United States Naval Academy Electrical and Computer Engineering Department

advertisement
EC310 Six Week Exam Fall 2014
September 25, 2014
United States Naval Academy
Electrical and Computer Engineering Department
EC310 - 6 Week Midterm – Fall 2014
1.
2.
3.
4.
5.
6.
Do a page check: you should have 8 pages including this cover sheet.
You have 50 minutes to complete this exam.
A calculator may be used for this exam.
This is a closed book and closed notes exam. You may use one single-sided hand-written page of notes.
Turn in your single-sided hand-written page of notes with your exam.
This exam may be given as a makeup exam to several midshipmen at a later time. No communication is
permitted concerning this exam with anyone who has not yet taken the exam.
Name:
______KEY______________
Instructor:
____________________
Page 1 of 8
EC310 Six Week Exam Fall 2014
September 25, 2014
Question 1. (18 pts) Consider the picture of main memory shown below. The addresses are shown on the left
(in hexadecimal), and the contents of the addresses are shown on the right (in hexadecimal). For example, the
contents of memory location bffff806 is 0x2f.
(a)
(4 pts) Annotate the diagram above to show the addresses for each of the next eight memory locations.
For each address, the first five hexadecimal digits are already filled in for you; you only need to indicate
the last three hexadecimal digits.
See above.
1 pt for address 80a following 809
1 pt for address 810 in last position
1/3 point for the other entries.
(b)
(2 pts) If you were to write out the value of an address (such as bffff806) in binary, how many bits
would you need? (Note that the question refers to the address itself, not the contents stored at an
address.)
Answer:
(c)
(2 pts) The number of bits that you answered for part (b) is equivalent to how many bytes?
Answer:
(d)
0x12f
(1 point deduction for 0x2f01) (1 point deduction for 0x2f)
(4 pts) What is the decimal value of the integer stored at this location? Show work.
Answer:
(f)
4 bytes NPC, CTE from part (b) okay
(2 pts) You are told that an integer is stored at address bffff806. What is the hexadecimal value of
the integer stored at this location?
Answer:
(e)
32 bits NPC
303 CTE from part (d) okay
(4 pts) Note the arrow in the picture above, pointing to the memory location holding 0x50. You are
told that this is the first character in a string named my_math. If this string is printed with the command
printf( "%s" , my_math);
what would be displayed on the monitor?
Answer:
Pi (2 point deduction for just the letter P)
Page 2 of 8
EC310 Six Week Exam Fall 2014
September 25, 2014
Question 2. (16 pts) Consider the C program named inspirational_message.c shown below:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
#include<stdio.h>
int main( )
{
char A[ 10 ] = "Fun" ;
char B[ 10 ] = "Cyber" ;
int i;
int number;
(a)
(2 pts) If this program is being executed, it must reside in (circle one choice):
printf("Enter an integer between 1 and 10 for inspiration:");
scanf( "%d" , &number );
}
for( i = 1 ; i <= number ; i = i + 1 )
{
if( i == 2 )
printf( "%s\n" , A ) ;
else
printf( "%s\n" , B ) ;
}
The operating system
(b)
The CPU
Main memory NPC
Secondary memory
(4 pts) Consider the variable declarations in the program above (lines 4 through 7). How many total
bytes are reserved for all of the variables used by this program?
Answer: 10 + 10 + 4 + 4 = 28 bytes (1 point for each of the four values)
(c)
(2 pts) If you start running the program, but stop execution at line 8, what will be the value of the
variable number? (Circle one choice)
1
(d)
8
A garbage value NPC
Cyber
Fun
Cyber
(1 point)
(2 points)
(1 point)
(1 point deduction for having a fourth line of output)
(2 point deduction for: B (newline) A (newline) B )
(2 pts) What do I have to do to the program inspirational_message.c in order to execute it,
and why do I need to do this? (Circle one choice.)
(i)
(ii)
(iii)
NPC (iv)
(f)
The same value as i
(4 pts) What is the exact output of this C program if the user enters 3 when prompted to enter an
integer?
Answer:
(e)
10
I have to assemble the program because the computer only understands machine language.
I have to compile the program because the computer only understands assembly language.
I have to assemble the program because the computer only understands assembly language.
I have to compile the program because the computer only understands machine language.
(2 pts) You save your program and shut down your computer. Your program resides in (circle one
choice):
The operating system
The CPU
Main memory
Secondary memory NPC
Page 3 of 8
EC310 Six Week Exam Fall 2014
September 25, 2014
Question 3. (5 pts) Circle the choice below that indicates the direction in which the heap grows, as well as
who has the task of controlling the heap.
2 point (a)
deduction
for (a)
The heap grows from the bottom (larger memory address) up (to a smaller memory address) and
is allocated by the programmer.
(b)
The heap grows from the bottom (larger memory address) up (to a smaller memory address) and
is allocated by the compiler. No credit for this answer.
Full credit
for (c)
(c)
2 point
deduction (d)
for (d)
(e)
The heap grows from the top (smaller memory address) down (to a larger memory address) and
is allocated by the programmer.
The heap grows from the top (smaller memory address) down (to a larger memory address) and
is allocated by the compiler.
It depends on the prolonged effects of solar and liquescent additives combined with the chemical
makeup of the heap. No credit for this answer.
Question 4. (16 pts) Consider the following C program:
1.
2.
3.
4.
5.
6.
7.
8.
9.
#include<stdio.h>
int main( )
{
char A[ 4 ] = "Fun";
int i = 7;
}
if( i == 8 )
printf( "%s\n" , A );
Answer: 'u' NPC (okay to omit single quotes)
(a)
(2 pts) What is the value of A[ 1 ] ?
(b)
(2 pts) Why were four bytes allotted for the string A, since we see that the string only needs space for
the three letters in the word Fun? Choose one answer:
(i)
NPC (ii)
(c)
An extra byte is needed for the closing quote.
An extra byte is needed to store the NULL terminator.
(iii)
It is a good programming practice to reserve more space than necessary.
(iv)
The program would not compile unless we reserve memory for 1 more byte than is
needed.
(2 pts) What would you expect to see if you printed the value of A[ 10 ]to the monitor? (Choose one)
(i)
If the program tried to print the value of A[ 10 ] , it would crash.
(ii)
If the program tried to print the value of A[ 10 ] would not compile.
(iii)
NPC (iv)
(v)
The number 0 would be printed to the monitor.
Some unknown value (a garbage value) would be printed to the monitor.
The number 00000000 (i.e., eight zeroes) would be printed to the monitor.
Page 4 of 8
EC310 Six Week Exam Fall 2014
September 25, 2014
Now, continuing this problem, an examination of the program using the debugger is shown below:
(d)
(4 pts) What is the next assembly language instruction that will be executed?
Answer:
cmp
DWORD PTR [ebp-8],0x8
(2 point deduction for the answer: 0x8048393 )
(2 point deduction for the answer: jne 0x80483ac <main+56> )
(2 point deduction for the answer: mov DWORD PTR [ebp-8], 0x7 )
(e)
(2 pts) Which assembly language instruction corresponds to the initialization of the variable i.
other words: which assembly language instruction corresponds to line 5 in the C program?)
Answer:
(f)
mov DWORD PTR [ebp-8],0x7
(In
NPC
(4 pts) What is the address where the variable i is stored in memory? Your answer should be an
address expressed as eight hexadecimal digits.
Answer:
0xbffff820
(2 point deduction for 0xbffff828 )
Question 5. (10 pts) What is the fundamental issue with the C programming language that makes a buffer
overflow exploit possible? (Your answer should be limited to a sentence or two.)
Answer:
Use judgment on grading. The answer should be along the lines of:
C programs do not automatically check to make sure they are writing beyond the memory allotted for an
array.
or
C programs do not prevent the user from attempting to write beyond the bounds of an array.
Page 5 of 8
EC310 Six Week Exam Fall 2014
September 25, 2014
Question 6. (10 pts) Consider the C program below, along with its corresponding output.
#include<stdio.h>
int main()
{
int a = 5;
int *a_ptr;
a_ptr = &a ;
printf("\nThe value of a is %d and its address is %x \n ", a , &a );
}
printf("\nThe pointer named a_ptr is at address %x \n\n" , &a_ptr );
The picture below shows a portion of main memory. Each box in the figure represents one byte of storage.
(a) (3 pts) In the picture above, fill in the appropriate memory locations to indicate the value of the
variable a. See above.
(b) (2 pts) In the picture above, write the address next to the location of where a_ptr is stored in memory.
(You should add one address to the figure above, drawn at the proper location.) See above.
(c) (5 pts) In the picture above, fill in the appropriate memory locations to indicate the value of a_ptr. See
above.
Page 6 of 8
EC310 Six Week Exam Fall 2014
September 25, 2014
Question 7. (12 pts) Consider the program below:
#include<stdio.h>
float cut_in_half( int x )
{
float y;
Answer to
part (c)
saved ebp
Answer to
part (b)
y = 0.5 * x;
}
return y;
int main( )
{
int a ;
float b ;
y
return
address
fun arg
Answer to
part (a)
Put your answer
for part (a) here
printf( "Enter an integer: " );
scanf( "%d" , &a );
b
a
b = cut_in_half( a );
}
printf( "\nHalf that number is %f\n" , b );
The program prompts the user to enter an integer, and then prints to the screen half of this number. For
example, if the user enters the number 7 when prompted, the program will print
Half that number is 3.500000
Suppose we execute the program, but stop execution immediately before the statement
b = cut_in_half( a );
(5 pts) Sketch the stack frame for the function main. Use the picture shown on the above right as a
generic picture of main memory. Since you do not know the precise addresses where any items are
stored, your sketch should be a block diagram that shows the relative positions of items on the stack
using just shapes such as these to indicate, for example, the location of the variables a, b and the
argument given to the function:
See above.
function argument
b
a
2 point deduction for any missing item
2 point deduction for each pair of items not in the correct order.
Grade cannot be less than zero.
(a)
You may assume that the compiler places no filler space between items on the stack.
(b)
(5 pts) Suppose we now prepare to execute the function call:
b = cut_in_half( a );
Annotate your diagram in part (a) to include any items that are added to the stack just prior to actually
executing the function call and resetting the stack frame for the function cut_in_half.
2 point deduction for each missing item. 1 point deduction if in the wrong order.
(c)
(2 pts) Suppose we now continue executing the program up to the line
y = 0.5 * x;
Annotate your diagram in part (b) to include the stack frame for the function cut_in_half. NPC
Page 7 of 8
EC310 Six Week Exam Fall 2014
September 25, 2014
Question 8. (13 pts) Consider the program below, named game.c. The program plays the game Space
Invaders. Notice that some of the code is not shown. The code that is not shown has no effect on the questions
that follow.
#include<stdio.h>
int space_invaders( int good_score )
{
char user_name[ 10 ];
int score;
printf( "Enter your name: ");
scanf( "%s" , user_name );
Additional code (not shown) is here.
}
return score;
int main( )
{
int highest_score = 1000 ;
int new_score;
}
new_score = space_invaders( highest_score );
printf( "\nYour score is %d \n" , new_score );
Assume that no padding (extra space) is created when stack frames are created.
(a)
(8 pts) When you are prompted to enter your name, what is the minimum number of characters you can
enter to completely overwrite the value of the variable highest_score which is declared in
main? Justify your reasoning. (Recall that when you enter a string using scanf, a NULL is
automatically added to your keyboard entry.)
Answer: 10 + 4 + 4 + 4 + 4 + 3 = 29
2 point deduction if missing the first term (the 10)
1 point deduction for each of the other five terms
in the sum above if missing (4 + 4 + 4 + 4 + 3)
1 point deduction for an answer of 28 or 30.
1 point deduction if they only attempt to
overwrite the first byte of highest_score.
Grade cannot be less than 0.
(b)
(5 pts) Is it possible to change the value of the variable named score declared in the function
space_invaders by performing a buffer overflow attack? Why or why not? Justify your
reasoning.
Use judgment on grading. The answer should be along the lines of:
No. score is declared after user_name in the program, so score is "above" user_name on
the stack. Overflowing the buffer user_name will only overwrite items below it on the stack.
Turn in your equation sheet with your exam!
Page 8 of 8
Download