United States Naval Academy Electrical and Computer Engineering Department EC312-6 Week Midterm Spring 2016

Transcription

1 United States Naval Academy Electrical and Computer Engineering Department EC312-6 Week Midterm Spring Do a page check: you should have 7 pages including this cover sheet. 2. You have 50 minutes to complete this exam. 3. An FE-approved calculator may be used for this exam. Calculators may not be shared. 4. This is a closed book and closed notes exam. You may use one single-sided hand-written page of notes. 5. Turn in your single-sided hand-written page of notes with your exam. 6. This exam may be given as a makeup exam to several midshipmen at a later time. No communication is permitted concerning this exam with anyone who has not yet taken the exam. Name: Instructor: Page 1 of 7

2 Question 1. (4 pts) For an NPN transistor which of the following are true? Circle ALL that apply. a. When properly biased, IB<IE b. Has 3 terminals: Base, Ground, and Emitter. c. When properly biased, both junctions are forward biased. d. Can be used to create digital logic circuits. Question 2. For the logic circuit shown below: 1) (8 pts) Complete the truth table. 2) (4 pts) Determine the Boolean expression for the output Z in terms of A, B & C. A B V Z A B C V W X Y Z C W X Y Z = Question 3. (4 pts) What feature of C makes a buffer overflow attack possible? Describe this feature. Page 2 of 7

3 Question 4. (8 pts) What will be the output of this program when it is compiled and run? #include <stdio.h> int main() int j,i=0; for ( j = 3 ; j > 0 ; j = j - 2 ) i=i+j; printf("%d: %d\n", j, i); Question 5. (4 pts) Circle the correct statement. (i) The text segment grows from the top down, the heap is fixed, and the stack grows from the bottom up. (ii) (iii) (iv) The text segment is fixed, the heap grows from the top down, and the stack grows from the bottom up. The text segment is fixed, the heap grows from the bottom up, and the stack grows from the top down. The text segment grows from the top down, the heap grows from the bottom up, and the stack is fixed. Question 6. (6 pts) Match the following: ebp RAM CPU char machine code high-level language Boolean pointer gcc gdb eip esp a. program instructions stored in binary format b. debugging program c. a register that holds the address of the bottom of the stack d. a register that holds the next instruction to be executed e. contains registers f. examples are C and Java g. true or false h. holds ASCII values i. variable that stores an address j. main memory k. address of the top of the stack l. program used to compile programs Page 3 of 7

4 Address Value Description 0xBFFFF7F4 0xBFFFF7F5 0xBFFFF7F6 0xBFFFF7F7 0xBFFFF7F8 0xBFFFF7F9 0xBFFFF7FA 0xBFFFF7FB 0xBFFFF7FC 0xBFFFF7FD 0xBFFFF7FE 0xBFFFF7FF 0xBFFFF800 esp-main points here 0xBFFFF801 0xBFFFF802 0xBFFFF803 0xBFFFF xBFFFF xBFFFF xBFFFF xBFFFF xBFFFF xBFFFF80A 00 0xBFFFF80B 00 0xBFFFF80C E4 ebp-main points here Question 7. Suppose a breakpoint is set at line 4 and 10 in the code below, and the program is run up until the first breakpoint using gdb. The stack is shown to the above including the ebp and esp locations. For the questions that follow, assume that the compiler doesn t add any padding between items it stores on the stack. 1 int square(int num) 2 3 int result = num*num; 4 return result; 5 6 int main() 7 8 int a = 5; 9 int a_squared = 0; 10 a_squared = square(a); 11 (a) (4 pts) If you typed i r ebp at this point in program execution, what address will be given? (b) (4 pts) The program is run until the next breakpoint. Add the following labels in the Description column: function argument a, return_address, prior_ebp (or saved ebp), and function variable result. (c) (2 pts) Add the following labels in the Description column to where the esp and ebp currently point with the labels: esp-square points here and ebp-square points here (d) (4 pts) If you typed i r ebp at this point in program execution, what address will be given? (e) (8 pts) If the return address is 0x , fill in the values for all the items you labeled in the Value column. Page 4 of 7

5 Question 8. Consider the C program below. The program is run up to a breakpoint on line #include<stdio.h> #include<string.h> int main() char slogan[10]= Go Navy ; char *ptr1=slogan; char *ptr2=ptr1+3; strcpy(ptr1, Beat Army ); printf("\n%s", slogan ); printf("\n%s", ptr2 ); The picture below shows a portion of main memory. Each box in the figure represents one byte of storage. Assume no padding. Address Value Description Address Value Description 0xBFFFF 0xBFFFF 0xBFFFF 0xBFFFF 0xBFFFF esp points here 0xBFFFF 0xBFFFF 0xBFFFF 0xBFFFF 0xBFFFF 47 0xBFFFF 0xBFFFF6EF 6f 0xBFFFF 0xBFFFF 20 0xBFFFF 0xBFFFF 4e 0xBFFFF 0xBFFFF 61 0xBFFFF 0xBFFFF 76 0xBFFFF 0xBFFFF 79 0xBFFFF 0xBFFFF 00 0xBFFFF 0xBFFFF 81 0xBFFFF 0xBFFFF 88 ebp points here (a) (3 pts) Complete the addresses in the Address column. (b) (4 pts) Assuming that the compiler doesn't add any padding (i.e. extra space) when loading variables onto the stack, indicate the locations where slogan, ptr1, and ptr2 are stored in memory in the Description column. (c) (8 pts) Enter the values for ptr1 and ptr2 in the Value column. Question 9. (4 pts) What does the following code do? char *ptr1; ptr1 = (char *) malloc(10); Page 5 of 7

6 Question 10. Consider the file listing shown below. - rwxr-x--- l joe ultusers :13 awesomeprogram.exe (a) (3 pts) Who is the owner of this file? (b) (3 pts) Who can execute this file? Question 11. (5 pts) List and describe a defense against a buffer overflow attack. Page 6 of 7

7 Question 12. Consider the program below, named Classes.c. #include<stdio.h> int main() int importantnumber=2003; int class=2017; char alpha[7]; char name[10]; printf( Enter your name: ); scanf( %s, name ); printf( Enter your alpha #: ); scanf( %s, alpha ); printf("\n MIDN %s (%s): Class of %d may be great, but the Class of %d was better!\n", name, alpha, class, importantnumber); Assume that no padding (extra space) is created when variables are loaded on the stack. (10 pts) If an enterprising midshipman wants to use a buffer overflow attack to completely overwrite the value of the variable importantnumber, what is the minimum number of characters they would have to enter when prompted to enter their name? Justify your reasoning by including a diagram of the program stack. Turn in your equation sheet with your exam! Page 7 of 7