Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
256 views
in Technique[技术] by (71.8m points)

Bomblab Phase 6 - reading assembly code

So I am doing a bomblab for school and I got through all the phases except the last phase 6. The assignment is to read through the assembly code of a C program and try to figure out what it's doing in order to provide it the right input such that it won't blow up (AKA call the explode bomb function). This one I've found particularly hard. Here is what I know so far:

-This program needs 6 integers to be defused. Anything else will explode.

-This program has at least 2 loops, possibly a 3rd, or an if/else in addition.

-The outer loop runs 5 times and is stored in %esi.

-The program may be traversing over linked lists or a 2d array.

You don't need to give me the answers - really any hints or help are appreciated.

Here is a dump of the assembly:

Dump of assembler code for function phase_6:

   0x08048d96 <+0>:     push   %ebp
   0x08048d97 <+1>:     mov    %esp,%ebp
   0x08048d99 <+3>:     push   %edi
   0x08048d9a <+4>:     push   %esi
   0x08048d9b <+5>:     push   %ebx
   0x08048d9c <+6>:     sub    $0x5c,%esp
   0x08048d9f <+9>:     lea    -0x30(%ebp),%eax
   0x08048da2 <+12>:    mov    %eax,0x4(%esp)
   0x08048da6 <+16>:    mov    0x8(%ebp),%eax
   0x08048da9 <+19>:    mov    %eax,(%esp)
   0x08048dac <+22>:    call   0x804941b <read_six_numbers>
   0x08048db1 <+27>:    mov    $0x0,%esi
   0x08048db6 <+32>:    lea    -0x30(%ebp),%edi
   0x08048db9 <+35>:    mov    (%edi,%esi,4),%eax
   0x08048dbc <+38>:    sub    $0x1,%eax
   0x08048dbf <+41>:    cmp    $0x5,%eax
   0x08048dc2 <+44>:    jbe    0x8048dc9 <phase_6+51>
   0x08048dc4 <+46>:    call   0x80493c1 <explode_bomb>
   0x08048dc9 <+51>:    add    $0x1,%esi
   0x08048dcc <+54>:    cmp    $0x6,%esi
   0x08048dcf <+57>:    je     0x8048df3 <phase_6+93>
   0x08048dd1 <+59>:    lea    (%edi,%esi,4),%ebx
   0x08048dd4 <+62>:    mov    %esi,-0x4c(%ebp)
   0x08048dd7 <+65>:    mov    -0x4(%edi,%esi,4),%eax
   0x08048ddb <+69>:    cmp    (%ebx),%eax
   0x08048ddd <+71>:    jne    0x8048de4 <phase_6+78>
   0x08048ddf <+73>:    call   0x80493c1 <explode_bomb>
   0x08048de4 <+78>:    addl   $0x1,-0x4c(%ebp)
   0x08048de8 <+82>:    add    $0x4,%ebx
   0x08048deb <+85>:    cmpl   $0x5,-0x4c(%ebp)
   0x08048def <+89>:    jle    0x8048dd7 <phase_6+65>
   0x08048df1 <+91>:    jmp    0x8048db9 <phase_6+35>
   0x08048df3 <+93>:    mov    $0x0,%ebx
   0x08048df8 <+98>:    lea    -0x30(%ebp),%edi
   0x08048dfb <+101>:   jmp    0x8048e13 <phase_6+125>
   0x08048dfd <+103>:   mov    0x8(%edx),%edx
   0x08048e00 <+106>:   add    $0x1,%eax
   0x08048e03 <+109>:   cmp    %ecx,%eax
   0x08048e05 <+111>:   jne    0x8048dfd <phase_6+103>
   0x08048e07 <+113>:   mov    %edx,-0x48(%ebp,%esi,4)
   0x08048e0b <+117>:   add    $0x1,%ebx
   0x08048e0e <+120>:   cmp    $0x6,%ebx
   0x08048e11 <+123>:   je     0x8048e29 <phase_6+147>
   0x08048e13 <+125>:   mov    %ebx,%esi
   0x08048e15 <+127>:   mov    (%edi,%ebx,4),%ecx
   0x08048e18 <+130>:   mov    $0x804c4fc,%edx
   0x08048e1d <+135>:   mov    $0x1,%eax
   0x08048e22 <+140>:   cmp    $0x1,%ecx
   0x08048e25 <+143>:   jg     0x8048dfd <phase_6+103>
   0x08048e27 <+145>:   jmp    0x8048e07 <phase_6+113>
   0x08048e29 <+147>:   mov    -0x48(%ebp),%ebx
   0x08048e2c <+150>:   mov    -0x44(%ebp),%eax
   0x08048e2f <+153>:   mov    %eax,0x8(%ebx)
   0x08048e32 <+156>:   mov    -0x40(%ebp),%edx
   0x08048e35 <+159>:   mov    %edx,0x8(%eax)
   0x08048e38 <+162>:   mov    -0x3c(%ebp),%eax
   0x08048e3b <+165>:   mov    %eax,0x8(%edx)
   0x08048e3e <+168>:   mov    -0x38(%ebp),%edx
   0x08048e41 <+171>:   mov    %edx,0x8(%eax)
   0x08048e44 <+174>:   mov    -0x34(%ebp),%eax
   0x08048e47 <+177>:   mov    %eax,0x8(%edx)
   0x08048e4a <+180>:   movl   $0x0,0x8(%eax)
   0x08048e51 <+187>:   mov    $0x0,%esi
   0x08048e56 <+192>:   mov    0x8(%ebx),%eax
   0x08048e59 <+195>:   mov    (%ebx),%edx
   0x08048e5b <+197>:   cmp    (%eax),%edx
   0x08048e5d <+199>:   jle    0x8048e64 <phase_6+206>
   0x08048e5f <+201>:   call   0x80493c1 <explode_bomb>
   0x08048e64 <+206>:   mov    0x8(%ebx),%ebx
   0x08048e67 <+209>:   add    $0x1,%esi
   0x08048e6a <+212>:   cmp    $0x5,%esi
   0x08048e6d <+215>:   jne    0x8048e56 <phase_6+192>
   0x08048e6f <+217>:   add    $0x5c,%esp
   0x08048e72 <+220>:   pop    %ebx
   0x08048e73 <+221>:   pop    %esi
   0x08048e74 <+222>:   pop    %edi
   0x08048e75 <+223>:   pop    %ebp
   0x08048e76 <+224>:   ret    
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Not sure how to provide hints without giving the answers away. Let me say that the first part is just checking some property of the six numbers. For the second part, the hint is that the linked list is made up of nodes and each node also contains a value. Some procedure is applied to the list based on the input numbers and finally something is checked again.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...