Question

1 Approved Answer

Posted on Sep 22, 2024

reverseEngineering3: file format elf32-i386 Disassembly of section .init: 08048294 : 8048294: 53 push %ebx 8048295: 83 ec 08 sub $0x8,%esp 8048298: e8 83 00 00

reverseEngineering3: file format elf32-i386

Disassembly of section .init:

08048294 <_init>: 8048294: 53 push %ebx 8048295: 83 ec 08 sub $0x8,%esp 8048298: e8 83 00 00 00 call 8048320 <__x86.get_pc_thunk.bx> 804829d: 81 c3 63 1d 00 00 add $0x1d63,%ebx 80482a3: 8b 83 fc ff ff ff mov -0x4(%ebx),%eax 80482a9: 85 c0 test %eax,%eax 80482ab: 74 05 je 80482b2 <_init+0x1e> 80482ad: e8 1e 00 00 00 call 80482d0 <__gmon_start__@plt> 80482b2: 83 c4 08 add $0x8,%esp 80482b5: 5b pop %ebx 80482b6: c3 ret

Disassembly of section .plt:

080482c0 <__gmon_start__@plt-0x10>: 80482c0: ff 35 04 a0 04 08 pushl 0x804a004 80482c6: ff 25 08 a0 04 08 jmp *0x804a008 80482cc: 00 00 add %al,(%eax) ...

080482d0 <__gmon_start__@plt>: 80482d0: ff 25 0c a0 04 08 jmp *0x804a00c 80482d6: 68 00 00 00 00 push $0x0 80482db: e9 e0 ff ff ff jmp 80482c0 <_init+0x2c>

080482e0 <__libc_start_main@plt>: 80482e0: ff 25 10 a0 04 08 jmp *0x804a010 80482e6: 68 08 00 00 00 push $0x8 80482eb: e9 d0 ff ff ff jmp 80482c0 <_init+0x2c>

Disassembly of section .text:

080482f0 <_start>: 80482f0: 31 ed xor %ebp,%ebp 80482f2: 5e pop %esi 80482f3: 89 e1 mov %esp,%ecx 80482f5: 83 e4 f0 and $0xfffffff0,%esp 80482f8: 50 push %eax 80482f9: 54 push %esp 80482fa: 52 push %edx 80482fb: 68 b0 84 04 08 push $0x80484b0 8048300: 68 40 84 04 08 push $0x8048440 8048305: 51 push %ecx 8048306: 56 push %esi 8048307: 68 ec 83 04 08 push $0x80483ec 804830c: e8 cf ff ff ff call 80482e0 <__libc_start_main@plt> 8048311: f4 hlt 8048312: 66 90 xchg %ax,%ax 8048314: 66 90 xchg %ax,%ax 8048316: 66 90 xchg %ax,%ax 8048318: 66 90 xchg %ax,%ax 804831a: 66 90 xchg %ax,%ax 804831c: 66 90 xchg %ax,%ax 804831e: 66 90 xchg %ax,%ax

08048320 <__x86.get_pc_thunk.bx>: 8048320: 8b 1c 24 mov (%esp),%ebx 8048323: c3 ret 8048324: 66 90 xchg %ax,%ax 8048326: 66 90 xchg %ax,%ax 8048328: 66 90 xchg %ax,%ax 804832a: 66 90 xchg %ax,%ax 804832c: 66 90 xchg %ax,%ax 804832e: 66 90 xchg %ax,%ax

08048330 : 8048330: b8 1f a0 04 08 mov $0x804a01f,%eax 8048335: 2d 1c a0 04 08 sub $0x804a01c,%eax 804833a: 83 f8 06 cmp $0x6,%eax 804833d: 76 1a jbe 8048359 804833f: b8 00 00 00 00 mov $0x0,%eax 8048344: 85 c0 test %eax,%eax 8048346: 74 11 je 8048359 8048348: 55 push %ebp 8048349: 89 e5 mov %esp,%ebp 804834b: 83 ec 14 sub $0x14,%esp 804834e: 68 1c a0 04 08 push $0x804a01c 8048353: ff d0 call *%eax 8048355: 83 c4 10 add $0x10,%esp 8048358: c9 leave 8048359: f3 c3 repz ret 804835b: 90 nop 804835c: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi

08048360 : 8048360: b8 1c a0 04 08 mov $0x804a01c,%eax 8048365: 2d 1c a0 04 08 sub $0x804a01c,%eax 804836a: c1 f8 02 sar $0x2,%eax 804836d: 89 c2 mov %eax,%edx 804836f: c1 ea 1f shr $0x1f,%edx 8048372: 01 d0 add %edx,%eax 8048374: d1 f8 sar %eax 8048376: 74 1b je 8048393 8048378: ba 00 00 00 00 mov $0x0,%edx 804837d: 85 d2 test %edx,%edx 804837f: 74 12 je 8048393 8048381: 55 push %ebp 8048382: 89 e5 mov %esp,%ebp 8048384: 83 ec 10 sub $0x10,%esp 8048387: 50 push %eax 8048388: 68 1c a0 04 08 push $0x804a01c 804838d: ff d2 call *%edx 804838f: 83 c4 10 add $0x10,%esp 8048392: c9 leave 8048393: f3 c3 repz ret 8048395: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi 8048399: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi

080483a0 <__do_global_dtors_aux>: 80483a0: 80 3d 1c a0 04 08 00 cmpb $0x0,0x804a01c 80483a7: 75 13 jne 80483bc <__do_global_dtors_aux+0x1c> 80483a9: 55 push %ebp 80483aa: 89 e5 mov %esp,%ebp 80483ac: 83 ec 08 sub $0x8,%esp 80483af: e8 7c ff ff ff call 8048330 80483b4: c6 05 1c a0 04 08 01 movb $0x1,0x804a01c 80483bb: c9 leave 80483bc: f3 c3 repz ret 80483be: 66 90 xchg %ax,%ax

080483c0 : 80483c0: b8 08 9f 04 08 mov $0x8049f08,%eax 80483c5: 8b 10 mov (%eax),%edx 80483c7: 85 d2 test %edx,%edx 80483c9: 75 05 jne 80483d0 80483cb: eb 93 jmp 8048360 80483cd: 8d 76 00 lea 0x0(%esi),%esi 80483d0: ba 00 00 00 00 mov $0x0,%edx 80483d5: 85 d2 test %edx,%edx 80483d7: 74 f2 je 80483cb 80483d9: 55 push %ebp 80483da: 89 e5 mov %esp,%ebp 80483dc: 83 ec 14 sub $0x14,%esp 80483df: 50 push %eax 80483e0: ff d2 call *%edx 80483e2: 83 c4 10 add $0x10,%esp 80483e5: c9 leave 80483e6: e9 75 ff ff ff jmp 8048360 80483eb: 90 nop

080483ec

: 80483ec: 55 push %ebp 80483ed: 89 e5 mov %esp,%ebp 80483ef: 83 ec 10 sub $0x10,%esp 80483f2: c7 45 fc 02 00 00 00 movl $0x2,-0x4(%ebp) 80483f9: c7 45 f0 03 00 00 00 movl $0x3,-0x10(%ebp) 8048400: be cd ab 00 00 mov $0xabcd,%esi 8048405: c7 45 f8 00 00 00 00 movl $0x0,-0x8(%ebp) 804840c: eb 1e jmp 804842c 804840e: 8b 55 f0 mov -0x10(%ebp),%edx 8048411: 8b 45 fc mov -0x4(%ebp),%eax 8048414: 01 d0 add %edx,%eax 8048416: 89 45 f4 mov %eax,-0xc(%ebp) 8048419: 8b 45 f0 mov -0x10(%ebp),%eax 804841c: 89 45 fc mov %eax,-0x4(%ebp) 804841f: 8b 45 f4 mov -0xc(%ebp),%eax 8048422: 89 45 f0 mov %eax,-0x10(%ebp) 8048425: 8b 75 f0 mov -0x10(%ebp),%esi 8048428: 83 45 f8 01 addl $0x1,-0x8(%ebp) 804842c: 83 7d f8 02 cmpl $0x2,-0x8(%ebp) 8048430: 7e dc jle 804840e 8048432: b8 00 00 00 00 mov $0x0,%eax 8048437: c9 leave 8048438: c3 ret 8048439: 66 90 xchg %ax,%ax 804843b: 66 90 xchg %ax,%ax 804843d: 66 90 xchg %ax,%ax 804843f: 90 nop

08048440 <__libc_csu_init>: 8048440: 55 push %ebp 8048441: 57 push %edi 8048442: 31 ff xor %edi,%edi 8048444: 56 push %esi 8048445: 53 push %ebx 8048446: e8 d5 fe ff ff call 8048320 <__x86.get_pc_thunk.bx> 804844b: 81 c3 b5 1b 00 00 add $0x1bb5,%ebx 8048451: 83 ec 1c sub $0x1c,%esp 8048454: 8b 6c 24 30 mov 0x30(%esp),%ebp 8048458: 8d b3 04 ff ff ff lea -0xfc(%ebx),%esi 804845e: e8 31 fe ff ff call 8048294 <_init> 8048463: 8d 83 00 ff ff ff lea -0x100(%ebx),%eax 8048469: 29 c6 sub %eax,%esi 804846b: c1 fe 02 sar $0x2,%esi 804846e: 85 f6 test %esi,%esi 8048470: 74 27 je 8048499 <__libc_csu_init+0x59> 8048472: 8d b6 00 00 00 00 lea 0x0(%esi),%esi 8048478: 8b 44 24 38 mov 0x38(%esp),%eax 804847c: 89 2c 24 mov %ebp,(%esp) 804847f: 89 44 24 08 mov %eax,0x8(%esp) 8048483: 8b 44 24 34 mov 0x34(%esp),%eax 8048487: 89 44 24 04 mov %eax,0x4(%esp) 804848b: ff 94 bb 00 ff ff ff call *-0x100(%ebx,%edi,4) 8048492: 83 c7 01 add $0x1,%edi 8048495: 39 f7 cmp %esi,%edi 8048497: 75 df jne 8048478 <__libc_csu_init+0x38> 8048499: 83 c4 1c add $0x1c,%esp 804849c: 5b pop %ebx 804849d: 5e pop %esi 804849e: 5f pop %edi 804849f: 5d pop %ebp 80484a0: c3 ret 80484a1: eb 0d jmp 80484b0 <__libc_csu_fini> 80484a3: 90 nop 80484a4: 90 nop 80484a5: 90 nop 80484a6: 90 nop 80484a7: 90 nop 80484a8: 90 nop 80484a9: 90 nop 80484aa: 90 nop 80484ab: 90 nop 80484ac: 90 nop 80484ad: 90 nop 80484ae: 90 nop 80484af: 90 nop

080484b0 <__libc_csu_fini>: 80484b0: f3 c3 repz ret 80484b2: 66 90 xchg %ax,%ax

Disassembly of section .fini:

080484b4 <_fini>: 80484b4: 53 push %ebx 80484b5: 83 ec 08 sub $0x8,%esp 80484b8: e8 63 fe ff ff call 8048320 <__x86.get_pc_thunk.bx> 80484bd: 81 c3 43 1b 00 00 add $0x1b43,%ebx 80484c3: 83 c4 08 add $0x8,%esp 80484c6: 5b pop %ebx 80484c7: c3 ret

Use Linux executable reverseEngineering3 for this question (see the Useful Files area of the Course Content for where to find the file). Run the file using gdb.

This code places the value 0xABCD into register ESI. After putting that value into ESI, the code puts 3 more values into ESI. Those values are:

Question 3 options:

5, 6, 7

5, 8, 9

5, 8, 13

5, 10, 15