Dump of assembler code for function phase_3: 0x08048e67 <phase_3+0>: push %ebp 0

Question

Dump of assembler code for function phase_3:
0x08048e67 <phase_3+0>: push %ebp
0x08048e68 <phase_3+1>: mov %esp,%ebp
0x08048e6a <phase_3+3>: sub $0x28,%esp
0x08048e6d <phase_3+6>: lea -0x8(%ebp),%eax
0x08048e70 <phase_3+9>: mov %eax,0xc(%esp)
0x08048e74 <phase_3+13>: lea -0x4(%ebp),%eax
0x08048e77 <phase_3+16>: mov %eax,0x8(%esp)
0x08048e7b <phase_3+20>: movl $0x804a38a,0x4(%esp)
0x08048e83 <phase_3+28>: mov 0x8(%ebp),%eax
0x08048e86 <phase_3+31>: mov %eax,(%esp)
0x08048e89 <phase_3+34>: call 0x8048884 <sscanf@plt>
0x08048e8e <phase_3+39>: cmp $0x1,%eax
0x08048e91 <phase_3+42>: jg 0x8048e98 <phase_3+49>
0x08048e93 <phase_3+44>: call 0x8049165 <explode_bomb>
0x08048e98 <phase_3+49>: cmpl $0x7,-0x4(%ebp)
0x08048e9c <phase_3+53>: lea 0x0(%esi,%eiz,1),%esi
0x08048ea0 <phase_3+57>: ja 0x8048f02 <phase_3+155>
0x08048ea2 <phase_3+59>: mov -0x4(%ebp),%eax
0x08048ea5 <phase_3+62>: jmp *0x804a2c0(,%eax,4)
0x08048eac <phase_3+69>: mov $0x0,%eax
0x08048eb1 <phase_3+74>: jmp 0x8048efd <phase_3+150>
0x08048eb3 <phase_3+76>: mov $0x0,%eax
---Type <return> to continue, or q <return> to quit---
0x08048eb8 <phase_3+81>: jmp 0x8048efa <phase_3+147>
0x08048eba <phase_3+83>: mov $0x0,%eax
0x08048ebf <phase_3+88>: nop
0x08048ec0 <phase_3+89>: jmp 0x8048ef7 <phase_3+144>
0x08048ec2 <phase_3+91>: mov $0x0,%eax
0x08048ec7 <phase_3+96>: jmp 0x8048ef4 <phase_3+141>
0x08048ec9 <phase_3+98>: mov $0x0,%eax
0x08048ece <phase_3+103>: xchg %ax,%ax
0x08048ed0 <phase_3+105>: jmp 0x8048ef1 <phase_3+138>
0x08048ed2 <phase_3+107>: mov $0x0,%eax
0x08048ed7 <phase_3+112>: jmp 0x8048eec <phase_3+133>
0x08048ed9 <phase_3+114>: mov $0x1c3,%eax
0x08048ede <phase_3+119>: xchg %ax,%ax
0x08048ee0 <phase_3+121>: jmp 0x8048ee7 <phase_3+128>
0x08048ee2 <phase_3+123>: mov $0x0,%eax
0x08048ee7 <phase_3+128>: sub $0xf5,%eax
0x08048eec <phase_3+133>: add $0x22c,%eax
0x08048ef1 <phase_3+138>: sub $0x39,%eax
0x08048ef4 <phase_3+141>: add $0x39,%eax
0x08048ef7 <phase_3+144>: sub $0x39,%eax
0x08048efa <phase_3+147>: add $0x39,%eax
0x08048efd <phase_3+150>: sub $0x39,%eax
0x08048f00 <phase_3+153>: jmp 0x8048f0c <phase_3+165>
---Type <return> to continue, or q <return> to quit---
0x08048f02 <phase_3+155>: call 0x8049165 <explode_bomb>
0x08048f07 <phase_3+160>: mov $0x0,%eax
0x08048f0c <phase_3+165>: cmpl $0x5,-0x4(%ebp)
0x08048f10 <phase_3+169>: jg 0x8048f17 <phase_3+176>
0x08048f12 <phase_3+171>: cmp -0x8(%ebp),%eax
0x08048f15 <phase_3+174>: je 0x8048f1c <phase_3+181>
0x08048f17 <phase_3+176>: call 0x8049165 <explode_bomb>
0x08048f1c <phase_3+181>: leave
0x08048f1d <phase_3+182>: lea 0x0(%esi),%esi
0x08048f20 <phase_3+185>: ret
End of assembler dump.
(gdb) stepi

Explanation / Answer

Ok, without having access to the bomb, I don't think I can figure out the address for the conditional case to figure out the solution. You need to run gdb on the bomb. Set break point at the line 0x08048ea5 : jmp *0x804a2c0(,%eax,4) (break phase_3+62) Let your program run. When it asks for input, enter '3' and '56'. When it stops at the break point you set, type 'display/i $eip' to display the next line. Then type 'stepi' into gdb to execute one more line. Then you want to do 'p/x $pc' and 'p/x $eax' and write down the two values of these registers (program counter and eax). So, in short, unless you can figure out the problem yourself, I'll need to know where your program will jump to (and the two registers) after the line 0x08048ea5 : jmp *0x804a2c0(,%eax,4) when you use input '3 56'.

Related Questions

Navigate

• Browse (All)
• Browse D
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.