Alright, so I have been trying to follow this assembly code for quite some time and I can't seem to figure the pattern that it produces. Here's the code along with their initials values.
0x08048c74 <+0>: push %esi
0x08048c75 <+1>: push %ebx
=> 0x08048c76 <+2>: sub $0x34,%esp
0x08048c79 <+5>: lea 0x18(%esp),%eax
0x08048c7d <+9>: mov %eax,0x4(%esp)
0x08048c81 <+13>: mov 0x40(%esp),%eax
0x08048c85 <+17>: mov %eax,(%esp)
0x08048c88 <+20>: call 0x80494d4 <read_six_numbers>
0x08048c8d <+25>: cmpl $0x0,0x18(%esp)
0x08048c92 <+30>: jne 0x8048c9b <phase_2+39>
0x08048c94 <+32>: cmpl $0x1,0x1c(%esp)
0x08048c99 <+37>: je 0x8048cba <phase_2+70>
0x08048c9b <+39>: call 0x8049495 <explode_bomb>
0x08048ca0 <+44>: jmp 0x8048cba <phase_2+70>
0x08048ca2 <+46>: mov -0x8(%ebx),%eax
0x08048ca5 <+49>: add -0x4(%ebx),%eax
0x08048ca8 <+52>: cmp %eax,(%ebx)
0x08048caa <+54>: je 0x8048cb1 <phase_2+61>
0x08048cac <+56>: call 0x8049495 <explode_bomb>
0x08048cb1 <+61>: add $0x4,%ebx
0x08048cb4 <+64>: cmp %esi,%ebx
0x08048cb6 <+66>: jne 0x8048ca2 <phase_2+46>
---Type <return> to continue, or q <return> to quit---
0x08048cb8 <+68>: jmp 0x8048cc4 <phase_2+80>
0x08048cba <+70>: lea 0x20(%esp),%ebx
0x08048cbe <+74>: lea 0x30(%esp),%esi
0x08048cc2 <+78>: jmp 0x8048ca2 <phase_2+46>
0x08048cc4 <+80>: add $0x34,%esp
0x08048cc7 <+83>: pop %ebx
0x08048cc8 <+84>: pop %esi
0x08048cc9 <+85>: ret
End of assembler dump.
(gdb) i r
eax 0x804c870 134531184
ecx 0xc 12
edx 0x2 2
ebx 0x2 2
esp 0xffffd054 0xffffd054
ebp 0xffffd078 0xffffd078
esi 0xffffd114 -12012
edi 0x0 0
eip 0x8048c76 0x8048c76 <phase_2+2>
eflags 0x286 [ PF SF IF ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x63 99
(gdb) x/d $esp
0xffffd054: 2
(gdb)
The original values I plugged in were: 1 2 3 4 5 6
read_six_numbers is just a function that checks if you have 6 numbers however there are some lines that I want to double check if I understand them right. For example:
cmpl $0x0,0x18(%esp)
From what I know checks to see if esp register is equal to zero. If it is not, then the bomb blows up. Since this is the first comparison, does that mean the first number should be zero?
Other lines such as:
add -0x4(%ebx),%eax
and
add $0x4,%ebx
I feel like I need to pay attention to since they change the values of the numbers inside the register. I know there is suppose to be a pattern to the numbers such as *3 or +3, etc. However I think the pattern has to do with 4 since both the adds or changing the value by 4. I've managed to get the code on ODA to help visualize the jumping here's the link: http://www2.onlinedisassembler.com/odaweb/J0tDzn/0
Just click on phase_2 in the symbols section. I only need to know how to get to get the first 2 numbers as from there the third number should be straight forward and pattern should be clear. I do apologize if this is a long post, but I've been trying to understand this for quite some time and am getting stuck trying to find the clues that give away the patter. Any help would be greatly appreciated! Thanks in advance!
cmpl $0x0,0x18(%esp)
From what I know checks to see if esp register is equal to zero.
No, it compares the value in memory at address %esp+0x18
.
does that mean the first number should be zero?
But this happens to be true :)
However I think the pattern has to do with 4 since both the adds or changing the value by 4.
No. Notice that the 4
applies to memory address, not the value. That is because integers are 4 byte. add -0x4(%ebx),%eax
will add the number from memory at address %ebx-4
to %eax
.
I only need to know how to get to get the first 2 numbers
Well, you already know the first has to be zero. Since the numbers are in memory from address %esp+0x18
and each is 4 bytes, the instruction cmpl $0x1,0x1c(%esp)
checks the second number.
You should revisit whatever material you have to get some basic things right. Otherwise you will have a hard time with the subsequent phases.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.