I was wondering if you guys could offer me some advice and help on how to proceed - not answers- for a homework problem I am attempting. I am currently working on a "bomb" project in which I progress through stages by discovering passwords or phrases using the gdb debugger to analyze assembly code. I was able to easily complete stages 1-3, but am having a bit of trouble with stage 4. Here is the assembly for this stage:
0x08048d6d <+0>: sub $0x2c,%esp
0x08048d70 <+3>: lea 0x1c(%esp),%eax
0x08048d74 <+7>: mov %eax,0xc(%esp)
0x08048d78 <+11>: lea 0x18(%esp),%eax
0x08048d7c <+15>: mov %eax,0x8(%esp)
0x08048d80 <+19>: movl $0x804a5d1,0x4(%esp) ;%d, %d
0x08048d88 <+27>: mov 0x30(%esp),%eax
0x08048d8c <+31>: mov %eax,(%esp)
0x08048d8f <+34>: call 0x8048850 <__isoc99_sscanf@plt>
0x08048d94 <+39>: cmp $0x2,%eax
0x08048d97 <+42>: jne 0x8048da5
0x08048d99 <+44>: mov 0x1c(%esp),%eax
0x08048d9d <+48>: sub $0x2,%eax
0x08048da0 <+51>: cmp $0x2,%eax
0x08048da3 <+54>: jbe 0x8048daa
0x08048da5 <+56>: call 0x80492f5
0x08048daa <+61>: mov 0x1c(%esp),%eax
0x08048dae <+65>: mov %eax,0x4(%esp)
0x08048db2 <+69>: movl $0x8,(%esp)
0x08048db9 <+76>: call 0x8048d23
0x08048dbe <+81>: cmp 0x18(%esp),%eax
0x08048dc2 <+85>: je 0x8048dc9
0x08048dc4 <+87>: call 0x80492f5
0x08048dc9 <+92>: add $0x2c,%esp
0x08048dcc <+95>: ret
From what I have looked at so far, it looks like this phase accepts two decimals (line 19), the second one must be less than or equal to 4, but greater than 1 (lines 48, 51, 54). Another important aspect to this problem is the inclusion of a recursive "func4" which is as follows:
0x08048d23 <+0>: push %edi
0x08048d24 <+1>: push %esi
0x08048d25 <+2>: push %ebx
0x08048d26 <+3>: sub $0x10,%esp
0x08048d29 <+6>: mov 0x20(%esp),%ebx
0x08048d2d <+10>: mov 0x24(%esp),%esi
0x08048d31 <+14>: test %ebx,%ebx
0x08048d33 <+16>: jle 0x8048d61
0x08048d35 <+18>: mov %esi,%eax
0x08048d37 <+20>: cmp $0x1,%ebx
0x08048d3a <+23>: je 0x8048d66
0x08048d3c <+25>: mov %esi,0x4(%esp)
0x08048d40 <+29>: lea -0x1(%ebx),%eax
0x08048d43 <+32>: mov %eax,(%esp)
0x08048d46 <+35>: call 0x8048d23
0x08048d4b <+40>: lea (%eax,%esi,1),%edi
0x08048d4e <+43>: mov %esi,0x4(%esp)
0x08048d52 <+47>: sub $0x2,%ebx
0x08048d55 <+50>: mov %ebx,(%esp)
0x08048d58 <+53>: call 0x8048d23
0x08048d5d <+58>: add %edi,%eax
0x08048d5f <+60>: jmp 0x8048d66
0x08048d61 <+62>: mov $0x0,%eax
0x08048d66 <+67>: add $0x10,%esp
0x08048d69 <+70>: pop %ebx
0x08048d6a <+71>: pop %esi
0x08048d6b <+72>: pop %edi
0x08048d6c <+73>: ret
This function is where I am having the most trouble...I am totally clueless as to what it does. All I think I know is that it accepts my second input value as an argument, alters in some way and finally compares it to the value 0x18(%esp) (line 81 in the first section)
The project is not due until later this week, but I would really rather have a better understanding of this material asap as right now I am a little lost.Thank you guys for your time.