I am really stuck on phase 3. Since the 1st and fourth numbers (same for the 2nd & 5th and 3rd and 6th) should be the same numbers to
defuse the 1st bomb,
I confused as to where to begin looking to solve the 2nd bomb. I
assume that
This address
(gdb) print $ebp
$13 = (void *) 0xbf9cd4a8
has something to do with. But as to apply it I not sure. Any you
provide any insight as to what I need to do?
Dump of assembler code for function phase_3:
0x080488a6 <phase_3+0>: push  %ebp
0x080488a7 <phase_3+1>: mov    %esp,%ebp
0x080488a9 <phase_3+3>: sub    $0x28,%esp
0x080488ac <phase_3+6>: movl  $0x0,0xfffffffc(%ebp)
0x080488b3 <phase_3+13>:        lea    0xffffffe0(%ebp),%eax
0x080488b6 <phase_3+16>:        mov    %eax,0x4(%esp)
0x080488ba <phase_3+20>:        mov    0x8(%ebp),%eax
0x080488bd <phase_3+23>:        mov    %eax,(%esp)
0x080488c0 <phase_3+26>:        call  0x8048dac <read_six_numbers>
0x080488c5 <phase_3+31>:        movl  $0x0,0xfffffff8(%ebp)
0x080488cc <phase_3+38>:        jmp    0x80488f6 <phase_3+80>
0x080488ce <phase_3+40>:        mov    0xfffffff8(%ebp),%eax
0x080488d1 <phase_3+43>:        mov    0xffffffe0(%ebp,%eax,4),%edx
0x080488d5 <phase_3+47>:        mov    0xfffffff8(%ebp),%eax
0x080488d8 <phase_3+50>:        add    $0x3,%eax
0x080488db <phase_3+53>:        mov    0xffffffe0(%ebp,%eax,4),%eax
0x080488df <phase_3+57>:        cmp    %eax,%edx
0x080488e1 <phase_3+59>:        je    0x80488e8 <phase_3+66>
0x080488e3 <phase_3+61>:        call  0x804906c <explode_bomb>
0x080488e8 <phase_3+66>:        mov    0xfffffff8(%ebp),%eax
0x080488eb <phase_3+69>:        mov    0xffffffe0(%ebp,%eax,4),%eax
0x080488ef <phase_3+73>:        add    %eax,0xfffffffc(%ebp)
0x080488f2 <phase_3+76>:        addl  $0x1,0xfffffff8(%ebp)
0x080488f6 <phase_3+80>:        cmpl  $0x2,0xfffffff8(%ebp)
0x080488fa <phase_3+84>:        jle    0x80488ce <phase_3+40>
0x080488fc <phase_3+86>:        cmpl  $0x0,0xfffffffc(%ebp)
0x08048900 <phase_3+90>:        jne    0x8048907 <phase_3+97>
0x08048902 <phase_3+92>:        call  0x804906c <explode_bomb>
0x08048907 <phase_3+97>:        leave
0x08048908 <phase_3+98>:        ret
End of assembler dump.
That's number 2.  Keep going!
6 9 12 6 9 12

Breakpoint 1, 0x080488df in phase_3 ()
(gdb) cont
Continuing.

Breakpoint 1, 0x080488df in phase_3 ()
(gdb) cont
Continuing.

Breakpoint 1, 0x080488df in phase_3 ()
(gdb) cont
Continuing.
Halfway there!
cont

BOOM!!!
The bomb has blown up.

Program exited with code 010.
(gdb)
Posted on 2009-05-21 08:43:01 by uscuba2