# Debugging bomb program

• 05-25-2009
Mike_Smith
Debugging bomb program
So I've been given an assignment that acts like a bomb with 6 phases to it. At each phase you are prompted to enter something that the program is looking for. If you enter correctly the program continues, if not the bomb explodes. So I've gotten the first two which were short sentences and now I'm on the third which is asking for 6 integers. My thoughts were to set the break point at the compare statement(0x080488df ) and then run the program entering 6 random integers. Then I would print eax and edx and would see the numbers I entered along with the numbers that should be entered. However my idea is incorrect as I'm not getting what I'm looking for. So if my example string is 1 2 3 4 5 6 my print statements are the following.

print \$eax = 4
print \$edx = 1

Basically what's happening is that edx looks right but eax is not the correct number. Eax is always the fourth number I enter. For example:

1 2 3 5 6 7

print \$eax = 5
print \$edx = 1

So I'm lost and looking for help on how to find the first integer. I think I can take it from there. Any help is appreciated. Disassembled code below.

0x080488a6 <phase_3+0>: push %ebp
0x080488a7 <phase_3+1>: mov %esp,%ebp
0x080488a9 <phase_3+3>: sub \$0x28,%esp
0x080488ac <phase_3+6>: movl \$0x0,0xfffffffc(%ebp)
0x080488b3 <phase_3+13>: lea 0xffffffe0(%ebp),%eax
0x080488b6 <phase_3+16>: mov %eax,0x4(%esp)
0x080488ba <phase_3+20>: mov 0x8(%ebp),%eax
0x080488bd <phase_3+23>: mov %eax,(%esp)
0x080488c5 <phase_3+31>: movl \$0x0,0xfffffff8(%ebp)
0x080488cc <phase_3+38>: jmp 0x80488f6 <phase_3+80>
0x080488ce <phase_3+40>: mov 0xfffffff8(%ebp),%eax
0x080488d1 <phase_3+43>: mov 0xffffffe0(%ebp,%eax,4),%edx
0x080488d5 <phase_3+47>: mov 0xfffffff8(%ebp),%eax
0x080488db <phase_3+53>: mov 0xffffffe0(%ebp,%eax,4),%eax
0x080488df <phase_3+57>: cmp %eax,%edx
0x080488e1 <phase_3+59>: je 0x80488e8 <phase_3+66>
0x080488e3 <phase_3+61>: call 0x804906c <explode_bomb>
0x080488e8 <phase_3+66>: mov 0xfffffff8(%ebp),%eax
0x080488eb <phase_3+69>: mov 0xffffffe0(%ebp,%eax,4),%eax
0x080488f6 <phase_3+80>: cmpl \$0x2,0xfffffff8(%ebp)
0x080488fa <phase_3+84>: jle 0x80488ce <phase_3+40>
0x080488fc <phase_3+86>: cmpl \$0x0,0xfffffffc(%ebp)
0x08048900 <phase_3+90>: jne 0x8048907 <phase_3+97>
0x08048902 <phase_3+92>: call 0x804906c <explode_bomb>
0x08048907 <phase_3+97>: leave
0x08048908 <phase_3+98>: ret
• 05-25-2009
Mike_Smith
nvm...got it
• 10-25-2010
warsame
how did you solve phase_
3, please give me some hints i am really stuck on finding the first integer in phase_3
• 10-25-2010
Salem
Bumping a thread over a year old - see the rules.