0x401050 : push %ebp 0x401051 : mov %esp,%ebp 0x401053 : sub $0xc,%esp 0x401056 : mov 0x8(%ebp),%eax 0x401059 : add $0x4,%eax 0x40105c : mov %eax,0xfffffffc(%ebp) 0x40105f : mov 0x8(%ebp),%eax 0x401062 : imul 0xc(%ebp),%eax 0x401066 : mov %eax,0xfffffff8(%ebp) 0x401069 : mov 0xc(%ebp),%edx 0x40106c : mov 0x8(%ebp),%eax 0x40106f : sub %edx,%eax 0x401071 : mov %eax,0xfffffff4(%ebp) 0x401074 : mov 0xfffffff8(%ebp),%eax 0x401077 : add 0xfffffffc(%ebp),%eax 0x40107a : add 0xfffffff4(%ebp),%eax 0x40107d : leave 0x40107e : ret 0x401089 : push %ebp 0x40108a : mov %esp,%ebp 0x40108c : sub $0x18,%esp 0x40108f : and $0xfffffff0,%esp 0x401092 : mov $0x0,%eax 0x401097 : mov %eax,0xfffffff0(%ebp) 0x40109a : mov 0xfffffff0(%ebp),%eax 0x40109d : call 0x401420 <_alloca> 0x4010a2 : call 0x4014b0 <__main> 0x4010a7 : mov 0xc(%ebp),%eax 0x4010aa : add $0x4,%eax 0x4010ad : mov (%eax),%eax 0x4010af : mov %eax,(%esp) 0x4010b2 : call 0x4014d0 0x4010b7 : mov %eax,0xfffffffc(%ebp) 0x4010ba : mov 0xc(%ebp),%eax 0x4010bd : add $0x8,%eax 0x4010c0 : mov (%eax),%eax 0x4010c2 : mov %eax,(%esp) 0x4010c5 : call 0x4014d0 0x4010ca : mov %eax,0xfffffff8(%ebp)
0x4010cd : mov 0xfffffff8(%ebp),%eax 0x4010d0 : inc %eax 0x4010d1 : mov %eax,0x4(%esp) 0x4010d5 : mov 0xfffffffc(%ebp),%eax 0x4010d8 : add $0x2,%eax 0x4010db : mov %eax,(%esp) 0x4010de : call 0x401050 0x4010e3 : mov %eax,0xfffffff4(%ebp) 0x4010e6 : mov 0xfffffff4(%ebp),%eax 0x4010e9 : mov %eax,0x4(%esp) 0x4010ed : movl $0x40107f,(%esp) 0x4010f4 : call 0x4014c0 0x4010f9 : mov $0x0,%eax 0x4010fe : leave 0x4010ff : ret
This program is invoked from the command line as shown:
./program 5 7
The procedure named what is called from main, and returns to main with the value:
Question 12 options:
|
|||
|
|||
|
|||
|
We need at least 10 more requests to produce the answer.
0 / 10 have requested this problem solution
The more requests, the faster the answer.
0x401050 : push %ebp 0x401051 : mov %esp,%ebp 0x401053 : sub $0xc,%esp 0x401056 : mov 0x8(%ebp),%eax...
And also when recursive(5).
Consider the following funtion int recursive(int n) f The assembly code equivalent of the above function is: recursive push %ebp mov %esp,%ebp push %ebx sub $0x14,%esp cmpl $0x1,0x8(%ebp) je L1 cmpl $0x2,0x8(%ebp) jne L2 L1 mov 0x8 (%ebp),%eax jmp L3 L2 mov 0x8 (%ebp),%eax sub $0x1,%eax mov %eax, (%esp call recursive mov %eax,%ebx mov ox8(%ebp),%eax sub $0x2,%eax mov %eax, (%esp call recursive imul %ebx,%eax L3 add $0x14,%esp pop %ebx pop %ebp ret
When using objdump to disassemble the binary, how to find what the address of a specific function is? For example, 08048934 <function2>: 8048934: 55 push ebp 8048935: 89 e5 mov ebp,esp 8048937: 53 push ebx 8048938: 83 ec 04 sub esp,0x4 804893b: e8 1f 00 00 00 call 804895f <__x86.get_pc_thunk.ax> 8048940: 05 c0 06 09 00 add eax,0x906c0 8048945: 83 ec 0c sub esp,0xc 8048948: 8d 90 70 31 fd ff lea edx,[eax-0x2ce90] 804894e: 52 push edx 804894f: 89 c3...
Below is the disassembled code. PLease help me to defuse the binary bomb phase_4 so the right input should be 6 numbers with a certain pattern 08048cdb <phase_4>: 8048cdb: 53 push %ebx 8048cdc: 83 ec 38 sub $0x38,%esp 8048cdf: 8d 44 24 18 lea 0x18(%esp),%eax 8048ce3: 89 44 24 04 mov %eax,0x4(%esp) 8048ce7: 8b 44 24 40 mov 0x40(%esp),%eax 8048ceb: 89 04 24 mov %eax,(%esp) 8048cee: e8 11 07 00 00 call 8049404 <read_six_numbers> 8048cf3: 83 7c 24 18 00 cmpl...
Below is the disassembled code. PLease help me to defuse the binary bomb phase_7 08048e88 <phase_7>: 8048e88: 83 ec 2c sub $0x2c,%esp 8048e8b: 8d 44 24 18 lea 0x18(%esp),%eax 8048e8f: 89 44 24 0c mov %eax,0xc(%esp) 8048e93: 8d 44 24 1c lea 0x1c(%esp),%eax 8048e97: 89 44 24 08 mov %eax,0x8(%esp) 8048e9b: c7 44 24 04 61 a6 04 movl $0x804a661,0x4(%esp) 8048ea2: 08 8048ea3: 8b 44 24 30 mov 0x30(%esp),%eax 8048ea7: 89 04 24 mov %eax,(%esp) 8048eaa: e8 c1 f9 ff...
Binary Bomb phase 4 Dump of assembler code for function phase_4: > 0x0000000000400fe7 <+0>: sub $0x18,%rsp 0x0000000000400feb <+4>: lea 0x8(%rsp),%rcx 0x0000000000400ff0 <+9>: lea 0xc(%rsp),%rdx 0x0000000000400ff5 <+14>: mov $0x40290d,%esi 0x0000000000400ffa <+19>: mov $0x0,%eax 0x0000000000400fff <+24>: callq 0x400c00 <__isoc99_sscanf@plt> 0x0000000000401004 <+29>: cmp $0x2,%eax 0x0000000000401007 <+32>: jne 0x401010 <phase_4+41> 0x0000000000401009 <+34>: cmpl $0xe,0xc(%rsp) 0x000000000040100e <+39>: jbe 0x401015 <phase_4+46> 0x0000000000401010 <+41>: callq 0x401662 <explode_bomb> 0x0000000000401015 <+46>: mov $0xe,%edx 0x000000000040101a <+51>: mov $0x0,%esi...
Write full code in microsoft virtual studio ASM only
Remember to use step into when tracing a procure's call Convention el proc program mple1 Problem 2: Write and run the following program. Will the program crash? Why? push 6 push 5 call addtwo add esp,4 comment this line and see what happen ret example1 endp C Calling Convention main proc call example1 add al, 1 invoke ExitProcess, e main endp addtwo proc push ebp mov ebp,esp mov eax, [ebp+12] add...
I need to reverse engineer from machine code to C, how do I do it?This problem will give you a chance to reverse engineer a switch statement frommachine code. In the following procedure, the body of the switch statement hasbeen removed:1 int switch_prob(int x, int n)2 {3 int result = x;45 switch(n) {67 /* Fill in code here */8 }910 return result;11 }Figure 3.44 shows the disassembled machine code for the procedure. We cansee in lines 4 and 5 that...
I need help finding the input that wont result in explode_bomb in this assembly 08048cd3 <phase_4>: 8048cd3: 57 push %edi 8048cd4: 56 push %esi 8048cd5: 53 push %ebx 8048cd6: 83 ec 10 sub $0x10,%esp 8048cd9: 8b 74 24 20 mov 0x20(%esp),%esi 8048cdd: 89 34 24 mov %esi,(%esp) 8048ce0: e8 f6 03 00 00 call 80490db <string_length> 8048ce5: 83 c0 01 add $0x1,%eax 8048ce8: 89 04 24 mov %eax,(%esp) 8048ceb: e8 10 fb ff ff call 8048800 <malloc@plt> 8048cf0: 89 c7...
9. Consider the code below. At the location indicated by “RIGHT HERE”, what does the stack currently look like? Please draw a picture. Where will ESP and EBP currently be pointing? Add these pointers to your picture. main: push 13 push 17 call func_a add esp, 8 ret func_a: push ebp mov ebp, esp sub esp, 12 mov DWORD [ebp – 4], 19 mov DWORD [ebp – 8], 23 ; <-- RIGHT HERE. Draw a picture ; What does the...
You are charged with maintaining a large C rogram and you come across the following code typedef struct int left a-struct a [CNT] int right b-struct; void testlint i, b-struct *bp) int n bp- left bp-rights a-struct ap &bp- ali] ap- Cap- idx] n; The declaration of the compile time constant CNT and the structure a struct are in a file for which you don't have necessary access privilege. Fortunately you have a copy of the o' version of code,...