I'm working on a project where I have an executable file and the main function to the executable. The executable takes in 6 strings, one at a time, if the string matches what it is accepting then it will request the next string.
The project is to use gdb debugger to go into the program and examine the disassembled functions being used to determine what each string is. I figured out the first one but the second is giving me a problem. Here is the disassembled phase_2 function:
Dump of assembler code for function phase_2:
0x08048bed <phase_2+0>: push %ebp
0x08048bee <phase_2+1>: mov %esp,%ebp
0x08048bf0 <phase_2+3>: push %ebx
0x08048bf1 <phase_2+4>: sub $0x2c,%esp
0x08048bf4 <phase_2+7>: lea 0xffffffd8(%ebp),%eax
0x08048bf7 <phase_2+10>: push %eax
0x08048bf8 <phase_2+11>: pushl 0x8(%ebp)
0x08048bfb <phase_2+14>: call 0x8048f5d <read_six_numbers>
0x08048c00 <phase_2+19>: add $0x10,%esp
0x08048c03 <phase_2+22>: cmpl $0x1,0xffffffd8(%ebp)
0x08048c07 <phase_2+26>: je 0x8048c0e <phase_2+33>
0x08048c09 <phase_2+28>: call 0x8049530 <explode_bomb>
0x08048c0e <phase_2+33>: mov $0x1,%ebx
0x08048c13 <phase_2+38>: lea 0x1(%ebx),%eax
0x08048c16 <phase_2+41>: imul 0xffffffd4(%ebp,%ebx,4),%eax
0x08048c1b <phase_2+46>: cmp %eax,0xffffffd8(%ebp,%ebx,4)
0x08048c1f <phase_2+50>: je 0x8048c26 <phase_2+57>
0x08048c21 <phase_2+52>: call 0x8049530 <explode_bomb>
0x08048c26 <phase_2+57>: inc %ebx
0x08048c27 <phase_2+58>: cmp $0x5,%ebx
0x08048c2a <phase_2+61>: jle 0x8048c13 <phase_2+38>
0x08048c2c <phase_2+63>: mov 0xfffffffc(%ebp),%ebx
---Type <return> to continue, or q <return> to quit---
0x08048c2f <phase_2+66>: leave
0x08048c30 <phase_2+67>: ret
End of assembler dump.
From examining that I need to then disassemble the read_six_numbers function which gives me this:
Dump of assembler code for function read_six_numbers:
0x08048f5d <read_six_numbers+0>: push %ebp
0x08048f5e <read_six_numbers+1>: mov %esp,%ebp
0x08048f60 <read_six_numbers+3>: sub $0x8,%esp
0x08048f63 <read_six_numbers+6>: mov 0xc(%ebp),%edx
0x08048f66 <read_six_numbers+9>: lea 0x14(%edx),%eax
0x08048f69 <read_six_numbers+12>: push %eax
0x08048f6a <read_six_numbers+13>: lea 0x10(%edx),%eax
0x08048f6d <read_six_numbers+16>: push %eax
0x08048f6e <read_six_numbers+17>: lea 0xc(%edx),%eax
0x08048f71 <read_six_numbers+20>: push %eax
0x08048f72 <read_six_numbers+21>: lea 0x8(%edx),%eax
0x08048f75 <read_six_numbers+24>: push %eax
0x08048f76 <read_six_numbers+25>: lea 0x4(%edx),%eax
0x08048f79 <read_six_numbers+28>: push %eax
0x08048f7a <read_six_numbers+29>: push %edx
0x08048f7b <read_six_numbers+30>: push $0x80498d8
0x08048f80 <read_six_numbers+35>: pushl 0x8(%ebp)
0x08048f83 <read_six_numbers+38>: call 0x8048934
0x08048f88 <read_six_numbers+43>: add $0x20,%esp
0x08048f8b <read_six_numbers+46>: cmp $0x5,%eax
0x08048f8e <read_six_numbers+49>: jg 0x8048f95 <read_six_numbers+56>
0x08048f90 <read_six_numbers+51>: call 0x8049530 <explode_bomb>
---Type <return> to continue, or q <return> to quit---
0x08048f95 <read_six_numbers+56>: leave
0x08048f96 <read_six_numbers+57>: ret
I haven't been able to get much of any progress on this, if anyone can help read this and give some suggestions as to where to start it would be greatly appreciated.
on a side note at read_six_numbers+38 where it says: call 0x8048934; disassembling 0x8048934 says there is no function at that address, so what is it calling?
Also at read_six_numbers+30 the function is pushing 0x80498d8 onto the stack, checking the string at 0x80498d8 gives me: 0x80498d8 <_IO_stdin_used+508>: "%d %d %d %d %d %d"
I'm not sure what that means, or if its useful at all.
Thanks in advance if anybody can lend assistance, I will post any updates as I work on this.