11b2d4:      41 84 de                test  %bl,%r14b
  11b2d7:      75 27                  jne    11b300 <__isinff@plt+0x9b600>
  11b2d9:      44 89 e8                mov    %r13d,%eax
  11b2dc:      48 8b 5c 24 60          mov    0x60(%rsp),%rbx
  11b2e1:      48 8b 6c 24 68          mov    0x68(%rsp),%rbp
  11b2e6:      4c 8b 64 24 70          mov    0x70(%rsp),%r12
  11b2eb:      4c 8b 6c 24 78          mov    0x78(%rsp),%r13
  11b2f0:      4c 8b b4 24 80 00 00    mov    0x80(%rsp),%r14
  11b2f7:      00
  11b2f8:      48 81 c4 88 00 00 00    add    $0x88,%rsp
  11b2ff:      c3                      retq 
  11b300:      fc                      cld   
  11b301:      31 c0                  xor    %eax,%eax
  11b303:      b9 08 00 00 00          mov    $0x8,%ecx
  11b308:      48 89 e7                mov    %rsp,%rdi
  11b228:      e8 b3 0a fd ff          callq  ebce0 <__isinff@plt+0x6bfe0>
  11b22d:      e9 14 fe ff ff          jmpq  11b046 <__isinff@plt+0x9b346>
  11b232:      4c 8d 05 f7 00 4c 00    lea    0x4c00f7(%rip),%r8        # 5db330 <__isinff@plt+0x55b630>24 40          lea    0x40(%rsp),%r12
  11b23e:      31 d2                  xor    %edx,%edx
  11b240:      48 c7 44 24 08 00 00    movq  $0x0,0x8(%rsp)
  11b247:      00 00
  11b249:      c7 44 24 10 04 00 00    movl  $0x4,0x10(%rsp)
  11b250:      00
  11b251:      4c 89 44 24 18          mov    %r8,0x18(%rsp)
  11b256:      4c 89 64 24 20          mov    %r12,0x20(%rsp)
  11b25b:      eb ac                  jmp    11b209 <__isinff@plt+0x9b509></code>
|-
|0x11b260
|0x272
|cuDeviceGet
|
|-
|0x11b4e0
|0x24d
|cuDriverGetVersion
|
|-
|0x11b730
|0x18c
|cuGLInit
|
|-
|0x11b8c0
|0x28e
|cuGLCtxCreate
|
|-
|0x11bb50
|0x261
|cuGLUnmapBufferObjectAsync
|
|-
|0x11bdc0
|0x2aa
|cuGLMapBufferObjectAsync
|
|-
|0x11c070
|0x261
|cuGLSetBufferObjectMapFlags
|
|-
|0x11c2e0
|0x253
|cuGLUnregisterBufferObject
|
|-
|0x11c540
|0x253
|cuGLUnmapBufferObject
|
|-
|0x11c7a0
|0x28e
|cuGLMapBufferObject
|
|-
|0x11ca30
|0x253
|cuGLRegisterBufferObject
|
|-
|0x11cc90
|0x2b2
|cuGraphicsGLRegisterImage
|
|-
|0x11cf50
|0x28e
|cuGraphicsGLRegisterBuffer
|
|-
|0x81ef0
|0x5f
|cuMemGetAttribute
|
|-
|0x110a30
|0x24d
|cuTexRefDestroy
|
|-
|0x110c80
|0x24d
|cuTexRefCreate
|
|-
|0x110ed0
|0x272
|cuArray3DGetDescriptor
|
|-
|0x111b20
|0x272
|cuFuncSetCacheConfig
|
|-
|0x111da0
|0x28e
|cuFuncGetAttribute
|
|-
|0x112b30
|0x2d5
|cuMemsetD2D8
|
|-
|0x112e10
|0x28d
|cuMemsetD32
|
|-
|0x113ac0
|0x2cc
|cuMemcpyAtoHAsync
|
|-
|0x113d90
|0x2cc
|cuMemcpyHtoAAsync
|
|-
|0x114ac0
|0x24d
|cuMemcpy2DUnaligned
|
|-
|0x114d10
|0x24d
|cuMemcpy2D
|
|-
|0x114f60
|0x2d4
|cuMemcpyAtoA
|
|-
|0x115a80
|0x2b2
|cuMemcpyDtoA
|
|-
|0x115d40
|0x28d
|cuMemcpyDtoD
|
|-
|0x115fd0
|0x28e
|cuMemcpyDtoH
|
|-
|0x116a00
|0x28e
|cuMemHostAlloc
|
|-
|0x116c90
|0x24d
|cuMemFreeHost
|
|-
|0x116ee0
|0x272
|cuMemAllocHost
|
|-
|0x117bb0
|0x272
|cuMemGetInfo
|
|-
|0x117e30
|0x28e
|cuModuleGetTexRef
|
|-
|0x118ae0
|0x2d4
|cuModuleLoadDataEx
|
|-
|0x118dc0
|0x272
|cuModuleLoadData
|
|-
|0x119c00
|0x272
|cuCtxAttach
|
|-
|0x119e80
|0x24d
|cuCtxDestroy
|
|-
|0x1104e0
|0x2b2
|cuTexRefSetAddress
|
|-
|0x1107a0
|0x28e
|cuTexRefSetArray
|
|-
|0x1113d0
|0x24d
|cuArrayDestroy
|
|-
|0x1118a0
|0x272
|cuArrayCreate
|
|-
|0x1122b0
|0x2b2
|cuFuncSetBlockShape
|
|-
|0x1130a0
|0x29d
|cuMemsetD16
|
|-
|-
|0x1135e0
! COLSPAN="3" style="background:#efefef;" | 0x5c000002 (per-device)
|0x261
|cuMemcpy3DAsync
|
|-
|-
|0x1145c0
| 0x20800110
|0x2aa
| 0x84
|cuMemcpyHtoDAsync
|
|-
|0x1157c0
|0x2b1
|cuMemcpyAtoD
|
|-
|0x1164f0
|0x272
|cuMemHostGetFlags
|
|-
|0x1173f0
|0x253
|cuMemFree
|
|-
|0x1180c0
|0x2b9
|cuModuleGetGlobal
|
|-
|0x1192c0
|0x24d
|cuCtxGetDevice
|
|-
|0x1199b0
|0x24d
|cuCtxDetach
|
|-
|0x102120
|0x119
|clGetExtensionFunctionAddress
|
|-
|0x110220
|0x2b2
|cuTexRefSetAddress2D
|
|-
|0x111150
|0x272
|cuArray3DCreate
|
|-
|0x111620
|0x272
|cuArrayGetDescriptor
|
|-
|0x112030
|0x272
|cuFuncSetSharedSize
|
|-
|0x112570
|0x2d3
|cuMemsetD2D32
|
|-
|0x112850
|0x2d5
|cuMemsetD2D16
|
|-
|0x113340
|0x29c
|cuMemsetD8
|
|-
|0x113850
|0x261
|cuMemcpy2DAsync
|
|-
|0x114060
|0x2aa
|cuMemcpyDtoDAsync
|
|-
|0x114310
|0x2aa
|cuMemcpyDtoHAsync
|
|-
|0x114870
|0x24d
|cuMemcpy3D
|
|-
|0x115240
|0x2b2
|cuMemcpyAtoH
|
|-
|0x115500
|0x2b9
|cuMemcpyHtoA
|
|-
|0x116260
|0x28d
|cuMemcpyHtoD
|
|-
|0x116770
|0x28e
|cuMemHostGetDevicePointer
|
|-
|0x117160
|0x28e
|cuMemGetAddressRange
|
|-
|0x117650
|0x2d4
|cuMemAllocPitch
|
|-
|0x117930
|0x272
|cuMemAlloc
|
|-
|0x118380
|0x28e
|cuModuleGetFunction
|
|-
|0x118610
|0x24d
|cuModuleUnload
|
|-
|0x118860
|0x272
|cuModuleLoadFatBinary
|
|-
|0x119040
|0x272
|cuModuleLoad
|
|-
|0x119510
|0x24d
|cuCtxPopCurrent
|
|-
|0x119760
|0x24d
|cuCtxPushCurrent
|
|
* Retrieves device name:
<pre>RESULT: 0 0xc1d04277 0x5c000002 0x20800110 0x00000000
0x0010 0x73be4970 0x00007fff 0x00000084 0x00000000
GPU method 0x5c000002:20800110 0x00000000 0x6f466547 0x20656372 0x20535447
0x0010 0x4d303633 0x00000000 0x00000000 0x00000000 </pre>
* 6f46654720656372205354474d303633 == "oFeG ecr STGM063"
|-
|-
|}
|}


==traces==
==disassembly==
<pre>edi == ebp
These disassemblies makes use of <tt>libcuda.so.195.36.15</tt> (0867d66be617faab3782fa0ba19ec9ba, 7404990 bytes). Symbols were extracted via <tt>objdump -T</tt>.
esi == 0xc04846d2
* AMD64 ABI:
rdx == r12
** Integer arguments via RDI, RSI, RDX, RCX, R8 and R9, then stack
call(edi,esi,rdx)
** FP arguments in XMM0..XMM7, then stack
 
** Return value in RAX
eax == 0
** [[libcuda traces]]
ebp == file descriptor
rsp(0x4c7) = 0
rsp(0x488) = rax
rsp(0x484) = 0
rsp(0x480) = 0
r12 = rsp + 0x480 (0x7ffff78b3c41)
rbx(0x30) = 0
rbx(0x28) = 0
rbx(0x20) = 0
rbx(0x18) = 0
rbx(0x10) = 0
rbx(0x8) = 0x35
rbx(0x38) = 0
 
cuInit:
  0x7ffff78b3031: mov    0x8(%rsp),%ecx
  0x7ffff78b3035: mov    $0x14,%r8d
  0x7ffff78b303b: mov    $0xa02,%edx
  0x7ffff78b3040: mov    %ebp,%esi
  0x7ffff78b3042: mov    %ebp,%edi
  0x7ffff78b3044: callq  0x7ffff78b1a60
  0x7ffff78b3049: test  %eax,%eax
  0x7ffff78b304b: jne    0x7ffff78b2b84
  0x7ffff78b3051: mov    0x1c(%rsp),%eax
  0x7ffff78b3055: cmp    0x6c(%rsp),%eax
  0x7ffff78b3059: jne    0x7ffff78b2b84
  0x7ffff78b305f: nop
  0x7ffff78b3060: jmpq  0x7ffff78b2c70
  0x7ffff78b3065: mov    0x704944(%rip),%r9        # 0x7ffff7fb79b0
  0x7ffff78b306c: mov    (%r9),%rdi
  0x7ffff78b306f: mov    0x10(%rdi),%rdx
  0x7ffff78b3073: test  %rdx,%rdx
  0x7ffff78b3076: je    0x7ffff78b3094
  0x7ffff78b3078: cmp    %r8d,(%rdx)
  0x7ffff78b307b: jne    0x7ffff78b308b
  0x7ffff78b307d: jmpq  0x7ffff78b2f82
  0x7ffff78b3082: cmp    (%rdx),%r8d
  0x7ffff78b3085: je    0x7ffff78b2f82
  0x7ffff78b308b: mov    0x10(%rdx),%rdx
  0x7ffff78b308f: test  %rdx,%rdx
  0x7ffff78b3092: jne    0x7ffff78b3082
  0x7ffff78b3094: mov    $0x1d,%r12d
  0x7ffff78b309a: movl  $0x0,0x708768(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b30a4: jmpq  0x7ffff78b29e5
  0x7ffff78b30a9: mov    0x58(%rsp),%edi
  0x7ffff78b30ad: test  %edi,%edi
  0x7ffff78b30af: je    0x7ffff78b29e5
  0x7ffff78b30b5: mov    %rbx,%rdi
  0x7ffff78b30b8: callq  0x7ffff78b22d0
  0x7ffff78b30bd: mov    0x58(%rsp),%r12d
  0x7ffff78b30c2: jmpq  0x7ffff78b29e5
  0x7ffff78b30c7: mov    0x70551a(%rip),%r15        # 0x7ffff7fb85e8
  0x7ffff78b30ce: mov    (%r15),%rbx
  0x7ffff78b30d1: test  %rbx,%rbx
  0x7ffff78b30d4: je    0x7ffff78b2f9e
  0x7ffff78b30da: lea    0x20(%rsp),%rdx
  0x7ffff78b30df: jmp    0x7ffff78b30ee
  0x7ffff78b30e1: mov    0x30(%rbx),%rbx
  0x7ffff78b30e5: test  %rbx,%rbx
  0x7ffff78b30e8: je    0x7ffff78b2f9e
  0x7ffff78b30ee: cmp    (%rbx),%ebp
  0x7ffff78b30f0: jne    0x7ffff78b30e1
  0x7ffff78b30f2: cmp    0x4(%rbx),%r14d
  0x7ffff78b30f6: jne    0x7ffff78b30e1
  0x7ffff78b30f8: movq  $0x0,0x20(%rsp)
  0x7ffff78b3101: movq  $0x0,0x28(%rsp)
  0x7ffff78b310a: xor    %eax,%eax
  0x7ffff78b310c: mov    %ebp,0x20(%rsp)
  0x7ffff78b3110: mov    %r14d,0x28(%rsp)
  0x7ffff78b3115: mov    $0xc020462b,%esi
  0x7ffff78b311a: mov    0x18(%rsp),%ebp
  0x7ffff78b311e: mov    0x10(%rsp),%r14
  0x7ffff78b3123: mov    0x676f57(%rip),%edi        # 0x7ffff7f2a080
  0x7ffff78b3129: movl  $0x0,0x7086d9(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b3133: movq  $0x0,0x38(%rsp)
  0x7ffff78b313c: movl  $0x83f3,0x2c(%rsp)
  0x7ffff78b3144: mov    %ebp,0x24(%rsp)
  0x7ffff78b3148: mov    %r14,0x30(%rsp)
  0x7ffff78b314d: callq  0x7ffff782ab20 <ioctl@plt>
  0x7ffff78b3152: test  %eax,%eax
  0x7ffff78b3154: js    0x7ffff78b2f2a
  0x7ffff78b315a: mov    0x38(%rsp),%r9d
  0x7ffff78b315f: test  %r9d,%r9d
  0x7ffff78b3162: je    0x7ffff78b29e5
  0x7ffff78b3168: mov    %rbx,%rdi
  0x7ffff78b316b: callq  0x7ffff78b22d0
  0x7ffff78b3170: mov    0x38(%rsp),%r12d
  0x7ffff78b3175: jmpq  0x7ffff78b29e5
  0x7ffff78b317a: data32 xchg %ax,%ax
  0x7ffff78b317d: data32 xchg %ax,%ax
  0x7ffff78b3180: mov    %r12,-0x20(%rsp)
  0x7ffff78b3185: mov    %r13,-0x18(%rsp)
  0x7ffff78b318a: mov    %edi,%r12d
  0x7ffff78b318d: mov    %r14,-0x10(%rsp)
  0x7ffff78b3192: mov    %r15,-0x8(%rsp)
  0x7ffff78b3197: mov    %esi,%r14d
  0x7ffff78b319a: mov    %rbx,-0x30(%rsp)
  0x7ffff78b319f: mov    %rbp,-0x28(%rsp)
  0x7ffff78b31a4: sub    $0x68,%rsp
  0x7ffff78b31a8: cmp    $0x80,%edx
  0x7ffff78b31ae: mov    %edx,%r13d
  0x7ffff78b31b1: mov    %rcx,%r15
  0x7ffff78b31b4: jb    0x7ffff78b327a
  0x7ffff78b31ba: cmp    $0x87,%edx
  0x7ffff78b31c0: ja    0x7ffff78b3272
  0x7ffff78b31c6: lea    -0x80(%r13),%esi
  0x7ffff78b31ca: xor    %edx,%edx
  0x7ffff78b31cc: callq  0x7ffff78b2160
  0x7ffff78b31d1: mov    %eax,%edx
  0x7ffff78b31d3: mov    %eax,%edi
  0x7ffff78b31d5: shr    $0x1f,%edx
  0x7ffff78b31d8: cmp    $0x20,%eax
  0x7ffff78b31db: sete  %bl
  0x7ffff78b31de: or    %dl,%bl
  0x7ffff78b31e0: jne    0x7ffff78b327a
  0x7ffff78b31e6: mov    %edi,%ecx
  0x7ffff78b31e8: mov    %r14d,%esi
  0x7ffff78b31eb: mov    %r14d,%edx
  0x7ffff78b31ee: mov    %r12d,%edi
  0x7ffff78b31f1: callq  0x7ffff78b2400
  0x7ffff78b31f6: xor    %esi,%esi
  0x7ffff78b31f8: test  %eax,%eax
  0x7ffff78b31fa: mov    %eax,%ebp
  0x7ffff78b31fc: mov    $0x1,%ecx
  0x7ffff78b3201: jne    0x7ffff78b327f
  0x7ffff78b3203: mov    %esi,%eax
  0x7ffff78b3205:
    lock cmpxchg %ecx,0x7085ff(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b320d: setne  %dl
  0x7ffff78b3210: test  %dl,%dl
  0x7ffff78b3212: je    0x7ffff78b3400
  0x7ffff78b3218: mov    0x7085ee(%rip),%edi        # 0x7ffff7fbb80c
  0x7ffff78b321e: test  %edi,%edi
  0x7ffff78b3220: je    0x7ffff78b3203
  0x7ffff78b3222: mov    0x7085e3(%rip),%r8d        # 0x7ffff7fbb80c
  0x7ffff78b3229: test  %r8d,%r8d
  0x7ffff78b322c: je    0x7ffff78b3203
  0x7ffff78b322e: mov    0x7085d7(%rip),%r9d        # 0x7ffff7fbb80c
  0x7ffff78b3235: test  %r9d,%r9d
  0x7ffff78b3238: je    0x7ffff78b3203
  0x7ffff78b323a: mov    0x7085cb(%rip),%r10d        # 0x7ffff7fbb80c
  0x7ffff78b3241: test  %r10d,%r10d
  0x7ffff78b3244: je    0x7ffff78b3203
  0x7ffff78b3246: mov    0x7085bf(%rip),%r11d        # 0x7ffff7fbb80c
  0x7ffff78b324d: test  %r11d,%r11d
  0x7ffff78b3250: je    0x7ffff78b3203
  0x7ffff78b3252: mov    0x7085b4(%rip),%ebx        # 0x7ffff7fbb80c
  0x7ffff78b3258: test  %ebx,%ebx
  0x7ffff78b325a: je    0x7ffff78b3203
  0x7ffff78b325c: mov    0x7085aa(%rip),%edx        # 0x7ffff7fbb80c
  0x7ffff78b3262: test  %edx,%edx
  0x7ffff78b3264: je    0x7ffff78b3203
  0x7ffff78b3266: mov    0x7085a0(%rip),%eax        # 0x7ffff7fbb80c
  0x7ffff78b326c: test  %eax,%eax
  0x7ffff78b326e: jne    0x7ffff78b3218
  0x7ffff78b3270: jmp    0x7ffff78b3203
  0x7ffff78b3272: cmp    $0xff,%edx
  0x7ffff78b3278: je    0x7ffff78b32a4
  0x7ffff78b327a: mov    $0x2a,%ebp
  0x7ffff78b327f: mov    %ebp,%eax
  0x7ffff78b3281: mov    0x38(%rsp),%rbx
  0x7ffff78b3286: mov    0x40(%rsp),%rbp
  0x7ffff78b328b: mov    0x48(%rsp),%r12
  0x7ffff78b3290: mov    0x50(%rsp),%r13
  0x7ffff78b3295: mov    0x58(%rsp),%r14
  0x7ffff78b329a: mov    0x60(%rsp),%r15
  0x7ffff78b329f: add    $0x68,%rsp
  0x7ffff78b32a3: retq 
  0x7ffff78b32a4: test  %rcx,%rcx
  0x7ffff78b32a7: je    0x7ffff78b327a
  0x7ffff78b32a9: mov    $0x3a,%esi
  0x7ffff78b32ae: mov    %rcx,%rdi
  0x7ffff78b32b1: callq  0x7ffff782a980 <strchr@plt>
  0x7ffff78b32b6: test  %rax,%rax
  0x7ffff78b32b9: je    0x7ffff78b327a
  0x7ffff78b32bb: cmpb  $0x2a,(%r15)
  0x7ffff78b32bf: je    0x7ffff78b327a
  0x7ffff78b32c1: lea    0x28(%rsp),%rsi
  0x7ffff78b32c6: xor    %ecx,%ecx
  0x7ffff78b32c8: xor    %edx,%edx
  0x7ffff78b32ca: mov    %r15,%rdi
  0x7ffff78b32cd: callq  0x7ffff782a930 <__strtol_internal@plt>
  0x7ffff78b32d2: mov    0x28(%rsp),%rdi
  0x7ffff78b32d7: xor    %edx,%edx
  0x7ffff78b32d9: xor    %ecx,%ecx
  0x7ffff78b32db: xor    %esi,%esi
  0x7ffff78b32dd: mov    %eax,%ebx
  0x7ffff78b32df: inc    %rdi
  0x7ffff78b32e2: callq  0x7ffff782a930 <__strtol_internal@plt>
  0x7ffff78b32e7: mov    0x705012(%rip),%rdx        # 0x7ffff7fb8300
  0x7ffff78b32ee: mov    %eax,%r8d
  0x7ffff78b32f1: xor    %edi,%edi
  0x7ffff78b32f3: add    $0x30,%rdx
  0x7ffff78b32f7: jmpq  0x7ffff78b33d4
  0x7ffff78b32fc: lea    0x30(%rdx),%rcx
  0x7ffff78b3300: lea    0x1(%rdi),%esi
  0x7ffff78b3303: testb  $0x1,-0x30(%rcx)
  0x7ffff78b3307: mov    %esi,%edi
  0x7ffff78b3309: je    0x7ffff78b3317
  0x7ffff78b330b: movzbl -0x2e(%rcx),%ebp
  0x7ffff78b330f: cmp    %ebp,%ebx
  0x7ffff78b3311: je    0x7ffff78b34a2
  0x7ffff78b3317: lea    0x30(%rcx),%rdx
  0x7ffff78b331b: lea    0x1(%rsi),%edi
  0x7ffff78b331e: testb  $0x1,-0x30(%rdx)
  0x7ffff78b3322: je    0x7ffff78b3332
  0x7ffff78b3324: movzbl -0x2e(%rdx),%r10d
  0x7ffff78b3329: cmp    %r10d,%ebx
  0x7ffff78b332c: je    0x7ffff78b34b5
  0x7ffff78b3332: lea    0x60(%rcx),%rdx
  0x7ffff78b3336: lea    0x2(%rsi),%edi
  0x7ffff78b3339: testb  $0x1,-0x30(%rdx)
  0x7ffff78b333d: je    0x7ffff78b334b
  0x7ffff78b333f: movzbl -0x2e(%rdx),%eax
  0x7ffff78b3343: cmp    %eax,%ebx
  0x7ffff78b3345: je    0x7ffff78b34e5
  0x7ffff78b334b: lea    0x90(%rcx),%rdx
  0x7ffff78b3352: lea    0x3(%rsi),%edi
  0x7ffff78b3355: testb  $0x1,-0x30(%rdx)
  0x7ffff78b3359: je    0x7ffff78b3369
  0x7ffff78b335b: movzbl -0x2e(%rdx),%r9d
  0x7ffff78b3360: cmp    %r9d,%ebx
  0x7ffff78b3363: je    0x7ffff78b34f7
  0x7ffff78b3369: lea    0xc0(%rcx),%rdx
  0x7ffff78b3370: lea    0x4(%rsi),%edi
  0x7ffff78b3373: testb  $0x1,-0x30(%rdx)
  0x7ffff78b3377: je    0x7ffff78b3387
  0x7ffff78b3379: movzbl -0x2e(%rdx),%r11d
  0x7ffff78b337e: cmp    %r11d,%ebx
  0x7ffff78b3381: je    0x7ffff78b3510
  0x7ffff78b3387: lea    0xf0(%rcx),%rdx
  0x7ffff78b338e: lea    0x5(%rsi),%edi
  0x7ffff78b3391: testb  $0x1,-0x30(%rdx)
  0x7ffff78b3395: je    0x7ffff78b33a3
  0x7ffff78b3397: movzbl -0x2e(%rdx),%ebp
  0x7ffff78b339b: cmp    %ebp,%ebx
  0x7ffff78b339d: je    0x7ffff78b3525
  0x7ffff78b33a3: lea    0x120(%rcx),%rdx
  0x7ffff78b33aa: lea    0x6(%rsi),%edi
  0x7ffff78b33ad: testb  $0x1,-0x30(%rdx)
  0x7ffff78b33b1: je    0x7ffff78b33c1
  0x7ffff78b33b3: movzbl -0x2e(%rdx),%r10d
  0x7ffff78b33b8: cmp    %r10d,%ebx
  0x7ffff78b33bb: je    0x7ffff78b34d0
  0x7ffff78b33c1: lea    0x7(%rsi),%edi
  0x7ffff78b33c4: lea    0x150(%rcx),%rdx
  0x7ffff78b33cb: cmp    $0x20,%edi
  0x7ffff78b33ce: je    0x7ffff78b327a
  0x7ffff78b33d4: testb  $0x1,-0x30(%rdx)
  0x7ffff78b33d8: je    0x7ffff78b32fc
  0x7ffff78b33de: movzbl -0x2e(%rdx),%eax
  0x7ffff78b33e2: cmp    %eax,%ebx
  0x7ffff78b33e4: jne    0x7ffff78b32fc
  0x7ffff78b33ea: movzbl -0x2d(%rdx),%ecx
  0x7ffff78b33ee: cmp    %ecx,%r8d
  0x7ffff78b33f1: jne    0x7ffff78b32fc
  0x7ffff78b33f7: jmpq  0x7ffff78b31e6
  0x7ffff78b33fc: data32 data32 xchg %ax,%ax
  0x7ffff78b3400: mov    0x7051e1(%rip),%rsi        # 0x7ffff7fb85e8
  0x7ffff78b3407: mov    (%rsi),%rbx
  0x7ffff78b340a: test  %rbx,%rbx
  0x7ffff78b340d: jne    0x7ffff78b341b
  0x7ffff78b340f: nop
  0x7ffff78b3410: jmp    0x7ffff78b348e
  0x7ffff78b3412: mov    0x30(%rbx),%rbx
  0x7ffff78b3416: test  %rbx,%rbx
  0x7ffff78b3419: je    0x7ffff78b348e
  0x7ffff78b341b: cmp    (%rbx),%r12d
  0x7ffff78b341e: xchg  %ax,%ax
  0x7ffff78b3420: jne    0x7ffff78b3412
  0x7ffff78b3422: cmp    0x4(%rbx),%r14d
  0x7ffff78b3426: jne    0x7ffff78b3412
  0x7ffff78b3428: mov    0x676c52(%rip),%edi        # 0x7ffff7f2a080
  0x7ffff78b342e: xor    %eax,%eax
  0x7ffff78b3430: mov    %rsp,%rdx
  0x7ffff78b3433: mov    $0xc0204623,%esi
  0x7ffff78b3438: movq  $0x0,(%rsp)
  0x7ffff78b3440: movq  $0x0,0x8(%rsp)
  0x7ffff78b3449: movl  $0x0,0x7083b9(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b3453: movq  $0x0,0x18(%rsp)
  0x7ffff78b345c: mov    %r12d,(%rsp)
  0x7ffff78b3460: mov    %r14d,0x4(%rsp)
  0x7ffff78b3465: mov    %r13d,0x8(%rsp)
  0x7ffff78b346a: mov    %r15,0x10(%rsp)
  0x7ffff78b346f: callq  0x7ffff782ab20 <ioctl@plt>
  0x7ffff78b3474: test  %eax,%eax
  0x7ffff78b3476: jns    0x7ffff78b353b
  0x7ffff78b347c: mov    %rbx,%rdi
  0x7ffff78b347f: mov    $0x2a,%ebp
  0x7ffff78b3484: callq  0x7ffff78b22d0
  0x7ffff78b3489: jmpq  0x7ffff78b327f
  0x7ffff78b348e: mov    $0xb,%ebp
  0x7ffff78b3493: movl  $0x0,0x70836f(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b349d: jmpq  0x7ffff78b327f
  0x7ffff78b34a2: movzbl -0x2d(%rcx),%r9d
  0x7ffff78b34a7: cmp    %r9d,%r8d
  0x7ffff78b34aa: jne    0x7ffff78b3317
  0x7ffff78b34b0: jmpq  0x7ffff78b31e6
  0x7ffff78b34b5: movzbl -0x2d(%rdx),%r11d
  0x7ffff78b34ba: cmp    %r11d,%r8d
  0x7ffff78b34bd: data32 xchg %ax,%ax
  0x7ffff78b34c0: jne    0x7ffff78b3332
  0x7ffff78b34c6: jmpq  0x7ffff78b31e6
  0x7ffff78b34cb: data32 xchg %ax,%ax
  0x7ffff78b34ce: xchg  %ax,%ax
  0x7ffff78b34d0: movzbl -0x2d(%rdx),%r11d
  0x7ffff78b34d5: cmp    %r11d,%r8d
  0x7ffff78b34d8: jne    0x7ffff78b33c1
  0x7ffff78b34de: xchg  %ax,%ax
  0x7ffff78b34e0: jmpq  0x7ffff78b31e6
  0x7ffff78b34e5: movzbl -0x2d(%rdx),%ebp
  0x7ffff78b34e9: cmp    %ebp,%r8d
  0x7ffff78b34ec: jne    0x7ffff78b334b
  0x7ffff78b34f2: jmpq  0x7ffff78b31e6
  0x7ffff78b34f7: movzbl -0x2d(%rdx),%r10d
  0x7ffff78b34fc: cmp    %r10d,%r8d
  0x7ffff78b34ff: nop
  0x7ffff78b3500: jne    0x7ffff78b3369
  0x7ffff78b3506: jmpq  0x7ffff78b31e6
  0x7ffff78b350b: data32 xchg %ax,%ax
  0x7ffff78b350e: xchg  %ax,%ax
  0x7ffff78b3510: movzbl -0x2d(%rdx),%eax
  0x7ffff78b3514: cmp    %eax,%r8d
  0x7ffff78b3517: jne    0x7ffff78b3387
  0x7ffff78b351d: data32 xchg %ax,%ax
  0x7ffff78b3520: jmpq  0x7ffff78b31e6
  0x7ffff78b3525: movzbl -0x2d(%rdx),%r9d
  0x7ffff78b352a: cmp    %r9d,%r8d
  0x7ffff78b352d: data32 xchg %ax,%ax
  0x7ffff78b3530: jne    0x7ffff78b33a3
  0x7ffff78b3536: jmpq  0x7ffff78b31e6
  0x7ffff78b353b: mov    0x18(%rsp),%r12d
  0x7ffff78b3540: test  %r12d,%r12d
  0x7ffff78b3543: je    0x7ffff78b327f
  0x7ffff78b3549: mov    %rbx,%rdi
  0x7ffff78b354c: callq  0x7ffff78b22d0
  0x7ffff78b3551: mov    0x18(%rsp),%ebp
  0x7ffff78b3555: jmpq  0x7ffff78b327f
  0x7ffff78b355a: data32 xchg %ax,%ax
  0x7ffff78b355d: data32 xchg %ax,%ax
  0x7ffff78b3560: push  %rbx
  0x7ffff78b3561: mov    %rdx,%r9
  0x7ffff78b3564: xor    %r8d,%r8d
  0x7ffff78b3567: mov    %rcx,%rbx
  0x7ffff78b356a: mov    $0x22,%edx
  0x7ffff78b356f: mov    $0x1,%ecx
  0x7ffff78b3574: sub    $0x10,%rsp
  0x7ffff78b3578: test  %r9,%r9
  0x7ffff78b357b: je    0x7ffff78b3681
  0x7ffff78b3581: mov    %r8d,%eax
  0x7ffff78b3584:
    lock cmpxchg %ecx,0x708280(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b358c: setne  %dl
  0x7ffff78b358f: test  %dl,%dl
  0x7ffff78b3591: je    0x7ffff78b35ed
  0x7ffff78b3593: mov    0x708272(%rip),%r10d        # 0x7ffff7fbb80c
  0x7ffff78b359a: test  %r10d,%r10d
  0x7ffff78b359d: je    0x7ffff78b3581
  0x7ffff78b359f: mov    0x708266(%rip),%r11d        # 0x7ffff7fbb80c
  0x7ffff78b35a6: test  %r11d,%r11d
  0x7ffff78b35a9: je    0x7ffff78b3581
  0x7ffff78b35ab: mov    0x70825b(%rip),%edx        # 0x7ffff7fbb80c
  0x7ffff78b35b1: test  %edx,%edx
  0x7ffff78b35b3: je    0x7ffff78b3581
  0x7ffff78b35b5: mov    0x708251(%rip),%eax        # 0x7ffff7fbb80c
  0x7ffff78b35bb: test  %eax,%eax
  0x7ffff78b35bd: je    0x7ffff78b3581
  0x7ffff78b35bf: mov    0x708246(%rip),%r10d        # 0x7ffff7fbb80c
  0x7ffff78b35c6: test  %r10d,%r10d
  0x7ffff78b35c9: je    0x7ffff78b3581
  0x7ffff78b35cb: mov    0x70823a(%rip),%r11d        # 0x7ffff7fbb80c
  0x7ffff78b35d2: test  %r11d,%r11d
  0x7ffff78b35d5: je    0x7ffff78b3581
  0x7ffff78b35d7: mov    0x70822f(%rip),%edx        # 0x7ffff7fbb80c
  0x7ffff78b35dd: test  %edx,%edx
  0x7ffff78b35df: je    0x7ffff78b3581
  0x7ffff78b35e1: mov    0x708225(%rip),%eax        # 0x7ffff7fbb80c
  0x7ffff78b35e7: test  %eax,%eax
  0x7ffff78b35e9: jne    0x7ffff78b3593
  0x7ffff78b35eb: jmp    0x7ffff78b3581
  0x7ffff78b35ed: mov    0x704ff4(%rip),%rcx        # 0x7ffff7fb85e8
  0x7ffff78b35f4: mov    (%rcx),%rax
  0x7ffff78b35f7: test  %rax,%rax
  0x7ffff78b35fa: jne    0x7ffff78b360e
  0x7ffff78b35fc: jmpq  0x7ffff78b3689
  0x7ffff78b3601: mov    0x30(%rax),%rax
  0x7ffff78b3605: test  %rax,%rax
  0x7ffff78b3608: je    0x7ffff78b3689
  0x7ffff78b360e: cmp    (%rax),%edi
  0x7ffff78b3610: jne    0x7ffff78b3601
  0x7ffff78b3612: mov    0x10(%rax),%rcx
  0x7ffff78b3616: test  %rcx,%rcx
  0x7ffff78b3619: jne    0x7ffff78b362b
  0x7ffff78b361b: data32 xchg %ax,%ax
  0x7ffff78b361e: xchg  %ax,%ax
  0x7ffff78b3620: jmp    0x7ffff78b3601
  0x7ffff78b3622: mov    0x10(%rcx),%rcx
  0x7ffff78b3626: test  %rcx,%rcx
  0x7ffff78b3629: je    0x7ffff78b3601
  0x7ffff78b362b: cmp    (%rcx),%esi
  0x7ffff78b362d: data32 xchg %ax,%ax
  0x7ffff78b3630: jne    0x7ffff78b3622
  0x7ffff78b3632: movl  $0x0,0x4(%rsp)
  0x7ffff78b363a: movl  $0x0,0x7081c8(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b3644: mov    %rsp,%rdx
  0x7ffff78b3647: movl  $0x0,0x8(%rsp)
  0x7ffff78b364f: movl  $0x0,0xc(%rsp)
  0x7ffff78b3657: xor    %eax,%eax
  0x7ffff78b3659: mov    %r9,(%rsp)
  0x7ffff78b365d: mov    (%rcx),%edi
  0x7ffff78b365f: mov    $0xc0104652,%esi
  0x7ffff78b3664: callq  0x7ffff782ab20 <ioctl@plt>
  0x7ffff78b3669: test  %eax,%eax
  0x7ffff78b366b: mov    $0x2a,%edx
  0x7ffff78b3670: js    0x7ffff78b3681
  0x7ffff78b3672: test  %rbx,%rbx
  0x7ffff78b3675: je    0x7ffff78b367d
  0x7ffff78b3677: mov    0x8(%rsp),%esi
  0x7ffff78b367b: mov    %esi,(%rbx)
  0x7ffff78b367d: mov    0xc(%rsp),%edx
  0x7ffff78b3681: add    $0x10,%rsp
  0x7ffff78b3685: mov    %edx,%eax
  0x7ffff78b3687: pop    %rbx
  0x7ffff78b3688: retq 
  0x7ffff78b3689: mov    0x704320(%rip),%r8        # 0x7ffff7fb79b0
  0x7ffff78b3690: mov    (%r8),%rdi
  0x7ffff78b3693: mov    0x10(%rdi),%rcx
  0x7ffff78b3697: test  %rcx,%rcx
  0x7ffff78b369a: jne    0x7ffff78b36a9
  0x7ffff78b369c: jmp    0x7ffff78b36b7
  0x7ffff78b369e: xchg  %ax,%ax
  0x7ffff78b36a0: mov    0x10(%rcx),%rcx
  0x7ffff78b36a4: test  %rcx,%rcx
  0x7ffff78b36a7: je    0x7ffff78b36b7
  0x7ffff78b36a9: cmp    (%rcx),%esi
  0x7ffff78b36ab: data32 xchg %ax,%ax
  0x7ffff78b36ae: xchg  %ax,%ax
  0x7ffff78b36b0: jne    0x7ffff78b36a0
  0x7ffff78b36b2: jmpq  0x7ffff78b3632
  0x7ffff78b36b7: movl  $0x0,0x70814b(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b36c1: add    $0x10,%rsp
  0x7ffff78b36c5: mov    $0x1d,%edx
  0x7ffff78b36ca: pop    %rbx
  0x7ffff78b36cb: mov    %edx,%eax
  0x7ffff78b36cd: retq 
  0x7ffff78b36ce: xchg  %ax,%ax
  0x7ffff78b36d0: push  %rbp
  0x7ffff78b36d1: mov    $0x22,%eax
  0x7ffff78b36d6: mov    %ecx,%ebp
  0x7ffff78b36d8: push  %rbx
  0x7ffff78b36d9: mov    %edx,%ebx
  0x7ffff78b36db: sub    $0x38,%rsp
  0x7ffff78b36df: test  %r9,%r9
  0x7ffff78b36e2: je    0x7ffff78b3820
  0x7ffff78b36e8: mov    (%r9),%ecx
  0x7ffff78b36eb: xor    %r11d,%r11d
  0x7ffff78b36ee: mov    $0x1,%r10d
  0x7ffff78b36f4: test  %ecx,%ecx
  0x7ffff78b36f6: jle    0x7ffff78b381b
  0x7ffff78b36fc: data32 data32 xchg %ax,%ax
  0x7ffff78b3700: mov    %r11d,%eax
  0x7ffff78b3703:
    lock cmpxchg %r10d,0x708100(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b370c: setne  %dl
  0x7ffff78b370f: test  %dl,%dl
  0x7ffff78b3711: je    0x7ffff78b3765
  0x7ffff78b3713: mov    0x7080f3(%rip),%edx        # 0x7ffff7fbb80c
  0x7ffff78b3719: test  %edx,%edx
  0x7ffff78b371b: je    0x7ffff78b3700
  0x7ffff78b371d: mov    0x7080e9(%rip),%edx        # 0x7ffff7fbb80c
  0x7ffff78b3723: test  %edx,%edx
  0x7ffff78b3725: je    0x7ffff78b3700
  0x7ffff78b3727: mov    0x7080df(%rip),%eax        # 0x7ffff7fbb80c
  0x7ffff78b372d: test  %eax,%eax
  0x7ffff78b372f: je    0x7ffff78b3700
  0x7ffff78b3731: mov    0x7080d5(%rip),%edx        # 0x7ffff7fbb80c
  0x7ffff78b3737: test  %edx,%edx
  0x7ffff78b3739: je    0x7ffff78b3700
  0x7ffff78b373b: mov    0x7080cb(%rip),%eax        # 0x7ffff7fbb80c
  0x7ffff78b3741: test  %eax,%eax
  0x7ffff78b3743: je    0x7ffff78b3700
  0x7ffff78b3745: mov    0x7080c1(%rip),%edx        # 0x7ffff7fbb80c
  0x7ffff78b374b: test  %edx,%edx
  0x7ffff78b374d: je    0x7ffff78b3700
  0x7ffff78b374f: mov    0x7080b7(%rip),%eax        # 0x7ffff7fbb80c
  0x7ffff78b3755: test  %eax,%eax
  0x7ffff78b3757: je    0x7ffff78b3700
  0x7ffff78b3759: mov    0x7080ad(%rip),%edx        # 0x7ffff7fbb80c
  0x7ffff78b375f: test  %edx,%edx
  0x7ffff78b3761: jne    0x7ffff78b3713
  0x7ffff78b3763: jmp    0x7ffff78b3700
  0x7ffff78b3765: mov    0x704e7c(%rip),%r10        # 0x7ffff7fb85e8
  0x7ffff78b376c: mov    (%r10),%rax
  0x7ffff78b376f: test  %rax,%rax
  0x7ffff78b3772: jne    0x7ffff78b378d
  0x7ffff78b3774: jmpq  0x7ffff78b3827
  0x7ffff78b3779: data32 data32 xchg %ax,%ax
  0x7ffff78b377d: data32 xchg %ax,%ax
  0x7ffff78b3780: mov    0x30(%rax),%rax
  0x7ffff78b3784: test  %rax,%rax
  0x7ffff78b3787: je    0x7ffff78b3827
  0x7ffff78b378d: cmp    (%rax),%edi
  0x7ffff78b378f: nop
  0x7ffff78b3790: jne    0x7ffff78b3780
  0x7ffff78b3792: mov    0x10(%rax),%r10
  0x7ffff78b3796: test  %r10,%r10
  0x7ffff78b3799: jne    0x7ffff78b37ab
  0x7ffff78b379b: data32 xchg %ax,%ax
  0x7ffff78b379e: xchg  %ax,%ax
  0x7ffff78b37a0: jmp    0x7ffff78b3780
  0x7ffff78b37a2: mov    0x10(%r10),%r10
  0x7ffff78b37a6: test  %r10,%r10
  0x7ffff78b37a9: je    0x7ffff78b3780
  0x7ffff78b37ab: cmp    (%r10),%ecx
  0x7ffff78b37ae: xchg  %ax,%ax
  0x7ffff78b37b0: jne    0x7ffff78b37a2
  0x7ffff78b37b2: movq  $0x0,(%rsp)
  0x7ffff78b37ba: movq  $0x0,0x8(%rsp)
  0x7ffff78b37c3: xor    %eax,%eax
  0x7ffff78b37c5: movl  $0x0,0x70803d(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b37cf: movq  $0x0,0x10(%rsp)
  0x7ffff78b37d8: mov    %rsp,%rdx
  0x7ffff78b37db: movq  $0x0,0x18(%rsp)
  0x7ffff78b37e4: mov    %edi,(%rsp)
  0x7ffff78b37e7: mov    %esi,0x4(%rsp)
  0x7ffff78b37eb: movq  $0x0,0x20(%rsp)
  0x7ffff78b37f4: mov    $0xc0284644,%esi
  0x7ffff78b37f9: mov    %ebx,0x8(%rsp)
  0x7ffff78b37fd: mov    %ebp,0xc(%rsp)
  0x7ffff78b3801: mov    %r8d,0x10(%rsp)
  0x7ffff78b3806: mov    0x4(%r10),%ecx
  0x7ffff78b380a: mov    (%r9),%edi
  0x7ffff78b380d: mov    %rcx,0x18(%rsp)
  0x7ffff78b3812: callq  0x7ffff782ab20 <ioctl@plt>
  0x7ffff78b3817: test  %eax,%eax
  0x7ffff78b3819: jns    0x7ffff78b386d
  0x7ffff78b381b: mov    $0x2a,%eax
  0x7ffff78b3820: add    $0x38,%rsp
  0x7ffff78b3824: pop    %rbx
  0x7ffff78b3825: pop    %rbp
  0x7ffff78b3826: retq 
  0x7ffff78b3827: mov    0x704182(%rip),%rax        # 0x7ffff7fb79b0
  0x7ffff78b382e: mov    (%rax),%r11
  0x7ffff78b3831: mov    0x10(%r11),%r10
  0x7ffff78b3835: test  %r10,%r10
  0x7ffff78b3838: jne    0x7ffff78b3849
  0x7ffff78b383a: jmp    0x7ffff78b3857
  0x7ffff78b383c: data32 data32 xchg %ax,%ax
  0x7ffff78b3840: mov    0x10(%r10),%r10
  0x7ffff78b3844: test  %r10,%r10
  0x7ffff78b3847: je    0x7ffff78b3857
  0x7ffff78b3849: cmp    (%r10),%ecx
  0x7ffff78b384c: data32 data32 xchg %ax,%ax
  0x7ffff78b3850: jne    0x7ffff78b3840
  0x7ffff78b3852: jmpq  0x7ffff78b37b2
  0x7ffff78b3857: movl  $0x0,0x707fab(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b3861: add    $0x38,%rsp
  0x7ffff78b3865: mov    $0x1d,%eax
  0x7ffff78b386a: pop    %rbx
  0x7ffff78b386b: pop    %rbp
  0x7ffff78b386c: retq 
  0x7ffff78b386d: mov    0x20(%rsp),%eax
  0x7ffff78b3871: add    $0x38,%rsp
  0x7ffff78b3875: pop    %rbx
  0x7ffff78b3876: pop    %rbp
  0x7ffff78b3877: retq 
  0x7ffff78b3878: data32 data32 xchg %ax,%ax
  0x7ffff78b387c: data32 data32 xchg %ax,%ax
  0x7ffff78b3880: push  %r13
  0x7ffff78b3882: mov    $0x22,%eax
  0x7ffff78b3887: mov    %rdi,%r13
  0x7ffff78b388a: push  %r12
  0x7ffff78b388c: push  %rbp
  0x7ffff78b388d: push  %rbx
  0x7ffff78b388e: sub    $0x4e8,%rsp
  0x7ffff78b3895: test  %rdi,%rdi
  0x7ffff78b3898: je    0x7ffff78b3933
  0x7ffff78b389e: xchg  %ax,%ax
  0x7ffff78b38a0: xor    %eax,%eax
  0x7ffff78b38a2: mov    $0x1,%ecx
  0x7ffff78b38a7:
    lock cmpxchg %ecx,0x707f5d(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b38af: setne  %dl
  0x7ffff78b38b2: test  %dl,%dl
  0x7ffff78b38b4: je    0x7ffff78b3941
  0x7ffff78b38ba: mov    0x707f4c(%rip),%ebx        # 0x7ffff7fbb80c
  0x7ffff78b38c0: test  %ebx,%ebx
  0x7ffff78b38c2: je    0x7ffff78b38a0
  0x7ffff78b38c4: mov    0x707f42(%rip),%ecx        # 0x7ffff7fbb80c
  0x7ffff78b38ca: test  %ecx,%ecx
  0x7ffff78b38cc: je    0x7ffff78b38a0
  0x7ffff78b38ce: mov    0x707f38(%rip),%esi        # 0x7ffff7fbb80c
  0x7ffff78b38d4: test  %esi,%esi
  0x7ffff78b38d6: je    0x7ffff78b38a0
  0x7ffff78b38d8: mov    0x707f2d(%rip),%r12d        # 0x7ffff7fbb80c
  0x7ffff78b38df: test  %r12d,%r12d
  0x7ffff78b38e2: je    0x7ffff78b38a0
  0x7ffff78b38e4: mov    0x707f22(%rip),%edx        # 0x7ffff7fbb80c
  0x7ffff78b38ea: test  %edx,%edx
  0x7ffff78b38ec: je    0x7ffff78b38a0
  0x7ffff78b38ee: mov    0x707f18(%rip),%eax        # 0x7ffff7fbb80c
  0x7ffff78b38f4: test  %eax,%eax
  0x7ffff78b38f6: je    0x7ffff78b38a0
  0x7ffff78b38f8: mov    0x707f0d(%rip),%r9d        # 0x7ffff7fbb80c
  0x7ffff78b38ff: test  %r9d,%r9d
  0x7ffff78b3902: je    0x7ffff78b38a0
  0x7ffff78b3904: mov    0x707f01(%rip),%r10d        # 0x7ffff7fbb80c
  0x7ffff78b390b: test  %r10d,%r10d
  0x7ffff78b390e: jne    0x7ffff78b38ba
  0x7ffff78b3910: jmp    0x7ffff78b38a0
  0x7ffff78b3912: mov    0x4d8(%rsp),%ecx
  0x7ffff78b3919: test  %ecx,%ecx
  0x7ffff78b391b: jne    0x7ffff78b3e97
  0x7ffff78b3921: mov    0x4d0(%rsp),%ebx
  0x7ffff78b3928: mov    %ebx,0x0(%r13)
  0x7ffff78b392c: mov    0x4d8(%rsp),%eax
  0x7ffff78b3933: add    $0x4e8,%rsp
  0x7ffff78b393a: pop    %rbx
  0x7ffff78b393b: pop    %rbp
  0x7ffff78b393c: pop    %r12
  0x7ffff78b393e: pop    %r13
  0x7ffff78b3940: retq 
  0x7ffff78b3941: mov    0x707ec1(%rip),%eax        # 0x7ffff7fbb808
  0x7ffff78b3947: test  %eax,%eax
  0x7ffff78b3949: je    0x7ffff78b3a4f
  0x7ffff78b394f: inc    %eax
  0x7ffff78b3951: movl  $0x0,0x707eb1(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b395b: mov    %eax,0x707ea7(%rip)        # 0x7ffff7fbb808
  0x7ffff78b3961: lea    0x4d0(%rsp),%rdx
  0x7ffff78b3969: movl  $0x0,0x0(%r13)
  0x7ffff78b3971: movl  $0x0,0x4d0(%rsp)
  0x7ffff78b397c: mov    $0xc00c4622,%esi
  0x7ffff78b3981: xor    %eax,%eax
  0x7ffff78b3983: movl  $0x0,0x8(%rdx)
  0x7ffff78b398a: mov    0x6766f0(%rip),%edi        # 0x7ffff7f2a080
  0x7ffff78b3990: movl  $0x0,0x4d4(%rsp)
  0x7ffff78b399b: callq  0x7ffff782ab20 <ioctl@plt>
  0x7ffff78b39a0: xor    %esi,%esi
  0x7ffff78b39a2: test  %eax,%eax
  0x7ffff78b39a4: mov    $0x1,%ecx
  0x7ffff78b39a9: jns    0x7ffff78b3912
  0x7ffff78b39af: mov    %esi,%eax
  0x7ffff78b39b1:
    lock cmpxchg %ecx,0x707e53(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b39b9: setne  %dl
  0x7ffff78b39bc: test  %dl,%dl
  0x7ffff78b39be: je    0x7ffff78b3a1c
  0x7ffff78b39c0: mov    0x707e45(%rip),%r8d        # 0x7ffff7fbb80c
  0x7ffff78b39c7: test  %r8d,%r8d
  0x7ffff78b39ca: je    0x7ffff78b39af
  0x7ffff78b39cc: mov    0x707e39(%rip),%r10d        # 0x7ffff7fbb80c
  0x7ffff78b39d3: test  %r10d,%r10d
  0x7ffff78b39d6: je    0x7ffff78b39af
  0x7ffff78b39d8: mov    0x707e2d(%rip),%r11d        # 0x7ffff7fbb80c
  0x7ffff78b39df: test  %r11d,%r11d
  0x7ffff78b39e2: je    0x7ffff78b39af
  0x7ffff78b39e4: mov    0x707e21(%rip),%r13d        # 0x7ffff7fbb80c
  0x7ffff78b39eb: test  %r13d,%r13d
  0x7ffff78b39ee: je    0x7ffff78b39af
  0x7ffff78b39f0: mov    0x707e16(%rip),%ebx        # 0x7ffff7fbb80c
  0x7ffff78b39f6: test  %ebx,%ebx
  0x7ffff78b39f8: je    0x7ffff78b39af
  0x7ffff78b39fa: mov    0x707e0c(%rip),%ebp        # 0x7ffff7fbb80c
  0x7ffff78b3a00: test  %ebp,%ebp
  0x7ffff78b3a02: je    0x7ffff78b39af
  0x7ffff78b3a04: mov    0x707e02(%rip),%edi        # 0x7ffff7fbb80c
  0x7ffff78b3a0a: test  %edi,%edi
  0x7ffff78b3a0c: je    0x7ffff78b39af
  0x7ffff78b3a0e: mov    0x707df7(%rip),%r8d        # 0x7ffff7fbb80c
  0x7ffff78b3a15: test  %r8d,%r8d
  0x7ffff78b3a18: jne    0x7ffff78b39c0
  0x7ffff78b3a1a: jmp    0x7ffff78b39af
  0x7ffff78b3a1c: mov    0x707de6(%rip),%esi        # 0x7ffff7fbb808
  0x7ffff78b3a22: dec    %esi
  0x7ffff78b3a24: test  %esi,%esi
  0x7ffff78b3a26: mov    %esi,0x707ddc(%rip)        # 0x7ffff7fbb808
  0x7ffff78b3a2c: je    0x7ffff78b3dcb
  0x7ffff78b3a32: movl  $0x0,0x707dd0(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b3a3c: mov    $0x2a,%eax
  0x7ffff78b3a41: add    $0x4e8,%rsp
  0x7ffff78b3a48: pop    %rbx
  0x7ffff78b3a49: pop    %rbp
  0x7ffff78b3a4a: pop    %r12
  0x7ffff78b3a4c: pop    %r13
  0x7ffff78b3a4e: retq 
  0x7ffff78b3a4f: mov    0x705b9a(%rip),%rbp        # 0x7ffff7fb95f0
  0x7ffff78b3a56: mov    $0x700,%edx
  0x7ffff78b3a5b: xor    %esi,%esi
  0x7ffff78b3a5d: mov    %rbp,%rdi
  0x7ffff78b3a60: callq  0x7ffff782a990 <memset@plt>
  0x7ffff78b3a65: lea    0x700(%rbp),%rdx
  0x7ffff78b3a6c: mov    %rbp,%rax
  0x7ffff78b3a6f: movl  $0xffffffff,(%rax)
  0x7ffff78b3a75: movl  $0xffffffff,0x38(%rax)
  0x7ffff78b3a7c: movl  $0xffffffff,0x70(%rax)
  0x7ffff78b3a83: movl  $0xffffffff,0xa8(%rax)
  0x7ffff78b3a8d: movl  $0xffffffff,0xe0(%rax)
  0x7ffff78b3a97: movl  $0xffffffff,0x118(%rax)
  0x7ffff78b3aa1: movl  $0xffffffff,0x150(%rax)
  0x7ffff78b3aab: movl  $0xffffffff,0x188(%rax)
  0x7ffff78b3ab5: add    $0x1c0,%rax
  0x7ffff78b3abb: cmp    %rdx,%rax
  0x7ffff78b3abe: jne    0x7ffff78b3a6f
  0x7ffff78b3ac0: callq  0x7ffff782a290 <geteuid@plt>
  0x7ffff78b3ac5: test  %eax,%eax
  0x7ffff78b3ac7: jne    0x7ffff78b3bf7
  0x7ffff78b3acd: movzbl 0x4d1b06(%rip),%esi        # 0x7ffff7d855da
  0x7ffff78b3ad4: lea    0x1(%rsp),%rdi
  0x7ffff78b3ad9: mov    $0x3ff,%edx
  0x7ffff78b3ade: lea    0x480(%rsp),%rbp
  0x7ffff78b3ae6: mov    %sil,(%rsp)
  0x7ffff78b3aea: xor    %esi,%esi
  0x7ffff78b3aec: callq  0x7ffff782a990 <memset@plt>
  0x7ffff78b3af1: lea    0x53ee73(%rip),%rsi        # 0x7ffff7df296b
  0x7ffff78b3af8: lea    0x4d178d(%rip),%rdi        # 0x7ffff7d8528c
  0x7ffff78b3aff: movl  $0x1,0x4dc(%rsp)
  0x7ffff78b3b0a: callq  0x7ffff782a520 <fopen64@plt>
  0x7ffff78b3b0f: test  %rax,%rax
  0x7ffff78b3b12: mov    %rax,%rbx
  0x7ffff78b3b15: jne    0x7ffff78b3b40
  0x7ffff78b3b17: jmp    0x7ffff78b3b60
  0x7ffff78b3b19: data32 data32 xchg %ax,%ax
  0x7ffff78b3b1d: data32 xchg %ax,%ax
  0x7ffff78b3b20: cld   
  0x7ffff78b3b21: lea    0x4d1772(%rip),%rdi        # 0x7ffff7d8529a
  0x7ffff78b3b28: movb  $0x0,0x48f(%rsp)
  0x7ffff78b3b30: mov    $0x7,%ecx
  0x7ffff78b3b35: mov    %rbp,%rsi
  0x7ffff78b3b38: repz cmpsb %es:(%rdi),%ds:(%rsi)
  0x7ffff78b3b3a: je    0x7ffff78b3f09
  0x7ffff78b3b40: lea    0x4d175a(%rip),%rsi        # 0x7ffff7d852a1
  0x7ffff78b3b47: xor    %eax,%eax
  0x7ffff78b3b49: mov    %rbp,%rdx
  0x7ffff78b3b4c: mov    %rbx,%rdi
  0x7ffff78b3b4f: callq  0x7ffff782a400 <fscanf@plt>
  0x7ffff78b3b54: dec    %eax
  0x7ffff78b3b56: je    0x7ffff78b3b20
  0x7ffff78b3b58: mov    %rbx,%rdi
  0x7ffff78b3b5b: callq  0x7ffff782a5a0 <fclose@plt>
  0x7ffff78b3b60: lea    0x4d1746(%rip),%rdi        # 0x7ffff7d852ad
  0x7ffff78b3b67: xor    %esi,%esi
  0x7ffff78b3b69: xor    %eax,%eax
  0x7ffff78b3b6b: callq  0x7ffff782a360 <open64@plt>
  0x7ffff78b3b70: test  %eax,%eax
  0x7ffff78b3b72: mov    %eax,%ebx
  0x7ffff78b3b74: js    0x7ffff78b3ba2
  0x7ffff78b3b76: mov    %rsp,%rsi
  0x7ffff78b3b79: mov    $0x3ff,%edx
  0x7ffff78b3b7e: mov    %eax,%edi
  0x7ffff78b3b80: callq  0x7ffff782a2b0 <read@plt>
  0x7ffff78b3b85: test  %eax,%eax
  0x7ffff78b3b87: jle    0x7ffff78b4012
  0x7ffff78b3b8d: dec    %eax
  0x7ffff78b3b8f: cltq 
  0x7ffff78b3b91: cmpb  $0xa,(%rsp,%rax,1)
  0x7ffff78b3b95: je    0x7ffff78b406a
  0x7ffff78b3b9b: mov    %ebx,%edi
  0x7ffff78b3b9d: callq  0x7ffff782ab40 <close@plt>
  0x7ffff78b3ba2: cmpb  $0x0,(%rsp)
  0x7ffff78b3ba6: je    0x7ffff78b401b
  0x7ffff78b3bac: callq  0x7ffff782a2a0 <fork@plt>
  0x7ffff78b3bb1: cmp    $0xffffffffffffffff,%eax
  0x7ffff78b3bb4: mov    %eax,%edi
  0x7ffff78b3bb6: je    0x7ffff78b3f46
  0x7ffff78b3bbc: test  %eax,%eax
  0x7ffff78b3bbe: xchg  %ax,%ax
  0x7ffff78b3bc0: je    0x7ffff78b3f72
  0x7ffff78b3bc6: lea    0x4dc(%rsp),%rsi
  0x7ffff78b3bce: xor    %edx,%edx
  0x7ffff78b3bd0: callq  0x7ffff782aa70 <waitpid@plt>
  0x7ffff78b3bd5: test  %eax,%eax
  0x7ffff78b3bd7: js    0x7ffff78b3f46
  0x7ffff78b3bdd: mov    0x4dc(%rsp),%eax
  0x7ffff78b3be4: test  $0x7f,%al
  0x7ffff78b3be6: jne    0x7ffff78b3f46
  0x7ffff78b3bec: movzbl %ah,%edx
  0x7ffff78b3bef: test  %edx,%edx
  0x7ffff78b3bf1: jne    0x7ffff78b3f46
  0x7ffff78b3bf7: lea    0x400(%rsp),%rbx
  0x7ffff78b3bff: lea    0x4d16c7(%rip),%rdx        # 0x7ffff7d852cd
  0x7ffff78b3c06: mov    $0x80,%esi
  0x7ffff78b3c0b: xor    %eax,%eax
  0x7ffff78b3c0d: mov    %rbx,%rdi
  0x7ffff78b3c10: callq  0x7ffff782a740 <snprintf@plt>
  0x7ffff78b3c15: mov    $0xff,%esi
  0x7ffff78b3c1a: mov    %rbx,%rdi
  0x7ffff78b3c1d: callq  0x7ffff78b0050
  0x7ffff78b3c22: xor    %eax,%eax
  0x7ffff78b3c24: mov    $0x2,%esi
  0x7ffff78b3c29: mov    %rbx,%rdi
  0x7ffff78b3c2c: callq  0x7ffff782a360 <open64@plt>
  0x7ffff78b3c31: test  %eax,%eax
  0x7ffff78b3c33: mov    %eax,%ebp
  0x7ffff78b3c35: mov    %eax,0x676445(%rip)        # 0x7ffff7f2a080
  0x7ffff78b3c3b: js    0x7ffff78b3e0c
  0x7ffff78b3c41: lea    0x480(%rsp),%r12
 
memset 0x48 (72) bytes to 0 at %r12. rbx preserves 8 bytes into the struct.
r12 == 0x480(%rsp)
 
  0x7ffff78b3c49: xor    %esi,%esi
  0x7ffff78b3c4b: mov    $0x48,%edx
  0x7ffff78b3c50: lea    0x8(%r12),%rbx
  0x7ffff78b3c55: mov    %r12,%rdi
  0x7ffff78b3c58: callq  0x7ffff782a990 <memset@plt>
  0x7ffff78b3c5d: lea    0x4d1678(%rip),%rdi        # 0x7ffff7d852dc
  0x7ffff78b3c64: movabs $0x312e36332e353931,%rax
  0x7ffff78b3c6e: movq  $0x0,0x38(%rbx)
 
*(uint64_t *)r12 + 16 = 35
 
  0x7ffff78b3c76: movq  $0x35,0x8(%rbx)
  0x7ffff78b3c7e: movq  $0x0,0x10(%rbx)
  0x7ffff78b3c86: movq  $0x0,0x18(%rbx)
  0x7ffff78b3c8e: movq  $0x0,0x20(%rbx)
  0x7ffff78b3c96: movq  $0x0,0x28(%rbx)
  0x7ffff78b3c9e: movq  $0x0,0x30(%rbx)
 
  0x7ffff78b3ca6: movl  $0x0,0x480(%rsp)
  0x7ffff78b3cb1: movl  $0x0,0x484(%rsp)
 
*(uint64_t *)r12 + 8 = 0x312e36332e353931
 
  0x7ffff78b3cbc: mov    %rax,0x488(%rsp)
 
  0x7ffff78b3cc4: movb  $0x0,0x4c7(%rsp)
  0x7ffff78b3ccc: callq  0x7ffff782a460 <getenv@plt>
  0x7ffff78b3cd1: test  %rax,%rax
  0x7ffff78b3cd4: je    0x7ffff78b3ce0
  0x7ffff78b3cd6: movsbl (%rax),%edi
  0x7ffff78b3cd9: mov    %edi,0x480(%rsp)
  0x7ffff78b3ce0: xor    %eax,%eax
  0x7ffff78b3ce2: mov    %r12,%rdx
  0x7ffff78b3ce5: mov    $0xc04846d2,%esi
  0x7ffff78b3cea: mov    %ebp,%edi
  0x7ffff78b3cec: callq  0x7ffff782ab20 <ioctl@plt>
  0x7ffff78b3cf1: test  %eax,%eax
  0x7ffff78b3cf3: js    0x7ffff78b3e4a
  0x7ffff78b3cf9: mov    0x704ad0(%rip),%rdx        # 0x7ffff7fb87d0
  0x7ffff78b3d00: xor    %eax,%eax
  0x7ffff78b3d02: mov    $0xc00446ca,%esi
  0x7ffff78b3d07: movl  $0x0,(%rdx)
  0x7ffff78b3d0d: mov    0x67636d(%rip),%edi        # 0x7ffff7f2a080
  0x7ffff78b3d13: callq  0x7ffff782ab20 <ioctl@plt>
  0x7ffff78b3d18: test  %eax,%eax
  0x7ffff78b3d1a: js    0x7ffff78b3e78
  0x7ffff78b3d20: mov    0x7045d9(%rip),%rbp        # 0x7ffff7fb8300
  0x7ffff78b3d27: xor    %esi,%esi
  0x7ffff78b3d29: mov    $0x600,%edx
  0x7ffff78b3d2e: mov    %rbp,%rdi
  0x7ffff78b3d31: callq  0x7ffff782a990 <memset@plt>
  0x7ffff78b3d36: movl  $0xffffffff,0x0(%rbp)
  0x7ffff78b3d3d: mov    0x67633d(%rip),%edi        # 0x7ffff7f2a080
  0x7ffff78b3d43: xor    %eax,%eax
  0x7ffff78b3d45: mov    %rbp,%rdx
  0x7ffff78b3d48: mov    $0xc60046c8,%esi
  0x7ffff78b3d4d: callq  0x7ffff782ab20 <ioctl@plt></pre>
===after third ioctl===
<pre>  0x7ffff78b3d52: test  %eax,%eax
  0x7ffff78b3d54: js    0x7ffff78b3e78
  0x7ffff78b3d5a: mov    $0x38,%edi
  0x7ffff78b3d5f: callq  0x7ffff782a470 <malloc@plt>
  0x7ffff78b3d64: test  %rax,%rax
  0x7ffff78b3d67: mov    %rax,%rdx
  0x7ffff78b3d6a: je    0x7ffff78b3e78
  0x7ffff78b3d70: cld   
  0x7ffff78b3d71: mov    $0x7,%ecx
  0x7ffff78b3d76: xor    %eax,%eax
  0x7ffff78b3d78: mov    %rdx,%rdi
  0x7ffff78b3d7b: rep stos %rax,%es:(%rdi)
  0x7ffff78b3d7e: mov    0x703c2b(%rip),%rbp        # 0x7ffff7fb79b0
  0x7ffff78b3d85: movq  $0x0,0x10(%rdx)
  0x7ffff78b3d8d: movl  $0x0,(%rdx)
  0x7ffff78b3d93: movl  $0x0,0x4(%rdx)
  0x7ffff78b3d9a: movl  $0x0,0x8(%rdx)
  0x7ffff78b3da1: movq  $0x0,0x30(%rdx)
  0x7ffff78b3da9: mov    0x6762d1(%rip),%ebx        # 0x7ffff7f2a080
  0x7ffff78b3daf: mov    %rdx,0x0(%rbp)
  0x7ffff78b3db3: mov    %ebx,0xc(%rdx)
  0x7ffff78b3db6: incl  0x707a4c(%rip)        # 0x7ffff7fbb808
  0x7ffff78b3dbc: movl  $0x0,0x707a46(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b3dc6: jmpq  0x7ffff78b3961</pre>
<pre>  0x7ffff78b3961: lea    0x4d0(%rsp),%rdx
  0x7ffff78b3969: movl  $0x0,0x0(%r13)
  0x7ffff78b3971: movl  $0x0,0x4d0(%rsp)
  0x7ffff78b397c: mov    $0xc00c4622,%esi
  0x7ffff78b3981: xor    %eax,%eax
  0x7ffff78b3983: movl  $0x0,0x8(%rdx)
  0x7ffff78b398a: mov    0x6766f0(%rip),%edi        # 0x7ffff7f2a080
  0x7ffff78b3990: movl  $0x0,0x4d4(%rsp)
==>0x7ffff78b399b: callq  0x7ffff782ab20 <ioctl@plt>
  0x7ffff78b39a0: xor    %esi,%esi
  0x7ffff78b39a2: test  %eax,%eax
  0x7ffff78b39a4: mov    $0x1,%ecx
  0x7ffff78b39a9: jns    0x7ffff78b3912
</pre>
<pre>=> 0x7ffff78b3912: mov    0x4d8(%rsp),%ecx
  0x7ffff78b3919: test  %ecx,%ecx
  0x7ffff78b391b: jne    0x7ffff78b3e97
  0x7ffff78b3921: mov    0x4d0(%rsp),%ebx
  0x7ffff78b3928: mov    %ebx,0x0(%r13)
  0x7ffff78b392c: mov    0x4d8(%rsp),%eax
  0x7ffff78b3933: add    $0x4e8,%rsp
  0x7ffff78b393a: pop    %rbx
  0x7ffff78b393b: pop    %rbp
  0x7ffff78b393c: pop    %r12
  0x7ffff78b393e: pop    %r13
  0x7ffff78b3940: retq</pre>
===return down the stack===
<pre>  0x7ffff78b3dcb: mov    0x6762af(%rip),%edi        # 0x7ffff7f2a080
  0x7ffff78b3dd1: callq  0x7ffff782ab40 <close@plt>
  0x7ffff78b3dd6: mov    0x703bd3(%rip),%r12        # 0x7ffff7fb79b0
  0x7ffff78b3ddd: mov    (%r12),%rdi
  0x7ffff78b3de1: callq  0x7ffff782abf0 <free@plt>
  0x7ffff78b3de6: mov    $0x2a,%eax
  0x7ffff78b3deb: movq  $0x0,(%r12)
  0x7ffff78b3df3:
    movl  $0xffffffff,0x676283(%rip)        # 0x7ffff7f2a080
  0x7ffff78b3dfd: movl  $0x0,0x707a05(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b3e07: jmpq  0x7ffff78b3a41
  0x7ffff78b3e0c: callq  0x7ffff782ab50 <__errno_location@plt>
  0x7ffff78b3e11: mov    (%rax),%edi
  0x7ffff78b3e13: callq  0x7ffff782a9b0 <strerror@plt>
  0x7ffff78b3e18: mov    0x7042d9(%rip),%r11        # 0x7ffff7fb80f8
  0x7ffff78b3e1f: lea    0x4d14d2(%rip),%rsi        # 0x7ffff7d852f8
  0x7ffff78b3e26: mov    %rax,%rcx
  0x7ffff78b3e29: mov    %rbx,%rdx
  0x7ffff78b3e2c: xor    %eax,%eax
  0x7ffff78b3e2e: mov    (%r11),%rdi
  0x7ffff78b3e31: callq  0x7ffff78b0510
  0x7ffff78b3e36: mov    $0x2a,%eax
  0x7ffff78b3e3b: movl  $0x0,0x7079c7(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b3e45: jmpq  0x7ffff78b3933
  0x7ffff78b3e4a: cmpl  $0x1,0x484(%rsp)
  0x7ffff78b3e52: je    0x7ffff78b4042
  0x7ffff78b3e58: mov    0x704299(%rip),%r13        # 0x7ffff7fb80f8
  0x7ffff78b3e5f: lea    0x4d0c2e(%rip),%rdx        # 0x7ffff7d84a94
  0x7ffff78b3e66: lea    0x4d1693(%rip),%rsi        # 0x7ffff7d85500
  0x7ffff78b3e6d: xor    %eax,%eax
  0x7ffff78b3e6f: mov    0x0(%r13),%rdi
  0x7ffff78b3e73: callq  0x7ffff782a700 <fprintf@plt>
  0x7ffff78b3e78: mov    0x676202(%rip),%edi        # 0x7ffff7f2a080
  0x7ffff78b3e7e: callq  0x7ffff782ab40 <close@plt>
  0x7ffff78b3e83: mov    $0x2a,%eax
  0x7ffff78b3e88: movl  $0x0,0x70797a(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b3e92: jmpq  0x7ffff78b3a41
  0x7ffff78b3e97: xor    %eax,%eax
  0x7ffff78b3e99: mov    $0x1,%r9d
  0x7ffff78b3e9f:
    lock cmpxchg %r9d,0x707964(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b3ea8: setne  %dl
  0x7ffff78b3eab: test  %dl,%dl
  0x7ffff78b3ead: je    0x7ffff78b3f16
  0x7ffff78b3eaf: mov    0x707956(%rip),%r10d        # 0x7ffff7fbb80c
  0x7ffff78b3eb6: test  %r10d,%r10d
  0x7ffff78b3eb9: je    0x7ffff78b3e97
  0x7ffff78b3ebb: mov    0x70794b(%rip),%edi        # 0x7ffff7fbb80c
  0x7ffff78b3ec1: test  %edi,%edi
  0x7ffff78b3ec3: je    0x7ffff78b3e97
  0x7ffff78b3ec5: mov    0x707940(%rip),%r8d        # 0x7ffff7fbb80c
  0x7ffff78b3ecc: test  %r8d,%r8d
  0x7ffff78b3ecf: je    0x7ffff78b3e97
  0x7ffff78b3ed1: mov    0x707935(%rip),%esi        # 0x7ffff7fbb80c
  0x7ffff78b3ed7: test  %esi,%esi
  0x7ffff78b3ed9: je    0x7ffff78b3e97
  0x7ffff78b3edb: mov    0x70792a(%rip),%r12d        # 0x7ffff7fbb80c
  0x7ffff78b3ee2: test  %r12d,%r12d
  0x7ffff78b3ee5: je    0x7ffff78b3e97
  0x7ffff78b3ee7: mov    0x70791f(%rip),%edx        # 0x7ffff7fbb80c
  0x7ffff78b3eed: test  %edx,%edx
  0x7ffff78b3eef: je    0x7ffff78b3e97
  0x7ffff78b3ef1: mov    0x707915(%rip),%eax        # 0x7ffff7fbb80c
  0x7ffff78b3ef7: test  %eax,%eax
  0x7ffff78b3ef9: je    0x7ffff78b3e97
  0x7ffff78b3efb: mov    0x70790a(%rip),%r9d        # 0x7ffff7fbb80c
  0x7ffff78b3f02: test  %r9d,%r9d
  0x7ffff78b3f05: jne    0x7ffff78b3eaf
  0x7ffff78b3f07: jmp    0x7ffff78b3e97
  0x7ffff78b3f09: mov    %rbx,%rdi
  0x7ffff78b3f0c: callq  0x7ffff782a5a0 <fclose@plt>
  0x7ffff78b3f11: jmpq  0x7ffff78b3bf7
  0x7ffff78b3f16: mov    0x7078eb(%rip),%r11d        # 0x7ffff7fbb808
  0x7ffff78b3f1d: dec    %r11d
  0x7ffff78b3f20: test  %r11d,%r11d
  0x7ffff78b3f23: mov    %r11d,0x7078de(%rip)        # 0x7ffff7fbb808
  0x7ffff78b3f2a: je    0x7ffff78b3fe0
  0x7ffff78b3f30: mov    0x4d8(%rsp),%eax
  0x7ffff78b3f37: movl  $0x0,0x7078cb(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b3f41: jmpq  0x7ffff78b3933
  0x7ffff78b3f46: mov    0x7041ab(%rip),%r10        # 0x7ffff7fb80f8
  0x7ffff78b3f4d: lea    0x4d149c(%rip),%rsi        # 0x7ffff7d853f0
  0x7ffff78b3f54: xor    %eax,%eax
  0x7ffff78b3f56: mov    (%r10),%rdi
  0x7ffff78b3f59: callq  0x7ffff78b0510
  0x7ffff78b3f5e: mov    $0x2a,%eax
  0x7ffff78b3f63: movl  $0x0,0x70789f(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b3f6d: jmpq  0x7ffff78b3933
  0x7ffff78b3f72: lea    0x4d134e(%rip),%rsi        # 0x7ffff7d852c7
  0x7ffff78b3f79: lea    0x4c1ead(%rip),%rdi        # 0x7ffff7d75e2d
  0x7ffff78b3f80: mov    $0x1,%edx
  0x7ffff78b3f85: callq  0x7ffff782a690 <setenv@plt>
  0x7ffff78b3f8a: lea    0x4d1309(%rip),%rdx        # 0x7ffff7d8529a
  0x7ffff78b3f91: lea    0x4d1326(%rip),%rsi        # 0x7ffff7d852be
  0x7ffff78b3f98: xor    %ecx,%ecx
  0x7ffff78b3f9a: xor    %eax,%eax
  0x7ffff78b3f9c: mov    %rsp,%rdi
  0x7ffff78b3f9f: callq  0x7ffff782ac90 <execl@plt>
  0x7ffff78b3fa4: test  %eax,%eax
  0x7ffff78b3fa6: jns    0x7ffff78b3bf7
  0x7ffff78b3fac: callq  0x7ffff782ab50 <__errno_location@plt>
  0x7ffff78b3fb1: mov    (%rax),%edi
  0x7ffff78b3fb3: callq  0x7ffff782a9b0 <strerror@plt>
  0x7ffff78b3fb8: mov    0x704139(%rip),%r9        # 0x7ffff7fb80f8
  0x7ffff78b3fbf: lea    0x4d1402(%rip),%rsi        # 0x7ffff7d853c8
  0x7ffff78b3fc6: mov    %rax,%rcx
  0x7ffff78b3fc9: mov    %rsp,%rdx
  0x7ffff78b3fcc: xor    %eax,%eax
  0x7ffff78b3fce: mov    (%r9),%rdi
  0x7ffff78b3fd1: callq  0x7ffff78b0510
  0x7ffff78b3fd6: mov    $0x1,%edi
  0x7ffff78b3fdb: callq  0x7ffff782aa80 <exit@plt>
  0x7ffff78b3fe0: mov    0x67609a(%rip),%edi        # 0x7ffff7f2a080
  0x7ffff78b3fe6: callq  0x7ffff782ab40 <close@plt>
  0x7ffff78b3feb: mov    0x7039be(%rip),%r13        # 0x7ffff7fb79b0
  0x7ffff78b3ff2: mov    0x0(%r13),%rdi
  0x7ffff78b3ff6: callq  0x7ffff782abf0 <free@plt>
  0x7ffff78b3ffb: movq  $0x0,0x0(%r13)
  0x7ffff78b4003:
    movl  $0xffffffff,0x676073(%rip)        # 0x7ffff7f2a080
  0x7ffff78b400d: jmpq  0x7ffff78b3f30
  0x7ffff78b4012: movb  $0x0,(%rsp)
  0x7ffff78b4016: jmpq  0x7ffff78b3b9b
  0x7ffff78b401b: movabs $0x6f6d2f6e6962732f,%r8
  0x7ffff78b4025: movl  $0x6f727064,0x8(%rsp)
  0x7ffff78b402d: movw  $0x6562,0xc(%rsp)
  0x7ffff78b4034: mov    %r8,(%rsp)
  0x7ffff78b4038: movb  $0x0,0xe(%rsp)
  0x7ffff78b403d: jmpq  0x7ffff78b3bac
  0x7ffff78b4042: mov    0x7040af(%rip),%r12        # 0x7ffff7fb80f8
  0x7ffff78b4049: lea    0x4d0a44(%rip),%rcx        # 0x7ffff7d84a94
  0x7ffff78b4050: lea    0x4d13d1(%rip),%rsi        # 0x7ffff7d85428
  0x7ffff78b4057: mov    %rbx,%rdx
  0x7ffff78b405a: xor    %eax,%eax
  0x7ffff78b405c: mov    (%r12),%rdi
  0x7ffff78b4060: callq  0x7ffff782a700 <fprintf@plt>
  0x7ffff78b4065: jmpq  0x7ffff78b3e78
  0x7ffff78b406a: movb  $0x0,(%rsp,%rax,1)
  0x7ffff78b406e: jmpq  0x7ffff78b3b9b
  0x7ffff78b4073: data32 data32 xchg %ax,%ax
  0x7ffff78b4077: data32 xchg %ax,%ax
  0x7ffff78b407a: data32 xchg %ax,%ax
  0x7ffff78b407d: data32 xchg %ax,%ax
  0x7ffff78b4080: push  %rbp
  0x7ffff78b4081: mov    %edx,%r11d
  0x7ffff78b4084: xor    %r10d,%r10d
  0x7ffff78b4087: mov    $0x1,%r9d
  0x7ffff78b408d: push  %rbx
  0x7ffff78b408e: sub    $0x28,%rsp
  0x7ffff78b4092: mov    %r10d,%eax
  0x7ffff78b4095:
    lock cmpxchg %r9d,0x70776e(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b409e: setne  %dl
  0x7ffff78b40a1: test  %dl,%dl
  0x7ffff78b40a3: je    0x7ffff78b40f7
  0x7ffff78b40a5: mov    0x707761(%rip),%ebx        # 0x7ffff7fbb80c
  0x7ffff78b40ab: test  %ebx,%ebx
  0x7ffff78b40ad: je    0x7ffff78b4092
  0x7ffff78b40af: mov    0x707757(%rip),%ebx        # 0x7ffff7fbb80c
  0x7ffff78b40b5: test  %ebx,%ebx
  0x7ffff78b40b7: je    0x7ffff78b4092
  0x7ffff78b40b9: mov    0x70774d(%rip),%edx        # 0x7ffff7fbb80c
  0x7ffff78b40bf: test  %edx,%edx
  0x7ffff78b40c1: je    0x7ffff78b4092
  0x7ffff78b40c3: mov    0x707743(%rip),%eax        # 0x7ffff7fbb80c
  0x7ffff78b40c9: test  %eax,%eax
  0x7ffff78b40cb: je    0x7ffff78b4092
  0x7ffff78b40cd: mov    0x707739(%rip),%ebp        # 0x7ffff7fbb80c
  0x7ffff78b40d3: test  %ebp,%ebp
  0x7ffff78b40d5: je    0x7ffff78b4092
  0x7ffff78b40d7: mov    0x70772f(%rip),%ebx        # 0x7ffff7fbb80c
  0x7ffff78b40dd: test  %ebx,%ebx
  0x7ffff78b40df: je    0x7ffff78b4092
  0x7ffff78b40e1: mov    0x707725(%rip),%edx        # 0x7ffff7fbb80c
  0x7ffff78b40e7: test  %edx,%edx
  0x7ffff78b40e9: je    0x7ffff78b4092
  0x7ffff78b40eb: mov    0x70771b(%rip),%eax        # 0x7ffff7fbb80c
  0x7ffff78b40f1: test  %eax,%eax
  0x7ffff78b40f3: jne    0x7ffff78b40a5
  0x7ffff78b40f5: jmp    0x7ffff78b4092
  0x7ffff78b40f7: mov    0x7044ea(%rip),%rbp        # 0x7ffff7fb85e8
  0x7ffff78b40fe: mov    0x0(%rbp),%rbx
  0x7ffff78b4102: test  %rbx,%rbx
  0x7ffff78b4105: jne    0x7ffff78b411d
  0x7ffff78b4107: jmpq  0x7ffff78b41a3
  0x7ffff78b410c: data32 data32 xchg %ax,%ax
  0x7ffff78b4110: mov    0x30(%rbx),%rbx
  0x7ffff78b4114: test  %rbx,%rbx
  0x7ffff78b4117: je    0x7ffff78b41a3
  0x7ffff78b411d: cmp    (%rbx),%edi
  0x7ffff78b411f: nop
  0x7ffff78b4120: jne    0x7ffff78b4110
  0x7ffff78b4122: cmp    0x4(%rbx),%esi
  0x7ffff78b4125: jne    0x7ffff78b4110
  0x7ffff78b4127: movl  $0x0,0x7076db(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b4131: xor    %eax,%eax
  0x7ffff78b4133: mov    $0x1,%r9d
  0x7ffff78b4139:
    lock cmpxchg %r9d,0x7076ce(%rip)        # 0x7ffff7fbb810
  0x7ffff78b4142: setne  %dl
  0x7ffff78b4145: test  %dl,%dl
  0x7ffff78b4147: je    0x7ffff78b41bb
  0x7ffff78b4149: mov    0x7076c0(%rip),%r10d        # 0x7ffff7fbb810
  0x7ffff78b4150: test  %r10d,%r10d
  0x7ffff78b4153: je    0x7ffff78b4131
  0x7ffff78b4155: mov    0x7076b5(%rip),%ebp        # 0x7ffff7fbb810
  0x7ffff78b415b: test  %ebp,%ebp
  0x7ffff78b415d: je    0x7ffff78b4131
  0x7ffff78b415f: mov    0x7076aa(%rip),%r9d        # 0x7ffff7fbb810
  0x7ffff78b4166: test  %r9d,%r9d
  0x7ffff78b4169: je    0x7ffff78b4131
  0x7ffff78b416b: mov    0x70769e(%rip),%r10d        # 0x7ffff7fbb810
  0x7ffff78b4172: test  %r10d,%r10d
  0x7ffff78b4175: je    0x7ffff78b4131
  0x7ffff78b4177: mov    0x707693(%rip),%edx        # 0x7ffff7fbb810
  0x7ffff78b417d: test  %edx,%edx
  0x7ffff78b417f: je    0x7ffff78b4131
  0x7ffff78b4181: mov    0x707689(%rip),%eax        # 0x7ffff7fbb810
  0x7ffff78b4187: test  %eax,%eax
  0x7ffff78b4189: je    0x7ffff78b4131
  0x7ffff78b418b: mov    0x70767f(%rip),%ebp        # 0x7ffff7fbb810
  0x7ffff78b4191: test  %ebp,%ebp
  0x7ffff78b4193: je    0x7ffff78b4131
  0x7ffff78b4195: mov    0x707674(%rip),%r9d        # 0x7ffff7fbb810
  0x7ffff78b419c: test  %r9d,%r9d
  0x7ffff78b419f: jne    0x7ffff78b4149
  0x7ffff78b41a1: jmp    0x7ffff78b4131
  0x7ffff78b41a3: movl  $0x0,0x70765f(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b41ad: mov    $0x2a,%edx
  0x7ffff78b41b2: add    $0x28,%rsp
  0x7ffff78b41b6: mov    %edx,%eax
  0x7ffff78b41b8: pop    %rbx
  0x7ffff78b41b9: pop    %rbp
  0x7ffff78b41ba: retq 
  0x7ffff78b41bb: mov    0x20(%rbx),%rbp
  0x7ffff78b41bf: test  %rbp,%rbp
  0x7ffff78b41c2: jne    0x7ffff78b41dd
  0x7ffff78b41c4: jmpq  0x7ffff78b42f0
  0x7ffff78b41c9: data32 data32 xchg %ax,%ax
  0x7ffff78b41cd: data32 xchg %ax,%ax
  0x7ffff78b41d0: mov    0x38(%rbp),%rbp
  0x7ffff78b41d4: test  %rbp,%rbp
  0x7ffff78b41d7: je    0x7ffff78b42f0
  0x7ffff78b41dd: cmp    0x0(%rbp),%rcx
  0x7ffff78b41e1: jne    0x7ffff78b41d0
  0x7ffff78b41e3: movq  $0x0,(%rsp)
  0x7ffff78b41eb: movq  $0x0,0x8(%rsp)
  0x7ffff78b41f4: movl  $0x0,0x707612(%rip)        # 0x7ffff7fbb810
  0x7ffff78b41fe: movq  $0x0,0x10(%rsp)
  0x7ffff78b4207: movq  $0x0,0x18(%rsp)
  0x7ffff78b4210: mov    %edi,(%rsp)
  0x7ffff78b4213: mov    %esi,0x4(%rsp)
  0x7ffff78b4217: mov    %r11d,0x8(%rsp)
  0x7ffff78b421c: mov    0x28(%rbx),%rdi
  0x7ffff78b4220: mov    0x18(%rbp),%rsi
  0x7ffff78b4224: mov    0x20(%rdi),%rdx
  0x7ffff78b4228: cmp    %rdx,%rsi
  0x7ffff78b422b: jb    0x7ffff78b4247
  0x7ffff78b422d: add    0x28(%rdi),%rdx
  0x7ffff78b4231: mov    %rsi,%r11
  0x7ffff78b4234: add    0x10(%rbp),%r11
  0x7ffff78b4238: dec    %rdx
  0x7ffff78b423b: dec    %r11
  0x7ffff78b423e: cmp    %rdx,%r11
  0x7ffff78b4241: jbe    0x7ffff78b4308
  0x7ffff78b4247: mov    %rsi,0x10(%rsp)
  0x7ffff78b424c: mov    0x675e2e(%rip),%edi        # 0x7ffff7f2a080
  0x7ffff78b4252: mov    %rsp,%rdx
  0x7ffff78b4255: xor    %eax,%eax
  0x7ffff78b4257: mov    $0xc020464f,%esi
  0x7ffff78b425c: mov    %r8d,0x1c(%rsp)
  0x7ffff78b4261: callq  0x7ffff782ab20 <ioctl@plt>
  0x7ffff78b4266: test  %eax,%eax
  0x7ffff78b4268: mov    $0x2a,%edx
  0x7ffff78b426d: js    0x7ffff78b41b2
  0x7ffff78b4273: mov    0x18(%rsp),%edx
  0x7ffff78b4277: test  %edx,%edx
  0x7ffff78b4279: jne    0x7ffff78b41b2
  0x7ffff78b427f: xor    %eax,%eax
  0x7ffff78b4281: mov    $0x1,%ecx
  0x7ffff78b4286:
    lock cmpxchg %ecx,0x707582(%rip)        # 0x7ffff7fbb810
  0x7ffff78b428e: setne  %dl
  0x7ffff78b4291: test  %dl,%dl
  0x7ffff78b4293: je    0x7ffff78b4312
  0x7ffff78b4295: mov    0x707575(%rip),%esi        # 0x7ffff7fbb810
  0x7ffff78b429b: test  %esi,%esi
  0x7ffff78b429d: je    0x7ffff78b427f
  0x7ffff78b429f: mov    0x70756a(%rip),%r10d        # 0x7ffff7fbb810
  0x7ffff78b42a6: test  %r10d,%r10d
  0x7ffff78b42a9: je    0x7ffff78b427f
  0x7ffff78b42ab: mov    0x70755e(%rip),%r11d        # 0x7ffff7fbb810
  0x7ffff78b42b2: test  %r11d,%r11d
  0x7ffff78b42b5: je    0x7ffff78b427f
  0x7ffff78b42b7: mov    0x707553(%rip),%edx        # 0x7ffff7fbb810
  0x7ffff78b42bd: test  %edx,%edx
  0x7ffff78b42bf: je    0x7ffff78b427f
  0x7ffff78b42c1: mov    0x707549(%rip),%eax        # 0x7ffff7fbb810
  0x7ffff78b42c7: test  %eax,%eax
  0x7ffff78b42c9: je    0x7ffff78b427f
  0x7ffff78b42cb: mov    0x70753f(%rip),%ecx        # 0x7ffff7fbb810
  0x7ffff78b42d1: test  %ecx,%ecx
  0x7ffff78b42d3: je    0x7ffff78b427f
  0x7ffff78b42d5: mov    0x707535(%rip),%esi        # 0x7ffff7fbb810
  0x7ffff78b42db: test  %esi,%esi
  0x7ffff78b42dd: je    0x7ffff78b427f
  0x7ffff78b42df: mov    0x70752b(%rip),%edi        # 0x7ffff7fbb810
  0x7ffff78b42e5: test  %edi,%edi
  0x7ffff78b42e7: jne    0x7ffff78b4295
  0x7ffff78b42e9: jmp    0x7ffff78b427f
  0x7ffff78b42eb: data32 xchg %ax,%ax
  0x7ffff78b42ee: xchg  %ax,%ax
  0x7ffff78b42f0: movl  $0x0,0x707516(%rip)        # 0x7ffff7fbb810
  0x7ffff78b42fa: add    $0x28,%rsp
  0x7ffff78b42fe: mov    $0x2a,%edx
  0x7ffff78b4303: pop    %rbx
  0x7ffff78b4304: pop    %rbp
  0x7ffff78b4305: mov    %edx,%eax
  0x7ffff78b4307: retq 
  0x7ffff78b4308: mov    %rcx,0x10(%rsp)
  0x7ffff78b430d: jmpq  0x7ffff78b424c
  0x7ffff78b4312: mov    0x28(%rbp),%edi
  0x7ffff78b4315: dec    %edi
  0x7ffff78b4317: test  %edi,%edi
  0x7ffff78b4319: mov    %edi,0x28(%rbp)
  0x7ffff78b431c: je    0x7ffff78b4331
  0x7ffff78b431e: movl  $0x0,0x7074e8(%rip)        # 0x7ffff7fbb810
  0x7ffff78b4328: mov    0x18(%rsp),%edx
  0x7ffff78b432c: jmpq  0x7ffff78b41b2
  0x7ffff78b4331: mov    0x30(%rbp),%rdx
  0x7ffff78b4335: test  %rdx,%rdx
  0x7ffff78b4338: je    0x7ffff78b4342
  0x7ffff78b433a: mov    0x38(%rbp),%r8
  0x7ffff78b433e: mov    %r8,0x38(%rdx)
  0x7ffff78b4342: cmp    0x20(%rbx),%rbp
  0x7ffff78b4346: jne    0x7ffff78b4350
  0x7ffff78b4348: mov    0x38(%rbp),%r9
  0x7ffff78b434c: mov    %r9,0x20(%rbx)
  0x7ffff78b4350: mov    0x38(%rbp),%rdx
  0x7ffff78b4354: test  %rdx,%rdx
  0x7ffff78b4357: je    0x7ffff78b4361
  0x7ffff78b4359: mov    0x30(%rbp),%rbx
  0x7ffff78b435d: mov    %rbx,0x30(%rdx)
  0x7ffff78b4361: movl  $0x0,0x7074a5(%rip)        # 0x7ffff7fbb810
  0x7ffff78b436b: callq  0x7ffff782a4b0 <getpagesize@plt>
  0x7ffff78b4370: movslq %eax,%rdi
  0x7ffff78b4373: mov    0x8(%rbp),%rsi
  0x7ffff78b4377: neg    %rdi
  0x7ffff78b437a: and    0x0(%rbp),%rdi
  0x7ffff78b437e: callq  0x7ffff782a8d0 <munmap@plt>
  0x7ffff78b4383: mov    %rbp,%rdi
  0x7ffff78b4386: callq  0x7ffff782abf0 <free@plt>
  0x7ffff78b438b: jmp    0x7ffff78b4328
  0x7ffff78b438d: data32 xchg %ax,%ax
  0x7ffff78b4390: push  %r12
  0x7ffff78b4392: xor    %r8d,%r8d
  0x7ffff78b4395: mov    $0x1,%ecx
  0x7ffff78b439a: push  %rbp
  0x7ffff78b439b: mov    %edx,%ebp
  0x7ffff78b439d: push  %rbx
  0x7ffff78b439e: sub    $0x10,%rsp
  0x7ffff78b43a2: mov    %r8d,%eax
  0x7ffff78b43a5:
    lock cmpxchg %ecx,0x70745f(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b43ad: setne  %dl
  0x7ffff78b43b0: test  %dl,%dl
  0x7ffff78b43b2: je    0x7ffff78b440e
  0x7ffff78b43b4: mov    0x707452(%rip),%ebx        # 0x7ffff7fbb80c
  0x7ffff78b43ba: test  %ebx,%ebx
  0x7ffff78b43bc: je    0x7ffff78b43a2
  0x7ffff78b43be: mov    0x707447(%rip),%r12d        # 0x7ffff7fbb80c
  0x7ffff78b43c5: test  %r12d,%r12d
  0x7ffff78b43c8: je    0x7ffff78b43a2
  0x7ffff78b43ca: mov    0x70743c(%rip),%eax        # 0x7ffff7fbb80c
  0x7ffff78b43d0: test  %eax,%eax
  0x7ffff78b43d2: je    0x7ffff78b43a2
  0x7ffff78b43d4: mov    0x707432(%rip),%ebx        # 0x7ffff7fbb80c
  0x7ffff78b43da: test  %ebx,%ebx
  0x7ffff78b43dc: je    0x7ffff78b43a2
  0x7ffff78b43de: mov    0x707427(%rip),%r9d        # 0x7ffff7fbb80c
  0x7ffff78b43e5: test  %r9d,%r9d
  0x7ffff78b43e8: je    0x7ffff78b43a2
  0x7ffff78b43ea: mov    0x70741b(%rip),%r10d        # 0x7ffff7fbb80c
  0x7ffff78b43f1: test  %r10d,%r10d
  0x7ffff78b43f4: je    0x7ffff78b43a2
  0x7ffff78b43f6: mov    0x70740f(%rip),%r11d        # 0x7ffff7fbb80c
  0x7ffff78b43fd: test  %r11d,%r11d
  0x7ffff78b4400: je    0x7ffff78b43a2
  0x7ffff78b4402: mov    0x707404(%rip),%edx        # 0x7ffff7fbb80c
  0x7ffff78b4408: test  %edx,%edx
  0x7ffff78b440a: jne    0x7ffff78b43b4
  0x7ffff78b440c: jmp    0x7ffff78b43a2
  0x7ffff78b440e: mov    0x7041d3(%rip),%rcx        # 0x7ffff7fb85e8
  0x7ffff78b4415: mov    (%rcx),%rbx
  0x7ffff78b4418: test  %rbx,%rbx
  0x7ffff78b441b: jne    0x7ffff78b4429
  0x7ffff78b441d: jmp    0x7ffff78b4443
  0x7ffff78b441f: nop
  0x7ffff78b4420: mov    0x30(%rbx),%rbx
  0x7ffff78b4424: test  %rbx,%rbx
  0x7ffff78b4427: je    0x7ffff78b4443
  0x7ffff78b4429: cmp    (%rbx),%edi
  0x7ffff78b442b: data32 xchg %ax,%ax
  0x7ffff78b442e: xchg  %ax,%ax
  0x7ffff78b4430: jne    0x7ffff78b4420
  0x7ffff78b4432: cmp    0x4(%rbx),%esi
  0x7ffff78b4435: jne    0x7ffff78b4420
  0x7ffff78b4437: movl  $0x0,0x7073cb(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b4441: jmp    0x7ffff78b4462
  0x7ffff78b4443: mov    0x703566(%rip),%r8        # 0x7ffff7fb79b0
  0x7ffff78b444a: movl  $0x0,0x7073b8(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b4454: mov    $0x1d,%r12d
  0x7ffff78b445a: mov    (%r8),%rbx
  0x7ffff78b445d: test  %rbx,%rbx
  0x7ffff78b4460: je    0x7ffff78b44b0
  0x7ffff78b4462: mov    0x10(%rbx),%rax
  0x7ffff78b4466: test  %rax,%rax
  0x7ffff78b4469: jne    0x7ffff78b4479
  0x7ffff78b446b: jmp    0x7ffff78b44bc
  0x7ffff78b446d: data32 xchg %ax,%ax
  0x7ffff78b4470: mov    0x10(%rax),%rax
  0x7ffff78b4474: test  %rax,%rax
  0x7ffff78b4477: je    0x7ffff78b44bc
  0x7ffff78b4479: cmp    (%rax),%ebp
  0x7ffff78b447b: data32 xchg %ax,%ax
  0x7ffff78b447e: xchg  %ax,%ax
  0x7ffff78b4480: jne    0x7ffff78b4470
  0x7ffff78b4482: mov    %edi,(%rsp)
  0x7ffff78b4485: mov    %esi,0x4(%rsp)
  0x7ffff78b4489: xor    %eax,%eax
  0x7ffff78b448b: mov    %rsp,%rdx
  0x7ffff78b448e: mov    $0xc01046cf,%esi
  0x7ffff78b4493: mov    %ebp,%edi
  0x7ffff78b4495: movl  $0x0,0xc(%rsp)
  0x7ffff78b449d: mov    %ebp,0x8(%rsp)
  0x7ffff78b44a1: mov    $0x2a,%r12d
  0x7ffff78b44a7: callq  0x7ffff782ab20 <ioctl@plt>
  0x7ffff78b44ac: test  %eax,%eax
  0x7ffff78b44ae: jns    0x7ffff78b44ce
  0x7ffff78b44b0: add    $0x10,%rsp
  0x7ffff78b44b4: mov    %r12d,%eax
  0x7ffff78b44b7: pop    %rbx
  0x7ffff78b44b8: pop    %rbp
  0x7ffff78b44b9: pop    %r12
  0x7ffff78b44bb: retq 
  0x7ffff78b44bc: add    $0x10,%rsp
  0x7ffff78b44c0: mov    $0x11,%r12d
  0x7ffff78b44c6: pop    %rbx
  0x7ffff78b44c7: pop    %rbp
  0x7ffff78b44c8: mov    %r12d,%eax
  0x7ffff78b44cb: pop    %r12
  0x7ffff78b44cd: retq 
  0x7ffff78b44ce: mov    0xc(%rsp),%r12d
  0x7ffff78b44d3: test  %r12d,%r12d
  0x7ffff78b44d6: jne    0x7ffff78b44b0
  0x7ffff78b44d8: mov    0x7034d1(%rip),%rsi        # 0x7ffff7fb79b0
  0x7ffff78b44df: mov    (%rsi),%rax
  0x7ffff78b44e2: cmp    %rbx,%rax
  0x7ffff78b44e5: je    0x7ffff78b44f6
  0x7ffff78b44e7: mov    %ebp,%esi
  0x7ffff78b44e9: mov    %rbx,%rdi
  0x7ffff78b44ec: callq  0x7ffff78afd90
  0x7ffff78b44f1: mov    %eax,%r12d
  0x7ffff78b44f4: jmp    0x7ffff78b44b0
  0x7ffff78b44f6: mov    0x10(%rax),%rdi
  0x7ffff78b44fa: test  %rdi,%rdi
  0x7ffff78b44fd: jne    0x7ffff78b450b
  0x7ffff78b44ff: nop
  0x7ffff78b4500: jmp    0x7ffff78b453f
  0x7ffff78b4502: mov    0x10(%rdi),%rdi
  0x7ffff78b4506: test  %rdi,%rdi
  0x7ffff78b4509: je    0x7ffff78b453f
  0x7ffff78b450b: cmp    (%rdi),%ebp
  0x7ffff78b450d: data32 xchg %ax,%ax
  0x7ffff78b4510: jne    0x7ffff78b4502
  0x7ffff78b4512: lea    0x10(%rax),%rcx
  0x7ffff78b4516: mov    0x10(%rax),%rax
  0x7ffff78b451a: test  %rax,%rax
  0x7ffff78b451d: je    0x7ffff78b452d
  0x7ffff78b451f: cmp    %rdi,%rax
  0x7ffff78b4522: je    0x7ffff78b455a
  0x7ffff78b4524: mov    0x10(%rax),%rax
  0x7ffff78b4528: test  %rax,%rax
  0x7ffff78b452b: jne    0x7ffff78b451f
  0x7ffff78b452d: mov    $0xffffffff,%r12d
  0x7ffff78b4533: mov    %ebp,%edi
  0x7ffff78b4535: callq  0x7ffff782ab40 <close@plt>
  0x7ffff78b453a: jmpq  0x7ffff78b44b0
  0x7ffff78b453f: cmp    0xc(%rax),%ebp
  0x7ffff78b4542: mov    %ebp,%edi
  0x7ffff78b4544: setne  %dl
  0x7ffff78b4547: shr    $0x1f,%edi
  0x7ffff78b454a: or    %dil,%dl
  0x7ffff78b454d: je    0x7ffff78b4533
  0x7ffff78b454f: mov    $0xffffffff,%r12d
  0x7ffff78b4555: jmpq  0x7ffff78b44b0
  0x7ffff78b455a: mov    0x8(%rdi),%rdx
  0x7ffff78b455e: test  %rdx,%rdx
  0x7ffff78b4561: je    0x7ffff78b4583
  0x7ffff78b4563: mov    0x10(%rdi),%r9
  0x7ffff78b4567: mov    %r9,0x10(%rdx)
  0x7ffff78b456b: mov    0x10(%rdi),%rdx
  0x7ffff78b456f: test  %rdx,%rdx
  0x7ffff78b4572: je    0x7ffff78b457c
  0x7ffff78b4574: mov    0x8(%rdi),%r11
  0x7ffff78b4578: mov    %r11,0x8(%rdx)
  0x7ffff78b457c: callq  0x7ffff782abf0 <free@plt>
  0x7ffff78b4581: jmp    0x7ffff78b4533
  0x7ffff78b4583: mov    0x10(%rdi),%r10
  0x7ffff78b4587: mov    %r10,(%rcx)
  0x7ffff78b458a: jmp    0x7ffff78b456b
  0x7ffff78b458c: data32 data32 xchg %ax,%ax
  0x7ffff78b4590: push  %r15
  0x7ffff78b4592: mov    $0x22,%eax
  0x7ffff78b4597: push  %r14
  0x7ffff78b4599: mov    %esi,%r14d
  0x7ffff78b459c: push  %r13
  0x7ffff78b459e: mov    %rcx,%r13
  0x7ffff78b45a1: push  %r12
  0x7ffff78b45a3: mov    %edi,%r12d
  0x7ffff78b45a6: push  %rbp
  0x7ffff78b45a7: push  %rbx
  0x7ffff78b45a8: sub    $0xb8,%rsp
  0x7ffff78b45af: test  %rcx,%rcx
  0x7ffff78b45b2: mov    %rdx,0x8(%rsp)
  0x7ffff78b45b7: je    0x7ffff78b46c2
  0x7ffff78b45bd: data32 xchg %ax,%ax
  0x7ffff78b45c0: xor    %eax,%eax
  0x7ffff78b45c2: mov    $0x1,%ecx
  0x7ffff78b45c7:
    lock cmpxchg %ecx,0x70723d(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b45cf: setne  %dl
  0x7ffff78b45d2: test  %dl,%dl
  0x7ffff78b45d4: je    0x7ffff78b46d4
  0x7ffff78b45da: mov    0x70722c(%rip),%ebx        # 0x7ffff7fbb80c
  0x7ffff78b45e0: test  %ebx,%ebx
  0x7ffff78b45e2: je    0x7ffff78b45c0
  0x7ffff78b45e4: mov    0x707222(%rip),%ebp        # 0x7ffff7fbb80c
  0x7ffff78b45ea: test  %ebp,%ebp
  0x7ffff78b45ec: je    0x7ffff78b45c0
  0x7ffff78b45ee: mov    0x707218(%rip),%edx        # 0x7ffff7fbb80c
  0x7ffff78b45f4: test  %edx,%edx
  0x7ffff78b45f6: je    0x7ffff78b45c0
  0x7ffff78b45f8: mov    0x70720e(%rip),%ecx        # 0x7ffff7fbb80c
  0x7ffff78b45fe: test  %ecx,%ecx
  0x7ffff78b4600: je    0x7ffff78b45c0
  0x7ffff78b4602: mov    0x707204(%rip),%esi        # 0x7ffff7fbb80c
  0x7ffff78b4608: test  %esi,%esi
  0x7ffff78b460a: je    0x7ffff78b45c0
  0x7ffff78b460c: mov    0x7071fa(%rip),%edi        # 0x7ffff7fbb80c
  0x7ffff78b4612: test  %edi,%edi
  0x7ffff78b4614: je    0x7ffff78b45c0
  0x7ffff78b4616: mov    0x7071f0(%rip),%ebx        # 0x7ffff7fbb80c
  0x7ffff78b461c: test  %ebx,%ebx
  0x7ffff78b461e: je    0x7ffff78b45c0
  0x7ffff78b4620: mov    0x7071e5(%rip),%r9d        # 0x7ffff7fbb80c
  0x7ffff78b4627: test  %r9d,%r9d
  0x7ffff78b462a: jne    0x7ffff78b45da
  0x7ffff78b462c: jmp    0x7ffff78b45c0
  0x7ffff78b462e: mov    %rax,0x8(%rbx)
  0x7ffff78b4632: mov    %rbx,0x10(%rax)
  0x7ffff78b4636: mov    0x0(%r13),%edi
  0x7ffff78b463a: lea    0x90(%rsp),%rdx
  0x7ffff78b4642: xor    %eax,%eax
  0x7ffff78b4644: mov    $0xc01446ce,%esi
  0x7ffff78b4649: mov    %edi,(%rbx)
  0x7ffff78b464b: movq  $0x0,0x90(%rsp)
  0x7ffff78b4657: movq  $0x0,0x98(%rsp)
  0x7ffff78b4663: movl  $0x0,0xa0(%rsp)
  0x7ffff78b466e: mov    %r12d,0x90(%rsp)
  0x7ffff78b4676: mov    %r14d,0x94(%rsp)
  0x7ffff78b467e: mov    %edi,0x9c(%rsp)
  0x7ffff78b4685: callq  0x7ffff782ab20 <ioctl@plt>
  0x7ffff78b468a: test  %eax,%eax
  0x7ffff78b468c: js    0x7ffff78b49f8
  0x7ffff78b4692: mov    0xa0(%rsp),%r8d
  0x7ffff78b469a: test  %r8d,%r8d
  0x7ffff78b469d: jne    0x7ffff78b4a03
  0x7ffff78b46a3: mov    0x98(%rsp),%edx
  0x7ffff78b46aa: xor    %eax,%eax
  0x7ffff78b46ac: mov    %edx,0x4(%rbx)
  0x7ffff78b46af: cmpq  $0x0,0x8(%rsp)
  0x7ffff78b46b5: je    0x7ffff78b46c2
  0x7ffff78b46b7: mov    0x8(%rsp),%r13
  0x7ffff78b46bc: xor    %eax,%eax
  0x7ffff78b46be: mov    %edx,0x0(%r13)
  0x7ffff78b46c2: add    $0xb8,%rsp
  0x7ffff78b46c9: pop    %rbx
  0x7ffff78b46ca: pop    %rbp
  0x7ffff78b46cb: pop    %r12
  0x7ffff78b46cd: pop    %r13
  0x7ffff78b46cf: pop    %r14
  0x7ffff78b46d1: pop    %r15
  0x7ffff78b46d3: retq 
  0x7ffff78b46d4: mov    0x703f0d(%rip),%rsi        # 0x7ffff7fb85e8
  0x7ffff78b46db: mov    (%rsi),%rbp
  0x7ffff78b46de: test  %rbp,%rbp
  0x7ffff78b46e1: jne    0x7ffff78b46f5
  0x7ffff78b46e3: jmpq  0x7ffff78b47bf
  0x7ffff78b46e8: mov    0x30(%rbp),%rbp
  0x7ffff78b46ec: test  %rbp,%rbp
  0x7ffff78b46ef: je    0x7ffff78b47bf
  0x7ffff78b46f5: cmp    0x0(%rbp),%r12d
  0x7ffff78b46f9: jne    0x7ffff78b46e8
  0x7ffff78b46fb: cmp    0x4(%rbp),%r14d
  0x7ffff78b46ff: nop
  0x7ffff78b4700: jne    0x7ffff78b46e8
  0x7ffff78b4702: movl  $0x0,0x707100(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b470c: mov    0x704edd(%rip),%rcx        # 0x7ffff7fb95f0
  0x7ffff78b4713: xor    %edx,%edx
  0x7ffff78b4715: mov    0x28(%rbp),%rdi
  0x7ffff78b4719: cmp    %rdi,%rcx
  0x7ffff78b471c: je    0x7ffff78b48ce
  0x7ffff78b4722: lea    0x38(%rcx),%rbx
  0x7ffff78b4726: lea    0x1(%rdx),%esi
  0x7ffff78b4729: cmp    %rdi,%rbx
  0x7ffff78b472c: mov    %esi,%edx
  0x7ffff78b472e: je    0x7ffff78b48ce
  0x7ffff78b4734: lea    0x70(%rcx),%r9
  0x7ffff78b4738: inc    %edx
  0x7ffff78b473a: cmp    %rdi,%r9
  0x7ffff78b473d: je    0x7ffff78b48ce
  0x7ffff78b4743: lea    0xa8(%rcx),%r10
  0x7ffff78b474a: lea    0x2(%rsi),%edx
  0x7ffff78b474d: cmp    %rdi,%r10
  0x7ffff78b4750: je    0x7ffff78b48ce
  0x7ffff78b4756: lea    0xe0(%rcx),%r11
  0x7ffff78b475d: lea    0x3(%rsi),%edx
  0x7ffff78b4760: cmp    %rdi,%r11
  0x7ffff78b4763: je    0x7ffff78b48ce
  0x7ffff78b4769: lea    0x118(%rcx),%rax
  0x7ffff78b4770: lea    0x4(%rsi),%edx
  0x7ffff78b4773: cmp    %rdi,%rax
  0x7ffff78b4776: je    0x7ffff78b48ce
  0x7ffff78b477c: lea    0x150(%rcx),%r15
  0x7ffff78b4783: lea    0x5(%rsi),%edx
  0x7ffff78b4786: cmp    %rdi,%r15
  0x7ffff78b4789: je    0x7ffff78b48ce
  0x7ffff78b478f: lea    0x188(%rcx),%r8
  0x7ffff78b4796: lea    0x6(%rsi),%edx
  0x7ffff78b4799: cmp    %rdi,%r8
  0x7ffff78b479c: je    0x7ffff78b48ce
  0x7ffff78b47a2: lea    0x7(%rsi),%edx
  0x7ffff78b47a5: add    $0x1c0,%rcx
  0x7ffff78b47ac: cmp    $0x20,%edx
  0x7ffff78b47af: jne    0x7ffff78b4719
  0x7ffff78b47b5: mov    $0x2a,%eax
  0x7ffff78b47ba: jmpq  0x7ffff78b46c2
  0x7ffff78b47bf: mov    0x7031ea(%rip),%rdi        # 0x7ffff7fb79b0
  0x7ffff78b47c6: lea    0x10(%rsp),%r15
  0x7ffff78b47cb: lea    0x4d0afb(%rip),%rdx        # 0x7ffff7d852cd
  0x7ffff78b47d2: mov    $0x80,%esi
  0x7ffff78b47d7: xor    %eax,%eax
  0x7ffff78b47d9: movl  $0x0,0x707029(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b47e3: movl  $0x2a,0xac(%rsp)
  0x7ffff78b47ee: mov    (%rdi),%rbp
  0x7ffff78b47f1: mov    %r15,%rdi
  0x7ffff78b47f4: callq  0x7ffff782a740 <snprintf@plt>
  0x7ffff78b47f9: mov    $0xff,%esi
  0x7ffff78b47fe: mov    %r15,%rdi
  0x7ffff78b4801: callq  0x7ffff78b0050
  0x7ffff78b4806: xor    %eax,%eax
  0x7ffff78b4808: mov    $0x2,%esi
  0x7ffff78b480d: mov    %r15,%rdi
  0x7ffff78b4810: callq  0x7ffff782a360 <open64@plt>
  0x7ffff78b4815: test  %eax,%eax
  0x7ffff78b4817: js    0x7ffff78b48c4
  0x7ffff78b481d: movl  $0x0,0xac(%rsp)
  0x7ffff78b4828: mov    %eax,0x0(%r13)
  0x7ffff78b482c: mov    0x0(%r13),%r8d
  0x7ffff78b4830: test  %r8d,%r8d
  0x7ffff78b4833: js    0x7ffff78b48b8
  0x7ffff78b4839: mov    %rbp,%r15
  0x7ffff78b483c: add    $0x10,%r15
  0x7ffff78b4840: jne    0x7ffff78b490b
  0x7ffff78b4846: mov    0x703163(%rip),%r9        # 0x7ffff7fb79b0
  0x7ffff78b484d: cmp    (%r9),%rbp
  0x7ffff78b4850: je    0x7ffff78b4870
  0x7ffff78b4852: mov    0x0(%r13),%esi
  0x7ffff78b4856: mov    %rbp,%rdi
  0x7ffff78b4859: callq  0x7ffff78afd90
  0x7ffff78b485e: mov    $0x2a,%eax
  0x7ffff78b4863: movl  $0xffffffff,0x0(%r13)
  0x7ffff78b486b: jmpq  0x7ffff78b46c2
  0x7ffff78b4870: test  %rbp,%rbp
  0x7ffff78b4873: mov    0x0(%r13),%ebx
  0x7ffff78b4877: je    0x7ffff78b48af
  0x7ffff78b4879: mov    0x10(%rbp),%rdi
  0x7ffff78b487d: test  %rdi,%rdi
  0x7ffff78b4880: jne    0x7ffff78b488d
  0x7ffff78b4882: jmp    0x7ffff78b48f2
  0x7ffff78b4884: mov    0x10(%rdi),%rdi
  0x7ffff78b4888: test  %rdi,%rdi
  0x7ffff78b488b: je    0x7ffff78b48f2
  0x7ffff78b488d: cmp    (%rdi),%ebx
  0x7ffff78b488f: nop
  0x7ffff78b4890: jne    0x7ffff78b4884
  0x7ffff78b4892: mov    (%r15),%rax
  0x7ffff78b4895: test  %rax,%rax
  0x7ffff78b4898: je    0x7ffff78b48af
  0x7ffff78b489a: cmp    %rax,%rdi
  0x7ffff78b489d: data32 xchg %ax,%ax
  0x7ffff78b48a0: je    0x7ffff78b49c8
  0x7ffff78b48a6: mov    0x10(%rax),%rax
  0x7ffff78b48aa: test  %rax,%rax
  0x7ffff78b48ad: jne    0x7ffff78b489a
  0x7ffff78b48af: mov    %ebx,%edi
  0x7ffff78b48b1: callq  0x7ffff782ab40 <close@plt>
  0x7ffff78b48b6: jmp    0x7ffff78b485e
  0x7ffff78b48b8: mov    0xac(%rsp),%eax
  0x7ffff78b48bf: jmpq  0x7ffff78b46c2
  0x7ffff78b48c4: mov    $0xffffffff,%eax
  0x7ffff78b48c9: jmpq  0x7ffff78b4828
  0x7ffff78b48ce: test  %edx,%edx
  0x7ffff78b48d0: js    0x7ffff78b47b5
  0x7ffff78b48d6: lea    0xac(%rsp),%rcx
  0x7ffff78b48de: mov    %rbp,%rsi
  0x7ffff78b48e1: mov    %r12d,%edi
  0x7ffff78b48e4: callq  0x7ffff78b0270
  0x7ffff78b48e9: mov    %eax,0x0(%r13)
  0x7ffff78b48ed: jmpq  0x7ffff78b482c
  0x7ffff78b48f2: cmp    0xc(%rbp),%ebx
  0x7ffff78b48f5: mov    %ebx,%r12d
  0x7ffff78b48f8: setne  %r14b
  0x7ffff78b48fc: shr    $0x1f,%r12d
  0x7ffff78b4900: or    %r12b,%r14b
  0x7ffff78b4903: jne    0x7ffff78b485e
  0x7ffff78b4909: jmp    0x7ffff78b48af
  0x7ffff78b490b: mov    $0x18,%edi
  0x7ffff78b4910: callq  0x7ffff782a470 <malloc@plt>
  0x7ffff78b4915: test  %rax,%rax
  0x7ffff78b4918: mov    %rax,%rbx
  0x7ffff78b491b: je    0x7ffff78b4846
  0x7ffff78b4921: movq  $0x0,0x10(%rax)
  0x7ffff78b4929: movl  $0xffffffff,(%rax)
  0x7ffff78b492f: movl  $0x0,0x4(%rax)
  0x7ffff78b4936: mov    0x10(%rbp),%rax
  0x7ffff78b493a: test  %rax,%rax
  0x7ffff78b493d: je    0x7ffff78b4a85
  0x7ffff78b4943: mov    0x10(%rax),%rdx
  0x7ffff78b4947: test  %rdx,%rdx
  0x7ffff78b494a: je    0x7ffff78b462e
  0x7ffff78b4950: mov    %rdx,%rax
  0x7ffff78b4953: mov    0x10(%rdx),%rdx
  0x7ffff78b4957: test  %rdx,%rdx
  0x7ffff78b495a: je    0x7ffff78b462e
  0x7ffff78b4960: mov    %rdx,%rax
  0x7ffff78b4963: mov    0x10(%rdx),%rdx
  0x7ffff78b4967: test  %rdx,%rdx
  0x7ffff78b496a: je    0x7ffff78b462e
  0x7ffff78b4970: mov    %rdx,%rax
  0x7ffff78b4973: mov    0x10(%rdx),%rdx
  0x7ffff78b4977: test  %rdx,%rdx
  0x7ffff78b497a: je    0x7ffff78b462e
  0x7ffff78b4980: mov    %rdx,%rax
  0x7ffff78b4983: mov    0x10(%rdx),%rdx
  0x7ffff78b4987: test  %rdx,%rdx
  0x7ffff78b498a: je    0x7ffff78b462e
  0x7ffff78b4990: mov    %rdx,%rax
  0x7ffff78b4993: mov    0x10(%rdx),%rdx
  0x7ffff78b4997: test  %rdx,%rdx
  0x7ffff78b499a: je    0x7ffff78b462e
  0x7ffff78b49a0: mov    %rdx,%rax
  0x7ffff78b49a3: mov    0x10(%rdx),%rdx
  0x7ffff78b49a7: test  %rdx,%rdx
  0x7ffff78b49aa: je    0x7ffff78b462e
  0x7ffff78b49b0: mov    %rdx,%rax
  0x7ffff78b49b3: mov    0x10(%rdx),%rdx
  0x7ffff78b49b7: test  %rdx,%rdx
  0x7ffff78b49ba: je    0x7ffff78b462e
  0x7ffff78b49c0: mov    %rdx,%rax
  0x7ffff78b49c3: jmpq  0x7ffff78b4943
  0x7ffff78b49c8: mov    0x8(%rdi),%rdx
  0x7ffff78b49cc: test  %rdx,%rdx
  0x7ffff78b49cf: je    0x7ffff78b4a77
  0x7ffff78b49d5: mov    0x10(%rdi),%rbp
  0x7ffff78b49d9: mov    %rbp,0x10(%rdx)
  0x7ffff78b49dd: mov    0x10(%rdi),%rdx
  0x7ffff78b49e1: test  %rdx,%rdx
  0x7ffff78b49e4: je    0x7ffff78b49ee
  0x7ffff78b49e6: mov    0x8(%rdi),%r11
  0x7ffff78b49ea: mov    %r11,0x8(%rdx)
  0x7ffff78b49ee: callq  0x7ffff782abf0 <free@plt>
  0x7ffff78b49f3: jmpq  0x7ffff78b48af
  0x7ffff78b49f8: movl  $0x2a,0xa0(%rsp)
  0x7ffff78b4a03: mov    0x702fa6(%rip),%rdx        # 0x7ffff7fb79b0
  0x7ffff78b4a0a: cmp    (%rdx),%rbp
  0x7ffff78b4a0d: je    0x7ffff78b4a2f
  0x7ffff78b4a0f: mov    0x0(%r13),%esi
  0x7ffff78b4a13: mov    %rbp,%rdi
  0x7ffff78b4a16: callq  0x7ffff78afd90
  0x7ffff78b4a1b: movl  $0xffffffff,0x0(%r13)
  0x7ffff78b4a23: mov    0xa0(%rsp),%eax
  0x7ffff78b4a2a: jmpq  0x7ffff78b46c2
  0x7ffff78b4a2f: test  %rbp,%rbp
  0x7ffff78b4a32: mov    0x0(%r13),%ebx
  0x7ffff78b4a36: je    0x7ffff78b4a6e
  0x7ffff78b4a38: mov    0x10(%rbp),%rdi
  0x7ffff78b4a3c: test  %rdi,%rdi
  0x7ffff78b4a3f: je    0x7ffff78b4a5b
  0x7ffff78b4a41: cmp    %ebx,(%rdi)
  0x7ffff78b4a43: jne    0x7ffff78b4a52
  0x7ffff78b4a45: jmp    0x7ffff78b4a96
  0x7ffff78b4a47: cmp    (%rdi),%ebx
  0x7ffff78b4a49: data32 data32 xchg %ax,%ax
  0x7ffff78b4a4d: data32 xchg %ax,%ax
  0x7ffff78b4a50: je    0x7ffff78b4a96
  0x7ffff78b4a52: mov    0x10(%rdi),%rdi
  0x7ffff78b4a56: test  %rdi,%rdi
  0x7ffff78b4a59: jne    0x7ffff78b4a47
  0x7ffff78b4a5b: cmp    0xc(%rbp),%ebx
  0x7ffff78b4a5e: mov    %ebx,%r15d
  0x7ffff78b4a61: setne  %dil
  0x7ffff78b4a65: shr    $0x1f,%r15d
  0x7ffff78b4a69: or    %r15b,%dil
  0x7ffff78b4a6c: jne    0x7ffff78b4a1b
  0x7ffff78b4a6e: mov    %ebx,%edi
  0x7ffff78b4a70: callq  0x7ffff782ab40 <close@plt>
  0x7ffff78b4a75: jmp    0x7ffff78b4a1b
  0x7ffff78b4a77: mov    0x10(%rdi),%r10
  0x7ffff78b4a7b: mov    %r10,(%r15)
  0x7ffff78b4a7e: xchg  %ax,%ax
  0x7ffff78b4a80: jmpq  0x7ffff78b49dd
  0x7ffff78b4a85: movq  $0x0,0x8(%rbx)
  0x7ffff78b4a8d: mov    %rbx,0x10(%rbp)
  0x7ffff78b4a91: jmpq  0x7ffff78b4636
  0x7ffff78b4a96: mov    (%r15),%rax
  0x7ffff78b4a99: test  %rax,%rax
  0x7ffff78b4a9c: jne    0x7ffff78b4aab
  0x7ffff78b4a9e: xchg  %ax,%ax
  0x7ffff78b4aa0: jmp    0x7ffff78b4a6e
  0x7ffff78b4aa2: mov    0x10(%rax),%rax
  0x7ffff78b4aa6: test  %rax,%rax
  0x7ffff78b4aa9: je    0x7ffff78b4a6e
  0x7ffff78b4aab: cmp    %rax,%rdi
  0x7ffff78b4aae: xchg  %ax,%ax
  0x7ffff78b4ab0: jne    0x7ffff78b4aa2
  0x7ffff78b4ab2: mov    0x8(%rdi),%rdx
  0x7ffff78b4ab6: test  %rdx,%rdx
  0x7ffff78b4ab9: je    0x7ffff78b4adb
  0x7ffff78b4abb: mov    0x10(%rdi),%rax
  0x7ffff78b4abf: mov    %rax,0x10(%rdx)
  0x7ffff78b4ac3: mov    0x10(%rdi),%rdx
  0x7ffff78b4ac7: test  %rdx,%rdx
  0x7ffff78b4aca: je    0x7ffff78b4ad4
  0x7ffff78b4acc: mov    0x8(%rdi),%rsi
  0x7ffff78b4ad0: mov    %rsi,0x8(%rdx)
  0x7ffff78b4ad4: callq  0x7ffff782abf0 <free@plt>
  0x7ffff78b4ad9: jmp    0x7ffff78b4a6e
  0x7ffff78b4adb: mov    0x10(%rdi),%rcx
  0x7ffff78b4adf: mov    %rcx,(%r15)
  0x7ffff78b4ae2: jmp    0x7ffff78b4ac3
  0x7ffff78b4ae4: data32 data32 xchg %ax,%ax
  0x7ffff78b4ae8: data32 data32 xchg %ax,%ax
  0x7ffff78b4aec: data32 data32 xchg %ax,%ax
  0x7ffff78b4af0: push  %r15
  0x7ffff78b4af2: mov    $0x1,%ecx
  0x7ffff78b4af7: mov    %edx,%r15d
  0x7ffff78b4afa: push  %r14
  0x7ffff78b4afc: mov    %edi,%r14d
  0x7ffff78b4aff: push  %r13
  0x7ffff78b4b01: push  %r12
  0x7ffff78b4b03: push  %rbp
  0x7ffff78b4b04: push  %rbx
  0x7ffff78b4b05: sub    $0x28,%rsp
  0x7ffff78b4b09: lea    0x10(%rsp),%rax
  0x7ffff78b4b0e: mov    %rax,(%rsp)
  0x7ffff78b4b12: movl  $0x0,0xc(%rax)
  0x7ffff78b4b19: mov    %edi,0x10(%rsp)
  0x7ffff78b4b1d: xor    %edi,%edi
  0x7ffff78b4b1f: cmp    %edx,%r14d
  0x7ffff78b4b22: mov    %esi,0x14(%rsp)
  0x7ffff78b4b26: mov    %edx,0x18(%rsp)
  0x7ffff78b4b2a: je    0x7ffff78b4ba8
  0x7ffff78b4b2c: data32 data32 xchg %ax,%ax
  0x7ffff78b4b30: xor    %eax,%eax
  0x7ffff78b4b32: mov    $0x1,%r9d
  0x7ffff78b4b38:
    lock cmpxchg %r9d,0x706ccb(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b4b41: setne  %dl
  0x7ffff78b4b44: test  %dl,%dl
  0x7ffff78b4b46: je    0x7ffff78b4c15
  0x7ffff78b4b4c: mov    0x706cb9(%rip),%r10d        # 0x7ffff7fbb80c
  0x7ffff78b4b53: test  %r10d,%r10d
  0x7ffff78b4b56: je    0x7ffff78b4b30
  0x7ffff78b4b58: mov    0x706cae(%rip),%ebx        # 0x7ffff7fbb80c
  0x7ffff78b4b5e: test  %ebx,%ebx
  0x7ffff78b4b60: je    0x7ffff78b4b30
  0x7ffff78b4b62: mov    0x706ca3(%rip),%r12d        # 0x7ffff7fbb80c
  0x7ffff78b4b69: test  %r12d,%r12d
  0x7ffff78b4b6c: je    0x7ffff78b4b30
  0x7ffff78b4b6e: mov    0x706c97(%rip),%r9d        # 0x7ffff7fbb80c
  0x7ffff78b4b75: test  %r9d,%r9d
  0x7ffff78b4b78: je    0x7ffff78b4b30
  0x7ffff78b4b7a: mov    0x706c8c(%rip),%edi        # 0x7ffff7fbb80c
  0x7ffff78b4b80: test  %edi,%edi
  0x7ffff78b4b82: je    0x7ffff78b4b30
  0x7ffff78b4b84: mov    0x706c81(%rip),%r10d        # 0x7ffff7fbb80c
  0x7ffff78b4b8b: test  %r10d,%r10d
  0x7ffff78b4b8e: je    0x7ffff78b4b30
  0x7ffff78b4b90: mov    0x706c76(%rip),%ecx        # 0x7ffff7fbb80c
  0x7ffff78b4b96: test  %ecx,%ecx
  0x7ffff78b4b98: je    0x7ffff78b4b30
  0x7ffff78b4b9a: mov    0x706c6b(%rip),%r11d        # 0x7ffff7fbb80c
  0x7ffff78b4ba1: test  %r11d,%r11d
  0x7ffff78b4ba4: jne    0x7ffff78b4b4c
  0x7ffff78b4ba6: jmp    0x7ffff78b4b30
  0x7ffff78b4ba8: mov    %edi,%eax
  0x7ffff78b4baa:
    lock cmpxchg %ecx,0x706c5a(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b4bb2: setne  %dl
  0x7ffff78b4bb5: test  %dl,%dl
  0x7ffff78b4bb7: je    0x7ffff78b4da0
  0x7ffff78b4bbd: mov    0x706c49(%rip),%ebx        # 0x7ffff7fbb80c
  0x7ffff78b4bc3: test  %ebx,%ebx
  0x7ffff78b4bc5: je    0x7ffff78b4ba8
  0x7ffff78b4bc7: mov    0x706c3e(%rip),%r13d        # 0x7ffff7fbb80c
  0x7ffff78b4bce: test  %r13d,%r13d
  0x7ffff78b4bd1: je    0x7ffff78b4ba8
  0x7ffff78b4bd3: mov    0x706c33(%rip),%esi        # 0x7ffff7fbb80c
  0x7ffff78b4bd9: test  %esi,%esi
  0x7ffff78b4bdb: je    0x7ffff78b4ba8
  0x7ffff78b4bdd: mov    0x706c28(%rip),%r10d        # 0x7ffff7fbb80c
  0x7ffff78b4be4: test  %r10d,%r10d
  0x7ffff78b4be7: je    0x7ffff78b4ba8
  0x7ffff78b4be9: mov    0x706c1c(%rip),%r11d        # 0x7ffff7fbb80c
  0x7ffff78b4bf0: test  %r11d,%r11d
  0x7ffff78b4bf3: je    0x7ffff78b4ba8
  0x7ffff78b4bf5: mov    0x706c11(%rip),%edx        # 0x7ffff7fbb80c
  0x7ffff78b4bfb: test  %edx,%edx
  0x7ffff78b4bfd: je    0x7ffff78b4ba8
  0x7ffff78b4bff: mov    0x706c07(%rip),%ebp        # 0x7ffff7fbb80c
  0x7ffff78b4c05: test  %ebp,%ebp
  0x7ffff78b4c07: je    0x7ffff78b4ba8
  0x7ffff78b4c09: mov    0x706bfd(%rip),%eax        # 0x7ffff7fbb80c
  0x7ffff78b4c0f: test  %eax,%eax
  0x7ffff78b4c11: jne    0x7ffff78b4bbd
  0x7ffff78b4c13: jmp    0x7ffff78b4ba8
  0x7ffff78b4c15: mov    0x7039cc(%rip),%r11        # 0x7ffff7fb85e8
  0x7ffff78b4c1c: mov    (%r11),%rbx
  0x7ffff78b4c1f: test  %rbx,%rbx
  0x7ffff78b4c22: je    0x7ffff78b4cc8
  0x7ffff78b4c28: mov    %rbx,%rax
  0x7ffff78b4c2b: jmp    0x7ffff78b4c3d
  0x7ffff78b4c2d: data32 xchg %ax,%ax
  0x7ffff78b4c30: mov    0x30(%rax),%rax
  0x7ffff78b4c34: test  %rax,%rax
  0x7ffff78b4c37: je    0x7ffff78b4cc8
  0x7ffff78b4c3d: cmp    (%rax),%r14d
  0x7ffff78b4c40: jne    0x7ffff78b4c30
  0x7ffff78b4c42: cmp    0x4(%rax),%r15d
  0x7ffff78b4c46: jne    0x7ffff78b4c30
  0x7ffff78b4c48: movl  $0x0,0x706bba(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b4c52: xor    %eax,%eax
  0x7ffff78b4c54: mov    $0x1,%r12d
  0x7ffff78b4c5a:
    lock cmpxchg %r12d,0x706ba9(%rip)        # 0x7ffff7fbb80c
  0x7ffff78b4c63: setne  %dl
  0x7ffff78b4c66: test  %dl,%dl
  0x7ffff78b4c68: je    0x7ffff78b4fa2
  0x7ffff78b4c6e: mov    0x706b97(%rip),%r13d        # 0x7ffff7fbb80c
  0x7ffff78b4c75: test  %r13d,%r13d
  0x7ffff78b4c78: je    0x7ffff78b4c52
  0x7ffff78b4c7a: mov    0x706b8b(%rip),%r11d        # 0x7ffff7fbb80c
  0x7ffff78b4c81: test  %r11d,%r11d
  0x7ffff78b4c84: je    0x7ffff78b4c52</pre>
===readelf===
<pre>[hyperbox](0) $ readelf  -D -d -s -S /usr/lib/libcuda.so
There are 26 section headers, starting at offset 0x70f4f0:
 
Section Headers:
  [Nr] Name              Type            Address          Offset
      Size              EntSize          Flags  Link  Info  Align
  [ 0]                  NULL            0000000000000000  00000000
      0000000000000000  0000000000000000          0    0    0
  [ 1] .hash            HASH            0000000000000158  00000158
      0000000000000960  0000000000000004  A      2    0    8
  [ 2] .dynsym          DYNSYM          0000000000000ab8  00000ab8
      0000000000001f68  0000000000000018  A      3    32    8
  [ 3] .dynstr          STRTAB          0000000000002a20  00002a20
      0000000000000fac  0000000000000000  A      0    0    1
  [ 4] .gnu.version      VERSYM          00000000000039cc  000039cc
      000000000000029e  0000000000000002  A      2    0    2
  [ 5] .gnu.version_r    VERNEED          0000000000003c70  00003c70
      00000000000000a0  0000000000000000  A      3    4    8
  [ 6] .rela.dyn        RELA            0000000000003d10  00003d10
      000000000007a4a8  0000000000000018  A      2    0    8
  [ 7] .rela.plt        RELA            000000000007e1b8  0007e1b8
      0000000000001050  0000000000000018  A      2    9    8
  [ 8] .init            PROGBITS        000000000007f208  0007f208
      0000000000000018  0000000000000000  AX      0    0    4
  [ 9] .plt              PROGBITS        000000000007f220  0007f220
      0000000000000af0  0000000000000010  AX      0    0    4
  [10] .text            PROGBITS        000000000007fd10  0007fd10
      0000000000547db8  0000000000000000  AX      0    0    16
  [11] .fini            PROGBITS        00000000005c7ac8  005c7ac8
      000000000000000e  0000000000000000  AX      0    0    4
  [12] .rodata          PROGBITS        00000000005c7ae0  005c7ae0
      0000000000098e1c  0000000000000000  A      0    0    32
  [13] .eh_frame_hdr    PROGBITS        00000000006608fc  006608fc
      0000000000018dbc  0000000000000000  A      0    0    4
  [14] .data            PROGBITS        00000000007796c0  006796c0
      000000000002e860  0000000000000000  WA      0    0    32
  [15] .nvFatBinSegment  PROGBITS        00000000007a7f20  006a7f20
      0000000000000180  0000000000000000  WA      0    0    32
  [16] .eh_frame        PROGBITS        00000000007a80a0  006a80a0
      0000000000063a74  0000000000000000  A      0    0    8
  [17] .dynamic          DYNAMIC          000000000080bb18  0070bb18
      00000000000001d0  0000000000000010  WA      3    0    8
  [18] .ctors            PROGBITS        000000000080bce8  0070bce8
      0000000000000020  0000000000000000  WA      0    0    8
  [19] .dtors            PROGBITS        000000000080bd08  0070bd08
      0000000000000018  0000000000000000  WA      0    0    8
  [20] .jcr              PROGBITS        000000000080bd20  0070bd20
      0000000000000008  0000000000000000  WA      0    0    8
  [21] .got              PROGBITS        000000000080bd28  0070bd28
      00000000000036e0  0000000000000008  WA      0    0    8
  [22] .bss              NOBITS          000000000080f420  0070f420
      000000000002a2b8  0000000000000000  WA      0    0    32
  [23] .shstrtab        STRTAB          0000000000000000  0070f420
      00000000000000d0  0000000000000000          0    0    1
  [24] .symtab          SYMTAB          0000000000000000  0070fb70
      0000000000000240  0000000000000018          25    24    8
  [25] .strtab          STRTAB          0000000000000000  0070fdb0
      000000000000000e  0000000000000000          0    0    1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings)
  I (info), L (link order), G (group), x (unknown)
  O (extra OS processing required) o (OS specific), p (processor specific)
 
Dynamic section at offset 0x70bb18 contains 25 entries:
  Tag        Type                        Name/Value
0x0000000000000001 (NEEDED)            Shared library: [libpthread.so.0]
0x0000000000000001 (NEEDED)            Shared library: [libz.so.1]
0x0000000000000001 (NEEDED)            Shared library: [libdl.so.2]
0x0000000000000001 (NEEDED)            Shared library: [libm.so.6]
0x0000000000000001 (NEEDED)            Shared library: [libc.so.6]
0x000000000000000e (SONAME)            Library soname: [libcuda.so.1]
0x000000000000000c (INIT)              0x7f208
0x000000000000000d (FINI)              0x5c7ac8
0x0000000000000004 (HASH)              0x158
0x0000000000000005 (STRTAB)            0x2a20
0x0000000000000006 (SYMTAB)            0xab8
0x000000000000000a (STRSZ)              4012 (bytes)
0x000000000000000b (SYMENT)            24 (bytes)
0x0000000000000003 (PLTGOT)            0x80bd28
0x0000000000000002 (PLTRELSZ)          4176 (bytes)
0x0000000000000014 (PLTREL)            RELA
0x0000000000000017 (JMPREL)            0x7e1b8
0x0000000000000007 (RELA)              0x3d10
0x0000000000000008 (RELASZ)            500904 (bytes)
0x0000000000000009 (RELAENT)            24 (bytes)
0x000000006ffffffe (VERNEED)            0x3c70
0x000000006fffffff (VERNEEDNUM)        4
0x000000006ffffff0 (VERSYM)            0x39cc
0x000000006ffffff9 (RELACOUNT)          20862
0x0000000000000000 (NULL)              0x0
 
Symbol table for image:
  Num Buc:    Value          Size  Type  Bind Vis      Ndx Name
  323  0: 0000000000000000    3    FUNC GLOBAL DEFAULT UND pthread_attr_destroy
  238  1: 0000000000000000  418    FUNC GLOBAL DEFAULT UND strchr
  193  1: 0000000000118380  654    FUNC GLOBAL DEFAULT  10 cuModuleGetFunction
  191  1: 0000000000110220  690    FUNC GLOBAL DEFAULT  10 cuTexRefSetAddress2D
  330  2: 0000000000000000    42    FUNC GLOBAL DEFAULT UND mmap
  234  2: 0000000000117930  626    FUNC GLOBAL DEFAULT  10 cuMemAlloc
  147  2: 000000000011c7a0  654    FUNC GLOBAL DEFAULT  10 cuGLMapBufferObject
  271  3: 0000000000117bb0  626    FUNC GLOBAL DEFAULT  10 cuMemGetInfo
  225  3: 000000000010edf0  626    FUNC GLOBAL DEFAULT  10 cuTexRefGetFilterMode
  141  4: 0000000000000000  105    FUNC GLOBAL DEFAULT UND feof
  275  9: 0000000000000000    54    FUNC GLOBAL DEFAULT UND sigprocmask
  208  10: 0000000000000000  104    FUNC GLOBAL DEFAULT UND pthread_attr_setschedpara
  316  11: 000000000011cf50  654    FUNC GLOBAL DEFAULT  10 cuGraphicsGLRegisterBuffe
  46  12: 0000000000000000  132    FUNC GLOBAL DEFAULT UND read
  282  13: 0000000000000000  167    FUNC GLOBAL DEFAULT UND strspn
  156  13: 0000000000000000  234    FUNC GLOBAL DEFAULT UND fread
  304  15: 0000000000000000  199    FUNC GLOBAL DEFAULT UND free
  210  15: 0000000000000000    43    FUNC GLOBAL DEFAULT UND fileno
  269  17: 000000000010c340  626    FUNC GLOBAL DEFAULT  10 cuStreamCreate
  218  18: 0000000000119510  589    FUNC GLOBAL DEFAULT  10 cuCtxPopCurrent
  52  18: 0000000000000000    70    FUNC GLOBAL DEFAULT UND pthread_mutex_destroy
  119  21: 00000000001107a0  654    FUNC GLOBAL DEFAULT  10 cuTexRefSetArray
  280  22: 000000000010caa0  589    FUNC GLOBAL DEFAULT  10 cuEventSynchronize
  189  22: 000000000010a6a0  396    FUNC GLOBAL DEFAULT  10 cuCtxSynchronize
  103  22: 0000000000119760  589    FUNC GLOBAL DEFAULT  10 cuCtxPushCurrent
  67  22: 0000000000000000    10    FUNC GLOBAL DEFAULT UND gzopen
  231  23: 0000000000000000  108    FUNC GLOBAL DEFAULT UND __strtol_internal
  62  23: 000000000010b230  626    FUNC GLOBAL DEFAULT  10 cuGraphicsResourceSetMapF
  300  24: 0000000000000000    61    FUNC GLOBAL DEFAULT UND usleep
  163  24: 0000000000114870  589    FUNC GLOBAL DEFAULT  10 cuMemcpy3D
  247  26: 0000000000112570  723    FUNC GLOBAL DEFAULT  10 cuMemsetD2D32
  44  26: 0000000000119040  626    FUNC GLOBAL DEFAULT  10 cuModuleLoad
  258  28: 0000000000000000    17    FUNC GLOBAL DEFAULT UND pthread_attr_setschedpoli
  177  29: 0000000000000000    97    FUNC GLOBAL DEFAULT UND pthread_attr_setstacksize
  305  30: 0000000000000000    47    FUNC GLOBAL DEFAULT UND __isnan
  226  30: 0000000000115500  697    FUNC GLOBAL DEFAULT  10 cuMemcpyHtoA
  278  33: 0000000000000000    39    FUNC GLOBAL DEFAULT UND ioctl
  200  33: 0000000000116260  653    FUNC GLOBAL DEFAULT  10 cuMemcpyHtoD
  149  35: 000000000010c5c0  654    FUNC GLOBAL DEFAULT  10 cuEventElapsedTime
  86  35: 000000000010c0f0  581    FUNC GLOBAL DEFAULT  10 cuStreamQuery
  130  36: 0000000000000000    39    FUNC GLOBAL DEFAULT UND sysinfo
  132  37: 0000000000000000  210    FUNC GLOBAL DEFAULT UND pthread_mutex_lock
  227  40: 0000000000114d10  589    FUNC GLOBAL DEFAULT  10 cuMemcpy2D
  233  41: 0000000000000000  156    FUNC  WEAK DEFAULT UND __cxa_finalize
  68  43: 0000000000111b20  626    FUNC GLOBAL DEFAULT  10 cuFuncSetCacheConfig
  198  44: 00000000001130a0  669    FUNC GLOBAL DEFAULT  10 cuMemsetD16
  114  44: 000000000010fa80  626    FUNC GLOBAL DEFAULT  10 cuTexRefSetFilterMode
  137  45: 0000000000000000    8  OBJECT GLOBAL DEFAULT UND stdin
  107  47: 0000000000000000  169    FUNC GLOBAL DEFAULT UND popen
  87  47: 000000000010b4b0  654    FUNC GLOBAL DEFAULT  10 cuGraphicsResourceGetMapp
  276  48: 0000000000000000  132    FUNC GLOBAL DEFAULT UND msync
  270  48: 0000000000000000  144    FUNC GLOBAL DEFAULT UND sprintf
  255  48: 000000000010c850  589    FUNC GLOBAL DEFAULT  10 cuEventDestroy
  152  48: 0000000000000000    39    FUNC GLOBAL DEFAULT UND sched_get_priority_max
  186  50: 000000000011bb50  609    FUNC GLOBAL DEFAULT  10 cuGLUnmapBufferObjectAsyn
  48  52: 0000000000118860  626    FUNC GLOBAL DEFAULT  10 cuModuleLoadFatBinary
  236  53: 00000000001113d0  589    FUNC GLOBAL DEFAULT  10 cuArrayDestroy
  150  54: 000000000011b4e0  589    FUNC GLOBAL DEFAULT  10 cuDriverGetVersion
  160  55: 0000000000000000  144    FUNC GLOBAL DEFAULT UND fprintf
  206  56: 0000000000102120  281    FUNC GLOBAL DEFAULT  10 clGetExtensionFunctionAdd
  172  56: 0000000000000000    16    FUNC GLOBAL DEFAULT UND mkstemp
  47  56: 0000000000000000    10    FUNC GLOBAL DEFAULT UND getegid
  259  57: 0000000000117e30  654    FUNC GLOBAL DEFAULT  10 cuModuleGetTexRef
  242  57: 0000000000000000  152    FUNC GLOBAL DEFAULT UND strerror
  310  58: 0000000000000000  180    FUNC GLOBAL DEFAULT UND putchar
  324  59: 0000000000000000    36    FUNC GLOBAL DEFAULT UND sem_destroy
  299  59: 0000000000000000  4896    FUNC GLOBAL DEFAULT UND pow
  246  59: 00000000001118a0  626    FUNC GLOBAL DEFAULT  10 cuArrayCreate
  187  62: 000000000010cf40  609    FUNC GLOBAL DEFAULT  10 cuEventRecord
  112  62: 0000000000000000  200    FUNC GLOBAL DEFAULT UND pthread_setspecific
  99  62: 0000000000112850  725    FUNC GLOBAL DEFAULT  10 cuMemsetD2D16
  56  62: 0000000000000000  134    FUNC GLOBAL DEFAULT UND closedir
  209  63: 0000000000000000    39    FUNC GLOBAL DEFAULT UND rename
  123  64: 0000000000117160  654    FUNC GLOBAL DEFAULT  10 cuMemGetAddressRange
  54  64: 0000000000000000  213    FUNC GLOBAL DEFAULT UND floor
  252  65: 0000000000000000    10    FUNC GLOBAL DEFAULT UND getpid
  216  66: 0000000000000000    39    FUNC GLOBAL DEFAULT UND readlink
  212  66: 000000000011c2e0  595    FUNC GLOBAL DEFAULT  10 cuGLUnregisterBufferObjec
  95  66: 0000000000000000  176    FUNC GLOBAL DEFAULT UND rewind
  63  66: 0000000000000000    52    FUNC GLOBAL DEFAULT UND __isinf
  315  67: 00000000001135e0  609    FUNC GLOBAL DEFAULT  10 cuMemcpy3DAsync
  289  67: 0000000000000000    10    FUNC GLOBAL DEFAULT UND __errno_location
  220  67: 0000000000000000  262    FUNC GLOBAL DEFAULT UND pthread_key_delete
  64  68: 0000000000000000    38    FUNC GLOBAL DEFAULT UND mkfifo
  90  69: 0000000000000000  498    FUNC GLOBAL DEFAULT UND malloc
  333  70: 0000000000000000    0  NOTYPE  WEAK DEFAULT UND __gmon_start__
  140  71: 0000000000000000  992    FUNC GLOBAL DEFAULT UND log
  71  71: 0000000000000000  132    FUNC GLOBAL DEFAULT UND write
  287  72: 000000000011ca30  595    FUNC GLOBAL DEFAULT  10 cuGLRegisterBufferObject
  253  72: 0000000000000000    61    FUNC GLOBAL DEFAULT UND strrchr
  228  72: 0000000000112e10  653    FUNC GLOBAL DEFAULT  10 cuMemsetD32
  311  74: 0000000000000000  154    FUNC GLOBAL DEFAULT UND floorf
  105  75: 00000000000f03b0    5    FUNC GLOBAL DEFAULT  10 clGetPlatformInfo
  60  76: 000000000010eb60  654    FUNC GLOBAL DEFAULT  10 cuTexRefGetFormat
  161  77: 0000000000000000  204    FUNC GLOBAL DEFAULT UND perror
  222  79: 0000000000114060  682    FUNC GLOBAL DEFAULT  10 cuMemcpyDtoDAsync
  169  79: 0000000000000000  826    FUNC GLOBAL DEFAULT UND strcmp
  65  79: 0000000000000000  332    FUNC GLOBAL DEFAULT UND open64
  314  81: 0000000000000000  199    FUNC GLOBAL DEFAULT UND strstr
  215  81: 0000000000000000    39    FUNC GLOBAL DEFAULT UND munmap
  155  81: 0000000000110a30  589    FUNC GLOBAL DEFAULT  10 cuTexRefDestroy
  217  82: 0000000000113d90  716    FUNC GLOBAL DEFAULT  10 cuMemcpyHtoAAsync
  211  82: 0000000000000000  132    FUNC GLOBAL DEFAULT UND open
  309  83: 0000000000000000    19    FUNC GLOBAL DEFAULT UND fopen
  302  84: 000000000010f580  626    FUNC GLOBAL DEFAULT  10 cuTexRefGetAddress
  78  85: 000000000010bc50  581    FUNC GLOBAL DEFAULT  10 cuStreamDestroy
  142  86: 0000000000000000    3    FUNC GLOBAL DEFAULT UND pthread_mutexattr_destroy
  120  87: 0000000000000000  308    FUNC GLOBAL DEFAULT UND fwrite
  72  87: 0000000000000000    92    FUNC GLOBAL DEFAULT UND __ctype_tolower_loc
  55  88: 000000000011ad80  654    FUNC GLOBAL DEFAULT  10 cuDeviceGetName
  205  89: 0000000000000000    38    FUNC GLOBAL DEFAULT UND pthread_mutexattr_settype
  133  92: 000000000010f300  626    FUNC GLOBAL DEFAULT  10 cuTexRefGetArray
  267  93: 0000000000000000  120    FUNC GLOBAL DEFAULT UND dlsym
  96  94: 0000000000000000    24    FUNC GLOBAL DEFAULT UND getpagesize
  292  95: 000000000010aa90  626    FUNC GLOBAL DEFAULT  10 cuGetExportTable
  36  95: 00000000000d0b70    42    FUNC GLOBAL DEFAULT  10 cudbgGetAPIVersion
  272  96: 0000000000112030  626    FUNC GLOBAL DEFAULT  10 cuFuncSetSharedSize
  199  96: 0000000000000000    29    FUNC GLOBAL DEFAULT UND __isnanf
  327  99: 0000000000114310  682    FUNC GLOBAL DEFAULT  10 cuMemcpyDtoHAsync
  194  99: 0000000000000000    80    FUNC GLOBAL DEFAULT UND pthread_attr_init
  104  99: 00000000001180c0  697    FUNC GLOBAL DEFAULT  10 cuModuleGetGlobal
  136 101: 0000000000000000  248    FUNC GLOBAL DEFAULT UND fcntl
  33 101: 0000000000000000  110    FUNC GLOBAL DEFAULT UND pthread_key_create
  303 102: 0000000000000000    39    FUNC GLOBAL DEFAULT UND chmod
  173 102: 00000000001173f0  595    FUNC GLOBAL DEFAULT  10 cuMemFree
  202 104: 0000000000000000  165    FUNC GLOBAL DEFAULT UND sqrt
  38 104: 0000000000000000  471    FUNC GLOBAL DEFAULT UND execvp
  45 105: 000000000010ba00  589    FUNC GLOBAL DEFAULT  10 cuGraphicsUnregisterResou
  171 107: 00000000001145c0  682    FUNC GLOBAL DEFAULT  10 cuMemcpyHtoDAsync
  195 108: 0000000000000000  445    FUNC GLOBAL DEFAULT UND sem_wait
  102 108: 0000000000000000  146    FUNC GLOBAL DEFAULT UND strncat
  145 109: 0000000000000000  155    FUNC GLOBAL DEFAULT UND select
  138 110: 0000000000000000  108    FUNC GLOBAL DEFAULT UND __strtoul_internal
  81 111: 000000000011a360  654    FUNC GLOBAL DEFAULT  10 cuDeviceGetAttribute
  116 112: 0000000000000000    34    FUNC GLOBAL DEFAULT UND finite
  237 113: 0000000000000000    42    FUNC GLOBAL DEFAULT UND mmap64
  128 114: 000000000011c070  609    FUNC GLOBAL DEFAULT  10 cuGLSetBufferObjectMapFla
  319 117: 0000000000000000    8  OBJECT GLOBAL DEFAULT UND stdout
  317 117: 0000000000118610  589    FUNC GLOBAL DEFAULT  10 cuModuleUnload
  224 117: 0000000000000000    25    FUNC GLOBAL DEFAULT UND pthread_cond_init
  268 119: 0000000000000000  836    FUNC GLOBAL DEFAULT UND calloc
  245 119: 000000000011aaf0  654    FUNC GLOBAL DEFAULT  10 cuDeviceComputeCapability
  131 119: 0000000000000000  218    FUNC GLOBAL DEFAULT UND pthread_create
  318 120: 0000000000113ac0  716    FUNC GLOBAL DEFAULT  10 cuMemcpyAtoHAsync
  322 121: 0000000000000000  393    FUNC GLOBAL DEFAULT UND execl
  307 121: 0000000000114ac0  589    FUNC GLOBAL DEFAULT  10 cuMemcpy2DUnaligned
  281 121: 000000000010d970  589    FUNC GLOBAL DEFAULT  10 cuLaunch
  244 121: 0000000000000000    22    FUNC GLOBAL DEFAULT UND localtime_r
  332 125: 0000000000116ee0  626    FUNC GLOBAL DEFAULT  10 cuMemAllocHost
  91 127: 0000000000000000  105    FUNC GLOBAL DEFAULT UND ferror
  57 127: 0000000000000000  385    FUNC GLOBAL DEFAULT UND get_nprocs
  109 129: 0000000000000000  165    FUNC GLOBAL DEFAULT UND strncpy
  69 129: 000000000080bb18    0  OBJECT  LOCAL DEFAULT ABS _DYNAMIC
  32 130: 0000000000000000    85    FUNC GLOBAL DEFAULT UND __cxa_atexit
  139 132: 0000000000000000  388    FUNC GLOBAL DEFAULT UND qsort
  58 132: 0000000000000000    77    FUNC GLOBAL DEFAULT UND __xstat
  77 134: 0000000000000000    39    FUNC GLOBAL DEFAULT UND sched_get_priority_min
  241 135: 0000000000118dc0  626    FUNC GLOBAL DEFAULT  10 cuModuleLoadData
  159 136: 0000000000000000  1428    FUNC GLOBAL DEFAULT UND strcpy
  125 136: 0000000000081ef0    95    FUNC GLOBAL DEFAULT  10 cuMemGetAttribute
  326 137: 00000000000c9b10    10    FUNC GLOBAL DEFAULT  10 gpudbgDebuggerAttached
  122 137: 0000000000000000    8  OBJECT GLOBAL DEFAULT UND stderr
  117 137: 00000000001122b0  690    FUNC GLOBAL DEFAULT  10 cuFuncSetBlockShape
  321 138: 0000000000000000    92    FUNC GLOBAL DEFAULT UND __ctype_b_loc
  129 140: 0000000000000000    54    FUNC GLOBAL DEFAULT UND dlopen
  313 141: 0000000000111da0  654    FUNC GLOBAL DEFAULT  10 cuFuncGetAttribute
  306 141: 0000000000000000    46    FUNC GLOBAL DEFAULT UND gettimeofday
  298 142: 000000000011a5f0  626    FUNC GLOBAL DEFAULT  10 cuDeviceGetProperties
  262 142: 000000000010d6e0  654    FUNC GLOBAL DEFAULT  10 cuLaunchGrid
  188 142: 0000000000000000    17    FUNC GLOBAL DEFAULT UND pthread_attr_setinheritsc
  94 142: 0000000000114f60  724    FUNC GLOBAL DEFAULT  10 cuMemcpyAtoA
  274 143: 0000000000000000  208    FUNC GLOBAL DEFAULT UND readdir
  297 144: 0000000000000000    76    FUNC GLOBAL DEFAULT UND pthread_getspecific
  260 145: 0000000000000000  188    FUNC GLOBAL DEFAULT UND waitpid
  256 145: 0000000000000000    25    FUNC GLOBAL DEFAULT UND isatty
  97 145: 00000000001157c0  689    FUNC GLOBAL DEFAULT  10 cuMemcpyAtoD
  334 146: 0000000000000000    39    FUNC GLOBAL DEFAULT UND __isinff
  308 146: 0000000000000000  1199    FUNC GLOBAL DEFAULT UND cos
  325 147: 000000000010d1b0  626    FUNC GLOBAL DEFAULT  10 cuEventCreate
  295 147: 000000000010e8e0  626    FUNC GLOBAL DEFAULT  10 cuTexRefGetFlags
  190 148: 0000000000116a00  654    FUNC GLOBAL DEFAULT  10 cuMemHostAlloc
  175 149: 0000000000115240  690    FUNC GLOBAL DEFAULT  10 cuMemcpyAtoH
  143 149: 0000000000000000  917    FUNC GLOBAL DEFAULT UND strlen
  50 149: 000000000011b260  626    FUNC GLOBAL DEFAULT  10 cuDeviceGet
  192 150: 000000000011b8c0  654    FUNC GLOBAL DEFAULT  10 cuGLCtxCreate
  80 150: 0000000000000000  170    FUNC GLOBAL DEFAULT UND wait
  37 151: 000000000010ccf0  589    FUNC GLOBAL DEFAULT  10 cuEventQuery
  229 152: 0000000000116770  654    FUNC GLOBAL DEFAULT  10 cuMemHostGetDevicePointer
  197 152: 0000000000000000  144    FUNC GLOBAL DEFAULT UND sscanf
  243 153: 0000000000000000    39    FUNC GLOBAL DEFAULT UND unlink
  328 154: 0000000000000000  444    FUNC GLOBAL DEFAULT UND strcat
  61 156: 000000000011a870  626    FUNC GLOBAL DEFAULT  10 cuDeviceTotalMem
  204 157: 0000000000000000  164    FUNC GLOBAL DEFAULT UND ceilf
  108 158: 0000000000000000  264    FUNC GLOBAL DEFAULT UND sem_post
  230 160: 0000000000110ed0  626    FUNC GLOBAL DEFAULT  10 cuArray3DGetDescriptor
  100 161: 0000000000000000    9    FUNC GLOBAL DEFAULT UND pthread_mutexattr_init
  106 163: 000000000010e110  693    FUNC GLOBAL DEFAULT  10 cuParamSetf
  261 164: 0000000000000000  233    FUNC GLOBAL DEFAULT UND exit
  181 164: 0000000000000000  482    FUNC GLOBAL DEFAULT UND realloc
  254 165: 0000000000000000  227    FUNC GLOBAL DEFAULT UND fputc
  250 166: 0000000000000000    45    FUNC GLOBAL DEFAULT UND pthread_mutex_init
  185 166: 000000000010e3d0  654    FUNC GLOBAL DEFAULT  10 cuParamSeti
  75 167: 0000000000000000    55    FUNC GLOBAL DEFAULT UND syscall
  93 168: 0000000000000000  1029    FUNC GLOBAL DEFAULT UND strncmp
  82 171: 0000000000000000    8    FUNC GLOBAL DEFAULT UND _setjmp
  301 173: 000000000010e660  626    FUNC GLOBAL DEFAULT  10 cuParamSetSize
  183 176: 000000000011a0d0  654    FUNC GLOBAL DEFAULT  10 cuCtxCreate
  249 179: 0000000000000000    93    FUNC GLOBAL DEFAULT UND __strtod_internal
  179 179: 000000000010de50  697    FUNC GLOBAL DEFAULT  10 cuParamSetv
  296 180: 0000000000000000  342    FUNC GLOBAL DEFAULT UND puts
  148 180: 0000000000000000    18    FUNC GLOBAL DEFAULT UND setenv
  257 181: 0000000000000000  260    FUNC GLOBAL DEFAULT UND fputs
  135 181: 0000000000117650  724    FUNC GLOBAL DEFAULT  10 cuMemAllocPitch
  279 185: 0000000000111150  626    FUNC GLOBAL DEFAULT  10 cuArray3DCreate
  88 186: 0000000000000000    39    FUNC GLOBAL DEFAULT UND pipe
  49 186: 000000000010fd00  654    FUNC GLOBAL DEFAULT  10 cuTexRefSetAddressMode
  166 187: 0000000000000000    16    FUNC GLOBAL DEFAULT UND pthread_attr_setdetachsta
  92 189: 0000000000110c80  589    FUNC GLOBAL DEFAULT  10 cuTexRefCreate
  85 189: 0000000000000000    93    FUNC GLOBAL DEFAULT UND __xmknod
  320 190: 0000000000000000    0  NOTYPE  WEAK DEFAULT UND _Jv_RegisterClasses
  291 192: 00000000000d0b30    61    FUNC GLOBAL DEFAULT  10 cudbgGetAPI
  277 192: 0000000000000000    12    FUNC GLOBAL DEFAULT UND pthread_exit
  213 192: 000000000010a830  595    FUNC GLOBAL DEFAULT  10 cuInit
  201 193: 0000000000000000  359    FUNC GLOBAL DEFAULT UND opendir
  165 193: 0000000000113340  668    FUNC GLOBAL DEFAULT  10 cuMemsetD8
  154 193: 0000000000118ae0  724    FUNC GLOBAL DEFAULT  10 cuModuleLoadDataEx
  264 196: 0000000000000000  1210    FUNC GLOBAL DEFAULT UND sin
  273 197: 0000000000000000    14    FUNC GLOBAL DEFAULT UND pclose
  248 198: 000000000010afa0  646    FUNC GLOBAL DEFAULT  10 cuGraphicsMapResources
  178 200: 0000000000000000  469    FUNC GLOBAL DEFAULT UND abort
  265 201: 000000000011b730  396    FUNC GLOBAL DEFAULT  10 cuGLInit
  180 202: 00000000001199b0  589    FUNC GLOBAL DEFAULT  10 cuCtxDetach
  284 204: 000000000080bd28    0  OBJECT  LOCAL DEFAULT ABS _GLOBAL_OFFSET_TABLE_
  288 209: 000000000010ad10  646    FUNC GLOBAL DEFAULT  10 cuGraphicsUnmapResources
  223 209: 0000000000000000    86    FUNC GLOBAL DEFAULT UND gzclose
  263 210: 0000000000119c00  626    FUNC GLOBAL DEFAULT  10 cuCtxAttach
  164 210: 000000000011b010  589    FUNC GLOBAL DEFAULT  10 cuDeviceGetCount
  235 212: 0000000000111620  626    FUNC GLOBAL DEFAULT  10 cuArrayGetDescriptor
  240 214: 0000000000000000  226    FUNC GLOBAL DEFAULT UND vsnprintf
  182 215: 0000000000000000  742    FUNC GLOBAL DEFAULT UND gzread
  174 215: 0000000000115a80  690    FUNC GLOBAL DEFAULT  10 cuMemcpyDtoA
  176 216: 0000000000000000    18    FUNC GLOBAL DEFAULT UND time
  283 217: 00000000001192c0  589    FUNC GLOBAL DEFAULT  10 cuCtxGetDevice
  79 217: 0000000000000000  144    FUNC GLOBAL DEFAULT UND fscanf
  158 218: 0000000000000000    76    FUNC GLOBAL DEFAULT UND __strdup
  157 218: 0000000000000000  167    FUNC GLOBAL DEFAULT UND strcspn
  127 218: 0000000000115d40  653    FUNC GLOBAL DEFAULT  10 cuMemcpyDtoD
  53 218: 000000000010f800  626    FUNC GLOBAL DEFAULT  10 cuTexRefSetFlags
  34 218: 000000000011bdc0  682    FUNC GLOBAL DEFAULT  10 cuGLMapBufferObjectAsync
  203 220: 00000000001104e0  690    FUNC GLOBAL DEFAULT  10 cuTexRefSetAddress
  110 221: 0000000000000000    16    FUNC GLOBAL DEFAULT UND fopen64
  83 221: 0000000000000000    52    FUNC GLOBAL DEFAULT UND remove
  41 221: 0000000000000000    10    FUNC GLOBAL DEFAULT UND geteuid
  196 222: 0000000000115fd0  654    FUNC GLOBAL DEFAULT  10 cuMemcpyDtoH
  101 223: 0000000000116c90  589    FUNC GLOBAL DEFAULT  10 cuMemFreeHost
  239 224: 0000000000000000  569    FUNC GLOBAL DEFAULT UND memset
  42 224: 000000000011c540  595    FUNC GLOBAL DEFAULT  10 cuGLUnmapBufferObject
  331 225: 0000000000000000    14    FUNC GLOBAL DEFAULT UND system
  266 226: 000000000010bea0  581    FUNC GLOBAL DEFAULT  10 cuStreamSynchronize
  76 226: 0000000000000000    39    FUNC GLOBAL DEFAULT UND chown
  35 226: 0000000000000000    10    FUNC GLOBAL DEFAULT UND pthread_self
  74 227: 0000000000000000    81    FUNC GLOBAL DEFAULT UND sigaddset
  73 227: 0000000000000000    46    FUNC GLOBAL DEFAULT UND sigemptyset
  214 228: 0000000000000000    75    FUNC GLOBAL DEFAULT UND sem_init
  144 228: 0000000000000000  104    FUNC GLOBAL DEFAULT UND sem_trywait
  285 231: 0000000000000000  112    FUNC GLOBAL DEFAULT UND close
  111 232: 0000000000000000    39    FUNC GLOBAL DEFAULT UND dup
  153 233: 0000000000000000  223    FUNC GLOBAL DEFAULT UND fgetc
  293 235: 0000000000000000  182    FUNC GLOBAL DEFAULT UND pthread_mutex_unlock
  286 235: 000000000010b740  690    FUNC GLOBAL DEFAULT  10 cuGraphicsSubResourceGetM
  39 235: 0000000000000000  224    FUNC GLOBAL DEFAULT UND fseek
  70 236: 0000000000000000  192    FUNC GLOBAL DEFAULT UND vsprintf
  51 236: 0000000000000000  249    FUNC GLOBAL DEFAULT UND ftell
  290 237: 0000000000000000    39    FUNC GLOBAL DEFAULT UND mkdir
  146 238: 0000000000119e80  589    FUNC GLOBAL DEFAULT  10 cuCtxDestroy
  126 238: 0000000000000000    39    FUNC GLOBAL DEFAULT UND sched_yield
  207 240: 0000000000000000  162    FUNC GLOBAL DEFAULT UND printf
  184 240: 0000000000000000    9    FUNC GLOBAL DEFAULT UND longjmp
  89 240: 0000000000000000  236    FUNC GLOBAL DEFAULT UND getenv
  98 243: 0000000000000000 16061    FUNC GLOBAL DEFAULT UND vfprintf
  151 244: 000000000010dbc0  654    FUNC GLOBAL DEFAULT  10 cuParamSetTexRef
  115 244: 0000000000000000  129    FUNC GLOBAL DEFAULT UND clock
  40 246: 0000000000000000  770    FUNC GLOBAL DEFAULT UND pthread_cond_timedwait
  124 247: 0000000000112b30  725    FUNC GLOBAL DEFAULT  10 cuMemsetD2D8
  121 247: 0000000000000000  411    FUNC GLOBAL DEFAULT UND fclose
  251 248: 0000000000000000  212    FUNC GLOBAL DEFAULT UND gzwrite
  219 248: 000000000011cc90  690    FUNC GLOBAL DEFAULT  10 cuGraphicsGLRegisterImage
  118 248: 0000000000000000  122    FUNC GLOBAL DEFAULT UND nanosleep
  232 249: 0000000000000000  280    FUNC GLOBAL DEFAULT UND __assert_fail
  168 249: 0000000000000000  334    FUNC GLOBAL DEFAULT UND fgets
  329 250: 0000000000113850  609    FUNC GLOBAL DEFAULT  10 cuMemcpy2DAsync
  312 250: 0000000000000000  238    FUNC GLOBAL DEFAULT UND strtok
  113 250: 0000000000000000  217    FUNC GLOBAL DEFAULT UND ceil
  43 250: 0000000000000000    14    FUNC GLOBAL DEFAULT UND fork
  170 254: 00000000001164f0  626    FUNC GLOBAL DEFAULT  10 cuMemHostGetFlags
  162 254: 0000000000000000  1143    FUNC GLOBAL DEFAULT UND memcpy
  84 255: 000000000010ff90  654    FUNC GLOBAL DEFAULT  10 cuTexRefSetFormat
  221 256: 0000000000000000    31    FUNC GLOBAL DEFAULT UND dlclose
  66 257: 000000000010f070  654    FUNC GLOBAL DEFAULT  10 cuTexRefGetAddressMode
  59 258: 0000000000000000    39    FUNC GLOBAL DEFAULT UND rmdir
  134 259: 000000000010d430  682    FUNC GLOBAL DEFAULT  10 cuLaunchGridAsync
  167 261: 0000000000000000  139    FUNC GLOBAL DEFAULT UND snprintf
  294 262: 0000000000000000    16    FUNC GLOBAL DEFAULT UND pthread_cond_destroy
[hyperbox](0) $ </pre>


==See Also==
==See Also==
* Kernel [http://www.mjmwired.net/kernel/Documentation/ioctl-number.txt ioctl numbering] documentation
* Kernel [http://www.mjmwired.net/kernel/Documentation/ioctl-number.txt ioctl numbering] documentation
* My [[CUDA]] and [[CUBAR]] pages
* My [[CUDA]] and [[CUBAR]] pages
* I develped [[ptracer]] to get traces for this project
** Some [[CUDA traces|traces]]
[[CATEGORY: GPGPU]]
[[CATEGORY: GPGPU]]
[[CATEGORY: Projects]]
[[CATEGORY: Projects]]

Latest revision as of 22:18, 22 August 2011

Reverse engineering of the CUDA system. CUDA primarily communicates with the NVIDIA closed-source driver via several dozen undocumented ioctl()s. My open source implementation, libcudest, is located at GitHub. Sundry utilities for reverse engineering are also within this repository, though recent modifications to valgrind-mmt have rather superseded my tools.

libcudest began as a project for Hyesoon Kim's CS4803DGC at the Georgia Institute of Technology.

Driver versions

Newer drivers can be used with older CUDA versions, but the converse is not true. The "CUDA macroversion" listed below is the first CUDA release designed explicitly for use with the listed drivers.

Version CUDA macroversion Notes
195.36.15 3.0
195.36.24 3.0
195.36.31 3.0
256.22 3.1-beta
256.29 3.1-beta
256.35 3.1-beta

CUDA Environment variables

Discovered via binary analysis and a shimmed getenv(3). Effects determined via blackbox and binary analyses:

Variable Notes Documented? Effects
__RM_NO_VERSION_CHECK N Also checked by nvidia-smi
COMPUTE_PROFILE Y If set to 1, profiling will be performed. Implies CUDA_LAUNCH_BLOCKING.
COMPUTE_PROFILE_CONFIG Y Specifies a profiler configuration file. Only checked if COMPUTE_PROFILE is set.
COMPUTE_PROFILE_CSV Y If set to 1, a profiling data will be written in CSV format. Only checked if COMPUTE_PROFILE is set.
COMPUTE_PROFILE_LOG Y Specifies profiler output file (default: "./cuda_profile.log"). Only checked if COMPUTE_PROFILE is set.
CUDA_AMODEL_DLL N
CUDA_AMODEL_GPU N
CUDA_API_TRACE_PTR N
CUDA_CACHE_DISABLE Y If this is unset, the code cache will be used.
CUDA_CACHE_MAXSIZE Y
CUDA_CACHE_PATH Y If this is set, it overrides the code cache's default path of $HOME/.nv/ComputeCache
CUDA_DEVCODE_CACHE Y PTX compilation cache.
CUDA_DEVCODE_PATH Y Search path for fat binaries.
CUDA_EMULATION_MODE
CUDA_FORCE_PTX_JIT
CUDA_HEAP_RANGE Checked each time a context is created
CUDA_INJECTION64_PATH
CUDA_LAUNCH_BLOCKING Y (CUDA 3.0 Programmer's Guide, 3.2.6.1) Forces synchronization of host threads on GPU kernels.
CUDA_MEMCHECK Checked each time a context is created
CUDA_MEMORY_LOG Checked each time a context is created
CUDA_VISIBLE_DEVICES

Maps

Ordered from highest to lowest locations in x86 memory. These are architecture-, and to a lesser degree driver- and kernel version-specific. Applications and libraries can of course create many more maps than these.

  • vsyscalls. read-execute-private, very few pages, topmost area of memory, usually highest mapping
  • VDSO. read-execute-private, one page, high in memory (SYSENTER/SYSEXIT)
  • Userspace stack. read-write-private, many pages, high in memory
  • Anonymous map, 3 read-write-private pages, high in memory.
    • Possibly associated with nvidia driver's NV_STACK_SIZE stack. read-write-private, (3 * 4096 on amd64, 2 * 4096 on i686)
  • Two sets of /dev/nvidiaX maps for each bound device. Sets are usually continguous, and contain:
    • an anonymous page, read-write-private
    • several mappings of the device, having variable number of pages, all read-write-shared
  • Libraries. variable, middle of memory.
  • Userspace heap. read-write-private, many pages, low in memory
  • Application (data region). read-write-private, variable, low in memory
  • Application (text region). read-execute-private, variable, usually lowest mapping

mmap()s

offset size notes Nouveau name block range
reg_addr + 0x0000 0x2000 not mapped by libcuda PMC functional block 0x000000--0x001fff
reg_addr + 0x9000 0x1000 [Rwxs] mapped in cuInit(). first mapping. per-device. PTIMER functional block 0x009000--0x009fff
reg_addr + 0xc0a000 / 0xc0c000 0x1000 [RWxs] location is acquired from ioctl 4e PFIFO command submission interface 0xc00000--0xcfffff

ioctls

An ioctl (on x86) is 32 bits. The following definition comes from linux/asm-generic/ioctl.h in a 2.6.34 kernel:

  • Bit 31: Read?
  • Bit 30: Write?
  • Bits 29-16: Parameter size
  • Bits 15-8: Type (module)
  • Bits 7-0: Number (command)

Looking at the source of the 195.36.15 kernel driver's OS interface, we see that NVIDIA uses the standard ioctl-creation macros from ioctl.h, and can be expected to adhere to this format. The type code used (NV_IOCTL_MAGIC) is 'F' (0x46), which overlaps with the framebuffer ioctl range as registered in 2.6.34. We further see that only _IOWR() is used to declare ioctls, implying that the first two bits will always be '11'. Both of these deductions are borne out observing strace output of a CUDA process.

Code Param size Param location(s) Driver API call sites Notes
/dev/nvidiactl
0xc8

NV_ESC_CARD_INFO

0x600 (1536) anonymous page cuInit
  • Largest parameter by far.
    • Possibly scaled? Shifted 3 bits left, this is 0x3000, the size of the amd64 anonymous mapping.
    • More likely we support returning up to 32x 48-byte descriptors, and...
  • Wants the first 32 bits to be 1, all others 0.
    • ...this is most likely a mask indicating which card IDs we want information for!
typedef struct nv_ioctl_card_info
{
    NvU16    flags;               /* see below                   */
    NvU8     bus;                 /* bus number (PCI, AGP, etc)  */
    NvU8     slot;                /* card slot                   */
    NvU16    vendor_id;           /* PCI vendor id               */
    NvU16    device_id;
    NvU16    interrupt_line;
    NvU64    reg_address    NV_ALIGN_BYTES(8);
    NvU64    reg_size       NV_ALIGN_BYTES(8);
    NvU64    fb_address     NV_ALIGN_BYTES(8);
    NvU64    fb_size        NV_ALIGN_BYTES(8);
} nv_ioctl_card_info_t;
  • Returns (all subsequent bytes are 0):
0x00010001	0x0cb110de	0x00000026	0x00000000
0xf2000000	0x00000000	0x01000000	0x00000000
0xe0000000	0x00000000	0x10000000	0x00000000
  • 0x0001: flag (NV_IOCTL_CARD_INFO_FLAG_PRESENT)
  • 0x0001: bus/slot
  • 0x0cb110de: vendor + device IDs
    • lspci -n: 01:00.0 0300: 10de:0cb1 (rev a2)
    • lspci -t -v: \-[0000:00]-+-03.0-[01]--+-00.0 nVidia Corporation GT215 [GeForce GTS 360M]
  • 0x26: IRQ line (here, #38)
  • 0xf2000000 00000000: reg_address
  • 0x01000000 00000000: reg_size
  • 0xe0000000 00000000: fb_address
  • 0x10000000 00000000: fb_size
    • these are all system memory references, see /proc/iomem:
  e0000000-f30fffff : PCI Bus 0000:01
    e0000000-efffffff : 0000:01:00.0
    f0000000-f1ffffff : 0000:01:00.0
    f2000000-f2ffffff : 0000:01:00.0
      f2000000-f2ffffff : nvidia
    f3000000-f307ffff : 0000:01:00.0
    f3080000-f3083fff : 0000:01:00.1
      f3080000-f3083fff : ICH HD audio
0xca

NV_ESC_ENV_INFO

0x004 anonymous page cuInit
  • Seems to ignore input value.
  • Writes result value (0x00000001).
typedef struct nv_ioctl_env_info
{
    NvU32 pat_supported;
} nv_ioctl_env_info_t;
0xce

NV_ESC_ALLOC_OS_EVENT

0x14
0xcf

NV_ESC_FREE_OS_EVENT

0xd1

NV_ESC_STATUS_CODE

0xd2

NV_ESC_CHECK_VERSION_STR

0x048 stack cuInit
  • Performed immediately following opening of the nvidiactl device
typedef struct nv_ioctl_rm_api_version
{
    NvU32 cmd;
    NvU32 reply;
    char versionString[NV_RM_API_VERSION_STRING_LENGTH];
} nv_ioctl_rm_api_version_t;

#define NV_RM_API_VERSION_CMD_STRICT         0
#define NV_RM_API_VERSION_CMD_RELAXED       '1'
#define NV_RM_API_VERSION_CMD_OVERRIDE      '2'

#define NV_RM_API_VERSION_REPLY_UNRECOGNIZED 0
#define NV_RM_API_VERSION_REPLY_RECOGNIZED   1
  • 0x312e 3633 2e35 3931 35ull == 195.36.15
    • '1' '.' '6' '3' '.' '5' '9' '1', '5'
    • looks like: all version chars in ascii. first 8 reversed, then any left follow?
  • All other bytes are 0.
  • Writes result to first 8 bytes (0x00000001), leaves others untouched
0x22 0x00c stack cuInit
  • Inputs set to 0.
  • Outputs (example):
3251635025	65	0
  • First value is used as first input word to the majority of subsequent ioctls
  • Second value ranges over (at least) 41--65...
  • Not sent in 256.22/3.10...
0x2a 0x020 stack cuInit
  • GPU method invocation. Second and third words specify the method being called. Fifth and sixth specify the address being passed; seventh and eighth the size thereof.

Sample inputs:

0x7fffffffd310:	3251635025	3251635025	533	0
0x7fffffffd320:	4294955888	32767	132	0
  • First and second words are *not* always equivalent.
  • Outputs are usually unchanged, but not always:
ioctl 2a, 32-byte param, fd 3	0xc1d04214 0x5c000002 0x2080012f 0x00000000 
0x0010				0x950713f0 0x00007fff 0x000000a8 0x00000000 
GPU method 0x5c000002:2080012f	0x00000000 0x00000000 0x00000000 0x00000000 
0x0010				0x00000000 0x00000000 0x00000000 0x00000000 
0x0020				0x00000000 0x00000000 0x00000000 0x00000000 
0x0030				0x00000000 0x00000000 0x00000000 0x00000000 
0x0040				0x00000000 0x00000000 0x00000000 0x00000000 
0x0050				0x00000000 0x00000000 0x00000000 0x00000000 
0x0060				0x00000000 0x00000000 0x00000000 0x00000000 
0x0070				0x00000000 0x00000000 0x00000000 0x00000000 
0x0080				0x00000000 0x00000000 0x00000000 0x00000000 
0x0090				0x00000000 0x00000000 0x00000000 0x00000000 
0x00a0				0x00000000 0x00000000 
RESULT: 0			0xc1d04214 0x5c000002 0x2080012f 0x00000000 
0x0010				0x950713f0 0x00007fff 0x000000a8 0x00000029 
GPU method 0x5c000002:2080012f	**************MODIFICATION FROM CALL
0x00000000 0x00000000 0x00000000 0x00000000 
0x0010				0x00000000 0x00000000 0x00000000 0x00000000 
0x0020				0x00000000 0x00000000 0x00000000 0x00000000 
0x0030				0x00000000 0x00000000 0x00000000 0x00000000 
0x0040				0x00000000 0x00000000 0x00000000 0x00000000 
0x0050				0x00000000 0x00000000 0x00000000 0x00000000 
0x0060				0x00000000 0x00000000 0x00000000 0x00000000 
0x0070				0x00000000 0x00000000 0x00000000 0x00000000 
0x0080				0x00000000 0x00000000 0x00000000 0x00000000 
0x0090				0x00000000 0x00000000 0x00000000 0x00000000 
0x00a0				0x00000000 0x00000000 
0x2b 0x020 stack cuInit
  • GPU object creation(?)
0x4d 0x048 stack cuInit
  • Performed following opening of nvidiaX device
0x2d 0x014 stack cuInit
  • Performed following read of /proc/interrupts
0x4e 0x030 cuInit
  • Immediately prior to first mmap()
0x4f 0x020 cuInit
  • Invoked if mmap() returns MAP_FAILED, prior to failing out
0x54 0x30
0x57 0x038
0x58 0x28
0x59 0x10
/dev/nvidiaX
0x32 0x014 stack cuInit
  • Performed several times in succession
0x37 0x020 stack cuInit
  • Follows burst of 3x 0x32's, then interwoven with bursts of 2a's

GPU methods

Code Param size Notes
0x5c000002 (per-device)
0x20800110 0x84
  • Retrieves device name:
RESULT: 0			0xc1d04277 0x5c000002 0x20800110 0x00000000 
0x0010				0x73be4970 0x00007fff 0x00000084 0x00000000 
GPU method 0x5c000002:20800110	0x00000000 0x6f466547 0x20656372 0x20535447 
0x0010				0x4d303633 0x00000000 0x00000000 0x00000000 
  • 6f46654720656372205354474d303633 == "oFeG ecr STGM063"

disassembly

These disassemblies makes use of libcuda.so.195.36.15 (0867d66be617faab3782fa0ba19ec9ba, 7404990 bytes). Symbols were extracted via objdump -T.

  • AMD64 ABI:
    • Integer arguments via RDI, RSI, RDX, RCX, R8 and R9, then stack
    • FP arguments in XMM0..XMM7, then stack
    • Return value in RAX
    • libcuda traces

See Also