Continuing from Stage2, now I’m on Stage3.

It’s getting user input with a call to fgets and then passing that user input to a call to vsscanf using the format-control string "%d %d %d %d %d". Right after the call to vsscanf there’s a cmp eax,5. vsscanf returns the number of fields that are successfully assigned. To appease this comparison I need to input five integers separated with spaces.

Next it will compare the first integer, which is at [ebp-14], with 6 and return early if the first integer is greater than six. Now I know the first integer must be any number less than six.

After this, it’s going to loop through the remaining integers doing some arithmetic and checking their values.

It’s taking an integer stored in [eax+4] and adds it to the previous integer with add ecx,[eax]. Then it takes that result and multiplies it by two with add ecx,ecx. Next it checks to see if the result of that arithmetic is equal to the following number at [eax+8].

Here’s some pseudocode of what’s happening.

previousNumber + currentNumber * 2 = nextNumber

Now that I know what it’s expecting I can just plug in the numbers. I started with 1 because it was simple. Plugging that value in I got 1 + 1 * 2 = 4, then 1 + 4 * 2 = 10, and finally 4 + 10 * 2 = 28. So one of the many possible answers to Stage3 is 1 1 4 10 28.

Last modified: June 7, 2019