Shulou(Shulou.com)06/01 Report--

Question 1:

Hint has made it very clear: IDA, just press R for that pile of numbers.

Question 2:

Low_addr rsp0x10x4 relative address 0x180x1chigh_addr rbp00000000004004e6: 4004e6: 55 push rbp 4004e7: 48 89 e5 mov rbp,rsp 4004ea: 48 89 7 de E8 mov QWORD PTR [rbp-0x18], rdi 4 words = 8 byte=64bit rdi memory parameters rdi is the first parameter of 64-bit register 4004ee: 89 75 e4 mov DWORD PTR [rbp-0x1c] Esi esi is the second parameter of 32-bit register esi can store two words 4004f1: c7 45 fc 01 00 00 mov DWORD PTR [rbp-0x4], 0x1 writes 1 4004f8: eb 28 jmp 400522 4004fa: 8b 45 fc mov eax,DWORD PTR [rbp-0x4] DWORD PTR [rbp-0x4] to memory [rbp-0x4] this pointer represents the place where the value is 1. Eax=1 4004fd: 48 63 d0 movsxd rdx,eax movsxd signed extension and transmission rdx=1 400500: 48 8b 45 e8 mov rax,QWORD PTR [rbp-0x18] rax=input home address 400504: 48 01 d0 add rax,rdx rax=input home address + 1 input [1] 400507: 8b 55 fc mov edx DWORD PTR [rbp-0x4] edx=1 40050a: 48 63 ca movsxd rcx,edx rcx=1 40050d: 488b 55e8 mov rdx,QWORD PTR [rbp-0x18] rdx=input Home address 400511: 48 01 ca add rdx,rcx rdx=input Home address + 1 input [1] 400514: 0f b60a movzx ecx BYTE PTR [rdx] ecx= 0x67 400517: 8b 55 fc mov edx,DWORD PTR [rbp-0x4] edx=1 40051a: 31 ca xor edx,ecx edx=0x67 ^ 0x1 = 0x66 ='f '40051c: 88 10 mov BYTE PTR [rax], dl 40051e: 83 45 fc 01 add DWORD PTR [rbp-0x4] The value at 0x1 [rbp-0x4] + 1 400522: 8b 45 fc mov eax,DWORD PTR [rbp-0x4] [rbp-0x4] is read into eax 400525: 3b 45 e4 cmp eax DWORD PTR [rbp-0x1c] eax compared to 28 400528: 7e d0 jle 4004fa less than 28, jump to 4004fa 40052a: 90 nop 40052b: 5d pop rbp 40052c: C3 ret int main (int argc, char const * argv []) {char input [] = {0x0, 0x67, 0x6e, 0x62, 0x63, 0x7e, 0x74, 0x62, 0x69, 0x6d 0x55, 0x6a, 0x7f, 0x60, 0x51, 0x66, 0x63, 0x4e, 0x66, 0x7b, 0x71, 0x4a, 0x74, 0x76, 0x6b, 0x70, 0x79, 0x66, 0x1c} Func (input, 28); printf ("% s\ n", input+1); return 0;}

1. Mov ax,bx; assigns the "inside" value of the BX register to AX. Since both are registers with a fixed length (word type), there is no need to add "WORD".

Mov ax,word ptr [bx]; is to assign ax the data stored in the place where the memory address is equal to "the value of the BX register". Since you only give a memory address, you don't know whether you want to give ax byte or word, so you can make it clear with word; if not, (mov ax, [bx];) passes one word, or two bytes to ax, by default in 8086.

two。

R for 64 bits, e for 32 bits, and a char takes up one byte

3.

When a function is called, the following actions are done by default:

Put the bottom address of the stack frame stack of the calling function into the stack, that is, press the value of the bp register into the call stack

Create a new stack frame and put the bottom address of the stack of the tuned function into the bp register

The following two instructions complete the above actions:

Push rbp

Mov rsp, rbp

Ptr-pointer (pointer) is an abbreviation.

In the assembly, ptr is a specified word (reserved word), which is of the type specified in the coming time.

(it can be understood that ptr is a temporary type conversion, which is equivalent to mandatory type conversion in C)

PS:

Read the assembly code for the first time. The feeling is quite interesting, all while looking at the data, the most sinister thing is that at first I thought that the function parameters were stored directly as strings, but later, half of the analysis did not feel right. What was originally saved was the address of the string. Damn it.

Finally, python Mini Program is attached:

A = [0x67, 0x6e, 0x62, 0x63, 0x6d, 0x55, 0x6a, 0x7f, 0x60, 0x51, 0x66, 0x63, 0x4e, 0x66, 0x7b, 0x71, 0x4a, 0x74, 0x76, 0x6b, 0x70, 0x79, 0x66, 0x1c] b = "for x in range (1J 29): b=b+chr (a [x-1] ^ x) print b

Flag {read_asm_is_the_basic}

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.