IM doing a bomblab, im at phase 4, what should be the answer for this case? Dump
ID: 3588942 • Letter: I
Question
IM doing a bomblab, im at phase 4, what should be the answer for this case?
Dump of assembler code for function phase_4:
0x00000000004010f6 <+0>: push %rbp
0x00000000004010f7 <+1>: mov %rsp,%rbp
=> 0x00000000004010fa <+4>: sub $0x10,%rsp
0x00000000004010fe <+8>: lea -0x4(%rbp),%rcx
0x0000000000401102 <+12>: lea -0x8(%rbp),%rdx
0x0000000000401106 <+16>: mov $0x402a8d,%esi
0x000000000040110b <+21>: mov $0x0,%eax
0x0000000000401110 <+26>: callq 0x400cb0 <__isoc99_sscanf@plt>
0x0000000000401115 <+31>: cmp $0x2,%eax
0x0000000000401118 <+34>: jne 0x401125 <phase_4+47>
0x000000000040111a <+36>: mov -0x8(%rbp),%eax
0x000000000040111d <+39>: sub $0x10,%eax
0x0000000000401120 <+42>: cmp $0x1e,%eax
0x0000000000401123 <+45>: jbe 0x40112a <phase_4+52>
0x0000000000401125 <+47>: callq 0x4016e5 <explode_bomb>
0x000000000040112a <+52>: mov $0x2e,%edx
0x000000000040112f <+57>: mov $0x10,%esi
0x0000000000401134 <+62>: mov -0x8(%rbp),%edi
0x0000000000401137 <+65>: callq 0x4010bb <func4>
0x000000000040113c <+70>: cmp $0xd,%eax
0x000000000040113f <+73>: jne 0x401147 <phase_4+81>
0x0000000000401141 <+75>: cmpl $0xd,-0x4(%rbp)
0x0000000000401145 <+79>: je 0x40114c <phase_4+86>
0x0000000000401147 <+81>: callq 0x4016e5 <explode_bomb>
0x000000000040114c <+86>: leaveq
0x000000000040114d <+87>: nopl (%rax)
0x0000000000401150 <+90>: retq
End of assembler dump.
(gdb) disas func4
Dump of assembler code for function func4:
0x00000000004010bb <+0>: push %rbp
0x00000000004010bc <+1>: mov %rsp,%rbp
0x00000000004010bf <+4>: mov %edx,%eax
0x00000000004010c1 <+6>: sub %esi,%eax
0x00000000004010c3 <+8>: mov %eax,%ecx
0x00000000004010c5 <+10>: shr $0x1f,%ecx
0x00000000004010c8 <+13>: add %ecx,%eax
0x00000000004010ca <+15>: sar %eax
0x00000000004010cc <+17>: lea (%rax,%rsi,1),%ecx
0x00000000004010cf <+20>: cmp %edi,%ecx
0x00000000004010d1 <+22>: jle 0x4010e1 <func4+38>
0x00000000004010d3 <+24>: lea -0x1(%rcx),%edx
0x00000000004010d6 <+27>: callq 0x4010bb <func4>
0x00000000004010db <+32>: lea 0x1(%rax,%rax,1),%eax
0x00000000004010df <+36>: jmp 0x4010f4 <func4+57>
0x00000000004010e1 <+38>: mov $0x0,%eax
0x00000000004010e6 <+43>: cmp %edi,%ecx
0x00000000004010e8 <+45>: jge 0x4010f4 <func4+57>
0x00000000004010ea <+47>: lea 0x1(%rcx),%esi
0x00000000004010ed <+50>: callq 0x4010bb <func4>
0x00000000004010f2 <+55>: add %eax,%eax
0x00000000004010f4 <+57>: pop %rbp
0x00000000004010f5 <+58>: retq
End of assembler dump.
Explanation / Answer
I trust clearly phase4 is watching that the primary number is in the range 0..14 comprehensive see lines +44..+57 Then it summons func4 with three contentions: the principal number entered, 0 and 14 (lines +62..+85). Next it watches that the arrival esteem is 0x25 is 37 decimal on line +90 and that the second number entered is likewise 37 in lines +95
We should proceed onward to func4. I'll call the three contentions x, low and high. At first you don't recognize what they are obviously. Lines +23...+34 ascertain (high - low)/2. The terrible chaos is on account of the compiler produces code to deal with negative numbers with truncation to zero. We won't perceive any negative numbers however. Line +36 is only a favour expansion, so in ebx we now have low + (high - low)/2 which is otherwise called the normal of the two numbers. The code at that point thinks about this normal to the number x that has been given as first contention. Lines +43..+62 get executed if x < normal and they conjure func4(x, low, normal - 1) and enhance the normal. Likewise, lines +70..+89 get executed if x > normal and ascertain normal + func4(x, normal + 1, high). In the event that x == normal then simply the normal itself is returned.
It's essentially doing a parallel hunt and summing up the speculations as it goes. Given that the interim has 15 components, it will require at most 4 surmises. The principal figure will be 7, so to get the required after-effect of 37 we require 30 more. We have at most 3 more tries and every one of the theories will be either under at least 7 than 7. Since 7 * 3 = 21 and that can't give us 30 it implies the number must be more noteworthy than 7. Second figure is along these lines going to be (8 + 14)/2 = 11, making our whole 18 with 19 more to go. On the off chance that the number was over 11 that would mean we overshoot the objective, so the number must be more than 7 and under 11. Third figure is in this way (8 + 10)/2 = 9 which conveys the total to 27 with 10 more to go and only a solitary figure, so implies the number is 10.
TL;DR: the right info ought to be 10 and 37