我正在研究处理x86汇编语言的二进制炸弹实验室任务(我相信)。我正在运行我的代码并结束但最后我正在比较我的值306这个%al寄存器我不知道如何得到这个值,因为我尝试x和x / d对于al和$ al,它找不到它,我如何找到它的价值。这是在第327行。谢谢。
1 2 120
Breakpoint 1, 0x08048da4 in phase_5 ()
Missing separate debuginfos, use: debuginfo-install glibc-2.17-106.el7_2.8.i686
(gdb) disas
Dump of assembler code for function phase_5:
=> 0x08048da4 <+0>: sub $0x3c,%esp
0x08048da7 <+3>: lea 0x2c(%esp),%eax
0x08048dab <+7>: mov %eax,0x10(%esp)
0x08048daf <+11>: lea 0x27(%esp),%eax
0x08048db3 <+15>: mov %eax,0xc(%esp)
0x08048db7 <+19>: lea 0x28(%esp),%eax
0x08048dbb <+23>: mov %eax,0x8(%esp)
0x08048dbf <+27>: movl $0x804a54c,0x4(%esp)
0x08048dc7 <+35>: mov 0x40(%esp),%eax
0x08048dcb <+39>: mov %eax,(%esp)
0x08048dce <+42>: call 0x8048900 <__isoc99_sscanf@plt>
0x08048dd3 <+47>: cmp $0x2,%eax
0x08048dd6 <+50>: jg 0x8048ddd <phase_5+57>
0x08048dd8 <+52>: call 0x8049515 <explode_bomb>
0x08048ddd <+57>: cmpl $0x7,0x28(%esp)
0x08048de2 <+62>: ja 0x8048ee1 <phase_5+317>
0x08048de8 <+68>: mov 0x28(%esp),%eax
0x08048dec <+72>: jmp *0x804a5a0(,%eax,4)
0x08048df3 <+79>: mov $0x67,%eax
0x08048df8 <+84>: cmpl $0x2c5,0x2c(%esp)
0x08048e00 <+92>: je 0x8048eeb <phase_5+327>
0x08048e06 <+98>: call 0x8049515 <explode_bomb>
0x08048e0b <+103>: mov $0x67,%eax
0x08048e10 <+108>: jmp 0x8048eeb <phase_5+327>
0x08048e15 <+113>: mov $0x73,%eax
0x08048e1a <+118>: cmpl $0x78,0x2c(%esp)
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) until *0x08048dd6
0x08048dd6 in phase_5 ()
(gdb) disas
Dump of assembler code for function phase_5:
0x08048da4 <+0>: sub $0x3c,%esp
0x08048da7 <+3>: lea 0x2c(%esp),%eax
0x08048dab <+7>: mov %eax,0x10(%esp)
0x08048daf <+11>: lea 0x27(%esp),%eax
0x08048db3 <+15>: mov %eax,0xc(%esp)
0x08048db7 <+19>: lea 0x28(%esp),%eax
0x08048dbb <+23>: mov %eax,0x8(%esp)
0x08048dbf <+27>: movl $0x804a54c,0x4(%esp)
0x08048dc7 <+35>: mov 0x40(%esp),%eax
0x08048dcb <+39>: mov %eax,(%esp)
0x08048dce <+42>: call 0x8048900 <__isoc99_sscanf@plt>
0x08048dd3 <+47>: cmp $0x2,%eax
=> 0x08048dd6 <+50>: jg 0x8048ddd <phase_5+57>
0x08048dd8 <+52>: call 0x8049515 <explode_bomb>
0x08048ddd <+57>: cmpl $0x7,0x28(%esp)
0x08048de2 <+62>: ja 0x8048ee1 <phase_5+317>
0x08048de8 <+68>: mov 0x28(%esp),%eax
0x08048dec <+72>: jmp *0x804a5a0(,%eax,4)
0x08048df3 <+79>: mov $0x67,%eax
0x08048df8 <+84>: cmpl $0x2c5,0x2c(%esp)
0x08048e00 <+92>: je 0x8048eeb <phase_5+327>
0x08048e06 <+98>: call 0x8049515 <explode_bomb>
0x08048e0b <+103>: mov $0x67,%eax
0x08048e10 <+108>: jmp 0x8048eeb <phase_5+327>
0x08048e15 <+113>: mov $0x73,%eax
0x08048e1a <+118>: cmpl $0x78,0x2c(%esp)
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) ni
0x08048ddd in phase_5 ()
(gdb) disas
Dump of assembler code for function phase_5:
0x08048da4 <+0>: sub $0x3c,%esp
0x08048da7 <+3>: lea 0x2c(%esp),%eax
0x08048dab <+7>: mov %eax,0x10(%esp)
0x08048daf <+11>: lea 0x27(%esp),%eax
0x08048db3 <+15>: mov %eax,0xc(%esp)
0x08048db7 <+19>: lea 0x28(%esp),%eax
0x08048dbb <+23>: mov %eax,0x8(%esp)
0x08048dbf <+27>: movl $0x804a54c,0x4(%esp)
0x08048dc7 <+35>: mov 0x40(%esp),%eax
0x08048dcb <+39>: mov %eax,(%esp)
0x08048dce <+42>: call 0x8048900 <__isoc99_sscanf@plt>
0x08048dd3 <+47>: cmp $0x2,%eax
0x08048dd6 <+50>: jg 0x8048ddd <phase_5+57>
0x08048dd8 <+52>: call 0x8049515 <explode_bomb>
=> 0x08048ddd <+57>: cmpl $0x7,0x28(%esp)
0x08048de2 <+62>: ja 0x8048ee1 <phase_5+317>
0x08048de8 <+68>: mov 0x28(%esp),%eax
0x08048dec <+72>: jmp *0x804a5a0(,%eax,4)
0x08048df3 <+79>: mov $0x67,%eax
0x08048df8 <+84>: cmpl $0x2c5,0x2c(%esp)
0x08048e00 <+92>: je 0x8048eeb <phase_5+327>
0x08048e06 <+98>: call 0x8049515 <explode_bomb>
0x08048e0b <+103>: mov $0x67,%eax
0x08048e10 <+108>: jmp 0x8048eeb <phase_5+327>
0x08048e15 <+113>: mov $0x73,%eax
0x08048e1a <+118>: cmpl $0x78,0x2c(%esp)
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) ni
0x08048de2 in phase_5 ()
(gdb) ni
0x08048de8 in phase_5 ()
(gdb) disas
Dump of assembler code for function phase_5:
0x08048da4 <+0>: sub $0x3c,%esp
0x08048da7 <+3>: lea 0x2c(%esp),%eax
0x08048dab <+7>: mov %eax,0x10(%esp)
0x08048daf <+11>: lea 0x27(%esp),%eax
0x08048db3 <+15>: mov %eax,0xc(%esp)
0x08048db7 <+19>: lea 0x28(%esp),%eax
0x08048dbb <+23>: mov %eax,0x8(%esp)
0x08048dbf <+27>: movl $0x804a54c,0x4(%esp)
0x08048dc7 <+35>: mov 0x40(%esp),%eax
0x08048dcb <+39>: mov %eax,(%esp)
0x08048dce <+42>: call 0x8048900 <__isoc99_sscanf@plt>
0x08048dd3 <+47>: cmp $0x2,%eax
0x08048dd6 <+50>: jg 0x8048ddd <phase_5+57>
0x08048dd8 <+52>: call 0x8049515 <explode_bomb>
0x08048ddd <+57>: cmpl $0x7,0x28(%esp)
0x08048de2 <+62>: ja 0x8048ee1 <phase_5+317>
=> 0x08048de8 <+68>: mov 0x28(%esp),%eax
0x08048dec <+72>: jmp *0x804a5a0(,%eax,4)
0x08048df3 <+79>: mov $0x67,%eax
0x08048df8 <+84>: cmpl $0x2c5,0x2c(%esp)
0x08048e00 <+92>: je 0x8048eeb <phase_5+327>
0x08048e06 <+98>: call 0x8049515 <explode_bomb>
0x08048e0b <+103>: mov $0x67,%eax
0x08048e10 <+108>: jmp 0x8048eeb <phase_5+327>
0x08048e15 <+113>: mov $0x73,%eax
0x08048e1a <+118>: cmpl $0x78,0x2c(%esp)
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) ni
0x08048dec in phase_5 ()
(gdb) ni
0x08048e15 in phase_5 ()
(gdb) disas
Dump of assembler code for function phase_5:
0x08048da4 <+0>: sub $0x3c,%esp
0x08048da7 <+3>: lea 0x2c(%esp),%eax
0x08048dab <+7>: mov %eax,0x10(%esp)
0x08048daf <+11>: lea 0x27(%esp),%eax
0x08048db3 <+15>: mov %eax,0xc(%esp)
0x08048db7 <+19>: lea 0x28(%esp),%eax
0x08048dbb <+23>: mov %eax,0x8(%esp)
0x08048dbf <+27>: movl $0x804a54c,0x4(%esp)
0x08048dc7 <+35>: mov 0x40(%esp),%eax
0x08048dcb <+39>: mov %eax,(%esp)
0x08048dce <+42>: call 0x8048900 <__isoc99_sscanf@plt>
0x08048dd3 <+47>: cmp $0x2,%eax
0x08048dd6 <+50>: jg 0x8048ddd <phase_5+57>
0x08048dd8 <+52>: call 0x8049515 <explode_bomb>
0x08048ddd <+57>: cmpl $0x7,0x28(%esp)
0x08048de2 <+62>: ja 0x8048ee1 <phase_5+317>
0x08048de8 <+68>: mov 0x28(%esp),%eax
0x08048dec <+72>: jmp *0x804a5a0(,%eax,4)
0x08048df3 <+79>: mov $0x67,%eax
0x08048df8 <+84>: cmpl $0x2c5,0x2c(%esp)
0x08048e00 <+92>: je 0x8048eeb <phase_5+327>
0x08048e06 <+98>: call 0x8049515 <explode_bomb>
0x08048e0b <+103>: mov $0x67,%eax
0x08048e10 <+108>: jmp 0x8048eeb <phase_5+327>
=> 0x08048e15 <+113>: mov $0x73,%eax
0x08048e1a <+118>: cmpl $0x78,0x2c(%esp)
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) ni
0x08048e1a in phase_5 ()
(gdb) x/d $esp+0x2c
0xffffce9c: 120
(gdb) ni
0x08048e1f in phase_5 ()
(gdb) ni
0x08048eeb in phase_5 ()
(gdb) disas
Dump of assembler code for function phase_5:
0x08048da4 <+0>: sub $0x3c,%esp
0x08048da7 <+3>: lea 0x2c(%esp),%eax
0x08048dab <+7>: mov %eax,0x10(%esp)
0x08048daf <+11>: lea 0x27(%esp),%eax
0x08048db3 <+15>: mov %eax,0xc(%esp)
0x08048db7 <+19>: lea 0x28(%esp),%eax
0x08048dbb <+23>: mov %eax,0x8(%esp)
0x08048dbf <+27>: movl $0x804a54c,0x4(%esp)
0x08048dc7 <+35>: mov 0x40(%esp),%eax
0x08048dcb <+39>: mov %eax,(%esp)
0x08048dce <+42>: call 0x8048900 <__isoc99_sscanf@plt>
0x08048dd3 <+47>: cmp $0x2,%eax
0x08048dd6 <+50>: jg 0x8048ddd <phase_5+57>
0x08048dd8 <+52>: call 0x8049515 <explode_bomb>
0x08048ddd <+57>: cmpl $0x7,0x28(%esp)
0x08048de2 <+62>: ja 0x8048ee1 <phase_5+317>
0x08048de8 <+68>: mov 0x28(%esp),%eax
0x08048dec <+72>: jmp *0x804a5a0(,%eax,4)
0x08048df3 <+79>: mov $0x67,%eax
0x08048df8 <+84>: cmpl $0x2c5,0x2c(%esp)
0x08048e00 <+92>: je 0x8048eeb <phase_5+327>
0x08048e06 <+98>: call 0x8049515 <explode_bomb>
0x08048e0b <+103>: mov $0x67,%eax
0x08048e10 <+108>: jmp 0x8048eeb <phase_5+327>
0x08048e15 <+113>: mov $0x73,%eax
0x08048e1a <+118>: cmpl $0x78,0x2c(%esp)
---Type <return> to continue, or q <return> to quit---
0x08048e1f <+123>: je 0x8048eeb <phase_5+327>
0x08048e25 <+129>: call 0x8049515 <explode_bomb>
0x08048e2a <+134>: mov $0x73,%eax
0x08048e2f <+139>: jmp 0x8048eeb <phase_5+327>
0x08048e34 <+144>: mov $0x64,%eax
0x08048e39 <+149>: cmpl $0x1fd,0x2c(%esp)
0x08048e41 <+157>: je 0x8048eeb <phase_5+327>
0x08048e47 <+163>: call 0x8049515 <explode_bomb>
0x08048e4c <+168>: mov $0x64,%eax
0x08048e51 <+173>: jmp 0x8048eeb <phase_5+327>
0x08048e56 <+178>: mov $0x66,%eax
0x08048e5b <+183>: cmpl $0x363,0x2c(%esp)
0x08048e63 <+191>: je 0x8048eeb <phase_5+327>
0x08048e69 <+197>: call 0x8049515 <explode_bomb>
0x08048e6e <+202>: mov $0x66,%eax
0x08048e73 <+207>: jmp 0x8048eeb <phase_5+327>
0x08048e75 <+209>: mov $0x70,%eax
0x08048e7a <+214>: cmpl $0x161,0x2c(%esp)
0x08048e82 <+222>: je 0x8048eeb <phase_5+327>
0x08048e84 <+224>: call 0x8049515 <explode_bomb>
0x08048e89 <+229>: mov $0x70,%eax
0x08048e8e <+234>: jmp 0x8048eeb <phase_5+327>
0x08048e90 <+236>: mov $0x6f,%eax
0x08048e95 <+241>: cmpl $0x329,0x2c(%esp)
0x08048e9d <+249>: je 0x8048eeb <phase_5+327>
0x08048e9f <+251>: call 0x8049515 <explode_bomb>
0x08048ea4 <+256>: mov $0x6f,%eax
---Type <return> to continue, or q <return> to quit---
0x08048ea9 <+261>: jmp 0x8048eeb <phase_5+327>
0x08048eab <+263>: mov $0x64,%eax
0x08048eb0 <+268>: cmpl $0x273,0x2c(%esp)
0x08048eb8 <+276>: je 0x8048eeb <phase_5+327>
0x08048eba <+278>: call 0x8049515 <explode_bomb>
0x08048ebf <+283>: mov $0x64,%eax
0x08048ec4 <+288>: jmp 0x8048eeb <phase_5+327>
0x08048ec6 <+290>: mov $0x62,%eax
0x08048ecb <+295>: cmpl $0x2b8,0x2c(%esp)
0x08048ed3 <+303>: je 0x8048eeb <phase_5+327>
0x08048ed5 <+305>: call 0x8049515 <explode_bomb>
0x08048eda <+310>: mov $0x62,%eax
0x08048edf <+315>: jmp 0x8048eeb <phase_5+327>
0x08048ee1 <+317>: call 0x8049515 <explode_bomb>
0x08048ee6 <+322>: mov $0x67,%eax
=> 0x08048eeb <+327>: cmp 0x27(%esp),%al
0x08048eef <+331>: je 0x8048ef6 <phase_5+338>
0x08048ef1 <+333>: call 0x8049515 <explode_bomb>
0x08048ef6 <+338>: add $0x3c,%esp
0x08048ef9 <+341>: ret
End of assembler dump.
(gdb) x/d $esp+0x27
0xffffce97: 306
答案 0 :(得分:1)
print $al(或p $al)将有效。 x不起作用,因为它没有显示值,它显示 at 该地址的内容(并且$al不是有效指针)。您也可以一次显示所有寄存器,请参阅info gdb Registers。
info registers打印除浮点和向量寄存器之外的所有寄存器的名称和值(在选定的堆栈帧中)。
info all-registers打印所有寄存器的名称和值,包括浮点和向量寄存器(在选定的堆栈帧中)。
info registersregname ...打印每个指定寄存器 regname 的相对化值。如下面详细讨论的,寄存器值通常相对于所选择的堆栈帧。 regname 可以是您正在使用的计算机上有效的任何注册名称,包含或不包含初始“
$”。