blueblue2000
blueblue2000
采纳率0%
2021-05-18 01:06 阅读 172

二进制炸弹,如何通过第一关(解出六个数字)?

50

需读写六个数字,

0x00000000080018fa <+0>:     push   %rbp
   0x00000000080018fb <+1>:     mov    %rsp,%rbp
=> 0x00000000080018fe <+4>:     sub    $0x20,%rsp
   0x0000000008001902 <+8>:     mov    %rdi,-0x18(%rbp)
   0x0000000008001906 <+12>:    movl   $0x0,-0xc(%rbp)
   0x000000000800190d <+19>:    lea    -0xc(%rbp),%rdx
   0x0000000008001911 <+23>:    mov    -0x18(%rbp),%rax
   0x0000000008001915 <+27>:    mov    %rdx,%rsi
   0x0000000008001918 <+30>:    mov    %rax,%rdi
   0x000000000800191b <+33>:    callq  0x80014f5 <read_6_numbers>
   0x0000000008001920 <+38>:    mov    %rax,-0x8(%rbp)
   0x0000000008001924 <+42>:    mov    -0xc(%rbp),%eax
   0x0000000008001927 <+45>:    cmp    $0x1,%eax
   0x000000000800192a <+48>:    jne    0x800193d <phase1+67>
   0x000000000800192c <+50>:    lea    0x17e7(%rip),%rdi        # 0x800311a
   0x0000000008001933 <+57>:    callq  0x8001040 <puts@plt>
   0x0000000008001938 <+62>:    jmpq   0x80019e3 <phase1+233>
   0x000000000800193d <+67>:    cmpq   $0x0,-0x8(%rbp)
   0x0000000008001942 <+72>:    jne    0x800194e <phase1+84>
   0x0000000008001944 <+74>:    mov    $0x0,%eax
   0x0000000008001949 <+79>:    callq  0x8001235 <explode>
   0x000000000800194e <+84>:    mov    -0x8(%rbp),%rax
   0x0000000008001952 <+88>:    mov    (%rax),%eax
   0x0000000008001954 <+90>:    cmp    $0x4587,%eax
   0x0000000008001959 <+95>:    jne    0x80019ca <phase1+208>
   0x000000000800195b <+97>:    mov    -0x8(%rbp),%rax
   0x000000000800195f <+101>:   add    $0x4,%rax
   0x0000000008001963 <+105>:   mov    (%rax),%eax
   0x0000000008001965 <+107>:   cmp    $0x3eb2,%eax
   0x000000000800196a <+112>:   jne    0x80019ca <phase1+208>
   0x000000000800196c <+114>:   mov    -0x8(%rbp),%rax
   0x0000000008001970 <+118>:   add    $0x8,%rax
   0x0000000008001974 <+122>:   mov    (%rax),%eax
   0x0000000008001976 <+124>:   cmp    $0x1f5f,%eax
   0x000000000800197b <+129>:   jne    0x80019ca <phase1+208>
   0x000000000800197d <+131>:   mov    -0x8(%rbp),%rax
   0x0000000008001981 <+135>:   add    $0xc,%rax
   0x0000000008001985 <+139>:   mov    (%rax),%eax
   0x0000000008001987 <+141>:   cmp    $0x3466,%eax
   0x000000000800198c <+146>:   jne    0x80019ca <phase1+208>
   0x000000000800198e <+148>:   mov    -0x8(%rbp),%rax
   0x0000000008001992 <+152>:   add    $0x10,%rax
--Type <RET> for more, q to quit, c to continue without paging--c
   0x0000000008001996 <+156>:   mov    (%rax),%eax
   0x0000000008001998 <+158>:   cmp    $0x32e4,%eax
   0x000000000800199d <+163>:   jne    0x80019ca <phase1+208>
   0x000000000800199f <+165>:   mov    -0x8(%rbp),%rax
   0x00000000080019a3 <+169>:   add    $0x14,%rax
   0x00000000080019a7 <+173>:   mov    (%rax),%eax
   0x00000000080019a9 <+175>:   cmp    $0x4c46,%eax
   0x00000000080019ae <+180>:   jne    0x80019ca <phase1+208>
   0x00000000080019b0 <+182>:   mov    -0x8(%rbp),%rax
   0x00000000080019b4 <+186>:   mov    %rax,%rdi
   0x00000000080019b7 <+189>:   callq  0x8001030 <free@plt>
   0x00000000080019bc <+194>:   lea    0x176e(%rip),%rdi        # 0x8003131
   0x00000000080019c3 <+201>:   callq  0x8001040 <puts@plt>
   0x00000000080019c8 <+206>:   jmp    0x80019d4 <phase1+218>
   0x00000000080019ca <+208>:   mov    $0x0,%eax
   0x00000000080019cf <+213>:   callq  0x8001235 <explode>
   0x00000000080019d4 <+218>:   mov    0x36e5(%rip),%rax        # 0x80050c0 <stdin@@GLIBC_2.2.5>
   0x00000000080019db <+225>:   mov    %rax,%rdi
   0x00000000080019de <+228>:   callq  0x80010d0 <fflush@plt>
   0x00000000080019e3 <+233>:   leaveq
   0x00000000080019e4 <+234>:   retq

实在想不明白,其寄存器的排序,和循环含义

  • 点赞
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • QA_Assistant 有问必答小助手 2021-05-18 14:30

    你好,我是有问必答小助手。为了技术专家团更好地为您解答问题,烦请您补充下(1)问题背景详情,(2)您想解决的具体问题,(3)问题相关代码图片或者报错信息。便于技术专家团更好地理解问题,并给出解决方案。

    您可以点击问题下方的【编辑】,进行补充修改问题。

    点赞 评论 复制链接分享

相关推荐