Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Help! Bomb phase 6

Posted on 2011-04-25
Medium Priority
Last Modified: 2012-06-27
So I've commented in some of my understanding of how this code functions.

Again, i'm really struggling to understand how to determine the type of input string I need to use.

08048e05 <fun6>:
 8048e05:	55                   	push   %ebp
 8048e06:	89 e5                	mov    %esp,%ebp
 8048e08:	56                   	push   %esi
 8048e09:	53                   	push   %ebx
 8048e0a:	8b 75 08             	mov    0x8(%ebp),%esi  //esi = 769
 8048e0d:	8b 5e 08             	mov    0x8(%esi),%ebx  //ebx = mem(esi)+8 (that address or the value stored there?) (667?)
 8048e10:	c7 46 08 00 00 00 00 	movl   $0x0,0x8(%esi) //mem(esi)+8=0
 8048e17:	85 db                	test   %ebx,%ebx //always non-0
 8048e19:	74 34                	je     8048e4f <fun6+0x4a> 
 8048e1b:	89 f2                	mov    %esi,%edx //edx = esi
 8048e1d:	89 f1                	mov    %esi,%ecx //ecx = esi
 8048e1f:	85 f6                	test   %esi,%esi //non-0
 8048e21:	74 15                	je     8048e38 <fun6+0x33>
 8048e23:	8b 06                	mov    (%esi),%eax //eax = esi value at memory
 8048e25:	3b 03                	cmp    (%ebx),%eax 
 8048e27:	7e 0f                	jle    8048e38 <fun6+0x33> //is eax<=value at mem(ebx)
 8048e29:	89 d1                	mov    %edx,%ecx //ecx = edx (already does...)
 8048e2b:	8b 52 08             	mov    0x8(%edx),%edx //edx = edxvalue+8
 8048e2e:	85 d2                	test   %edx,%edx //my test run jumped - unsure why... 0?
 8048e30:	74 06                	je     8048e38 <fun6+0x33> 
 8048e32:	8b 02                	mov    (%edx),%eax 
 8048e34:	3b 03                	cmp    (%ebx),%eax
 8048e36:	7f f1                	jg     8048e29 <fun6+0x24>
 8048e38:	39 d1                	cmp    %edx,%ecx
 8048e3a:	74 05                	je     8048e41 <fun6+0x3c> // if above are = jmp
 8048e3c:	89 59 08             	mov    %ebx,0x8(%ecx) //memecx+8 = ebx
 8048e3f:	eb 02                	jmp    8048e43 <fun6+0x3e>
 8048e41:	89 de                	mov    %ebx,%esi
 8048e43:	8b 4b 08             	mov    0x8(%ebx),%ecx //ecx = memebx+8
 8048e46:	89 53 08             	mov    %edx,0x8(%ebx) //memebx+8 = edx value
 8048e49:	89 cb                	mov    %ecx,%ebx //ebx = ecx
 8048e4b:	85 c9                	test   %ecx,%ecx 
 8048e4d:	75 cc                	jne    8048e1b <fun6+0x16> // if 1 jmp up
 8048e4f:	89 f0                	mov    %esi,%eax //eax = esi
 8048e51:	5b                   	pop    %ebx
 8048e52:	5e                   	pop    %esi
 8048e53:	c9                   	leave  
 8048e54:	c3                   	ret    

08048e55 <phase_6>:
 8048e55:	55                   	push   %ebp
 8048e56:	89 e5                	mov    %esp,%ebp
 8048e58:	53                   	push   %ebx
 8048e59:	83 ec 04             	sub    $0x4,%esp
 8048e5c:	6a 00                	push   $0x0
 8048e5e:	6a 0a                	push   $0xa
 8048e60:	6a 00                	push   $0x0
 8048e62:	ff 75 08             	pushl  0x8(%ebp)
 8048e65:	e8 3a fa ff ff       	call   80488a4 <__strtol_internal@plt>
 8048e6a:	83 c4 10             	add    $0x10,%esp
 8048e6d:	89 c3                	mov    %eax,%ebx
 8048e6f:	68 60 b6 04 08       	push   $0x804b660    //769
 8048e74:	e8 8c ff ff ff       	call   8048e05 <fun6>
 8048e79:	ba 01 00 00 00       	mov    $0x1,%edx
 8048e7e:	83 c4 04             	add    $0x4,%esp
 8048e81:	8b 40 08             	mov    0x8(%eax),%eax
 8048e84:	42                   	inc    %edx
 8048e85:	83 fa 07             	cmp    $0x7,%edx
 8048e88:	75 f7                	jne    8048e81 <phase_6+0x2c> //small loop, if/when edx =  7 continue
 8048e8a:	39 18                	cmp    %ebx,(%eax) //new eax store should equal original?
 8048e8c:	74 05                	je     8048e93 <phase_6+0x3e>
 8048e8e:	e8 ed 06 00 00       	call   8049580 <explode_bomb>
 8048e93:	8b 5d fc             	mov    0xfffffffc(%ebp),%ebx
 8048e96:	c9                   	leave  
 8048e97:	c3                   	ret

Open in new window

Question by:gpower90

Expert Comment

ID: 35464741
I think, you should move this question to assembly language section.
LVL 53

Accepted Solution

Infinity08 earned 2000 total points
ID: 35465386
>>  8048e65:      e8 3a fa ff ff             call   80488a4 <__strtol_internal@plt>

Have a look at what the strtol function does, what arguments it takes, and how it works :


That should help you progress with this.

Author Closing Comment

ID: 35725835
I figured the rest out on my own. But this was a great lead!

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows programmers of the C/C++ variety, how many of you realise that since Window 9x Microsoft has been lying to you about what constitutes Unicode (http://en.wikipedia.org/wiki/Unicode)? They will have you believe that Unicode requires you to use…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use for-loops in the C programming language.
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use while-loops in the C programming language.
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question