消除炸弹实验室phase_6

时间:2019-04-12 22:18:10

标签: assembly x86 reverse-engineering

我正在做炸弹实验室,我必须通过调试反汇编的二进制文件来化解炸弹。但是我不知道如何调试此阶段以获得答案。帮助将不胜感激。如果有人可以找出答案,那将是很好,但是一些见识也将是很好。

第六阶段

0x08048e13 <+0>:    sub    $0x2c,%esp
0x08048e16 <+3>:    lea    0x1c(%esp),%eax
0x08048e1a <+7>:    mov    %eax,0xc(%esp)
0x08048e1e <+11>:   lea    0x18(%esp),%eax
0x08048e22 <+15>:   mov    %eax,0x8(%esp)
0x08048e26 <+19>:   movl   $0x804a5b1,0x4(%esp)
0x08048e2e <+27>:   mov    0x30(%esp),%eax
0x08048e32 <+31>:   mov    %eax,(%esp)
0x08048e35 <+34>:   call   0x8048870 <__isoc99_sscanf@plt>
0x08048e3a <+39>:   cmp    $0x2,%eax
0x08048e3d <+42>:   jne    0x8048e4b <phase_6+56>
0x08048e3f <+44>:   mov    0x1c(%esp),%eax
0x08048e43 <+48>:   sub    $0x2,%eax
0x08048e46 <+51>:   cmp    $0x2,%eax
0x08048e49 <+54>:   jbe    0x8048e50 <phase_6+61>
0x08048e4b <+56>:   call   0x8049395 <explode_bomb>
0x08048e50 <+61>:   mov    0x1c(%esp),%eax
0x08048e54 <+65>:   mov    %eax,0x4(%esp)
0x08048e58 <+69>:   movl   $0x7,(%esp)
0x08048e5f <+76>:   call   0x8048dc9 <func6>
0x08048e64 <+81>:   cmp    0x18(%esp),%eax
0x08048e68 <+85>:   je     0x8048e6f <phase_6+92>
0x08048e6a <+87>:   call   0x8049395 <explode_bomb>
0x08048e6f <+92>:   add    $0x2c,%esp
0x08048e72 <+95>:   ret 

功能6

0x08048dc9 <+0>:    push   %edi
0x08048dca <+1>:    push   %esi
0x08048dcb <+2>:    push   %ebx
0x08048dcc <+3>:    sub    $0x10,%esp
0x08048dcf <+6>:    mov    0x20(%esp),%ebx
0x08048dd3 <+10>:   mov    0x24(%esp),%esi
0x08048dd7 <+14>:   test   %ebx,%ebx
0x08048dd9 <+16>:   jle    0x8048e07 <func6+62>
0x08048ddb <+18>:   mov    %esi,%eax
0x08048ddd <+20>:   cmp    $0x1,%ebx
0x08048de0 <+23>:   je     0x8048e0c <func6+67>
0x08048de2 <+25>:   mov    %esi,0x4(%esp)
0x08048de6 <+29>:   lea    -0x1(%ebx),%eax
0x08048de9 <+32>:   mov    %eax,(%esp)
0x08048dec <+35>:   call   0x8048dc9 <func6>
0x08048df1 <+40>:   lea    (%eax,%esi,1),%edi
0x08048df4 <+43>:   mov    %esi,0x4(%esp)
0x08048df8 <+47>:   sub    $0x2,%ebx
0x08048dfb <+50>:   mov    %ebx,(%esp)
0x08048dfe <+53>:   call   0x8048dc9 <func6>
0x08048e03 <+58>:   add    %edi,%eax
0x08048e05 <+60>:   jmp    0x8048e0c <func6+67>
0x08048e07 <+62>:   mov    $0x0,%eax
0x08048e0c <+67>:   add    $0x10,%esp
0x08048e0f <+70>:   pop    %ebx
0x08048e10 <+71>:   pop    %esi
0x08048e11 <+72>:   pop    %edi
0x08048e12 <+73>:   ret    
End of assembler dump.

0 个答案:

没有答案