gol6_3

1. SOME FUNCTION THAT CHECKS INPUT
2.  
3. 8048424: 55 push ebp //function prologue
4. 8048425: 89 e5 mov ebp,esp //ebp = esp
5. 8048427: 53 push ebx //pushing the ebx register onto the stack...
6. 8048428: 83 ec 34 sub esp,0x34 //allocate space on the stack
7. 804842b: c7 45 f0 00 00 00 00 mov DWORD PTR [ebp-0x10],0x0 //allocate a local variable on the stack by moving the base pointer by 10 bytes, and set it equal to zero
8. //ebp-0x10 is a count for the instances of certain chars (9.0,4,c,s). it looks for 9 instances of these characters in the password!!
9. 8048432: c7 45 f4 00 00 00 00 mov DWORD PTR [ebp-0xc],0x0 //allocate a local variable on the stack by moving the base pointer by 12 bytes, and set it equal to zero
10. //ebp-0xc is a loop counter!! It terminates after 16 iterations!!
11. 8048439: eb 10 jmp 804844b <puts@plt+0xf7> //jump and compare the contents of ebp-0xc to 0xf (15)
12. 804843b: 8b 5d f4 mov ebx,DWORD PTR [ebp-0xc] //ebx takes on the value of ebp-0xc
13. 804843e: e8 d1 fe ff ff call 8048314 <getchar@plt> //call getchar!!
14. THE LOOP BELOW RUNS FOR 16 ITERATIONS!! SO 16 CHARS!!! THIS IS A GETCHAR LOOP ;)
15. -------------------------------------------------------------------
16. 8048443: 88 44 1d df mov BYTE PTR [ebp+ebx*1-0x21],al //move the address "up" by one each time the loop counter increases, for example: ebp-0x21 -> ebp-0x20 -> ebp-0x1F -> ... -> etc.
17. //al gets the decimal representation of the char input -> this goes into the BYTE PTR!!
18.  
19. 8048447: 83 45 f4 01 add DWORD PTR [ebp-0xc],0x1 //increment the loop counter by 1! It's like doing ebp-0xc++
20. 804844b: 83 7d f4 0f cmp DWORD PTR [ebp-0xc],0xf //compare the loop counter to 15!!
21. 804844f: 7e ea jle 804843b <puts@plt+0xe7> //if the loop counter, ebp-0xc is less than or equal to (<=) 15, jump to 804843b, statement above!!
22. -------------------------------------------------------------------
23. POST-GET_CHAR LOOP
24. -------------------------------------------------------------------
25. 8048451: 8b 45 f4 mov eax,DWORD PTR [ebp-0xc] //move the current loop counter into the eax register, this should currently be 16 (0x10)
26. 8048454: c6 44 05 df 00 mov BYTE PTR [ebp+eax*1-0x21],0x0
27. 8048459: c7 45 f4 01 00 00 00 mov DWORD PTR [ebp-0xc],0x1 //the previous loop counter is reset to 1!
28. 8048460: eb 37 jmp 8048499 <puts@plt+0x145> //jump back to the main loop!!
29. -------------------------------------------------------------------
30. //LOOP RUNS 16 (0x10) TIMES (counter starts at 1, so it runs [1-16] inclusive
31. 8048462: 8b 45 f4 mov eax,DWORD PTR [ebp-0xc] //move the loop counter into the eax register, this is currently 1!!!
32. 8048465: 83 e8 01 sub eax,0x1 //decrement the loop counter by 1, so now the loop will start at 0!!
33. 8048468: 0f b6 44 05 df movzx eax,BYTE PTR [ebp+eax*1-0x21] //take the first inputted char, and move it into the eax register, and zero extend it!!
34. 804846d: 0f be c0 movsx eax,al //sign extend eax -> b/c whatever's in eax will also be in al -> part of same register
35.  
36. 8048470: 83 f8 39 cmp eax,0x39 //comparing the current char to 0x39 (9)
37. 8048473: 74 1b je 8048490 <puts@plt+0x13c> //if the current char is 9, increment the counter by 1!!
38. 8048475: 83 f8 39 cmp eax,0x39 //we're doing another comparison....
39. 8048478: 7f 0c jg 8048486 <puts@plt+0x132> //if eax is greater than 9, then we're gonna go to different compare statement!!
40.  
41. 804847a: 83 f8 30 cmp eax,0x30 //comparing the current char to 0x30 (0)
42. 804847d: 74 11 je 8048490 <puts@plt+0x13c> //if the current char is a 0, increment the counter by 1!!
43.  
44. 804847f: 83 f8 34 cmp eax,0x34 //comparing the current char to 0x34 (4)
45. 8048482: 74 0c je 8048490 <puts@plt+0x13c> //if the current char is a 4, increment the counter by 1!!
46. 8048484: eb 0f jmp 8048495 <puts@plt+0x141> //ELSE increment the loop counter by 1
47. 8048486: 83 f8 63 cmp eax,0x63 //comparing the current char to 0x63 (c)
48. 8048489: 74 05 je 8048490 <puts@plt+0x13c> //if the current char is a c, increment the counter by 1!!
49.  
50. 804848b: 83 f8 73 cmp eax,0x73 //comparing the current char to 0x73 (s)
51. 804848e: 75 05 jne 8048495 <puts@plt+0x141> //if the current char is a s, increment the counter by 1!!
52. INCREMENTING CHAR COUNTER BY 1
53. -------------------------------------------------------------------
54. 8048490: 83 45 f0 01 add DWORD PTR [ebp-0x10],0x1 //incrementing a secondary counter by 1!!
55. 8048494: 90 nop
56. -------------------------------------------------------------------
57. 8048495: 83 45 f4 01 add DWORD PTR [ebp-0xc],0x1 //increment the loop counter by 1
58. 8048499: 83 7d f4 10 cmp DWORD PTR [ebp-0xc],0x10 //compare the loop counter to 16 (if ebp-0xc <= 16)
59. 804849d: 7e c3 jle 8048462 <puts@plt+0x10e>
60. -------------------------------------------------------------------
61. 804849f: 83 7d f0 09 cmp DWORD PTR [ebp-0x10],0x9 //compare the secondary counter to 9 after the loop has run 16 times!!
62. 80484a3: 75 16 jne 80484bb <puts@plt+0x167> //if ebp-0x10 != 9 -> jump to statement printing the failure string!!
63. -------------------------------------------------------------------
64. 80484a5: b8 c4 85 04 08 mov eax,0x80485c4 //congrats string!!
65. 80484aa: 8d 55 df lea edx,[ebp-0x21]
66. 80484ad: 89 54 24 04 mov DWORD PTR [esp+0x4],edx //move the user-entered password as an argument on the stack!!
67. 80484b1: 89 04 24 mov DWORD PTR [esp],eax
68. 80484b4: e8 8b fe ff ff call 8048344 <printf@plt> //print the congrats string!!
69. 80484b9: eb 0c jmp 80484c7 <puts@plt+0x173> //go to the function epilogue....
70. 80484bb: c7 04 24 f2 85 04 08 mov DWORD PTR [esp],0x80485f2 //failure string!!
71. 80484c2: e8 8d fe ff ff call 8048354 <puts@plt> //call puts and exit this function
72. 80484c7: 83 c4 34 add esp,0x34 //function epilogue
73. 80484ca: 5b pop ebx //popping local variables....
74. 80484cb: 5d pop ebp
75. 80484cc: c3 ret
76. -------------------------------------------------------------------