组装 - 安全竞争 [英] Assembly - safe competition
问题描述
我参加了名为Code guru - Extreme"的比赛在这次比赛中,8086 中有保险箱和钥匙.保险箱和钥匙有联合数据段,你需要制作一个打破保险箱的钥匙.安全示例:
I participate in the competition named 'Code guru - Extreme' In this competition there is safes and keys in assembly 8086. To a safe and a key there are joint data segment, and you need to make a key that break the safe. Example to safe:
L:
mov ax, [1234]
cmp ax, 5678
jne L
打破保险箱的钥匙的例子
Example to key that break the safe
L:
mov ax, 5678
mov [1234], ax
jne L
现在我有一个我不能打破它的保险箱
And now I have a safe that I can not break it
and al, 0FEh
push ax
clc
mul ax
xor ax, dx
or al, 1
loc_10A:
sub [0A2h], ax
pop ax
push ax
jnz loc_10A
对 safe 和 key 的这种模拟是在 核心战争 8086 引擎.规则如下,其中safe和key 是战争中的幸存者:
This simulation of a safe and key is done inside the Core Wars 8086 engine. The rules are as follows where both safe and key are survivors in the war:
幸存者不能在固定地址上加载,因为游戏引擎每回合将它们加载到一个随机地址.那些节目生成的必须是 COM 而不是 EXE,并且只包含 8086 条指令.
The survivors cannot place a load on fixed addresses, because the game engine loads them every turn to a random address. The programs that are generated must be COM and not EXEs and contain only 8086 instructions.
每个幸存者收到一组自己的完整寄存器(寄存器),其他幸存者无法访问.在此外,每个幸存者都有一个个人"2048 字节的堆栈,即其他幸存者也无法访问.
Each survivor receives a set of its own complete registers (registers), which is not accessible to the other survivors. In addition, each survivor has a "personal" stack of 2048 bytes, which is also inaccessible to the other survivors.
在运行第一轮游戏之前,游戏引擎将 arena 中的所有字节初始化为值 0CCh(注意:这个字节值是不支持的"说明 - 详情如下).发动机然后将每个幸存者加载到竞技场内存中的随机位置,即 -完全按原样复制幸存者文件的内容.这两个幸存者之间的距离,以及两个幸存者之间的距离幸存者和竞技场边缘,保证至少1024字节.每个幸存者的代码最大为 512 字节.
Before running the first round of the game, the game engine initializes all the bytes in the arena to the value 0CCh (note: this byte value is an "unsupported" instruction - details below). The engine then loads each survivor to a random location in the arena memory, ie - copies the contents of the survivor file exactly as it is. The distance between two survivors, as well as the distance between the survivor and the edge of the arena, is guaranteed to be at least 1024 bytes. The code for each survivor has a maximum of 512 bytes.
在第一轮之前,游戏引擎初始化寄存器(每个幸存者)到以下值:
Before the first round, the game engine initializes the registers (of each survivor) to the following values:
- BX、CX、DX、SI、DI、BP - 重置.
- 标志 - 重置.
- AX、IP - 初始幸存者的位置,游戏引擎将幸存者加载到的竞技场中的随机偏移量.
- CS、DS - 所有幸存者共有的竞技场部分.
- ES - 一个段(segment),用于由同一组的幸存者共享的内存(参见高级技术).
- SS - 幸存者个人堆栈的开始部分.
- SP - Offset 幸存者个人堆栈的开始.
此时游戏以回合开始,每回合运行游戏引擎,运行每个幸存者的下一条指令,直到结束游戏的结束:200,000 回合后,或仅剩一名幸存者时在竞技场上.幸存者在每一轮中的比赛顺序是在游戏开始时随机确定的,并且不期间改变.
At this point the game begins in rounds, with each round running the game engine running the next instruction of each survivor, until the end of the game: after 200,000 rounds, or when a single survivor remains in the arena. The order in which the survivors will play in each round is determined at the beginning of the game at random, and does not change during it.
幸存者在以下情况下将被取消资格:
A survivor is disqualified in the following cases:
- 运行非法指令(例如:未转换为任何汇编指令的字节 060h).
- 运行不受支持的"游戏引擎的指令(例如:INT 021h").游戏引擎阻止运行试图启动的指令与操作系统或计算机硬件的直接通信.尝试访问不在竞技场范围内的记忆,而不是在个人"的范围内一堆幸存者.
- 攻击其他幸存者是通过在竞技场内存中写入关于他们的代码的信息来完成的(为了让他们执行其中一项以上三个动作),并因此取消他们的资格.早些时候,因此,必须找到他们藏身的地方:)
推荐答案
首先AX未知,计算无意义但是push ax;.稍后,从循环的第二遍开始,AX 被弹出但保持未知且不变,因此您需要捕捉 2 个内存变量"值之间的差异,它将是 AX 值.类似的东西:
First of all AX is unknown, calculation is meaningless but push ax;. Later, starting from the 2nd pass of the loop AX gets poped but remains unknown and constant, so you need to catch difference between 2 "memory var" values, and it will be AX value. Something like that:
mov cx, 0ah;
delay:
nop;
loop delay;
l2:
mov ax, [0A2h];
mov bx, [0A2h];
sub ax, bx
jz l2;
mov [0A2h], ax;
jmp l2
这篇关于组装 - 安全竞争的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
