EC310 Six Week Exam Spring 2015
February 12, 2015
United States Naval Academy
Electrical and Computer Engineering Department
EC310 - 6 Week Midterm – Spring 2015
1.
2.
3.
4.
5.
6.
Do a page check: you should have 8 pages including this cover sheet.
You have 50 minutes to complete this exam.
A calculator may be used for this exam.
This is a closed book and closed notes exam. You may use one single-sided hand-written page of notes.
Turn in your single-sided hand-written page of notes with your exam.
This exam may be given as a makeup exam to several midshipmen at a later time. No communication is
permitted concerning this exam with anyone who has not yet taken the exam.
Name:
____________________
Instructor:
____________________
Page 1 of 8
EC310 Six Week Exam Spring 2015
Question 1. (31 pts)
February 12, 2015
A C program begins:
#include<stdio.h>
int main( )
{
int a = 101;
char myString[4] = "ENS" ;
<more code>
The program is paused immediately after executing the line
char myString[4] = "ENS" ;
but before executing the section that says <more code> . The stack for the program at this point in time is
shown below. Note specifically that the address for the integer variable a and the address of the array
myString are shown on the figure. In the figure below, the main memory addresses are shown on the left (in
hexadecimal).
(a)
(5 pts) Annotate the diagram above to show the addresses for each of the next ten memory locations.
For each address, the first five hexadecimal digits are already filled in for you; you only need to indicate
the last three hexadecimal digits.
(b)
(3 pts) Why did the programmer state that the size of the array myString should be 4 when the array
only holds three characters? In other words, why didn't the programmer declare the array myString as:
char myString[3] = "ENS" ;
Answer:
(c)
(4 pts) Annotate the diagram above to show how the array myString is stored in memory. Express all
values in hexadecimal.
THIS PROBLEM CONTINUES ON NEXT PAGE
Page 2 of 8
EC310 Six Week Exam Spring 2015
February 12, 2015
(d)
(5 pts) Annotate the diagram above to show how the value of the variable a is stored in memory.
Express all values in hexadecimal. In addition to annotating the diagram, show your work below.
(e)
(1 pt) If, at this point, your diagram above still has blank memory locations, write "gar" in all of the
blank locations to indicate garbage values.
(f)
(2 pts) What would be displayed by the command: x/xb bffff7f8
Answer:
(g)
(3 pts) Convert the value stored in myString[ 2 ] to binary.
Answer:
Returning to the C program, the section shown as <more code> is actually this:
strcpy( myString , "2ndLT" );
printf("\n %d \n" , a );
Do not make any changes to your diagram on the previous page, since that diagram holds your answers
to questions (a) through (e)!!!
(h)
(3 pts) What is printed out by the printf statement in the box above?
Answer:
(i)
(3 pts) In the space below, explain (using, if helpful, the drawing of main memory shown below) how
you arrive at your answer to part (h). (Do not modify your picture on the previous page!)
Answer:
(j)
(2 pts) You have grown sick of this problem! So you save your C program and turn off your computer.
Where is your C program now? (Circle one choice)
In secondary memory
In the operating system
In the CPU hardware
In main memory
Page 3 of 8
EC310 Six Week Exam Spring 2015
February 12, 2015
Question 2. (25 pts) Consider the C program named funtimes.c shown below:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
(a)
#include<stdio.h>
int main( )
{
int i;
int number = 7;
}
for( i = 10 ; i > number ; i = i - 1 )
{
if( i == 9 )
printf( "%s\n" , "Fun" ) ;
else
printf( "%s\n" , "Not Fun" ) ;
}
(5 pts) What is the exact output of this C program?
Answer:
You run this program and examine the debugger's partial output, shown below.
THIS PROBLEM CONTINUES ON NEXT PAGE
Page 4 of 8
EC310 Six Week Exam Spring 2015
(b)
(2 pts) Where (physically) is the eip register? (Circle one choice)
In the C program
(c)
February 12, 2015
In the operating system
In the CPU hardware
In main memory
(3 pts) What is the next assembly language instruction that will be executed?
Answer:
(d)
(3 pts) Suppose, given the picture above, you enter the command: nexti. After you enter this
command, what is the value stored in the eip register?
Answer:
(e)
(f)
(2 pts) Complete the sentence: The eip register holds an address in the program's… (circle one choice)
i.
CPU section
ii.
Stack frame
iii.
Text segment
iv.
Dynamic memory space
v.
Variable allocation
(3 pts) Considering the values of esp and ebp, how many bytes are in this stack frame? Show your
reasoning.
Answer:
(g)
(4 pts) What is the address where the variable number is stored in memory? Your answer should be
an address expressed as eight hexadecimal digits. Briefly explain your answer.
Answer:
(h)
(3 pts) Consider the assembly language instruction
cmp
DWORD
PTR
[ebp-4],0x9
What line of C code does this correspond to?
Answer:
Page 5 of 8
EC310 Six Week Exam Spring 2015
February 12, 2015
Question 3. (5 pts) What is the fundamental issue with the C programming language that makes a buffer
overflow exploit possible? (Your answer should be limited to a sentence or two.)
Answer:
Question 4. (8 pts)
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
Consider the C program below:
#include<stdio.h>
int main()
{
char saying[20] = "To be or not to be." ;
char *ptr ;
ptr = saying + 4;
strcpy( ptr , "ring" );
}
printf( "%s\n" , saying );
Note that the string named saying is initialized in line 4, and saying is then printed out on line 12.
What is the output of this C program? Explain your answer in a few sentences or a sketch.
Answer:
Page 6 of 8
EC310 Six Week Exam Spring 2015
February 12, 2015
Question 5. (16 pts) Consider the program shown on the right:
#include<stdio.h>
(a)
void myfunction()
{
int a = 2003;
}
(2 pts) How many functions are in this program?
Answer:
(b)
(c)
(2 pts) In the line of code: void myfunction()
what does the word void mean? (Choose one)
int main()
{
myfunction();
}
i.
The function has no arguments.
ii.
The function has no parameters.
iii.
The function does not return a value.
iv.
The function does not perform a useful task.
v.
Copies of the values of the arguments are plugged in to the parameters.
(6 pts) Before myfunction is called, two items will be placed onto the stack. What are the names of
these two items? (For example, if you believe that the items placed on the stack before the function call
are the stack pointer and the address of main, your answer would be: Item 1: esp , Item 2: main's
address.)
Item 1:
Item 2:
(d)
(6 pts) The program above is run up to the point immediately before the function named myfunction
is called. The debugger output shown below is produced. Determine the correct values for the answers
you gave for part (c) above; i.e., determine the correct values for the two items that must be saved on the
stack prior to the function call. Write your answers next to the two item names in part (c) above.
Page 7 of 8
EC310 Six Week Exam Spring 2015
February 12, 2015
Question 6. (15 pts) Consider the program below, named welcoming_message.c . The program
prompts the user to enter their name, then provides them a warm and comforting welcome message. And what
could be wrong with that?
#include<stdio.h>
void greetings(int length_of_name)
{
int year = 2015;
char name[length_of_name];
}
printf("Enter your name: ");
scanf("%s", name);
printf("Hello: %s! Welcome to %d.\n", name, year);
int main()
{
int name_len = 15;
greetings(name_len);
}
Assume that no padding (extra space) is created when stack frames are created.
(a)
(10 pts) When you are prompted to enter your name, what is the minimum number of characters you
can enter to completely overwrite the value of the variable name_len which is declared in main?
Justify your reasoning and show your work.
(b)
(5 pts) Is it possible to change the value of the variable named year declared in the function
greetings by performing a buffer overflow attack? Why or why not? Justify your reasoning.
Turn in your equation sheet with your exam!
Page 8 of 8