0x0000000000401161 <+0>: push %r14
0x0000000000401163 <+2>: push %r13
0x0000000000401165 <+4>: push %r12
0x0000000000401167 <+6>: push %rbp
0x0000000000401168 <+7>: push %rbx
0x0000000000401169 <+8>: sub $0x50,%rsp
0x000000000040116d <+12>: lea 0x30(%rsp),%rsi
0x0000000000401172 <+17>: callq 0x40180a <read_six_numbers>
0x0000000000401177 <+22>: lea 0x30(%rsp),%r12
0x000000000040117c <+27>: mov %r12,%r13
0x000000000040117f <+30>: mov $0x0,%r14d
0x0000000000401185 <+36>: mov %r13,%rbp
0x0000000000401188 <+39>: mov 0x0(%r13),%eax
0x000000000040118c <+43>: sub $0x1,%eax
0x000000000040118f <+46>: cmp $0x5,%eax
0x0000000000401192 <+49>: jbe 0x401199 <phase_6+56>
0x0000000000401194 <+51>: callq 0x4016a9 <explode_bomb>
0x0000000000401199 <+56>: add $0x1,%r14d
0x000000000040119d <+60>: cmp $0x6,%r14d
0x00000000004011a1 <+64>: je 0x4011c5 <phase_6+100>
0x00000000004011a3 <+66>: mov %r14d,%ebx
0x00000000004011a6 <+69>: movslq %ebx,%rax
0x00000000004011a9 <+72>: mov 0x30(%rsp,%rax,4),%edx
0x00000000004011ad <+76>: cmp %edx,0x0(%rbp)
0x00000000004011b0 <+79>: jne 0x4011b7 <phase_6+86>
0x00000000004011b2 <+81>: callq 0x4016a9 <explode_bomb>
0x00000000004011b7 <+86>: add $0x1,%ebx
0x00000000004011ba <+89>: cmp $0x5,%ebx
0x00000000004011bd <+92>: jle 0x4011a6 <phase_6+69>
0x00000000004011bf <+94>: add $0x4,%r13
0x00000000004011c3 <+98>: jmp 0x401185 <phase_6+36>
0x00000000004011c5 <+100>: lea 0x48(%rsp),%rcx
0x00000000004011ca <+105>: mov $0x7,%edx
0x00000000004011cf <+110>: mov %edx,%eax
0x00000000004011d1 <+112>: sub (%r12),%eax
0x00000000004011d5 <+116>: mov %eax,(%r12)
0x00000000004011d9 <+120>: add $0x4,%r12
0x00000000004011dd <+124>: cmp %rcx,%r12
0x00000000004011e0 <+127>: jne 0x4011cf <phase_6+110>
0x00000000004011e2 <+129>: mov $0x0,%esi
0x00000000004011e7 <+134>: jmp 0x401202 <phase_6+161>
0x00000000004011e9 <+136>: mov 0x8(%rdx),%rdx
0x00000000004011ed <+140>: add $0x1,%eax
0x00000000004011f0 <+143>: cmp %ecx,%eax
0x00000000004011f2 <+145>: jne 0x4011e9 <phase_6+136>
0x00000000004011f4 <+147>: mov %rdx,(%rsp,%rsi,2)
0x00000000004011f8 <+151>: add $0x4,%rsi
0x00000000004011fc <+155>: cmp $0x18,%rsi
0x0000000000401200 <+159>: je 0x401217 <phase_6+182>
0x0000000000401202 <+161>: mov 0x30(%rsp,%rsi,1),%ecx
0x0000000000401206 <+165>: mov $0x1,%eax
0x000000000040120b <+170>: mov $0x604300,%edx
0x0000000000401210 <+175>: cmp $0x1,%ecx
0x0000000000401213 <+178>: jg 0x4011e9 <phase_6+136>
0x0000000000401215 <+180>: jmp 0x4011f4 <phase_6+147>
0x0000000000401217 <+182>: mov (%rsp),%rbx
0x000000000040121b <+186>: mov 0x8(%rsp),%rax
0x0000000000401220 <+191>: mov %rax,0x8(%rbx)
0x0000000000401224 <+195>: mov 0x10(%rsp),%rdx
0x0000000000401229 <+200>: mov %rdx,0x8(%rax)
0x000000000040122d <+204>: mov 0x18(%rsp),%rax
0x0000000000401232 <+209>: mov %rax,0x8(%rdx)
0x0000000000401236 <+213>: mov 0x20(%rsp),%rdx
0x000000000040123b <+218>: mov %rdx,0x8(%rax)
0x000000000040123f <+222>: mov 0x28(%rsp),%rax
0x0000000000401244 <+227>: mov %rax,0x8(%rdx)
0x0000000000401248 <+231>: movq $0x0,0x8(%rax)
0x0000000000401250 <+239>: mov $0x5,%ebp
0x0000000000401255 <+244>: mov 0x8(%rbx),%rax
0x0000000000401259 <+248>: mov (%rax),%edx
0x000000000040125b <+250>: cmp %edx,(%rbx)
0x000000000040125d <+252>: jge 0x401264 <phase_6+259>
0x000000000040125f <+254>: callq 0x4016a9 <explode_bomb>
0x0000000000401264 <+259>: mov 0x8(%rbx),%rbx
0x0000000000401268 <+263>: sub $0x1,%ebp
0x000000000040126b <+266>: jne 0x401255 <phase_6+244>
0x000000000040126d <+268>: add $0x50,%rsp
0x0000000000401271 <+272>: pop %rbx
0x0000000000401272 <+273>: pop %rbp
0x0000000000401273 <+274>: pop %r12
0x0000000000401275 <+276>: pop %r13
0x0000000000401277 <+278>: pop %r14
0x0000000000401279 <+280>: retq
上面的汇编代码来自我目前正在研究的二元炸弹实验室的phase_6()函数。我已经意识到代码创建了一个包含6个整数的链表,并且没有重复的值。为了扩散炸弹,我需要输入节点的顺序,使得7-X的结果(其中X是六个节点值中的每一个)按降序排列。此外,第一个节点位于0x604300,每个后续节点位于0x604310,0x604320,依此类推。
使用print (int )语句打印节点值后,我得到以下内容:
Node1(0x604300): 897
Node2(0x604310): 329
Node3(0x604320): 897
Node4(0x604330): 722
Node5(0x604340): 214
Node6(0x604350): 596
现在我很困惑!我认为不存在任何重复值,但Node1和Node3具有相同的值897!我尝试继续假设这些值是正确的,通过在程序中输入顺序(5 2 6 4 3 1)和(5 2 6 4 1 3),但两者都会触发GDB建议的explode_bomb()函数。
我现在非常困惑,不知道汇编代码的哪一部分我误解了。任何提示将不胜感激!在此先感谢您的帮助!