二元炸弹第4阶段混乱

时间:2017-03-23 21:25:04

标签: assembly x86-64 reverse-engineering

Dump of assembler code for function phase_4:
0x0000000000400fa1 <+0>:     sub    $0x18,%rsp
0x0000000000400fa5 <+4>:     lea    0x8(%rsp),%rcx
0x0000000000400faa <+9>:     lea    0xc(%rsp),%rdx
0x0000000000400faf <+14>:    mov    $0x40278d,%esi
0x0000000000400fb4 <+19>:    mov    $0x0,%eax
0x0000000000400fb9 <+24>:    callq  0x400ba0 <__isoc99_sscanf@plt>
0x0000000000400fbe <+29>:    cmp    $0x2,%eax
0x0000000000400fc1 <+32>:    jne    0x400fca <phase_4+41>
0x0000000000400fc3 <+34>:    cmpl   $0xe,0xc(%rsp)
0x0000000000400fc8 <+39>:    jbe    0x400fcf <phase_4+46>
0x0000000000400fca <+41>:    callq  0x4014e4 <explode_bomb>
0x0000000000400fcf <+46>:    mov    $0xe,%edx
0x0000000000400fd4 <+51>:    mov    $0x0,%esi
0x0000000000400fd9 <+56>:    mov    0xc(%rsp),%edi
0x0000000000400fdd <+60>:    callq  0x400f6e <func4>
0x0000000000400fe2 <+65>:    cmp    $0xa,%eax
0x0000000000400fe5 <+68>:    jne    0x400fee <phase_4+77>
0x0000000000400fe7 <+70>:    cmpl   $0xa,0x8(%rsp)
0x0000000000400fec <+75>:    je     0x400ff3 <phase_4+82>
0x0000000000400fee <+77>:    callq  0x4014e4 <explode_bomb>
0x0000000000400ff3 <+82>:    add    $0x18,%rsp
0x0000000000400ff7 <+86>:    retq   
End of assembler dump.


Dump of assembler code for function func4:
0x0000000000400f6e <+0>:     push   %rbx
0x0000000000400f6f <+1>:     mov    %edx,%eax
0x0000000000400f71 <+3>:     sub    %esi,%eax
0x0000000000400f73 <+5>:     mov    %eax,%ebx
0x0000000000400f75 <+7>:     shr    $0x1f,%ebx
0x0000000000400f78 <+10>:    add    %ebx,%eax
0x0000000000400f7a <+12>:    sar    %eax
0x0000000000400f7c <+14>:    lea    (%rax,%rsi,1),%ebx
0x0000000000400f7f <+17>:    cmp    %edi,%ebx
0x0000000000400f81 <+19>:    jle    0x400f8f <func4+33>
0x0000000000400f83 <+21>:    lea    -0x1(%rbx),%edx
0x0000000000400f86 <+24>:    callq  0x400f6e <func4>
0x0000000000400f8b <+29>:    add    %ebx,%eax
0x0000000000400f8d <+31>:    jmp    0x400f9f <func4+49>
0x0000000000400f8f <+33>:    mov    %ebx,%eax
0x0000000000400f91 <+35>:    cmp    %edi,%ebx
0x0000000000400f93 <+37>:    jge    0x400f9f <func4+49>
0x0000000000400f95 <+39>:    lea    0x1(%rbx),%esi
0x0000000000400f98 <+42>:    callq  0x400f6e <func4>
0x0000000000400f9d <+47>:    add    %ebx,%eax
0x0000000000400f9f <+49>:    pop    %rbx
0x0000000000400fa0 <+50>:    retq   
End of assembler dump.

我已经确定第一个参数需要在0-14范围内。另外,我已经意识到第二个参数必须是10(十进制)。但是,我只是想不出第一个论点。输入:0调用func4后,在eax中产生11。我已经为第一个参数尝试了-1但是测试条件没有通过并且调用了explode_bomb。任何指针或提示将不胜感激。谢谢你的时间。欢呼声。

0 个答案:

没有答案