Bomb Lab Secret Phase

2022-04-08 10:48:37 +08:00 · 2022-04-08 10:48:37 +08:00 · 461065e4db
parent e3af8ff3af
commit 461065e4db
4 changed files with 20 additions and 17 deletions
--- a/LAB3-bomblab/a.out
+++ b/LAB3-bomblab/a.out
--- a/LAB3-bomblab/bomb.s
+++ b/LAB3-bomblab/bomb.s
@ -691,21 +691,25 @@ Disassembly of section .text:
 8048f94:	8b 1a                	mov    (%edx),%ebx
 8048f96:	39 cb                	cmp    %ecx,%ebx
 8048f98:	7e 13                	jle    8048fad <fun7+0x29>
+ 
 8048f9a:	89 4c 24 04          	mov    %ecx,0x4(%esp)
 8048f9e:	8b 42 04             	mov    0x4(%edx),%eax
 8048fa1:	89 04 24             	mov    %eax,(%esp)
 8048fa4:	e8 db ff ff ff       	call   8048f84 <fun7>
 8048fa9:	01 c0                	add    %eax,%eax
 8048fab:	eb 23                	jmp    8048fd0 <fun7+0x4c>
+
 8048fad:	b8 00 00 00 00       	mov    $0x0,%eax
 8048fb2:	39 cb                	cmp    %ecx,%ebx
 8048fb4:	74 1a                	je     8048fd0 <fun7+0x4c>
+
 8048fb6:	89 4c 24 04          	mov    %ecx,0x4(%esp)
 8048fba:	8b 42 08             	mov    0x8(%edx),%eax
 8048fbd:	89 04 24             	mov    %eax,(%esp)
 8048fc0:	e8 bf ff ff ff       	call   8048f84 <fun7>
 8048fc5:	8d 44 00 01          	lea    0x1(%eax,%eax,1),%eax
 8048fc9:	eb 05                	jmp    8048fd0 <fun7+0x4c>
+ 
 8048fcb:	b8 ff ff ff ff       	mov    $0xffffffff,%eax
 8048fd0:	83 c4 18             	add    $0x18,%esp
 8048fd3:	5b                   	pop    %ebx
@ -721,6 +725,7 @@ Disassembly of section .text:
 8048fed:	00 
 8048fee:	89 04 24             	mov    %eax,(%esp)
 8048ff1:	e8 da f8 ff ff       	call   80488d0 <strtol@plt>
+
 8048ff6:	89 c3                	mov    %eax,%ebx
 8048ff8:	8d 40 ff             	lea    -0x1(%eax),%eax
 8048ffb:	3d e8 03 00 00       	cmp    $0x3e8,%eax
@ -1000,6 +1005,7 @@ Disassembly of section .text:
 8049376:	31 c0                	xor    %eax,%eax
 8049378:	83 3d c8 c3 04 08 06 	cmpl   $0x6,0x804c3c8
 804937f:	75 72                	jne    80493f3 <phase_defused+0x8d>
+
 8049381:	8d 44 24 2c          	lea    0x2c(%esp),%eax
 8049385:	89 44 24 10          	mov    %eax,0x10(%esp)
 8049389:	8d 44 24 28          	lea    0x28(%esp),%eax
@ -1012,6 +1018,7 @@ Disassembly of section .text:
 80493a8:	e8 b3 f4 ff ff       	call   8048860 <__isoc99_sscanf@plt>
 80493ad:	83 f8 03             	cmp    $0x3,%eax
 80493b0:	75 35                	jne    80493e7 <phase_defused+0x81>
+
 80493b2:	c7 44 24 04 12 a4 04 	movl   $0x804a412,0x4(%esp)
 80493b9:	08 
 80493ba:	8d 44 24 2c          	lea    0x2c(%esp),%eax
@ -1019,6 +1026,7 @@ Disassembly of section .text:
 80493c1:	e8 24 fd ff ff       	call   80490ea <strings_not_equal>
 80493c6:	85 c0                	test   %eax,%eax
 80493c8:	75 1d                	jne    80493e7 <phase_defused+0x81>
+
 80493ca:	c7 04 24 d8 a2 04 08 	movl   $0x804a2d8,(%esp)
 80493d1:	e8 1a f4 ff ff       	call   80487f0 <puts@plt>
 80493d6:	c7 04 24 00 a3 04 08 	movl   $0x804a300,(%esp)
--- a/LAB3-bomblab/func4.c
+++ b/LAB3-bomblab/func4.c
@ -1,3 +1,5 @@
+#include <stdio.h>
+
 int func4(int x, int y, int z)
 {
    int a = (y + z) / 2, ret;
@ -16,23 +18,15 @@ int func4(int x, int y, int z)
    return ret * 2 + 1;
 }

-int *n[6],l;
-node *head = 0x804c13c, *p;
-for (int k = 0; k < 6; i++)
+int main()
 {
-    if (a[k] == 1)
+    int a,ret;
+    for(a=0;a<15;a++)
    {
-        n[k] = (int *)head;
-    }
-    else
-    {
-        p = head;
-        l=1;
-        do
+        ret=func4(a,0,0xe);
+        if(ret==0)
        {
-            p = p->next;
-            l++;
-        } while (l != a[k]);
-        n[k] = (int *)p;
+            printf("%d ",a);
+        }
    }
 }
--- a/LAB3-bomblab/solution.txt
+++ b/LAB3-bomblab/solution.txt
@ -1,6 +1,7 @@
 You can Russia from land here in Alaska.
 0 1 1 2 3 5
 0 h 395
-0 0
+0 0 DrEvil
 -&#$('
-2 6 1 3 5 4
+4 5 3 1 6 2
+47