0
Dump of assembler code for function phase_4:
0x0000000000400fa1 <+0>:     sub    $0x18,%rsp
0x0000000000400fa5 <+4>:     lea    0x8(%rsp),%rcx
0x0000000000400faa <+9>:     lea    0xc(%rsp),%rdx
0x0000000000400faf <+14>:    mov    $0x40278d,%esi
0x0000000000400fb4 <+19>:    mov    $0x0,%eax
0x0000000000400fb9 <+24>:    callq  0x400ba0 <__isoc99_sscanf@plt>
0x0000000000400fbe <+29>:    cmp    $0x2,%eax
0x0000000000400fc1 <+32>:    jne    0x400fca <phase_4+41>
0x0000000000400fc3 <+34>:    cmpl   $0xe,0xc(%rsp)
0x0000000000400fc8 <+39>:    jbe    0x400fcf <phase_4+46>
0x0000000000400fca <+41>:    callq  0x4014e4 <explode_bomb>
0x0000000000400fcf <+46>:    mov    $0xe,%edx
0x0000000000400fd4 <+51>:    mov    $0x0,%esi
0x0000000000400fd9 <+56>:    mov    0xc(%rsp),%edi
0x0000000000400fdd <+60>:    callq  0x400f6e <func4>
0x0000000000400fe2 <+65>:    cmp    $0xa,%eax
0x0000000000400fe5 <+68>:    jne    0x400fee <phase_4+77>
0x0000000000400fe7 <+70>:    cmpl   $0xa,0x8(%rsp)
0x0000000000400fec <+75>:    je     0x400ff3 <phase_4+82>
0x0000000000400fee <+77>:    callq  0x4014e4 <explode_bomb>
0x0000000000400ff3 <+82>:    add    $0x18,%rsp
0x0000000000400ff7 <+86>:    retq   
End of assembler dump.


Dump of assembler code for function func4:
0x0000000000400f6e <+0>:     push   %rbx
0x0000000000400f6f <+1>:     mov    %edx,%eax
0x0000000000400f71 <+3>:     sub    %esi,%eax
0x0000000000400f73 <+5>:     mov    %eax,%ebx
0x0000000000400f75 <+7>:     shr    $0x1f,%ebx
0x0000000000400f78 <+10>:    add    %ebx,%eax
0x0000000000400f7a <+12>:    sar    %eax
0x0000000000400f7c <+14>:    lea    (%rax,%rsi,1),%ebx
0x0000000000400f7f <+17>:    cmp    %edi,%ebx
0x0000000000400f81 <+19>:    jle    0x400f8f <func4+33>
0x0000000000400f83 <+21>:    lea    -0x1(%rbx),%edx
0x0000000000400f86 <+24>:    callq  0x400f6e <func4>
0x0000000000400f8b <+29>:    add    %ebx,%eax
0x0000000000400f8d <+31>:    jmp    0x400f9f <func4+49>
0x0000000000400f8f <+33>:    mov    %ebx,%eax
0x0000000000400f91 <+35>:    cmp    %edi,%ebx
0x0000000000400f93 <+37>:    jge    0x400f9f <func4+49>
0x0000000000400f95 <+39>:    lea    0x1(%rbx),%esi
0x0000000000400f98 <+42>:    callq  0x400f6e <func4>
0x0000000000400f9d <+47>:    add    %ebx,%eax
0x0000000000400f9f <+49>:    pop    %rbx
0x0000000000400fa0 <+50>:    retq   
End of assembler dump.

I have identified that the first argument needs to be within the range 0-14. Also, I have realized that the second argument must be 10 (in decimal). However, I just cannot figure out the first argument. Input: 0 yields 11 in eax after the call to func4. I have tried -1 for the first argument but the test condition does not pass and the explode_bomb is called. Any pointers or tips would be appreciated. Thanks for your time. Cheers.

Jester
  • 56,577
  • 4
  • 81
  • 125
p4p jon jones
  • 1
  • I actually consulted that post before asking my own question. My program essentially does the same thing but the comparison after the return from func4 is different. After doing the calculations myself, I do not understand how the comparison could possibly be with 10 (decimal) or 0xa when the output for input 0 is 11, when 0 is the lowest possible input value. – p4p jon jones Mar 23 '17 at 21:56
  • Nobody said the lowest possible input produces the lowest possible output. The result depends on how many steps it took, since the search terminates once the item is found. Clearly the required input is `3` since the first guess will be `7` then it will be `3`, so the result is `10`. But I thought I explained this quite clearly in the other question. – Jester Mar 23 '17 at 22:55

0 Answers0