ipp ipp - 1 month ago 17
C Question

How to find format of sscanf input assembly

Im trying to figure out what format sscanf function is asking for in assembly. I think it wants two inputs but im not sure if those should be both decimal or string etc.

Ive tried x/s and x/d 0x400c30 but i got \377%z4. Where can i look so it says %d or %s etc? Thanks in advance!

Dump of assembler code for function phase_4:
0x000000000040101e <+0>: sub $0x18,%rsp
0x0000000000401022 <+4>: lea 0xc(%rsp),%rcx
0x0000000000401027 <+9>: lea 0x8(%rsp),%rdx
0x000000000040102c <+14>: mov $0x4027cd,%esi
0x0000000000401031 <+19>: mov $0x0,%eax
0x0000000000401036 <+24>: callq 0x400c30 <__isoc99_sscanf@plt> //???
0x000000000040103b <+29>: cmp $0x2,%eax
0x000000000040103e <+32>: jne 0x40104c <phase_4+46>
0x0000000000401040 <+34>: mov 0xc(%rsp),%eax
0x0000000000401044 <+38>: sub $0x2,%eax
0x0000000000401047 <+41>: cmp $0x2,%eax
0x000000000040104a <+44>: jbe 0x401051 <phase_4+51>
0x000000000040104c <+46>: callq 0x401554 <explode_bomb>
0x0000000000401051 <+51>: mov 0xc(%rsp),%esi
0x0000000000401055 <+55>: mov $0x7,%edi
0x000000000040105a <+60>: callq 0x400fe6 <func4>
0x000000000040105f <+65>: cmp 0x8(%rsp),%eax
0x0000000000401063 <+69>: je 0x40106a <phase_4+76>
0x0000000000401065 <+71>: callq 0x401554 <explode_bomb>
0x000000000040106a <+76>: add $0x18,%rsp
0x000000000040106e <+80>: retq

Answer

I'm assuming x86 here. The AT&T syntax is unfamiliar to me, but sscanf's second argument, the format string, goes in the rsi register. The string you're looking for, seems to reside at address 4027cd.

0x000000000040102c <+14>:    mov    $0x4027cd,%esi
0x0000000000401031 <+19>:    mov    $0x0,%eax
0x0000000000401036 <+24>:    callq  0x400c30 <__isoc99_sscanf@plt> //???

Try to examine that address instead

Comments