New binary bomb help

This is a discussion on New binary bomb help within the Tech Board forums, part of the Community Boards category; I know am I looking for a int and har and a int again. I am not sure break I ...

  1. #1
    Registered User
    Join Date
    Apr 2009
    Posts
    16

    New binary bomb help

    I know am I looking for a int and har and a int again. I am not sure break I need to to break or what mozbl or movb is?
    Code:
    Dump of assembler code for function phase_4:
    0x08048909 <phase_4+0>: push   %ebp
    0x0804890a <phase_4+1>: mov    %esp,%ebp
    0x0804890c <phase_4+3>: sub    $0x38,%esp
    0x0804890f <phase_4+6>: movl   $0x0,0xfffffff8(%ebp)
    0x08048916 <phase_4+13>:        lea    0xfffffff0(%ebp),%eax
    0x08048919 <phase_4+16>:        mov    %eax,0x10(%esp)
    0x0804891d <phase_4+20>:        lea    0xffffffef(%ebp),%eax
    0x08048920 <phase_4+23>:        mov    %eax,0xc(%esp)
    0x08048924 <phase_4+27>:        lea    0xfffffff4(%ebp),%eax
    0x08048927 <phase_4+30>:        mov    %eax,0x8(%esp)
    0x0804892b <phase_4+34>:        movl   $0x80493b0,0x4(%esp) // %d %c %d
    0x08048933 <phase_4+42>:        mov    0x8(%ebp),%eax
    0x08048936 <phase_4+45>:        mov    %eax,(%esp)
    0x08048939 <phase_4+48>:        call   0x80484c0 <sscanf@plt>
    0x0804893e <phase_4+53>:        mov    %eax,0xfffffff8(%ebp)
    0x08048941 <phase_4+56>:        cmpl   $0x2,0xfffffff8(%ebp)
    0x08048945 <phase_4+60>:        jg     0x804894c <phase_4+67>
    0x08048947 <phase_4+62>:        call   0x804906c <explode_bomb>
    0x0804894c <phase_4+67>:        mov    0xfffffff4(%ebp),%eax
    0x0804894f <phase_4+70>:        mov    %eax,0xffffffdc(%ebp)
    0x08048952 <phase_4+73>:        cmpl   $0x7,0xffffffdc(%ebp) // cannot be great than  7?
    0x08048956 <phase_4+77>:        ja     0x8048a1e <phase_4+277>
    0x0804895c <phase_4+83>:        mov    0xffffffdc(%ebp),%edx
    0x0804895f <phase_4+86>:        mov    0x80493bc(,%edx,4),%eax // being  of the array
    0x08048966 <phase_4+93>:        jmp    *%eax // indirect jump
    0x08048968 <phase_4+95>:        movb   $0x71,0xffffffff(%ebp)
    0x0804896c <phase_4+99>:        mov    0xfffffff0(%ebp),%eax
    0x0804896f <phase_4+102>:       cmp    $0x309,%eax
    0x08048974 <phase_4+107>:       je     0x8048a27 <phase_4+286>
    0x0804897a <phase_4+113>:       call   0x804906c <explode_bomb>
    0x0804897f <phase_4+118>:       jmp    0x8048a27 <phase_4+286>
    0x08048984 <phase_4+123>:       movb   $0x62,0xffffffff(%ebp)
    0x08048988 <phase_4+127>:       mov    0xfffffff0(%ebp),%eax
    0x0804898b <phase_4+130>:       cmp    $0xd6,%eax
    0x08048990 <phase_4+135>:       je     0x8048a27 <phase_4+286>
    0x08048996 <phase_4+141>:       call   0x804906c <explode_bomb>
    0x0804899b <phase_4+146>:       jmp    0x8048a27 <phase_4+286>
    0x080489a0 <phase_4+151>:       movb   $0x62,0xffffffff(%ebp)
    0x080489a4 <phase_4+155>:       mov    0xfffffff0(%ebp),%eax
    0x080489a7 <phase_4+158>:       cmp    $0x2f3,%eax
    0x080489ac <phase_4+163>:       je     0x8048a27 <phase_4+286>
    0x080489ae <phase_4+165>:       call   0x804906c <explode_bomb>
    0x080489b3 <phase_4+170>:       jmp    0x8048a27 <phase_4+286>
    0x080489b5 <phase_4+172>:       movb   $0x6b,0xffffffff(%ebp)
    0x080489b9 <phase_4+176>:       mov    0xfffffff0(%ebp),%eax
    0x080489bc <phase_4+179>:       cmp    $0xfb,%eax
    0x080489c1 <phase_4+184>:       je     0x8048a27 <phase_4+286>
    0x080489c3 <phase_4+186>:       call   0x804906c <explode_bomb>
    0x080489c8 <phase_4+191>:       jmp    0x8048a27 <phase_4+286>
    0x080489ca <phase_4+193>:       movb   $0x6f,0xffffffff(%ebp) 0x080489d1 <phase_4+200>:       cmp    $0xa0,%eax
    0x080489d6 <phase_4+205>:       je     0x8048a27 <phase_4+286>
    0x080489d8 <phase_4+207>:       call   0x804906c <explode_bomb>
    0x080489dd <phase_4+212>:       jmp    0x8048a27 <phase_4+286>
    0x080489df <phase_4+214>:       movb   $0x74,0xffffffff(%ebp)
    0x080489e3 <phase_4+218>:       mov    0xfffffff0(%ebp),%eax
    0x080489e6 <phase_4+221>:       cmp    $0x1ca,%eax
    0x080489eb <phase_4+226>:       je     0x8048a27 <phase_4+286>
    0x080489ed <phase_4+228>:       call   0x804906c <explode_bomb>
    0x080489f2 <phase_4+233>:       jmp    0x8048a27 <phase_4+286>
    0x080489f4 <phase_4+235>:       movb   $0x76,0xffffffff(%ebp)
    0x080489f8 <phase_4+239>:       mov    0xfffffff0(%ebp),%eax
    0x080489fb <phase_4+242>:       cmp    $0x30c,%eax
    0x08048a00 <phase_4+247>:       je     0x8048a27 <phase_4+286>
    0x08048a02 <phase_4+249>:       call   0x804906c <explode_bomb>
    0x08048a07 <phase_4+254>:       jmp    0x8048a27 <phase_4+286>
    0x08048a09 <phase_4+256>:       movb   $0x62,0xffffffff(%ebp)
    0x08048a0d <phase_4+260>:       mov    0xfffffff0(%ebp),%eax
    0x08048a10 <phase_4+263>:       cmp    $0x20c,%eax
    0x08048a15 <phase_4+268>:       je     0x8048a27 <phase_4+286>
    0x08048a17 <phase_4+270>:       call   0x804906c <explode_bomb>
    0x08048a1c <phase_4+275>:       jmp    0x8048a27 <phase_4+286>
    0x08048a1e <phase_4+277>:       movb   $0x78,0xffffffff(%ebp) // break??
    0x08048a22 <phase_4+281>:       call   0x804906c <explode_bomb>
    0x08048a27 <phase_4+286>:       movzbl 0xffffffef(%ebp),%eax// break?
    0x08048a2b <phase_4+290>:       cmp    %al,0xffffffff(%ebp)//  break?
    0x08048a2e <phase_4+293>:       je     0x8048a35 <phase_4+300>
    0x08048a30 <phase_4+295>:       call   0x804906c <explode_bomb>
    0x08048a35 <phase_4+300>:       leave  
    0x08048a36 <phase_4+301>:       ret    
    0x080489ce <phase_4+197>:       mov    0xfffffff0(%ebp),%eax
    
    (gdb) x/s 0x80493b0
    0x80493b0 <__dso_handle+548>:    "%d %c %d"
    (gdb) x/a 80493bc
    Invalid number "80493bc".
    (gdb) x/a 0x80493bc
    0x80493bc <__dso_handle+560>:   0x8048968 <phase_4+95>
    (gdb) x/10a 0x80493bc
    0x80493bc <__dso_handle+560>:   0x8048968 <phase_4+95>  0x8048984 <phase_4+123> 0x80489a0 <phase_4+151> 0x80489b5 <phase_4+172>
    0x80493cc <__dso_handle+576>:   0x80489ca <phase_4+193> 0x80489df <phase_4+214> 0x80489f4 <phase_4+235> 0x8048a09 <phase_4+256>
    0x80493dc <__dso_handle+592>:   0x4f525245      0x62203a52 // jump table
    (gdb)

  2. #2
    int x = *((int *) NULL); Cactus_Hugger's Avatar
    Join Date
    Jul 2003
    Location
    Banks of the River Styx
    Posts
    902
    If you do not know, you should look them up. Get yourself a copy of the Intel or AMD reference manuals for x86 processors, they will aid you greatly. I prefer AMD's, personally, it's about half the size and contains the information in a better format. I've uploaded it here.

    movzbl or movzb is not a valid instruction, as far as I can tell. What's the byte sequence starting at that opcode? ie, what is the output of:
    Code:
    x/b 0x08048a27
    x/b 0x08048a28
    x/b 0x08048a29
    x/b 0x08048a2a
    long time; /* know C? */
    Unprecedented performance: Nothing ever ran this slow before.
    Any sufficiently advanced bug is indistinguishable from a feature.
    Real Programmers confuse Halloween and Christmas, because dec 25 == oct 31.
    The best way to accelerate an IBM is at 9.8 m/s/s.
    recursion (re - cur' - zhun) n. 1. (see recursion)

  3. #3
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    I'm pretty sure movzbl is the AT&T style of "movzx" where source is 8 bits and destination is 32 bits. Which is usually what happens if you do:
    Code:
    unsigned char x;
    ...
    int y;
    ...
    y = x;
    (Or any other operations when a unsigned char needs to become an integer size).

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  4. #4
    Registered User
    Join Date
    Apr 2009
    Posts
    16
    Quote Originally Posted by matsp View Post
    I'm pretty sure movzbl is the AT&T style of "movzx" where source is 8 bits and destination is 32 bits. Which is usually what happens if you do:
    Code:
    unsigned char x;
    ...
    int y;
    ...
    y = x;
    (Or any other operations when a unsigned char needs to become an integer size).

    --
    Mats
    correct, it the At&T style. It is was unfamilar to me (like most assembly is, since this project is the first exposure I have to assembly.

  5. #5
    Registered User
    Join Date
    Apr 2009
    Posts
    16
    Quote Originally Posted by Cactus_Hugger View Post
    What's the byte sequence starting at that opcode? ie, what is the output of:
    Code:
    x/b 0x08048a27  = 0x0f
    x/b 0x08048a28 = 0xb6
    x/b 0x08048a29   = 0x45
    x/b 0x08048a2a = 0xef


    what mean? I know that they are hex values but why are these four important?

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. binary bomb help
    By uscuba2 in forum Tech Board
    Replies: 8
    Last Post: 05-22-2009, 10:04 PM
  2. The destructive power of a nuclear bomb
    By InvariantLoop in forum A Brief History of Cprogramming.com
    Replies: 30
    Last Post: 03-24-2005, 01:46 AM
  3. Binary Search Trees Part III
    By Prelude in forum A Brief History of Cprogramming.com
    Replies: 16
    Last Post: 10-02-2004, 03:00 PM
  4. Tutorial review
    By Prelude in forum A Brief History of Cprogramming.com
    Replies: 11
    Last Post: 03-22-2004, 08:40 PM
  5. Request for comments
    By Prelude in forum A Brief History of Cprogramming.com
    Replies: 15
    Last Post: 01-02-2004, 09:33 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21