Here is the second level, here to share some of the GDB functions used in the problem solving process.
First, to make a breakpoint, for example, in the second gateway, the breakpoint operation is:
Bayi: input = read_line (); the : phase_2 (input); phase_defused: ();
Break 81; Break 82; Break 83; At read_line,phase_2,phase_defused, three function entrances were broken.
In addition, there is a place to need breakpoints, that is explode_bomb; action: Break Explode_bomb.
You can then use the jump command to jump directly to a function or an address after running to a breakpoint. I often use the jump *0x address in this lab. Jump directly to the Read_line function, so there is no need to enter the back of the level in a closed, until the one that is being debugged. In order to jump to read_line correctly, I need to know the address of the Read_line function, which can be obtained via info break (display breakpoint information).
After the info break gets the breakpoint address, the jump jumps directly to the function entry. Eg:jump *0x400e4e.
At the same time, you need to run a single-step debugging to see the register value. You can do this with the layout regs command. Then Si, ni, stepping (Si will run into the called function, NI does not enter the calling function)
Then is the command to view the memory: x/(n/f/u) 0x address. Baidu inquires a variety of uses, this does not repeat one by one.
*************************************************************************************************************** *********************************
Split Line
*************************************************************************************************************** *********************************
This is a phase_2 solution, written in the form of annotations.
0000000000400EFC<phase_2>: 400EFC: - Push%RBP 400EFD: - Push%RBX 400efe: - theEc - Sub$0X28,%RSP 400f02: - theE6mov%rsp,%rsi 400f05: E8 the to xx xxCALLQ 40145c<read_six_numbers> 400f0a: the3c - onCmpl $0x1, (%RSP);if the first number (SP) is not equal to 1,bomb.400f0e: About - JE400F30<phase_2+0x34> 400F10: E8 - to xx xxCALLQ 40143a<explode_bomb> 400f15: EB + jmp400F30<phase_2+0x34> 400f17: 8b +Fcmov-0x4 (%RBX),%eax 400f1a: onC0Add%eax,%eax 400f1c: the Geneva CMP%eax, (%RBX);if twice times the first number is not equal to the second number, bomb.400f1e: About to JE400f25<phase_2+0x29>;eg:1*2 = = 2; the second number is 2;400f20: E8 the to xx xxCALLQ 40143a<explode_bomb> 400f29: - theEbCMP%RBP,%RBX 400f25: - theC3Geneva Add$0x4,%rbx;stack pointer +1, shift backwards (check the number behind)400f2c: theE9jne400f17<phase_2+0x1b>;If the shift does not reach the last digit (sixth)400f2e: EB0c jmp400f3c<phase_2+0x40>;Loop to perform the check.400F30: -8d 5c - Geneva Lea0x4 (%RSP),%RBX;%RBX stores the starting address of the 2nd digit. (Data stack top)400f35: -8d 6c - - Lea0x18 (%RSP),%RBP;%bpx stores the last 6th place to end the landlord. (Data stack bottom)400f3a: EB dbjmp400f17<phase_2+0x1b> 400f3c: - theC4 - Add$0X28,%RSP 400f40: 5bPop%rbx;according to the law, the answer is "1 2 4 8".400f41: 5dPop%RBP 400f42: C3 RETQ
The answer to the second question "1 2 4 8 16 32"
Csapp 3e:bomb Lab (phase_2) + the GDB use in lab