Download presentation
Presentation is loading. Please wait.
Published byTyler Blake Modified over 9 years ago
2
OUTLINE 2 Pre-requisite Bomb!
3
Pre-requisite Bomb! 3
4
GNU Tools GDB (Gnu DeBugger) Start your program Stop on special conditions Exams what has happened Change thing in your program 4
5
GNU Tools GDB (Gnu DeBugger) Commands gdb break FUNC | *ADDR run print $REG | ADDR continue | stepi | nexti quit 5 Reference http://beej.us/guide/bggdb/ http://csapp.cs.cmu.edu/3e/docs/gdbnotes-x86-64.pdf
6
GNU Tools OBJDUMP (OBJect-file DUMP) Display information from object files Disassemble object file Show file headers Show symbol table ... Commands objdump –d | -D 6
7
0804849c : 804849c:55 push %ebp 804849d:89 e5 mov %esp,%ebp 804849f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c7 04 24 90 85 04 08 movl $0x8048590,(%esp) 80484ac:e8 af fe ff ff call 8048360 80484b1:c7 04 24 b4 85 04 08 movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call 8048350 80484bd:8d 44 24 1c lea 0x1c(%esp),%eax 80484c1:89 44 24 04 mov %eax,0x4(%esp) 80484c5:c7 04 24 b9 85 04 08 movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call 8048390 80484d1:8b 44 24 1c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e8 80484da:c7 04 24 bc 85 04 08 movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call 8048360 80484e6:eb 0c jmp 80484f4 80484e8:c7 04 24 c7 85 04 08 movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call 8048360 80484f4:c9 leave 80484f5:c3 ret
8
GNU Tools Install GNU Tools apt-get install build-essential apt-get install gdb 8
9
Pre-requisite Bomb! Binary Bomb Defuse Bomb Using GDB 9
10
Bomb Defuse Bomb What is Bomb ? Only a binary file What should you do ? Find the key and defuse the bomb ! What can you use ? Anything from ICS course Any tools Right key Survive Wrong key Bomb ! gdb strings calculator pencilpaper objdump
11
Please See Carefully ! A binary bomb Need a password to defuse it Demo $./bomb key: bomb!!! :( $ $./bomb input password: Survive :) 224 108 Demo
13
Pre-requisite Bomb! Binary Bomb Defuse Bomb Using GDB 13
14
Step by Step Machine Code to Assembly Code objdump -D bomb > asm NAME objdump - display information from object files. objdump - display information from object files.SYNOPSIS objdump [-d|--disassemble] objdump [-d|--disassemble] [-D|--disassemble-all] [-D|--disassemble-all]......
15
0804849c : 804849c:55 push %ebp 804849d:89 e5 mov %esp,%ebp 804849f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c7 04 24 90 85 04 08 movl $0x8048590,(%esp) 80484ac:e8 af fe ff ff call 8048360 80484b1:c7 04 24 b4 85 04 08 movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call 8048350 80484bd:8d 44 24 1c lea 0x1c(%esp),%eax 80484c1:89 44 24 04 mov %eax,0x4(%esp) 80484c5:c7 04 24 b9 85 04 08 movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call 8048390 80484d1:8b 44 24 1c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e8 80484da:c7 04 24 bc 85 04 08 movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call 8048360 80484e6:eb 0c jmp 80484f4 80484e8:c7 04 24 c7 85 04 08 movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call 8048360 80484f4:c9 leave 80484f5:c3 ret
16
0804849c : 804849c:55 push %ebp 804849d:89 e5 mov %esp,%ebp 804849f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c7 04 24 90 85 04 08 movl $0x8048590,(%esp) 80484ac:e8 af fe ff ff call 8048360 80484b1:c7 04 24 b4 85 04 08 movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call 8048350 80484bd:8d 44 24 1c lea 0x1c(%esp),%eax 80484c1:89 44 24 04 mov %eax,0x4(%esp) 80484c5:c7 04 24 b9 85 04 08 movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call 8048390 80484d1:8b 44 24 1c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e8 80484da:c7 04 24 bc 85 04 08 movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call 8048360 80484e6:eb 0c jmp 80484f4 80484e8:c7 04 24 c7 85 04 08 movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call 8048360 80484f4:c9 leave 80484f5:c3 ret
17
Step by Step Find key functions and parameters scanf: scanf: where does the password store ? printf: printf: which the instruction will print “bomb” ?
18
0804849c : 804849c:55 push %ebp 804849d:89 e5 mov %esp,%ebp 804849f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c7 04 24 90 85 04 08 movl $0x8048590,(%esp) 80484ac:e8 af fe ff ff call 8048360 80484b1:c7 04 24 b4 85 04 08 movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call 8048350 80484bd:8d 44 24 1c lea 0x1c(%esp),%eax 80484c1:89 44 24 04 mov %eax,0x4(%esp) 80484c5:c7 04 24 b9 85 04 08 movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call 8048390 80484d1:8b 44 24 1c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e8 80484da:c7 04 24 bc 85 04 08 movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call 8048360 80484e6:eb 0c jmp 80484f4 80484e8:c7 04 24 c7 85 04 08 movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call 8048360 80484f4:c9 leave 80484f5:c3 ret
19
0804849c : 804849c:55 push %ebp 804849d:89 e5 mov %esp,%ebp 804849f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c7 04 24 90 85 04 08 movl $0x8048590,(%esp) 80484ac:e8 af fe ff ff call 8048360 80484b1:c7 04 24 b4 85 04 08 movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call 8048350 80484bd:8d 44 24 1c lea 0x1c(%esp),%eax 80484c1:89 44 24 04 mov %eax,0x4(%esp) 80484c5:c7 04 24 b9 85 04 08 movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call 8048390 80484d1:8b 44 24 1c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e8 80484da:c7 04 24 bc 85 04 08 movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call 8048360 80484e6:eb 0c jmp 80484f4 80484e8:c7 04 24 c7 85 04 08 movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call 8048360 80484f4:c9 leave 80484f5:c3 ret
20
0804849c : 804849c:55 push %ebp 804849d:89 e5 mov %esp,%ebp 804849f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c7 04 24 90 85 04 08 movl $0x8048590,(%esp) 80484ac:e8 af fe ff ff call 8048360 80484b1:c7 04 24 b4 85 04 08 movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call 8048350 80484bd:8d 44 24 1c lea 0x1c(%esp),%eax 80484c1:89 44 24 04 mov %eax,0x4(%esp) 80484c5:c7 04 24 b9 85 04 08 movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call 8048390 80484d1:8b 44 24 1c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e8 80484da:c7 04 24 bc 85 04 08 movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call 8048360 80484e6:eb 0c jmp 80484f4 80484e8:c7 04 24 c7 85 04 08 movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call 8048360 80484f4:c9 leave 80484f5:c3 ret
21
0804849c : 804849c:55 push %ebp 804849d:89 e5 mov %esp,%ebp 804849f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c7 04 24 90 85 04 08 movl $0x8048590,(%esp) 80484ac:e8 af fe ff ff call 8048360 80484b1:c7 04 24 b4 85 04 08 movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call 8048350 80484bd:8d 44 24 1c lea 0x1c(%esp),%eax 80484c1:89 44 24 04 mov %eax,0x4(%esp) 80484c5:c7 04 24 b9 85 04 08 movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call 8048390 80484d1:8b 44 24 1c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e8 80484da:c7 04 24 bc 85 04 08 movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call 8048360 80484e6:eb 0c jmp 80484f4 80484e8:c7 04 24 c7 85 04 08 movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call 8048360 80484f4:c9 leave 80484f5:c3 ret
22
0804849c : 804849c:55 push %ebp 804849d:89 e5 mov %esp,%ebp 804849f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c7 04 24 90 85 04 08 movl $0x8048590,(%esp) 80484ac:e8 af fe ff ff call 8048360 80484b1:c7 04 24 b4 85 04 08 movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call 8048350 80484bd:8d 44 24 1c lea 0x1c(%esp),%eax 80484c1:89 44 24 04 mov %eax,0x4(%esp) 80484c5:c7 04 24 b9 85 04 08 movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call 8048390 80484d1:8b 44 24 1c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e8 80484da:c7 04 24 bc 85 04 08 movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call 8048360 80484e6:eb 0c jmp 80484f4 80484e8:c7 04 24 c7 85 04 08 movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call 8048360 80484f4:c9 leave 80484f5:c3 ret
23
Step by Step Find key functions and parameters scanf: scanf: where does the password store ? printf: printf: which the instruction will print “bomb” ? Find key strings bombsurvivekey “ bomb ”, “ survive ” and “ key ”
24
0804849c : 804849c:55 push %ebp 804849d:89 e5 mov %esp,%ebp 804849f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c7 04 24 90 85 04 08 movl $0x8048590,(%esp) 80484ac:e8 af fe ff ff call 8048360 80484b1:c7 04 24 b4 85 04 08 movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call 8048350 80484bd:8d 44 24 1c lea 0x1c(%esp),%eax 80484c1:89 44 24 04 mov %eax,0x4(%esp) 80484c5:c7 04 24 b9 85 04 08 movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call 8048390 80484d1:8b 44 24 1c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e8 80484da:c7 04 24 bc 85 04 08 movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call 8048360 80484e6:eb 0c jmp 80484f4 80484e8:c7 04 24 c7 85 04 08 movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call 8048360 80484f4:c9 leave 80484f5:c3 ret
25
... 80485b4:4b 65 79 80485b7:3a 00 cmp (%eax),%al 80485b9:25 64 00 53 75 …… 80485be:72 76 80485c0:69 76 65 20 3a 29 00 80485c7:42 80485c8:6f 80485c9:6d 80485ca:62 21 80485cc:21 21 80485ce:20 3a 80485d0:28 00... yeK Su rv i ve B o m b
26
0804849c : 804849c:55 push %ebp 804849d:89 e5 mov %esp,%ebp 804849f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c7 04 24 90 85 04 08 movl $0x8048590,(%esp) 80484ac:e8 af fe ff ff call 8048360 80484b1:c7 04 24 b4 85 04 08 movl $0x80485b4,(%esp) 80484b8:e8 93 fe ff ff call 8048350 80484bd:8d 44 24 1c lea 0x1c(%esp),%eax 80484c1:89 44 24 04 mov %eax,0x4(%esp) 80484c5:c7 04 24 b9 85 04 08 movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call 8048390 80484d1:8b 44 24 1c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e8 80484da:c7 04 24 bc 85 04 08 movl $0x80485bc,(%esp) 80484e1:e8 7a fe ff ff call 8048360 80484e6:eb 0c jmp 80484f4 80484e8:c7 04 24 c7 85 04 08 movl $0x80485c7,(%esp) 80484ef:e8 6c fe ff ff call 8048360 80484f4:c9 leave 80484f5:c3 ret
27
0804849c : 804849c:55 push %ebp 804849d:89 e5 mov %esp,%ebp 804849f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c7 04 24 90 85 04 08 movl $0x8048590,(%esp) 80484ac:e8 af fe ff ff call 8048360 80484b1:c7 04 24 b4 85 04 08 movl Key,(%esp) 80484b8:e8 93 fe ff ff call 8048350 80484bd:8d 44 24 1c lea 0x1c(%esp),%eax 80484c1:89 44 24 04 mov %eax,0x4(%esp) 80484c5:c7 04 24 b9 85 04 08 movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call 8048390 80484d1:8b 44 24 1c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e8 80484da:c7 04 24 bc 85 04 08 movl survive :),(%esp) 80484e1:e8 7a fe ff ff call 8048360 80484e6:eb 0c jmp 80484f4 80484e8:c7 04 24 c7 85 04 08 movl bomb!!! :(,(%esp) 80484ef:e8 6c fe ff ff call 8048360 80484f4:c9 leave 80484f5:c3 ret
28
Step by Step Find key functions and parameters scanf: scanf: where does the password store ? printf: printf: which the instruction will print “bomb” ? Find key strings bombsurvivekey “ bomb ”, “ survive ” and “ key ” Find key operators jmp jmp, change control flow cmp cmp, how to judgment condition
29
0804849c : 804849c:55 push %ebp 804849d:89 e5 mov %esp,%ebp 804849f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c7 04 24 90 85 04 08 movl $0x8048590,(%esp) 80484ac:e8 af fe ff ff call 8048360 80484b1:c7 04 24 b4 85 04 08 movl Key,(%esp) 80484b8:e8 93 fe ff ff call 8048350 80484bd:8d 44 24 1c lea 0x1c(%esp),%eax 80484c1:89 44 24 04 mov %eax,0x4(%esp) 80484c5:c7 04 24 b9 85 04 08 movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call 8048390 80484d1:8b 44 24 1c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e8 80484da:c7 04 24 bc 85 04 08 movl survive :),(%esp) 80484e1:e8 7a fe ff ff call 8048360 80484e6:eb 0c jmp 80484f4 80484e8:c7 04 24 c7 85 04 08 movl bomb!!! :(,(%esp) 80484ef:e8 6c fe ff ff call 8048360 80484f4:c9 leave 80484f5:c3 ret
30
0804849c : 804849c:55 push %ebp 804849d:89 e5 mov %esp,%ebp 804849f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c7 04 24 90 85 04 08 movl $0x8048590,(%esp) 80484ac:e8 af fe ff ff call 8048360 80484b1:c7 04 24 b4 85 04 08 movl Key,(%esp) 80484b8:e8 93 fe ff ff call 8048350 80484bd:8d 44 24 1c lea 0x1c(%esp),%eax 80484c1:89 44 24 04 mov %eax,0x4(%esp) 80484c5:c7 04 24 b9 85 04 08 movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call 8048390 80484d1:8b 44 24 1c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e8 80484da:c7 04 24 bc 85 04 08 movl survive :),(%esp) 80484e1:e8 7a fe ff ff call 8048360 80484e6:eb 0c jmp 80484f4 80484e8:c7 04 24 c7 85 04 08 movl bomb!!! :(,(%esp) 80484ef:e8 6c fe ff ff call 8048360 80484f4:c9 leave 80484f5:c3 ret
31
0804849c : 804849c:55 push %ebp 804849d:89 e5 mov %esp,%ebp 804849f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c7 04 24 90 85 04 08 movl $0x8048590,(%esp) 80484ac:e8 af fe ff ff call 8048360 80484b1:c7 04 24 b4 85 04 08 movl Key,(%esp) 80484b8:e8 93 fe ff ff call 8048350 80484bd:8d 44 24 1c lea 0x1c(%esp),%eax 80484c1:89 44 24 04 mov %eax,0x4(%esp) 80484c5:c7 04 24 b9 85 04 08 movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call 8048390 80484d1:8b 44 24 1c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e8 80484da:c7 04 24 bc 85 04 08 movl survive :),(%esp) 80484e1:e8 7a fe ff ff call 8048360 80484e6:eb 0c jmp 80484f4 80484e8:c7 04 24 c7 85 04 08 movl bomb!!! :(,(%esp) 80484ef:e8 6c fe ff ff call 8048360 80484f4:c9 leave 80484f5:c3 ret Key
32
Pre-requisite Bomb! Binary Bomb Defuse Bomb Using GDB 32
33
Defuse bomb using GDB set breakpoint on the critical path watch registers and/or memories terminate program on demand single step execution Can we do it more efficiently and safely?
34
Command GDB gdb break FUNC | *ADDR run print $REG | ADDR continue | stepi | nexti quit
35
0804849c : 804849c:55 push %ebp 804849d:89 e5 mov %esp,%ebp 804849f:83 e4 f0 and $0xfffffff0,%esp 80484a2:83 ec 20 sub $0x20,%esp 80484a5:c7 04 24 90 85 04 08 movl $0x8048590,(%esp) 80484ac:e8 af fe ff ff call 8048360 80484b1:c7 04 24 b4 85 04 08 movl Key,(%esp) 80484b8:e8 93 fe ff ff call 8048350 80484bd:8d 44 24 1c lea 0x1c(%esp),%eax 80484c1:89 44 24 04 mov %eax,0x4(%esp) 80484c5:c7 04 24 b9 85 04 08 movl $0x80485b9,(%esp) 80484cc:e8 bf fe ff ff call 8048390 80484d1:8b 44 24 1c mov 0x1c(%esp),%eax 80484d5:83 f8 6c cmp $0x6c,%eax 80484d8:75 0e jne 80484e8 80484da:c7 04 24 bc 85 04 08 movl survive :),(%esp) 80484e1:e8 7a fe ff ff call 8048360 80484e6:eb 0c jmp 80484f4 80484e8:c7 04 24 c7 85 04 08 movl bomb!!! :(,(%esp) 80484ef:e8 6c fe ff ff call 8048360 80484f4:c9 leave 80484f5:c3 ret
36
$gdb mini-bomb (gdb)
37
$gdb mini-bomb (gdb) break *0x80484b8 Breakpoint 1 at 0x80484b8 (gdb) 0x80484b8 “key”
38
$gdb mini-bomb (gdb) break *0x80484b8 Breakpoint 1 at 0x80484b8 (gdb) break *0x80484d5 Breakpoint 2 at 0x80484d5 (gdb) 0x80484b8 “password” 0x80484d5 “compare”
39
$gdb mini-bomb (gdb) break *0x80484b8 Breakpoint 1 at 0x80484b8 (gdb) break *0x80484d5 Breakpoint 2 at 0x80484d5 (gdb) break *0x80484da Breakpoint 3 at 0x80484da (gdb) 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive”
40
$gdb mini-bomb (gdb) break *0x80484b8 Breakpoint 1 at 0x80484b8 (gdb) break *0x80484d5 Breakpoint 2 at 0x80484d5 (gdb) break *0x80484da Breakpoint 3 at 0x80484da (gdb) break *0x80484e8 Breakpoint 4 at 0x80484e8 (gdb) 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”
41
$gdb mini-bomb (gdb) break *0x80484b8 Breakpoint 1 at 0x80484b8 (gdb) break *0x80484d5 Breakpoint 2 at 0x80484d5 (gdb) break *0x80484da Breakpoint 3 at 0x80484da (gdb) break *0x80484e8 Breakpoint 4 at 0x80484e8 (gdb) run Starting program: /home/ics-15/lab2/bomb Breakpoint 1, 0x080484b8 in main () (gdb) 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”
42
$gdb mini-bomb (gdb) break *0x80484b8 Breakpoint 1 at 0x80484b8 (gdb) break *0x80484d5 Breakpoint 2 at 0x80484d5 (gdb) break *0x80484da Breakpoint 3 at 0x80484da (gdb) break *0x80484e8 Breakpoint 4 at 0x80484e8 (gdb) run Starting program: /home/ics-15/lab2/bomb Breakpoint 1, 0x080484b8 in main () (gdb) print/c *0x80485b4 $1 = 75 ‘K' (gdb) 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”
43
$gdb mini-bomb (gdb) break *0x80484b8 Breakpoint 1 at 0x80484b8 (gdb) break *0x80484d5 Breakpoint 2 at 0x80484d5 (gdb) break *0x80484da Breakpoint 3 at 0x80484da (gdb) break *0x80484e8 Breakpoint 4 at 0x80484e8 (gdb) run Starting program: /home/ics-15/lab2/bomb Breakpoint 1, 0x080484b8 in main () (gdb) print/c *0x80485b4 $1 = 75 ‘K' (gdb) print/c *0x80485b5 $2 = 101 ‘e' (gdb) 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”
44
$gdb mini-bomb (gdb) break *0x80484b8 Breakpoint 1 at 0x80484b8 (gdb) break *0x80484d5 Breakpoint 2 at 0x80484d5 (gdb) break *0x80484da Breakpoint 3 at 0x80484da (gdb) break *0x80484e8 Breakpoint 4 at 0x80484e8 (gdb) run Starting program: /home/ics-15/lab2/bomb Breakpoint 1, 0x080484b8 in main () (gdb) print/c *0x80485b4 $1 = 75 ‘K' (gdb) print/c *0x80485b5 $2 = 101 ‘e' (gdb) print/s (char *)0x80485b4 $3 = 0x80485b4 "Key:" 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”
45
(gdb) c Continuing. Key: 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”
46
(gdb) c Continuing. Key:224 Breakpoint 2, 0x080484d5 in main () (gdb) 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”
47
(gdb) c Continuing. Key:224 Breakpoint 2, 0x080484d5 in main () (gdb)print/d $eax $8 = 224 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”
48
(gdb) c Continuing. Key:224 Breakpoint 2, 0x080484d5 in main () (gdb)print/d $eax $8 = 224 (gdb) c Continuing. Breakpoint 4, 0x080484e8 in main () (gdb) 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”
49
(gdb) c Continuing. Key:224 Breakpoint 2, 0x080484d5 in main () (gdb)print/d $eax $8 = 224 (gdb) c Continuing. Breakpoint 4, 0x080484e8 in main () (gdb)q The program is running. Exit anyway? (y or n) y $ 0x80484b8 “password” 0x80484d5 “compare” 0x80484da “survive” 0x80484e8 “bomb”
50
50
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.