Below is an interaction using gdb with final bomb, an executable that is similar to the bomb from homework assignment 6 In final bomb, there is one phase, called p5 footnotesize begin verbatim linux final bomb Welcome to the final exam bomb Type your user id guest Try your hand at phase p5 asodifj BOOM The bomb has blown up P5 is passed one parameter, containing the user's input (e g , asodifj'') Its behavior is dependent on the input and the user ID Here is a disassembly of p5 Notice that the user ID is stored in a global variable, whose address is 0x60104c (gdb) disas p5 Dump of assembler code for function p5 0x00000000004006b0 sub $0x18, rsp 0x00000000004006b4 xor eax, eax 0x00000000004006b6 mov $0x4007e1, esi 0x00000000004006bb lea 0xc( rsp), rdx 0x00000000004006c0 callq 0x400520 0x00000000004006c5 xor eax, eax 0x00000000004006c7 cmpb $0x0,0x20097e( rip) 0x60104c 0x00000000004006ce je 0x4006df 0x00000000004006d0 add $0x1, eax 0x00000000004006d3 movslq eax, rdx 0x00000000004006d6 cmpb $0x0,0x60104c( rdx) 0x00000000004006dd jne 0x4006d0 0x00000000004006df cmp 0xc( rsp), eax 0x00000000004006e3 jne 0x4006ea 0x00000000004006e5 add $0x18, rsp 0x00000000004006e9 retq 0x00000000004006ea xor eax, eax 0x00000000004006ec callq 0x400690 End of assembler dump (gdb) Answer the following, assuming you have reached a breakpoint at p5 16 A The second parameter that is passed to the sscanf is a format string, which determines how sscanf interprets the string that is passed as its first parameter What debugger command will display this format string B p5 passes the address of a local variable as the third parameter to sscanf Give the gdb command that reveals this address C (2 points) Assume that the debugger command in (a) displays d as the format string Given the results of the above, what is the input which will defuse p4 for the guest user ID Explain your answer That was the question whole question given by the teacher I think I know the answers for questions A and B I have x s $esi for A and print x $rdx for B The only part of the question that I can't figure out on my own is C

The Answer is in the image, click to view ...

Question: Below is an interaction using gdb with final_bomb, an executable that is similar to the bomb from homework assignment 6. In final_bomb, there is one

Below is an interaction using gdb with final_bomb, an executable that is similar to the bomb from homework assignment 6. In final_bomb, there is one phase, called p5.

\footnotesize

\begin{verbatim}

linux> ./final_bomb

Welcome to the final exam bomb. Type your user id

guest

Try your hand at phase p5...

asodifj

BOOM!!!

The bomb has blown up.

P5 is passed one parameter, containing the user's input (e.g., ``asodifj'').

Its behavior is dependent on the input and the user ID. Here is a disassembly of p5.

Notice that the user ID is stored in a global variable, whose address is 0x60104c

(gdb) disas p5

Dump of assembler code for function p5:

0x00000000004006b0 <+0>: sub $0x18,%rsp

0x00000000004006b4 <+4>: xor %eax,%eax

0x00000000004006b6 <+6>: mov $0x4007e1,%esi

0x00000000004006bb <+11>: lea 0xc(%rsp),%rdx

0x00000000004006c0 <+16>: callq 0x400520 <__isoc99_sscanf@plt>

0x00000000004006c5 <+21>: xor %eax,%eax

0x00000000004006c7 <+23>: cmpb $0x0,0x20097e(%rip) #0x60104c

0x00000000004006ce <+30>: je 0x4006df

0x00000000004006d0 <+32>: add $0x1,%eax

0x00000000004006d3 <+35>: movslq %eax,%rdx

0x00000000004006d6 <+38>: cmpb $0x0,0x60104c(%rdx)

0x00000000004006dd <+45>: jne 0x4006d0

0x00000000004006df <+47>: cmp 0xc(%rsp),%eax

0x00000000004006e3 <+51>: jne 0x4006ea

0x00000000004006e5 <+53>: add $0x18,%rsp

0x00000000004006e9 <+57>: retq

0x00000000004006ea <+58>: xor %eax,%eax

0x00000000004006ec <+60>: callq 0x400690

End of assembler dump.

(gdb)

Answer the following, assuming you have reached a breakpoint at p5+16..

A. The second parameter that is passed to the sscanf is a format string, which determines how sscanf interprets the string that is passed as its first parameter. What debugger command will display this format string?

B. p5 passes the address of a local variable as the third parameter to sscanf. Give the gdb command that reveals this address.

C. (2 points) Assume that the debugger command in (a) displays %d as the format string. Given the results of the above, what is the input which will defuse p4 for the guest user ID? Explain your answer.

That was the question whole question given by the teacher. I think I know the answers for questions A and B. I have"x/s $esi" for A and print/x $rdx for B. The only part of the question that I can't figure out on my own is C.

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

1 . (12 points total) Below is an annotated session with the Gnu debugger running an executable called problem1. As you can see, the executable contains a function called p1. linux> gdb problem1...

using using theories using theories related using theories related to using theories related to emotional using theories related to emotional labor using theories related to emotional labor and using...

5: Two-Way ANOVA Name: __________________________________ In this assignment, you will: 1. Enter raw data into an SPSS file 2. Conduct a Two-way ANOVA in SPSS 3. Compute effect sizes for any...

Object 1 WebAssign Welcome, jeremy.guillory@grandcanyon (log out) Friday, November 18 2016 03:11 AM MST Home My Assignments Grades Communication Calendar My eBooks My Ebooks Introduction to the...

Fred Smith, aged 38 years, is held involuntarily under the provisions of Mental Health Legislation. He had been referred to his GP when he had begun to miss work (as a town planner), was drinking...

Write a paper off article. The selection of a research design is guided by the study's purpose and research questions and hypotheses, and the design then links the research questions and hypotheses...

1 For each of the following situations, give the degrees of freedom for the group (DFG), for error (DFE), and for the total (DFT). State the null and alternative hypotheses, H0 and Ha, and give the...

Assignment: For each part, you must submit a SEPARATE set of client/server files, as required, even if it means repeating some code from previous parts. Part-I: This part demonstrates a simple TCP...

Highlight the global project feasibility assessment and global project risks (threats and opportunities) associated with launching Lipitor globally?

On October 1, Black Company receives a 8% interest-bearing note from Reese Company to settle a $19,000 account receivable. The note is due in 6 months. On December 31, Black should record interest...

Security: Yield ( % ) : Treasury 5 . 2 AAA Corporate 5 . 4 BBB Corporate 5 . 7 B Corporate 6 . 9 The above table shows the yields to maturity on a number of three - year, zero - coupon securities ....

Fill the blanks please :) Question 1: (6 marks) Some have stated that linked lists are much better than arrays, others said that Queues are mostly used than arrays are. If that is always valid, then...

Understand the role of internal marketing and communications.

Know how to motivate and energize service employees so that they will deliver service excellence and productivity.

Know how to integrate teams across departments and functional areas.