So I am working on a Binary Bomb assignment and have gotten stuck. Tried looking at other questions and guides but mine seems to be completely different from what is described in other questions and guides I found on the web.
The phase only takes 2 unsigned ints for input. Here it is disassembled in gdb after being run with 11 2 as input.
Dump of assembler code for function phase_5:
0x08048ccc <+0>: push %ebp
0x08048ccd <+1>: mov %esp,%ebp
0x08048ccf <+3>: push %esi
0x08048cd0 <+4>: push %ebx
=> 0x08048cd1 <+5>: sub $0x20,%esp
0x08048cd4 <+8>: lea -0x10(%ebp),%eax
0x08048cd7 <+11>: mov %eax,0xc(%esp)
0x08048cdb <+15>: lea -0xc(%ebp),%eax
0x08048cde <+18>: mov %eax,0x8(%esp)
0x08048ce2 <+22>: movl $0x8049b0a,0x4(%esp)
0x08048cea <+30>: mov 0x8(%ebp),%eax
0x08048ced <+33>: mov %eax,(%esp)
0x08048cf0 <+36>: call 0x8048788 <__isoc99_sscanf@plt>
0x08048cf5 <+41>: cmp $0x1,%eax
0x08048cf8 <+44>: jg 0x8048cff <phase_5+51>
0x08048cfa <+46>: call 0x80492b6 <explode_bomb>
0x08048cff <+51>: mov -0xc(%ebp),%eax
0x08048d02 <+54>: and $0xf,%eax
0x08048d05 <+57>: mov %eax,-0xc(%ebp)
0x08048d08 <+60>: cmp $0xf,%eax
0x08048d0b <+63>: je 0x8048d36 <phase_5+106>
0x08048d0d <+65>: mov $0x0,%ecx
0x08048d12 <+70>: mov $0x0,%edx
0x08048d17 <+75>: mov $0x8049960,%ebx
0x08048d1c <+80>: add $0x1,%edx
0x08048d1f <+83>: mov (%ebx,%eax,4),%eax
0x08048d22 <+86>: add %eax,%ecx
0x08048d24 <+88>: cmp $0xf,%eax
0x08048d27 <+91>: jne 0x8048d1c <phase_5+80>
0x08048d29 <+93>: mov %eax,-0xc(%ebp)
0x08048d2c <+96>: cmp $0xb,%edx
0x08048d2f <+99>: jne 0x8048d36 <phase_5+106>
0x08048d31 <+101>: cmp -0x10(%ebp),%ecx
0x08048d34 <+104>: je 0x8048d3b <phase_5+111>
0x08048d36 <+106>: call 0x80492b6 <explode_bomb>
0x08048d3b <+111>: add $0x20,%esp
0x08048d3e <+114>: pop %ebx
0x08048d3f <+115>: pop %esi
0x08048d40 <+116>: pop %ebp
0x08048d41 <+117>: ret
For the line 0x08048d17 <+75>: mov $0x8049960,%ebx
I used
x/16b 0x8049960
gdb and it tells me
0x8049960 array.2954: 10 0 0 0 2 0 0 0
0x8049968 array.2954+8: 14 0 0 0 7 0 00
When I go through the program using until until I get to
0x08048d31 <+101>: cmp -0x10(%ebp),%ecx
%edx = 11, %ecx = 82, and %ebp-0x10 = 2 (used print to get values for first two and x/d $ebp-0x10 for last one)
Because 82 != 2 it just goes to call explode_bomb.
From what I understand it is reading in my 2 numbers, making sure I entered 2 at <+41>.
Then it grabs the first number from the array which in this case is 10 and puts it into $eax at +=<+51>. Then it puts eax into -0xc($ebp) at <+57>.
Then it checks to make sure $eax isn't 15 at <+60>, goes on to set $ecx, and $edx to 0. It then passes the pointer to the array to $ebx at <+75>.
Then it enters a loop from <+80> to <+91> but I am not sure what it is really doing. I get that it increments $edx by 1 and the loop is exited when $eax is 15, but I cant figure out how the rest of the stuff works out.
Am I understanding it correctly up to the loop part? And, if someone wouldn't mind explaining what is happening between <+80> and <+91> I would be very grateful.
p.s. Sorry if my formatting is wrong.
See Question&Answers more detail:
os 
