问题
I'm having a bit of trouble understanding the following assembly code for the bomb lab. Running through it so far, I've figured out that the answer is supposed to be two decimal values. If not it will explode the bomb. Then, function 4 is making sure that the first value inputted is between 0 and 30. (0x1e) Then it jumps to func4 where it does something to my number. I understand up to the
sub %esi,%eax
then I don't completely understand what is going on in the function. I've tried plugging in values and checking them in the registry but I still don't understand what is going in function 4.
My attempt at understanding it is that, first its setting registers equal to each other. Then its doing an arithmetic right shift by 31 (0x1f). Then its subtracting by 1 and adding it to eax. So, from what I understand its taking a number. Subtracting it by 1 and then adding them together? Such that the simplified formula would be (x-1)*x ?
Func_4
00000000004010b2 <func4>:
4010b2: 55 push %rbp
4010b3: 48 89 e5 mov %rsp,%rbp
4010b6: 89 d0 mov %edx,%eax
4010b8: 29 f0 sub %esi,%eax
4010ba: 89 c1 mov %eax,%ecx
4010bc: c1 e9 1f shr $0x1f,%ecx
4010bf: 01 c8 add %ecx,%eax
4010c1: d1 f8 sar %eax
4010c3: 8d 0c 30 lea (%rax,%rsi,1),%ecx
4010c6: 39 f9 cmp %edi,%ecx
4010c8: 7e 0c jle 4010d6 <func4+0x24>
4010ca: 8d 51 ff lea -0x1(%rcx),%edx
4010cd: e8 e0 ff ff ff callq 4010b2 <func4>
4010d2: 01 c0 add %eax,%eax
4010d4: eb 15 jmp 4010eb <func4+0x39>
4010d6: b8 00 00 00 00 mov $0x0,%eax
4010db: 39 f9 cmp %edi,%ecx
4010dd: 7d 0c jge 4010eb <func4+0x39>
4010df: 8d 71 01 lea 0x1(%rcx),%esi
4010e2: e8 cb ff ff ff callq 4010b2 <func4>
4010e7: 8d 44 00 01 lea 0x1(%rax,%rax,1),%eax
4010eb: 5d pop %rbp
4010ec: c3 retq
Phase_4
00000000004010ed <phase_4>:
4010ed: 55 push %rbp
4010ee: 48 89 e5 mov %rsp,%rbp
4010f1: 48 83 ec 10 sub $0x10,%rsp
4010f5: 48 8d 4d fc lea -0x4(%rbp),%rcx
4010f9: 48 8d 55 f8 lea -0x8(%rbp),%rdx
4010fd: be 6d 2a 40 00 mov $0x402a6d,%esi
401102: b8 00 00 00 00 mov $0x0,%eax
401107: e8 a4 fb ff ff callq 400cb0 <__isoc99_sscanf@plt>
40110c: 83 f8 02 cmp $0x2,%eax
40110f: 75 0b jne 40111c <phase_4+0x2f>
401111: 8b 45 f8 mov -0x8(%rbp),%eax
401114: 83 e8 20 sub $0x20,%eax
401117: 83 f8 1e cmp $0x1e,%eax
40111a: 76 05 jbe 401121 <phase_4+0x34>
40111c: e8 b4 05 00 00 callq 4016d5 <explode_bomb>
401121: ba 3e 00 00 00 mov $0x3e,%edx
401126: be 20 00 00 00 mov $0x20,%esi
40112b: 8b 7d f8 mov -0x8(%rbp),%edi
40112e: e8 7f ff ff ff callq 4010b2 <func4>
401133: 83 f8 0e cmp $0xe,%eax
401136: 75 06 jne 40113e <phase_4+0x51>
401138: 83 7d fc 0e cmpl $0xe,-0x4(%rbp)
40113c: 74 05 je 401143 <phase_4+0x56>
40113e: e8 92 05 00 00 callq 4016d5 <explode_bomb>
401143: c9 leaveq
401144: c3 retq
来源:https://stackoverflow.com/questions/46636567/bomb-lab-phase-4