0

english is not my first language. I am doing the bomb lab and I am now stuck on the phase 5. I have searched the internet and talked to my friends, and they all have a different phase 5 than me that wants a string. Mine does not want a string.

I have annotated the assembly of the phase 5 assembly code

//we input 2 integers
//the answer = ?  ?
0000000000401096 <phase_5>:                     
  401096:   48 83 ec 18             sub    $0x18,%rsp                //move 0x1 off of %rsp for variables
  40109a:   48 8d 4c 24 08          lea    0x8(%rsp),%rcx           //%rcx = (%rsp + 0x8)
  40109f:   48 8d 54 24 0c          lea    0xc(%rsp),%rdx           //%rdx = (%rsp + 0xc)
  4010a4:   be 0d 28 40 00          mov    $0x40280d,%esi           //looking for 2 integers again!
  4010a9:   b8 00 00 00 00          mov    $0x0,%eax                 //%eax = 0
  4010ae:   e8 7d fb ff ff          callq  400c30 <__isoc99_sscanf@plt> //scan in the input
  4010b3:   83 f8 01                cmp    $0x1,%eax                 //%eax = 1?
  4010b6:   7f 05                   jg     4010bd <phase_5+0x27>    //if %eax > 1, jump to 4010bd (bomb)
  4010b8:   e8 c7 04 00 00          callq  401584 <explode_bomb>    //we explode
  4010bd:   8b 44 24 0c             mov    0xc(%rsp),%eax           //%eax = (%rsp + 0xc) (second integer?)
  4010c1:   83 e0 0f                and    $0xf,%eax                 //%0xf and %eax
  4010c4:   89 44 24 0c             mov    %eax,0xc(%rsp)           //(%rsp + 0xc) = %eax
  4010c8:   83 f8 0f                cmp    $0xf,%eax                 //%eax = 15?
  4010cb:   74 2c                   je     4010f9 <phase_5+0x63>    //if %eax = 15, jump to 4010f9 (bomb)
  4010cd:   b9 00 00 00 00          mov    $0x0,%ecx                 //%ecx = 0
  4010d2:   ba 00 00 00 00          mov    $0x0,%edx                 //%edx = 0
  4010d7:   83 c2 01                add    $0x1,%edx                 //%edx += 1
  4010da:   48 98                   cltq                             //???
  4010dc:   8b 04 85 80 25 40 00    mov    0x402580(,%rax,4),%eax    //???
  4010e3:   01 c1                   add    %eax,%ecx                //%eax += %eax
  4010e5:   83 f8 0f                cmp    $0xf,%eax                 //%eax = 15?
  4010e8:   75 ed                   jne    4010d7 <phase_5+0x41>    //if %eax != 15, jump to 4010d7   //loop until %eax = 15
  4010ea:   89 44 24 0c             mov    %eax,0xc(%rsp)           //(%rsp + 0xc) = %eax
  4010ee:   83 fa 0f                cmp    $0xf,%edx                 //%edx = 15?
  4010f1:   75 06                   jne    4010f9 <phase_5+0x63>    //if %edx != 15, jump to 4010f9 (bomb)
  4010f3:   3b 4c 24 08             cmp    0x8(%rsp),%ecx           //(%rsp + 0x8) = %ecx?
  4010f7:   74 05                   je     4010fe <phase_5+0x68>    //if those are equal, jump to 4010fe (done)
  4010f9:   e8 86 04 00 00          callq  401584 <explode_bomb>    //we explode
  4010fe:   48 83 c4 18             add    $0x18,%rsp               //%rsp += 24
  401102:   c3                      retq               //we are done

I am having hard time understanding this. I see a loop for 15 times but I do not understand what it does. What is the cltq doing in this case? what is mov 0x402580(,%rax,4), %eax setting %eax to? I do not want to explode. I am scared of not doing good on this lab. Thank you.

Jester
  • 56,577
  • 4
  • 81
  • 125
S Jiles
  • 53
  • 1
  • 7
  • I am having problem understanding what the loop does because of the cltq and the mov inside of the loop. If I knew those two maybe i would understand the loop. – S Jiles Feb 24 '18 at 01:44
  • Your comment on `4010b6` is wrong: the jump target `4010bd` is *past* the `call explode_bomb`, so you need the jump to be taken to not explode, rather than not-taken. – Peter Cordes Feb 24 '18 at 02:02
  • @PeterCordes the `rax` is used right after `cdqe` for addressing... the next instruction is `mov eax,[0x402580 + rax*4]` ... that AT&T syntax is really tiresome for me :/ – Ped7g Feb 24 '18 at 07:23
  • @Ped7g: derp right, forgot to look inside addressing modes. Yup, looks like normal compiler output for indexing an array with a signed `int`. Perfectly explains sign-extending and then truncating again. – Peter Cordes Feb 24 '18 at 07:44
  • @Jester: nice work finding a (32-bit) duplicate bomb. With multiple dup targets possible, I think we can just close this. – Peter Cordes Feb 24 '18 at 07:46
  • I am sorry if my question was like another bomb! I will look at that bomb to help me. – S Jiles Feb 24 '18 at 19:31

0 Answers0