Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

United States Naval Academy Electrical and Computer Engineering Department

advertisement 
EC310 Six Week Exam Spring 2015
February 12, 2015
United States Naval Academy
Electrical and Computer Engineering Department
EC310 - 6 Week Midterm – Spring 2015
1.
2.
3.
4.
5.
6.
Do a page check: you should have 8 pages including this cover sheet.
You have 50 minutes to complete this exam.
A calculator may be used for this exam.
This is a closed book and closed notes exam. You may use one single-sided hand-written page of notes.
Turn in your single-sided hand-written page of notes with your exam.
This exam may be given as a makeup exam to several midshipmen at a later time. No communication is
permitted concerning this exam with anyone who has not yet taken the exam.
Name:
____KEY____________
Instructor:
____________________
Page 1 of 11
EC310 Six Week Exam Spring 2015
Question 1. (31 pts)
February 12, 2015
A C program begins:
#include<stdio.h>
int main( )
{
int a = 101;
char myString[4] = "ENS" ;
<more code>
The program is paused immediately after executing the line
char myString[4] = "ENS" ;
but before executing the section that says <more code> . The stack for the program at this point in time is
shown below. Note specifically that the address for the integer variable a and the address of the array
myString are shown on the figure. In the figure below, the main memory addresses are shown on the left (in
hexadecimal).
(a)
(5 pts) Annotate the diagram above to show the addresses for each of the next ten memory locations.
For each address, the first five hexadecimal digits are already filled in for you; you only need to indicate
the last three hexadecimal digits.
See above.
1 pt for address 7fa following 7f9
2 pts for address 800 following 7ff
0.25 pts for each of the other 8 entries.
Page 2 of 11
EC310 Six Week Exam Spring 2015
(b)
February 12, 2015
(3 pts) Why did the programmer state that the size of the array myString should be 4 when the array
only holds three characters? In other words, why didn't the programmer declare the array myString as:
char myString[3] = "ENS" ;
Answer: NPC. An extra byte is needed to store the NULL terminator. Give full credit for
anything conveying the need for a NULL or for a "zeros" byte.
(c)
(4 pts) Annotate the diagram above to show how the array myString is stored in memory. Express all
values in hexadecimal.
See diagram above. Award 0.5 pts for each of the four entries
(d)
(5 pts) Annotate the diagram above to show how the value of the variable a is stored in memory.
Express all values in hexadecimal. In addition to annotating the diagram, show your work below.
See diagram above. Decimal 101 is 0x65.
Deduct one point if not in little endian.
Deduct one point if answer does not occupy four bytes.
Deduct one point if no work shown.
(e)
(1 pt) If, at this point, your diagram above still has blank memory locations, write "gar" in all of the
blank locations to indicate garbage values.
See diagram. CTE okay.
(f)
(2 pts) What would be displayed by the command: x/xb bffff7f8
Answer: 0x4e Deduct one point for answers that include 4e AND additional data.
(g)
(3 pts) Convert the value stored in myString[ 2 ] to binary.
Answer: 0x53 = 0101 0011 in binary. Deduct one point if answer given is 0100 1110.
Returning to the C program, the section shown as <more code> is actually this:
strcpy( myString , "2ndLT" );
printf("\n %d \n" , a );
Do not make any changes to your diagram on the previous page, since that diagram holds your answers
to questions (a) through (e)!!!
(h)
(3 pts) What is printed out by the printf statement in the box above?
Answer: 84
(Deduct one point for the answer: 54.)
Page 3 of 11
EC310 Six Week Exam Spring 2015
(i)
February 12, 2015
(3 pts) In the space below, explain (using, if helpful, the drawing of main memory shown below) how
you arrive at your answer to part (h). (Do not modify your picture on the previous page!)
Answer:
Use judgment in grading. Answer
should convey:
The T in 2ndLT overwrites the
previous value of the integer a. Now,
memory address bffff7fb contains
0x54. This is 84 when expressed in
decimal.
(j)
(2 pts) You have grown sick of this problem! So you save your C program and turn off your computer.
Where is your C program now? (Circle one choice)
In secondary memory
NPC
In the operating system
In the CPU hardware
In main memory
Page 4 of 11
EC310 Six Week Exam Spring 2015
February 12, 2015
Question 2. (25 pts) Consider the C program named funtimes.c shown below:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
(a)
#include<stdio.h>
int main( )
{
int i;
int number = 7;
}
for( i = 10 ; i > number ; i = i - 1 )
{
if( i == 9 )
printf( "%s\n" , "Fun" ) ;
else
printf( "%s\n" , "Not Fun" ) ;
}
(5 pts) What is the exact output of this C program?
Answer:
Not Fun
Fun
Not Fun
(1 point)
(2 points)
(1 points)
(1 point for correct order)
Deduct one point for each additional line of output.
You run this program and examine the debugger's partial output, shown below.
Page 5 of 11
EC310 Six Week Exam Spring 2015
(b)
(2 pts) Where (physically) is the eip register? (Circle one choice)
In the C program
(c)
February 12, 2015
In the operating system
In the CPU hardware
NPC
(3 pts) What is the next assembly language instruction that will be executed?
Answer: cmp
DWORD
PTR
[ebp-4] , 0x9
(Deduct one point for the answer: jne 0x80483b8
(d)
(f)
(give CTE from part (c))
(2 pts) Complete the sentence: The eip register holds an address in the program's… (circle one choice)
i.
CPU section
ii.
Stack frame
iii.
Text segment
iv.
Dynamic memory space
v.
Variable allocation
NPC
(3 pts) Considering the values of esp and ebp, how many bytes are in this stack frame? Show your
reasoning.
Answer:
(g)
<main+68> )
(3 pts) Suppose, given the picture above, you enter the command: nexti. After you enter this
command, what is the value stored in the eip register?
Answer: 080483a0
(e)
In main memory
0x828 – 0x810 = 0x18 = 24 bytes
(4 pts) What is the address where the variable number is stored in memory? Your answer should be
an address expressed as eight hexadecimal digits. Briefly explain your answer.
Answer: Number is stored in ebp – 8 which is bffff820
(h)
(3 pts) Consider the assembly language instruction
cmp
DWORD
PTR
[ebp-4],0x9
What line of C code does this correspond to?
Answer: if( i == 9 )
Question 3. (5 pts) What is the fundamental issue with the C programming language that makes a buffer
overflow exploit possible? (Your answer should be limited to a sentence or two.)
Answer: Use judgment on grading. The answer should be along the lines of:
or
C programs do not automatically check to make sure they are writing beyond the memory
allotted for an array.
C programs do not prevent the user from attempting to write beyond the bounds of an array.
Page 6 of 11
EC310 Six Week Exam Spring 2015
Question 4. (8 pts)
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
February 12, 2015
Consider the C program below:
#include<stdio.h>
int main()
{
char saying[20] = "To be or not to be." ;
char *ptr ;
ptr = saying + 4;
strcpy( ptr , "ring" );
}
printf( "%s\n" , saying );
Note that the string named saying is initialized in line 4, and saying is then printed out on line 12.
What is the output of this C program? Explain your answer in a few sentences or a sketch.
Answer:
To bring
(4 points)
1 point dediction for the answer: To ring
2 point deduction for the answer: To bring not to be.
Explanation ( 4 points) Use judgement on grading
Students should convey through words or a drawing that the string
ring<NULL>
is copied over the original string starting at the 4th character (the ‘e’).
Page 7 of 11
EC310 Six Week Exam Spring 2015
February 12, 2015
Question 5. (16 pts) Consider the program shown on the right:
#include<stdio.h>
(2 pts) How many functions are in this program?
void myfunction()
{
int a = 2003;
}
(a)
Answer: Two (NPC)
(b)
(2 pts) In the line of code: void myfunction()
what does the word void mean? (Choose one)
i.
The function has no arguments.
ii.
The function has no parameters.
NPC iii.
(c)
The function does not return a value.
int main()
{
myfunction();
}
iv.
The function does not perform a useful task.
v.
Copies of the values of the arguments are plugged in to the parameters.
(6 pts) Before myfunction is called, two items will be placed onto the stack. What are the names of
these two items? (For example, if you believe that the items placed on the stack before the function call
are the stack pointer and the address of main, your answer would be: Item 1: esp , Item 2: main's
address.)
Item 1: Return address (3 pts)
Item 2: Old (prior, saved) value of the base pointer ebp (3 pts)
(d)
The order in which they
give these two items
does not matter
(6 pts) The program above is run up to the point immediately before the function named
myfunction is called. The debugger output shown below is produced. Determine the correct values
for the answers you gave for part (c) above; i.e., determine the correct values for the two items that must
be saved on the stack prior to the function call. Write your answers next to the two item names in
part (c) above.
Page 8 of 11
EC310 Six Week Exam Spring 2015
February 12, 2015
The students will include the answer to part (d) along with part (c) above. The answer is:
Item 1: Return address - 0x08048368 (3 pts)
Deduct one point for the answer 0x08048363
Item 2: Old value of the base pointer ebp – 0xbffff818 (3 pts)
Page 9 of 11
EC310 Six Week Exam Spring 2015
February 12, 2015
Question 6. (15 pts) Consider the program below, named welcoming_message.c . The program
prompts the user to enter their name, then provides them a warm and comforting welcome message. And what
could be wrong with that?
#include<stdio.h>
void greetings(int length_of_name)
{
int year = 2015;
char name[length_of_name];
}
printf("Enter your name: ");
scanf("%s", name);
printf("Hello: %s! Welcome to %d.\n", name, year);
int main()
{
int name_len = 15;
greetings(name_len);
}
Assume that no padding (extra space) is created when stack frames are created.
(a)
(10 pts) When you are prompted to enter your name, what is the minimum number of characters you
can enter to completely overwrite the value of the variable name_len which is declared in main?
Justify your reasoning and show your work.
Answer: 15 + 4 + 4 + 4 + 4 + 3 = 34
2 point deduction if missing the first term (the 15)
1 point deduction for each of the other five terms
in the sum above if missing (4 + 4 + 4 + 4 + 3)
1 point deduction for an answer of 33 or 35
1 point deduction if they only attempt to
overwrite the first byte of name_len.
Grade cannot be less than 0.
Page 10 of 11
EC310 Six Week Exam Spring 2015
(b)
February 12, 2015
(5 pts) Is it possible to change the value of the variable named year declared in the function
greetings by performing a buffer overflow attack? Why or why not? Justify your reasoning.
Yes (3 points)
Reason: (2 points): Words to the effect: The variable year is declared before name, so it
will be below name on the stack
Turn in your equation sheet with your exam!
Page 11 of 11
Related documents
MATH 251, Section Quiz 11 (Sections 14.2, 14.3). Thursday, Nov. 11, 2010
MATH 251, Section Quiz 11 (Sections 14.2, 14.3). Thursday, Nov. 11, 2010
Quiz 5
Quiz 5
MATH 251, Section Quiz 9 (Sections 14.1, 14.2). Thursday, Nov. 7, 2013
MATH 251, Section Quiz 9 (Sections 14.1, 14.2). Thursday, Nov. 7, 2013
MATH 251, Section Quiz 10 (Sections 13.9, 13.10, 14.1). Dr. M. Vorobets
MATH 251, Section Quiz 10 (Sections 13.9, 13.10, 14.1). Dr. M. Vorobets
Name: SUMMER II, 2014 MATH 142:203 QUIZ - 9
Name: SUMMER II, 2014 MATH 142:203 QUIZ - 9
Download
advertisement