Bomb Lab phase 5: 6 char string substitution lookup table, strings_not_equal [duplicate]

Answer 1

This is a decompilation of the function.

/**
 *         + 8: arg0
 *         + 4: Return Address
 * EBP       0: Old EBP
 *         - 4: Saved EDI
 *         - 8: Saved ESI
 *         -12: Saved EBX
 * 
 *         -25: NUL character
 *         -31: Beginning of 6-char string
 * 
 * ESP+4 = -52: argument 1 for callees
 * ESP+0 = -56: argument 0 for callees
 */

u8 GBL0[16] = {,,,,,,,,,,,,,,,};/* ADDRESS 0x804a4e0 */
u8 GBL1[]   = {,,,,,,'\0'};     /* ADDRESS 0x804a4b7 */

phase_5(i8* arg0){
    i8   PAD0[12];/* ADDRESS EBP-0x18 */
    u8   LOC0[7]; /* ADDRESS EBP-0x1f */
    i8   PAD1[25];/* ADDRESS EBP-0x38 = ESP+0 */
                  /* The range [EBP-56, EBP-48) corresponds to
                     the range [ESP+0,  ESP+8)  and is used to
                     place arguments for function calls. */
    register int eax;/* In EAX */

    if(string_length(arg0) != 6){
        explode_bomb();
    }

    for(eax=0;eax<6;eax++){
        LOC0[eax] = GBL0[arg0[eax] & 0xF];
    }

    LOC0[6] = '\0';/* ADDRESS EBP-0x19 */

    if(eax = strings_not_equal(LOC0, GBL1)){
        explode_bomb();
    }

    return eax;/* Maybe? */
}

Essentially, it does not explode the bomb if and only if the argument is a 6-character "string" that is successfully substitution-decyphered into a 6-character string equal to some password.

Answer 2

movzbw: byte (8-bit) to word (16-bit)

movzwl: word (16-bit) to long (32-bit)

movzbl: byte (8-bit) to long (32-bit)