3

I have an assignment and I tried solving it. However I can't seem to solve it, despite double checking everything and investing multiple hours.

My task is to reverse engineer the following functions to high-level C-code and determine the return value of f(1,2,3).

Given Task: Task image

This is my approach:

My approach image

The problem:

f(1,2,3) can not be determined, because line 6 in function f results in a jump to loc_56C, where g(2,3) is called. In line 14 push dword ptr [ebp+0Ch] is used, however only 2 parameter are supplied for function g at line 16 (8 Byte), meaning we do not know what lies on that memory location (12 Byte above base pointer). As a result, the return value can not be determined.

Is it true, that f(1,2,3) can not be determined?

Viktor
  • 461
  • 1
  • 3
  • 19
Fluctuation23
  • 51
  • 1
  • call puts something on the stack too... – Paweł Łukasik May 09 '21 at 19:36
  • maybe think like what will ebp+8 be when f is called like f(1,2,3) and on what condition g() would be called ? or may be cheat for the sake of learning put this in an assembly file assemble and singlestep :) – blabb May 09 '21 at 20:02

1 Answers1

3

The control flow of the above program goes in following order main -> f -> g -> f -> main

main calls f with 1,2,3.

stack----
3
2
1
ret
ebp

Notice the push instructions and calling convention. function f checks whether 1 == 0 (ebp - 8). The answer is no. So, it calls function g. This is the major hint for you. I am sure you will be able to figure rest of it :-)

Viktor
  • 461
  • 1
  • 3
  • 19
R4444
  • 1,807
  • 10
  • 30