I have an assignment that includes a bomb with different phases. I have a bomb.c and I will try to solve this assignment phases with assembly and gdb. I am trying to give the correct input string to the program. If the input string is correct then the bomb defuses for that phase. In the first phase, as I understand from the assembly version, it will compare the input (which I will enter) with the string at the address (which is 0x1bbc in this case.) when I try to find the string at that address, in one approach it gave me "H\215\065\274\033" ASCII values for chars of the string. but some of them are non printable. how can I find the specific string at that address? can you help?
I used x/s command for the specific address, it gave me these ASCII values.
User
0000000000001b7f <strings_not_equal>:
1b7f: f3 0f 1e fa repz nop %edx
1b83: 41 54 push %r12
1b85: 55 push %rbp
1b86: 53 push %rbx
1b87: 48 89 fb mov %rdi,%rbx
1b8a: 48 89 f5 mov %rsi,%rbp
1b8d: e8 cc ff ff ff callq 1b5e <string_length>
1b92: 41 89 c4 mov %eax,%r12d
1b95: 48 89 ef mov %rbp,%rdi
1b98: e8 c1 ff ff ff callq 1b5e <string_length>
1b9d: 89 c2 mov %eax,%edx
1b9f: b8 01 00 00 00 mov $0x1,%eax
1ba4: 41 39 d4 cmp %edx,%r12d
1ba7: 75 31 jne 1bda <strings_not_equal+0x5b>
1ba9: 0f b6 13 movzbl (%rbx),%edx
1bac: 84 d2 test %dl,%dl
1bae: 74 1e je 1bce <strings_not_equal+0x4f>
1bb0: b8 00 00 00 00 mov $0x0,%eax
1bb5: 38 54 05 00 cmp %dl,0x0(%rbp,%rax,1)
1bb9: 75 1a jne 1bd5 <strings_not_equal+0x56>
1bbb: 48 83 c0 01 add $0x1,%rax
1bbf: 0f b6 14 03 movzbl (%rbx,%rax,1),%edx
1bc3: 84 d2 test %dl,%dl
1bc5: 75 ee jne 1bb5 <strings_not_equal+0x36>
1bc7: b8 00 00 00 00 mov $0x0,%eax
1bcc: eb 0c jmp 1bda <strings_not_equal+0x5b>
1bce: b8 00 00 00 00 mov $0x0,%eax
1bd3: eb 05 jmp 1bda <strings_not_equal+0x5b>
1bd5: b8 01 00 00 00 mov $0x1,%eax
1bda: 5b pop %rbx
1bdb: 5d pop %rbp
1bdc: 41 5c pop %r12
1bde: c3 retq
00000000000015b5 <phase_1>:
15b5: f3 0f 1e fa repz nop %edx
15b9: 48 83 ec 08 sub $0x8,%rsp
15bd: 48 8d 35 bc 1b 00 00 lea 0x1bbc(%rip),%rsi # 3180 <_IO_stdin_used+0x180>
15c4: e8 b6 05 00 00 callq 1b7f <strings_not_equal>
15c9: 85 c0 test %eax,%eax
15cb: 75 05 jne 15d2 <phase_1+0x1d>
15cd: 48 83 c4 08 add $0x8,%rsp
15d1: c3 retq
15d2: e8 4f 08 00 00 callq 1e26 <explode_bomb>
15d7: eb f4 jmp 15cd <phase_1+0x18>
This part is corresponding assembly version. To determine the content of the string that the address 0x1bbc(%rip) points to I did that: ()btw I dont remeber the way but somehow I reach the 0x15bd in order to find the string
(gdb) x/s 0x15bd
it gave: H\215\065\274\033
You are referring to this line:
15bd: 48 8d 35 bc 1b 00 00 lea 0x1bbc(%rip),%rsi # 3180 <_IO_stdin_used+0x180>
The addressing mode used is IP relative, which is common for objects instantiated in the code segment and for global and static data in the data segment that follows. This is consistent with this address being that of a string literal.
The offset 0x1bbc should be added to the address of the next instruction, 0x15c4, and the disassembler did the math for you in the comment: the address where you can find the string is 0x3180. You should get the string in text with:
(gdb) x/s 0x3180