1

This is for one of my classes. We are given two files. One that contains C code:

guess_two_numbers.c
#include <stdio.h>

void print_error()
{
  printf("\n Oooops, incorrect guess!\n");
  exit(1);
}

int main()
{
  int num1, num2;

  printf("\n Guess my two secret numbers: ");
  scanf("%d %d", &num1, &num2);
  if(num1 > 11)
    print_error();
  if(num2 != num1 + 2)
    print_error();
  printf("\nCongratulations, you've found my two secret numbers!\n");
  return 0;
}

And one that is Assembly Code:

0x08048462 <+0>:     lea    ecx,[esp+0x4]
0x08048466 <+4>:     and    esp,0xfffffff0
0x08048469 <+7>:     push   DWORD PTR [ecx-0x4]
0x0804846c <+10>:    push   ebp
0x0804846d <+11>:    mov    ebp,esp
0x0804846f <+13>:    push   ecx
0x08048470 <+14>:    sub    esp,0x24
0x08048473 <+17>:    mov    DWORD PTR [esp],0x80485c0
0x0804847a <+24>:    call   0x8048360 <printf@plt>
0x0804847f <+29>:    lea    eax,[ebp-0xc]
0x08048482 <+32>:    mov    DWORD PTR [esp+0x8],eax
0x08048486 <+36>:    lea    eax,[ebp-0x8]
0x08048489 <+39>:    mov    DWORD PTR [esp+0x4],eax
0x0804848d <+43>:    mov    DWORD PTR [esp],0x80485e0
0x08048494 <+50>:    call   0x8048350 <scanf@plt>
0x08048499 <+55>:    mov    eax,DWORD PTR [ebp-0x8]
0x0804849c <+58>:    cmp    eax,0xb
0x0804849f <+61>:    jle    0x80484a6 <main+68>
0x080484a1 <+63>:    call   0x8048444 <print_error>
0x080484a6 <+68>:    mov    eax,DWORD PTR [ebp-0x8]
0x080484a9 <+71>:    lea    edx,[eax+0x2]
0x080484ac <+74>:    mov    eax,DWORD PTR [ebp-0xc]
0x080484af <+77>:    cmp    edx,eax
0x080484b1 <+79>:    je     0x80484b8 <main+86>
0x080484b3 <+81>:    call   0x8048444 <print_error>
0x080484b8 <+86>:    mov    DWORD PTR [esp],0x80485e8
0x080484bf <+93>:    call   0x8048370 <puts@plt>
0x080484c4 <+98>:    mov    eax,0x0
0x080484c9 <+103>:   add    esp,0x24
0x080484cc <+106>:   pop    ecx
0x080484cd <+107>:   pop    ebp
0x080484ce <+108>:   lea    esp,[ecx-0x4]
0x080484d1 <+111>:   ret

The question that I was asked was to identify which line/lines in the assembly code that match the secret number/numbers requirement, which are the first secret number is < 11, and the second secret number is within +2 of the first secret number.. Given these files, I said that the line containing the <+58> is one line, as it compares the eax to 0xb, which is 11 in hexademical. I also said that <+71> is also a line that contains it, as it adds +2 to eax to check the second requirement. Is this sufficient or should I add more detail?

Aplet123
  • 33,825
  • 1
  • 29
  • 55
bob jones
  • 11
  • 2
  • Well, if you picked the `cmp` for the first part, then you should also pick the `cmp` for the second one ... but of course it's important what you are comparing and what the required condition is. So maybe say 55-61 for the first and 68-79 for the second. You might want to explain each line. – Jester Nov 09 '20 at 00:31
  • THank you very much. This is what I have wrote. Should I add any more detail?: "From lines <+55> to <+61>, This will give away the first secret number for this part. It compares eax to 0xb, which is 11 in hexadecimal. For the second secret number, it is lines <+68> to <+79>. It will take eax, which is the first secret number at this point, and then make a comparison with edx, which is eax + 2." – bob jones Nov 09 '20 at 00:48
  • Your last sentence is a little confusing. You should reference both numbers in that part. – Jester Nov 09 '20 at 00:50
  • Does this seem better? "We see the LEA instruction, which gives us the value of edx, which is the value of eax +2. We then see the jump if less than instruction which means that if the last compare is less, we jump to print, if else then call the error function." " – bob jones Nov 09 '20 at 01:17
  • That's worse, it no longer mentions either of the two inputs :) I'd say something like "Line 68 loads the value of the first input and 71 increments it by two. Line 77 then compares this with the second input loaded by line 74. Line 79 skips the error function if the two values are equal." – Jester Nov 09 '20 at 01:25
  • Oh wow haha my bad, I guess that is what happens when I try to get too specific XD. And thank you for the suggestion and quick responses! – bob jones Nov 09 '20 at 01:28

0 Answers0