Radare has named each local variable based on its stack offset
mov rcx, 0xffffffffffffffff
mov rdi, rbx
repne scasb al, byte [rdi]
cmp rcx, 0xfffffffffffffff8
je 0x7df
Anyway, once the repne scasb operation is done, rcx will hold 0xffffffffffffffff minus the length of the string, and we can see that the next instruction compares it to 0xfffffffffffffff8. Therefore, if the string is 0xffffffffffffffff - 0xfffffffffffffff8 = 7 bytes long (note that this includes the terminating character), the jump is taken; otherwise it is not.
lea rdx, [local_2h]
lea rsi, [local_9h]
mov rdi, rbx
call sym.check_pw
test eax, eax
je 0x7a8
So what exactly does this function do? First, recall that the SystemV x86_64 calling convention says that rdi, rsi, and rdx (the three registers loaded prior to the call) are the first three arguments to the function. So in C, the call looks like this:
int result = check_pw(argv[1], &local_9h, &local_2h);
if (result == 0) {
// fail
} else {
// succeed
}
'기본개념' 카테고리의 다른 글
| vim 컬러변경, 셋팅, 자동완성 (0) | 2020.01.26 |
|---|---|
| 리눅스 프롬프트 이쁘게 바꾸기 (0) | 2020.01.26 |
| CTF 푸는방법 (0) | 2020.01.15 |
| 상황별 어셈블리 명령어의 사용 (익숙해지면 편함) (0) | 2020.01.15 |
| [ubuntu] 64비트에서 32비트 소스 컴파일시 에러 (0) | 2020.01.14 |