我很难追踪以下二进制炸弹的汇编代码(学校的一项作业,其中必须拆除炸弹,该炸弹包含 6 个阶段,所有阶段都有 1 个正确的输入才能进入下一阶段)。我目前处于 Phase_4,它有一个名为 func4 的递归函数。我已经确定输入是“%d %d”,它是两个整数。但是,即使在每一步中获取所有寄存器的信息之后,我也无法完全弄清楚 func4 正在做什么。
第 4 阶段转储:
Dump of assembler code for function phase_4:
0x0000000000401016 <+0>: sub $0x18,%rsp
0x000000000040101a <+4>: lea 0xc(%rsp),%rcx
0x000000000040101f <+9>: lea 0x8(%rsp),%rdx
0x0000000000401024 <+14>: mov $0x4027cd,%esi
0x0000000000401029 <+19>: mov $0x0,%eax
0x000000000040102e <+24>: callq 0x400c30 <__isoc99_sscanf@plt>
0x0000000000401033 <+29>: cmp $0x2,%eax
0x0000000000401036 <+32>: jne 0x401044 <phase_4+46>
0x0000000000401038 <+34>: mov 0xc(%rsp),%eax
0x000000000040103c <+38>: sub $0x2,%eax
0x000000000040103f <+41>: cmp $0x2,%eax
0x0000000000401042 <+44>: jbe 0x401049 <phase_4+51>
0x0000000000401044 <+46>: callq 0x401554 <explode_bomb>
0x0000000000401049 <+51>: mov 0xc(%rsp),%esi
0x000000000040104d <+55>: mov $0x5,%edi
=> 0x0000000000401052 <+60>: callq 0x400fde <func4>
0x0000000000401057 <+65>: cmp 0x8(%rsp),%eax
0x000000000040105b <+69>: je 0x401062 <phase_4+76>
0x000000000040105d <+71>: callq 0x401554 <explode_bomb>
0x0000000000401062 <+76>: add $0x18,%rsp
0x0000000000401066 <+80>: retq
End of assembler dump.
func4 的转储:
Dump of assembler code for function func4:
=> 0x0000000000400fde <+0>: push %r12
0x0000000000400fe0 <+2>: push %rbp
0x0000000000400fe1 <+3>: push %rbx
0x0000000000400fe2 <+4>: mov %edi,%ebx
0x0000000000400fe4 <+6>: test %edi,%edi
0x0000000000400fe6 <+8>: jle 0x40100c <func4+46>
0x0000000000400fe8 <+10>: mov %esi,%ebp
0x0000000000400fea <+12>: mov %esi,%eax
0x0000000000400fec <+14>: cmp $0x1,%edi
0x0000000000400fef <+17>: je 0x401011 <func4+51>
0x0000000000400ff1 <+19>: lea -0x1(%rdi),%edi
0x0000000000400ff4 <+22>: callq 0x400fde <func4>
0x0000000000400ff9 <+27>: lea (%rax,%rbp,1),%r12d
0x0000000000400ffd <+31>: lea -0x2(%rbx),%edi
0x0000000000401000 <+34>: mov %ebp,%esi
0x0000000000401002 <+36>: callq 0x400fde <func4>
0x0000000000401007 <+41>: add %r12d,%eax
0x000000000040100a <+44>: jmp 0x401011 <func4+51>
0x000000000040100c <+46>: mov $0x0,%eax
0x0000000000401011 <+51>: pop %rbx
0x0000000000401012 <+52>: pop %rbp
0x0000000000401013 <+53>: pop %r12
0x0000000000401015 <+55>: retq
End of assembler dump.
斐波那契数列 斐波那契二元炸弹在这里讨论,http://zpalexander.com/binary-bomb-lab-phase-4/。可能有两个输入。斐波那契输入数及其输出值