## writeup ```shell └─$ wget https://artifacts.picoctf.net/c/509/disassembler-dump0_a.txt --2023-07-30 22:08:23-- https://artifacts.picoctf.net/c/509/disassembler-dump0_a.txt Resolving artifacts.picoctf.net (artifacts.picoctf.net)... 13.35.7.96, 13.35.7.31, 13.35.7.121, ... Connecting to artifacts.picoctf.net (artifacts.picoctf.net)|13.35.7.96|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 209 [application/octet-stream] Saving to: ‘disassembler-dump0_a.txt’ disassembler-dump 100%[===========>] 209 --.-KB/s in 0s 2023-07-30 22:08:27 (157 MB/s) - ‘disassembler-dump0_a.txt’ saved [209/209] ┌──(kali㉿kali)-[~/code] └─$ cat disassembler-dump0_a.txt <+0>: endbr64 <+4>: push rbp <+5>: mov rbp,rsp <+8>: mov DWORD PTR [rbp-0x4],edi <+11>: mov QWORD PTR [rbp-0x10],rsi <+15>: mov eax,0x30 <+20>: pop rbp <+21>: ret ┌──(kali㉿kali)-[~/code] └─$ cat disassembler-dump0_a.txt | grep "eax" <+15>: mov eax,0x30 ┌──(kali㉿kali)-[~/code] └─$ python3 Python 3.11.2 (main, Mar 13 2023, 12:18:29) [GCC 12.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> print(int("0x30",16)) 48 ``` => picoCTF{48} ## what is eax eax, ebx, ecx, edx, esi, edi, ebp, esp等都是**X86 組合語言中CPU上的通用寄存器**的名稱，是32位的寄存器。如果用C語言來解釋，可以把這些寄存器當作變數看待。 **比方說：add eax,-2 ; //可以認為是給變數eax加上-2這樣的一個值。** 這些32位寄存器有多種用途，但每一個都有“專長”，有各自的特別之處。 **EAX 是"累加器"(accumulator), 它是很多加法乘法指令的預設寄存器。** source: - https://topic.alibabacloud.com/tc/a/in-assembly-languages-eax-ebx-ecx-edx-esi-edi-ebp-and-esp_8_8_32031109.html - https://ithelp.ithome.com.tw/m/articles/10227112 - https://primer.picoctf.com/#_assembly