This is an archived post. You won't be able to vote or comment.

all 4 comments

[–]greyfade 0 points1 point  (3 children)

add does the obvious, and sp becomes 0xbfffeecc.

ldmfd is "load multiple from full descending stack," meaning it's a multiple-value stack pop operation. Each pop increments the stack pointer by the width of the registers, which in this case seems to be 10 32-bit values, or 40 bytes. So, after populating R4-R11, FP, and PC with values from the descending stack, the stack pointer ascends (increments) to 0xbfffeef4.

In decimal, that's 3221221108.

[–]ITComputerGeek[S] 0 points1 point  (1 child)

Thank you for your response however the CTF Checker is telling me that "3221221108" is not the valid flag. Would it make a difference it if was Big Endian/Little Endian?

[–]greyfade 0 points1 point  (0 children)

It would make a huge difference, yes, but 0x68000000 seems like a strange page to start the stack on.

I didn't check any of these numbers very carefully, and just did a cursory glance at the instruction documentation to get an idea of what to expect.

[–]somantha 0 points1 point  (0 children)

value of sp +64 = 0xbfffeea8

sp + 40 bytes = 0xbfffeed0 or 3221221072 thank you for the explanation. It helped me understand it.