gpower90
asked on
Help! Bomb phase 6
So I've commented in some of my understanding of how this code functions.
Again, i'm really struggling to understand how to determine the type of input string I need to use.
Again, i'm really struggling to understand how to determine the type of input string I need to use.
08048e05 <fun6>:
8048e05: 55 push %ebp
8048e06: 89 e5 mov %esp,%ebp
8048e08: 56 push %esi
8048e09: 53 push %ebx
8048e0a: 8b 75 08 mov 0x8(%ebp),%esi //esi = 769
8048e0d: 8b 5e 08 mov 0x8(%esi),%ebx //ebx = mem(esi)+8 (that address or the value stored there?) (667?)
8048e10: c7 46 08 00 00 00 00 movl $0x0,0x8(%esi) //mem(esi)+8=0
8048e17: 85 db test %ebx,%ebx //always non-0
8048e19: 74 34 je 8048e4f <fun6+0x4a>
8048e1b: 89 f2 mov %esi,%edx //edx = esi
8048e1d: 89 f1 mov %esi,%ecx //ecx = esi
8048e1f: 85 f6 test %esi,%esi //non-0
8048e21: 74 15 je 8048e38 <fun6+0x33>
8048e23: 8b 06 mov (%esi),%eax //eax = esi value at memory
8048e25: 3b 03 cmp (%ebx),%eax
8048e27: 7e 0f jle 8048e38 <fun6+0x33> //is eax<=value at mem(ebx)
8048e29: 89 d1 mov %edx,%ecx //ecx = edx (already does...)
8048e2b: 8b 52 08 mov 0x8(%edx),%edx //edx = edxvalue+8
8048e2e: 85 d2 test %edx,%edx //my test run jumped - unsure why... 0?
8048e30: 74 06 je 8048e38 <fun6+0x33>
8048e32: 8b 02 mov (%edx),%eax
8048e34: 3b 03 cmp (%ebx),%eax
8048e36: 7f f1 jg 8048e29 <fun6+0x24>
8048e38: 39 d1 cmp %edx,%ecx
8048e3a: 74 05 je 8048e41 <fun6+0x3c> // if above are = jmp
8048e3c: 89 59 08 mov %ebx,0x8(%ecx) //memecx+8 = ebx
8048e3f: eb 02 jmp 8048e43 <fun6+0x3e>
8048e41: 89 de mov %ebx,%esi
8048e43: 8b 4b 08 mov 0x8(%ebx),%ecx //ecx = memebx+8
8048e46: 89 53 08 mov %edx,0x8(%ebx) //memebx+8 = edx value
8048e49: 89 cb mov %ecx,%ebx //ebx = ecx
8048e4b: 85 c9 test %ecx,%ecx
8048e4d: 75 cc jne 8048e1b <fun6+0x16> // if 1 jmp up
8048e4f: 89 f0 mov %esi,%eax //eax = esi
8048e51: 5b pop %ebx
8048e52: 5e pop %esi
8048e53: c9 leave
8048e54: c3 ret
08048e55 <phase_6>:
8048e55: 55 push %ebp
8048e56: 89 e5 mov %esp,%ebp
8048e58: 53 push %ebx
8048e59: 83 ec 04 sub $0x4,%esp
8048e5c: 6a 00 push $0x0
8048e5e: 6a 0a push $0xa
8048e60: 6a 00 push $0x0
8048e62: ff 75 08 pushl 0x8(%ebp)
8048e65: e8 3a fa ff ff call 80488a4 <__strtol_internal@plt>
8048e6a: 83 c4 10 add $0x10,%esp
8048e6d: 89 c3 mov %eax,%ebx
8048e6f: 68 60 b6 04 08 push $0x804b660 //769
8048e74: e8 8c ff ff ff call 8048e05 <fun6>
8048e79: ba 01 00 00 00 mov $0x1,%edx
8048e7e: 83 c4 04 add $0x4,%esp
8048e81: 8b 40 08 mov 0x8(%eax),%eax
8048e84: 42 inc %edx
8048e85: 83 fa 07 cmp $0x7,%edx
8048e88: 75 f7 jne 8048e81 <phase_6+0x2c> //small loop, if/when edx = 7 continue
8048e8a: 39 18 cmp %ebx,(%eax) //new eax store should equal original?
8048e8c: 74 05 je 8048e93 <phase_6+0x3e>
8048e8e: e8 ed 06 00 00 call 8049580 <explode_bomb>
8048e93: 8b 5d fc mov 0xfffffffc(%ebp),%ebx
8048e96: c9 leave
8048e97: c3 ret
Narendra Kumar S S
I think, you should move this question to assembly language section.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I figured the rest out on my own. But this was a great lead!