Assembly 组装炸弹实验室第四阶段 0x00000000004010e4:sub$0x18，%rsp rsp=-24 0x00000000004010e8:lea 0x8（%rsp），%rcx rcx=76 0x00000000004010ed:lea 0xc（%rs_Assembly_Reverse Engineering_X86 64

Assembly 组装炸弹实验室第四阶段 0x00000000004010e4:sub$0x18，%rsp rsp=-24 0x00000000004010e8:lea 0x8（%rsp），%rcx rcx=76 0x00000000004010ed:lea 0xc（%rs

assembly

Assembly 组装炸弹实验室第四阶段 0x00000000004010e4:sub$0x18，%rsp rsp=-24 0x00000000004010e8:lea 0x8（%rsp），%rcx rcx=76 0x00000000004010ed:lea 0xc（%rs,assembly,reverse-engineering,x86-64,Assembly,Reverse Engineering,X86 64,组装炸弹实验室第四阶段 0x00000000004010e4:sub$0x18，%rsp rsp=-24 0x00000000004010e8:lea 0x8（%rsp），%rcx rcx=76 0x00000000004010ed:lea 0xc（%rsp），%rdx rdx=0 0x00000000004010f2:mov$0x40298d，%esi esi=37输入为%d%d 0x00000000004010f7:mov$0x0，%eax eax=0 0x00000000004010fc:

组装炸弹实验室第四阶段

0x00000000004010e4:sub$0x18，%rsp rsp=-24
0x00000000004010e8:lea 0x8（%rsp），%rcx rcx=76
0x00000000004010ed:lea 0xc（%rsp），%rdx rdx=0
0x00000000004010f2:mov$0x40298d，%esi esi=37输入为%d%d
0x00000000004010f7:mov$0x0，%eax eax=0
0x00000000004010fc:callq 0x400cb0
0x0000000000401001:cmp$0x2，%eax eax=2
0x000000000040104:jne 0x401112如果eax不=到2
0x0000000000401006:mov 0x8（%rsp），%eax eax=2
0x000000000040100A:子$0x2，%eax eax=0
0x000000000040100D:cmp$0x2，%eax
0x0000000000401110:jbe 0x401117如果eax低于=2
0x0000000000401112:callq 0x40166c
0x0000000000401117:mov 0x8（%rsp），%esi esi=2
0x000000000040111b:mov$0x8，%edi edi=8
0x0000000000401120:callq 0x4010ac
0x0000000000401125:cmp 0xc（%rsp），%eax
0x0000000000401129:je 0x401130
0x000000000040112b:callq 0x40166c
0x0000000000401130:添加$0x18，%rsp
0x0000000000401134:ret
__________________________________________________
职能4
0x00000000004010ac:推送%r12 r12==49
0x00000000004010ae:推送%rbp rbp==0
0x00000000004010af:推送%rbx rbx==-25
0x00000000004010b0:mov%edi，%ebx ebx==8
0x00000000004010b2:测试%edi，%edi 8==8
0x00000000004010b4:jle 0x4010da如果edi算法与中相同。谢谢！我还是很困惑。所以如果我的edi值是8，esi值是2，我会得到类似于func4（edi-1，esi）+func4（edi-2，esi）+esi的结果。那就是func4（8-1,2）+func4（8-2,2）+2？但是，我需要再次运行每个func4以获取值？@Saif将代码放在后面的勾号中，如下图所示
以使代码可读``当您注释一个函数时，您不需要对被调用方保存的寄存器中的值进行注释，这些值在序言中推送并在尾声中恢复。（例如功能4中的r12
、rbp
和rbx）。他们当时的价值观并不有趣。它们只是被保存/还原，以便函数可以将它们用于自己的目的。有关调用约定/ABI的内容的链接，请参见+1用于用您目前为止所了解的内容注释反汇编。这里没有太多的长期价值，但你问的方法是正确的
  0x00000000004010e4 <+0>:     sub    $0x18,%rsp          rsp=-24
   0x00000000004010e8 <+4>:     lea    0x8(%rsp),%rcx   rcx=76
   0x00000000004010ed <+9>:     lea    0xc(%rsp),%rdx   rdx=0
   0x00000000004010f2 <+14>:    mov    $0x40298d,%esi   esi= 37 input is %d %d
   0x00000000004010f7 <+19>:    mov    $0x0,%eax                eax=0
   0x00000000004010fc <+24>:    callq  0x400cb0 <__isoc99_sscanf@plt>  
   0x0000000000401101 <+29>:    cmp    $0x2,%eax                eax=2
   0x0000000000401104 <+32>:    jne    0x401112 <phase_4+46> if eax not = to 2 
   0x0000000000401106 <+34>:    mov    0x8(%rsp),%eax          eax=2
   0x000000000040110a <+38>:    sub    $0x2,%eax               eax=0
   0x000000000040110d <+41>:    cmp    $0x2,%eax
   0x0000000000401110 <+44>:    jbe    0x401117 <phase_4+51>   if eax below = 2
   0x0000000000401112 <+46>:    callq  0x40166c <explode_bomb>
   0x0000000000401117 <+51>:    mov    0x8(%rsp),%esi          esi=2
   0x000000000040111b <+55>:    mov    $0x8,%edi               edi=8
   0x0000000000401120 <+60>:    callq  0x4010ac <func4>
   0x0000000000401125 <+65>:    cmp    0xc(%rsp),%eax
   0x0000000000401129 <+69>:    je     0x401130 <phase_4+76> 
   0x000000000040112b <+71>:    callq  0x40166c <explode_bomb>
   0x0000000000401130 <+76>:    add    $0x18,%rsp
   0x0000000000401134 <+80>:    ret

__________________________________________________
function 4 
   0x00000000004010ac <+0>:     push   %r12                     r12 == 49
   0x00000000004010ae <+2>:     push   %rbp                     rbp==0
   0x00000000004010af <+3>:     push   %rbx                       rbx== -25
   0x00000000004010b0 <+4>:     mov    %edi,%ebx              ebx ==8
   0x00000000004010b2 <+6>:     test   %edi,%edi                  8==8
   0x00000000004010b4 <+8>:     jle    0x4010da <func4+46> if edi <= edi
   0x00000000004010b6 <+10>:    mov    %esi,%ebp               ebp=2
   0x00000000004010b8 <+12>:    mov    %esi,%eax                eax=2
   0x00000000004010ba <+14>:    cmp    $0x1,%edi 
   0x00000000004010bd <+17>:    je     0x4010df <func4+51>
   0x00000000004010bf <+19>:    lea    -0x1(%rdi),%edi            edi=7
   0x00000000004010c2 <+22>:    callq  0x4010ac <func4>
   0x00000000004010c7 <+27>:    lea    (%rax,%rbp,1),%r12d     r12d=68
   0x00000000004010cb <+31>:    lea    -0x2(%rbx),%edi             edi=6
   0x00000000004010ce <+34>:    mov    %ebp,%esi                    esi=2
   0x00000000004010d0 <+36>:    callq  0x4010ac <func4>
   0x00000000004010d5 <+41>:    add    %r12d,%eax                 eax=40 
   0x00000000004010d8 <+44>:    jmp    0x4010df <func4+51>
   0x00000000004010da <+46>:    mov    $0x0,%eax  
   0x00000000004010df <+51>:    pop    %rbx   
   0x00000000004010e0 <+52>:    pop    %rbp
   0x00000000004010e1 <+53>:    pop    %r12
---Type <return> to continue, or q <return> to quit---
   0x00000000004010e3 <+55>:    retq