main
----
0xffffbb10 - seems to be random number storage
0xffffbb14 - referenced in command1, (global number of source IP addresses stored *4 ) == arraysize
0xffffbb18 - referenced in command2, pointer to 0xffffee70
0xffffbb1c - pointer to 0xffffee48
0xffffbb20 - pointer to 0xfffff000
0xffffbb24 - referenced in command 2 - FILE * for reading system output
0xffffee28 - referenced in command 5 - received connection sockaddr
0xffffbb30 - pointer to 0xfffff800
0xffffbb34 - referenced in command 5 - received socket 
0xffffbb38 - referenced in command 5 - socket
0xffffbb3c - length of sockaddr at 0xffffee28
0xffffbb40 - referenced in command 5 - set to 1
0xffffbb44 - referenced in command 4 - looks like storage for hostname
0xffffbc44 - referenced in command 5 - 0x13 byte read buffer
0xffffee38 - sockaddr_in - referenced in command 5 - set to 2
0xffffee3a - sockaddr_in - referenced in command 5 - set to f15a
0xffffee3c - sockaddr_in - referenced in command 5 - set to 0
0xffffee48 - 0xffffee70 - 10 blocks of 4 bytes of destination ip addresses
0xffffee70 - referenced in command2
0xfffff000 - buf[0x800] = send packet
0xfffff800 - buf1[0x800] = recieve packet

globals - unitialised memory
----------------------------
0x80792bc	- storage for ip address lookup

0x807e774	- PID of a parent process - if a DOS is in progress then this != 0
		- referenced in command1. if 0, a zero is returned as the command byte[3] of response
					  if 1, a one  is returned as the command byte[3] of response
		- referenced in command3. checked if != 0, then doesnt run. Then set to PID of parent after fork

0x807e778	- last command executed
		referenced in command1. returned as byte[3] of response if 0x807e774 == 0

0x807e77c	- referenced in command1, and is returned as byte[0] of its response

0x807e780	- source ip address
		referenced in command 1 - command 1 stores the source address of the received packet 
		here
		0x24 bytes into this address = number of times to send reply

0x807e784	- if this is 2, then use decoy hosts.
		- referenced in command0, command1.
		in command 0, 
		in command 1, set it to the random number of IP addresses generated
		if this != 2, randomise source address in reply, otherwise use ip address from incoming packet

		sending reply packets, if this != 2, then send reply packets to all hosts in dest address array


internal functions
------------------
0x0804a194	void encode(packetsize, payload, sendpacket)
0x0804a1e8	void decode(packetsize, payload, recvpacket)
0x08048ecc	void sendreply(destIP, payload, packetsize)
0x08048f94	void sendreply2(sourceIP, destIP, payload, packetsize)
		- constructs the packet body, sends using a raw socket
		- if 0x807e784 == 2, then send reply to only 1 address
		- if 0x807e784 != 2, then send reply to all addresses at 0xffffee48
0x08049138	int resolvename("ip address") returns IP address, or 0 if it failed
0x08049174	void dnsddos(s1,s2,s3,s4,flag1, sphi, splo, bUseHostname, *hostname)
		- flag1 = no of iterations * 40000 before resolving again, or 0 to resolve every 40k
		- sphi = hi byte source port of request (to be ddos'ed)
		- splo = lo byte source port of request (to be ddos'ed)
		- if bUseHostname == TRUE, then resolve the hostname and use that to be ddos'ed

0x080499f4	void packetflood(byte[2],byte[3],byte[4],byte[5],byte[6],byte[7],byte[8],byte[9],
		byte[a],byte[b],byte[c], *hostname)
		- byte[2] = 0 = ICMP, 1 = UDP
		- byte[3] = udp destination port
		- byte[4] = d1, byte[5] = d2, byte[6] = d3, byte[7] = d4
		- byte[8] = s1, byte[9] = s2, byte[a] = s3, byte[b] = s4
		- byte[c] = bResolveHost - if 1, then use the hostname
		- rest of packet = hostname
0x08049d40	- void syn flood(byte[2],byte[3],byte[4],byte[5],byte[6],byte[7],byte[8],byte[9],byte[a],byte[9]
		byte[a],byte[b],byte[c],byte[d],byte[e],hostname

		/*
		; byte[2] = d1
		; byte[3] = d2
		; byte[4] = d3
		; byte[5] = d4
		; byte[6] = hi byte dest port
		; byte[7] = lo byte dest port
		; byte[8] = if 0 use random source address, otherwise use arg_24-30
		; byte[9] = s1
		; byte[a] = s2
		; byte[b] = s3
		; byte[c] = s4
		; byte[d] = (no of iterations *40000) before re-resolving
		; byte[e] = bResolve3c
		; rest of packet = destination hostname
		*/

important internal code addresses
---------------------------------
0x08048eb8	exit switch statement, return to recv loop
0x080482b0	start of recv loop