大会 - 二进制炸弹

时间:2015-11-04 04:34:21

标签: assembly

在x86中的二进制炸弹实验室中确定特定段有什么问题。

0x08048ce8 <+0>:    sub    $0x1c,%esp
0x08048ceb <+3>:    movl   $0x804a4e4,(%esp)
0x08048cf2 <+10>:   call   0x804917b <string_length>
0x08048cf7 <+15>:   add    $0x1,%eax
0x08048cfa <+18>:   mov    %eax,(%esp)
0x08048cfd <+21>:   call   0x8048870 <malloc@plt>
0x08048d02 <+26>:   movl   $0x776f7242,(%eax)
0x08048d08 <+32>:   movl   $0x2c65696e,0x4(%eax)
0x08048d0f <+39>:   movl   $0x756f7920,0x8(%eax)
0x08048d16 <+46>:   movl   $0x65726120,0xc(%eax)
0x08048d1d <+53>:   movl   $0x696f6420,0x10(%eax)
0x08048d24 <+60>:   movl   $0x6120676e,0x14(%eax)
0x08048d2b <+67>:   movl   $0x63656820,0x18(%eax)
0x08048d32 <+74>:   movl   $0x666f206b,0x1c(%eax)
0x08048d39 <+81>:   movl   $0x6a206120,0x20(%eax)
0x08048d40 <+88>:   movl   $0x2e626f,0x24(%eax)
0x08048d47 <+95>:   movb   $0x62,0xc(%eax)

我不确定malloc之后的movl指令是什么。当我尝试检查gdb中这些地址中的内容时,我得到&#34;无法访问内存...&#34;。那些动作有什么意义呢?

编辑

感谢malloc部分的帮助。我仍然坚持,这是直接在上面的段。

mov    %eax,0x4(%esp)  <== moves string loaded into malloc to esp
mov    0x20(%esp),%eax   <== takes user input and move to eax
mov    %eax,(%esp)       <== moves that user input back into esp? 
call   0x804919a <strings_not_equal> 

1 个答案:

答案 0 :(得分:0)

在malloc之后,EAX保存了最近malloced内存的基指针。每个后续的movl都将双字常量移动到具有适当偏移量的EAX。很明显,movl只是将数据加载到最近的malloc区域。