解决/理解二进制炸弹实验室的第四阶段

时间:2019-05-05 20:43:42

标签: assembly x86-64 reverse-engineering

这个二进制炸弹实验室在解决第4阶段时遇到了麻烦,希望能帮助您了解装配并找出解决方案。

我在阶段4求助于二进制炸弹项目的其他示例,但没有帮助。

我了解组装的基础知识,但是到目前为止在项目中已经陷入困境。 

Dump of assembler code for function phase_4:

=> 0x0000000000401038 <+0>: sub $0x18,%rsp

   0x000000000040103c <+4>: lea 0xc(%rsp),%rcx

   0x0000000000401041 <+9>: lea 0x8(%rsp),%rdx

   0x0000000000401046 <+14>: mov $0x4027bd,%esi

   0x000000000040104b <+19>: mov $0x0,%eax

   0x0000000000401050 <+24>: callq 0x400c10 <__isoc99_sscanf@plt>

   0x0000000000401055 <+29>: cmp $0x2,%eax

   0x0000000000401058 <+32>: jne 0x401066 <phase_4+46>

   0x000000000040105a <+34>: mov 0xc(%rsp),%eax

   0x000000000040105e <+38>: sub $0x2,%eax

   0x0000000000401061 <+41>: cmp $0x2,%eax

   0x0000000000401064 <+44>: jbe 0x40106b <phase_4+51>

   0x0000000000401066 <+46>: callq 0x401564 <explode_bomb>

   0x000000000040106b <+51>: mov 0xc(%rsp),%esi

   0x000000000040106f <+55>: mov $0x7,%edi

   0x0000000000401074 <+60>: callq 0x401000 <func4>

   0x0000000000401079 <+65>: cmp 0x8(%rsp),%eax

   0x000000000040107d <+69>: je 0x401084 <phase_4+76>

   0x000000000040107f <+71>: callq 0x401564 <explode_bomb>

   0x0000000000401084 <+76>: add $0x18,%rsp

   0x0000000000401088 <+80>: retq

End of assembler dump.

Dump of assembler code for function func4:

   0x0000000000401000 <+0>: push %r12

   0x0000000000401002 <+2>: push %rbp

   0x0000000000401003 <+3>: push %rbx

   0x0000000000401004 <+4>: mov %edi,%ebx

   0x0000000000401006 <+6>: test %edi,%edi

   0x0000000000401008 <+8>: jle 0x40102e <func4+46>

   0x000000000040100a <+10>: mov %esi,%ebp

   0x000000000040100c <+12>: mov %esi,%eax

   0x000000000040100e <+14>: cmp $0x1,%edi

   0x0000000000401011 <+17>: je 0x401033 <func4+51>

   0x0000000000401013 <+19>: lea -0x1(%rdi),%edi

   0x0000000000401016 <+22>: callq 0x401000 <func4>

   0x000000000040101b <+27>: lea (%rax,%rbp,1),%r12d

   0x000000000040101f <+31>: lea -0x2(%rbx),%edi

   0x0000000000401022 <+34>: mov %ebp,%esi

   0x0000000000401024 <+36>: callq 0x401000 <func4>

   0x0000000000401029 <+41>: add %r12d,%eax

   0x000000000040102c <+44>: jmp 0x401033 <func4+51>

   0x000000000040102e <+46>: mov $0x0,%eax

   0x0000000000401033 <+51>: pop %rbx

   0x0000000000401034 <+52>: pop %rbp

   0x0000000000401035 <+53>: pop %r12

   0x0000000000401037 <+55>: retq

End of assembler dump.

0 个答案:

没有答案
相关问题
最新问题