这个程序集的等效C代码是什么?

时间:2021-09-19 03:15:07
add    0x4025c0(,%rcx,4),%edx

So I'm trying to convert this piece of assembly code into the actual C expression, can anyone please help me? Thank you!

所以我试图将这段汇编代码转换成实际的C表达式,有人可以帮助我吗?谢谢!

Updated: The code is actually part of this assembly program:

更新:代码实际上是此汇编程序的一部分:

   0x00000000004010fe <+0>:     push   %rbx
   0x00000000004010ff <+1>:     mov    %rdi,%rbx
   0x0000000000401102 <+4>:     callq  0x401341 <string_length>
   0x0000000000401107 <+9>:     cmp    $0x6,%eax
   0x000000000040110a <+12>:    je     0x401111 <phase_5+19>
   0x000000000040110c <+14>:    callq  0x4015bf <explode_bomb>
   0x0000000000401111 <+19>:    mov    $0x0,%eax
   0x0000000000401116 <+24>:    mov    $0x0,%edx
   0x000000000040111b <+29>:    movzbl (%rbx,%rax,1),%ecx
   0x000000000040111f <+33>:    and    $0xf,%ecx
   0x0000000000401122 <+36>:    add    0x4025c0(,%rcx,4),%edx
   0x0000000000401129 <+43>:    add    $0x1,%rax
   0x000000000040112d <+47>:    cmp    $0x6,%rax
   0x0000000000401131 <+51>:    jne    0x40111b <phase_5+29>
   0x0000000000401133 <+53>:    cmp    $0x33,%edx
   0x0000000000401136 <+56>:    je     0x40113d <phase_5+63>
   0x0000000000401138 <+58>:    callq  0x4015bf <explode_bomb>
   0x000000000040113d <+63>:    pop    %rbx
   0x000000000040113e <+64>:    xchg   %ax,%ax
   0x0000000000401140 <+66>:    retq

3 个解决方案

#1

3  

add    0x4025c0(,%rcx,4),%edx

means

%edx += *(0x4025c0 + %rcx*4);

%rcx is a register in x64 asm. Here 0x4025c0 is the base address. *4 illustrates that the size of array element is 4 bytes (32 bits). So it can be translated into

%rcx是x64 asm中的寄存器。这里0x4025c0是基地址。 * 4说明数组元素的大小是4个字节(32位)。所以它可以被翻译成

%edx += *(uint32_t)0x4025c0[%rcx];

The whole code snippet does the following thing:

整个代码片段执行以下操作:

void check(char *str)
{
    const uint32_t *subTable = 0x4025c0;

    if (strlen(str) == 6)
    {
        uint32_t j = 0;
        for (int i = 0; i < 6; i++)
            j += subTable[str[i]];
        if (j == 0x33)
            return;
    }
    call explode_bomb;
}

A substitution table is stored in address 0x4025c0. Only when the input is of length 6 and the sum of its substitution numbers is 0x33, it will pass the check.

替换表存储在地址0x4025c0中。仅当输入长度为6且其替换数之和为0x33时,才会通过检查。

#2

2  

Simply expressing it in C is something like edx += ((uint32_t *)0x4025c0)[rcx]; But it's rather impossible to know what it's being used for without more context.

简单地用C语言表达就像edx + =((uint32_t *)0x4025c0)[rcx];但是如果没有更多的背景,就不可能知道它的用途。

#3

0  

Usually, the brackets are to be of the form

通常,括号应为形式

displacement(base register, offset register, scalar multiplier)

which is expanded as,

扩展为,

[base register + displacement + offset register * scalar multiplier].

So, 

0x4025c0(,%rcx,4)

is, 

(0x4025C0 + value at RCX * 4)

and

ADD    (0x4025C0 + value at RCX x 4), %edx

should mean,

edx += (0x4025C0 + ((*rcx)*4));

It means that after execution of this instruction, for example, if value at RCX is 100 (0x64), then EDX will hold the value 0x4025C0 + 0x190.

这意味着执行该指令后,例如,如果RCX的值为100(0x64),则EDX将保持值0x4025C0 + 0x190。

Reference: https://en.wikibooks.org/wiki/X86_Assembly/GAS_Syntax

#1

3  

add    0x4025c0(,%rcx,4),%edx

means

%edx += *(0x4025c0 + %rcx*4);

%rcx is a register in x64 asm. Here 0x4025c0 is the base address. *4 illustrates that the size of array element is 4 bytes (32 bits). So it can be translated into

%rcx是x64 asm中的寄存器。这里0x4025c0是基地址。 * 4说明数组元素的大小是4个字节(32位)。所以它可以被翻译成

%edx += *(uint32_t)0x4025c0[%rcx];

The whole code snippet does the following thing:

整个代码片段执行以下操作:

void check(char *str)
{
    const uint32_t *subTable = 0x4025c0;

    if (strlen(str) == 6)
    {
        uint32_t j = 0;
        for (int i = 0; i < 6; i++)
            j += subTable[str[i]];
        if (j == 0x33)
            return;
    }
    call explode_bomb;
}

A substitution table is stored in address 0x4025c0. Only when the input is of length 6 and the sum of its substitution numbers is 0x33, it will pass the check.

替换表存储在地址0x4025c0中。仅当输入长度为6且其替换数之和为0x33时,才会通过检查。

#2

2  

Simply expressing it in C is something like edx += ((uint32_t *)0x4025c0)[rcx]; But it's rather impossible to know what it's being used for without more context.

简单地用C语言表达就像edx + =((uint32_t *)0x4025c0)[rcx];但是如果没有更多的背景,就不可能知道它的用途。

#3

0  

Usually, the brackets are to be of the form

通常,括号应为形式

displacement(base register, offset register, scalar multiplier)

which is expanded as,

扩展为,

[base register + displacement + offset register * scalar multiplier].

So, 

0x4025c0(,%rcx,4)

is, 

(0x4025C0 + value at RCX * 4)

and

ADD    (0x4025C0 + value at RCX x 4), %edx

should mean,

edx += (0x4025C0 + ((*rcx)*4));

It means that after execution of this instruction, for example, if value at RCX is 100 (0x64), then EDX will hold the value 0x4025C0 + 0x190.

这意味着执行该指令后,例如,如果RCX的值为100(0x64),则EDX将保持值0x4025C0 + 0x190。

Reference: https://en.wikibooks.org/wiki/X86_Assembly/GAS_Syntax

标签:

相关文章