New binary bomb help

**uscuba2** · 05-22-2009

I know am I looking for a int and har and a int again. I am not sure break I need to to break or what mozbl or movb is?

Code:

Dump of assembler code for function phase_4:
0x08048909 <phase_4+0>: push   %ebp
0x0804890a <phase_4+1>: mov    %esp,%ebp
0x0804890c <phase_4+3>: sub    $0x38,%esp
0x0804890f <phase_4+6>: movl   $0x0,0xfffffff8(%ebp)
0x08048916 <phase_4+13>:        lea    0xfffffff0(%ebp),%eax
0x08048919 <phase_4+16>:        mov    %eax,0x10(%esp)
0x0804891d <phase_4+20>:        lea    0xffffffef(%ebp),%eax
0x08048920 <phase_4+23>:        mov    %eax,0xc(%esp)
0x08048924 <phase_4+27>:        lea    0xfffffff4(%ebp),%eax
0x08048927 <phase_4+30>:        mov    %eax,0x8(%esp)
0x0804892b <phase_4+34>:        movl   $0x80493b0,0x4(%esp) // %d %c %d
0x08048933 <phase_4+42>:        mov    0x8(%ebp),%eax
0x08048936 <phase_4+45>:        mov    %eax,(%esp)
0x08048939 <phase_4+48>:        call   0x80484c0 <sscanf@plt>
0x0804893e <phase_4+53>:        mov    %eax,0xfffffff8(%ebp)
0x08048941 <phase_4+56>:        cmpl   $0x2,0xfffffff8(%ebp)
0x08048945 <phase_4+60>:        jg     0x804894c <phase_4+67>
0x08048947 <phase_4+62>:        call   0x804906c <explode_bomb>
0x0804894c <phase_4+67>:        mov    0xfffffff4(%ebp),%eax
0x0804894f <phase_4+70>:        mov    %eax,0xffffffdc(%ebp)
0x08048952 <phase_4+73>:        cmpl   $0x7,0xffffffdc(%ebp) // cannot be great than  7?
0x08048956 <phase_4+77>:        ja     0x8048a1e <phase_4+277>
0x0804895c <phase_4+83>:        mov    0xffffffdc(%ebp),%edx
0x0804895f <phase_4+86>:        mov    0x80493bc(,%edx,4),%eax // being  of the array
0x08048966 <phase_4+93>:        jmp    *%eax // indirect jump
0x08048968 <phase_4+95>:        movb   $0x71,0xffffffff(%ebp)
0x0804896c <phase_4+99>:        mov    0xfffffff0(%ebp),%eax
0x0804896f <phase_4+102>:       cmp    $0x309,%eax
0x08048974 <phase_4+107>:       je     0x8048a27 <phase_4+286>
0x0804897a <phase_4+113>:       call   0x804906c <explode_bomb>
0x0804897f <phase_4+118>:       jmp    0x8048a27 <phase_4+286>
0x08048984 <phase_4+123>:       movb   $0x62,0xffffffff(%ebp)
0x08048988 <phase_4+127>:       mov    0xfffffff0(%ebp),%eax
0x0804898b <phase_4+130>:       cmp    $0xd6,%eax
0x08048990 <phase_4+135>:       je     0x8048a27 <phase_4+286>
0x08048996 <phase_4+141>:       call   0x804906c <explode_bomb>
0x0804899b <phase_4+146>:       jmp    0x8048a27 <phase_4+286>
0x080489a0 <phase_4+151>:       movb   $0x62,0xffffffff(%ebp)
0x080489a4 <phase_4+155>:       mov    0xfffffff0(%ebp),%eax
0x080489a7 <phase_4+158>:       cmp    $0x2f3,%eax
0x080489ac <phase_4+163>:       je     0x8048a27 <phase_4+286>
0x080489ae <phase_4+165>:       call   0x804906c <explode_bomb>
0x080489b3 <phase_4+170>:       jmp    0x8048a27 <phase_4+286>
0x080489b5 <phase_4+172>:       movb   $0x6b,0xffffffff(%ebp)
0x080489b9 <phase_4+176>:       mov    0xfffffff0(%ebp),%eax
0x080489bc <phase_4+179>:       cmp    $0xfb,%eax
0x080489c1 <phase_4+184>:       je     0x8048a27 <phase_4+286>
0x080489c3 <phase_4+186>:       call   0x804906c <explode_bomb>
0x080489c8 <phase_4+191>:       jmp    0x8048a27 <phase_4+286>
0x080489ca <phase_4+193>:       movb   $0x6f,0xffffffff(%ebp) 0x080489d1 <phase_4+200>:       cmp    $0xa0,%eax
0x080489d6 <phase_4+205>:       je     0x8048a27 <phase_4+286>
0x080489d8 <phase_4+207>:       call   0x804906c <explode_bomb>
0x080489dd <phase_4+212>:       jmp    0x8048a27 <phase_4+286>
0x080489df <phase_4+214>:       movb   $0x74,0xffffffff(%ebp)
0x080489e3 <phase_4+218>:       mov    0xfffffff0(%ebp),%eax
0x080489e6 <phase_4+221>:       cmp    $0x1ca,%eax
0x080489eb <phase_4+226>:       je     0x8048a27 <phase_4+286>
0x080489ed <phase_4+228>:       call   0x804906c <explode_bomb>
0x080489f2 <phase_4+233>:       jmp    0x8048a27 <phase_4+286>
0x080489f4 <phase_4+235>:       movb   $0x76,0xffffffff(%ebp)
0x080489f8 <phase_4+239>:       mov    0xfffffff0(%ebp),%eax
0x080489fb <phase_4+242>:       cmp    $0x30c,%eax
0x08048a00 <phase_4+247>:       je     0x8048a27 <phase_4+286>
0x08048a02 <phase_4+249>:       call   0x804906c <explode_bomb>
0x08048a07 <phase_4+254>:       jmp    0x8048a27 <phase_4+286>
0x08048a09 <phase_4+256>:       movb   $0x62,0xffffffff(%ebp)
0x08048a0d <phase_4+260>:       mov    0xfffffff0(%ebp),%eax
0x08048a10 <phase_4+263>:       cmp    $0x20c,%eax
0x08048a15 <phase_4+268>:       je     0x8048a27 <phase_4+286>
0x08048a17 <phase_4+270>:       call   0x804906c <explode_bomb>
0x08048a1c <phase_4+275>:       jmp    0x8048a27 <phase_4+286>
0x08048a1e <phase_4+277>:       movb   $0x78,0xffffffff(%ebp) // break??
0x08048a22 <phase_4+281>:       call   0x804906c <explode_bomb>
0x08048a27 <phase_4+286>:       movzbl 0xffffffef(%ebp),%eax// break?
0x08048a2b <phase_4+290>:       cmp    %al,0xffffffff(%ebp)//  break?
0x08048a2e <phase_4+293>:       je     0x8048a35 <phase_4+300>
0x08048a30 <phase_4+295>:       call   0x804906c <explode_bomb>
0x08048a35 <phase_4+300>:       leave  
0x08048a36 <phase_4+301>:       ret    
0x080489ce <phase_4+197>:       mov    0xfffffff0(%ebp),%eax

(gdb) x/s 0x80493b0
0x80493b0 <__dso_handle+548>:    "%d %c %d"
(gdb) x/a 80493bc
Invalid number "80493bc".
(gdb) x/a 0x80493bc
0x80493bc <__dso_handle+560>:   0x8048968 <phase_4+95>
(gdb) x/10a 0x80493bc
0x80493bc <__dso_handle+560>:   0x8048968 <phase_4+95>  0x8048984 <phase_4+123> 0x80489a0 <phase_4+151> 0x80489b5 <phase_4+172>
0x80493cc <__dso_handle+576>:   0x80489ca <phase_4+193> 0x80489df <phase_4+214> 0x80489f4 <phase_4+235> 0x8048a09 <phase_4+256>
0x80493dc <__dso_handle+592>:   0x4f525245      0x62203a52 // jump table
(gdb)

**Cactus_Hugger** · 05-24-2009

If you do not know, you should look them up. Get yourself a copy of the Intel or AMD reference manuals for x86 processors, they will aid you greatly. I prefer AMD's, personally, it's about half the size and contains the information in a better format. I've uploaded it here.

movzbl or movzb is not a valid instruction, as far as I can tell. What's the byte sequence starting at that opcode? ie, what is the output of:

Code:

x/b 0x08048a27
x/b 0x08048a28
x/b 0x08048a29
x/b 0x08048a2a

**matsp** · 05-24-2009

I'm pretty sure movzbl is the AT&T style of "movzx" where source is 8 bits and destination is 32 bits. Which is usually what happens if you do:

Code:

unsigned char x;
...
int y;
...
y = x;

(Or any other operations when a unsigned char needs to become an integer size).

--
Mats

**uscuba2** · 05-24-2009

Originally Posted by matsp

I'm pretty sure movzbl is the AT&T style of "movzx" where source is 8 bits and destination is 32 bits. Which is usually what happens if you do:

Code:

unsigned char x;
...
int y;
...
y = x;

(Or any other operations when a unsigned char needs to become an integer size).

--
Mats

correct, it the At&T style. It is was unfamilar to me (like most assembly is, since this project is the first exposure I have to assembly.

**uscuba2** · 05-24-2009

Originally Posted by Cactus_Hugger

What's the byte sequence starting at that opcode? ie, what is the output of:

Code:

x/b 0x08048a27  = 0x0f
x/b 0x08048a28 = 0xb6
x/b 0x08048a29   = 0x45
x/b 0x08048a2a = 0xef

what mean? I know that they are hex values but why are these four important?

Thread: New binary bomb help

Thread Tools

Search Thread

Display

New binary bomb help

Similar Threads

binary bomb help

The destructive power of a nuclear bomb

Binary Search Trees Part III

Tutorial review

Request for comments