So I am doing a bomblab for school and I got through all the phases except the last phase 6. The assignment is to read through the assembly code of a C program and try to figure out what it's doing in order to provide it the right input such that it won't blow up (AKA call the explode bomb function). This one I've found particularly hard. Here is what I know so far:
-This program needs 6 integers to be defused. Anything else will explode.
-This program has at least 2 loops, possibly a 3rd, or an if/else in addition.
-The outer loop runs 5 times and is stored in %esi.
-The program may be traversing over linked lists or a 2d array.
You don't need to give me the answers - really any hints or help are appreciated.
Here is a dump of the assembly:
Dump of assembler code for function phase_6:
0x08048d96 <+0>: push %ebp
0x08048d97 <+1>: mov %esp,%ebp
0x08048d99 <+3>: push %edi
0x08048d9a <+4>: push %esi
0x08048d9b <+5>: push %ebx
0x08048d9c <+6>: sub $0x5c,%esp
0x08048d9f <+9>: lea -0x30(%ebp),%eax
0x08048da2 <+12>: mov %eax,0x4(%esp)
0x08048da6 <+16>: mov 0x8(%ebp),%eax
0x08048da9 <+19>: mov %eax,(%esp)
0x08048dac <+22>: call 0x804941b <read_six_numbers>
0x08048db1 <+27>: mov $0x0,%esi
0x08048db6 <+32>: lea -0x30(%ebp),%edi
0x08048db9 <+35>: mov (%edi,%esi,4),%eax
0x08048dbc <+38>: sub $0x1,%eax
0x08048dbf <+41>: cmp $0x5,%eax
0x08048dc2 <+44>: jbe 0x8048dc9 <phase_6+51>
0x08048dc4 <+46>: call 0x80493c1 <explode_bomb>
0x08048dc9 <+51>: add $0x1,%esi
0x08048dcc <+54>: cmp $0x6,%esi
0x08048dcf <+57>: je 0x8048df3 <phase_6+93>
0x08048dd1 <+59>: lea (%edi,%esi,4),%ebx
0x08048dd4 <+62>: mov %esi,-0x4c(%ebp)
0x08048dd7 <+65>: mov -0x4(%edi,%esi,4),%eax
0x08048ddb <+69>: cmp (%ebx),%eax
0x08048ddd <+71>: jne 0x8048de4 <phase_6+78>
0x08048ddf <+73>: call 0x80493c1 <explode_bomb>
0x08048de4 <+78>: addl $0x1,-0x4c(%ebp)
0x08048de8 <+82>: add $0x4,%ebx
0x08048deb <+85>: cmpl $0x5,-0x4c(%ebp)
0x08048def <+89>: jle 0x8048dd7 <phase_6+65>
0x08048df1 <+91>: jmp 0x8048db9 <phase_6+35>
0x08048df3 <+93>: mov $0x0,%ebx
0x08048df8 <+98>: lea -0x30(%ebp),%edi
0x08048dfb <+101>: jmp 0x8048e13 <phase_6+125>
0x08048dfd <+103>: mov 0x8(%edx),%edx
0x08048e00 <+106>: add $0x1,%eax
0x08048e03 <+109>: cmp %ecx,%eax
0x08048e05 <+111>: jne 0x8048dfd <phase_6+103>
0x08048e07 <+113>: mov %edx,-0x48(%ebp,%esi,4)
0x08048e0b <+117>: add $0x1,%ebx
0x08048e0e <+120>: cmp $0x6,%ebx
0x08048e11 <+123>: je 0x8048e29 <phase_6+147>
0x08048e13 <+125>: mov %ebx,%esi
0x08048e15 <+127>: mov (%edi,%ebx,4),%ecx
0x08048e18 <+130>: mov $0x804c4fc,%edx
0x08048e1d <+135>: mov $0x1,%eax
0x08048e22 <+140>: cmp $0x1,%ecx
0x08048e25 <+143>: jg 0x8048dfd <phase_6+103>
0x08048e27 <+145>: jmp 0x8048e07 <phase_6+113>
0x08048e29 <+147>: mov -0x48(%ebp),%ebx
0x08048e2c <+150>: mov -0x44(%ebp),%eax
0x08048e2f <+153>: mov %eax,0x8(%ebx)
0x08048e32 <+156>: mov -0x40(%ebp),%edx
0x08048e35 <+159>: mov %edx,0x8(%eax)
0x08048e38 <+162>: mov -0x3c(%ebp),%eax
0x08048e3b <+165>: mov %eax,0x8(%edx)
0x08048e3e <+168>: mov -0x38(%ebp),%edx
0x08048e41 <+171>: mov %edx,0x8(%eax)
0x08048e44 <+174>: mov -0x34(%ebp),%eax
0x08048e47 <+177>: mov %eax,0x8(%edx)
0x08048e4a <+180>: movl $0x0,0x8(%eax)
0x08048e51 <+187>: mov $0x0,%esi
0x08048e56 <+192>: mov 0x8(%ebx),%eax
0x08048e59 <+195>: mov (%ebx),%edx
0x08048e5b <+197>: cmp (%eax),%edx
0x08048e5d <+199>: jle 0x8048e64 <phase_6+206>
0x08048e5f <+201>: call 0x80493c1 <explode_bomb>
0x08048e64 <+206>: mov 0x8(%ebx),%ebx
0x08048e67 <+209>: add $0x1,%esi
0x08048e6a <+212>: cmp $0x5,%esi
0x08048e6d <+215>: jne 0x8048e56 <phase_6+192>
0x08048e6f <+217>: add $0x5c,%esp
0x08048e72 <+220>: pop %ebx
0x08048e73 <+221>: pop %esi
0x08048e74 <+222>: pop %edi
0x08048e75 <+223>: pop %ebp
0x08048e76 <+224>: ret
See Question&Answers more detail:
os 
