tjones62
asked on
Binarybomb phase_2
ok so i got lucky with phase one since many of you know this assignment already. i saw that it called for the function strings_not_equal so i just did a strings bomb > strings.txt command and went looking until i saw somthing that seemed out of place and it was the right input for function one.
i some what understand how the program steps throught but i don't feel very comfortable with gdb and am completely new with assembly.
so here is where i am at
i am looking at the code in read six numbers and from what i am seeing is that it is loading my input into the stack. but that is only a best guess. here is the code
like i said though im very very new to this as this is my first encounter to assembly.
phase_2 isn't due for about a week but i really want to stay ahead in this class as best as possible i think i'll just need someone to be some training wheels for a little bit till i get going
thank you all so much!
i some what understand how the program steps throught but i don't feel very comfortable with gdb and am completely new with assembly.
so here is where i am at
i am looking at the code in read six numbers and from what i am seeing is that it is loading my input into the stack. but that is only a best guess. here is the code
like i said though im very very new to this as this is my first encounter to assembly.
phase_2 isn't due for about a week but i really want to stay ahead in this class as best as possible i think i'll just need someone to be some training wheels for a little bit till i get going
thank you all so much!
tjones@magnesium:/media/disk/bomb1$ objdump -d bomb phase1
bomb: file format elf32-i386
Disassembly of section .init:
080487c0 <_init>:
80487c0: 55 push %ebp
80487c1: 89 e5 mov %esp,%ebp
80487c3: 83 ec 08 sub $0x8,%esp
80487c6: e8 59 02 00 00 call 8048a24 <call_gmon_start>
80487cb: e8 b0 02 00 00 call 8048a80 <frame_dummy>
80487d0: e8 6b 10 00 00 call 8049840 <__do_global_ctors_aux>
80487d5: c9 leave
80487d6: c3 ret
Disassembly of section .plt:
080487d8 <close@plt-0x10>:
80487d8: ff 35 e4 b0 04 08 pushl 0x804b0e4
80487de: ff 25 e8 b0 04 08 jmp *0x804b0e8
80487e4: 00 00 add %al,(%eax)
...
080487e8 <close@plt>:
80487e8: ff 25 ec b0 04 08 jmp *0x804b0ec
80487ee: 68 00 00 00 00 push $0x0
80487f3: e9 e0 ff ff ff jmp 80487d8 <_init+0x18>
080487f8 <fprintf@plt>:
80487f8: ff 25 f0 b0 04 08 jmp *0x804b0f0
80487fe: 68 08 00 00 00 push $0x8
8048803: e9 d0 ff ff ff jmp 80487d8 <_init+0x18>
08048808 <tmpfile@plt>:
8048808: ff 25 f4 b0 04 08 jmp *0x804b0f4
804880e: 68 10 00 00 00 push $0x10
8048813: e9 c0 ff ff ff jmp 80487d8 <_init+0x18>
08048818 <getenv@plt>:
8048818: ff 25 f8 b0 04 08 jmp *0x804b0f8
804881e: 68 18 00 00 00 push $0x18
8048823: e9 b0 ff ff ff jmp 80487d8 <_init+0x18>
08048828 <signal@plt>:
8048828: ff 25 fc b0 04 08 jmp *0x804b0fc
804882e: 68 20 00 00 00 push $0x20
8048833: e9 a0 ff ff ff jmp 80487d8 <_init+0x18>
08048838 <fflush@plt>:
8048838: ff 25 00 b1 04 08 jmp *0x804b100
804883e: 68 28 00 00 00 push $0x28
8048843: e9 90 ff ff ff jmp 80487d8 <_init+0x18>
08048848 <bcopy@plt>:
8048848: ff 25 04 b1 04 08 jmp *0x804b104
804884e: 68 30 00 00 00 push $0x30
8048853: e9 80 ff ff ff jmp 80487d8 <_init+0x18>
08048858 <rewind@plt>:
8048858: ff 25 08 b1 04 08 jmp *0x804b108
804885e: 68 38 00 00 00 push $0x38
8048863: e9 70 ff ff ff jmp 80487d8 <_init+0x18>
08048868 <system@plt>:
8048868: ff 25 0c b1 04 08 jmp *0x804b10c
804886e: 68 40 00 00 00 push $0x40
8048873: e9 60 ff ff ff jmp 80487d8 <_init+0x18>
08048878 <puts@plt>:
8048878: ff 25 10 b1 04 08 jmp *0x804b110
804887e: 68 48 00 00 00 push $0x48
8048883: e9 50 ff ff ff jmp 80487d8 <_init+0x18>
08048888 <fgets@plt>:
8048888: ff 25 14 b1 04 08 jmp *0x804b114
804888e: 68 50 00 00 00 push $0x50
8048893: e9 40 ff ff ff jmp 80487d8 <_init+0x18>
08048898 <sleep@plt>:
8048898: ff 25 18 b1 04 08 jmp *0x804b118
804889e: 68 58 00 00 00 push $0x58
80488a3: e9 30 ff ff ff jmp 80487d8 <_init+0x18>
080488a8 <__strtol_internal@plt>:
80488a8: ff 25 1c b1 04 08 jmp *0x804b11c
80488ae: 68 60 00 00 00 push $0x60
80488b3: e9 20 ff ff ff jmp 80487d8 <_init+0x18>
080488b8 <fputc@plt>:
80488b8: ff 25 20 b1 04 08 jmp *0x804b120
80488be: 68 68 00 00 00 push $0x68
80488c3: e9 10 ff ff ff jmp 80487d8 <_init+0x18>
080488c8 <__libc_start_main@plt>:
80488c8: ff 25 24 b1 04 08 jmp *0x804b124
80488ce: 68 70 00 00 00 push $0x70
80488d3: e9 00 ff ff ff jmp 80487d8 <_init+0x18>
080488d8 <printf@plt>:
80488d8: ff 25 28 b1 04 08 jmp *0x804b128
80488de: 68 78 00 00 00 push $0x78
80488e3: e9 f0 fe ff ff jmp 80487d8 <_init+0x18>
080488e8 <fclose@plt>:
80488e8: ff 25 2c b1 04 08 jmp *0x804b12c
80488ee: 68 80 00 00 00 push $0x80
80488f3: e9 e0 fe ff ff jmp 80487d8 <_init+0x18>
080488f8 <gethostname@plt>:
80488f8: ff 25 30 b1 04 08 jmp *0x804b130
80488fe: 68 88 00 00 00 push $0x88
8048903: e9 d0 fe ff ff jmp 80487d8 <_init+0x18>
08048908 <gethostbyname@plt>:
8048908: ff 25 34 b1 04 08 jmp *0x804b134
804890e: 68 90 00 00 00 push $0x90
8048913: e9 c0 fe ff ff jmp 80487d8 <_init+0x18>
08048918 <strcasecmp@plt>:
8048918: ff 25 38 b1 04 08 jmp *0x804b138
804891e: 68 98 00 00 00 push $0x98
8048923: e9 b0 fe ff ff jmp 80487d8 <_init+0x18>
08048928 <exit@plt>:
8048928: ff 25 3c b1 04 08 jmp *0x804b13c
804892e: 68 a0 00 00 00 push $0xa0
8048933: e9 a0 fe ff ff jmp 80487d8 <_init+0x18>
08048938 <sscanf@plt>:
8048938: ff 25 40 b1 04 08 jmp *0x804b140
804893e: 68 a8 00 00 00 push $0xa8
8048943: e9 90 fe ff ff jmp 80487d8 <_init+0x18>
08048948 <connect@plt>:
8048948: ff 25 44 b1 04 08 jmp *0x804b144
804894e: 68 b0 00 00 00 push $0xb0
8048953: e9 80 fe ff ff jmp 80487d8 <_init+0x18>
08048958 <strncpy@plt>:
8048958: ff 25 48 b1 04 08 jmp *0x804b148
804895e: 68 b8 00 00 00 push $0xb8
8048963: e9 70 fe ff ff jmp 80487d8 <_init+0x18>
08048968 <fopen@plt>:
8048968: ff 25 4c b1 04 08 jmp *0x804b14c
804896e: 68 c0 00 00 00 push $0xc0
8048973: e9 60 fe ff ff jmp 80487d8 <_init+0x18>
08048978 <dup@plt>:
8048978: ff 25 50 b1 04 08 jmp *0x804b150
804897e: 68 c8 00 00 00 push $0xc8
8048983: e9 50 fe ff ff jmp 80487d8 <_init+0x18>
08048988 <sprintf@plt>:
8048988: ff 25 54 b1 04 08 jmp *0x804b154
804898e: 68 d0 00 00 00 push $0xd0
8048993: e9 40 fe ff ff jmp 80487d8 <_init+0x18>
08048998 <fwrite@plt>:
8048998: ff 25 58 b1 04 08 jmp *0x804b158
804899e: 68 d8 00 00 00 push $0xd8
80489a3: e9 30 fe ff ff jmp 80487d8 <_init+0x18>
080489a8 <socket@plt>:
80489a8: ff 25 5c b1 04 08 jmp *0x804b15c
80489ae: 68 e0 00 00 00 push $0xe0
80489b3: e9 20 fe ff ff jmp 80487d8 <_init+0x18>
080489b8 <__ctype_b_loc@plt>:
80489b8: ff 25 60 b1 04 08 jmp *0x804b160
80489be: 68 e8 00 00 00 push $0xe8
80489c3: e9 10 fe ff ff jmp 80487d8 <_init+0x18>
080489c8 <cuserid@plt>:
80489c8: ff 25 64 b1 04 08 jmp *0x804b164
80489ce: 68 f0 00 00 00 push $0xf0
80489d3: e9 00 fe ff ff jmp 80487d8 <_init+0x18>
080489d8 <__gmon_start__@plt>:
80489d8: ff 25 68 b1 04 08 jmp *0x804b168
80489de: 68 f8 00 00 00 push $0xf8
80489e3: e9 f0 fd ff ff jmp 80487d8 <_init+0x18>
080489e8 <strcpy@plt>:
80489e8: ff 25 6c b1 04 08 jmp *0x804b16c
80489ee: 68 00 01 00 00 push $0x100
80489f3: e9 e0 fd ff ff jmp 80487d8 <_init+0x18>
Disassembly of section .text:
08048a00 <_start>:
8048a00: 31 ed xor %ebp,%ebp
8048a02: 5e pop %esi
8048a03: 89 e1 mov %esp,%ecx
8048a05: 83 e4 f0 and $0xfffffff0,%esp
8048a08: 50 push %eax
8048a09: 54 push %esp
8048a0a: 52 push %edx
8048a0b: 68 90 97 04 08 push $0x8049790
8048a10: 68 e0 97 04 08 push $0x80497e0
8048a15: 51 push %ecx
8048a16: 56 push %esi
8048a17: 68 a4 8a 04 08 push $0x8048aa4
8048a1c: e8 a7 fe ff ff call 80488c8 <__libc_start_main@plt>
8048a21: f4 hlt
8048a22: 90 nop
8048a23: 90 nop
08048a24 <call_gmon_start>:
8048a24: 55 push %ebp
8048a25: 89 e5 mov %esp,%ebp
8048a27: 53 push %ebx
8048a28: 83 ec 04 sub $0x4,%esp
8048a2b: e8 00 00 00 00 call 8048a30 <call_gmon_start+0xc>
8048a30: 5b pop %ebx
8048a31: 81 c3 b0 26 00 00 add $0x26b0,%ebx
8048a37: 8b 93 fc ff ff ff mov -0x4(%ebx),%edx
8048a3d: 85 d2 test %edx,%edx
8048a3f: 74 05 je 8048a46 <call_gmon_start+0x22>
8048a41: e8 92 ff ff ff call 80489d8 <__gmon_start__@plt>
8048a46: 58 pop %eax
8048a47: 5b pop %ebx
8048a48: c9 leave
8048a49: c3 ret
8048a4a: 90 nop
8048a4b: 90 nop
8048a4c: 90 nop
8048a4d: 90 nop
8048a4e: 90 nop
8048a4f: 90 nop
08048a50 <__do_global_dtors_aux>:
8048a50: 55 push %ebp
8048a51: 89 e5 mov %esp,%ebp
8048a53: 83 ec 08 sub $0x8,%esp
8048a56: 80 3d 08 b8 04 08 00 cmpb $0x0,0x804b808
8048a5d: 74 0c je 8048a6b <__do_global_dtors_aux+0x1b>
8048a5f: eb 1c jmp 8048a7d <__do_global_dtors_aux+0x2d>
8048a61: 83 c0 04 add $0x4,%eax
8048a64: a3 88 b1 04 08 mov %eax,0x804b188
8048a69: ff d2 call *%edx
8048a6b: a1 88 b1 04 08 mov 0x804b188,%eax
8048a70: 8b 10 mov (%eax),%edx
8048a72: 85 d2 test %edx,%edx
8048a74: 75 eb jne 8048a61 <__do_global_dtors_aux+0x11>
8048a76: c6 05 08 b8 04 08 01 movb $0x1,0x804b808
8048a7d: c9 leave
8048a7e: c3 ret
8048a7f: 90 nop
08048a80 <frame_dummy>:
8048a80: 55 push %ebp
8048a81: 89 e5 mov %esp,%ebp
8048a83: 83 ec 08 sub $0x8,%esp
8048a86: a1 10 b0 04 08 mov 0x804b010,%eax
8048a8b: 85 c0 test %eax,%eax
8048a8d: 74 12 je 8048aa1 <frame_dummy+0x21>
8048a8f: b8 00 00 00 00 mov $0x0,%eax
8048a94: 85 c0 test %eax,%eax
8048a96: 74 09 je 8048aa1 <frame_dummy+0x21>
8048a98: c7 04 24 10 b0 04 08 movl $0x804b010,(%esp)
8048a9f: ff d0 call *%eax
8048aa1: c9 leave
8048aa2: c3 ret
8048aa3: 90 nop
08048aa4 <main>:
8048aa4: 8d 4c 24 04 lea 0x4(%esp),%ecx
8048aa8: 83 e4 f0 and $0xfffffff0,%esp
8048aab: ff 71 fc pushl -0x4(%ecx)
8048aae: 55 push %ebp
8048aaf: 89 e5 mov %esp,%ebp
8048ab1: 53 push %ebx
8048ab2: 51 push %ecx
8048ab3: 83 ec 10 sub $0x10,%esp
8048ab6: 8b 01 mov (%ecx),%eax
8048ab8: 8b 59 04 mov 0x4(%ecx),%ebx
8048abb: 83 f8 01 cmp $0x1,%eax
8048abe: 75 0c jne 8048acc <main+0x28>
8048ac0: a1 04 b8 04 08 mov 0x804b804,%eax
8048ac5: a3 10 b8 04 08 mov %eax,0x804b810
8048aca: eb 64 jmp 8048b30 <main+0x8c>
8048acc: 83 f8 02 cmp $0x2,%eax
8048acf: 75 41 jne 8048b12 <main+0x6e>
8048ad1: c7 44 24 04 76 9a 04 movl $0x8049a76,0x4(%esp)
8048ad8: 08
8048ad9: 8b 43 04 mov 0x4(%ebx),%eax
8048adc: 89 04 24 mov %eax,(%esp)
8048adf: e8 84 fe ff ff call 8048968 <fopen@plt>
8048ae4: a3 10 b8 04 08 mov %eax,0x804b810
8048ae9: 85 c0 test %eax,%eax
8048aeb: 75 43 jne 8048b30 <main+0x8c>
8048aed: 8b 43 04 mov 0x4(%ebx),%eax
8048af0: 89 44 24 08 mov %eax,0x8(%esp)
8048af4: 8b 03 mov (%ebx),%eax
8048af6: 89 44 24 04 mov %eax,0x4(%esp)
8048afa: c7 04 24 98 98 04 08 movl $0x8049898,(%esp)
8048b01: e8 d2 fd ff ff call 80488d8 <printf@plt>
8048b06: c7 04 24 08 00 00 00 movl $0x8,(%esp)
8048b0d: e8 16 fe ff ff call 8048928 <exit@plt>
8048b12: 8b 03 mov (%ebx),%eax
8048b14: 89 44 24 04 mov %eax,0x4(%esp)
8048b18: c7 04 24 b5 98 04 08 movl $0x80498b5,(%esp)
8048b1f: e8 b4 fd ff ff call 80488d8 <printf@plt>
8048b24: c7 04 24 08 00 00 00 movl $0x8,(%esp)
8048b2b: e8 f8 fd ff ff call 8048928 <exit@plt>
8048b30: e8 50 0b 00 00 call 8049685 <initialize_bomb>
8048b35: c7 04 24 1c 99 04 08 movl $0x804991c,(%esp)
8048b3c: e8 37 fd ff ff call 8048878 <puts@plt>
8048b41: c7 04 24 58 99 04 08 movl $0x8049958,(%esp)
8048b48: e8 2b fd ff ff call 8048878 <puts@plt>
8048b4d: e8 ec 08 00 00 call 804943e <read_line>
8048b52: 89 04 24 mov %eax,(%esp)
8048b55: e8 31 03 00 00 call 8048e8b <phase_1>
8048b5a: e8 3d 07 00 00 call 804929c <phase_defused>
8048b5f: c7 04 24 84 99 04 08 movl $0x8049984,(%esp)
8048b66: e8 0d fd ff ff call 8048878 <puts@plt>
8048b6b: e8 ce 08 00 00 call 804943e <read_line>
8048b70: 89 04 24 mov %eax,(%esp)
8048b73: e8 67 02 00 00 call 8048ddf <phase_2>
8048b78: e8 1f 07 00 00 call 804929c <phase_defused>
8048b7d: c7 04 24 cf 98 04 08 movl $0x80498cf,(%esp)
8048b84: e8 ef fc ff ff call 8048878 <puts@plt>
8048b89: e8 b0 08 00 00 call 804943e <read_line>
8048b8e: 89 04 24 mov %eax,(%esp)
8048b91: e8 6b 03 00 00 call 8048f01 <phase_3>
8048b96: e8 01 07 00 00 call 804929c <phase_defused>
8048b9b: c7 04 24 ed 98 04 08 movl $0x80498ed,(%esp)
8048ba2: e8 d1 fc ff ff call 8048878 <puts@plt>
8048ba7: e8 92 08 00 00 call 804943e <read_line>
8048bac: 89 04 24 mov %eax,(%esp)
8048baf: e8 fd 02 00 00 call 8048eb1 <phase_4>
8048bb4: e8 e3 06 00 00 call 804929c <phase_defused>
8048bb9: c7 04 24 b0 99 04 08 movl $0x80499b0,(%esp)
8048bc0: e8 b3 fc ff ff call 8048878 <puts@plt>
8048bc5: e8 74 08 00 00 call 804943e <read_line>
8048bca: 89 04 24 mov %eax,(%esp)
8048bcd: e8 59 02 00 00 call 8048e2b <phase_5>
8048bd2: e8 c5 06 00 00 call 804929c <phase_defused>
8048bd7: c7 04 24 fc 98 04 08 movl $0x80498fc,(%esp)
8048bde: e8 95 fc ff ff call 8048878 <puts@plt>
8048be3: e8 56 08 00 00 call 804943e <read_line>
8048be8: 89 04 24 mov %eax,(%esp)
8048beb: e8 09 01 00 00 call 8048cf9 <phase_6>
8048bf0: e8 a7 06 00 00 call 804929c <phase_defused>
8048bf5: b8 00 00 00 00 mov $0x0,%eax
8048bfa: 83 c4 10 add $0x10,%esp
8048bfd: 59 pop %ecx
8048bfe: 5b pop %ebx
8048bff: 5d pop %ebp
8048c00: 8d 61 fc lea -0x4(%ecx),%esp
8048c03: c3 ret
8048c04: 90 nop
8048c05: 90 nop
8048c06: 90 nop
8048c07: 90 nop
8048c08: 90 nop
8048c09: 90 nop
8048c0a: 90 nop
8048c0b: 90 nop
8048c0c: 90 nop
8048c0d: 90 nop
8048c0e: 90 nop
8048c0f: 90 nop
08048c10 <func4>:
8048c10: 55 push %ebp
8048c11: 89 e5 mov %esp,%ebp
8048c13: 83 ec 04 sub $0x4,%esp
8048c16: 8b 55 08 mov 0x8(%ebp),%edx
8048c19: b8 01 00 00 00 mov $0x1,%eax
8048c1e: 85 d2 test %edx,%edx
8048c20: 7e 16 jle 8048c38 <func4+0x28>
8048c22: 8d 42 ff lea -0x1(%edx),%eax
8048c25: 89 04 24 mov %eax,(%esp)
8048c28: e8 e3 ff ff ff call 8048c10 <func4>
8048c2d: 8d 14 c5 00 00 00 00 lea 0x0(,%eax,8),%edx
8048c34: 29 c2 sub %eax,%edx
8048c36: 89 d0 mov %edx,%eax
8048c38: c9 leave
8048c39: c3 ret
08048c3a <fun7>:
8048c3a: 55 push %ebp
8048c3b: 89 e5 mov %esp,%ebp
8048c3d: 53 push %ebx
8048c3e: 83 ec 08 sub $0x8,%esp
8048c41: 8b 5d 08 mov 0x8(%ebp),%ebx
8048c44: 8b 4d 0c mov 0xc(%ebp),%ecx
8048c47: b8 ff ff ff ff mov $0xffffffff,%eax
8048c4c: 85 db test %ebx,%ebx
8048c4e: 74 35 je 8048c85 <fun7+0x4b>
8048c50: 8b 13 mov (%ebx),%edx
8048c52: 39 ca cmp %ecx,%edx
8048c54: 7e 13 jle 8048c69 <fun7+0x2f>
8048c56: 89 4c 24 04 mov %ecx,0x4(%esp)
8048c5a: 8b 43 04 mov 0x4(%ebx),%eax
8048c5d: 89 04 24 mov %eax,(%esp)
8048c60: e8 d5 ff ff ff call 8048c3a <fun7>
8048c65: 01 c0 add %eax,%eax
8048c67: eb 1c jmp 8048c85 <fun7+0x4b>
8048c69: b8 00 00 00 00 mov $0x0,%eax
8048c6e: 39 ca cmp %ecx,%edx
8048c70: 74 13 je 8048c85 <fun7+0x4b>
8048c72: 89 4c 24 04 mov %ecx,0x4(%esp)
8048c76: 8b 43 08 mov 0x8(%ebx),%eax
8048c79: 89 04 24 mov %eax,(%esp)
8048c7c: e8 b9 ff ff ff call 8048c3a <fun7>
8048c81: 8d 44 00 01 lea 0x1(%eax,%eax,1),%eax
8048c85: 83 c4 08 add $0x8,%esp
8048c88: 5b pop %ebx
8048c89: 5d pop %ebp
8048c8a: c3 ret
08048c8b <secret_phase>:
8048c8b: 55 push %ebp
8048c8c: 89 e5 mov %esp,%ebp
8048c8e: 53 push %ebx
8048c8f: 83 ec 14 sub $0x14,%esp
8048c92: e8 a7 07 00 00 call 804943e <read_line>
8048c97: c7 44 24 0c 00 00 00 movl $0x0,0xc(%esp)
8048c9e: 00
8048c9f: c7 44 24 08 0a 00 00 movl $0xa,0x8(%esp)
8048ca6: 00
8048ca7: c7 44 24 04 00 00 00 movl $0x0,0x4(%esp)
8048cae: 00
8048caf: 89 04 24 mov %eax,(%esp)
8048cb2: e8 f1 fb ff ff call 80488a8 <__strtol_internal@plt>
8048cb7: 89 c3 mov %eax,%ebx
8048cb9: 8d 40 ff lea -0x1(%eax),%eax
8048cbc: 3d e8 03 00 00 cmp $0x3e8,%eax
8048cc1: 76 05 jbe 8048cc8 <secret_phase+0x3d>
8048cc3: e8 66 06 00 00 call 804932e <explode_bomb>
8048cc8: 89 5c 24 04 mov %ebx,0x4(%esp)
8048ccc: c7 04 24 b0 b6 04 08 movl $0x804b6b0,(%esp)
8048cd3: e8 62 ff ff ff call 8048c3a <fun7>
8048cd8: 83 f8 02 cmp $0x2,%eax
8048cdb: 74 05 je 8048ce2 <secret_phase+0x57>
8048cdd: e8 4c 06 00 00 call 804932e <explode_bomb>
8048ce2: c7 04 24 d4 99 04 08 movl $0x80499d4,(%esp)
8048ce9: e8 8a fb ff ff call 8048878 <puts@plt>
8048cee: e8 a9 05 00 00 call 804929c <phase_defused>
8048cf3: 83 c4 14 add $0x14,%esp
8048cf6: 5b pop %ebx
8048cf7: 5d pop %ebp
8048cf8: c3 ret
08048cf9 <phase_6>:
8048cf9: 55 push %ebp
8048cfa: 89 e5 mov %esp,%ebp
8048cfc: 57 push %edi
8048cfd: 56 push %esi
8048cfe: 53 push %ebx
8048cff: 83 ec 3c sub $0x3c,%esp
8048d02: 8d 45 dc lea -0x24(%ebp),%eax
8048d05: 89 44 24 04 mov %eax,0x4(%esp)
8048d09: 8b 45 08 mov 0x8(%ebp),%eax
8048d0c: 89 04 24 mov %eax,(%esp)
8048d0f: e8 5c 06 00 00 call 8049370 <read_six_numbers>
8048d14: bb 00 00 00 00 mov $0x0,%ebx
8048d19: 8b 44 9d dc mov -0x24(%ebp,%ebx,4),%eax
8048d1d: 48 dec %eax
8048d1e: 83 f8 05 cmp $0x5,%eax
8048d21: 76 05 jbe 8048d28 <phase_6+0x2f>
8048d23: e8 06 06 00 00 call 804932e <explode_bomb>
8048d28: 8d 7b 01 lea 0x1(%ebx),%edi
8048d2b: 83 ff 06 cmp $0x6,%edi
8048d2e: 0f 84 92 00 00 00 je 8048dc6 <phase_6+0xcd>
8048d34: 8d 74 9d dc lea -0x24(%ebp,%ebx,4),%esi
8048d38: 89 fb mov %edi,%ebx
8048d3a: 8d 45 dc lea -0x24(%ebp),%eax
8048d3d: 89 45 c0 mov %eax,-0x40(%ebp)
8048d40: 8b 55 c0 mov -0x40(%ebp),%edx
8048d43: 8b 44 ba fc mov -0x4(%edx,%edi,4),%eax
8048d47: 3b 46 04 cmp 0x4(%esi),%eax
8048d4a: 75 05 jne 8048d51 <phase_6+0x58>
8048d4c: e8 dd 05 00 00 call 804932e <explode_bomb>
8048d51: 43 inc %ebx
8048d52: 83 c6 04 add $0x4,%esi
8048d55: 83 fb 05 cmp $0x5,%ebx
8048d58: 7e e6 jle 8048d40 <phase_6+0x47>
8048d5a: 89 fb mov %edi,%ebx
8048d5c: eb bb jmp 8048d19 <phase_6+0x20>
8048d5e: 8b 49 08 mov 0x8(%ecx),%ecx
8048d61: 40 inc %eax
8048d62: 3b 44 95 dc cmp -0x24(%ebp,%edx,4),%eax
8048d66: 7c f6 jl 8048d5e <phase_6+0x65>
8048d68: 89 4c 95 c4 mov %ecx,-0x3c(%ebp,%edx,4)
8048d6c: 42 inc %edx
8048d6d: 83 fa 05 cmp $0x5,%edx
8048d70: 7f 0c jg 8048d7e <phase_6+0x85>
8048d72: b9 fc b5 04 08 mov $0x804b5fc,%ecx
8048d77: b8 01 00 00 00 mov $0x1,%eax
8048d7c: eb e4 jmp 8048d62 <phase_6+0x69>
8048d7e: 8b 4d c4 mov -0x3c(%ebp),%ecx
8048d81: 8b 45 c8 mov -0x38(%ebp),%eax
8048d84: 89 41 08 mov %eax,0x8(%ecx)
8048d87: 8b 55 cc mov -0x34(%ebp),%edx
8048d8a: 89 50 08 mov %edx,0x8(%eax)
8048d8d: 8b 45 d0 mov -0x30(%ebp),%eax
8048d90: 89 42 08 mov %eax,0x8(%edx)
8048d93: 8b 55 d4 mov -0x2c(%ebp),%edx
8048d96: 89 50 08 mov %edx,0x8(%eax)
8048d99: 8b 45 d8 mov -0x28(%ebp),%eax
8048d9c: 89 42 08 mov %eax,0x8(%edx)
8048d9f: c7 40 08 00 00 00 00 movl $0x0,0x8(%eax)
8048da6: 89 cb mov %ecx,%ebx
8048da8: be 00 00 00 00 mov $0x0,%esi
8048dad: 8b 53 08 mov 0x8(%ebx),%edx
8048db0: 8b 03 mov (%ebx),%eax
8048db2: 3b 02 cmp (%edx),%eax
8048db4: 7d 05 jge 8048dbb <phase_6+0xc2>
8048db6: e8 73 05 00 00 call 804932e <explode_bomb>
8048dbb: 8b 5b 08 mov 0x8(%ebx),%ebx
8048dbe: 46 inc %esi
8048dbf: 83 fe 05 cmp $0x5,%esi
8048dc2: 74 13 je 8048dd7 <phase_6+0xde>
8048dc4: eb e7 jmp 8048dad <phase_6+0xb4>
8048dc6: b9 fc b5 04 08 mov $0x804b5fc,%ecx
8048dcb: b8 01 00 00 00 mov $0x1,%eax
8048dd0: ba 00 00 00 00 mov $0x0,%edx
8048dd5: eb 8b jmp 8048d62 <phase_6+0x69>
8048dd7: 83 c4 3c add $0x3c,%esp
8048dda: 5b pop %ebx
8048ddb: 5e pop %esi
8048ddc: 5f pop %edi
8048ddd: 5d pop %ebp
8048dde: c3 ret
08048ddf <phase_2>:
8048ddf: 55 push %ebp
8048de0: 89 e5 mov %esp,%ebp
8048de2: 56 push %esi
8048de3: 53 push %ebx
8048de4: 83 ec 30 sub $0x30,%esp
8048de7: 8d 45 e0 lea -0x20(%ebp),%eax
8048dea: 89 44 24 04 mov %eax,0x4(%esp)
8048dee: 8b 45 08 mov 0x8(%ebp),%eax
8048df1: 89 04 24 mov %eax,(%esp)
8048df4: e8 77 05 00 00 call 8049370 <read_six_numbers>
8048df9: 83 7d e0 01 cmpl $0x1,-0x20(%ebp)
8048dfd: 74 05 je 8048e04 <phase_2+0x25>
8048dff: e8 2a 05 00 00 call 804932e <explode_bomb>
8048e04: bb 02 00 00 00 mov $0x2,%ebx
8048e09: 8d 75 e0 lea -0x20(%ebp),%esi
8048e0c: 89 d8 mov %ebx,%eax
8048e0e: 0f af 44 9e f8 imul -0x8(%esi,%ebx,4),%eax
8048e13: 39 44 9e fc cmp %eax,-0x4(%esi,%ebx,4)
8048e17: 74 05 je 8048e1e <phase_2+0x3f>
8048e19: e8 10 05 00 00 call 804932e <explode_bomb>
8048e1e: 43 inc %ebx
8048e1f: 83 fb 07 cmp $0x7,%ebx
8048e22: 75 e8 jne 8048e0c <phase_2+0x2d>
8048e24: 83 c4 30 add $0x30,%esp
8048e27: 5b pop %ebx
8048e28: 5e pop %esi
8048e29: 5d pop %ebp
8048e2a: c3 ret
08048e2b <phase_5>:
8048e2b: 55 push %ebp
8048e2c: 89 e5 mov %esp,%ebp
8048e2e: 53 push %ebx
8048e2f: 83 ec 24 sub $0x24,%esp
8048e32: 8b 5d 08 mov 0x8(%ebp),%ebx
8048e35: 89 1c 24 mov %ebx,(%esp)
8048e38: e8 93 01 00 00 call 8048fd0 <string_length>
8048e3d: 83 f8 06 cmp $0x6,%eax
8048e40: 74 05 je 8048e47 <phase_5+0x1c>
8048e42: e8 e7 04 00 00 call 804932e <explode_bomb>
8048e47: ba 01 00 00 00 mov $0x1,%edx
8048e4c: 8d 4d f5 lea -0xb(%ebp),%ecx
8048e4f: 0f be 44 1a ff movsbl -0x1(%edx,%ebx,1),%eax
8048e54: 83 e0 0f and $0xf,%eax
8048e57: 0f b6 80 54 9a 04 08 movzbl 0x8049a54(%eax),%eax
8048e5e: 88 44 0a ff mov %al,-0x1(%edx,%ecx,1)
8048e62: 42 inc %edx
8048e63: 83 fa 07 cmp $0x7,%edx
8048e66: 75 e7 jne 8048e4f <phase_5+0x24>
8048e68: c6 45 fb 00 movb $0x0,-0x5(%ebp)
8048e6c: c7 44 24 04 2d 9a 04 movl $0x8049a2d,0x4(%esp)
8048e73: 08
8048e74: 89 0c 24 mov %ecx,(%esp)
8048e77: e8 72 01 00 00 call 8048fee <strings_not_equal>
8048e7c: 85 c0 test %eax,%eax
8048e7e: 74 05 je 8048e85 <phase_5+0x5a>
8048e80: e8 a9 04 00 00 call 804932e <explode_bomb>
8048e85: 83 c4 24 add $0x24,%esp
8048e88: 5b pop %ebx
8048e89: 5d pop %ebp
8048e8a: c3 ret
08048e8b <phase_1>:
8048e8b: 55 push %ebp
8048e8c: 89 e5 mov %esp,%ebp
8048e8e: 83 ec 08 sub $0x8,%esp
8048e91: c7 44 24 04 fc 99 04 movl $0x80499fc,0x4(%esp)
8048e98: 08
8048e99: 8b 45 08 mov 0x8(%ebp),%eax
8048e9c: 89 04 24 mov %eax,(%esp)
8048e9f: e8 4a 01 00 00 call 8048fee <strings_not_equal>
8048ea4: 85 c0 test %eax,%eax
8048ea6: 74 05 je 8048ead <phase_1+0x22>
8048ea8: e8 81 04 00 00 call 804932e <explode_bomb>
8048ead: c9 leave
8048eae: 89 f6 mov %esi,%esi
8048eb0: c3 ret
08048eb1 <phase_4>:
8048eb1: 55 push %ebp
8048eb2: 89 e5 mov %esp,%ebp
8048eb4: 83 ec 28 sub $0x28,%esp
8048eb7: 8d 45 fc lea -0x4(%ebp),%eax
8048eba: 89 44 24 08 mov %eax,0x8(%esp)
8048ebe: c7 44 24 04 ec 9b 04 movl $0x8049bec,0x4(%esp)
8048ec5: 08
8048ec6: 8b 45 08 mov 0x8(%ebp),%eax
8048ec9: 89 04 24 mov %eax,(%esp)
8048ecc: e8 67 fa ff ff call 8048938 <sscanf@plt>
8048ed1: 83 f8 01 cmp $0x1,%eax
8048ed4: 75 06 jne 8048edc <phase_4+0x2b>
8048ed6: 83 7d fc 00 cmpl $0x0,-0x4(%ebp)
8048eda: 7f 09 jg 8048ee5 <phase_4+0x34>
8048edc: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
8048ee0: e8 49 04 00 00 call 804932e <explode_bomb>
8048ee5: 8b 45 fc mov -0x4(%ebp),%eax
8048ee8: 89 04 24 mov %eax,(%esp)
8048eeb: e8 20 fd ff ff call 8048c10 <func4>
8048ef0: 83 f8 31 cmp $0x31,%eax
8048ef3: 74 05 je 8048efa <phase_4+0x49>
8048ef5: e8 34 04 00 00 call 804932e <explode_bomb>
8048efa: c9 leave
8048efb: 90 nop
8048efc: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
8048f00: c3 ret
08048f01 <phase_3>:
8048f01: 55 push %ebp
8048f02: 89 e5 mov %esp,%ebp
8048f04: 83 ec 28 sub $0x28,%esp
8048f07: 8d 45 f8 lea -0x8(%ebp),%eax
8048f0a: 89 44 24 0c mov %eax,0xc(%esp)
8048f0e: 8d 45 fc lea -0x4(%ebp),%eax
8048f11: 89 44 24 08 mov %eax,0x8(%esp)
8048f15: c7 44 24 04 e9 9b 04 movl $0x8049be9,0x4(%esp)
8048f1c: 08
8048f1d: 8b 45 08 mov 0x8(%ebp),%eax
8048f20: 89 04 24 mov %eax,(%esp)
8048f23: e8 10 fa ff ff call 8048938 <sscanf@plt>
8048f28: 83 f8 01 cmp $0x1,%eax
8048f2b: 7f 05 jg 8048f32 <phase_3+0x31>
8048f2d: e8 fc 03 00 00 call 804932e <explode_bomb>
8048f32: 83 7d fc 07 cmpl $0x7,-0x4(%ebp)
8048f36: 77 6b ja 8048fa3 <phase_3+0xa2>
8048f38: 8b 45 fc mov -0x4(%ebp),%eax
8048f3b: ff 24 85 34 9a 04 08 jmp *0x8049a34(,%eax,4)
8048f42: b8 00 00 00 00 mov $0x0,%eax
8048f47: eb 53 jmp 8048f9c <phase_3+0x9b>
8048f49: b8 00 00 00 00 mov $0x0,%eax
8048f4e: 89 f6 mov %esi,%esi
8048f50: eb 45 jmp 8048f97 <phase_3+0x96>
8048f52: b8 00 00 00 00 mov $0x0,%eax
8048f57: eb 39 jmp 8048f92 <phase_3+0x91>
8048f59: b8 00 00 00 00 mov $0x0,%eax
8048f5e: 89 f6 mov %esi,%esi
8048f60: eb 2b jmp 8048f8d <phase_3+0x8c>
8048f62: b8 00 00 00 00 mov $0x0,%eax
8048f67: eb 1f jmp 8048f88 <phase_3+0x87>
8048f69: b8 00 00 00 00 mov $0x0,%eax
8048f6e: 89 f6 mov %esi,%esi
8048f70: eb 11 jmp 8048f83 <phase_3+0x82>
8048f72: b8 80 03 00 00 mov $0x380,%eax
8048f77: eb 05 jmp 8048f7e <phase_3+0x7d>
8048f79: b8 00 00 00 00 mov $0x0,%eax
8048f7e: 2d 4c 01 00 00 sub $0x14c,%eax
8048f83: 05 de 02 00 00 add $0x2de,%eax
8048f88: 2d 7c 01 00 00 sub $0x17c,%eax
8048f8d: 05 df 01 00 00 add $0x1df,%eax
8048f92: 2d de 02 00 00 sub $0x2de,%eax
8048f97: 05 de 02 00 00 add $0x2de,%eax
8048f9c: 2d ca 02 00 00 sub $0x2ca,%eax
8048fa1: eb 0a jmp 8048fad <phase_3+0xac>
8048fa3: e8 86 03 00 00 call 804932e <explode_bomb>
8048fa8: b8 00 00 00 00 mov $0x0,%eax
8048fad: 83 7d fc 05 cmpl $0x5,-0x4(%ebp)
8048fb1: 7f 05 jg 8048fb8 <phase_3+0xb7>
8048fb3: 3b 45 f8 cmp -0x8(%ebp),%eax
8048fb6: 74 05 je 8048fbd <phase_3+0xbc>
8048fb8: e8 71 03 00 00 call 804932e <explode_bomb>
8048fbd: c9 leave
8048fbe: 89 f6 mov %esi,%esi
8048fc0: c3 ret
8048fc1: 90 nop
8048fc2: 90 nop
8048fc3: 90 nop
8048fc4: 90 nop
8048fc5: 90 nop
8048fc6: 90 nop
8048fc7: 90 nop
8048fc8: 90 nop
8048fc9: 90 nop
8048fca: 90 nop
8048fcb: 90 nop
8048fcc: 90 nop
8048fcd: 90 nop
8048fce: 90 nop
8048fcf: 90 nop
08048fd0 <string_length>:
8048fd0: 55 push %ebp
8048fd1: 89 e5 mov %esp,%ebp
8048fd3: 8b 55 08 mov 0x8(%ebp),%edx
8048fd6: b8 00 00 00 00 mov $0x0,%eax
8048fdb: 80 3a 00 cmpb $0x0,(%edx)
8048fde: 74 0c je 8048fec <string_length+0x1c>
8048fe0: b8 00 00 00 00 mov $0x0,%eax
8048fe5: 40 inc %eax
8048fe6: 80 3c 10 00 cmpb $0x0,(%eax,%edx,1)
8048fea: 75 f9 jne 8048fe5 <string_length+0x15>
8048fec: 5d pop %ebp
8048fed: c3 ret
08048fee <strings_not_equal>:
8048fee: 55 push %ebp
8048fef: 89 e5 mov %esp,%ebp
8048ff1: 57 push %edi
8048ff2: 56 push %esi
8048ff3: 53 push %ebx
8048ff4: 83 ec 04 sub $0x4,%esp
8048ff7: 8b 75 08 mov 0x8(%ebp),%esi
8048ffa: 8b 7d 0c mov 0xc(%ebp),%edi
8048ffd: 89 34 24 mov %esi,(%esp)
8049000: e8 cb ff ff ff call 8048fd0 <string_length>
8049005: 89 c3 mov %eax,%ebx
8049007: 89 3c 24 mov %edi,(%esp)
804900a: e8 c1 ff ff ff call 8048fd0 <string_length>
804900f: 39 c3 cmp %eax,%ebx
8049011: 75 25 jne 8049038 <strings_not_equal+0x4a>
8049013: 0f b6 06 movzbl (%esi),%eax
8049016: 84 c0 test %al,%al
8049018: 74 28 je 8049042 <strings_not_equal+0x54>
804901a: 3a 07 cmp (%edi),%al
804901c: 75 1a jne 8049038 <strings_not_equal+0x4a>
804901e: 89 f1 mov %esi,%ecx
8049020: 89 fa mov %edi,%edx
8049022: eb 0a jmp 804902e <strings_not_equal+0x40>
8049024: 0f b6 42 01 movzbl 0x1(%edx),%eax
8049028: 41 inc %ecx
8049029: 42 inc %edx
804902a: 38 c3 cmp %al,%bl
804902c: 75 0a jne 8049038 <strings_not_equal+0x4a>
804902e: 0f b6 59 01 movzbl 0x1(%ecx),%ebx
8049032: 84 db test %bl,%bl
8049034: 75 ee jne 8049024 <strings_not_equal+0x36>
8049036: eb 0a jmp 8049042 <strings_not_equal+0x54>
8049038: b8 01 00 00 00 mov $0x1,%eax
804903d: 8d 76 00 lea 0x0(%esi),%esi
8049040: eb 05 jmp 8049047 <strings_not_equal+0x59>
8049042: b8 00 00 00 00 mov $0x0,%eax
8049047: 83 c4 04 add $0x4,%esp
804904a: 5b pop %ebx
804904b: 5e pop %esi
804904c: 5f pop %edi
804904d: 5d pop %ebp
804904e: c3 ret
0804904f <send_msg>:
804904f: 55 push %ebp
8049050: 89 e5 mov %esp,%ebp
8049052: 57 push %edi
8049053: 56 push %esi
8049054: 53 push %ebx
8049055: 83 ec 7c sub $0x7c,%esp
8049058: c7 04 24 00 00 00 00 movl $0x0,(%esp)
804905f: e8 14 f9 ff ff call 8048978 <dup@plt>
8049064: 89 45 a0 mov %eax,-0x60(%ebp)
8049067: 83 f8 ff cmp $0xffffffff,%eax
804906a: 75 18 jne 8049084 <send_msg+0x35>
804906c: c7 04 24 64 9a 04 08 movl $0x8049a64,(%esp)
8049073: e8 00 f8 ff ff call 8048878 <puts@plt>
8049078: c7 04 24 08 00 00 00 movl $0x8,(%esp)
804907f: e8 a4 f8 ff ff call 8048928 <exit@plt>
8049084: c7 04 24 00 00 00 00 movl $0x0,(%esp)
804908b: e8 58 f7 ff ff call 80487e8 <close@plt>
8049090: 83 f8 ff cmp $0xffffffff,%eax
8049093: 75 18 jne 80490ad <send_msg+0x5e>
8049095: c7 04 24 78 9a 04 08 movl $0x8049a78,(%esp)
804909c: e8 d7 f7 ff ff call 8048878 <puts@plt>
80490a1: c7 04 24 08 00 00 00 movl $0x8,(%esp)
80490a8: e8 7b f8 ff ff call 8048928 <exit@plt>
80490ad: e8 56 f7 ff ff call 8048808 <tmpfile@plt>
80490b2: 89 c7 mov %eax,%edi
80490b4: 85 c0 test %eax,%eax
80490b6: 75 18 jne 80490d0 <send_msg+0x81>
80490b8: c7 04 24 8b 9a 04 08 movl $0x8049a8b,(%esp)
80490bf: e8 b4 f7 ff ff call 8048878 <puts@plt>
80490c4: c7 04 24 08 00 00 00 movl $0x8,(%esp)
80490cb: e8 58 f8 ff ff call 8048928 <exit@plt>
80490d0: 89 44 24 0c mov %eax,0xc(%esp)
80490d4: c7 44 24 08 1b 00 00 movl $0x1b,0x8(%esp)
80490db: 00
80490dc: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp)
80490e3: 00
80490e4: c7 04 24 a0 9a 04 08 movl $0x8049aa0,(%esp)
80490eb: e8 a8 f8 ff ff call 8048998 <fwrite@plt>
80490f0: 89 7c 24 04 mov %edi,0x4(%esp)
80490f4: c7 04 24 0a 00 00 00 movl $0xa,(%esp)
80490fb: e8 b8 f7 ff ff call 80488b8 <fputc@plt>
8049100: c7 04 24 00 00 00 00 movl $0x0,(%esp)
8049107: e8 bc f8 ff ff call 80489c8 <cuserid@plt>
804910c: 85 c0 test %eax,%eax
804910e: 75 13 jne 8049123 <send_msg+0xd4>
8049110: c7 45 a4 6e 6f 62 6f movl $0x6f626f6e,-0x5c(%ebp)
8049117: 66 c7 45 a8 64 79 movw $0x7964,-0x58(%ebp)
804911d: c6 45 aa 00 movb $0x0,-0x56(%ebp)
8049121: eb 0f jmp 8049132 <send_msg+0xe3>
8049123: 89 44 24 04 mov %eax,0x4(%esp)
8049127: 8d 45 a4 lea -0x5c(%ebp),%eax
804912a: 89 04 24 mov %eax,(%esp)
804912d: e8 b6 f8 ff ff call 80489e8 <strcpy@plt>
8049132: a1 0c b8 04 08 mov 0x804b80c,%eax
8049137: ba bc 9a 04 08 mov $0x8049abc,%edx
804913c: 83 7d 08 00 cmpl $0x0,0x8(%ebp)
8049140: 75 05 jne 8049147 <send_msg+0xf8>
8049142: ba c4 9a 04 08 mov $0x8049ac4,%edx
8049147: 89 44 24 18 mov %eax,0x18(%esp)
804914b: 89 54 24 14 mov %edx,0x14(%esp)
804914f: 8d 45 a4 lea -0x5c(%ebp),%eax
8049152: 89 44 24 10 mov %eax,0x10(%esp)
8049156: a1 a0 b1 04 08 mov 0x804b1a0,%eax
804915b: 89 44 24 0c mov %eax,0xc(%esp)
804915f: c7 44 24 08 c0 b1 04 movl $0x804b1c0,0x8(%esp)
8049166: 08
8049167: c7 44 24 04 cd 9a 04 movl $0x8049acd,0x4(%esp)
804916e: 08
804916f: 89 3c 24 mov %edi,(%esp)
8049172: e8 81 f6 ff ff call 80487f8 <fprintf@plt>
8049177: 83 3d 0c b8 04 08 00 cmpl $0x0,0x804b80c
804917e: 7e 46 jle 80491c6 <send_msg+0x177>
8049180: be 20 b8 04 08 mov $0x804b820,%esi
8049185: bb 00 00 00 00 mov $0x0,%ebx
804918a: 43 inc %ebx
804918b: 89 74 24 18 mov %esi,0x18(%esp)
804918f: 89 5c 24 14 mov %ebx,0x14(%esp)
8049193: 8d 45 a4 lea -0x5c(%ebp),%eax
8049196: 89 44 24 10 mov %eax,0x10(%esp)
804919a: a1 a0 b1 04 08 mov 0x804b1a0,%eax
804919f: 89 44 24 0c mov %eax,0xc(%esp)
80491a3: c7 44 24 08 c0 b1 04 movl $0x804b1c0,0x8(%esp)
80491aa: 08
80491ab: c7 44 24 04 e9 9a 04 movl $0x8049ae9,0x4(%esp)
80491b2: 08
80491b3: 89 3c 24 mov %edi,(%esp)
80491b6: e8 3d f6 ff ff call 80487f8 <fprintf@plt>
80491bb: 83 c6 50 add $0x50,%esi
80491be: 39 1d 0c b8 04 08 cmp %ebx,0x804b80c
80491c4: 7f c4 jg 804918a <send_msg+0x13b>
80491c6: 89 3c 24 mov %edi,(%esp)
80491c9: e8 8a f6 ff ff call 8048858 <rewind@plt>
80491ce: c7 44 24 10 05 9b 04 movl $0x8049b05,0x10(%esp)
80491d5: 08
80491d6: c7 44 24 0c 19 9b 04 movl $0x8049b19,0xc(%esp)
80491dd: 08
80491de: c7 44 24 08 25 9b 04 movl $0x8049b25,0x8(%esp)
80491e5: 08
80491e6: c7 44 24 04 3c 9b 04 movl $0x8049b3c,0x4(%esp)
80491ed: 08
80491ee: c7 04 24 60 be 04 08 movl $0x804be60,(%esp)
80491f5: e8 8e f7 ff ff call 8048988 <sprintf@plt>
80491fa: c7 04 24 60 be 04 08 movl $0x804be60,(%esp)
8049201: e8 62 f6 ff ff call 8048868 <system@plt>
8049206: 85 c0 test %eax,%eax
8049208: 74 18 je 8049222 <send_msg+0x1d3>
804920a: c7 04 24 45 9b 04 08 movl $0x8049b45,(%esp)
8049211: e8 62 f6 ff ff call 8048878 <puts@plt>
8049216: c7 04 24 08 00 00 00 movl $0x8,(%esp)
804921d: e8 06 f7 ff ff call 8048928 <exit@plt>
8049222: 89 3c 24 mov %edi,(%esp)
8049225: e8 be f6 ff ff call 80488e8 <fclose@plt>
804922a: 85 c0 test %eax,%eax
804922c: 74 18 je 8049246 <send_msg+0x1f7>
804922e: c7 04 24 5f 9b 04 08 movl $0x8049b5f,(%esp)
8049235: e8 3e f6 ff ff call 8048878 <puts@plt>
804923a: c7 04 24 08 00 00 00 movl $0x8,(%esp)
8049241: e8 e2 f6 ff ff call 8048928 <exit@plt>
8049246: 8b 45 a0 mov -0x60(%ebp),%eax
8049249: 89 04 24 mov %eax,(%esp)
804924c: e8 27 f7 ff ff call 8048978 <dup@plt>
8049251: 85 c0 test %eax,%eax
8049253: 74 18 je 804926d <send_msg+0x21e>
8049255: c7 04 24 78 9b 04 08 movl $0x8049b78,(%esp)
804925c: e8 17 f6 ff ff call 8048878 <puts@plt>
8049261: c7 04 24 08 00 00 00 movl $0x8,(%esp)
8049268: e8 bb f6 ff ff call 8048928 <exit@plt>
804926d: 8b 45 a0 mov -0x60(%ebp),%eax
8049270: 89 04 24 mov %eax,(%esp)
8049273: e8 70 f5 ff ff call 80487e8 <close@plt>
8049278: 85 c0 test %eax,%eax
804927a: 74 18 je 8049294 <send_msg+0x245>
804927c: c7 04 24 93 9b 04 08 movl $0x8049b93,(%esp)
8049283: e8 f0 f5 ff ff call 8048878 <puts@plt>
8049288: c7 04 24 08 00 00 00 movl $0x8,(%esp)
804928f: e8 94 f6 ff ff call 8048928 <exit@plt>
8049294: 83 c4 7c add $0x7c,%esp
8049297: 5b pop %ebx
8049298: 5e pop %esi
8049299: 5f pop %edi
804929a: 5d pop %ebp
804929b: c3 ret
0804929c <phase_defused>:
804929c: 55 push %ebp
804929d: 89 e5 mov %esp,%ebp
804929f: 53 push %ebx
80492a0: 83 ec 74 sub $0x74,%esp
80492a3: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80492aa: e8 a0 fd ff ff call 804904f <send_msg>
80492af: 83 3d 0c b8 04 08 06 cmpl $0x6,0x804b80c
80492b6: 75 70 jne 8049328 <phase_defused+0x8c>
80492b8: 8d 5d ac lea -0x54(%ebp),%ebx
80492bb: 89 5c 24 0c mov %ebx,0xc(%esp)
80492bf: 8d 45 a8 lea -0x58(%ebp),%eax
80492c2: 89 44 24 08 mov %eax,0x8(%esp)
80492c6: c7 44 24 04 aa 9b 04 movl $0x8049baa,0x4(%esp)
80492cd: 08
80492ce: c7 04 24 10 b9 04 08 movl $0x804b910,(%esp)
80492d5: e8 5e f6 ff ff call 8048938 <sscanf@plt>
80492da: 83 f8 02 cmp $0x2,%eax
80492dd: 75 31 jne 8049310 <phase_defused+0x74>
80492df: c7 44 24 04 b0 9b 04 movl $0x8049bb0,0x4(%esp)
80492e6: 08
80492e7: 89 1c 24 mov %ebx,(%esp)
80492ea: e8 ff fc ff ff call 8048fee <strings_not_equal>
80492ef: 85 c0 test %eax,%eax
80492f1: 75 1d jne 8049310 <phase_defused+0x74>
80492f3: c7 04 24 3c a1 04 08 movl $0x804a13c,(%esp)
80492fa: e8 79 f5 ff ff call 8048878 <puts@plt>
80492ff: c7 04 24 64 a1 04 08 movl $0x804a164,(%esp)
8049306: e8 6d f5 ff ff call 8048878 <puts@plt>
804930b: e8 7b f9 ff ff call 8048c8b <secret_phase>
8049310: c7 04 24 9c a1 04 08 movl $0x804a19c,(%esp)
8049317: e8 5c f5 ff ff call 8048878 <puts@plt>
804931c: c7 04 24 c8 a1 04 08 movl $0x804a1c8,(%esp)
8049323: e8 50 f5 ff ff call 8048878 <puts@plt>
8049328: 83 c4 74 add $0x74,%esp
804932b: 5b pop %ebx
804932c: 5d pop %ebp
804932d: c3 ret
0804932e <explode_bomb>:
804932e: 55 push %ebp
804932f: 89 e5 mov %esp,%ebp
8049331: 83 ec 08 sub $0x8,%esp
8049334: c7 04 24 bd 9b 04 08 movl $0x8049bbd,(%esp)
804933b: e8 38 f5 ff ff call 8048878 <puts@plt>
8049340: c7 04 24 c6 9b 04 08 movl $0x8049bc6,(%esp)
8049347: e8 2c f5 ff ff call 8048878 <puts@plt>
804934c: c7 04 24 00 00 00 00 movl $0x0,(%esp)
8049353: e8 f7 fc ff ff call 804904f <send_msg>
8049358: c7 04 24 0c a2 04 08 movl $0x804a20c,(%esp)
804935f: e8 14 f5 ff ff call 8048878 <puts@plt>
8049364: c7 04 24 08 00 00 00 movl $0x8,(%esp)
804936b: e8 b8 f5 ff ff call 8048928 <exit@plt>
08049370 <read_six_numbers>:
8049370: 55 push %ebp
8049371: 89 e5 mov %esp,%ebp
8049373: 83 ec 28 sub $0x28,%esp
8049376: 8b 55 0c mov 0xc(%ebp),%edx
8049379: 8d 42 14 lea 0x14(%edx),%eax
804937c: 89 44 24 1c mov %eax,0x1c(%esp)
8049380: 8d 42 10 lea 0x10(%edx),%eax
8049383: 89 44 24 18 mov %eax,0x18(%esp)
8049387: 8d 42 0c lea 0xc(%edx),%eax
804938a: 89 44 24 14 mov %eax,0x14(%esp)
804938e: 8d 42 08 lea 0x8(%edx),%eax
8049391: 89 44 24 10 mov %eax,0x10(%esp)
8049395: 8d 42 04 lea 0x4(%edx),%eax
8049398: 89 44 24 0c mov %eax,0xc(%esp)
804939c: 89 54 24 08 mov %edx,0x8(%esp)
80493a0: c7 44 24 04 dd 9b 04 movl $0x8049bdd,0x4(%esp)
80493a7: 08
80493a8: 8b 45 08 mov 0x8(%ebp),%eax
80493ab: 89 04 24 mov %eax,(%esp)
80493ae: e8 85 f5 ff ff call 8048938 <sscanf@plt>
80493b3: 83 f8 05 cmp $0x5,%eax
80493b6: 7f 05 jg 80493bd <read_six_numbers+0x4d>
80493b8: e8 71 ff ff ff call 804932e <explode_bomb>
80493bd: c9 leave
80493be: 89 f6 mov %esi,%esi
80493c0: c3 ret
080493c1 <blank_line>:
80493c1: 55 push %ebp
80493c2: 89 e5 mov %esp,%ebp
80493c4: 56 push %esi
80493c5: 53 push %ebx
80493c6: 8b 75 08 mov 0x8(%ebp),%esi
80493c9: eb 19 jmp 80493e4 <blank_line+0x23>
80493cb: e8 e8 f5 ff ff call 80489b8 <__ctype_b_loc@plt>
80493d0: 0f be d3 movsbl %bl,%edx
80493d3: 8b 00 mov (%eax),%eax
80493d5: f6 44 50 01 20 testb $0x20,0x1(%eax,%edx,2)
80493da: 75 07 jne 80493e3 <blank_line+0x22>
80493dc: b8 00 00 00 00 mov $0x0,%eax
80493e1: eb 0d jmp 80493f0 <blank_line+0x2f>
80493e3: 46 inc %esi
80493e4: 0f b6 1e movzbl (%esi),%ebx
80493e7: 84 db test %bl,%bl
80493e9: 75 e0 jne 80493cb <blank_line+0xa>
80493eb: b8 01 00 00 00 mov $0x1,%eax
80493f0: 5b pop %ebx
80493f1: 5e pop %esi
80493f2: 5d pop %ebp
80493f3: c3 ret
080493f4 <skip>:
80493f4: 55 push %ebp
80493f5: 89 e5 mov %esp,%ebp
80493f7: 53 push %ebx
80493f8: 83 ec 14 sub $0x14,%esp
80493fb: a1 10 b8 04 08 mov 0x804b810,%eax
8049400: 89 44 24 08 mov %eax,0x8(%esp)
8049404: c7 44 24 04 50 00 00 movl $0x50,0x4(%esp)
804940b: 00
804940c: a1 0c b8 04 08 mov 0x804b80c,%eax
8049411: 8d 04 80 lea (%eax,%eax,4),%eax
8049414: c1 e0 04 shl $0x4,%eax
8049417: 05 20 b8 04 08 add $0x804b820,%eax
804941c: 89 04 24 mov %eax,(%esp)
804941f: e8 64 f4 ff ff call 8048888 <fgets@plt>
8049424: 89 c3 mov %eax,%ebx
8049426: 85 c0 test %eax,%eax
8049428: 74 0c je 8049436 <skip+0x42>
804942a: 89 04 24 mov %eax,(%esp)
804942d: e8 8f ff ff ff call 80493c1 <blank_line>
8049432: 85 c0 test %eax,%eax
8049434: 75 c5 jne 80493fb <skip+0x7>
8049436: 89 d8 mov %ebx,%eax
8049438: 83 c4 14 add $0x14,%esp
804943b: 5b pop %ebx
804943c: 5d pop %ebp
804943d: c3 ret
0804943e <read_line>:
804943e: 55 push %ebp
804943f: 89 e5 mov %esp,%ebp
8049441: 57 push %edi
8049442: 83 ec 04 sub $0x4,%esp
8049445: e8 aa ff ff ff call 80493f4 <skip>
804944a: 85 c0 test %eax,%eax
804944c: 75 60 jne 80494ae <read_line+0x70>
804944e: a1 10 b8 04 08 mov 0x804b810,%eax
8049453: 3b 05 04 b8 04 08 cmp 0x804b804,%eax
8049459: 75 13 jne 804946e <read_line+0x30>
804945b: c7 04 24 ef 9b 04 08 movl $0x8049bef,(%esp)
8049462: e8 11 f4 ff ff call 8048878 <puts@plt>
8049467: e8 c2 fe ff ff call 804932e <explode_bomb>
804946c: eb 40 jmp 80494ae <read_line+0x70>
804946e: c7 04 24 0d 9c 04 08 movl $0x8049c0d,(%esp)
8049475: e8 9e f3 ff ff call 8048818 <getenv@plt>
804947a: 85 c0 test %eax,%eax
804947c: 74 0c je 804948a <read_line+0x4c>
804947e: c7 04 24 00 00 00 00 movl $0x0,(%esp)
8049485: e8 9e f4 ff ff call 8048928 <exit@plt>
804948a: a1 04 b8 04 08 mov 0x804b804,%eax
804948f: a3 10 b8 04 08 mov %eax,0x804b810
8049494: e8 5b ff ff ff call 80493f4 <skip>
8049499: 85 c0 test %eax,%eax
804949b: 75 11 jne 80494ae <read_line+0x70>
804949d: c7 04 24 ef 9b 04 08 movl $0x8049bef,(%esp)
80494a4: e8 cf f3 ff ff call 8048878 <puts@plt>
80494a9: e8 80 fe ff ff call 804932e <explode_bomb>
80494ae: a1 0c b8 04 08 mov 0x804b80c,%eax
80494b3: 8d 04 80 lea (%eax,%eax,4),%eax
80494b6: c1 e0 04 shl $0x4,%eax
80494b9: 8d b8 20 b8 04 08 lea 0x804b820(%eax),%edi
80494bf: fc cld
80494c0: b9 ff ff ff ff mov $0xffffffff,%ecx
80494c5: b0 00 mov $0x0,%al
80494c7: f2 ae repnz scas %es:(%edi),%al
80494c9: f7 d1 not %ecx
80494cb: 8d 79 ff lea -0x1(%ecx),%edi
80494ce: 83 ff 4f cmp $0x4f,%edi
80494d1: 75 11 jne 80494e4 <read_line+0xa6>
80494d3: c7 04 24 18 9c 04 08 movl $0x8049c18,(%esp)
80494da: e8 99 f3 ff ff call 8048878 <puts@plt>
80494df: e8 4a fe ff ff call 804932e <explode_bomb>
80494e4: 8b 15 0c b8 04 08 mov 0x804b80c,%edx
80494ea: 8d 04 92 lea (%edx,%edx,4),%eax
80494ed: c1 e0 04 shl $0x4,%eax
80494f0: 05 20 b8 04 08 add $0x804b820,%eax
80494f5: c6 44 38 ff 00 movb $0x0,-0x1(%eax,%edi,1)
80494fa: 42 inc %edx
80494fb: 89 15 0c b8 04 08 mov %edx,0x804b80c
8049501: 83 c4 04 add $0x4,%esp
8049504: 5f pop %edi
8049505: 5d pop %ebp
8049506: c3 ret
08049507 <invalid_phase>:
8049507: 55 push %ebp
8049508: 89 e5 mov %esp,%ebp
804950a: 83 ec 08 sub $0x8,%esp
804950d: 8b 45 08 mov 0x8(%ebp),%eax
8049510: 89 44 24 04 mov %eax,0x4(%esp)
8049514: c7 04 24 33 9c 04 08 movl $0x8049c33,(%esp)
804951b: e8 b8 f3 ff ff call 80488d8 <printf@plt>
8049520: c7 04 24 08 00 00 00 movl $0x8,(%esp)
8049527: e8 fc f3 ff ff call 8048928 <exit@plt>
0804952c <sig_handler>:
804952c: 55 push %ebp
804952d: 89 e5 mov %esp,%ebp
804952f: 83 ec 08 sub $0x8,%esp
8049532: c7 04 24 30 a2 04 08 movl $0x804a230,(%esp)
8049539: e8 3a f3 ff ff call 8048878 <puts@plt>
804953e: c7 04 24 03 00 00 00 movl $0x3,(%esp)
8049545: e8 4e f3 ff ff call 8048898 <sleep@plt>
804954a: c7 04 24 44 9c 04 08 movl $0x8049c44,(%esp)
8049551: e8 82 f3 ff ff call 80488d8 <printf@plt>
8049556: a1 00 b8 04 08 mov 0x804b800,%eax
804955b: 89 04 24 mov %eax,(%esp)
804955e: e8 d5 f2 ff ff call 8048838 <fflush@plt>
8049563: c7 04 24 01 00 00 00 movl $0x1,(%esp)
804956a: e8 29 f3 ff ff call 8048898 <sleep@plt>
804956f: c7 04 24 4c 9c 04 08 movl $0x8049c4c,(%esp)
8049576: e8 fd f2 ff ff call 8048878 <puts@plt>
804957b: c7 04 24 10 00 00 00 movl $0x10,(%esp)
8049582: e8 a1 f3 ff ff call 8048928 <exit@plt>
08049587 <open_clientfd>:
8049587: 55 push %ebp
8049588: 89 e5 mov %esp,%ebp
804958a: 83 ec 28 sub $0x28,%esp
804958d: 89 5d f4 mov %ebx,-0xc(%ebp)
8049590: 89 75 f8 mov %esi,-0x8(%ebp)
8049593: 89 7d fc mov %edi,-0x4(%ebp)
8049596: 8b 7d 0c mov 0xc(%ebp),%edi
8049599: c7 44 24 08 00 00 00 movl $0x0,0x8(%esp)
80495a0: 00
80495a1: c7 44 24 04 01 00 00 movl $0x1,0x4(%esp)
80495a8: 00
80495a9: c7 04 24 02 00 00 00 movl $0x2,(%esp)
80495b0: e8 f3 f3 ff ff call 80489a8 <socket@plt>
80495b5: 89 c6 mov %eax,%esi
80495b7: 85 c0 test %eax,%eax
80495b9: 79 18 jns 80495d3 <open_clientfd+0x4c>
80495bb: c7 04 24 54 9c 04 08 movl $0x8049c54,(%esp)
80495c2: e8 b1 f2 ff ff call 8048878 <puts@plt>
80495c7: c7 04 24 08 00 00 00 movl $0x8,(%esp)
80495ce: e8 55 f3 ff ff call 8048928 <exit@plt>
80495d3: 8b 45 08 mov 0x8(%ebp),%eax
80495d6: 89 04 24 mov %eax,(%esp)
80495d9: e8 2a f3 ff ff call 8048908 <gethostbyname@plt>
80495de: 89 c1 mov %eax,%ecx
80495e0: 85 c0 test %eax,%eax
80495e2: 75 18 jne 80495fc <open_clientfd+0x75>
80495e4: c7 04 24 62 9c 04 08 movl $0x8049c62,(%esp)
80495eb: e8 88 f2 ff ff call 8048878 <puts@plt>
80495f0: c7 04 24 08 00 00 00 movl $0x8,(%esp)
80495f7: e8 2c f3 ff ff call 8048928 <exit@plt>
80495fc: 8d 5d e4 lea -0x1c(%ebp),%ebx
80495ff: c7 45 e4 00 00 00 00 movl $0x0,-0x1c(%ebp)
8049606: c7 45 e8 00 00 00 00 movl $0x0,-0x18(%ebp)
804960d: c7 45 ec 00 00 00 00 movl $0x0,-0x14(%ebp)
8049614: c7 45 f0 00 00 00 00 movl $0x0,-0x10(%ebp)
804961b: 66 c7 45 e4 02 00 movw $0x2,-0x1c(%ebp)
8049621: 8d 55 e8 lea -0x18(%ebp),%edx
8049624: 8b 40 0c mov 0xc(%eax),%eax
8049627: 89 44 24 08 mov %eax,0x8(%esp)
804962b: 89 54 24 04 mov %edx,0x4(%esp)
804962f: 8b 41 10 mov 0x10(%ecx),%eax
8049632: 8b 00 mov (%eax),%eax
8049634: 89 04 24 mov %eax,(%esp)
8049637: e8 0c f2 ff ff call 8048848 <bcopy@plt>
804963c: 89 f8 mov %edi,%eax
804963e: 66 c1 c8 08 ror $0x8,%ax
8049642: 66 89 45 e6 mov %ax,-0x1a(%ebp)
8049646: c7 44 24 08 10 00 00 movl $0x10,0x8(%esp)
804964d: 00
804964e: 89 5c 24 04 mov %ebx,0x4(%esp)
8049652: 89 34 24 mov %esi,(%esp)
8049655: e8 ee f2 ff ff call 8048948 <connect@plt>
804965a: 85 c0 test %eax,%eax
804965c: 79 18 jns 8049676 <open_clientfd+0xef>
804965e: c7 04 24 70 9c 04 08 movl $0x8049c70,(%esp)
8049665: e8 0e f2 ff ff call 8048878 <puts@plt>
804966a: c7 04 24 08 00 00 00 movl $0x8,(%esp)
8049671: e8 b2 f2 ff ff call 8048928 <exit@plt>
8049676: 89 f0 mov %esi,%eax
8049678: 8b 5d f4 mov -0xc(%ebp),%ebx
804967b: 8b 75 f8 mov -0x8(%ebp),%esi
804967e: 8b 7d fc mov -0x4(%ebp),%edi
8049681: 89 ec mov %ebp,%esp
8049683: 5d pop %ebp
8049684: c3 ret
08049685 <initialize_bomb>:
8049685: 55 push %ebp
8049686: 89 e5 mov %esp,%ebp
8049688: 56 push %esi
8049689: 53 push %ebx
804968a: 83 ec 50 sub $0x50,%esp
804968d: c7 44 24 04 2c 95 04 movl $0x804952c,0x4(%esp)
8049694: 08
8049695: c7 04 24 02 00 00 00 movl $0x2,(%esp)
804969c: e8 87 f1 ff ff call 8048828 <signal@plt>
80496a1: c7 44 24 04 40 00 00 movl $0x40,0x4(%esp)
80496a8: 00
80496a9: 8d 45 b8 lea -0x48(%ebp),%eax
80496ac: 89 04 24 mov %eax,(%esp)
80496af: e8 44 f2 ff ff call 80488f8 <gethostname@plt>
80496b4: 85 c0 test %eax,%eax
80496b6: 74 18 je 80496d0 <initialize_bomb+0x4b>
80496b8: c7 04 24 7e 9c 04 08 movl $0x8049c7e,(%esp)
80496bf: e8 b4 f1 ff ff call 8048878 <puts@plt>
80496c4: c7 04 24 08 00 00 00 movl $0x8,(%esp)
80496cb: e8 58 f2 ff ff call 8048928 <exit@plt>
80496d0: 8d 45 b8 lea -0x48(%ebp),%eax
80496d3: 89 04 24 mov %eax,(%esp)
80496d6: e8 2d f2 ff ff call 8048908 <gethostbyname@plt>
80496db: 85 c0 test %eax,%eax
80496dd: 75 18 jne 80496f7 <initialize_bomb+0x72>
80496df: c7 04 24 8b 9c 04 08 movl $0x8049c8b,(%esp)
80496e6: e8 8d f1 ff ff call 8048878 <puts@plt>
80496eb: c7 04 24 08 00 00 00 movl $0x8,(%esp)
80496f2: e8 31 f2 ff ff call 8048928 <exit@plt>
80496f7: c7 44 24 08 40 00 00 movl $0x40,0x8(%esp)
80496fe: 00
80496ff: 8b 00 mov (%eax),%eax
8049701: 89 44 24 04 mov %eax,0x4(%esp)
8049705: 8d 45 b8 lea -0x48(%ebp),%eax
8049708: 89 04 24 mov %eax,(%esp)
804970b: e8 48 f2 ff ff call 8048958 <strncpy@plt>
8049710: a1 c0 b6 04 08 mov 0x804b6c0,%eax
8049715: 85 c0 test %eax,%eax
8049717: 74 49 je 8049762 <initialize_bomb+0xdd>
8049719: bb 00 00 00 00 mov $0x0,%ebx
804971e: 8d 75 b8 lea -0x48(%ebp),%esi
8049721: 89 74 24 04 mov %esi,0x4(%esp)
8049725: 89 04 24 mov %eax,(%esp)
8049728: e8 eb f1 ff ff call 8048918 <strcasecmp@plt>
804972d: 85 c0 test %eax,%eax
804972f: 74 0e je 804973f <initialize_bomb+0xba>
8049731: 43 inc %ebx
8049732: 8b 04 9d c0 b6 04 08 mov 0x804b6c0(,%ebx,4),%eax
8049739: 85 c0 test %eax,%eax
804973b: 74 25 je 8049762 <initialize_bomb+0xdd>
804973d: eb e2 jmp 8049721 <initialize_bomb+0x9c>
804973f: c7 44 24 04 50 00 00 movl $0x50,0x4(%esp)
8049746: 00
8049747: c7 04 24 9a 9c 04 08 movl $0x8049c9a,(%esp)
804974e: e8 34 fe ff ff call 8049587 <open_clientfd>
8049753: 89 04 24 mov %eax,(%esp)
8049756: e8 8d f0 ff ff call 80487e8 <close@plt>
804975b: 83 c4 50 add $0x50,%esp
804975e: 5b pop %ebx
804975f: 5e pop %esi
8049760: 5d pop %ebp
8049761: c3 ret
8049762: 8d 45 b8 lea -0x48(%ebp),%eax
8049765: 89 44 24 04 mov %eax,0x4(%esp)
8049769: c7 04 24 ab 9c 04 08 movl $0x8049cab,(%esp)
8049770: e8 63 f1 ff ff call 80488d8 <printf@plt>
8049775: c7 04 24 08 00 00 00 movl $0x8,(%esp)
804977c: e8 a7 f1 ff ff call 8048928 <exit@plt>
8049781: 90 nop
8049782: 90 nop
8049783: 90 nop
8049784: 90 nop
8049785: 90 nop
8049786: 90 nop
8049787: 90 nop
8049788: 90 nop
8049789: 90 nop
804978a: 90 nop
804978b: 90 nop
804978c: 90 nop
804978d: 90 nop
804978e: 90 nop
804978f: 90 nop
08049790 <__libc_csu_fini>:
8049790: 55 push %ebp
8049791: 89 e5 mov %esp,%ebp
8049793: 57 push %edi
8049794: 56 push %esi
8049795: 53 push %ebx
8049796: e8 98 00 00 00 call 8049833 <__i686.get_pc_thunk.bx>
804979b: 81 c3 45 19 00 00 add $0x1945,%ebx
80497a1: 83 ec 0c sub $0xc,%esp
80497a4: 8d 83 20 ff ff ff lea -0xe0(%ebx),%eax
80497aa: 8d bb 20 ff ff ff lea -0xe0(%ebx),%edi
80497b0: 29 f8 sub %edi,%eax
80497b2: c1 f8 02 sar $0x2,%eax
80497b5: 8d 70 ff lea -0x1(%eax),%esi
80497b8: 83 fe ff cmp $0xffffffff,%esi
80497bb: 74 0c je 80497c9 <__libc_csu_fini+0x39>
80497bd: 8d 76 00 lea 0x0(%esi),%esi
80497c0: ff 14 b7 call *(%edi,%esi,4)
80497c3: 4e dec %esi
80497c4: 83 fe ff cmp $0xffffffff,%esi
80497c7: 75 f7 jne 80497c0 <__libc_csu_fini+0x30>
80497c9: 8d b4 26 00 00 00 00 lea 0x0(%esi,%eiz,1),%esi
80497d0: e8 9f 00 00 00 call 8049874 <_fini>
80497d5: 83 c4 0c add $0xc,%esp
80497d8: 5b pop %ebx
80497d9: 5e pop %esi
80497da: 5f pop %edi
80497db: 5d pop %ebp
80497dc: c3 ret
80497dd: 8d 76 00 lea 0x0(%esi),%esi
080497e0 <__libc_csu_init>:
80497e0: 55 push %ebp
80497e1: 89 e5 mov %esp,%ebp
80497e3: 57 push %edi
80497e4: 56 push %esi
80497e5: 53 push %ebx
80497e6: e8 48 00 00 00 call 8049833 <__i686.get_pc_thunk.bx>
80497eb: 81 c3 f5 18 00 00 add $0x18f5,%ebx
80497f1: 83 ec 0c sub $0xc,%esp
80497f4: e8 c7 ef ff ff call 80487c0 <_init>
80497f9: 8d 83 20 ff ff ff lea -0xe0(%ebx),%eax
80497ff: 8d 93 20 ff ff ff lea -0xe0(%ebx),%edx
8049805: 29 d0 sub %edx,%eax
8049807: c1 f8 02 sar $0x2,%eax
804980a: 89 45 f0 mov %eax,-0x10(%ebp)
804980d: 74 1c je 804982b <__libc_csu_init+0x4b>
804980f: 31 ff xor %edi,%edi
8049811: 89 d6 mov %edx,%esi
8049813: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
8049819: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
8049820: 47 inc %edi
8049821: ff 16 call *(%esi)
8049823: 83 c6 04 add $0x4,%esi
8049826: 39 7d f0 cmp %edi,-0x10(%ebp)
8049829: 75 f5 jne 8049820 <__libc_csu_init+0x40>
804982b: 83 c4 0c add $0xc,%esp
804982e: 5b pop %ebx
804982f: 5e pop %esi
8049830: 5f pop %edi
8049831: 5d pop %ebp
8049832: c3 ret
08049833 <__i686.get_pc_thunk.bx>:
8049833: 8b 1c 24 mov (%esp),%ebx
8049836: c3 ret
8049837: 90 nop
8049838: 90 nop
8049839: 90 nop
804983a: 90 nop
804983b: 90 nop
804983c: 90 nop
804983d: 90 nop
804983e: 90 nop
804983f: 90 nop
08049840 <__do_global_ctors_aux>:
8049840: 55 push %ebp
8049841: 89 e5 mov %esp,%ebp
8049843: 53 push %ebx
8049844: bb 00 b0 04 08 mov $0x804b000,%ebx
8049849: 83 ec 04 sub $0x4,%esp
804984c: a1 00 b0 04 08 mov 0x804b000,%eax
8049851: 83 f8 ff cmp $0xffffffff,%eax
8049854: 74 16 je 804986c <__do_global_ctors_aux+0x2c>
8049856: 8d 76 00 lea 0x0(%esi),%esi
8049859: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
8049860: 83 eb 04 sub $0x4,%ebx
8049863: ff d0 call *%eax
8049865: 8b 03 mov (%ebx),%eax
8049867: 83 f8 ff cmp $0xffffffff,%eax
804986a: 75 f4 jne 8049860 <__do_global_ctors_aux+0x20>
804986c: 58 pop %eax
804986d: 5b pop %ebx
804986e: 5d pop %ebp
804986f: 90 nop
8049870: c3 ret
8049871: 90 nop
8049872: 90 nop
8049873: 90 nop
Disassembly of section .fini:
08049874 <_fini>:
8049874: 55 push %ebp
8049875: 89 e5 mov %esp,%ebp
8049877: 53 push %ebx
8049878: 83 ec 04 sub $0x4,%esp
804987b: e8 00 00 00 00 call 8049880 <_fini+0xc>
8049880: 5b pop %ebx
8049881: 81 c3 60 18 00 00 add $0x1860,%ebx
8049887: e8 c4 f1 ff ff call 8048a50 <__do_global_dtors_aux>
804988c: 59 pop %ecx
804988d: 5b pop %ebx
804988e: c9 leave
804988f: c3 ret
ASKER
ok im fine with that.
so looking at phase one this line stands out
8048e91: c7 44 24 04 fc 99 04 movl $0x80499fc,0x4(%esp)
maybe its not that simple but possibly $0x80499fc is the address in memory that the string is stored?
i can't figure out how to view its contents in gdb if i
print $0x80499fc
it comes back as
$1=void
or is that line just part of opening the function setting up the stack or possibly preparing to call the next function so the param is not lost from the stack
so looking at phase one this line stands out
8048e91: c7 44 24 04 fc 99 04 movl $0x80499fc,0x4(%esp)
maybe its not that simple but possibly $0x80499fc is the address in memory that the string is stored?
i can't figure out how to view its contents in gdb if i
print $0x80499fc
it comes back as
$1=void
or is that line just part of opening the function setting up the stack or possibly preparing to call the next function so the param is not lost from the stack
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok awesome i was pretty sure i knew what was going on in the function phase_1 and strings_not_equal i just didn't know how to work with gdb :)
thanks im going to plug around with phase 2 now and see where i get to and repost a new one if i need to
thanks im going to plug around with phase 2 now and see where i get to and repost a new one if i need to
ASKER
he helped me through just right :)
You can continue in this question if you prefer that ... You did ask about the second phase ;)
Oh, and if you want to verify that your understanding is correct, you can post it here, and I'll be happy to look over it.
ASKER
phase one it simply loads that adress then compares it to my input if its the same it takes the jummp if equal if not then bomb goes boom!
ok so phase 2 im looking at the function read_six_numbers
correct me if im wrong but it looks to me like its loading everything into an array with the answers one at a time from the top and my input at the bottom
and then it does call 0x8048938 <sscanf@plt>
which to my understanding extracts the values from my input that is in a string
which its out put is then compared to $0x5 or just the number 5
which the result i want is greater so that way this jump will happen
jg 0x80493bd <read_six_numbers+77>
so my question is, am i right in saying all that, and how do i view the real values of the array it is storing them in (rather than this scramble ' 0xbfd89a50: "pý\004\bý\233\004\b\230\2
and also how do i view that status of the flags?
thank you i really appreciate the help im so new to debugging and asm lang.
ok so phase 2 im looking at the function read_six_numbers
correct me if im wrong but it looks to me like its loading everything into an array with the answers one at a time from the top and my input at the bottom
and then it does call 0x8048938 <sscanf@plt>
which to my understanding extracts the values from my input that is in a string
which its out put is then compared to $0x5 or just the number 5
which the result i want is greater so that way this jump will happen
jg 0x80493bd <read_six_numbers+77>
so my question is, am i right in saying all that, and how do i view the real values of the array it is storing them in (rather than this scramble ' 0xbfd89a50: "pý\004\bý\233\004\b\230\2
and also how do i view that status of the flags?
thank you i really appreciate the help im so new to debugging and asm lang.
>> it simply loads that adress then compares it to my input
I assume that you meant that it compares the strings, rather than the addresses. But yes, that's what's happening indeed :)
>> ok so phase 2 im looking at the function read_six_numbers
Ok, let's figure out what read_six_numbers does. Apart from its name which gives a good hint, we need to find out how it does that exactly.
sscanf, takes at least two parameters. The first parameter is the source string, the second is the format string, and after that come the addresses where the individual values extracted from the string need to be placed.
For example :
char *str = "5";
int x = 0;
sscanf(str, "%d", &x);
sscanf will look at the string 'str', and will interpret it using the format string "%d". In this case, %d means that it tries to extract an integer value from the string. The extracted value will be placed in 'x'. After calling sscanf, 'x' will contain the value 5. Now, check in the assembler : what are the first two arguments passed to sscanf ? What does the format string look like ?
Here's a reference for sscanf if you need it :
http://www.cplusplus.com/reference/clibrary/cstdio/sscanf.html
I assume that you meant that it compares the strings, rather than the addresses. But yes, that's what's happening indeed :)
>> ok so phase 2 im looking at the function read_six_numbers
Ok, let's figure out what read_six_numbers does. Apart from its name which gives a good hint, we need to find out how it does that exactly.
sscanf, takes at least two parameters. The first parameter is the source string, the second is the format string, and after that come the addresses where the individual values extracted from the string need to be placed.
For example :
char *str = "5";
int x = 0;
sscanf(str, "%d", &x);
sscanf will look at the string 'str', and will interpret it using the format string "%d". In this case, %d means that it tries to extract an integer value from the string. The extracted value will be placed in 'x'. After calling sscanf, 'x' will contain the value 5. Now, check in the assembler : what are the first two arguments passed to sscanf ? What does the format string look like ?
Here's a reference for sscanf if you need it :
http://www.cplusplus.com/reference/clibrary/cstdio/sscanf.html
ASKER
yes i did mean the strings and i got through the read_six_numbers it take my in put in the form of 6 numbers seperated by spaces and loads them into an array. sscanf extracts my input from string and puts them inito the array as an int. and it returns the amount of ints it extracted to eax which if the format is right will be 6 triggering the jump.
so really read six numbers is a format check and loads each number to its own spot in an array.
and i figured that for the first jump in the phase_2 body to be triggered the first number needs to be 1 and the next number 2 which at this point correct me if im wrong
0x08048e0e <phase_2+47>: imul -0x8(%esi,%ebx,4),%eax // loads next value to be tested to eax
so ebx = 3 esi =x
so it would come out to somthing like x+4=x+12 which doesn't work....
im lost now.. thought i had it for a bit :P
so really read six numbers is a format check and loads each number to its own spot in an array.
and i figured that for the first jump in the phase_2 body to be triggered the first number needs to be 1 and the next number 2 which at this point correct me if im wrong
0x08048e0e <phase_2+47>: imul -0x8(%esi,%ebx,4),%eax // loads next value to be tested to eax
so ebx = 3 esi =x
so it would come out to somthing like x+4=x+12 which doesn't work....
im lost now.. thought i had it for a bit :P
>> it take my in put in the form of 6 numbers seperated by spaces and loads them into an array.
Right :)
>> sscanf extracts my input from string and puts them inito the array as an int.
Right.
>> and it returns the amount of ints it extracted to eax which if the format is right will be 6 triggering the jump.
and right again.
>> the first number needs to be 1
Correct.
>> and the next number 2
I assume you got that from the line mov $0x2,%ebx ? It's not quite that easy ;)
We're now looking at this part of the code :
8048e04: bb 02 00 00 00 mov $0x2,%ebx
8048e09: 8d 75 e0 lea -0x20(%ebp),%esi
8048e0c: 89 d8 mov %ebx,%eax
8048e0e: 0f af 44 9e f8 imul -0x8(%esi,%ebx,4),%eax
8048e13: 39 44 9e fc cmp %eax,-0x4(%esi,%ebx,4)
8048e17: 74 05 je 8048e1e <phase_2+0x3f>
8048e19: e8 10 05 00 00 call 804932e <explode_bomb>
8048e1e: 43 inc %ebx
8048e1f: 83 fb 07 cmp $0x7,%ebx
8048e22: 75 e8 jne 8048e0c <phase_2+0x2d>
which is a loop that iterates 5 times (once for each of the remaining 5 integers). Each time, the bomb could explode if the integer value entered is not the same as the one expected.
So, if we ignore all that, we're left with this initialization :
8048e04: bb 02 00 00 00 mov $0x2,%ebx
8048e09: 8d 75 e0 lea -0x20(%ebp),%esi
this loop body :
8048e0c: 89 d8 mov %ebx,%eax
8048e0e: 0f af 44 9e f8 imul -0x8(%esi,%ebx,4),%eax
8048e13: 39 44 9e fc cmp %eax,-0x4(%esi,%ebx,4)
(where the cmp has to be true), and this increment :
8048e1e: 43 inc %ebx
The initialization and the increment are trivial, so I'll concentrate on the loop body. The only instruction that needs some explanation is the imul instruction. It performs a (signed) integer multiplication :
imul A, B
corresponds to :
B = A * B
Now, take special note of the first argument of imul :
-0x8(%esi,%ebx,4)
It is of the form :
offset(base, index, scale)
and is a memory address calculation which corresponds to :
(base + (index * scale)) + offset
So, you calculate the address, and get the value at that address. And that's the value you use for the multiplication.
Try to follow exactly what happens while this loop executes. Take note of every register and its contents at every step of the execution, and you should find the other 5 integer values that are needed.
Right :)
>> sscanf extracts my input from string and puts them inito the array as an int.
Right.
>> and it returns the amount of ints it extracted to eax which if the format is right will be 6 triggering the jump.
and right again.
>> the first number needs to be 1
Correct.
>> and the next number 2
I assume you got that from the line mov $0x2,%ebx ? It's not quite that easy ;)
We're now looking at this part of the code :
8048e04: bb 02 00 00 00 mov $0x2,%ebx
8048e09: 8d 75 e0 lea -0x20(%ebp),%esi
8048e0c: 89 d8 mov %ebx,%eax
8048e0e: 0f af 44 9e f8 imul -0x8(%esi,%ebx,4),%eax
8048e13: 39 44 9e fc cmp %eax,-0x4(%esi,%ebx,4)
8048e17: 74 05 je 8048e1e <phase_2+0x3f>
8048e19: e8 10 05 00 00 call 804932e <explode_bomb>
8048e1e: 43 inc %ebx
8048e1f: 83 fb 07 cmp $0x7,%ebx
8048e22: 75 e8 jne 8048e0c <phase_2+0x2d>
which is a loop that iterates 5 times (once for each of the remaining 5 integers). Each time, the bomb could explode if the integer value entered is not the same as the one expected.
So, if we ignore all that, we're left with this initialization :
8048e04: bb 02 00 00 00 mov $0x2,%ebx
8048e09: 8d 75 e0 lea -0x20(%ebp),%esi
this loop body :
8048e0c: 89 d8 mov %ebx,%eax
8048e0e: 0f af 44 9e f8 imul -0x8(%esi,%ebx,4),%eax
8048e13: 39 44 9e fc cmp %eax,-0x4(%esi,%ebx,4)
(where the cmp has to be true), and this increment :
8048e1e: 43 inc %ebx
The initialization and the increment are trivial, so I'll concentrate on the loop body. The only instruction that needs some explanation is the imul instruction. It performs a (signed) integer multiplication :
imul A, B
corresponds to :
B = A * B
Now, take special note of the first argument of imul :
-0x8(%esi,%ebx,4)
It is of the form :
offset(base, index, scale)
and is a memory address calculation which corresponds to :
(base + (index * scale)) + offset
So, you calculate the address, and get the value at that address. And that's the value you use for the multiplication.
Try to follow exactly what happens while this loop executes. Take note of every register and its contents at every step of the execution, and you should find the other 5 integer values that are needed.
ASKER
ok got phase 2 done :) thanks you are an amazing help! our teacher is no good
so im going to look at phase 3 now and if i need some direction i'll just add to this thread? :D
very happy with your help! EE is awesome!
so im going to look at phase 3 now and if i need some direction i'll just add to this thread? :D
very happy with your help! EE is awesome!
>> ok got phase 2 done :)
Good :)
>> and if i need some direction i'll just add to this thread? :D
Sure. Might as well ;)
Good :)
>> and if i need some direction i'll just add to this thread? :D
Sure. Might as well ;)
ASKER
well im on phase_6 now :) im catching onto this a bit better now.
im going to look at it right now but i'll post if i have any questions
im going to look at it right now but i'll post if i have any questions
Ok. It's fun, isn't it ? :)
ASKER
yes it deffinately is... if only there was more people that shared our opinion! it could be the new suduko.
just plugging away at 6 i think i have 5 of the numbers have to double check why im blowing up on last one
just plugging away at 6 i think i have 5 of the numbers have to double check why im blowing up on last one
ASKER
ok all done with the main 6 but im wondering how to get into the secret phase something to do with string inputs....
ASKER
i spoke too soon i found it... what fun this is!
Hehe :) Nice job !
Well, the goal of an exercise like this, is to get comfortable with it :)
I know you already found the solution of phase 1. But may I suggest to look for it using gdb too ? The different phases become more difficult as you progress, and if you miss the experience of having done the first phase, the second will be that much harder. So, try to find out the same solution for phase 1, but only using gdb.
If you agree, we can work together on phase one first. And once that's done, we'll work on phase two.