Scribd
Upload
4 views

phase2

Phase 2 involves reading six numbers into an array and verifying them against a specific algorithm. The algorithm requires that each number is equal to the product of its index plus one and the previous number in the sequence. The correct sequence of numbers that satisfies this condition is 1, 2, 6, 24, 120, 720.

Uploaded by

Andrew
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
4 views

phase2

Phase 2 involves reading six numbers into an array and verifying them against a specific algorithm. The algorithm requires that each number is equal to the product of its index plus one and the previous number in the sequence. The correct sequence of numbers that satisfies this condition is 1, 2, 6, 24, 120, 720.

Uploaded by

Andrew
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

===================

Phase 2
===================

Move the breakpoint from commands file to 0x8048a75, the beginning of phase_2.
0x8048a75 <main+197>: call 0x80491fc <read_line>
0x8048a7a <main+202>: add $0xfffffff4,%esp
0x8048a7d <main+205>: push %eax
0x8048a7e <main+206>: call 0x8048b48 <phase_2>

phase_2:
Dump of assembler code for function phase_2:
0x08048b48 <+0>: push ebp
0x08048b49 <+1>: mov ebp,esp
0x08048b4b <+3>: sub esp,0x20
0x08048b4e <+6>: push esi
0x08048b4f <+7>: push ebx
0x08048b50 <+8>: mov edx,DWORD PTR [ebp+0x8]
0x08048b53 <+11>: add esp,0xfffffff8
0x08048b56 <+14>: lea eax,[ebp-0x18]
0x08048b59 <+17>: push eax
0x08048b5a <+18>: push edx
0x08048b5b <+19>: call 0x8048fd8 <read_six_numbers>
0x08048b60 <+24>: add esp,0x10
0x08048b63 <+27>: cmp DWORD PTR [ebp-0x18],0x1
0x08048b67 <+31>: je 0x8048b6e <phase_2+38>
0x08048b69 <+33>: call 0x80494fc <explode_bomb>
0x08048b6e <+38>: mov ebx,0x1 -->set ebx to 0x1
0x08048b73 <+43>: lea esi,[ebp-0x18] --> set esi to the address of the
first element of the array
0x08048b76 <+46>: lea eax,[ebx+0x1] --> set eax to 0x2
0x08048b79 <+49>: imul eax,DWORD PTR [esi+ebx*4-0x4] --> eax = eax *
first number = 0x2
0x08048b7e <+54>: cmp DWORD PTR [esi+ebx*4],eax --> compare eax (0x2)
with the second number
0x08048b81 <+57>: je 0x8048b88 <phase_2+64>
0x08048b83 <+59>: call 0x80494fc <explode_bomb>
0x08048b88 <+64>: inc ebx
0x08048b89 <+65>: cmp ebx,0x5
0x08048b8c <+68>: jle 0x8048b76 <phase_2+46>
0x08048b8e <+70>: lea esp,[ebp-0x28]
0x08048b91 <+73>: pop ebx
0x08048b92 <+74>: pop esi
0x08048b93 <+75>: mov esp,ebp
0x08048b95 <+77>: pop ebp
0x08048b96 <+78>: ret
End of assembler dump.

6 numbers are read from our input, and put in a local array variable.
0x08048b6e <+38>: mov ebx,0x1 -->set ebx to 0x1
0x08048b73 <+43>: lea esi,[ebp-0x18] --> set esi to the address of the
first element of the array
0x08048b76 <+46>: lea eax,[ebx+0x1] --> set eax to 0x2
0x08048b79 <+49>: imul eax,DWORD PTR [esi+ebx*4-0x4] --> eax = eax *
first number = 0x2
0x08048b7e <+54>: cmp DWORD PTR [esi+ebx*4],eax --> compare eax
(0x2) with the second number

After that, ebx is increased, which acts as an index into the numbers array, and we
get back to:
=> 0x8048b76 <phase_2+46>: lea eax,[ebx+0x1] --> ebx is 0x2, sets eax to
0x3
0x8048b79 <phase_2+49>: imul eax,DWORD PTR [esi+ebx*4-0x4] --> eax =
eax * second number = 3*2 = 6
0x8048b7e <phase_2+54>: cmp DWORD PTR [esi+ebx*4],eax --> expects
the third element to be 6
0x8048b81 <phase_2+57>: je 0x8048b88 <phase_2+64>
0x8048b83 <phase_2+59>: call 0x80494fc <explode_bomb>

We figure out that the algorithm is as follows:


v[0] = 1
v[i] = (i+i) * v[i-1]
And so we find the solution of phase 2:
1 2 6 24 120 720

You might also like