I was wondering if you guys could offer me some advice and help on how to proceed - not answers- for a homework problem I am attempting. I am currently working on a "bomb" project in which I progress through stages by discovering passwords or phrases using the gdb debugger to analyze assembly code. I was able to easily complete stages 1-3, but am having a bit of trouble with stage 4. Here is the assembly for this stage:
   0x08048d6d <+0>:     sub    $0x2c,%esp
   0x08048d70 <+3>:     lea    0x1c(%esp),%eax
   0x08048d74 <+7>:     mov    %eax,0xc(%esp)
   0x08048d78 <+11>:    lea    0x18(%esp),%eax
   0x08048d7c <+15>:    mov    %eax,0x8(%esp)
   0x08048d80 <+19>:    movl   $0x804a5d1,0x4(%esp) ;%d, %d
   0x08048d88 <+27>:    mov    0x30(%esp),%eax
   0x08048d8c <+31>:    mov    %eax,(%esp)
   0x08048d8f <+34>:    call   0x8048850 <__isoc99_sscanf@plt>
   0x08048d94 <+39>:    cmp    $0x2,%eax
   0x08048d97 <+42>:    jne    0x8048da5 
   0x08048d99 <+44>:    mov    0x1c(%esp),%eax
   0x08048d9d <+48>:    sub    $0x2,%eax
   0x08048da0 <+51>:    cmp    $0x2,%eax
   0x08048da3 <+54>:    jbe    0x8048daa 
   0x08048da5 <+56>:    call   0x80492f5 
   0x08048daa <+61>:    mov    0x1c(%esp),%eax
   0x08048dae <+65>:    mov    %eax,0x4(%esp)
   0x08048db2 <+69>:    movl   $0x8,(%esp)
   0x08048db9 <+76>:    call   0x8048d23 
   0x08048dbe <+81>:    cmp    0x18(%esp),%eax
   0x08048dc2 <+85>:    je     0x8048dc9 
   0x08048dc4 <+87>:    call   0x80492f5 
   0x08048dc9 <+92>:    add    $0x2c,%esp
   0x08048dcc <+95>:    ret
From what I have looked at so far, it looks like this phase accepts two decimals (line 19), the second one must be less than or equal to 4, but greater than 1 (lines 48, 51, 54). Another important aspect to this problem is the inclusion of a recursive "func4" which is as follows:
   0x08048d23 <+0>:     push   %edi
   0x08048d24 <+1>:     push   %esi
   0x08048d25 <+2>:     push   %ebx
   0x08048d26 <+3>:     sub    $0x10,%esp
   0x08048d29 <+6>:     mov    0x20(%esp),%ebx
   0x08048d2d <+10>:    mov    0x24(%esp),%esi
   0x08048d31 <+14>:    test   %ebx,%ebx
   0x08048d33 <+16>:    jle    0x8048d61 
   0x08048d35 <+18>:    mov    %esi,%eax
   0x08048d37 <+20>:    cmp    $0x1,%ebx
   0x08048d3a <+23>:    je     0x8048d66 
   0x08048d3c <+25>:    mov    %esi,0x4(%esp)
   0x08048d40 <+29>:    lea    -0x1(%ebx),%eax
   0x08048d43 <+32>:    mov    %eax,(%esp)
   0x08048d46 <+35>:    call   0x8048d23 
   0x08048d4b <+40>:    lea    (%eax,%esi,1),%edi
   0x08048d4e <+43>:    mov    %esi,0x4(%esp)
   0x08048d52 <+47>:    sub    $0x2,%ebx
   0x08048d55 <+50>:    mov    %ebx,(%esp)
   0x08048d58 <+53>:    call   0x8048d23 
   0x08048d5d <+58>:    add    %edi,%eax
   0x08048d5f <+60>:    jmp    0x8048d66 
   0x08048d61 <+62>:    mov    $0x0,%eax
   0x08048d66 <+67>:    add    $0x10,%esp
   0x08048d69 <+70>:    pop    %ebx
   0x08048d6a <+71>:    pop    %esi
   0x08048d6b <+72>:    pop    %edi
   0x08048d6c <+73>:    ret
This function is where I am having the most trouble...I am totally clueless as to what it does. All I think I know is that it accepts my second input value as an argument, alters in some way and finally compares it to the value 0x18(%esp) (line 81 in the first section)
The project is not due until later this week, but I would really rather have a better understanding of this material asap as right now I am a little lost.Thank you guys for your time.