NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Microsoft news and tips » NTDebugging Puzzler 0×00000003 (Matrix Edition) Some assembly required.

Mon, 21 Apr 2008 19:00:14 GMT

PingBack from http://microsoftnews.askpcdoc.com/?p=3492

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Skywing — Mon, 21 Apr 2008 21:42:08 GMT

That sucks to read with the opcode bytes indenting things unevenly :( Any chance you could just post the binary itself?

------------------------------------

I've changed the HTML so the spaces should be fixed width. I'd prefer not to share the binary as that could be executed and could give the answer away.

Jeff-

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

C. Watford — Mon, 21 Apr 2008 22:23:13 GMT

Good puzzler, hadn't used my decompiling skills in a while. I guess now the new puzzler is finding input that makes sense after myfun returns!

My solution is on my blog to avoid spoilers.

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Matthieu — Mon, 21 Apr 2008 23:07:30 GMT

void myfun(char *string)

{

int lenString, countLoop, index;

char savedByte;

lenString = strlen(string);

for (countLoop = lenString; countLoop; countLoop--)

{

for(index = 0; index < countLoop; index++)

{

countLoop --;

if (string[index] > string[index + 1])

{

savedByte = string[index];

string[index] = string[index + 1];

string[index + 1] = savedByte;

}

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Mark Steward — Mon, 21 Apr 2008 23:31:37 GMT

It's a cdecl function to bubble sort a string of chars into ascending order. I hope you're avoiding spoilers by moderating comments, so code will follow shortly.

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Mark Steward — Tue, 22 Apr 2008 01:16:22 GMT

The locals are in a different order, but this seems to match...

// Puzzler3.cpp : Defines the entry point for the console application.

#include "Puzzler3.h"

#include <string.h>

#include <stdio.h>

#include <tchar.h>

int _tmain(int argc, _TCHAR* argv[])

{

// Simple test on myfun

char str[] = "Hello there everybody\0";

myfun(str);

printf(str);

return 0;

}

void myfun(char* str)

{

// Stir chars in array

// to their inherent ranking

// like tiny bubbles

int len = strlen(str);

for(int x = len; x > 0; x--)

{

for(int y = 0; y < x - 1; y++)

{

if(str[y] > str[y + 1])

{

char c = str[y];

str[y] = str[y + 1];

str[y + 1] = c;

}

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Infro — Tue, 22 Apr 2008 01:21:46 GMT

Created a C function, hope it isn't too far off. Best Regards, happy reversing!

OurFunction(char* OurString)

{

int StringLength = strlen(OurString);

for(;StringLength > 0; StringLength--)

{

for(int StringLength2 = 0; StringLength - 1 < StringLength2;StringLength++)

{

if(OurString[StringLength2+1] <= OurString[StringLength2]) .continue;

OurString[StringLength2] = OurString[StringLength2+1];

}

20 00cc1480 55 push ebp //OurFunction(Char* Param1)

20 00cc1481 8bec mov ebp,esp //

20 00cc1483 81ecf0000000 sub esp,0F0h //

20 00cc1489 53 push ebx //

20 00cc148a 56 push esi //

20 00cc148b 57 push edi //

20 00cc148c 8dbd10ffffff lea edi,[ebp-0F0h] //

20 00cc1492 b93c000000 mov ecx,3Ch //

20 00cc1497 b8cccccccc mov eax,0CCCCCCCCh //

20 00cc149c f3ab rep stos dword ptr es:[edi] //int OurData[60];

26 00cc149e 8b4508 mov eax,dword ptr [ebp+8] //

26 00cc14a1 50 push eax //

26 00cc14a2 e803fcffff call puzzler3!ILT+165(_strlen) (00cc10aa) //

26 00cc14a7 83c404 add esp,4 //

26 00cc14aa 8945e0 mov dword ptr [ebp-20h],eax //

28 00cc14ad 8b45e0 mov eax,dword ptr [ebp-20h] //

28 00cc14b0 8945f8 mov dword ptr [ebp-8],eax //NeverUsed = StringLength = strlen(param1)

28 00cc14b3 eb09 jmp puzzler3!myfun+0x3e (00cc14be) //

28 00cc14b5 8b45f8 mov eax,dword ptr [ebp-8] //(Loop End)

28 00cc14b8 83e801 sub eax,1 //

28 00cc14bb 8945f8 mov dword ptr [ebp-8],eax //

28 00cc14be 837df800 cmp dword ptr [ebp-8],0 //

28 00cc14c2 7e60 jle puzzler3!myfun+0xa4 (00cc1524) //for(StringLength; StringLength > 0; StringLength--) {

30 00cc14c4 c745ec00000000 mov dword ptr [ebp-14h],0 //

30 00cc14cb eb09 jmp puzzler3!myfun+0x56 (00cc14d6) //

30 00cc14cd 8b45ec mov eax,dword ptr [ebp-14h] //

30 00cc14d0 83c001 add eax,1 //

30 00cc14d3 8945ec mov dword ptr [ebp-14h],eax //

30 00cc14d6 8b45f8 mov eax,dword ptr [ebp-8] //

30 00cc14d9 83e801 sub eax,1 //

30 00cc14dc 3945ec cmp dword ptr [ebp-14h],eax //

30 00cc14df 7d41 jge puzzler3!myfun+0xa2 (00cc1522) //for(StringLength2 = 0; StringLength-1 < StringLength2 ;StringLength2++)

32 00cc14e1 8b4508 mov eax,dword ptr [ebp+8] //

32 00cc14e4 0345ec add eax,dword ptr [ebp-14h] //

32 00cc14e7 0fbe08 movsx ecx,byte ptr [eax] //

32 00cc14ea 8b5508 mov edx,dword ptr [ebp+8] //

32 00cc14ed 0355ec add edx,dword ptr [ebp-14h] //

32 00cc14f0 0fbe4201 movsx eax,byte ptr [edx+1] //

32 00cc14f4 3bc8 cmp ecx,eax //

32 00cc14f6 7e28 jle puzzler3!myfun+0xa0 (00cc1520) //if(Param1[StringLength2+1] <= Param1[StringLength2]) .continue

34 00cc14f8 8b4508 mov eax,dword ptr [ebp+8] //

34 00cc14fb 0345ec add eax,dword ptr [ebp-14h] //

34 00cc14fe 8a08 mov cl,byte ptr [eax] //

34 00cc1500 884dd7 mov byte ptr [ebp-29h],cl //Previous = Param1[StringLength2]

35 00cc1503 8b4508 mov eax,dword ptr [ebp+8] //

35 00cc1506 0345ec add eax,dword ptr [ebp-14h] //

35 00cc1509 8b4d08 mov ecx,dword ptr [ebp+8] //

35 00cc150c 034dec add ecx,dword ptr [ebp-14h] //

35 00cc150f 8a5101 mov dl,byte ptr [ecx+1] //

35 00cc1512 8810 mov byte ptr [eax],dl //Param1[StringLength] = Param1[StringLength+1]

36 00cc1514 8b4508 mov eax,dword ptr [ebp+8] //

36 00cc1517 0345ec add eax,dword ptr [ebp-14h] //

36 00cc151a 8a4dd7 mov cl,byte ptr [ebp-29h] //

36 00cc151d 884801 mov byte ptr [eax+1],cl //Param1[something+1] = Previous

//}}

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Grant — Tue, 22 Apr 2008 01:59:22 GMT

Heh, I'm pretty rusty.

If I had to guess I'd say its trying to bubble sort the characters in a string something along these lines:

void f(char *s) {

int len=strlen(str);

for(int top=len;top>0;--top) {

for(int i=0;i<top-1;++i) {

if(str[i]>str[i+1]) {

char tmp=str[i];

str[i]=s[i+1];

str[i+1]=tmp;

}

(I'm not sure about what it returns....)

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Doug — Tue, 22 Apr 2008 03:52:39 GMT

No idea how well this will paste but here's my quick analysis (prolly off on the comparisons or some such).

<pre>

puzzler3!myfun [c:\source\puzzler\puzzler3\puzzler3\puzzler3.cpp @ 20]:

;

; Prologue

20 00cc1480 55 push ebp

20 00cc1481 8bec mov ebp,esp

20 00cc1483 81ecf0000000 sub esp,0F0h

20 00cc1489 53 push ebx

20 00cc148a 56 push esi

20 00cc148b 57 push edi

;

; 240 bytes of local storage

;

20 00cc148c 8dbd10ffffff lea edi,[ebp-0F0h]

;

; Fill all local space (0xf0) with 0xcc

;

; memset(ebp-0xf0, 0xcc, 0xf0)

;

20 00cc1492 b93c000000 mov ecx,3Ch

20 00cc1497 b8cccccccc mov eax,0CCCCCCCCh

20 00cc149c f3ab rep stos dword ptr es:[edi]

;

; strlen(arg1)

;

26 00cc149e 8b4508 mov eax,dword ptr [ebp + ARG1]

26 00cc14a1 50 push eax

26 00cc14a2 e803fcffff call puzzler3!ILT+165(_strlen) (00cc10aa)

26 00cc14a7 83c404 add esp,4

26 00cc14aa 8945e0 mov dword ptr [ebp - strlen_ARG1],eax

;

; For (i = strlen(ARG1) ; i > 0; i--)

;

; i = strlen(ARG1)

;

28 00cc14ad 8b45e0 mov eax,dword ptr [ebp - strlen_ARG1]

28 00cc14b0 8945f8 mov dword ptr [ebp - _i_],eax

28 00cc14b3 eb09 jmp puzzler3!myfun+0x3e (00cc14be)

;

; OUTER_LOOP_CONTINUE

;

; i--

;

28 00cc14b5 8b45f8 mov eax,dword ptr [ebp - _i_]

28 00cc14b8 83e801 sub eax,1

28 00cc14bb 8945f8 mov dword ptr [ebp - _i_],eax

;

; Check i > 0

;

28 00cc14be 837df800 cmp dword ptr [ebp - _i_],0

28 00cc14c2 7e60 jle puzzler3!myfun+0xa4 (00cc1524) ; END_OUTER_LOOP

;

; //for

;

; for (j = 0 ; j < i - 1; j++)

;

; j = 0

;

30 00cc14c4 c745ec00000000 mov dword ptr [ebp - _j_],0

30 00cc14cb eb09 jmp puzzler3!myfun+0x56 (00cc14d6)

;

; INNER_LOOP_CONTINUE

;

; j = j + 1

;

30 00cc14cd 8b45ec mov eax,dword ptr [ebp - _j_]

30 00cc14d0 83c001 add eax,1

30 00cc14d3 8945ec mov dword ptr [ebp - _j_],eax

;

; Check j < i - 1

;

30 00cc14d6 8b45f8 mov eax,dword ptr [ebp - _i_]

30 00cc14d9 83e801 sub eax,1

30 00cc14dc 3945ec cmp dword ptr [ebp - _j_],eax

30 00cc14df 7d41 jge puzzler3!myfun+0xa2 (00cc1522) ; INNER_LOOP_DONE

;

; char c = ARG1[j]

;

32 00cc14e1 8b4508 mov eax,dword ptr [ebp + ARG1]

32 00cc14e4 0345ec add eax,dword ptr [ebp - _j_]

32 00cc14e7 0fbe08 movsx ecx,byte ptr [eax]

;

; char d = ARG1[j+1]

;

32 00cc14ea 8b5508 mov edx,dword ptr [ebp + ARG1]

32 00cc14ed 0355ec add edx,dword ptr [ebp - _j_]

32 00cc14f0 0fbe4201 movsx eax,byte ptr [edx+1]

;

; if (c > d) { // signed compare

;

32 00cc14f4 3bc8 cmp ecx,eax

32 00cc14f6 7e28 jle puzzler3!myfun+0xa0 (00cc1520)

;

; unsigned char e = ARG1[j]

;

34 00cc14f8 8b4508 mov eax,dword ptr [ebp + ARG1]

34 00cc14fb 0345ec add eax,dword ptr [ebp - _j_]

34 00cc14fe 8a08 mov cl,byte ptr [eax]

34 00cc1500 884dd7 mov byte ptr [ebp-29h],cl

;

; ARG[j] = ARG[j+1]

;

35 00cc1503 8b4508 mov eax,dword ptr [ebp + ARG1]

35 00cc1506 0345ec add eax,dword ptr [ebp - _j_]

35 00cc1509 8b4d08 mov ecx,dword ptr [ebp + ARG1]

35 00cc150c 034dec add ecx,dword ptr [ebp - _j_]

35 00cc150f 8a5101 mov dl,byte ptr [ecx+1]

35 00cc1512 8810 mov byte ptr [eax],dl

;

; ARG[j+1] = e

;

36 00cc1514 8b4508 mov eax,dword ptr [ebp + ARG1]

36 00cc1517 0345ec add eax,dword ptr [ebp - _j_]

36 00cc151a 8a4dd7 mov cl,byte ptr [ebp-29h]

36 00cc151d 884801 mov byte ptr [eax+1],cl

;

; } // if

;

38 00cc1520 ebab jmp puzzler3!myfun+0x4d (00cc14cd) ; INNER_LOOP_CONTINUE

;

; INNER_LOOP_DONE

;

40 00cc1522 eb91 jmp puzzler3!myfun+0x35 (00cc14b5) ; OUTER_LOOP_CONTINUE

;

; END_OUTER_LOOP

;

41 00cc1524 5f pop edi

41 00cc1525 5e pop esi

41 00cc1526 5b pop ebx

41 00cc1527 81c4f0000000 add esp,0F0h

41 00cc152d 3bec cmp ebp,esp

41 00cc152f e820fcffff call puzzler3!ILT+335(__RTC_CheckEsp) (00cc1154)

41 00cc1534 8be5 mov esp,ebp

41 00cc1536 5d pop ebp

41 00cc1537 c3 ret

void myfun(char *mystr)

{

int i, j;

int len;

len = strlen(mystr);

for (i = len; i > 0; i--) {

for (j = 0; j < i - 1; j++) {

if (mystr[j] < mystr[j+1]) {

unsigned char c = mystr[j];

mystr[j] = mystr[j+1];

mystr[j+1] = c;

}

</pre>

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Mo — Tue, 22 Apr 2008 06:36:55 GMT

bubble sort!

There are too many give aways from debug build disassembly. Can't wait next monday night again :)

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Moso — Tue, 22 Apr 2008 06:57:16 GMT

bubble sort!

There are too many give away from debug build disassembly :)

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

sundr — Tue, 22 Apr 2008 07:58:19 GMT

A debug-compiled version of:

void bubble_sort(char* array) {

int unused, curr_len;

curr_len = unused =(int)strlen(array);

for ( ; curr_len > 0; curr_len--) {

for (int i = 0; i < (curr_len - 1); i++) {

if ( *(array + i) > *(array + i +1) ) {

char tmp = *(array + i);

*(array + i) = *(array + i +1);

*(array + i +1) = tmp;

}

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

xiaowei — Tue, 22 Apr 2008 08:55:04 GMT

void myfun(char *pszText)

{

int i, j;

char t;

i = strlen(pszText);

for( ; i > 0; --i)

{

for(j = 0; j < i - 1; ++j)

{

if(pszText[j] > pszText[j + 1])

{

t = pszText[j];

pszText[j] = pszText[j + 1];

pszText[j + 1] = t;

}

return pszText;

}

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

xiaowei — Tue, 22 Apr 2008 09:10:21 GMT

void myfun(char *pszText)

{

int i, j;

char t;

i = strlen(pszText);

for( ; i > 0; --i)

{

for(j = 0; j < i - 1; ++j)

{

if(pszText[j] > pszText[j + 1])

{

t = pszText[j];

pszText[j] = pszText[j + 1];

pszText[j + 1] = t;

}

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Mats G — Tue, 22 Apr 2008 10:56:51 GMT

This was fun! :)

Looks like a bubble-sort for strings?

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

aledh — Tue, 22 Apr 2008 11:40:53 GMT

Here's my rough first-cut take on it, though I'm a bit rusty with asm!

It is a function that takes in a string and rearranges the letters in it so that they are in alphabetical order (e.g. "aziewe" becomes "aeeiwz").

void myfun(char* s)

{

int len = (int)strlen(s);

for (int i = len; i > 0; i--) {

for (int j = 0; j < i-1; j++) {

char* p = s+j;

char ch1 = *p;

char ch2 = *(p+1);

if (ch1 > ch2) {

*p = ch2;

*(p+1) = ch1;

}

-Aled

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

zzz — Tue, 22 Apr 2008 15:27:59 GMT

it sorts the chars in the given string in ascii order.

void myfun (char *str)

{

int i, j, len;

char c;

len = strlen (str);

for (i = len; i > 0; --i)

{

for (j = 0; j < i - 1; ++j)

{

if (str[j] > str[j + 1])

{

c = str[j];

str[j] = str[j + 1];

str[j + 1] = c;

}

Bubble sort

magiK — Tue, 22 Apr 2008 17:42:10 GMT

It's a simple bubble sort :)

http://rafb.net/p/GYi6OL16.html

Bubble sort

magiK — Tue, 22 Apr 2008 17:58:52 GMT

It's a simple bubble sort :)

http://rafb.net/p/GYi6OL16.html

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

mbe — Tue, 22 Apr 2008 20:07:21 GMT

I didn't have a lot of time to make sure, but it appears (backwards to avoid spoilers):

redro lacitebahpla ni tros ot

Hopefully I'll have time to finish marking up the code (and make sure I was right)

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

molotov — Tue, 22 Apr 2008 20:17:39 GMT

OK - be gentle... My first "substantial" attempt at reversing...

I've spent _way_ too much time on this... ;-/

(Hope the code formatting doesn't get messed up...)

void myfun( char* param1 )

{

char local4 = 0;

size_t local1 = strlen( param1 );

for( int local2 = local1; local2 > 0; local2-- )

{

for( int local3 = 0; local3 < local2 - 1; local3++ )

{

if( *(param1+local3) > *(param1+local3+1) )

{

char local4 = *(param1+local3);

*(param1+local3) = *(param1+local3+1);

*(param1+local3+1) = local4;

}

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

molotov — Tue, 22 Apr 2008 20:51:56 GMT

Ack... Forgot to yank a leftover local I had used for experimenting... Sorry for the noise.

Here it is again, with the local removed.

void myfun( char* param1 )

{

size_t local1 = strlen( param1 );

for( int local2 = local1; local2 > 0; local2-- )

{

for( int local3 = 0; local3 < local2 - 1; local3++ )

{

if( *(param1+local3) > *(param1+local3+1) )

{

char local4 = *(param1+local3);

*(param1+local3) = *(param1+local3+1);

*(param1+local3+1) = local4;

}

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Matt — Tue, 22 Apr 2008 23:50:52 GMT

void myfun(char *string)

{

int lenString, countLoop, index;

char savedByte;

lenString = strlen(string);

for (countLoop = lenString; countLoop; countLoop--)

{

for(index = 0; index < (countLoop - 1); index++)

{

if (string[index] > string[index + 1])

{

savedByte = string[index];

string[index] = string[index + 1];

string[index + 1] = savedByte;

}

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Lol — Tue, 22 Apr 2008 23:51:53 GMT

for (i = strlen(arg_0); i > 0; i--)

for (j = 0; j < (i - 1); j++)

if (arg_0[j] > arg_0[j + 1]) {

b = arg_0[j];

arg_0[j] = arg_0[j + 1];

arg_0[j + 1] = b;

}

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

mbe — Wed, 23 Apr 2008 01:29:53 GMT

Okay I think I have my final solution...

http://0xabad1dea.net/ntdebuggers-asm-puzzle-3.txt

(Way too long to paste here)

This is the first time I've done this though... may have made a newbie mistake :)

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Steve — Wed, 23 Apr 2008 01:41:15 GMT

hello, nice blog.

I'm thinking it's a bubble sorting function (or something similar) ...

// it was compiled with /RTC :)

void bubble_sort( char * cpString )

{

int lenght;

int index;

char c;

length = strlen( cpString );

for( ; length > 0 ; length-- )

{

for( index = 0 ; index < length ; index++ )

{

if( cpString[index] > cpString[index+1] )

{

char c = cpString[index];

cpString[index] = cpString[index+1];

cpString[index+1] = c;

}

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Heejune — Wed, 23 Apr 2008 10:33:05 GMT

Hello! Thanks for this puzzle, it was so fun. Okay, let me guess.. This assembly code looks like actually "reversing" the string which was given as third parameter(ebp+8).

void myfun(char* szStr, int dummy, int dummy2)

{

dummy = 0;

dummy2 = 0;

int strLength;

int LocalVar1;

char temp;

strLength = (int)strlen(szStr);

for (;strLength > 0;strLength--)

{

LocalVar1 = 0;

{

if (LocalVar1 >= strLength -1)

{

break;

}

if (*(szStr + LocalVar1) <= *(szStr + LocalVar1 + 1))

{

continue;

}

temp = *(szStr + LocalVar1);

*(szStr + LocalVar1) = *(szStr + LocalVar1 + 1);

*(szStr + LocalVar1+1) = temp;

}

while (LocalVar1 ++);

}

Heejune.

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Heejune — Wed, 23 Apr 2008 10:43:09 GMT

Oops! Sorry I posted wrong, old source code. following is a revised version, sorry for inconvenient.

---

void myfun(char* szStr, int dummy, int dummy2)

{

dummy = 0;

dummy2 = 0;

int strLength;

int LocalVar1;

char temp;

strLength = (int)strlen(szStr);

for (;strLength > 0;strLength--)

{

LocalVar1 = 0;

for (;;LocalVar1 ++)

{

if (LocalVar1 >= strLength -1)

{

break;

}

if (*(szStr + LocalVar1) <= *(szStr + LocalVar1 + 1))

{

continue;

}

temp = *(szStr + LocalVar1);

*(szStr + LocalVar1) = *(szStr + LocalVar1 + 1);

*(szStr + LocalVar1+1) = temp;

}

Heejune.

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Miguel — Wed, 23 Apr 2008 16:11:18 GMT

Nice blog. Its very interesting.

And nice... ¿string reversing code? (I dont have free time enough for a in deep analisys)

Im sorry, my english is very poor :o)

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

dmitri — Thu, 24 Apr 2008 16:03:54 GMT

void charsort(char *buf)

{

int len=strlen(buf);

for(int k=len;k>0;--k)

{

for(int j=0;j<k-1;++j)

{

if(buf[j]>buf[j+1])

{

char c=buf[j];

buf[j]=buf[j+1];

buf[j+1]=c;

}

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

me — Thu, 24 Apr 2008 21:13:39 GMT

How do you want to get the result of this? I have a C code which "almost" compiles to the same code. The stack locations for the automatic variables are not exactly the same, and sometimes, my compiler (MSVC6) uses different registers for the same thing.

Should I post the code here?

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

me — Thu, 24 Apr 2008 21:47:43 GMT

Oh, it seems this blog is moderated? So, I believe it is correct to send the code directly:

Here it is (and I hope the formatting will survive the posting here):

#include <string.h>

void myfun(char * p, int n)

{

/* the stack layout is not exactly like the original */

int i, j, k;

char c;

char buffer[160]; /*!< ununsed buffer */

i = strlen(p);

for ( j = i; j > 0; j-- )

{

for ( k = 0; k < j; k++ )

{

* Huh? Swap p[k] and p[k+1] if they are identical?

* This does not make much sense, does it?

if ( p[k] == p[k+1] )

{

c = p[k];

p[k] = p[k+1];

p[k+1] = c;

}

Now, what sense does this code have? IMHO, there is no sense at all. It goes through the input buffer pointed to by p and exchanges consecutive characters if they are equal. Additionally, it proceeds multiple times through the buffer.

There is no sense at all.

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Calin Iaru — Fri, 25 Apr 2008 04:46:02 GMT

"Like a splinter in your mind" Morpheus

It was a valuable exercise. I started by using an array instead of 4 local variables, and that added an extra call to _RTC_CheckStackVars.

void myfun2(char *x) {

int a, b, c;

char d;

c = strlen(x);

a = c;

for(;a > 0; a --) {

b = 0;

for(;b < a - 1; b ++) {

if(x[b] > x[b + 1]) {

d = x[b];

x[b] = x[b + 1];

x[b + 1] = d;

}

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

tymsink — Fri, 25 Apr 2008 05:23:01 GMT

myfun( pstr pStrParam )

{

// alphabetize pStrParam

int nStrParamLength = strlen( pStrParam );

for( int nStrParamCurrent = nStrParamLength; nStrParamCurrent > 0; nStrParamCurrent-- )

for( int nStrParamIndex = 0; nStrParamCurrent - 1 < nStrParamIndex; ++nStrParamIndex )

{

if( pStrParam[ nStrParamIndex ] > pStrParam[ nStrParamIndex + 1 ]

{

char cCurrent = pStrParam[ nStrParamIndex ];

pStrParam[ nStrParamIndex ] = pStrParam[ nStrParamIndex + 1 ];

pStrParam[ nStrParamIndex + 1 ] = cCurrent;

}

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

RichardRudek — Fri, 25 Apr 2008 10:56:08 GMT

Here's the C code I reverse this into:

#include <stdio.h>

#include <tchar.h>

#include <windows.h>

void myfun(char *);

int _tmain(int argc, _TCHAR* argv[])

{

char * pszData[80];

strcpy(pszData, "I don't even see the code anymore");

printf("Before: %s\n", pszData);

myfun(pszData);

printf("After : %s\n", pszData);

getchar();

return 0;

}

void myfun(char * psz)

{

char ch;

int i;

int z1, z2;

z1 = strlen(psz);

for (z2=z1; z2 > 0; z2--)

{

for (i=0; i < z2-1; i++)

{

if (psz[i] > psz[i+1])

{

ch = psz[i];

psz[i] = psz[i+1];

psz[i+1] = ch;

}

Which results in this:

Before: I don't even see the code anymore

After : 'Iacddeeeeeeehmnnnooorsttvy

Basically, it in-place sorts the characters.

Here another test:

Before: AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz

After : ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz

Now I wonder how Phoenix would have done...

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Guaito — Fri, 25 Apr 2008 18:25:51 GMT

I guess that the C++ code should be something like the following:

void myfun(TCHAR * szString)

{

int iCount;

int iCount2;

int iLen;

TCHAR cApp;

iLen = strlen(szString);

for (iCount = iLen;iCount > 0;iCount--)

{

for (iCount2 = 0;iCount2 < (iCount -1);iCount2++)

{

if (szString[iCount2] > szString[iCount2 + 1])

{

cApp = szString[iCount2];

szString[iCount2] = szString[iCount2 + 1];

szString[iCount2 + 1] = cApp;

}

I think that the function should reverse the string passed as an agument.

I think that there is an error, the line :

if (szString[iCount2] > szString[iCount2 + 1])

shuld be

if (szString[iCount2] != szString[iCount2 + 1])

In ASM the Line

32 00cc14f6 7e28 jle puzzler3!myfun+0xa0 (00cc1520)

Shuld be

32 00cc14f6 7428 jz puzzler3!myfun+0xa0 (00cc1520)

Guaito

re: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

me — Sat, 26 Apr 2008 11:44:36 GMT

Oh... I read the JLE wrong. Yes, it makes more sense if the variables are not identical. ;) And there were some other "minor" errors.

I must admit I undid the compilation in the train with paper and pencil. I might have spotted this error if I did it on the computer.

And: I must tell that the debug build reveals much of the original structure.

Anyway, I am still puzzled why the compiler generated this stack frame in this way. Is it because it is C++ and I missed something important? Is it any "anti-malware" aspect of the newer compilers?