这是Evil博士进行的二元炸弹的最后阶段。用户必须输入代码才能进入下一个阶段。 我已经确认答案是1-6中的6个数字,不会重复。
我也知道“公式”是7-x,但是我不确定这是什么意思。
我将输入1 2 3 4 5 6作为测试。
我也尝试过x / 3x的寄存器,但是我找不到节点的值。
Dump of assembler code for function phase_6:
0x0000000000401187 <+0>: push %r14
0x0000000000401189 <+2>: push %r13
0x000000000040118b <+4>: push %r12
0x000000000040118d <+6>: push %rbp
0x000000000040118e <+7>: push %rbx
0x000000000040118f <+8>: sub $0x50,%rsp
0x0000000000401193 <+12>: lea 0x30(%rsp),%r13
0x0000000000401198 <+17>: mov %r13,%rsi
0x000000000040119b <+20>: callq 0x40165a <read_six_numbers>
0x00000000004011a0 <+25>: mov %r13,%r14
0x00000000004011a3 <+28>: mov $0x0,%r12d
0x00000000004011a9 <+34>: mov %r13,%rbp
0x00000000004011ac <+37>: mov 0x0(%r13),%eax
0x00000000004011b0 <+41>: sub $0x1,%eax
0x00000000004011b3 <+44>: cmp $0x5,%eax
0x00000000004011b6 <+47>: jbe 0x4011bd <phase_6+54>
0x00000000004011b8 <+49>: callq 0x401624 <explode_bomb>
0x00000000004011bd <+54>: add $0x1,%r12d
0x00000000004011c1 <+58>: cmp $0x6,%r12d
0x00000000004011c5 <+62>: je 0x4011e9 <phase_6+98>
0x00000000004011c7 <+64>: mov %r12d,%ebx
0x00000000004011ca <+67>: movslq %ebx,%rax
0x00000000004011cd <+70>: mov 0x30(%rsp,%rax,4),%eax
0x00000000004011d1 <+74>: cmp %eax,0x0(%rbp)
0x00000000004011d4 <+77>: jne 0x4011db <phase_6+84>
0x00000000004011d6 <+79>: callq 0x401624 <explode_bomb>
0x00000000004011db <+84>: add $0x1,%ebx
=> 0x00000000004011de <+87>: cmp $0x5,%ebx
0x00000000004011e1 <+90>: jle 0x4011ca <phase_6+67>
0x00000000004011e3 <+92>: add $0x4,%r13
0x00000000004011e7 <+96>: jmp 0x4011a9 <phase_6+34>
0x00000000004011e9 <+98>: lea 0x48(%rsp),%rsi
0x00000000004011ee <+103>: mov %r14,%rax
0x00000000004011f1 <+106>: mov $0x7,%ecx
0x00000000004011f6 <+111>: mov %ecx,%edx
0x00000000004011f8 <+113>: sub (%rax),%edx
0x00000000004011fa <+115>: mov %edx,(%rax)
0x00000000004011fc <+117>: add $0x4,%rax
0x0000000000401200 <+121>: cmp %rsi,%rax
0x0000000000401203 <+124>: jne 0x4011f6 <phase_6+111>
0x0000000000401205 <+126>: mov $0x0,%esi
0x000000000040120a <+131>: jmp 0x40122c <phase_6+165>
0x000000000040120c <+133>: mov 0x8(%rdx),%rdx
0x0000000000401210 <+137>: add $0x1,%eax
0x0000000000401213 <+140>: cmp %ecx,%eax
0x0000000000401215 <+142>: jne 0x40120c <phase_6+133>
0x0000000000401217 <+144>: jmp 0x40121e <phase_6+151>
0x0000000000401219 <+146>: mov $0x6042f0,%edx
0x000000000040121e <+151>: mov %rdx,(%rsp,%rsi,2)
0x0000000000401222 <+155>: add $0x4,%rsi
0x0000000000401226 <+159>: cmp $0x18,%rsi
---Type <return> to continue, or q <return> to quit---
0x000000000040122a <+163>: je 0x401241 <phase_6+186>
0x000000000040122c <+165>: mov 0x30(%rsp,%rsi,1),%ecx
0x0000000000401230 <+169>: cmp $0x1,%ecx
0x0000000000401233 <+172>: jle 0x401219 <phase_6+146>
0x0000000000401235 <+174>: mov $0x1,%eax
0x000000000040123a <+179>: mov $0x6042f0,%edx
0x000000000040123f <+184>: jmp 0x40120c <phase_6+133>
0x0000000000401241 <+186>: mov (%rsp),%rbx
0x0000000000401245 <+190>: lea 0x8(%rsp),%rax
0x000000000040124a <+195>: lea 0x30(%rsp),%rsi
0x000000000040124f <+200>: mov %rbx,%rcx
0x0000000000401252 <+203>: mov (%rax),%rdx
0x0000000000401255 <+206>: mov %rdx,0x8(%rcx)
0x0000000000401259 <+210>: add $0x8,%rax
0x000000000040125d <+214>: cmp %rsi,%rax
0x0000000000401260 <+217>: je 0x401267 <phase_6+224>
0x0000000000401262 <+219>: mov %rdx,%rcx
0x0000000000401265 <+222>: jmp 0x401252 <phase_6+203>
0x0000000000401267 <+224>: movq $0x0,0x8(%rdx)
0x000000000040126f <+232>: mov $0x5,%ebp
0x0000000000401274 <+237>: mov 0x8(%rbx),%rax
0x0000000000401278 <+241>: mov (%rax),%eax
0x000000000040127a <+243>: cmp %eax,(%rbx)
0x000000000040127c <+245>: jge 0x401283 <phase_6+252>
0x000000000040127e <+247>: callq 0x401624 <explode_bomb>
0x0000000000401283 <+252>: mov 0x8(%rbx),%rbx
0x0000000000401287 <+256>: sub $0x1,%ebp
0x000000000040128a <+259>: jne 0x401274 <phase_6+237>
0x000000000040128c <+261>: add $0x50,%rsp
0x0000000000401290 <+265>: pop %rbx
0x0000000000401291 <+266>: pop %rbp
0x0000000000401292 <+267>: pop %r12
0x0000000000401294 <+269>: pop %r13
0x0000000000401296 <+271>: pop %r14
0x0000000000401298 <+273>: retq
End of assembler dump.
编辑
(gdb) x/3x 0x6042f0
0x6042f0 <node1>: 0x0000034c 0x00000001 0x00604300
(gdb) x/3x *(0x6042f0+8)
0x604300 <node2>: 0x0000018e 0x00000002 0x00604310
(gdb) x/3x *(*(0x6042f0+8)+8)
0x604310 <node3>: 0x000003bf 0x00000003 0x00604320
(gdb) x/3x (*(*(*(0x6042f0+8)+8)+8))
0x604320 <node4>: 0x00000363 0x00000004 0x00604330
(gdb) x/3x (*(*(*(*(0x6042f0+8)+8)+8)+8))
0x604330 <node5>: 0x00000292 0x00000005 0x00604340
(gdb) x/3x (*(*(*(*(*(0x6042f0+8)+8)+8)+8)+8))
0x604340 <node6>: 0x00000340 0x00000006 0x00000000
我得到了节点以及值,我将其与什么进行比较?