Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
Solved

# Help! Bomb phase 6

Posted on 2011-04-25
Medium Priority
1,036 Views
So I've commented in some of my understanding of how this code functions.

Again, i'm really struggling to understand how to determine the type of input string I need to use.

``````08048e05 <fun6>:
8048e05:	55                   	push   %ebp
8048e06:	89 e5                	mov    %esp,%ebp
8048e08:	56                   	push   %esi
8048e09:	53                   	push   %ebx
8048e0a:	8b 75 08             	mov    0x8(%ebp),%esi  //esi = 769
8048e0d:	8b 5e 08             	mov    0x8(%esi),%ebx  //ebx = mem(esi)+8 (that address or the value stored there?) (667?)
8048e10:	c7 46 08 00 00 00 00 	movl   \$0x0,0x8(%esi) //mem(esi)+8=0
8048e17:	85 db                	test   %ebx,%ebx //always non-0
8048e19:	74 34                	je     8048e4f <fun6+0x4a>
8048e1b:	89 f2                	mov    %esi,%edx //edx = esi
8048e1d:	89 f1                	mov    %esi,%ecx //ecx = esi
8048e1f:	85 f6                	test   %esi,%esi //non-0
8048e21:	74 15                	je     8048e38 <fun6+0x33>
8048e23:	8b 06                	mov    (%esi),%eax //eax = esi value at memory
8048e25:	3b 03                	cmp    (%ebx),%eax
8048e27:	7e 0f                	jle    8048e38 <fun6+0x33> //is eax<=value at mem(ebx)
8048e29:	89 d1                	mov    %edx,%ecx //ecx = edx (already does...)
8048e2b:	8b 52 08             	mov    0x8(%edx),%edx //edx = edxvalue+8
8048e2e:	85 d2                	test   %edx,%edx //my test run jumped - unsure why... 0?
8048e30:	74 06                	je     8048e38 <fun6+0x33>
8048e32:	8b 02                	mov    (%edx),%eax
8048e34:	3b 03                	cmp    (%ebx),%eax
8048e36:	7f f1                	jg     8048e29 <fun6+0x24>
8048e38:	39 d1                	cmp    %edx,%ecx
8048e3a:	74 05                	je     8048e41 <fun6+0x3c> // if above are = jmp
8048e3c:	89 59 08             	mov    %ebx,0x8(%ecx) //memecx+8 = ebx
8048e3f:	eb 02                	jmp    8048e43 <fun6+0x3e>
8048e41:	89 de                	mov    %ebx,%esi
8048e43:	8b 4b 08             	mov    0x8(%ebx),%ecx //ecx = memebx+8
8048e46:	89 53 08             	mov    %edx,0x8(%ebx) //memebx+8 = edx value
8048e49:	89 cb                	mov    %ecx,%ebx //ebx = ecx
8048e4b:	85 c9                	test   %ecx,%ecx
8048e4d:	75 cc                	jne    8048e1b <fun6+0x16> // if 1 jmp up
8048e4f:	89 f0                	mov    %esi,%eax //eax = esi
8048e51:	5b                   	pop    %ebx
8048e52:	5e                   	pop    %esi
8048e53:	c9                   	leave
8048e54:	c3                   	ret

08048e55 <phase_6>:
8048e55:	55                   	push   %ebp
8048e56:	89 e5                	mov    %esp,%ebp
8048e58:	53                   	push   %ebx
8048e59:	83 ec 04             	sub    \$0x4,%esp
8048e5c:	6a 00                	push   \$0x0
8048e5e:	6a 0a                	push   \$0xa
8048e60:	6a 00                	push   \$0x0
8048e62:	ff 75 08             	pushl  0x8(%ebp)
8048e65:	e8 3a fa ff ff       	call   80488a4 <__strtol_internal@plt>
8048e6a:	83 c4 10             	add    \$0x10,%esp
8048e6d:	89 c3                	mov    %eax,%ebx
8048e6f:	68 60 b6 04 08       	push   \$0x804b660    //769
8048e74:	e8 8c ff ff ff       	call   8048e05 <fun6>
8048e79:	ba 01 00 00 00       	mov    \$0x1,%edx
8048e7e:	83 c4 04             	add    \$0x4,%esp
8048e81:	8b 40 08             	mov    0x8(%eax),%eax
8048e84:	42                   	inc    %edx
8048e85:	83 fa 07             	cmp    \$0x7,%edx
8048e88:	75 f7                	jne    8048e81 <phase_6+0x2c> //small loop, if/when edx =  7 continue
8048e8a:	39 18                	cmp    %ebx,(%eax) //new eax store should equal original?
8048e8c:	74 05                	je     8048e93 <phase_6+0x3e>
8048e8e:	e8 ed 06 00 00       	call   8049580 <explode_bomb>
8048e93:	8b 5d fc             	mov    0xfffffffc(%ebp),%ebx
8048e96:	c9                   	leave
8048e97:	c3                   	ret
``````
0
Question by:gpower90

LVL 8

Expert Comment

ID: 35464741
I think, you should move this question to assembly language section.
0

LVL 53

Accepted Solution

Infinity08 earned 2000 total points
ID: 35465386
>>  8048e65:      e8 3a fa ff ff             call   80488a4 <__strtol_internal@plt>

Have a look at what the strtol function does, what arguments it takes, and how it works :

http://www.cplusplus.com/reference/clibrary/cstdlib/strtol/

0

Author Closing Comment

ID: 35725835
I figured the rest out on my own. But this was a great lead!
0

## Featured Post

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows programmers of the C/C++ variety, how many of you realise that since Window 9x Microsoft has been lying to you about what constitutes Unicode (http://en.wikipedia.org/wiki/Unicode)? They will have you believe that Unicode requires you to use…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
The goal of this video is to provide viewers with basic examples to understand and use for-loops in the C programming language.
The goal of this video is to provide viewers with basic examples to understand and use while-loops in the C programming language.
###### Suggested Courses
Course of the Month14 days, 11 hours left to enroll