二元炸弹实验室第6阶段

时间:2014-10-12 08:16:17

标签: binary gdb 

0x000000000040106b <+0>:     push   %r12
0x000000000040106d <+2>:     push   %rbp
0x000000000040106e <+3>:     push   %rbx
0x000000000040106f <+4>:     sub    $0x50,%rsp
0x0000000000401073 <+8>:     lea    0x30(%rsp),%rsi
0x0000000000401078 <+13>:    callq  0x40159a <read_six_numbers>
0x000000000040107d <+18>:    mov    $0x0,%ebp
0x0000000000401082 <+23>:    lea    0x30(%rsp),%r12
0x0000000000401087 <+28>:    mov    (%r12,%rbp,4),%eax
0x000000000040108b <+32>:    sub    $0x1,%eax
0x000000000040108e <+35>:    cmp    $0x5,%eax 
0x0000000000401091 <+38>:    jbe    0x401098 <phase_6+45>
0x0000000000401093 <+40>:    callq  0x401564 <explode_bomb>
0x0000000000401098 <+45>:    lea    0x1(%rbp),%ebx
0x000000000040109b <+48>:    cmp    $0x5,%rbp
0x000000000040109f <+52>:    je     0x4010c2 <phase_6+87>
0x00000000004010a1 <+54>:    movslq %ebx,%rdx
0x00000000004010a4 <+57>:    mov    (%r12,%rbp,4),%eax
0x00000000004010a8 <+61>:    cmp    0x30(%rsp,%rdx,4),%eax
0x00000000004010ac <+65>:    jne    0x4010b3 <phase_6+72>
0x00000000004010ae <+67>:    callq  0x401564 <explode_bomb>
0x00000000004010b3 <+72>:    add    $0x1,%ebx
0x00000000004010b6 <+75>:    cmp    $0x5,%ebx
0x00000000004010b9 <+78>:    jle    0x4010a1 <phase_6+54>
0x00000000004010bb <+80>:    add    $0x1,%rbp
0x00000000004010bf <+84>:    nop
0x00000000004010c0 <+85>:    jmp    0x401087 <phase_6+28>

0x00000000004010c2 <+87>:    lea    0x30(%rsp),%rdx
0x00000000004010c7 <+92>:    lea    0x48(%rsp),%rcx
0x00000000004010cc <+97>:    mov    $0x7,%eax
0x00000000004010d1 <+102>:   sub    (%rdx),%eax
0x00000000004010d3 <+104>:   mov    %eax,(%rdx)
0x00000000004010d5 <+106>:   add    $0x4,%rdx
0x00000000004010d9 <+110>:   cmp    %rcx,%rdx
0x00000000004010dc <+113>:   jne    0x4010cc <phase_6+97>
0x00000000004010de <+115>:   mov    $0x1,%edx
0x00000000004010e3 <+120>:   mov    $0x603970,%esi
0x00000000004010e8 <+125>:   mov    $0x0,%ecx
0x00000000004010ed <+130>:   jmp    0x4010f6 <phase_6+139>
0x00000000004010ef <+132>:   mov    0x8(%rsi),%rsi
0x00000000004010f3 <+136>:   add    $0x1,%edx
0x00000000004010f6 <+139>:   movslq %ecx,%rax
0x00000000004010f9 <+142>:   cmp    0x30(%rsp,%rax,4),%edx
0x00000000004010fd <+146>:   jl     0x4010ef <phase_6+132>
0x00000000004010ff <+148>:   mov    %rsi,(%rsp,%rax,8)
0x0000000000401103 <+152>:   add    $0x1,%ecx
0x0000000000401106 <+155>:   cmp    $0x5,%ecx
0x0000000000401109 <+158>:   jg     0x401117 <phase_6+172>
0x000000000040110b <+160>:   mov    $0x1,%edx
0x0000000000401110 <+165>:   mov    $0x603970,%esi
0x0000000000401115 <+170>:   jmp    0x4010f6 <phase_6+139>
0x0000000000401117 <+172>:   mov    (%rsp),%rcx 

0x000000000040111b <+176>:   mov    0x8(%rsp),%rax
0x0000000000401120 <+181>:   mov    %rax,0x8(%rcx)
0x0000000000401124 <+185>:   mov    0x10(%rsp),%rdx
0x0000000000401129 <+190>:   mov    %rdx,0x8(%rax)
0x000000000040112d <+194>:   mov    0x18(%rsp),%rax
0x0000000000401132 <+199>:   mov    %rax,0x8(%rdx)
0x0000000000401136 <+203>:   mov    0x20(%rsp),%rdx
0x000000000040113b <+208>:   mov    %rdx,0x8(%rax)
0x000000000040113f <+212>:   mov    0x28(%rsp),%rax
0x0000000000401144 <+217>:   mov    %rax,0x8(%rdx)
0x0000000000401148 <+221>:   movq   $0x0,0x8(%rax)
0x0000000000401150 <+229>:   mov    %rcx,%rbx
0x0000000000401153 <+232>:   mov    $0x0,%ebp 

0x0000000000401158 <+237>:   mov    0x8(%rbx),%rdx
0x000000000040115c <+241>:   mov    (%rbx),%eax
0x000000000040115e <+243>:   cmp    (%rdx),%eax
0x0000000000401160 <+245>:   jge    0x401167 <phase_6+252>
0x0000000000401162 <+247>:   callq  0x401564 <explode_bomb>
0x0000000000401167 <+252>:   mov    0x8(%rbx),%rbx
0x000000000040116b <+256>:   add    $0x1,%ebp
0x000000000040116e <+259>:   cmp    $0x5,%ebp
0x0000000000401171 <+262>:   jne    0x401158 <phase_6+237>
0x0000000000401173 <+264>:   add    $0x50,%rsp
0x0000000000401177 <+268>:   pop    %rbx
0x0000000000401178 <+269>:   pop    %rbp
0x0000000000401179 <+270>:   pop    %r12
0x000000000040117b <+272>:   retq

我对此代码的了解是: 1.输入应该是六个数字,它们应该是不同的。 2.数字范围是1到6。

节点是:

0x603970 <node1> 0x000000f6
0x603978 <node1+8> 0x603960
0x603960 <node2> 0x00000304
0x693968 <node2+8> 0x603950
0x603950 <node3> 0x000000b7
0x603958 <node3+8> 0x603940
0x603940 <node4> 0x000000eb
0x603948 <node4+8> 0x603930
0x603930 <node5> 0x0000021f
0x603938 <node5+8> 0x603920
0x603920 <node6> 0x00000150
0x603928 <node6+8> 0x000000

因此,node1到node6的值是f6,304,b7,eb,21f,150。 我知道b7&lt; eb&lt; f6&lt; 150&lt; 21f&lt; 304,所以节点的顺序应为3 0 5 4 1 2 (或2 5 0 1 4 3 - 按升序排列) 我应该为所有数字添加+1。所以我做了。 但是当我放入4 1 6 5 2 3或3 6 1 2 5 4时,它会爆炸。

我在互联网上尝试了很多解决方法。 一些解决方案说我应该反过来这样订购: pos(1)(表示5):4(5是&#39; 4 1 6 5 2 3&#39;中的第4个数字) pos(2)(表示4):1 pos(3):6 pos(4):5 pos(5):2 pos(6):3 所以我尝试了4 1 6 5 2 3,但它也没有用。

其实我试过了 (3 6 1 2 5 4) (4 1 6 5 2 3) (3 4 1 6 5 2) (2 5 6 1 4 3) (4 3 6 1 2 5) (1 6 5 2 3 4) (6 1 2 5 4 3) (2 3 4 1 6 5) (3 2 5 6 1 4) (4 1 6 5 2 3) (5 6 1 4 3 2)

但这些试验中没有答案。 你能给我一些帮助我的代码怎么样?我无法理解发生了什么......

1 个答案:

答案 0 :(得分:1)

On&lt; + 97&gt;和&lt; + 102&gt;,注意代码将%eax设置为7并减去(%rdx)。 换句话说,你必须将6个值中的每一个放入函数f(x)= 7-x。

相关问题
最新问题