二元炸弹第4阶段援助

时间:2016-09-28 21:25:45

标签: assembly x86 gdb

所以我正在制作二元炸弹并且在第4阶段撞到了一堵墙。我看起来像这样:

   0x0000000000401175 <+0>:     sub    $0x18,%rsp
   0x0000000000401179 <+4>:     lea    0x8(%rsp),%rcx
   0x000000000040117e <+9>:     lea    0xc(%rsp),%rdx
   0x0000000000401183 <+14>:    mov    $0x402a2d,%esi
   0x0000000000401188 <+19>:    mov    $0x0,%eax
   0x000000000040118d <+24>:    callq  0x400cb0 <__isoc99_sscanf@plt>
   0x0000000000401192 <+29>:    cmp    $0x2,%eax
   0x0000000000401195 <+32>:    jne    0x4011a3 <phase_4+46>
   0x0000000000401197 <+34>:    mov    0x8(%rsp),%eax
   0x000000000040119b <+38>:    sub    $0x2,%eax
   0x000000000040119e <+41>:    cmp    $0x2,%eax
   0x00000000004011a1 <+44>:    jbe    0x4011a8 <phase_4+51>
   0x00000000004011a3 <+46>:    callq  0x40171c <explode_bomb>
   0x00000000004011a8 <+51>:    mov    0x8(%rsp),%esi
   0x00000000004011ac <+55>:    mov    $0x6,%edi
   0x00000000004011b1 <+60>:    callq  0x40113d <func4>
   0x00000000004011b6 <+65>:    cmp    0xc(%rsp),%eax
   0x00000000004011ba <+69>:    je     0x4011c1 <phase_4+76>
   0x00000000004011bc <+71>:    callq  0x40171c <explode_bomb>
   0x00000000004011c1 <+76>:    add    $0x18,%rsp
   0x00000000004011c5 <+80>:    retq

我看到它需要两个输入,并且它们似乎在某个值之下。单步执行我只能在第二次输入为2,3或4时跳过第一次爆炸呼叫。似乎在&lt; + 65&gt;什么func4返回需要等于12?似乎无论我的第二个数字是否需要等于我的第一个数字,一旦它通过func4。但是我不确定func4是做什么的。我的func4看起来像这样:

   0x000000000040113d <+0>:     push   %r12
   0x000000000040113f <+2>:     push   %rbp
   0x0000000000401140 <+3>:     push   %rbx
   0x0000000000401141 <+4>:     mov    %edi,%ebx
   0x0000000000401143 <+6>:     test   %edi,%edi
   0x0000000000401145 <+8>:     jle    0x40116b <func4+46>
   0x0000000000401147 <+10>:    mov    %esi,%ebp
   0x0000000000401149 <+12>:    mov    %esi,%eax
   0x000000000040114b <+14>:    cmp    $0x1,%edi
   0x000000000040114e <+17>:    je     0x401170 <func4+51>
   0x0000000000401150 <+19>:    lea    -0x1(%rdi),%edi
   0x0000000000401153 <+22>:    callq  0x40113d <func4>
   0x0000000000401158 <+27>:    lea    (%rax,%rbp,1),%r12d
   0x000000000040115c <+31>:    lea    -0x2(%rbx),%edi
   0x000000000040115f <+34>:    mov    %ebp,%esi
   0x0000000000401161 <+36>:    callq  0x40113d <func4>
   0x0000000000401166 <+41>:    add    %r12d,%eax
   0x0000000000401169 <+44>:    jmp    0x401170 <func4+51>
   0x000000000040116b <+46>:    mov    $0x0,%eax
   0x0000000000401170 <+51>:    pop    %rbx
   0x0000000000401171 <+52>:    pop    %rbp
   0x0000000000401172 <+53>:    pop    %r12
   0x0000000000401174 <+55>:    retq

非常感谢任何帮助。

0 个答案:

没有答案
相关问题
最新问题