二元炸彈 - 階段2

嘿，我正在努力化解一個二進制炸彈，並在第二階段，並試圖弄清楚應該如何發生化解。我已經添加了關於我認爲實際發生的事情的評論，但是如果我錯了，並且幫助我理解這是如何工作的，那麼請糾正我。這是phase_2：二元炸彈 - 階段2

08048763 <phase_2>: 
8048763: 55      push %ebp 
8048764: 89 e5     mov %esp,%ebp 
8048766: 83 ec 28    sub $0x28,%esp 
; read 6 numbers 
8048769: 8d 45 dc    lea -0x24(%ebp),%eax 
804876c: 83 c0 14    add $0x14,%eax 
804876f: 50      push %eax 
8048770: 8d 45 dc    lea -0x24(%ebp),%eax 
8048773: 83 c0 10    add $0x10,%eax 
8048776: 50      push %eax 
8048777: 8d 45 dc    lea -0x24(%ebp),%eax 
804877a: 83 c0 0c    add $0xc,%eax 
804877d: 50      push %eax 
804877e: 8d 45 dc    lea -0x24(%ebp),%eax 
8048781: 83 c0 08    add $0x8,%eax 
8048784: 50      push %eax 
8048785: 8d 45 dc    lea -0x24(%ebp),%eax 
8048788: 83 c0 04    add $0x4,%eax 
804878b: 50      push %eax 
804878c: 8d 45 dc    lea -0x24(%ebp),%eax 
804878f: 50      push %eax 
8048790: 68 18 94 04 08   push $0x8049418 
8048795: ff 75 08    pushl 0x8(%ebp) 

; call scanf() 
8048798: e8 53 fd ff ff   call 80484f0 <[email protected]> 
804879d: 83 c4 20    add $0x20,%esp 
; check if first number is greater than 5 
80487a0: 83 f8 05    cmp $0x5,%eax 
80487a3: 7f 05     jg  80487aa <phase_2+0x47> 
80487a5: e8 ad fe ff ff   call 8048657 <explode> 
80487aa: 8b 45 dc    mov -0x24(%ebp),%eax 
; check if the 2nd number is 9 ; jump if equals 
80487ad: 83 f8 09    cmp $0x9,%eax 
80487b0: 74 05     je  80487b7 <phase_2+0x54> 
80487b2: e8 a0 fe ff ff   call 8048657 <explode> 
80487b7: c7 45 f4 01 00 00 00 movl $0x1,-0xc(%ebp) 

; BEGIN LOOP 
80487be: eb 22     jmp 80487e2 <phase_2+0x7f> 
80487c0: 8b 45 f4    mov -0xc(%ebp),%eax 
80487c3: 8b 54 85 dc    mov -0x24(%ebp,%eax,4),%edx 
80487c7: 8b 45 f4    mov -0xc(%ebp),%eax 
80487ca: 83 e8 01    sub $0x1,%eax 
80487cd: 8b 44 85 dc    mov -0x24(%ebp,%eax,4),%eax 
; what is it that gets multiplied here? 
80487d1: 0f af 45 f4    imul -0xc(%ebp),%eax 
; compare eax with edx but not clear what happens here. jump when equals 
80487d5: 39 c2     cmp %eax,%edx 
80487d7: 74 05     je  80487de <phase_2+0x7b> 
80487d9: e8 79 fe ff ff   call 8048657 <explode> 
; we add 1 before comparing with 5? 
80487de: 83 45 f4 01    addl $0x1,-0xc(%ebp) 
; compare jump next if number <= 5 
80487e2: 83 7d f4 05    cmpl $0x5,-0xc(%ebp) 
80487e6: 7e d8     jle 80487c0 <phase_2+0x5d> 
80487e8: 83 ec 0c    sub $0xc,%esp 
80487eb: 68 2a 94 04 08   push $0x804942a 
80487f0: e8 16 fe ff ff   call 804860b <say> 
80487f5: 83 c4 10    add $0x10,%esp 
80487f8: c9      leave 
80487f9: c3      ret

來源

2016-05-10 user3607785

'eax'乘以'[ebp-0xC]'（=內存地址的值'ebp- 0xC'）並與'edx'進行比較，如果它們不相同，炸彈就會爆炸。再往下，循環計數器遞增，然後與5進行比較 - 循環繼續進行，直到遞增後的值達到6（使用'jle'，因此它基本上檢查'C++'中的'++ i <= 5'） – CherryDT

這有解決了，沒關係。 – user3607785

然後請將您的解決方案作爲答案發布並接受，以便其他人也可以從中受益。 – CherryDT

它進入循環，並乘以sfirst具有1至產生第二數目，第二個數字與圖2，以產生第三數字等等，直到6個號碼已經達到數。所以結果是這樣的 - 9 9 18 54 216 1080我還添加了一些評論：

08048763 <phase_2>: 
; set up stack frame 
8048763: 55      push ebp 
8048764: 89 e5     mov ebp,esp 
8048766: 83 ec 28    sub esp,0x28 

; prepare memory 6 numbers 
8048769: 8d 45 dc    lea eax,[ebp-0x24] 
804876c: 83 c0 14    add eax,0x14 
804876f: 50      push eax 
8048770: 8d 45 dc    lea eax,[ebp-0x24] 
8048773: 83 c0 10    add eax,0x10 
8048776: 50      push eax 
8048777: 8d 45 dc    lea eax,[ebp-0x24] 
804877a: 83 c0 0c    add eax,0xc 
804877d: 50      push eax 
804877e: 8d 45 dc    lea eax,[ebp-0x24] 
8048781: 83 c0 08    add eax,0x8 
8048784: 50      push eax 
8048785: 8d 45 dc    lea eax,[ebp-0x24] 
8048788: 83 c0 04    add eax,0x4 
804878b: 50      push eax 
804878c: 8d 45 dc    lea eax,[ebp-0x24] 
804878f: 50      push eax 
8048790: 68 18 94 04 08   push 0x8049418 
8048795: ff 75 08    push DWORD PTR [ebp+0x8] 

; call scanf() 
8048798: e8 53 fd ff ff   call 80484f0 <[email protected]> 
804879d: 83 c4 20    add esp,0x20 

; check if there are more than 5 arguments, if not - explode 
80487a0: 83 f8 05    cmp eax,0x5 
80487a3: 7f 05     jg  80487aa <phase_2+0x47> 
80487a5: e8 ad fe ff ff   call 8048657 <explode> 
80487aa: 8b 45 dc    mov eax,DWORD PTR [ebp-0x24] 

; check if the 1st number is 9, if it is, goto 80487b7, else explode 
80487ad: 83 f8 09    cmp eax,0x9 
80487b0: 74 05     je  80487b7 <phase_2+0x54> 
80487b2: e8 a0 fe ff ff   call 8048657 <explode> 

; BEGINNING OF LOOP for(i=1;i<=5;i++) 
80487b7: c7 45 f4 01 00 00 00 mov DWORD PTR [ebp-0xc],0x1 
80487be: eb 22     jmp 80487e2 <phase_2+0x7f> 

; Get loop counter ,store in EDX 
80487c0: 8b 45 f4    mov eax,DWORD PTR [ebp-0xc] 
80487c3: 8b 54 85 dc    mov edx,DWORD PTR [ebp+eax*4-0x24] 

; again take loop counter minus 1 to EAX 
80487c7: 8b 45 f4    mov eax,DWORD PTR [ebp-0xc] 
80487ca: 83 e8 01    sub eax,0x1 
80487cd: 8b 44 85 dc    mov eax,DWORD PTR [ebp+eax*4-0x24] 

; multiply our number with loop counter minus 1 
80487d1: 0f af 45 f4    imul eax,DWORD PTR [ebp-0xc] 

; compare number with expected value, goto 80487de if equals 
80487d5: 39 c2     cmp edx,eax 
80487d7: 74 05     je  80487de <phase_2+0x7b> 
80487d9: e8 79 fe ff ff   call 8048657 <explode> 

; increase loop counter 
80487de: 83 45 f4 01    add DWORD PTR [ebp-0xc],0x1 

; compare loop counter to 5, jump to start if less that or equal 
80487e2: 83 7d f4 05    cmp DWORD PTR [ebp-0xc],0x5 
80487e6: 7e d8     jle 80487c0 <phase_2+0x5d> 
80487e8: 83 ec 0c    sub esp,0xc 

; Push defuse message and call "say", leave and return 
80487eb: 68 2a 94 04 08   push 0x804942a 
80487f0: e8 16 fe ff ff   call 804860b <say> 
80487f5: 83 c4 10    add esp,0x10 
80487f8: c9      leave 
80487f9: c3      ret

來源

2016-05-15 09:09:38 user3607785

二元炸彈 - 階段2

回答

相關問題