Void_Deer/my-notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CMU-CSAPP #1

Merged
Void_Deer merged 7 commits from CMU-CSAPP into main 2026-04-20 16:54:18 +08:00
Conversation 0 Commits 7 Files Changed 5 +72 -40
1 changed files with 72 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 5feb29cc95 - Show all commits

112
CMU-CSAPP/labs/bomb_lab/dbomb.asm
View File

@@ -562,64 +562,96 @@ Disassembly of section .text:
4010f3: c3 ret 4010f3: c3 ret
00000000004010f4 <phase_6>: 00000000004010f4 <phase_6>:
# breakpoint 1 at explode_bomb
4010f4: 41 56 push %r14 4010f4: 41 56 push %r14
4010f6: 41 55 push %r13 4010f6: 41 55 push %r13
4010f8: 41 54 push %r12 4010f8: 41 54 push %r12
4010fa: 55 push %rbp 4010fa: 55 push %rbp
4010fb: 53 push %rbx 4010fb: 53 push %rbx
4010fc: 48 83 ec 50 sub $0x50,%rsp 4010fc: 48 83 ec 50 sub $0x50,%rsp # stack frame setup
401100: 49 89 e5 mov %rsp,%r13 401100: 49 89 e5 mov %rsp,%r13 # store stack frame here
401103: 48 89 e6 mov %rsp,%rsi 401103: 48 89 e6 mov %rsp,%rsi
401106: e8 51 03 00 00 call 40145c <read_six_numbers> 401106: e8 51 03 00 00 call 40145c <read_six_numbers>
40110b: 49 89 e6 mov %rsp,%r14 40110b: 49 89 e6 mov %rsp,%r14
40110e: 41 bc 00 00 00 00 mov $0x0,%r12d 40110e: 41 bc 00 00 00 00 mov $0x0,%r12d # r12 = 0
# L6OuterLoop
401114: 4c 89 ed mov %r13,%rbp 401114: 4c 89 ed mov %r13,%rbp
401117: 41 8b 45 00 mov 0x0(%r13),%eax 401117: 41 8b 45 00 mov 0x0(%r13),%eax
# breakpoint -
# %eax here is the passwords. they needs to be <= 6
40111b: 83 e8 01 sub $0x1,%eax 40111b: 83 e8 01 sub $0x1,%eax
40111e: 83 f8 05 cmp $0x5,%eax 40111e: 83 f8 05 cmp $0x5,%eax
401121: 76 05 jbe 401128 <phase_6+0x34> 401121: 76 05 jbe 401128 <phase_6+0x34> # if eax - 1 <= 5, pass the test
401123: e8 12 03 00 00 call 40143a <explode_bomb> 401123: e8 12 03 00 00 call 40143a <explode_bomb>
401128: 41 83 c4 01 add $0x1,%r12d 401128: 41 83 c4 01 add $0x1,%r12d # r12d += 1
40112c: 41 83 fc 06 cmp $0x6,%r12d 40112c: 41 83 fc 06 cmp $0x6,%r12d
401130: 74 21 je 401153 <phase_6+0x5f> 401130: 74 21 je 401153 <phase_6+0x5f> # if r12d == 6, jump to L6OuterEnd.
# seems like a for loop. loop 5 times.
401132: 44 89 e3 mov %r12d,%ebx 401132: 44 89 e3 mov %r12d,%ebx
401135: 48 63 c3 movslq %ebx,%rax # L6InnerLoop
401138: 8b 04 84 mov (%rsp,%rax,4),%eax 401135: 48 63 c3 movslq %ebx,%rax # move rbx to rax, with sign extension.
40113b: 39 45 00 cmp %eax,0x0(%rbp) 401138: 8b 04 84 mov (%rsp,%rax,4),%eax # rax = 4 * rax + rsp, and move the value at that address to eax.
40113e: 75 05 jne 401145 <phase_6+0x51> # looks like accessing an array of integers on the stack.
401140: e8 f5 02 00 00 call 40143a <explode_bomb> # since the outer loop iterates 5 times, maybe this is the array
401145: 83 c3 01 add $0x1,%ebx # of numbers we just read?
401148: 83 fb 05 cmp $0x5,%ebx # Notes that r12d starts with 1. The first number read here is
40114b: 7e e8 jle 401135 <phase_6+0x41> # the second number in pswd.
40113b: 39 45 00 cmp %eax,0x0(%rbp) # compare eax with *rbp. What's rbp here?
# rbp = r13, which is the address of arr[0] in the beginning
# and increases by 4 each, or get the next number in array.
40113e: 75 05 jne 401145 <phase_6+0x51> # if equal, pass the test.
# I think this means we cannot have any equal number.
401140: e8 f5 02 00 00 call 40143a <explode_bomb>
401145: 83 c3 01 add $0x1,%ebx # rbx += 1
401148: 83 fb 05 cmp $0x5,%ebx # compare rbx with 5
40114b: 7e e8 jle 401135 <phase_6+0x41> # if rbx <= 5, jump to L6InnerLoop
40114d: 49 83 c5 04 add $0x4,%r13 40114d: 49 83 c5 04 add $0x4,%r13
401151: eb c1 jmp 401114 <phase_6+0x20> 401151: eb c1 jmp 401114 <phase_6+0x20> # jump to L6OuterLoop
401153: 48 8d 74 24 18 lea 0x18(%rsp),%rsi # L6OuterEnd
401158: 4c 89 f0 mov %r14,%rax # breakpoint -
40115b: b9 07 00 00 00 mov $0x7,%ecx 401153: 48 8d 74 24 18 lea 0x18(%rsp),%rsi # load the address of arr[0] + 0x18 in rsi
401160: 89 ca mov %ecx,%edx 401158: 4c 89 f0 mov %r14,%rax # rax = arr
401162: 2b 10 sub (%rax),%edx 40115b: b9 07 00 00 00 mov $0x7,%ecx # rcx = 7
401164: 89 10 mov %edx,(%rax) # L6Loop2Start, start with t = 0
401166: 48 83 c0 04 add $0x4,%rax 401160: 89 ca mov %ecx,%edx # rdx = 7
401162: 2b 10 sub (%rax),%edx # rdx = 7 - arr[t]
401164: 89 10 mov %edx,(%rax) # arr[0] = 7 - arr[t]
401166: 48 83 c0 04 add $0x4,%rax # rax set to arr[t + 1]
40116a: 48 39 f0 cmp %rsi,%rax 40116a: 48 39 f0 cmp %rsi,%rax
40116d: 75 f1 jne 401160 <phase_6+0x6c> 40116d: 75 f1 jne 401160 <phase_6+0x6c> # stop after processed all numbers
40116f: be 00 00 00 00 mov $0x0,%esi # L6Loop2End
401174: eb 21 jmp 401197 <phase_6+0xa3> 40116f: be 00 00 00 00 mov $0x0,%esi # rsi = 0
401176: 48 8b 52 08 mov 0x8(%rdx),%rdx # breakpoint -, set t = 0
40117a: 83 c0 01 add $0x1,%eax 401174: eb 21 jmp 401197 <phase_6+0xa3> # jump to L6s1
40117d: 39 c8 cmp %ecx,%eax # L6OuterLoop3Begin
40117f: 75 f5 jne 401176 <phase_6+0x82> # breakpoint -
401181: eb 05 jmp 401188 <phase_6+0x94> 401176: 48 8b 52 08 mov 0x8(%rdx),%rdx # rdx = *(rdx+8). rdx there is a linked list on heap
401183: ba d0 32 60 00 mov $0x6032d0,%edx 40117a: 83 c0 01 add $0x1,%eax # rax += 1
401188: 48 89 54 74 20 mov %rdx,0x20(%rsp,%rsi,2) 40117d: 39 c8 cmp %ecx,%eax
40118d: 48 83 c6 04 add $0x4,%rsi 40117f: 75 f5 jne 401176 <phase_6+0x82> # if rcx == 0 goto L6OuterLoop3Begin
401191: 48 83 fe 18 cmp $0x18,%rsi 401181: eb 05 jmp 401188 <phase_6+0x94> # otherwise goto L6s3
# L6s2
401183: ba d0 32 60 00 mov $0x6032d0,%edx # rdx = unknown_node
# L6s3
401188: 48 89 54 74 20 mov %rdx,0x20(%rsp,%rsi,2) # arr2[rsi] = unknown_node.
# arr2 have 8 bytes per member, actually a 32-bit pointer.
40118d: 48 83 c6 04 add $0x4,%rsi # rsi += 4, basically jump to next member
401191: 48 83 fe 18 cmp $0x18,%rsi # compare rsi with 18.... really?
401195: 74 14 je 4011ab <phase_6+0xb7> 401195: 74 14 je 4011ab <phase_6+0xb7>
401197: 8b 0c 34 mov (%rsp,%rsi,1),%ecx # L6s1 - What name should I give this?
401197: 8b 0c 34 mov (%rsp,%rsi,1),%ecx # rcx = arr[rsi]
40119a: 83 f9 01 cmp $0x1,%ecx 40119a: 83 f9 01 cmp $0x1,%ecx
40119d: 7e e4 jle 401183 <phase_6+0x8f> 40119d: 7e e4 jle 401183 <phase_6+0x8f> # if arr[rsi] <= 1 goto L6s2
40119f: b8 01 00 00 00 mov $0x1,%eax 40119f: b8 01 00 00 00 mov $0x1,%eax # eax = 1
4011a4: ba d0 32 60 00 mov $0x6032d0,%edx 4011a4: ba d0 32 60 00 mov $0x6032d0,%edx # edx = unknown_node
4011a9: eb cb jmp 401176 <phase_6+0x82> # 0x6032d0 <node1>: 0x000000010000014c 0x00000000006032e0
# 0x6032e0 <node2>: 0x00000002000000a8 0x00000000006032f0
# 0x6032f0 <node3>: 0x000000030000039c 0x0000000000603300
# 0x603300 <node4>: 0x00000004000002b3 0x0000000000603310
# 0x603310 <node5>: 0x00000005000001dd 0x0000000000603320
# 0x603320 <node6>: 0x00000006000001bb 0x0000000000000000
4011a9: eb cb jmp 401176 <phase_6+0x82> # goto L6OuterLoop3Begin
# L6OuterLoop3Exit
4011ab: 48 8b 5c 24 20 mov 0x20(%rsp),%rbx 4011ab: 48 8b 5c 24 20 mov 0x20(%rsp),%rbx
4011b0: 48 8d 44 24 28 lea 0x28(%rsp),%rax 4011b0: 48 8d 44 24 28 lea 0x28(%rsp),%rax
4011b5: 48 8d 74 24 50 lea 0x50(%rsp),%rsi 4011b5: 48 8d 74 24 50 lea 0x50(%rsp),%rsi