21,458
社区成员
发帖
与我相关
我的任务
分享csapp的二进制炸弹
我汇编语言不甚精通,看这个有些吃力,解决了前两个字符串之后,第三个就不大明白了,希望大家能指点一二。如果那位高人能帮忙写一下注释更是万分感谢了。反编译如下。
Dump of assembler code for function phase_3:
0x08048bfc <phase_3+0>: push %ebp
0x08048bfd <phase_3+1>: mov %esp,%ebp
0x08048bff <phase_3+3>: sub $0x28,%esp
0x08048c02 <phase_3+6>: movl $0x0,-0x8(%ebp)
0x08048c09 <phase_3+13>: movl $0x0,-0x4(%ebp)
0x08048c10 <phase_3+20>: lea -0x10(%ebp),%eax
0x08048c13 <phase_3+23>: mov %eax,0xc(%esp)
0x08048c17 <phase_3+27>: lea -0xc(%ebp),%eax
0x08048c1a <phase_3+30>: mov %eax,0x8(%esp)
0x08048c1e <phase_3+34>: movl $0x80499a7,0x4(%esp)
0x08048c26 <phase_3+42>: mov 0x8(%ebp),%eax
0x08048c29 <phase_3+45>: mov %eax,(%esp)
0x08048c2c <phase_3+48>: call 0x8048868 <sscanf@plt>
0x08048c31 <phase_3+53>: mov %eax,-0x4(%ebp)
0x08048c34 <phase_3+56>: cmpl $0x1,-0x4(%ebp)
0x08048c38 <phase_3+60>: jg 0x8048c3f <phase_3+67>
0x08048c3a <phase_3+62>: call 0x804967a <explode_bomb>
0x08048c3f <phase_3+67>: mov -0xc(%ebp),%eax
0x08048c42 <phase_3+70>: mov %eax,-0x14(%ebp)
0x08048c45 <phase_3+73>: cmpl $0x7,-0x14(%ebp)
0x08048c49 <phase_3+77>: ja 0x8048c8b <phase_3+143>
0x08048c4b <phase_3+79>: mov -0x14(%ebp),%edx
0x08048c4e <phase_3+82>: mov 0x80499b0(,%edx,4),%eax
0x08048c55 <phase_3+89>: jmp *%eax
0x08048c57 <phase_3+91>: addl $0x4e,-0x8(%ebp)
0x08048c5b <phase_3+95>: subl $0x7e,-0x8(%ebp)
0x08048c5f <phase_3+99>: addl $0x3c7,-0x8(%ebp)
0x08048c66 <phase_3+106>: subl $0x114,-0x8(%ebp)
0x08048c6d <phase_3+113>: addl $0x199,-0x8(%ebp)
0x08048c74 <phase_3+120>: subl $0x332,-0x8(%ebp)
0x08048c7b <phase_3+127>: addl $0x332,-0x8(%ebp)
0x08048c82 <phase_3+134>: subl $0x3c2,-0x8(%ebp)
0x08048c89 <phase_3+141>: jmp 0x8048c90 <phase_3+148>
0x08048c8b <phase_3+143>: call 0x804967a <explode_bomb>
0x08048c90 <phase_3+148>: mov -0xc(%ebp),%eax
0x08048c93 <phase_3+151>: cmp $0x5,%eax
0x08048c96 <phase_3+154>: jg 0x8048ca0 <phase_3+164>
0x08048c98 <phase_3+156>: mov -0x10(%ebp),%eax
0x08048c9b <phase_3+159>: cmp %eax,-0x8(%ebp)
0x08048c9e <phase_3+162>: je 0x8048ca5 <phase_3+169>
0x08048ca0 <phase_3+164>: call 0x804967a <explode_bomb>
0x08048ca5 <phase_3+169>: leave
0x08048ca6 <phase_3+170>: ret
End of assembler dump.
Dump of assembler code for function phase_3:
0x08048bfc <phase_3+0>: push %ebp
0x08048bfd <phase_3+1>: mov %esp,%ebp
0x08048bff <phase_3+3>: sub $0x28,%esp
0x08048c02 <phase_3+6>: movl $0x0,-0x8(%ebp)
0x08048c09 <phase_3+13>: movl $0x0,-0x4(%ebp)
0x08048c10 <phase_3+20>: lea -0x10(%ebp),%eax
0x08048c13 <phase_3+23>: mov %eax,0xc(%esp)
0x08048c17 <phase_3+27>: lea -0xc(%ebp),%eax
0x08048c1a <phase_3+30>: mov %eax,0x8(%esp)
0x08048c1e <phase_3+34>: movl $0x80499a7,0x4(%esp)
0x08048c26 <phase_3+42>: mov 0x8(%ebp),%eax
0x08048c29 <phase_3+45>: mov %eax,(%esp)
0x08048c2c <phase_3+48>: call 0x8048868 <sscanf@plt>
0x08048c31 <phase_3+53>: mov %eax,-0x4(%ebp)
0x08048c34 <phase_3+56>: cmpl $0x1,-0x4(%ebp)
0x08048c38 <phase_3+60>: jg 0x8048c3f <phase_3+67>
0x08048c3a <phase_3+62>: call 0x804967a <explode_bomb>
0x08048c3f <phase_3+67>: mov -0xc(%ebp),%eax
0x08048c42 <phase_3+70>: mov %eax,-0x14(%ebp)
0x08048c45 <phase_3+73>: cmpl $0x7,-0x14(%ebp)
0x08048c49 <phase_3+77>: ja 0x8048c8b <phase_3+143>
0x08048c4b <phase_3+79>: mov -0x14(%ebp),%edx
0x08048c4e <phase_3+82>: mov 0x80499b0(,%edx,4),%eax
0x08048c55 <phase_3+89>: jmp *%eax
0x08048c57 <phase_3+91>: addl $0x4e,-0x8(%ebp)
0x08048c5b <phase_3+95>: subl $0x7e,-0x8(%ebp)
0x08048c5f <phase_3+99>: addl $0x3c7,-0x8(%ebp)
0x08048c66 <phase_3+106>: subl $0x114,-0x8(%ebp)
0x08048c6d <phase_3+113>: addl $0x199,-0x8(%ebp)
0x08048c74 <phase_3+120>: subl $0x332,-0x8(%ebp)
0x08048c7b <phase_3+127>: addl $0x332,-0x8(%ebp)
0x08048c82 <phase_3+134>: subl $0x3c2,-0x8(%ebp)
0x08048c89 <phase_3+141>: jmp 0x8048c90 <phase_3+148>
0x08048c8b <phase_3+143>: call 0x804967a <explode_bomb>
0x08048c90 <phase_3+148>: mov -0xc(%ebp),%eax
0x08048c93 <phase_3+151>: cmp $0x5,%eax
0x08048c96 <phase_3+154>: jg 0x8048ca0 <phase_3+164>
0x08048c98 <phase_3+156>: mov -0x10(%ebp),%eax
0x08048c9b <phase_3+159>: cmp %eax,-0x8(%ebp)
0x08048c9e <phase_3+162>: je 0x8048ca5 <phase_3+169>
0x08048ca0 <phase_3+164>: call 0x804967a <explode_bomb>
0x08048ca5 <phase_3+169>: leave
0x08048ca6 <phase_3+170>: ret
End of assembler dump.
...全文
请发表友善的回复…
发表回复
