gbrochar
/
OverRide
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: level07 asm breakdown

This commit is contained in:
gbrochar 2025-05-16 17:29:46 +02:00
parent 50a8d194c9
commit 3cf1fbf6b9
5 changed files with 374 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

185
level07/Ressources/disass_main.txt Normal file
View File

@ -0,0 +1,185 @@
Dump of assembler code for function main:
0x08048723 <main+0>: push ebp
0x08048724 <main+1>: mov ebp,esp
0x08048726 <main+3>: push edi
0x08048727 <main+4>: push esi
0x08048728 <main+5>: push ebx
0x08048729 <main+6>: and esp,0xfffffff0
0x0804872c <main+9>: sub esp,0x1d0
0x08048732 <main+15>: mov eax,DWORD PTR [ebp+0xc]
0x08048735 <main+18>: mov DWORD PTR [esp+0x1c],eax
0x08048739 <main+22>: mov eax,DWORD PTR [ebp+0x10]
0x0804873c <main+25>: mov DWORD PTR [esp+0x18],eax
0x08048740 <main+29>: mov eax,gs:0x14
0x08048746 <main+35>: mov DWORD PTR [esp+0x1cc],eax
0x0804874d <main+42>: xor eax,eax
0x0804874f <main+44>: mov DWORD PTR [esp+0x1b4],0x0
0x0804875a <main+55>: mov DWORD PTR [esp+0x1b8],0x0
0x08048765 <main+66>: mov DWORD PTR [esp+0x1bc],0x0
0x08048770 <main+77>: mov DWORD PTR [esp+0x1c0],0x0
0x0804877b <main+88>: mov DWORD PTR [esp+0x1c4],0x0
0x08048786 <main+99>: mov DWORD PTR [esp+0x1c8],0x0
0x08048791 <main+110>: lea ebx,[esp+0x24]
0x08048795 <main+114>: mov eax,0x0
0x0804879a <main+119>: mov edx,0x64
0x0804879f <main+124>: mov edi,ebx
0x080487a1 <main+126>: mov ecx,edx
0x080487a3 <main+128>: rep stos DWORD PTR es:[edi],eax
0x080487a5 <main+130>: jmp 0x80487ea <main+199>
0x080487a7 <main+132>: mov eax,DWORD PTR [esp+0x1c]
0x080487ab <main+136>: mov eax,DWORD PTR [eax]
0x080487ad <main+138>: mov DWORD PTR [esp+0x14],0xffffffff
0x080487b5 <main+146>: mov edx,eax
0x080487b7 <main+148>: mov eax,0x0
0x080487bc <main+153>: mov ecx,DWORD PTR [esp+0x14]
0x080487c0 <main+157>: mov edi,edx
0x080487c2 <main+159>: repnz scas al,BYTE PTR es:[edi]
0x080487c4 <main+161>: mov eax,ecx
0x080487c6 <main+163>: not eax
0x080487c8 <main+165>: lea edx,[eax-0x1]
0x080487cb <main+168>: mov eax,DWORD PTR [esp+0x1c]
0x080487cf <main+172>: mov eax,DWORD PTR [eax]
0x080487d1 <main+174>: mov DWORD PTR [esp+0x8],edx
0x080487d5 <main+178>: mov DWORD PTR [esp+0x4],0x0
0x080487dd <main+186>: mov DWORD PTR [esp],eax
0x080487e0 <main+189>: call 0x80484f0 <memset@plt>
0x080487e5 <main+194>: add DWORD PTR [esp+0x1c],0x4
0x080487ea <main+199>: mov eax,DWORD PTR [esp+0x1c]
0x080487ee <main+203>: mov eax,DWORD PTR [eax]
0x080487f0 <main+205>: test eax,eax
0x080487f2 <main+207>: jne 0x80487a7 <main+132>
0x080487f4 <main+209>: jmp 0x8048839 <main+278>
0x080487f6 <main+211>: mov eax,DWORD PTR [esp+0x18]
0x080487fa <main+215>: mov eax,DWORD PTR [eax]
0x080487fc <main+217>: mov DWORD PTR [esp+0x14],0xffffffff
0x08048804 <main+225>: mov edx,eax
0x08048806 <main+227>: mov eax,0x0
0x0804880b <main+232>: mov ecx,DWORD PTR [esp+0x14]
0x0804880f <main+236>: mov edi,edx
0x08048811 <main+238>: repnz scas al,BYTE PTR es:[edi]
0x08048813 <main+240>: mov eax,ecx
0x08048815 <main+242>: not eax
0x08048817 <main+244>: lea edx,[eax-0x1]
0x0804881a <main+247>: mov eax,DWORD PTR [esp+0x18]
0x0804881e <main+251>: mov eax,DWORD PTR [eax]
0x08048820 <main+253>: mov DWORD PTR [esp+0x8],edx
0x08048824 <main+257>: mov DWORD PTR [esp+0x4],0x0
0x0804882c <main+265>: mov DWORD PTR [esp],eax
0x0804882f <main+268>: call 0x80484f0 <memset@plt>
0x08048834 <main+273>: add DWORD PTR [esp+0x18],0x4
0x08048839 <main+278>: mov eax,DWORD PTR [esp+0x18]
0x0804883d <main+282>: mov eax,DWORD PTR [eax]
0x0804883f <main+284>: test eax,eax
0x08048841 <main+286>: jne 0x80487f6 <main+211>
0x08048843 <main+288>: mov DWORD PTR [esp],0x8048b38
0x0804884a <main+295>: call 0x80484c0 <puts@plt>
0x0804884f <main+300>: mov eax,0x8048d4b
0x08048854 <main+305>: mov DWORD PTR [esp],eax
0x08048857 <main+308>: call 0x8048470 <printf@plt>
0x0804885c <main+313>: mov DWORD PTR [esp+0x1b4],0x1
0x08048867 <main+324>: mov eax,ds:0x804a040
0x0804886c <main+329>: mov DWORD PTR [esp+0x8],eax
0x08048870 <main+333>: mov DWORD PTR [esp+0x4],0x14
0x08048878 <main+341>: lea eax,[esp+0x1b8]
0x0804887f <main+348>: mov DWORD PTR [esp],eax
0x08048882 <main+351>: call 0x80484a0 <fgets@plt>
0x08048887 <main+356>: lea eax,[esp+0x1b8]
0x0804888e <main+363>: mov DWORD PTR [esp+0x14],0xffffffff
0x08048896 <main+371>: mov edx,eax
0x08048898 <main+373>: mov eax,0x0
0x0804889d <main+378>: mov ecx,DWORD PTR [esp+0x14]
0x080488a1 <main+382>: mov edi,edx
0x080488a3 <main+384>: repnz scas al,BYTE PTR es:[edi]
0x080488a5 <main+386>: mov eax,ecx
0x080488a7 <main+388>: not eax
0x080488a9 <main+390>: sub eax,0x1
0x080488ac <main+393>: sub eax,0x1
0x080488af <main+396>: mov BYTE PTR [esp+eax*1+0x1b8],0x0
0x080488b7 <main+404>: lea eax,[esp+0x1b8]
0x080488be <main+411>: mov edx,eax
0x080488c0 <main+413>: mov eax,0x8048d5b
0x080488c5 <main+418>: mov ecx,0x5
0x080488ca <main+423>: mov esi,edx
0x080488cc <main+425>: mov edi,eax
0x080488ce <main+427>: repz cmps BYTE PTR ds:[esi],BYTE PTR es:[edi]
0x080488d0 <main+429>: seta dl
0x080488d3 <main+432>: setb al
0x080488d6 <main+435>: mov ecx,edx
0x080488d8 <main+437>: sub cl,al
0x080488da <main+439>: mov eax,ecx
0x080488dc <main+441>: movsx eax,al
0x080488df <main+444>: test eax,eax
0x080488e1 <main+446>: jne 0x80488f8 <main+469>
0x080488e3 <main+448>: lea eax,[esp+0x24]
0x080488e7 <main+452>: mov DWORD PTR [esp],eax
0x080488ea <main+455>: call 0x8048630 <store_number>
0x080488ef <main+460>: mov DWORD PTR [esp+0x1b4],eax
0x080488f6 <main+467>: jmp 0x8048965 <main+578>
0x080488f8 <main+469>: lea eax,[esp+0x1b8]
0x080488ff <main+476>: mov edx,eax
0x08048901 <main+478>: mov eax,0x8048d61
0x08048906 <main+483>: mov ecx,0x4
0x0804890b <main+488>: mov esi,edx
0x0804890d <main+490>: mov edi,eax
0x0804890f <main+492>: repz cmps BYTE PTR ds:[esi],BYTE PTR es:[edi]
0x08048911 <main+494>: seta dl
0x08048914 <main+497>: setb al
0x08048917 <main+500>: mov ecx,edx
0x08048919 <main+502>: sub cl,al
0x0804891b <main+504>: mov eax,ecx
0x0804891d <main+506>: movsx eax,al
0x08048920 <main+509>: test eax,eax
0x08048922 <main+511>: jne 0x8048939 <main+534>
0x08048924 <main+513>: lea eax,[esp+0x24]
0x08048928 <main+517>: mov DWORD PTR [esp],eax
0x0804892b <main+520>: call 0x80486d7 <read_number>
0x08048930 <main+525>: mov DWORD PTR [esp+0x1b4],eax
0x08048937 <main+532>: jmp 0x8048965 <main+578>
0x08048939 <main+534>: lea eax,[esp+0x1b8]
0x08048940 <main+541>: mov edx,eax
0x08048942 <main+543>: mov eax,0x8048d66
0x08048947 <main+548>: mov ecx,0x4
0x0804894c <main+553>: mov esi,edx
0x0804894e <main+555>: mov edi,eax
0x08048950 <main+557>: repz cmps BYTE PTR ds:[esi],BYTE PTR es:[edi]
0x08048952 <main+559>: seta dl
0x08048955 <main+562>: setb al
0x08048958 <main+565>: mov ecx,edx
0x0804895a <main+567>: sub cl,al
0x0804895c <main+569>: mov eax,ecx
0x0804895e <main+571>: movsx eax,al
0x08048961 <main+574>: test eax,eax
0x08048963 <main+576>: je 0x80489cf <main+684>
0x08048965 <main+578>: cmp DWORD PTR [esp+0x1b4],0x0
0x0804896d <main+586>: je 0x8048989 <main+614>
0x0804896f <main+588>: mov eax,0x8048d6b
0x08048974 <main+593>: lea edx,[esp+0x1b8]
0x0804897b <main+600>: mov DWORD PTR [esp+0x4],edx
0x0804897f <main+604>: mov DWORD PTR [esp],eax
0x08048982 <main+607>: call 0x8048470 <printf@plt>
0x08048987 <main+612>: jmp 0x80489a1 <main+638>
0x08048989 <main+614>: mov eax,0x8048d88
0x0804898e <main+619>: lea edx,[esp+0x1b8]
0x08048995 <main+626>: mov DWORD PTR [esp+0x4],edx
0x08048999 <main+630>: mov DWORD PTR [esp],eax
0x0804899c <main+633>: call 0x8048470 <printf@plt>
0x080489a1 <main+638>: lea eax,[esp+0x1b8]
0x080489a8 <main+645>: mov DWORD PTR [eax],0x0
0x080489ae <main+651>: mov DWORD PTR [eax+0x4],0x0
0x080489b5 <main+658>: mov DWORD PTR [eax+0x8],0x0
0x080489bc <main+665>: mov DWORD PTR [eax+0xc],0x0
0x080489c3 <main+672>: mov DWORD PTR [eax+0x10],0x0
0x080489ca <main+679>: jmp 0x804884f <main+300>
0x080489cf <main+684>: nop
0x080489d0 <main+685>: mov eax,0x0
0x080489d5 <main+690>: mov esi,DWORD PTR [esp+0x1cc]
0x080489dc <main+697>: xor esi,DWORD PTR gs:0x14
0x080489e3 <main+704>: je 0x80489ea <main+711>
0x080489e5 <main+706>: call 0x80484b0 <__stack_chk_fail@plt>
0x080489ea <main+711>: lea esp,[ebp-0xc]
0x080489ed <main+714>: pop ebx
0x080489ee <main+715>: pop esi
0x080489ef <main+716>: pop edi
0x080489f0 <main+717>: pop ebp
0x080489f1 <main+718>: ret
End of assembler dump.

12
level07/Ressources/pseudo_code.txt Normal file
View File

@ -0,0 +1,12 @@
|------------|------------|-----------------------------------------------|-------------------------------------------------------------|
| 0x08048... | <main+...> | asm | pseudo code |
|------------|------------|-----------------------------------------------|-------------------------------------------------------------|
| 723 | 0 | push ebp | stack[esp] == ebp; esp -= 4; eip++; |
| 724 | 1 | mov ebp, esp | ebp = esp; eip += 2; |
| 726 | 3 | push edi | stack[esp] == edi; esp -= 4; eip++; |
| 727 | 4 | push esi | stack[esp] == esi; esp -= 4; eip++; |
| 728 | 5 | push ebx | stack[esp] == ebx; esp -= 4; eip++; |
| 729 | 6 | and esp, 0xfffffff0 | esp -= esp % 16; eip += 3; // aligne la stack a 16 |
| 72c | 9 | sub esp, 0x1d0 | esp -= 464; eip += 6; // alloue 116 ints sur la stack |
| 732 | 15 | mov eax, DWORD PTR [ebp+0xc] | eax = stack[ebp+12] ; eip += 3; // eax choppe l'addr d'argv |

16
level07/Ressources/register_after_push_ebp Normal file
View File

@ -0,0 +1,16 @@
eax 0x8048723 134514467
ecx 0x1ca531dd 480588253
edx 0xffffd450 -11184
ebx 0xf7f9a000 -134635520
esp 0xffffd428 0xffffd428
ebp 0xf7ffd020 0xf7ffd020 <_rtld_global>
esi 0xffffd4e4 -11036
edi 0xf7ffcb80 -134231168
eip 0x8048724 0x8048724 <main+1>
eflags 0x246 [ PF ZF IF ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x63 99

16
level07/Ressources/register_before_push_ebp Normal file
View File

@ -0,0 +1,16 @@
eax 0x8048723 134514467
ecx 0x1ca531dd 480588253
edx 0xffffd450 -11184
ebx 0xf7f9a000 -134635520
esp 0xffffd42c 0xffffd42c
ebp 0xf7ffd020 0xf7ffd020 <_rtld_global>
esi 0xffffd4e4 -11036
edi 0xf7ffcb80 -134231168
eip 0x8048723 0x8048723 <main>
eflags 0x246 [ PF ZF IF ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x63 99

145
level07/Ressources/source.c Normal file
View File

@ -0,0 +1,145 @@
int main(int param_1, char **argv, char **envp)
{
char cVar1;
int iVar2;
uint uVar3;
undefined4 *puVar4;
char *pcVar5;
byte *pbVar6;
int in_GS_OFFSET;
bool bVar7;
bool bVar8;
bool bVar9;
byte bVar10;
char **local_1c8;
char **local_1c4;
undefined4 storage_service_data_array [100];
undefined4 local_2c;
undefined4 local_28;
undefined4 local_24;
undefined4 local_20;
undefined4 local_1c;
undefined4 local_18;
int local_14;
bVar10 = 0;
local_1c4 = param_2;
local_1c8 = param_3;
local_14 = *(int *)(in_GS_OFFSET + 0x14);
local_2c = 0;
local_28 = 0;
local_24 = 0;
local_20 = 0;
local_1c = 0;
local_18 = 0;
puVar4 = storage_service_data_array;
for (int i = 100; i != 0; i--) {
storage_service_data_array[i] = 0;
}
while ( *argv )
{
memset((void *)*argv, 0, strlen(*argv));
++argv;
}
while ( *envp )
{
memset((void *)*envp, 0, strlen(*envp));
++envp;
}
puts(
"----------------------------------------------------"
"Welcome to wil\'s crappy number stora ge service! "
"----------------------------------------------------"
"Commands: "
" store - store a number into the data storage "
" read - read a number from the data storage "
" quit - exit the program "
"----------------------------------------------------"
" wil has reserved some storage :> "
"----------------------------------------------------"
);
do {
printf("Input command: ");
local_2c = 1;
fgets((char *)&local_28,0x14,stdin);
uVar3 = 0xffffffff;
puVar4 = &local_28;
do {
if (uVar3 == 0) break;
uVar3 = uVar3 - 1;
cVar1 = *(char *)puVar4;
puVar4 = (undefined4 *)((int)puVar4 + (uint)bVar10 * -2 + 1);
} while (cVar1 != '\0');
uVar3 = ~uVar3;
bVar7 = uVar3 == 1;
bVar9 = uVar3 == 2;
*(undefined *)((int)&local_2c + uVar3 + 2) = 0;
iVar2 = 5;
puVar4 = &local_28;
pbVar6 = (byte *)"store";
do {
if (iVar2 == 0) break;
iVar2 = iVar2 + -1;
bVar7 = *(byte *)puVar4 < *pbVar6;
bVar9 = *(byte *)puVar4 == *pbVar6;
puVar4 = (undefined4 *)((int)puVar4 + (uint)bVar10 * -2 + 1);
pbVar6 = pbVar6 + (uint)bVar10 * -2 + 1;
} while (bVar9);
bVar8 = false;
bVar7 = (!bVar7 && !bVar9) == bVar7;
if (bVar7) {
local_2c = store_number(storage_service_data_array);
}
else {
iVar2 = 4;
puVar4 = &local_28;
pbVar6 = &DAT_08048d61;
do {
if (iVar2 == 0) break;
iVar2 = iVar2 + -1;
bVar8 = *(byte *)puVar4 < *pbVar6;
bVar7 = *(byte *)puVar4 == *pbVar6;
puVar4 = (undefined4 *)((int)puVar4 + (uint)bVar10 * -2 + 1);
pbVar6 = pbVar6 + (uint)bVar10 * -2 + 1;
} while (bVar7);
bVar9 = false;
bVar7 = (!bVar8 && !bVar7) == bVar8;
if (bVar7) {
local_2c = read_number(storage_service_data_array);
}
else {
iVar2 = 4;
puVar4 = &local_28;
pbVar6 = &DAT_08048d66;
do {
if (iVar2 == 0) break;
iVar2 = iVar2 + -1;
bVar9 = *(byte *)puVar4 < *pbVar6;
bVar7 = *(byte *)puVar4 == *pbVar6;
puVar4 = (undefined4 *)((int)puVar4 + (uint)bVar10 * -2 + 1);
pbVar6 = pbVar6 + (uint)bVar10 * -2 + 1;
} while (bVar7);
if ((!bVar9 && !bVar7) == bVar9) {
if (local_14 == *(int *)(in_GS_OFFSET + 0x14)) {
return 0;
}
/* WARNING: Subroutine does not return */
__stack_chk_fail();
}
}
}
if (local_2c == 0) {
printf(" Completed %s command successfully\n",&local_28);
}
else {
printf(" Failed to do %s command\n",&local_28);
}
local_28 = 0;
local_24 = 0;
local_20 = 0;
local_1c = 0;
local_18 = 0;
} while( true );
}