Assembly 使用汇编代码查找密码
我需要使用汇编代码跟踪密码,任何猜测,我认为应该有用的代码部分如下所示Assembly 使用汇编代码查找密码,assembly,passwords,cracking,Assembly,Passwords,Cracking,我需要使用汇编代码跟踪密码,任何猜测,我认为应该有用的代码部分如下所示 0x080484e9 89542404 mov dword [esp + 4], edx
0x080484e9 89542404 mov dword [esp + 4], edx
0x080484ed 890424 mov dword [esp], eax
0x080484f0 e8fbfeffff call sym.imp.__isoc99_scanf ;[2]
0x080484f5 c74424200000. mov dword [esp + 0x20], 0
,=< 0x080484fd eb3f jmp 0x804853e ;[3]
.--> 0x080484ff 8b442420 mov eax, dword [esp + 0x20] ; [0x20:4]=0x115c ; "\." 0x00000020 ; "\." @ 0x20
|| 0x08048503 0520a00408 add eax, str.5tr0vZBrX:xTyR_P_
|| 0x08048508 0fb610 movzx edx, byte [eax]
|| 0x0804850b 8b442420 mov eax, dword [esp + 0x20] ; [0x20:4]=0x115c ; "\." 0x00000020 ; "\." @ 0x20
|| 0x0804850f 31d0 xor eax, edx
|| 0x08048511 88442427 mov byte [esp + 0x27], al
|| 0x08048515 8d442428 lea eax, [esp + 0x28] ; 0x28 ; '(' ; "4" @ 0x28
|| 0x08048519 03442420 add eax, dword [esp + 0x20]
|| 0x0804851d 0fb600 movzx eax, byte [eax]
|| 0x08048520 3a442427 cmp al, byte [esp + 0x27] ; [0x27:1]=0 ; '''
,===< 0x08048524 7413 je 0x8048539 ;[4]
||| 0x08048526 c70424848604. mov dword [esp], str.Wrong_ ; [0x8048684:4]=0x6e6f7257 LEA str.Wrong_ ; "Wrong!" @ 0x8048684
||| 0x0804852d e88efeffff call sym.imp.puts ;[5]
||| 0x08048532 b801000000 mov eax, 1
,====< 0x08048537 eb41 jmp 0x804857a ;[6]
|`---> 0x08048539 8344242001 add dword [esp + 0x20], 1
| |`-> 0x0804853e 8b5c2420 mov ebx, dword [esp + 0x20] ; [0x20:4]=0x115c ; "\." 0x00000020 ; "\." @ 0x20
| | 0x08048542 b820a00408 mov eax, str.5tr0vZBrX:xTyR_P_ ; "5tr0vZBrX:xTyR-P!" @ 0x804a020
| | 0x08048547 c744241cffff. mov dword [esp + 0x1c], 0xffffffff ; [0xffffffff:4]=-1 ; -1 ; -1
| | 0x0804854f 89c2 mov edx, eax
| | 0x08048551 b800000000 mov eax, 0
| | 0x08048556 8b4c241c mov ecx, dword [esp + 0x1c] ; [0x1c:4]=52 ; "4" @ 0x1c
| | 0x0804855a 89d7 mov edi, edx
| | 0x0804855c f2ae repne scasb al, byte es:[edi]
| | 0x0804855e 89c8 mov eax, ecx
| | 0x08048560 f7d0 not eax
| | 0x08048562 83e801 sub eax, 1
| | 0x08048565 39c3 cmp ebx, eax
| `==< 0x08048567 7296 jb 0x80484ff ;[7]
| 0x08048569 c704248b8604. mov dword [esp], str._nSuccess___Too_easy. ; [0x804868b:4]=0x6375530a LEA str._nSuccess___Too_easy. ; str._nSuccess___Too_easy.
| 0x08048570 e84bfeffff call sym.imp.puts ;[5]
| 0x08048575 b800000000 mov eax, 0
`----> 0x0804857a 8b54243c mov edx, dword [esp + 0x3c] ; [0x3c:4]=0x8048034 section_end.ehdr ; '<' ; "4...4... ." @ 0x3c
0x0804857e 653315140000. xor edx, dword gs:[0x14]
0x080484e9 89542404 mov dword[esp+4],edx
0x080484ed 890424 mov dword[esp],eax
0x080484f0 e8fbfeffff呼叫符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号符号;[2]
0x080484f5 c74424200000。mov dword[esp+0x20],0
,=<0x080484fd eb3f jmp 0x804853e;[3]
.-->0x080484ff 8b442420 mov eax,dword[esp+0x20];[0x20:4]=0x115c;“\”0x00000020;“\”@0x20
||0x08048503 0520a00408添加eax,str.5tr0vZBrX:xTyR\U P\U
||0x08048508 0fb610 movzx edx,字节[eax]
||0x0804850b 8b442420 mov eax,dword[esp+0x20];[0x20:4]=0x115c;“\”0x00000020;“\”@0x20
||0x0804850f 31d0异或eax,edx
||0x08048511 88442427 mov字节[esp+0x27],al
||0x08048515 8d442428 lea eax,[esp+0x28];0x28;'(';“4”@0x28
||0x08048519 03442420添加eax,dword[esp+0x20]
||0x0804851d 0fb600 movzx eax,字节[eax]
||0x08048520 3a442427 cmp al,字节[esp+0x27];[0x27:1]=0;“”
,==<0x08048524 7413 je 0x8048539;[4]
|||0x08048526 C704248604.mov dword[esp],str.error;[0x8048684:4]=0x6e6f7257 LEA str.error;“error!”@0x8048684
|||0x0804852d E88EFEFFF调用sym.imp.puts;[5]
|||0x08048532 B801000 mov eax,1
,=<0x08048537 eb41 jmp 0x804857a;[6]
|`--->0x08048539 8344242001添加dword[esp+0x20],1
||`->0x0804853e 8b5c2420 mov ebx,dword[esp+0x20];[0x20:4]=0x115c;“\.”0x00000020;“\.”@0x20
|| 0x08048542 b820a00408 mov eax,str.5tr0vZBrX:xTyR_P|;“5tr0vZBrX:xTyR-P!”@0x804a020
|| 0x08048547 c744241cffff.mov dword[esp+0x1c],0xffffffff;[0xFFFFFF:4]=-1;-1;-1
|| 0x0804854f 89c2移动edx,eax
|| 0x08048551 B80000000 mov eax,0
|| 0x08048556 8b4c241c mov ecx,dword[esp+0x1c];[0x1c:4]=52;“4”@0x1c
|| 0x0804855a 89d7 mov edi,edx