0

My assignment is to debug a binary bomb and I am wondering what this line of assembly is doing, specifically with the -0x4(%esi,%ebx,4):

add -0x4(%esi,%ebx,4),%eax

Here is the whole code as well. In it there is a loop which I am trying to figure out.

   0x08048e90 <+0>: push   %ebp
   0x08048e91 <+1>: mov    %esp,%ebp
   0x08048e93 <+3>: push   %esi
   0x08048e94 <+4>: push   %ebx
   0x08048e95 <+5>: sub    $0x30,%esp
   0x08048e98 <+8>: lea    -0x20(%ebp),%eax
   0x08048e9b <+11>:    mov    %eax,0x4(%esp)
   0x08048e9f <+15>:    mov    0x8(%ebp),%eax
   0x08048ea2 <+18>:    mov    %eax,(%esp)
   0x08048ea5 <+21>:    call   0x80493ab <read_six_numbers>
   0x08048eaa <+26>:    cmpl   $0x0,-0x20(%ebp)
   0x08048eae <+30>:    jns    0x8048eb5 <phase_2+37>
   0x08048eb0 <+32>:    call   0x8049351 <explode_bomb>
   0x08048eb5 <+37>:    mov    $0x1,%ebx
   0x08048eba <+42>:    lea    -0x20(%ebp),%esi
   0x08048ebd <+45>:    mov    %ebx,%eax
   0x08048ebf <+47>:    add    -0x4(%esi,%ebx,4),%eax
   0x08048ec3 <+51>:    cmp    %eax,(%esi,%ebx,4)
   0x08048ec6 <+54>:    je     0x8048ecd <phase_2+61>
=> 0x08048ec8 <+56>:    call   0x8049351 <explode_bomb>
   0x08048ecd <+61>:    add    $0x1,%ebx
   0x08048ed0 <+64>:    cmp    $0x6,%ebx
   0x08048ed3 <+67>:    jne    0x8048ebd <phase_2+45>
   0x08048ed5 <+69>:    add    $0x30,%esp
   0x08048ed8 <+72>:    pop    %ebx
   0x08048ed9 <+73>:    pop    %esi
   0x08048eda <+74>:    pop    %ebp
   0x08048edb <+75>:    ret

Edit: I ended up figuring it out. Thank you everyone!

The solution is 1 2 4 7 11 16 which I figured out by analyzing the loop but also by analyzing %eax during the compare statements to see what the value should be.

Xander88
  • 36
  • 1
  • 4
  • http://stackoverflow.com/questions/2883850/what-is-the-meaning-of-mov-r11-r12-1-edx?rq=1 http://stackoverflow.com/questions/14900343/how-does-mov-ebx-eax-4-eax-work?rq=1 – phuclv Mar 04 '15 at 07:33
  • learn [AT&T syntax](http://en.wikibooks.org/wiki/X86_Assembly/GAS_Syntax) first if you want to read this, otherwise [switch to Intel one](http://stackoverflow.com/questions/14878545/what-does-0x4-from-cmp-0x4esi-ebx-assembly-instruction-mean?lq=1) – phuclv Mar 04 '15 at 07:40
  • Thank you for the references, they helped me a bunch! – Xander88 Mar 06 '15 at 08:24
  • See also the [AT&T syntax tag wiki](https://stackoverflow.com/tags/att/info) for more details on the syntax, and links to more docs. – Peter Cordes Nov 18 '17 at 17:44

1 Answers1

2

from Figure 3.3, CSAPP:

+------------+-------------+---------------------------+---------------+
|    Type    |  Form       |   Operand Value           |   Name        |
+------------+-------------+---------------------------+---------------+
| Memory     |Imm(Eb,Ei,s) |M[Imm + R[Eb]+ R[Ei] * s]  |Scaled indexed |
+------------+-------------+---------------------------+---------------+

So the answer is to access the memory position which is the result of value in register %esi plus value in register %edi multipled by 4 and minus 4. and add this value in that memory to register %eax.

Boluny
  • 104
  • 6