Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/assembly/6.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Assembly 二元炸弹实验室第四阶段_Assembly_X86_Reverse Engineering - Fatal编程技术网
Fatal编程技术网
  • assembly/
  • Assembly 二元炸弹实验室第四阶段

Assembly 二元炸弹实验室第四阶段

assembly x86

Assembly 二元炸弹实验室第四阶段,assembly,x86,reverse-engineering,Assembly,X86,Reverse Engineering,这是我的汇编代码: Dump of assembler code for function phase_4: => 0x08048cb1 <+0>: push %esi 0x08048cb2 <+1>: push %ebx 0x08048cb3 <+2>: sub $0x14,%esp 0x08048cb6 <+5>: mov 0x20(%esp),%ebx 0x08048cba <+9>

这是我的汇编代码:

Dump of assembler code for function phase_4:
=> 0x08048cb1 <+0>: push   %esi
   0x08048cb2 <+1>: push   %ebx
   0x08048cb3 <+2>: sub    $0x14,%esp
   0x08048cb6 <+5>: mov    0x20(%esp),%ebx
   0x08048cba <+9>: mov    %ebx,(%esp)
   0x08048cbd <+12>: call   0x804909b <string_length>
   0x08048cc2 <+17>: mov    %eax,%esi
   0x08048cc4 <+19>: lea    0x1(%eax),%eax
   0x08048cc7 <+22>: mov    %eax,(%esp)
   0x08048cca <+25>: call   0x8048800 <malloc@plt>
   0x08048ccf <+30>: lea    (%eax,%esi,1),%ecx
   0x08048cd2 <+33>: movb   $0x0,(%ecx)
   0x08048cd5 <+36>: movzbl (%ebx),%edx
   0x08048cd8 <+39>: test   %dl,%dl
   0x08048cda <+41>: je     0x8048ceb <phase_4+58>
   0x08048cdc <+43>: sub    $0x1,%ecx
   0x08048cdf <+46>: mov    %dl,(%ecx)
   0x08048ce1 <+48>: add    $0x1,%ebx
   0x08048ce4 <+51>: movzbl (%ebx),%edx
   0x08048ce7 <+54>: test   %dl,%dl
   0x08048ce9 <+56>: jne    0x8048cdc <phase_4+43>
   0x08048ceb <+58>: mov    %eax,0x4(%esp)
   0x08048cef <+62>: movl   $0x804a3a8,(%esp)
   0x08048cf6 <+69>: call   0x80490ba <strings_not_equal>
   0x08048cfb <+74>: test   %eax,%eax
   0x08048cfd <+76>: je     0x8048d04 <phase_4+83>
   0x08048cff <+78>: call   0x8049353 <explode_bomb>
   0x08048d04 <+83>: add    $0x14,%esp
   0x08048d07 <+86>: pop    %ebx
   0x08048d08 <+87>: pop    %esi
   0x08048d09 <+88>: ret

功能阶段4的汇编程序代码转储:
=>0x08048cb1:推送%esi
0x08048cb2:推送%ebx
0x08048cb3:子$0x14,%esp
0x08048cb6:mov 0x20(%esp),%ebx
0x08048cba:mov%ebx,(%esp)
0x08048cbd:调用0x804909b
0x08048cc2:mov%eax,%esi
0x08048cc4:lea 0x1(%eax),%eax
0x08048cc7:mov%eax,(%esp)
0x08048cca:呼叫0x8048800
0x08048ccf:lea(%eax,%esi,1),%ecx
0x08048cd2:movb$0x0,(%ecx)
0x08048cd5:movzbl(%ebx),%edx
0x08048cd8:测试%dl,%dl
0x08048cda:je 0x8048ceb
0x08048cdc:sub$0x1,%ecx
0x08048cdf:mov%dl,(%ecx)
0x08048ce1:添加$0x1,%ebx
0x08048ce4:movzbl(%ebx),%edx
0x08048ce7:测试%dl,%dl
0x08048ce9:jne 0x8048cdc
0x08048ceb:mov%eax,0x4(%esp)
0x08048cef:movl$0x804a3a8,(%esp)
0x08048cf6:调用0x80490ba
0x08048cfb:测试%eax,%eax
0x08048cfd:je 0x8048d04
0x08048cff:调用0x8049353
0x08048d04:添加$0x14,%esp
0x08048d07:弹出%ebx
0x08048d08:弹出%esi
0x08048d09:ret
我知道输入字符串正在被操作,我看到有一个循环一直到输入字符串的末尾。但我似乎不知道这个被操纵的字符串存储在哪里?可能是我炸弹里的一根绳子吗?我有一个字符串“什么比一只笑着的花栗鼠更好?一只沉默的花栗鼠”,我想这可能是我的输入被操纵了。我试着检查ebx和edx,但没有运气

有什么建议吗?谢谢大家!

movl$0x804a3a8,(%esp)
看起来像是在存储一个指针arg,用于调用
字符串\u not \u equal
。因此,这显然是第一个要查看的地方,除非代码在实际检查之前修改静态数据。
movl$0x804a3a8,(%esp)
看起来它存储了一个指针arg,用于调用
字符串\u not \u equal
。因此,这显然是第一个要查看的地方,除非代码在实际检查之前修改静态数据。