I have to decode this assembly language for the bomb lab:
Dump of assembler code for function phase_5: 0x08048e79 <+0>: push %ebx 0x08048e7a <+1>: sub $0x28,%esp 0x08048e7d <+4>: lea 0x1c(%esp),%eax 0x08048e81 <+8>: mov %eax,0xc(%esp) 0x08048e85 <+12>: lea 0x18(%esp),%eax 0x08048e89 <+16>: mov %eax,0x8(%esp) 0x08048e8d <+20>: movl $0x804a9de,0x4(%esp) 0x08048e95 <+28>: mov 0x30(%esp),%eax 0x08048e99 <+32>: mov %eax,(%esp) 0x08048e9c <+35>: call 0x8048940 <__isoc99_sscanf@plt> 0x08048ea1 <+40>: cmp $0x1,%eax 0x08048ea4 <+43>: jg 0x8048eab <phase_5+50> 0x08048ea6 <+45>: call 0x804961b <explode_bomb> 0x08048eab <+50>: mov 0x18(%esp),%eax 0x08048eaf <+54>: mov %eax,%edx 0x08048eb1 <+56>: and $0xf,%edx 0x08048eb4 <+59>: cmp %edx,%eax 0x08048eb6 <+61>: je 0x8048ebd <phase_5+68> 0x08048eb8 <+63>: call 0x804961b <explode_bomb> 0x08048ebd <+68>: mov 0x18(%esp),%ebx 0x08048ec1 <+72>: mov %ebx,%eax 0x08048ec3 <+74>: mov $0x0,%ecx 0x08048ec8 <+79>: mov $0x0,%edx 0x08048ecd <+84>: add $0x1,%edx 0x08048ed0 <+87>: add %eax,%ecx 0x08048ed2 <+89>: mov 0x804a700(,%eax,4),%eax 0x08048ed9 <+96>: cmp %eax,%ebx 0x08048edb <+98>: jne 0x8048ecd <phase_5+84> 0x08048edd <+100>: cmp 0x1c(%esp),%edx 0x08048ee1 <+104>: jne 0x8048ee8 <phase_5+111> 0x08048ee3 <+106>: cmp $0x41,%ecx 0x08048ee6 <+109>: je 0x8048eed <phase_5+116> 0x08048ee8 <+111>: call 0x804961b <explode_bomb> 0x08048eed <+116>: add $0x28,%esp 0x08048ef0 <+119>: pop %ebx 0x08048ef1 <+120>: ret
I know that up till +68, it basically checks if I have at least 2 ints in the string I inputted.
After it exits the loop,
edx must be 4 (at +100 I saw 0x1c(%esp) = 4) and
ecx must be 65 (0x41 at +106). Can someone please help me figure out what's going on and what I'd need to input?
***Edit 4/18 (Content of array): It just becomes 0 after %eax = 24 so I think I hit the end. Starting when eax = 5 and traversing through 7 times to when eax = 11, %ecx will = 65 but when I enter "5 7" it doesn't work :(
%eax=0: 0x00000014 1: 0x00000008 2: 0x00000010 3: 0x00000018 4: 0x00000005 5: 0x0000000a 6: 0x0000000e 7: 0x0000000d 8: 0x00000000 9: 0x00000004 10: 0x00000016 11: 0x00000002 12: 0x00000013 13: 0x00000017 14: 0x00000012 15: 0x00000015 16: 0x0000000f 17: 0x0000000c 18: 0x00000006 19: 0x00000011 20: 0x00000001 21: 0x0000000b 22: 0x00000009 23: 0x00000003 24: 0x00000007 25: 0x00000000 26: 0x00000000 27: 0x00000000 28: 0x00000000 29: 0x00000000...
First, you obviously have the two input integers at
0x1c(%esp). Thus, your statement that "edx must be 4" is only valid if you entered
4 as second number. In general, the check is that
edx must be equal to the second number.
The code has a linked list at address
0x804a700 which is traversed starting at the index given by the first input number. The loop exits if the value given by the first input is found.
edx is used to keep track of the number of iterations, and that's what should match the second number.
ecx is used to keep track of the sum of all the values encountered during the search and that should be
0x41 in the end.
As such, you will need to identify which part of the linked list gives
0x41 as sum, and enter its starting point and length as the two inputs.
Remember that the exit condition is to find the first number. Starting at
5 will enter a loop with
0->20->1->8->0... so it will never exit.
Incidentally that means you can't start at
8 either. So let's try
2 + 16 + 15 + 21 + 11 = 65 and we get back to
2 so the loop exits. Yay, that's our solution:
User contributions licensed under CC BY-SA 3.0