OUTLINE 2 Pre-requisite Bomb! Pre-requisite Bomb! 3.

Slides:



Advertisements
Similar presentations
Recitation 4 Outline Buffer overflow –Practical skills for Lab 3 Code optimization –Strength reduction –Common sub-expression –Loop unrolling Reminders.
Advertisements

Recitation 4: 09/30/02 Outline The Stack! Essential skill for Lab 3 –Out-of-bound array access –Put your code on the stack Annie Luo
Gnu Debugger (GDB) Topics Overview Quick Reference Card Readings: Quick Reference Card February 7, 2012 CSCE 212Honors Computer Organization.
The art of exploitation
Recitation 8 – 3/25/02 Outline Dynamic Linking Review prior test questions 213 Course Staff Office Hours: See Posting.
1 IKI10230 Pengantar Organisasi Komputer Kuliah no. 09: Compiling-Assembling-Linking Sumber: 1. Paul Carter, PC Assembly Language 2. Hamacher. Computer.
Debugging What can debuggers do? Run programs Make the program stops on specified places or on specified conditions Give information about current variables’
1 Assemblers and Linkers Professor Jennifer Rexford
UBC104 Embedded Systems Functions & Pointers.
Computer Architecture and Assembly Languages Course’s web site: Teaching Assistant: Or Peri Office Hours: Thursday 37/-108.
1 Assemblers and Linkers. 2 Goals for this Lecture Help you to learn about: The assembly process IA-32 machine language Why? Machine language is the last.
C Prog. To Object Code text text binary binary Code in files p1.c p2.c
Memory & Storage Architecture Seoul National University Computer Architecture “ Bomb Lab Hints” 2nd semester, 2014 Modified version : The original.
Attacks Using Stack Buffer Overflow Boxuan Gu
Recitation 2: Assembly & gdb Andrew Faulring Section A 16 September 2002.
Recitation: Bomb Lab June 5, 2015 Dipayan Bhattacharya.
Gdb is the GNU debugger on our CS machines. gdb is most effective when it is debugging a program that has debugging symbols linked in to it. With gcc and.
Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Practical Session 4. Labels Definition - advanced label: (pseudo) instruction operands ; comment valid characters in labels are: letters, numbers, _,
Goals: To gain an understanding of assembly To get your hands dirty in GDB.
Paradyn Project Petascale Tools Workshop Madison, Wisconsin Aug 4-Aug 7, 2014 Binary Code is Not Easy Xiaozhu Meng, Emily Gember-Jacobson, and Bill Williams.
Recitation 4: The Stack & Lab3 Andrew Faulring Section A 30 September 2002.
Introduction to Information Security מרצים : Dr. Eran Tromer: Prof. Avishai Wool: מתרגלים : Itamar Gilad
1 #include void silly(){ char s[30]; gets(s); printf("%s\n",s); } main(){ silly(); return 0; }
Recitation 6 – 2/26/01 Outline Linking Exam Review –Topics Covered –Your Questions Shaheen Gandhi Office Hours: Wednesday.
Recitation 2: Outline Assembly programming Using gdb L2 practice stuff Minglong Shao Office hours: Thursdays 5-6PM Wean Hall.
Carnegie Mellon Recitation: Bomb Lab 21 Sep 2015 Monil Shah, Shelton D’Souza.
Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Machine-Level Programming 3 Control Flow Topics Control Flow Switch Statements Jump Tables.
Lec 4Systems Architecture1 Systems Architecture Lecture 4: Compilers, Assemblers, Linkers & Loaders Jeremy R. Johnson Anatole D. Ruslanov William M. Mongan.
Part II Let’s make it real Memory Layout of a Process.
ELF binary # readelf -a foo.out ELF Header:
Assembly and Bomb Lab : Introduction to Computer Systems Recitation 4: Monday, Sept. 16, 2013 Marjorie Carlson Section A.
1 Carnegie Mellon Assembly and Bomb Lab : Introduction to Computer Systems Recitation 4, Sept. 17, 2012.
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 12-14, 2010 Binary Concolic Execution for Automatic Exploit Generation Todd Frederick.
1 Assemblers and Linkers Jennifer Rexford. 2 Goals for this Lecture Machine language The last stop on the “language levels” tour IA-32 machine language.
Bits and Bytes September 1, F’05 class02.ppt “The Class That Gives CMU Its Zip!”
1 Linking. 2 Outline Symbol Resolution Relocation Suggested reading: 7.6~7.7.
GDB Introduction And Lab 2
Gnu Debugger (GDB) Topics Overview Quick Reference Card Readings: Quick Reference Card February 4, 2010 CSCE 212Honors Computer Organization.
Recitation 3: Procedures and the Stack
Instruction Set Architecture
Recitation 5: Attack Lab
Static and dynamic analysis of binaries
Recitation: Bomb Lab _______________ 18 Sep 2017.
Dynamic Analysis ddaa.
Computer Architecture and Assembly Language
CSCE 212Honors Computer Organization
Debugging with gdb gdb is the GNU debugger on our CS machines.
Recitation: Bomb Lab _______________ 06 Feb 2017.
143A: Principles of Operating Systems Lecture 8: Basic Architecture of a Program Anton Burtsev October, 2017.
Introduction to Computer Systems
Machine-Level Programming 1 Introduction
Computer Architecture “Bomb Lab Hints”
Computer Architecture and Assembly Language
C Prog. To Object Code text text binary binary Code in files p1.c p2.c
Getting Started Download the tarball for this session. It will include the following files: driver 64-bit executable driver.c C driver source bomb.h declaration.
Assembly Language Programming II: C Compiler Calling Sequences
Machine Level Representation of Programs (IV)
Machine-Level Programming: Introduction
Getting Started Download the tarball for this session. It will include the following files: driver 64-bit executable driver.c C driver source bomb.h declaration.
Jeremy R. Johnson Anatole D. Ruslanov William M. Mongan
System Level Programming Software College of SCU
Machine-Level Programming I: Basics Comp 21000: Introduction to Computer Organization & Systems Instructor: John Barr * Modified slides from the book.
CSCE 212Honors Computer Organization
Getting Started Download the tarball for this session. It will include the following files: driver 64-bit executable driver.c C driver source bomb.h declaration.
Computer Architecture and System Programming Laboratory
Computer Architecture and System Programming Laboratory
Computer Architecture and System Programming Laboratory
Recitation: Bomb Lab Your TAs September 16th 2019.
Presentation transcript:

OUTLINE 2 Pre-requisite Bomb!

Pre-requisite Bomb! 3

GNU Tools  GDB (Gnu DeBugger)  Start your program  Stop on special conditions  Exams what has happened  Change thing in your program 4

GNU Tools  GDB (Gnu DeBugger)  Commands  gdb  break FUNC | *ADDR  run  print $REG | ADDR  continue | stepi | nexti  quit 5 Reference

GNU Tools  OBJDUMP (OBJect-file DUMP)  Display information from object files  Disassemble object file  Show file headers  Show symbol table ...  Commands  objdump –d | -D 6

c : c:55 push %ebp d:89 e5 mov %esp,%ebp f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c movl $0x ,(%esp) 80484ac:e8 af fe ff ff call b1:c b movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call bd:8d c lea 0x1c(%esp),%eax 80484c1: mov %eax,0x4(%esp) 80484c5:c b movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call d1:8b c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e da:c bc movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call e6:eb 0c jmp 80484f e8:c c movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call f4:c9 leave 80484f5:c3 ret

GNU Tools  Install GNU Tools  apt-get install build-essential  apt-get install gdb 8

Pre-requisite Bomb!  Binary Bomb Defuse Bomb Using GDB 9

Bomb Defuse Bomb  What is Bomb ?  Only a binary file  What should you do ?  Find the key and defuse the bomb !  What can you use ?  Anything from ICS course  Any tools Right key Survive Wrong key Bomb ! gdb strings calculator pencilpaper objdump

 Please See Carefully !  A binary bomb  Need a password to defuse it  Demo $./bomb key: bomb!!! :( $ $./bomb input password: Survive :) Demo

Pre-requisite Bomb! Binary Bomb  Defuse Bomb Using GDB 13

Step by Step  Machine Code to Assembly Code  objdump -D bomb > asm NAME objdump - display information from object files. objdump - display information from object files.SYNOPSIS objdump [-d|--disassemble] objdump [-d|--disassemble] [-D|--disassemble-all] [-D|--disassemble-all]......

c : c:55 push %ebp d:89 e5 mov %esp,%ebp f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c movl $0x ,(%esp) 80484ac:e8 af fe ff ff call b1:c b movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call bd:8d c lea 0x1c(%esp),%eax 80484c1: mov %eax,0x4(%esp) 80484c5:c b movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call d1:8b c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e da:c bc movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call e6:eb 0c jmp 80484f e8:c c movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call f4:c9 leave 80484f5:c3 ret

c : c:55 push %ebp d:89 e5 mov %esp,%ebp f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c movl $0x ,(%esp) 80484ac:e8 af fe ff ff call b1:c b movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call bd:8d c lea 0x1c(%esp),%eax 80484c1: mov %eax,0x4(%esp) 80484c5:c b movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call d1:8b c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e da:c bc movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call e6:eb 0c jmp 80484f e8:c c movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call f4:c9 leave 80484f5:c3 ret

Step by Step  Find key functions and parameters  scanf:  scanf: where does the password store ?  printf:  printf: which the instruction will print “bomb” ?

c : c:55 push %ebp d:89 e5 mov %esp,%ebp f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c movl $0x ,(%esp) 80484ac:e8 af fe ff ff call b1:c b movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call bd:8d c lea 0x1c(%esp),%eax 80484c1: mov %eax,0x4(%esp) 80484c5:c b movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call d1:8b c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e da:c bc movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call e6:eb 0c jmp 80484f e8:c c movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call f4:c9 leave 80484f5:c3 ret

c : c:55 push %ebp d:89 e5 mov %esp,%ebp f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c movl $0x ,(%esp) 80484ac:e8 af fe ff ff call b1:c b movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call bd:8d c lea 0x1c(%esp),%eax 80484c1: mov %eax,0x4(%esp) 80484c5:c b movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call d1:8b c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e da:c bc movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call e6:eb 0c jmp 80484f e8:c c movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call f4:c9 leave 80484f5:c3 ret

c : c:55 push %ebp d:89 e5 mov %esp,%ebp f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c movl $0x ,(%esp) 80484ac:e8 af fe ff ff call b1:c b movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call bd:8d c lea 0x1c(%esp),%eax 80484c1: mov %eax,0x4(%esp) 80484c5:c b movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call d1:8b c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e da:c bc movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call e6:eb 0c jmp 80484f e8:c c movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call f4:c9 leave 80484f5:c3 ret

c : c:55 push %ebp d:89 e5 mov %esp,%ebp f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c movl $0x ,(%esp) 80484ac:e8 af fe ff ff call b1:c b movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call bd:8d c lea 0x1c(%esp),%eax 80484c1: mov %eax,0x4(%esp) 80484c5:c b movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call d1:8b c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e da:c bc movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call e6:eb 0c jmp 80484f e8:c c movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call f4:c9 leave 80484f5:c3 ret

c : c:55 push %ebp d:89 e5 mov %esp,%ebp f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c movl $0x ,(%esp) 80484ac:e8 af fe ff ff call b1:c b movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call bd:8d c lea 0x1c(%esp),%eax 80484c1: mov %eax,0x4(%esp) 80484c5:c b movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call d1:8b c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e da:c bc movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call e6:eb 0c jmp 80484f e8:c c movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call f4:c9 leave 80484f5:c3 ret

Step by Step  Find key functions and parameters  scanf:  scanf: where does the password store ?  printf:  printf: which the instruction will print “bomb” ?  Find key strings bombsurvivekey  “ bomb ”, “ survive ” and “ key ”

c : c:55 push %ebp d:89 e5 mov %esp,%ebp f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c movl $0x ,(%esp) 80484ac:e8 af fe ff ff call b1:c b movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call bd:8d c lea 0x1c(%esp),%eax 80484c1: mov %eax,0x4(%esp) 80484c5:c b movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call d1:8b c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e da:c bc movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call e6:eb 0c jmp 80484f e8:c c movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call f4:c9 leave 80484f5:c3 ret

b4:4b b7:3a 00 cmp (%eax),%al 80485b9: …… 80485be: c0: a c7: c8:6f 80485c9:6d 80485ca: cc: ce:20 3a 80485d0: yeK Su rv i ve B o m b

c : c:55 push %ebp d:89 e5 mov %esp,%ebp f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c movl $0x ,(%esp) 80484ac:e8 af fe ff ff call b1:c b movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call bd:8d c lea 0x1c(%esp),%eax 80484c1: mov %eax,0x4(%esp) 80484c5:c b movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call d1:8b c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e da:c bc movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call e6:eb 0c jmp 80484f e8:c c movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call f4:c9 leave 80484f5:c3 ret

c : c:55 push %ebp d:89 e5 mov %esp,%ebp f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c movl $0x ,(%esp) 80484ac:e8 af fe ff ff call b1:c b movl Key,(%esp) 80484b8:e8 93 fe ff ff call bd:8d c lea 0x1c(%esp),%eax 80484c1: mov %eax,0x4(%esp) 80484c5:c b movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call d1:8b c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e da:c bc movl survive :),(%esp) 80484e1:e8 7a fe ff ff call e6:eb 0c jmp 80484f e8:c c movl bomb!!! :(,(%esp) 80484ef:e8 6c fe ff ff call f4:c9 leave 80484f5:c3 ret

Step by Step  Find key functions and parameters  scanf:  scanf: where does the password store ?  printf:  printf: which the instruction will print “bomb” ?  Find key strings bombsurvivekey  “ bomb ”, “ survive ” and “ key ”  Find key operators  jmp  jmp, change control flow  cmp  cmp, how to judgment condition

c : c:55 push %ebp d:89 e5 mov %esp,%ebp f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c movl $0x ,(%esp) 80484ac:e8 af fe ff ff call b1:c b movl Key,(%esp) 80484b8:e8 93 fe ff ff call bd:8d c lea 0x1c(%esp),%eax 80484c1: mov %eax,0x4(%esp) 80484c5:c b movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call d1:8b c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e da:c bc movl survive :),(%esp) 80484e1:e8 7a fe ff ff call e6:eb 0c jmp 80484f e8:c c movl bomb!!! :(,(%esp) 80484ef:e8 6c fe ff ff call f4:c9 leave 80484f5:c3 ret

c : c:55 push %ebp d:89 e5 mov %esp,%ebp f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c movl $0x ,(%esp) 80484ac:e8 af fe ff ff call b1:c b movl Key,(%esp) 80484b8:e8 93 fe ff ff call bd:8d c lea 0x1c(%esp),%eax 80484c1: mov %eax,0x4(%esp) 80484c5:c b movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call d1:8b c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e da:c bc movl survive :),(%esp) 80484e1:e8 7a fe ff ff call e6:eb 0c jmp 80484f e8:c c movl bomb!!! :(,(%esp) 80484ef:e8 6c fe ff ff call f4:c9 leave 80484f5:c3 ret

c : c:55 push %ebp d:89 e5 mov %esp,%ebp f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c movl $0x ,(%esp) 80484ac:e8 af fe ff ff call b1:c b movl Key,(%esp) 80484b8:e8 93 fe ff ff call bd:8d c lea 0x1c(%esp),%eax 80484c1: mov %eax,0x4(%esp) 80484c5:c b movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call d1:8b c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e da:c bc movl survive :),(%esp) 80484e1:e8 7a fe ff ff call e6:eb 0c jmp 80484f e8:c c movl bomb!!! :(,(%esp) 80484ef:e8 6c fe ff ff call f4:c9 leave 80484f5:c3 ret Key

Pre-requisite Bomb! Binary Bomb Defuse Bomb  Using GDB 32

 Defuse bomb using GDB  set breakpoint on the critical path  watch registers and/or memories  terminate program on demand  single step execution Can we do it more efficiently and safely?

Command  GDB  gdb  break FUNC | *ADDR  run  print $REG | ADDR  continue | stepi | nexti  quit

c : c:55 push %ebp d:89 e5 mov %esp,%ebp f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c movl $0x ,(%esp) 80484ac:e8 af fe ff ff call b1:c b movl Key,(%esp) 80484b8:e8 93 fe ff ff call bd:8d c lea 0x1c(%esp),%eax 80484c1: mov %eax,0x4(%esp) 80484c5:c b movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call d1:8b c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e da:c bc movl survive :),(%esp) 80484e1:e8 7a fe ff ff call e6:eb 0c jmp 80484f e8:c c movl bomb!!! :(,(%esp) 80484ef:e8 6c fe ff ff call f4:c9 leave 80484f5:c3 ret

$gdb mini-bomb (gdb)

$gdb mini-bomb (gdb) break *0x80484b8 Breakpoint 1 at 0x80484b8 (gdb) 0x80484b8 “key”

$gdb mini-bomb (gdb) break *0x80484b8 Breakpoint 1 at 0x80484b8 (gdb) break *0x80484d5 Breakpoint 2 at 0x80484d5 (gdb) 0x80484b8 “password” 0x80484d5 “compare”

$gdb mini-bomb (gdb) break *0x80484b8 Breakpoint 1 at 0x80484b8 (gdb) break *0x80484d5 Breakpoint 2 at 0x80484d5 (gdb) break *0x80484da Breakpoint 3 at 0x80484da (gdb) 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive”

$gdb mini-bomb (gdb) break *0x80484b8 Breakpoint 1 at 0x80484b8 (gdb) break *0x80484d5 Breakpoint 2 at 0x80484d5 (gdb) break *0x80484da Breakpoint 3 at 0x80484da (gdb) break *0x80484e8 Breakpoint 4 at 0x80484e8 (gdb) 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”

$gdb mini-bomb (gdb) break *0x80484b8 Breakpoint 1 at 0x80484b8 (gdb) break *0x80484d5 Breakpoint 2 at 0x80484d5 (gdb) break *0x80484da Breakpoint 3 at 0x80484da (gdb) break *0x80484e8 Breakpoint 4 at 0x80484e8 (gdb) run Starting program: /home/ics-15/lab2/bomb Breakpoint 1, 0x080484b8 in main () (gdb) 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”

$gdb mini-bomb (gdb) break *0x80484b8 Breakpoint 1 at 0x80484b8 (gdb) break *0x80484d5 Breakpoint 2 at 0x80484d5 (gdb) break *0x80484da Breakpoint 3 at 0x80484da (gdb) break *0x80484e8 Breakpoint 4 at 0x80484e8 (gdb) run Starting program: /home/ics-15/lab2/bomb Breakpoint 1, 0x080484b8 in main () (gdb) print/c *0x80485b4 $1 = 75 ‘K' (gdb) 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”

$gdb mini-bomb (gdb) break *0x80484b8 Breakpoint 1 at 0x80484b8 (gdb) break *0x80484d5 Breakpoint 2 at 0x80484d5 (gdb) break *0x80484da Breakpoint 3 at 0x80484da (gdb) break *0x80484e8 Breakpoint 4 at 0x80484e8 (gdb) run Starting program: /home/ics-15/lab2/bomb Breakpoint 1, 0x080484b8 in main () (gdb) print/c *0x80485b4 $1 = 75 ‘K' (gdb) print/c *0x80485b5 $2 = 101 ‘e' (gdb) 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”

$gdb mini-bomb (gdb) break *0x80484b8 Breakpoint 1 at 0x80484b8 (gdb) break *0x80484d5 Breakpoint 2 at 0x80484d5 (gdb) break *0x80484da Breakpoint 3 at 0x80484da (gdb) break *0x80484e8 Breakpoint 4 at 0x80484e8 (gdb) run Starting program: /home/ics-15/lab2/bomb Breakpoint 1, 0x080484b8 in main () (gdb) print/c *0x80485b4 $1 = 75 ‘K' (gdb) print/c *0x80485b5 $2 = 101 ‘e' (gdb) print/s (char *)0x80485b4 $3 = 0x80485b4 "Key:" 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”

(gdb) c Continuing. Key: 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”

(gdb) c Continuing. Key:224 Breakpoint 2, 0x080484d5 in main () (gdb) 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”

(gdb) c Continuing. Key:224 Breakpoint 2, 0x080484d5 in main () (gdb)print/d $eax $8 = 224 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”

(gdb) c Continuing. Key:224 Breakpoint 2, 0x080484d5 in main () (gdb)print/d $eax $8 = 224 (gdb) c Continuing. Breakpoint 4, 0x080484e8 in main () (gdb) 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”

(gdb) c Continuing. Key:224 Breakpoint 2, 0x080484d5 in main () (gdb)print/d $eax $8 = 224 (gdb) c Continuing. Breakpoint 4, 0x080484e8 in main () (gdb)q The program is running. Exit anyway? (y or n) y $ 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”

50

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.