EC310 6-week Review.

Slides:



Advertisements
Similar presentations
Topic Reviews For Unit ET156 – Introduction to C Programming Topic Reviews For Unit
Advertisements

Recitation 4 Outline Buffer overflow –Practical skills for Lab 3 Code optimization –Strength reduction –Common sub-expression –Loop unrolling Reminders.
Smashing the Stack for Fun and Profit
What is a pointer? First of all, it is a variable, just like other variables you studied So it has type, storage etc. Difference: it can only store the.
EC312 Review. Rules of Engagement Teams selected by instructor Host will read the entire questions. Only after, a team may “buzz” by raise of hand A team.
Copyright © 2012 Pearson Education, Inc. Chapter 1: Introduction to Computers and Programming.
Introduction to C Programming Overview of C Hello World program Unix environment C programming basics.
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.
Copyright © 2012 Pearson Education, Inc. Chapter 1: Introduction to Computers and Programming.
Chapter Introduction to Computers and Programming 1.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Chapter 1: Introduction to Computers and Programming.
Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 1: Introduction to Computers and Programming.
/* C Programming for the Absolute Beginner */ // by Michael Vine #include main() { printf(“\nC you later\n”); system(“pause”); }
1 File Handling. 2 Storage seen so far All variables stored in memory Problem: the contents of memory are wiped out when the computer is powered off Example:
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
/* C Programming for the Absolute Beginner */ // by Michael Vine #include main() { printf(“\nC you later\n”); system(“pause”); }
EC week Review. Rules of Engagement Teams selected by instructor Host will read the entire questions. Only after, a team may “buzz” by raise of.
CSE 351 Final Exam Review 1. The final exam will be comprehensive, but more heavily weighted towards material after the midterm We will do a few problems.
Functions. Motivation What is a function? A function is a self-contained unit of program code designed to accomplish a particular task. We already used.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2014.
EC310 6-week Review. Rules of Engagement Teams selected by instructor Host will read the entire questions. Only after, a team may “buzz” by raise of hand.
Chapter 1: Introduction to Computers and Programming
ARRAYS.
Buffer Overflow By Collin Donaldson.
Buffer Overflow Walk-Through
LINKED LISTS.
Computer Architecture and Assembly Language
Stack and Heap Memory Stack resident variables include:
User-Written Functions
Course Contents KIIT UNIVERSITY Sr # Major and Detailed Coverage Area
Chapter 12 Variables and Operators
2008/11/19: Lecture 18 CMSC 104, Section 0101 John Y. Park
Microprocessor Systems Design I
Memory, Data, & Addressing II CSE 351 Autumn 2017
Lecture 8 String 1. Concept of strings String and pointers
Chapter 12 Variables and Operators
Homework Reading Machine Projects Labs PAL, pp ,
Arrays in C.
COMP3221: Microprocessors and Embedded Systems
Buffer Overflow Walk-Through
Chapter 12 Variables and Operators
Arrays, Part 1 of 2 Topics Definition of a Data Structure
CNG 140 C Programming (Lecture set 8)
Topics Introduction Hardware and Software How Computers Store Data
EECE.3170 Microprocessor Systems Design I
EECE.3170 Microprocessor Systems Design I
EECE.3170 Microprocessor Systems Design I
Arrays, Part 1 of 2 Topics Definition of a Data Structure
File Handling.
Pointers The C programming language gives us the ability to directly manipulate the contents of memory addresses via pointers. Unfortunately, this power.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2015.
Arrays, Part 1 of 2 Topics Definition of a Data Structure
Arrays, Part 1 of 2 Topics Definition of a Data Structure
CNT4704: Analysis of Computer Communication Network Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Fall 2011.
Lecture 2 SCOPE – Local and Global variables
EECE.3170 Microprocessor Systems Design I
Your questions from last session
Arrays, Part 1 of 2 Topics Definition of a Data Structure
IPC144 Introduction to Programming Using C Week 4 – Lesson 1
8051 ASSEMBLY LANGUAGE PROGRAMMING
Chapter 11 Programming in C
2008/11/19: Lecture 18 CMSC 104, Section 0101 John Y. Park
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2016.
Arrays, Part 1 of 2 Topics Definition of a Data Structure
Arrays, Part 1 of 2 Topics Definition of a Data Structure
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2013.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2010.
Format String Vulnerability
Chapter 1: Introduction to Computers and Programming
Presentation transcript:

EC310 6-week Review

Rules of Engagement Teams selected by instructor Host will read the entire questions. Only after, a team may “buzz” by raise of hand A team must answer the question within 5 seconds after buzzing in (must have answer at hand) If the answer is incorrect, the team will lose its turn and another team may buzz in. No score will be deducted. No negative scores. Maximum score is 100. Once reached, that team will stand down for others to participate. Teams will earn all points scored at the end of game. When selecting a question, Teams must only select questions of different value, unless there are no others, but may be from different categories. All team members will participate and will answer questions Only one round - No Daily Doubles, Double Jeopardy or Final Jeopardy … and no partial credits!

Jeopardy! 10 pts 10 pts 10 pts 10 pts 10 pts 10 pts 20 pts 20 pts Computer Architect & Number Systems C Assembly and Memory Pointers, Arrays & Strings Functions and Stack / Heap Buffer Overflow 10 pts 20 pts 40 pts 60 pts 10 pts 10 pts 10 pts 10 pts 10 pts 10 pts 20 pts 20 pts 20 pts 20 pts 20 pts 20 pts 40 pts 40 pts 40 pts 40 pts 40 pts 40 pts 60 pts 60 pts 60 pts 60 pts 60 pts 60 pts

Comp Arch & Numbers 10 pts Properly define the items below. Hardware: Software: Main memory: Secondary memory: CPU: OS: the electrical and mechanical components that make up a computer system the instructions that tell the computer how to do a specific job (aka: RAM) it stores the input data, instructions that will process the data, and results of calculations until they are moved to a permanent location. It is volatile. a more permanent memory for long-term storage of data before and after it is used. Ex. Hard drive, CD, DVD, flash memory (USB thumb drives) Central Processing Unit. It is the “brain” of the computer. It executes the instructions that process data the most important software. Acts as an interface between the computer and the user.

C 10 pts What is the exact output of the C code below? Ans = 3 #include <stdio.h> { int pie; pie = 3.14; printf (pie); } Ans = 3 (pie is an integer)

Assembly and Memory 10 pts How many bits are represented in an address? 4 bits per number, 8 numbers per address = 32 bits

Pointers, Arrays & Strings 10 pts What is the address operator used to access the address of a variable? &

Functions and Stack / Heap 10 pts True or False: The Heap grows from the top (smaller memory address) down (to larger memory addresses) making it grow towards the stack. In fact the stack and the heap compete for memory space and it is the programmer who must take care of the heap. True

Buffer Overflow 10 pts What feature of C makes a buffer overflow attack possible? C compilers do not check for going beyond the bounds of an array!

Comp Arch & Numbers 20 pts Express the binary number 01011010 as a decimal number. Ans= 64+16+8+2 = 9010

C 20 pts How many total bytes would be needed to store the following variables? int time_1, time_2, time_3; float PRT = 9.5; char mid_1, mid_2, mid_3; int score; integers: 4 x 4 = 16 floats: 1 x 4 = 4 characters: 3 x 1 = 3 TOTAL = 23 bytes

Assembly and Memory 20 pts Name the processor registers and their purpose: eip (instruction pointer) – it holds the address of the next instruction the CPU intends to execute esp (stack pointer) – it holds the address of the top of the stack ebp (base pointer) – points to the first address right below the stack

Pointers, Arrays & Strings 20 pts What would be the output of the code below? #include <stdio.h> #include <string.h> int main() { char phrase[] = “Military Academy”; strcpy (phrase, “Naval Academy”); printf(“%s\n”, phrase); } Naval Academy

Functions and Stack / Heap 20 pts What elements are stored in memory and in what order are they stacked during a function call from main? Function’s Variables Saved value of prior ebp Return Address Function’s Arguments Main’s Variables

Buffer Overflow 20 pts For the following program invocation: midshipman@EC310 ~ $ ./a.out one 8 mate What is the value of argc? What is the value of argv[1]? Is it possible to write these as the first instructions in main? Why? int i; i = argv[2]; 4 one No, argv[2] is of type string

Comp Arch & Numbers 40 pts Convert the decimal number 300 to hexadecimal ___1___ ___2___ ___C___ 162=256 161=16 160=1 300 ÷ 256 = 1.xxx 1 300 - 256 = 44 44 ÷ 16 = 2.xxx 2 44 – 32 = 12 C Ans = 0x12C

C 40 pts Consider the code below. What is the exact output if the user enters 4 when prompted? #include<stdio.h> int main( ) {         int number , counter ;         printf( "Enter a number: " ) ;           scanf( "%d" , &number );         if( number != 5 )                 printf( "Is %d your favorite number?\n“, number );         else                 printf( “Navy\n" );         for(counter = number ; counter < 8 ; counter = counter * 2)                 printf( “What’s for lunch?\n" ); } Is 4 your favorite number? What’s for lunch?

Assembly and Memory 40 pts Consider the screen capture. a) What is the next assembly instruction to be performed? b) At what address is this instruction stored? c) What would be the value of eip? a) mov DWORD PTR [esp] , 0x8048474 b) 0x8048384 c) 0x8048384

Pointers, Arrays & Strings 40 pts What is the output of the program below? #include <stdio.h> int main() { int salary[4] = {1000, 1500, 2000}; int j; for(j = 0 ; j <= 3; j = j + 1) printf(“Salary %d is %d \n”, j+1, salary[j]); } By initializing only the first part of the array, the remaining elements are initialized to zero. Salary 1 is 1000 Salary 2 is 1500 Salary 3 is 2000 Salary 4 is 0

}function arguments }what are these? Functions and Stack / Heap 40 pts Consider the code below where a break has been set at line 10. Fill the missing items in the stack? 1 void test_function( int a, int b, int c, int d, int e) 2 { 3 int flag; 4 char buffer[10]; 5 6 flag = 256; 7 buffer[0] = ‘U’; 8 buffer[1] = ‘S’; 9 buffer[2] = ‘A’; 10 } 11 int main () 12 { 13 test_function(5,6,7,8,9); 14 } Hex ASCII 0x41 A 0x53 S 0x55 U 0x55 0x53 0x41 0x00 buffer 0x01 flag 0x18 0xf8 0xff 0xbf previous ebp 0x05 }function arguments 0x06 0x07 0x08 0x09 bfff818 ebp_main 0x55 0x53 0x41 0x00 Name? 0x01 0x18 0xf8 0xff 0xbf What is this? 0x05 }what are these? 0x06 0x07 0x08 0x09 bfff818 ebp_main

Buffer Overflow 40 pts Consider the code below. What is the minimum amount of characters needed in the string alpha_code to change the value of a in the stack? float happy_times(int x, float y) { char alpha_code[7]; float sum; sum = x + y; Return sum; } int main() int a = 77; float b = 3.14159; a = happy_times(a,b) + 1; exit(1); alpha_code = 7 saved ebp = 4 Ret Add = 4 copy of x = 4 copy of y = 4 b = 4 “change value of a” = change 1 byte …so TOTAL = 7+4+4+4+4+4 = 27

Comp Arch & Numbers 60 pts What is the hexadecimal number that results from the calculation: 0x1A6 + 0xD97 Solution: Starting from the right… 6 + 7 = 13 = 0xD A + 9 = 19 = 16 + 3 = 0x13 (the 1 is carried over) 1 + D = 14 + 1(carried over) = 15 = 0xF So… Ans = 0xF3D

C 60 pts Complete the code below to return the factorial of a number (hint: use for loop) #include<stdio.h> int main ( ) { int number, counter; printf(“Enter a number and I will return its factorial:”); scanf( “%d” , &number ); //enter 2 lines //of code here printf(“The factorial is: %d \n”, number ); } for (counter = number; counter > 1; counter = counter-1) number = number * (counter-1); also… for (counter = 1; counter < number; counter = counter+1) number = number * counter;

Assembly and Memory 60 pts Consider the memory stack allocation below. What would be displayed by these commands? x/s 0x08048385 x/xw 0x08048384 SNA 0x414e5355 Address Data ASCII 08048384 0x55 U 08048385 0x53 S 08048386 0x4e N 08048387 0x41 A 08048388 0x00 null

Pointers, Arrays & Strings 60 pts Consider the code and the stack below. What would be the output of the program? (assume the stack is contiguous without padding between addresses) #include<stdio.h> int main() { int a = 11; int *a_ptr; a_ptr = &a; printf(“\nThe value of a is %d and the address is %x \n”, a, &a); printf(“\nThe value of a_ptr is %x and the address is %x \n\n”, a_ptr, &a_ptr); } bffff84c esp 0x50 0xf8 0xff 0xbf 0x0b 0x00 ebp a_ptr bffff850 a The value of a is 11 and the address is bffff850 The value of a_ptr is bffff850 and the address if bffff84c

Functions and Stack / Heap 60 pts Consider the code below. Give the different variable values at specific break points. 1 #include <stdio.h> 2 int AbsVal( int number) 3 { 4 int AV; 5 if(number >=0) 6 { 7 AV = number; 8 } 9 else 10 { 11 AV = -1*number; 12 } 13 return AV; 14 } 15 int main() 16 { 17 int x, y; 18 x = -1; 19 y = AbsVal(x); 20 printf("The absolute value of the integer is %d\n" , y); 21 } Breakpoint x y number AV Line 18 garbage Line 19 -1 Line 5 Line 13 1 Line 20 Breakpoint x y number AV Line 18 ? Line 19 Line 5 Line 13 Line 20

Buffer Overflow 60 pts Consider the code below. A break was set at line 15, at which time the command i r ebp returned the value 0xbffff800. The code was allowed to continue until it prompted its message. Would a segmentation fault occur if the user inadvertently enters 14 characters? Explain. 1 #include<stdio.h> 2 void echo_string() 3 { 4 int count; 5 char entered_string[10]; 6 printf(“Enter a string: “); 7 scanf(“%s”, entered_string); 8 for(count=0; count < 10; count=count+1) 9 { 10 printf(“%s\n”,entered_string); 11 } 12 } 13 int main() 14 { 15 echo_string(); 16 } No. Although 14 characters would cause a byte to overwrite saved_ebp, the null would only replace byte 0x00, so the value does not change and therefore there is no access to memory outside that that was allotted and thus no SegFault.

Score Card Team Tally Score