United States Naval Academy Electrical and Computer Engineering Department EC310-6 Week Midterm Spring 2015
|
|
- Rachel Cooper
- 6 years ago
- Views:
Transcription
1 United States Naval Academy Electrical and Computer Engineering Department EC310-6 Week Midterm Spring Do a page check: you should have 8 pages including this cover sheet. 2. You have 50 minutes to complete this exam. 3. A calculator may be used for this exam. 4. This is a closed book and closed notes exam. You may use one single-sided hand-written page of notes. 5. Turn in your single-sided hand-written page of notes with your exam. 6. This exam may be given as a makeup exam to several midshipmen at a later time. No communication is permitted concerning this exam with anyone who has not yet taken the exam. Name: Instructor: Page 1 of 8
2 Question 1. (31 pts) A C program begins: #include<stdio.h> int main( ) int a = 101; char mystring[4] = "ENS" ; <more code> The program is paused immediately after executing the line char mystring[4] = "ENS" ; but before executing the section that says <more code>. The stack for the program at this point in time is shown below. Note specifically that the address for the integer variable a and the address of the array mystring are shown on the figure. In the figure below, the main memory addresses are shown on the left (in hexadecimal). (a) (b) (c) (5 pts) Annotate the diagram above to show the addresses for each of the next ten memory locations. For each address, the first five hexadecimal digits are already filled in for you; you only need to indicate the last three hexadecimal digits. (3 pts) Why did the programmer state that the size of the array mystring should be 4 when the array only holds three characters? In other words, why didn't the programmer declare the array mystring as: char mystring[3] = "ENS" ; (4 pts) Annotate the diagram above to show how the array mystring is stored in memory. Express all values in hexadecimal. THIS PROBLEM CONTINUES ON NEXT PAGE Page 2 of 8
3 (d) (5 pts) Annotate the diagram above to show how the value of the variable a is stored in memory. Express all values in hexadecimal. In addition to annotating the diagram, show your work below. (e) (f) (1 pt) If, at this point, your diagram above still has blank memory locations, write "gar" in all of the blank locations to indicate garbage values. (2 pts) What would be displayed by the command: x/xb bffff7f8 (g) (3 pts) Convert the value stored in mystring[ 2 ] to binary. Returning to the C program, the section shown as <more code> is actually this: strcpy( mystring, "2ndLT" ); printf("\n %d \n", a ); Do not make any changes to your diagram on the previous page, since that diagram holds your answers to questions (a) through (e)!!! (h) (3 pts) What is printed out by the printf statement in the box above? (i) (3 pts) In the space below, explain (using, if helpful, the drawing of main memory shown below) how you arrive at your answer to part (h). (Do not modify your picture on the previous page!) (j) (2 pts) You have grown sick of this problem! So you save your C program and turn off your computer. Where is your C program now? (Circle one choice) In secondary memory In the operating system In the CPU hardware In main memory Page 3 of 8
4 Question 2. (25 pts) Consider the C program named funtimes.c shown below: 1. #include<stdio.h> 2. int main( ) int i; 5. int number = 7; for( i = 10 ; i > number ; i = i - 1 ) if( i == 9 ) 10. printf( "%s\n", "Fun" ) ; 11. else 12. printf( "%s\n", "Not Fun" ) ; 13. } 14. } (a) (5 pts) What is the exact output of this C program? You run this program and examine the debugger's partial output, shown below. THIS PROBLEM CONTINUES ON NEXT PAGE Page 4 of 8
5 (b) (2 pts) Where (physically) is the eip register? (Circle one choice) In the C program In the operating system In the CPU hardware In main memory (c) (d) (e) (f) (3 pts) What is the next assembly language instruction that will be executed? (3 pts) Suppose, given the picture above, you enter the command: nexti. After you enter this command, what is the value stored in the eip register? (2 pts) Complete the sentence: The eip register holds an address in the program's (circle one choice) i. CPU section ii. iii. iv. Stack frame Text segment Dynamic memory space v. Variable allocation (3 pts) Considering the values of esp and ebp, how many bytes are in this stack frame? Show your reasoning. (g) (4 pts) What is the address where the variable number is stored in memory? Your answer should be an address expressed as eight hexadecimal digits. Briefly explain your answer. (h) (3 pts) Consider the assembly language instruction cmp DWORD PTR [ebp-4],0x9 What line of C code does this correspond to? Page 5 of 8
6 Question 3. (5 pts) What is the fundamental issue with the C programming language that makes a buffer overflow exploit possible? (Your answer should be limited to a sentence or two.) Question 4. (8 pts) Consider the C program below: 1. #include<stdio.h> 2. int main() char saying[20] = "To be or not to be." ; char *ptr ; ptr = saying + 4; strcpy( ptr, "ring" ); printf( "%s\n", saying ); 13. } Note that the string named saying is initialized in line 4, and saying is then printed out on line 12. What is the output of this C program? Explain your answer in a few sentences or a sketch. Page 6 of 8
7 Question 5. (16 pts) Consider the program shown on the right: (a) (2 pts) How many functions are in this program? (b) (2 pts) In the line of code: void myfunction() what does the word void mean? (Choose one) i. The function has no arguments. ii. iii. iv. The function has no parameters. The function does not return a value. The function does not perform a useful task. #include<stdio.h> void myfunction() int a = 2003; } int main() myfunction(); } v. Copies of the values of the arguments are plugged in to the parameters. (c) (6 pts) Before myfunction is called, two items will be placed onto the stack. What are the names of these two items? (For example, if you believe that the items placed on the stack before the function call are the stack pointer and the address of main, your answer would be: Item 1: esp, Item 2: main's address.) Item 1: Item 2: (d) (6 pts) The program above is run up to the point immediately before the function named myfunction is called. The debugger output shown below is produced. Determine the correct values for the answers you gave for part (c) above; i.e., determine the correct values for the two items that must be saved on the stack prior to the function call. Write your answers next to the two item names in part (c) above. Page 7 of 8
8 Question 6. (15 pts) Consider the program below, named welcoming_message.c. The program prompts the user to enter their name, then provides them a warm and comforting welcome message. And what could be wrong with that? #include<stdio.h> void greetings(int length_of_name) int year = 2015; char name[length_of_name]; } printf("enter your name: "); scanf("%s", name); printf("hello: %s! Welcome to %d.\n", name, year); int main() int name_len = 15; greetings(name_len); } Assume that no padding (extra space) is created when stack frames are created. (a) (10 pts) When you are prompted to enter your name, what is the minimum number of characters you can enter to completely overwrite the value of the variable name_len which is declared in main? Justify your reasoning and show your work. (b) (5 pts) Is it possible to change the value of the variable named year declared in the function greetings by performing a buffer overflow attack? Why or why not? Justify your reasoning. Turn in your equation sheet with your exam! Page 8 of 8
United States Naval Academy Electrical and Computer Engineering Department EC310-6 Week Midterm Spring AY2017
United States Naval Academy Electrical and Computer Engineering Department EC310-6 Week Midterm Spring AY2017 1. Do a page check: you should have 8 pages including this cover sheet. 2. You have 50 minutes
More informationUnited States Naval Academy Electrical and Computer Engineering Department EC312-6 Week Midterm Spring 2016
United States Naval Academy Electrical and Computer Engineering Department EC312-6 Week Midterm Spring 2016 1. Do a page check: you should have 7 pages including this cover sheet. 2. You have 50 minutes
More information6 WEEK EXAM NAME: ALPHA: SECTION:
6 WEEK EXAM NAME: ALPHA: SECTION: 1. This is individual work. 2. SHOW ALL WORK! 3. Write legibly to receive credit. 4. Turn in your equation sheet. SCORE: /100 SCALE >89.5%: 31337 79.5 89.5%: H@XX0R 69.5
More informationChapter 7: User Defined Functions and Stack Mechanics
Chapter 7: User Defined Functions and Stack Mechanics Objectives: (a) Demonstrate the ability to analyze simple programs that use library and user defined functions. (b) Describe the organization and contents
More informationEC312 Chapter 5: Intro to Pointers
Objectives: EC312 Chapter 5: Intro to Pointers (a) Explain the operation of the address operator. (b) Given the source code of a C program which uses pointers, and the output of the debugger, locate the
More informationEC312 Chapter 4: Arrays and Strings
Objectives: (a) Describe how an array is stored in memory. (b) Define a string, and describe how strings are stored. EC312 Chapter 4: Arrays and Strings (c) Describe the implications of reading or writing
More informationChapter 3: Arrays and More C Functionality
Chapter 3: Arrays and More C Functionality Objectives: (a) Describe how an array is stored in memory. (b) Define a string, and describe how strings are stored. (c) Describe the implications of reading
More informationBuffer-Overflow Attacks on the Stack
Computer Systems Buffer-Overflow Attacks on the Stack Introduction A buffer overflow occurs when a program, while writing data to a buffer, overruns the buffer's boundary and overwrites memory in adjacent
More information16.317: Microprocessor Systems Design I Fall 2013
16.317: Microprocessor Systems Design I Fall 2013 Exam 2 Solution 1. (20 points, 5 points per part) Multiple choice For each of the multiple choice questions below, clearly indicate your response by circling
More informationMIDTERM TEST EESC 2031 Software Tools June 13, Last Name: First Name: Student ID: EECS user name: TIME LIMIT: 110 minutes
MIDTERM TEST EESC 2031 Software Tools June 13, 2017 Last Name: First Name: Student ID: EECS user name: TIME LIMIT: 110 minutes This is a closed-book test. No books and notes are allowed. Extra space for
More information231 Spring Final Exam Name:
231 Spring 2010 -- Final Exam Name: No calculators. Matching. Indicate the letter of the best description. (1 pt. each) 1. address 2. object code 3. condition code 4. byte 5. ASCII 6. local variable 7..global
More informationNon-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT/2000/XP
A NGSSoftware Insight Security Research Publication Non-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT/20/XP David Litchfield (david@ngssoftware.com) 5 th March 22 www.ngssoftware.com
More informationCSE 332 Spring 2013: Midterm Exam (closed book, closed notes, no calculators)
Name: Email address: Quiz Section: CSE 332 Spring 2013: Midterm Exam (closed book, closed notes, no calculators) Instructions: Read the directions for each question carefully before answering. We will
More informationUNIVERSITY OF TORONTO FACULTY OF APPLIED SCIENCE AND ENGINEERING
UNIVERSITY OF TORONTO FACULTY OF APPLIED SCIENCE AND ENGINEERING APS 105 Computer Fundamentals Midterm Examination October 20, 2011 6:15 p.m. 8:00 p.m. (105 minutes) Examiners: J. Anderson, T. Fairgrieve,
More informationCSC 126 FINAL EXAMINATION Spring Total Possible TOTAL 100
CSC 126 FINAL EXAMINATION Spring 2011 Version A Name (Last, First) Your Instructor Question # Total Possible 1. 10 Total Received 2. 15 3. 15 4. 10 5. 10 6. 10 7. 10 8. 20 TOTAL 100 Name: Sp 11 Page 2
More informationComputer Systems Lecture 9
Computer Systems Lecture 9 CPU Registers in x86 CPU status flags EFLAG: The Flag register holds the CPU status flags The status flags are separate bits in EFLAG where information on important conditions
More informationBuffer-Overflow Attacks on the Stack
Computer Systems Buffer-Overflow Attacks on the Stack Introduction A buffer overflow occurs when a program, while writing data to a buffer, overruns the buffer's boundary and overwrites memory in adjacent
More informationCSE 361S Intro to Systems Software Lab Assignment #4
Due: Thursday, October 23, 2008. CSE 361S Intro to Systems Software Lab Assignment #4 In this lab, you will mount a buffer overflow attack on your own program. As stated in class, we do not condone using
More informationMidterm I Exam Principles of Imperative Computation Frank Pfenning. February 17, 2011
Midterm I Exam 15-122 Principles of Imperative Computation Frank Pfenning February 17, 2011 Name: Sample Solution Andrew ID: fp Section: Instructions This exam is closed-book with one sheet of notes permitted.
More informationCYSE 411/AIT681 Secure Software Engineering Topic #12. Secure Coding: Formatted Output
CYSE 411/AIT681 Secure Software Engineering Topic #12. Secure Coding: Formatted Output Instructor: Dr. Kun Sun 1 This lecture: [Seacord]: Chapter 6 Readings 2 Secure Coding String management Pointer Subterfuge
More information2/9/18. CYSE 411/AIT681 Secure Software Engineering. Readings. Secure Coding. This lecture: String management Pointer Subterfuge
CYSE 411/AIT681 Secure Software Engineering Topic #12. Secure Coding: Formatted Output Instructor: Dr. Kun Sun 1 This lecture: [Seacord]: Chapter 6 Readings 2 String management Pointer Subterfuge Secure
More informationQuestion 4.2 2: (Solution, p 5) Suppose that the HYMN CPU begins with the following in memory. addr data (translation) LOAD 11110
Questions 1 Question 4.1 1: (Solution, p 5) Define the fetch-execute cycle as it relates to a computer processing a program. Your definition should describe the primary purpose of each phase. Question
More informationSchool of Computer Science Introduction to Algorithms and Programming Winter Midterm Examination # 1 Wednesday, February 11, 2015
Page 1 of 8 School of Computer Science 60-141-01 Introduction to Algorithms and Programming Winter 2015 Midterm Examination # 1 Wednesday, February 11, 2015 Marking Exemplar Duration of examination: 75
More informationThe Edward S. Rogers Sr. Department of Electrical and Computer Engineering
ECE 468S Computer Security The Edward S. Rogers Sr. Department of Electrical and Computer Engineering Mid-term Examination, March 2006 Name Student # Answer all questions. Write your answers on the exam
More informationCS , Fall 2004 Exam 1
Andrew login ID: Full Name: CS 15-213, Fall 2004 Exam 1 Tuesday October 12, 2004 Instructions: Make sure that your exam is not missing any sheets, then write your full name and Andrew login ID on the front.
More informationIntroduction to Computer Systems. Exam 1. February 22, This is an open-book exam. Notes are permitted, but not computers.
15-213 Introduction to Computer Systems Exam 1 February 22, 2005 Name: Andrew User ID: Recitation Section: This is an open-book exam. Notes are permitted, but not computers. Write your answer legibly in
More informationHomework 3 CS161 Computer Security, Fall 2008 Assigned 10/07/08 Due 10/13/08
Homework 3 CS161 Computer Security, Fall 2008 Assigned 10/07/08 Due 10/13/08 For your solutions you should submit a hard copy; either hand written pages stapled together or a print out of a typeset document
More informationSubject: Fundamental of Computer Programming 2068
Subject: Fundamental of Computer Programming 2068 1 Write an algorithm and flowchart to determine whether a given integer is odd or even and explain it. Algorithm Step 1: Start Step 2: Read a Step 3: Find
More informationMidterm Exam 1 Solutions C Programming Dr. Beeson, Spring 2009
Midterm Exam 1 Solutions C Programming Dr. Beeson, Spring 2009 March 10, 2009 Instructions: Please write your answers on the printed exam. Do not turn in any extra pages. No interactive electronic devices
More informationCS Introduction to Programming Midterm Exam #2 - Prof. Reed Fall 2015
CS 141 - Introduction to Programming Midterm Exam #2 - Prof. Reed Fall 2015 You may take this test with you after the test, but you must turn in your answer sheet. This test has the following sections:
More informationCS61, Fall 2012 Midterm Review Section
CS61, Fall 2012 Midterm Review Section (10/16/2012) Q1: Hexadecimal and Binary Notation - Solve the following equations and put your answers in hex, decimal and binary. Hexadecimal Decimal Binary 15 +
More information16.317: Microprocessor Systems Design I Fall 2014
16.317: Microprocessor Systems Design I Fall 2014 Exam 2 Solution 1. (16 points, 4 points per part) Multiple choice For each of the multiple choice questions below, clearly indicate your response by circling
More informationCSE 332 Spring 2014: Midterm Exam (closed book, closed notes, no calculators)
Name: Email address: Quiz Section: CSE 332 Spring 2014: Midterm Exam (closed book, closed notes, no calculators) Instructions: Read the directions for each question carefully before answering. We will
More informationUNIVERSITY OF TORONTO FACULTY OF APPLIED SCIENCE AND ENGINEERING
UNIVERSITY OF TORONTO FACULTY OF APPLIED SCIENCE AND ENGINEERING APS 105 Computer Fundamentals Midterm Examination October 20, 2011 6:15 p.m. 8:00 p.m. (105 minutes) Examiners: J. Anderson, T. Fairgrieve,
More informationBuffer Overflows Defending against arbitrary code insertion and execution
www.harmonysecurity.com info@harmonysecurity.com Buffer Overflows Defending against arbitrary code insertion and execution By Stephen Fewer Contents 1 Introduction 2 1.1 Where does the problem lie? 2 1.1.1
More informationIntroduction to Computer Systems. Exam 2. April 11, Notes and calculators are permitted, but not computers.
15-213 Introduction to Computer Systems Exam 2 April 11, 2006 Name: Andrew User ID: Recitation Section: Model Solution fp This is an open-book exam. Notes and calculators are permitted, but not computers.
More informationENEE 457: Computer Systems Security. Lecture 16 Buffer Overflow Attacks
ENEE 457: Computer Systems Security Lecture 16 Buffer Overflow Attacks Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland, College Park Buffer overflow
More informationUNIVERSITY OF TORONTO FACULTY OF APPLIED SCIENCE AND ENGINEERING
UNIVERSITY OF TORONTO FACULTY OF APPLIED SCIENCE AND ENGINEERING APS 105 Computer Fundamentals Midterm Examination October 28, 2008 12:20 p.m. 1:50 p.m. Examiners: Jason Anderson, Tom Fairgrieve, Baochun
More information19-Nov CSCI 2132 Software Development Lecture 29: Linked Lists. Faculty of Computer Science, Dalhousie University Heap (Free Store)
Lecture 29 p.1 Faculty of Computer Science, Dalhousie University CSCI 2132 Software Development Lecture 29: Linked Lists 19-Nov-2018 Location: Chemistry 125 Time: 12:35 13:25 Instructor: Vlado Keselj Previous
More informationThese problems are provided to you as a guide for practice. The questions cover important concepts covered in class.
Midterm Written Exam Practice Midterm will cover all concepts covered up to the midterm exam. Concepts of arrays, LL s, pointers (*,**,***), malloc, calloc, realloc, function pointers, Hash tables will
More informationComputer Programming. C Array is a collection of data belongings to the same data type. data_type array_name[array_size];
Arrays An array is a collection of two or more adjacent memory cells, called array elements. Array is derived data type that is used to represent collection of data items. C Array is a collection of data
More informationDECLARAING AND INITIALIZING POINTERS
DECLARAING AND INITIALIZING POINTERS Passing arguments Call by Address Introduction to Pointers Within the computer s memory, every stored data item occupies one or more contiguous memory cells (i.e.,
More informationDynamic Memory Allocation and Command-line Arguments
Dynamic Memory Allocation and Command-line Arguments CSC209: Software Tools and Systems Programming Furkan Alaca & Paul Vrbik University of Toronto Mississauga https://mcs.utm.utoronto.ca/~209/ Week 3
More informationFinal exam. Scores. Fall term 2012 KAIST EE209 Programming Structures for EE. Thursday Dec 20, Student's name: Student ID:
Fall term 2012 KAIST EE209 Programming Structures for EE Final exam Thursday Dec 20, 2012 Student's name: Student ID: The exam is closed book and notes. Read the questions carefully and focus your answers
More informationCNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux
CNIT 127: Exploit Development Ch 2: Stack Overflows in Linux Stack-based Buffer Overflows Most popular and best understood exploitation method Aleph One's "Smashing the Stack for Fun and Profit" (1996)
More informationFinal Exam 1 /12 2 /12 3 /10 4 /7 5 /4 6 /10 7 /8 8 /9 9 /8 10 /11 11 /8 12 /10 13 /9 14 /13 15 /10 16 /10 17 /12. Faculty of Computer Science
Faculty of Computer Science Page 1 of 21 Final Exam Term: Fall 2018 (Sep4-Dec4) Student ID Information Last name: First name: Student ID #: CS.Dal.Ca userid: Course ID: CSCI 2132 Course Title: Instructor:
More informationLanguage comparison. C has pointers. Java has references. C++ has pointers and references
Pointers CSE 2451 Language comparison C has pointers Java has references C++ has pointers and references Pointers Values of variables are stored in memory, at a particular location A location is identified
More informationFunctions in C. Lecture Topics. Lecture materials. Homework. Machine problem. Announcements. ECE 190 Lecture 16 March 9, 2011
Functions in C Lecture Topics Introduction to using functions in C Syntax Examples Memory allocation for variables Lecture materials Textbook 14.1-14.2, 12.5 Homework Machine problem MP3.2 due March 18,
More informationLecture 9 Assertions and Error Handling CS240
Lecture 9 Assertions and Error Handling CS240 The C preprocessor The C compiler performs Macro expansion and directive handling Preprocessing directive lines, including file inclusion and conditional compilation,
More informationCSC 438 Systems and Software Security, Spring 2014 Instructor: Dr. Natarajan Meghanathan Question Bank for Module 6: Software Security Attacks
CSC 438 Systems and Software Security, Spring 2014 Instructor: Dr. Natarajan Meghanathan Question Bank for Module 6: Software Security Attacks 1) What will be the output of the following C program when
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 2 Question 1 Software Vulnerabilities (15 min) For the following code, assume an attacker can control the value of basket passed into eval basket.
More informationCS/ECE 354 Practice Midterm Exam Solutions Spring 2016
CS/ECE 354 Practice Midterm Exam Solutions Spring 2016 C Programming 1. The reason for using pointers in a C program is a. Pointers allow different functions to share and modify their local variables.
More informationScheme G. Sample Test Paper-I. Course Name : Computer Engineering Group Course Code : CO/CD/CM/CW/IF Semester : Second Subject Tile : Programming in C
Sample Test Paper-I Marks : 25 Time:1 Hrs. Q1. Attempt any THREE 09 Marks a) State four relational operators with meaning. b) State the use of break statement. c) What is constant? Give any two examples.
More informationBasic Buffer Overflows
Operating Systems Security Basic Buffer Overflows (Stack Smashing) Computer Security & OS lab. Cho, Seong-je ( 조성제 ) Fall, 2018 sjcho at dankook.ac.kr Chapter 10 Buffer Overflow 2 Contents Virtual Memory
More informationCSE 351. GDB Introduction
CSE 351 GDB Introduction Lab 2 Out either tonight or tomorrow Due April 27 th (you have ~12 days) Reading and understanding x86_64 assembly Debugging and disassembling programs Today: General debugging
More informationDalhousie University CSCI 2132 Software Development Winter 2018 Midterm Examination II March 12 15:37-16:24
Dalhousie University CSCI 2132 Software Development Winter 2018 Midterm Examination II March 12 15:37-16:24 Student Name: Student ID Number: FCS Username (CSID): Signature: Please Note: These solutions
More informationQ1: Multiple choice / 20 Q2: C input/output; operators / 40 Q3: Conditional statements / 40 TOTAL SCORE / 100 EXTRA CREDIT / 10
EECE.2160: ECE Application Programming Spring 2016 Exam 1 February 19, 2016 Name: Section (circle 1): 201 (8-8:50, P. Li) 202 (12-12:50, M. Geiger) For this exam, you may use only one 8.5 x 11 double-sided
More informationINDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Stamp / Signature of the Invigilator
INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Stamp / Signature of the Invigilator EXAMINATION ( End Semester ) SEMESTER ( Spring ) Roll Number Section Name Subject Number C S 1 0 0 0 1 Subject Name Programming
More informationbuffer overflow exploitation
buffer overflow exploitation Samuele Andreoli, Nicolò Fornari, Giuseppe Vitto May 11, 2016 University of Trento Introduction 1 introduction A Buffer Overflow is an anomaly where a program, while writing
More informationVariables Data types Variable I/O. C introduction. Variables. Variables 1 / 14
C introduction Variables Variables 1 / 14 Contents Variables Data types Variable I/O Variables 2 / 14 Usage Declaration: t y p e i d e n t i f i e r ; Assignment: i d e n t i f i e r = v a l u e ; Definition
More informationEE 312 Fall 2018 Midterm 1 Version A October 10, 2018
EE 312 Fall 2018 Midterm 1 Version A October 10, 2018 I promise that all work on this exam is my own, that I have not received assistance on it, and that I am adhering to the University's honor code. Name:
More informationCSCE 548 Building Secure Software Integers & Integer-related Attacks & Format String Attacks. Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Integers & Integer-related Attacks & Format String Attacks Professor Lisa Luo Spring 2018 Previous Class Buffer overflows can be devastating It occurs when the access
More informationIntroduction to C Language (M3-R )
Introduction to C Language (M3-R4-01-18) 1. Each question below gives a multiple choice of answers. Choose the most appropriate one and enter in OMR answer sheet supplied with the question paper, following
More informationOne-Slide Summary. Lecture Outline. Language Security
Language Security Or: bringing a knife to a gun fight #1 One-Slide Summary A language s design principles and features have a strong influence on the security of programs written in that language. C s
More informationESC101N: Fundamentals of Computing End-sem st semester
ESC101N: Fundamentals of Computing End-sem 2010-11 1st semester Instructor: Arnab Bhattacharya 8:00-11:00am, 15th November, 2010 Instructions 1. Please write your name, roll number and section below. 2.
More informationPointers (part 1) What are pointers? EECS We have seen pointers before. scanf( %f, &inches );! 25 September 2017
Pointers (part 1) EECS 2031 25 September 2017 1 What are pointers? We have seen pointers before. scanf( %f, &inches );! 2 1 Example char c; c = getchar(); printf( %c, c); char c; char *p; c = getchar();
More informationCS , Fall 2002 Exam 1
Andrew login ID: Full Name: CS 15-213, Fall 2002 Exam 1 October 8, 2002 Instructions: Make sure that your exam is not missing any sheets, then write your full name and Andrew login ID on the front. Write
More informationProgramming Studio #9 ECE 190
Programming Studio #9 ECE 190 Programming Studio #9 Concepts: Functions review 2D Arrays GDB Announcements EXAM 3 CONFLICT REQUESTS, ON COMPASS, DUE THIS MONDAY 5PM. NO EXTENSIONS, NO EXCEPTIONS. Functions
More informationThis exam is to be taken by yourself with closed books, closed notes, no calculators.
Student ID CSE 5A Name Final Signature Fall 2004 Page 1 (12) cs5a This exam is to be taken by yourself with closed books, closed notes, no calculators. Page 2 (33) Page 3 (32) Page 4 (27) Page 5 (40) Page
More informationIntroduction to Computer Systems. Exam 1. February 22, Model Solution fp
15-213 Introduction to Computer Systems Exam 1 February 22, 2005 Name: Andrew User ID: Recitation Section: Model Solution fp This is an open-book exam. Notes are permitted, but not computers. Write your
More informationCOP Programming Concepts Spring 1999 CLOSED BOOK Exam #1 100 Points NAME
CLOSED BOOK Exam #1 100 Points NAME 1. The following program has (at least) 10 syntax errors. Circle each error. Write the corrected program in the blank space below. 2 points for each error you find.
More informationCSE 333 Midterm Exam 5/10/13
Name There are 5 questions worth a total of 100 points. Please budget your time so you get to all of the questions. Keep your answers brief and to the point. The exam is closed book, closed notes, closed
More informationCS16 Midterm Exam 1 E01, 10S, Phill Conrad, UC Santa Barbara Wednesday, 04/21/2010, 1pm-1:50pm
CS16 Midterm Exam 1 E01, 10S, Phill Conrad, UC Santa Barbara Wednesday, 04/21/2010, 1pm-1:50pm Name: Umail Address: @ umail.ucsb.edu Circle Lab section: 9am 10am 11am noon (Link to Printer Friendly-PDF
More informationPractical Malware Analysis
Practical Malware Analysis Ch 4: A Crash Course in x86 Disassembly Revised 1-16-7 Basic Techniques Basic static analysis Looks at malware from the outside Basic dynamic analysis Only shows you how the
More informationSample Midterm (Spring 2010)
Sample Midterm (Spring 2010) Solutions are shown in this style. This exam was given in Spring 2010. 1. Executing Programs on IA32 (30 pts) The following questions relate to how programs are compiled for
More informationCSE 332 Autumn 2013: Midterm Exam (closed book, closed notes, no calculators)
Name: Email address: Quiz Section: CSE 332 Autumn 2013: Midterm Exam (closed book, closed notes, no calculators) Instructions: Read the directions for each question carefully before answering. We will
More informationMidterm Exam #2 April 20, 2016 CS162 Operating Systems
University of California, Berkeley College of Engineering Computer Science Division EECS Spring 2016 Anthony D. Joseph Midterm Exam #2 April 20, 2016 CS162 Operating Systems Your Name: SID AND 162 Login:
More informationProblem 2 Add the two 2 s complement signed 8-bit values given below, and express your answer in decimal.
Problem 1 Recall the definition of root in project 1. (The declaration of struct entrynode appears below.) struct entrynode * root; Give the type of each of the following expressions. The answer may be
More informationName: CMSC 313 Fall 2001 Computer Organization & Assembly Language Programming Exam 1. Question Points I. /34 II. /30 III.
CMSC 313 Fall 2001 Computer Organization & Assembly Language Programming Exam 1 Name: Question Points I. /34 II. /30 III. /36 TOTAL: /100 Instructions: 1. This is a closed-book, closed-notes exam. 2. You
More informationDynamic Memory Allocation
Dynamic Memory Allocation The process of allocating memory at run time is known as dynamic memory allocation. C does not Inherently have this facility, there are four library routines known as memory management
More informationQ1: /20 Q2: /30 Q3: /24 Q4: /26. Total: /100
ECE 2035(B) Programming for Hardware/Software Systems Fall 2013 Exam Two October 22 nd 2013 Name: Q1: /20 Q2: /30 Q3: /24 Q4: /26 Total: /100 1/6 For functional call related questions, let s assume the
More informationCNIT 127: Exploit Development. Ch 1: Before you begin. Updated
CNIT 127: Exploit Development Ch 1: Before you begin Updated 1-14-16 Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend, such as Denial
More informationComputer Architecture I Midterm I
Computer Architecture I Midterm I April 11 2017 Computer Architecture I Midterm I Chinese Name: Pinyin Name: E-Mail... @shanghaitech.edu.cn: Question Points Score 1 1 2 12 3 16 4 14 5 18 6 17 7 22 Total:
More informationComputer Systems Organization V Fall 2009
Computer Systems Organization V22.0201 Fall 2009 Sample Midterm Exam ANSWERS 1. True/False. Circle the appropriate choice. (a) T (b) F At most one operand of an x86 assembly instruction can be an memory
More informationCMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING LECTURE 13, SPRING 2013
CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING LECTURE 13, SPRING 2013 TOPICS TODAY Reminder: MIDTERM EXAM on THURSDAY Pointer Basics Pointers & Arrays Pointers & Strings Pointers & Structs
More informationCSC 2400: Computer Systems. Using the Stack for Function Calls
CSC 24: Computer Systems Using the Stack for Function Calls Lecture Goals Challenges of supporting functions! Providing information for the called function Function arguments and local variables! Allowing
More informationCA31-1K DIS. Pointers. TA: You Lu
CA31-1K DIS Pointers TA: You Lu Pointers Recall that while we think of variables by their names like: int numbers; Computer likes to think of variables by their memory address: 0012FED4 A pointer is a
More informationECE 2035 Programming HW/SW Systems Fall problems, 5 pages Exam Three 28 November 2012
Instructions: This is a closed book, closed note exam. Calculators are not permitted. If you have a question, raise your hand and I will come to you. Please work the exam in pencil and do not separate
More informationTime: 8:30-10:00 pm (Arrive at 8:15 pm) Location What to bring:
ECE 120 Midterm 1 HKN Review Session Time: 8:30-10:00 pm (Arrive at 8:15 pm) Location: Your Room on Compass What to bring: icard, pens/pencils, Cheat sheet (Handwritten) Overview of Review Binary IEEE
More informationLinux Memory Layout. Lecture 6B Machine-Level Programming V: Miscellaneous Topics. Linux Memory Allocation. Text & Stack Example. Topics.
Lecture 6B Machine-Level Programming V: Miscellaneous Topics Topics Linux Memory Layout Understanding Pointers Buffer Overflow Upper 2 hex digits of address Red Hat v. 6.2 ~1920MB memory limit FF C0 Used
More informationC BOOTCAMP DAY 2. CS3600, Northeastern University. Alan Mislove. Slides adapted from Anandha Gopalan s CS132 course at Univ.
C BOOTCAMP DAY 2 CS3600, Northeastern University Slides adapted from Anandha Gopalan s CS132 course at Univ. of Pittsburgh Pointers 2 Pointers Pointers are an address in memory Includes variable addresses,
More informationCSE 373 Spring 2010: Midterm #1 (closed book, closed notes, NO calculators allowed)
Name: Email address: CSE 373 Spring 2010: Midterm #1 (closed book, closed notes, NO calculators allowed) Instructions: Read the directions for each question carefully before answering. We may give partial
More informationM4.1-R3: PROGRAMMING AND PROBLEM SOLVING THROUGH C LANGUAGE
M4.1-R3: PROGRAMMING AND PROBLEM SOLVING THROUGH C LANGUAGE NOTE: 1. There are TWO PARTS in this Module/Paper. PART ONE contains FOUR questions and PART TWO contains FIVE questions. 2. PART ONE is to be
More informationCSE 509: Computer Security
CSE 509: Computer Security Date: 2.16.2009 BUFFER OVERFLOWS: input data Server running a daemon Attacker Code The attacker sends data to the daemon process running at the server side and could thus trigger
More informationCSE 373 Autumn 2010: Midterm #1 (closed book, closed notes, NO calculators allowed)
Name: Email address: CSE 373 Autumn 2010: Midterm #1 (closed book, closed notes, NO calculators allowed) Instructions: Read the directions for each question carefully before answering. We may give partial
More informationCMPT 102 Introduction to Scientific Computer Programming. Input and Output. Your first program
CMPT 102 Introduction to Scientific Computer Programming Input and Output Janice Regan, CMPT 102, Sept. 2006 0 Your first program /* My first C program */ /* make the computer print the string Hello world
More informationECE264 Fall 2013 Exam 1, September 24, 2013
ECE264 Fall 2013 Exam 1, September 24, 2013 In signing this statement, I hereby certify that the work on this exam is my own and that I have not copied the work of any other student while completing it.
More informationUniversity of Toronto
University of Toronto Faculty of Applied Science and Engineering Midterm November, 2010 ECE244 --- Programming Fundamentals Examiners: Tarek Abdelrahman, Michael Gentili, and Michael Stumm Instructions:
More informationArrays, Strings, & Pointers
Arrays, Strings, & Pointers Alexander Nelson August 31, 2018 University of Arkansas - Department of Computer Science and Computer Engineering Arrays, Strings, & Pointers Arrays, Strings, & Pointers are
More informationCMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING
CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING LECTURE 16, SPRING 2013 TOPICS TODAY Project 6 Perils & Pitfalls of Memory Allocation C Function Call Conventions in Assembly Language PERILS
More information