在x86中的二进制炸弹实验室中确定特定段有什么问题。
0x08048ce8 <+0>: sub $0x1c,%esp
0x08048ceb <+3>: movl $0x804a4e4,(%esp)
0x08048cf2 <+10>: call 0x804917b <string_length>
0x08048cf7 <+15>: add $0x1,%eax
0x08048cfa <+18>: mov %eax,(%esp)
0x08048cfd <+21>: call 0x8048870 <malloc@plt>
0x08048d02 <+26>: movl $0x776f7242,(%eax)
0x08048d08 <+32>: movl $0x2c65696e,0x4(%eax)
0x08048d0f <+39>: movl $0x756f7920,0x8(%eax)
0x08048d16 <+46>: movl $0x65726120,0xc(%eax)
0x08048d1d <+53>: movl $0x696f6420,0x10(%eax)
0x08048d24 <+60>: movl $0x6120676e,0x14(%eax)
0x08048d2b <+67>: movl $0x63656820,0x18(%eax)
0x08048d32 <+74>: movl $0x666f206b,0x1c(%eax)
0x08048d39 <+81>: movl $0x6a206120,0x20(%eax)
0x08048d40 <+88>: movl $0x2e626f,0x24(%eax)
0x08048d47 <+95>: movb $0x62,0xc(%eax)
我不确定malloc之后的movl指令是什么。当我尝试检查gdb中这些地址中的内容时,我得到&#34;无法访问内存...&#34;。那些动作有什么意义呢?
编辑
感谢malloc部分的帮助。我仍然坚持,这是直接在上面的段。
mov %eax,0x4(%esp) <== moves string loaded into malloc to esp
mov 0x20(%esp),%eax <== takes user input and move to eax
mov %eax,(%esp) <== moves that user input back into esp?
call 0x804919a <strings_not_equal>
答案 0 :(得分:0)
在malloc之后,EAX保存了最近malloced内存的基指针。每个后续的movl都将双字常量移动到具有适当偏移量的EAX。很明显,movl只是将数据加载到最近的malloc区域。