问题描述

我想了解什么是C程序（二进制炸弹）不会只使用目标文件。

I'm trying to understand what a C program (a binary bomb) does using only its object file. I have jmp command in the middle of a function that doesn't seem to lead anywhere:

   8048c4b:     cmp    $0x1,%eax
   8048c4e:     jg     8048c55 <phase_3+0x31>
   8048c50:     call   804937c <explode_bomb>
31:8048c55:     cmpl   $0x7,0x18(%esp)
   8048c5a:     ja     8048cc2 <phase_3+0x9e>
   8048c5c:     mov    0x18(%esp),%eax
   8048c60:     jmp    *0x804a4bc(,%eax,4)   //here is the weird jmp
   8048c67:     mov    $0x0,%eax
   8048c6c:     jmp    8048c73 <phase_3+0x4f>
   8048c6e:     mov    $0x1a1,%eax
4f:8048c73:     sub    $0x19b,%eax
   8048c78:     jmp    8048c7f <phase_3+0x5b>

与此同时，在拆卸的最高地址是0x804a315。有谁知道这可能是什么？
编辑：该函数有2个用户输入数字，如果他们是正确的，炸弹的阶段得到化解

Meanwhile the highest address in the disassembly is 0x804a315. Does anyone know what this could be? The function takes 2 user-input numbers, if they are the right ones, a phase of the bomb gets defused.

推荐答案

这是通过一个跳表间接跳转（注意前导 * ）。跳转表只是持有一些地址，这不是在code部分，你不能拆卸。但是你可以看一下它的内容。

That's an indirect jump through a jump table (notice the leading *). The jump table just holds some addresses, it's not in a code section, you can't disassemble it. You can however look at its contents.

这篇关于拆卸：为什么JMP是走不通？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！