United States Naval Academy Electrical and Computer Engineering Department EC310-6 Week Midterm Spring 2015

Similar documents
United States Naval Academy Electrical and Computer Engineering Department EC310-6 Week Midterm Spring AY2017

United States Naval Academy Electrical and Computer Engineering Department EC312-6 Week Midterm Spring 2016

6 WEEK EXAM NAME: ALPHA: SECTION:

Chapter 7: User Defined Functions and Stack Mechanics

EC312 Chapter 5: Intro to Pointers

EC312 Chapter 4: Arrays and Strings

Chapter 3: Arrays and More C Functionality

Buffer-Overflow Attacks on the Stack

16.317: Microprocessor Systems Design I Fall 2013

MIDTERM TEST EESC 2031 Software Tools June 13, Last Name: First Name: Student ID: EECS user name: TIME LIMIT: 110 minutes

231 Spring Final Exam Name:

Non-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT/2000/XP

CSE 332 Spring 2013: Midterm Exam (closed book, closed notes, no calculators)

UNIVERSITY OF TORONTO FACULTY OF APPLIED SCIENCE AND ENGINEERING

CSC 126 FINAL EXAMINATION Spring Total Possible TOTAL 100

Computer Systems Lecture 9

Buffer-Overflow Attacks on the Stack

CSE 361S Intro to Systems Software Lab Assignment #4

Midterm I Exam Principles of Imperative Computation Frank Pfenning. February 17, 2011

CYSE 411/AIT681 Secure Software Engineering Topic #12. Secure Coding: Formatted Output

2/9/18. CYSE 411/AIT681 Secure Software Engineering. Readings. Secure Coding. This lecture: String management Pointer Subterfuge

Question 4.2 2: (Solution, p 5) Suppose that the HYMN CPU begins with the following in memory. addr data (translation) LOAD 11110

School of Computer Science Introduction to Algorithms and Programming Winter Midterm Examination # 1 Wednesday, February 11, 2015

The Edward S. Rogers Sr. Department of Electrical and Computer Engineering

CS , Fall 2004 Exam 1

Introduction to Computer Systems. Exam 1. February 22, This is an open-book exam. Notes are permitted, but not computers.

Homework 3 CS161 Computer Security, Fall 2008 Assigned 10/07/08 Due 10/13/08

Subject: Fundamental of Computer Programming 2068

Midterm Exam 1 Solutions C Programming Dr. Beeson, Spring 2009

CS Introduction to Programming Midterm Exam #2 - Prof. Reed Fall 2015

CS61, Fall 2012 Midterm Review Section

16.317: Microprocessor Systems Design I Fall 2014

CSE 332 Spring 2014: Midterm Exam (closed book, closed notes, no calculators)

UNIVERSITY OF TORONTO FACULTY OF APPLIED SCIENCE AND ENGINEERING

Buffer Overflows Defending against arbitrary code insertion and execution

Introduction to Computer Systems. Exam 2. April 11, Notes and calculators are permitted, but not computers.

ENEE 457: Computer Systems Security. Lecture 16 Buffer Overflow Attacks

UNIVERSITY OF TORONTO FACULTY OF APPLIED SCIENCE AND ENGINEERING

19-Nov CSCI 2132 Software Development Lecture 29: Linked Lists. Faculty of Computer Science, Dalhousie University Heap (Free Store)

These problems are provided to you as a guide for practice. The questions cover important concepts covered in class.

Computer Programming. C Array is a collection of data belongings to the same data type. data_type array_name[array_size];

DECLARAING AND INITIALIZING POINTERS

Dynamic Memory Allocation and Command-line Arguments

Final exam. Scores. Fall term 2012 KAIST EE209 Programming Structures for EE. Thursday Dec 20, Student's name: Student ID:

CNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux

Final Exam 1 /12 2 /12 3 /10 4 /7 5 /4 6 /10 7 /8 8 /9 9 /8 10 /11 11 /8 12 /10 13 /9 14 /13 15 /10 16 /10 17 /12. Faculty of Computer Science

Language comparison. C has pointers. Java has references. C++ has pointers and references

Functions in C. Lecture Topics. Lecture materials. Homework. Machine problem. Announcements. ECE 190 Lecture 16 March 9, 2011

Lecture 9 Assertions and Error Handling CS240

CSC 438 Systems and Software Security, Spring 2014 Instructor: Dr. Natarajan Meghanathan Question Bank for Module 6: Software Security Attacks

CS 161 Computer Security

CS/ECE 354 Practice Midterm Exam Solutions Spring 2016

Scheme G. Sample Test Paper-I. Course Name : Computer Engineering Group Course Code : CO/CD/CM/CW/IF Semester : Second Subject Tile : Programming in C

Basic Buffer Overflows

CSE 351. GDB Introduction

Dalhousie University CSCI 2132 Software Development Winter 2018 Midterm Examination II March 12 15:37-16:24

Q1: Multiple choice / 20 Q2: C input/output; operators / 40 Q3: Conditional statements / 40 TOTAL SCORE / 100 EXTRA CREDIT / 10

INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Stamp / Signature of the Invigilator

buffer overflow exploitation

Variables Data types Variable I/O. C introduction. Variables. Variables 1 / 14

EE 312 Fall 2018 Midterm 1 Version A October 10, 2018

CSCE 548 Building Secure Software Integers & Integer-related Attacks & Format String Attacks. Professor Lisa Luo Spring 2018

Introduction to C Language (M3-R )

One-Slide Summary. Lecture Outline. Language Security

ESC101N: Fundamentals of Computing End-sem st semester

Pointers (part 1) What are pointers? EECS We have seen pointers before. scanf( %f, &inches );! 25 September 2017

CS , Fall 2002 Exam 1

Programming Studio #9 ECE 190

This exam is to be taken by yourself with closed books, closed notes, no calculators.

Introduction to Computer Systems. Exam 1. February 22, Model Solution fp

COP Programming Concepts Spring 1999 CLOSED BOOK Exam #1 100 Points NAME

CSE 333 Midterm Exam 5/10/13

CS16 Midterm Exam 1 E01, 10S, Phill Conrad, UC Santa Barbara Wednesday, 04/21/2010, 1pm-1:50pm

Practical Malware Analysis

Sample Midterm (Spring 2010)

CSE 332 Autumn 2013: Midterm Exam (closed book, closed notes, no calculators)

Midterm Exam #2 April 20, 2016 CS162 Operating Systems

Problem 2 Add the two 2 s complement signed 8-bit values given below, and express your answer in decimal.

Name: CMSC 313 Fall 2001 Computer Organization & Assembly Language Programming Exam 1. Question Points I. /34 II. /30 III.

Dynamic Memory Allocation

Q1: /20 Q2: /30 Q3: /24 Q4: /26. Total: /100

CNIT 127: Exploit Development. Ch 1: Before you begin. Updated

Computer Architecture I Midterm I

Computer Systems Organization V Fall 2009

CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING LECTURE 13, SPRING 2013

CSC 2400: Computer Systems. Using the Stack for Function Calls

CA31-1K DIS. Pointers. TA: You Lu

ECE 2035 Programming HW/SW Systems Fall problems, 5 pages Exam Three 28 November 2012

Time: 8:30-10:00 pm (Arrive at 8:15 pm) Location What to bring:

Linux Memory Layout. Lecture 6B Machine-Level Programming V: Miscellaneous Topics. Linux Memory Allocation. Text & Stack Example. Topics.

C BOOTCAMP DAY 2. CS3600, Northeastern University. Alan Mislove. Slides adapted from Anandha Gopalan s CS132 course at Univ.

CSE 373 Spring 2010: Midterm #1 (closed book, closed notes, NO calculators allowed)

M4.1-R3: PROGRAMMING AND PROBLEM SOLVING THROUGH C LANGUAGE

CSE 509: Computer Security

CSE 373 Autumn 2010: Midterm #1 (closed book, closed notes, NO calculators allowed)

CMPT 102 Introduction to Scientific Computer Programming. Input and Output. Your first program

ECE264 Fall 2013 Exam 1, September 24, 2013

University of Toronto

Arrays, Strings, & Pointers

CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING

Transcription:

United States Naval Academy Electrical and Computer Engineering Department EC310-6 Week Midterm Spring 2015 1. Do a page check: you should have 8 pages including this cover sheet. 2. You have 50 minutes to complete this exam. 3. A calculator may be used for this exam. 4. This is a closed book and closed notes exam. You may use one single-sided hand-written page of notes. 5. Turn in your single-sided hand-written page of notes with your exam. 6. This exam may be given as a makeup exam to several midshipmen at a later time. No communication is permitted concerning this exam with anyone who has not yet taken the exam. Name: Instructor: Page 1 of 8

Question 1. (31 pts) A C program begins: #include<stdio.h> int main( ) int a = 101; char mystring[4] = "ENS" ; <more code> The program is paused immediately after executing the line char mystring[4] = "ENS" ; but before executing the section that says <more code>. The stack for the program at this point in time is shown below. Note specifically that the address for the integer variable a and the address of the array mystring are shown on the figure. In the figure below, the main memory addresses are shown on the left (in hexadecimal). (a) (b) (c) (5 pts) Annotate the diagram above to show the addresses for each of the next ten memory locations. For each address, the first five hexadecimal digits are already filled in for you; you only need to indicate the last three hexadecimal digits. (3 pts) Why did the programmer state that the size of the array mystring should be 4 when the array only holds three characters? In other words, why didn't the programmer declare the array mystring as: char mystring[3] = "ENS" ; (4 pts) Annotate the diagram above to show how the array mystring is stored in memory. Express all values in hexadecimal. THIS PROBLEM CONTINUES ON NEXT PAGE Page 2 of 8

(d) (5 pts) Annotate the diagram above to show how the value of the variable a is stored in memory. Express all values in hexadecimal. In addition to annotating the diagram, show your work below. (e) (f) (1 pt) If, at this point, your diagram above still has blank memory locations, write "gar" in all of the blank locations to indicate garbage values. (2 pts) What would be displayed by the command: x/xb bffff7f8 (g) (3 pts) Convert the value stored in mystring[ 2 ] to binary. Returning to the C program, the section shown as <more code> is actually this: strcpy( mystring, "2ndLT" ); printf("\n %d \n", a ); Do not make any changes to your diagram on the previous page, since that diagram holds your answers to questions (a) through (e)!!! (h) (3 pts) What is printed out by the printf statement in the box above? (i) (3 pts) In the space below, explain (using, if helpful, the drawing of main memory shown below) how you arrive at your answer to part (h). (Do not modify your picture on the previous page!) (j) (2 pts) You have grown sick of this problem! So you save your C program and turn off your computer. Where is your C program now? (Circle one choice) In secondary memory In the operating system In the CPU hardware In main memory Page 3 of 8

Question 2. (25 pts) Consider the C program named funtimes.c shown below: 1. #include<stdio.h> 2. int main( ) 3. 4. int i; 5. int number = 7; 6. 7. for( i = 10 ; i > number ; i = i - 1 ) 8. 9. if( i == 9 ) 10. printf( "%s\n", "Fun" ) ; 11. else 12. printf( "%s\n", "Not Fun" ) ; 13. } 14. } (a) (5 pts) What is the exact output of this C program? You run this program and examine the debugger's partial output, shown below. THIS PROBLEM CONTINUES ON NEXT PAGE Page 4 of 8

(b) (2 pts) Where (physically) is the eip register? (Circle one choice) In the C program In the operating system In the CPU hardware In main memory (c) (d) (e) (f) (3 pts) What is the next assembly language instruction that will be executed? (3 pts) Suppose, given the picture above, you enter the command: nexti. After you enter this command, what is the value stored in the eip register? (2 pts) Complete the sentence: The eip register holds an address in the program's (circle one choice) i. CPU section ii. iii. iv. Stack frame Text segment Dynamic memory space v. Variable allocation (3 pts) Considering the values of esp and ebp, how many bytes are in this stack frame? Show your reasoning. (g) (4 pts) What is the address where the variable number is stored in memory? Your answer should be an address expressed as eight hexadecimal digits. Briefly explain your answer. (h) (3 pts) Consider the assembly language instruction cmp DWORD PTR [ebp-4],0x9 What line of C code does this correspond to? Page 5 of 8

Question 3. (5 pts) What is the fundamental issue with the C programming language that makes a buffer overflow exploit possible? (Your answer should be limited to a sentence or two.) Question 4. (8 pts) Consider the C program below: 1. #include<stdio.h> 2. int main() 3. 4. char saying[20] = "To be or not to be." ; 5. 6. char *ptr ; 7. 8. ptr = saying + 4; 9. 10. strcpy( ptr, "ring" ); 11. 12. printf( "%s\n", saying ); 13. } Note that the string named saying is initialized in line 4, and saying is then printed out on line 12. What is the output of this C program? Explain your answer in a few sentences or a sketch. Page 6 of 8

Question 5. (16 pts) Consider the program shown on the right: (a) (2 pts) How many functions are in this program? (b) (2 pts) In the line of code: void myfunction() what does the word void mean? (Choose one) i. The function has no arguments. ii. iii. iv. The function has no parameters. The function does not return a value. The function does not perform a useful task. #include<stdio.h> void myfunction() int a = 2003; } int main() myfunction(); } v. Copies of the values of the arguments are plugged in to the parameters. (c) (6 pts) Before myfunction is called, two items will be placed onto the stack. What are the names of these two items? (For example, if you believe that the items placed on the stack before the function call are the stack pointer and the address of main, your answer would be: Item 1: esp, Item 2: main's address.) Item 1: Item 2: (d) (6 pts) The program above is run up to the point immediately before the function named myfunction is called. The debugger output shown below is produced. Determine the correct values for the answers you gave for part (c) above; i.e., determine the correct values for the two items that must be saved on the stack prior to the function call. Write your answers next to the two item names in part (c) above. Page 7 of 8

Question 6. (15 pts) Consider the program below, named welcoming_message.c. The program prompts the user to enter their name, then provides them a warm and comforting welcome message. And what could be wrong with that? #include<stdio.h> void greetings(int length_of_name) int year = 2015; char name[length_of_name]; } printf("enter your name: "); scanf("%s", name); printf("hello: %s! Welcome to %d.\n", name, year); int main() int name_len = 15; greetings(name_len); } Assume that no padding (extra space) is created when stack frames are created. (a) (10 pts) When you are prompted to enter your name, what is the minimum number of characters you can enter to completely overwrite the value of the variable name_len which is declared in main? Justify your reasoning and show your work. (b) (5 pts) Is it possible to change the value of the variable named year declared in the function greetings by performing a buffer overflow attack? Why or why not? Justify your reasoning. Turn in your equation sheet with your exam! Page 8 of 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback