I'm trying to get the answer for one of those binary bombs. This is for school so please just help point me in the correct direction, I believe I am close to solving the puzzle.
Here's the piece of assembly I'm stuck on:
0x080485e9 <+127>: call 0x8048400 <strtol@plt>
0x080485ee <+132>: cmp %eax,0x80498d4(,%ebx,4)
0x080485f5 <+139>: je 0x80485fc <main+146>
0x080485f7 <+141>: call 0x8048540 <bomb>
0x080485fc <+146>: add $0x1,%ebx
So I need to avoid the method call for the bomb, or else it will explode! This means that the statement cmp %eax,0x80498d4(,%ebx,4)
must set the zero flag and %eax
must be equal to 0x80498d4(,%ebx,4)
.
'%eax'
Ends up becoming the input from the first line of a file I'm reading into the program. I have verified this in gdb.
I ran a print statement in gdb to see what the value of the second argument in cmp was so I could then equate it with %eax
.
I ran:
print (0x80498d4 + $ebx*4)
in gdb which resulted in $1 = 134519000
.
So I then plugged in the above to my input so I could get:
(gdb) print $eax
$2 = 134519000
Now both cmp arguments seemingly have the same value according to gdp, but the je
jump if equal flag is still not evaluating to true and the <bomb>
function is still being called.
Any pointers and help would be greatly appreciated, thanks!