EC310 Six Week Exam Fall 2015
October 1, 2015
United States Naval Academy
Electrical and Computer Engineering Department
EC310 - 6 Week Midterm – Fall 2015
1.
2.
3.
4.
5.
6.
Do a page check: you should have 8 pages including this cover sheet.
You have 50 minutes to complete this exam.
A calculator may be used for this exam.
This is a closed book and closed notes exam. You may use one single-sided hand-written page of notes.
Turn in your single-sided hand-written page of notes with your exam.
This exam may be given as a makeup exam to several midshipmen at a later time. No communication is
permitted concerning this exam with anyone who has not yet taken the exam.
Name:
____________________
Instructor:
____________________
Page 1 of 8
EC310 Six Week Exam Fall 2015
October 1, 2015
Question 1. (29 pts) A C program named funtimes.c begins:
#include<stdio.h>
int main( )
{
char FavoriteGrade = 'A';
int LuckyNumbers[2] = { 76 , 12 } ;
<more code>
The program is paused immediately after executing the line
int LuckyNumbers[2] = { 76 , 12 } ;
but before executing the section that says <more code> . The stack for the program at this point in time is
shown below. Note specifically that the address for the character variable FavoriteGrade and the address
of the array LuckyNumbers are shown on the figure. In the figure below, the main memory addresses are
shown on the left (in hexadecimal).
(a)
(5 pts) Annotate the diagram above to show the addresses for each of the next eight memory locations.
For each address, the first five hexadecimal digits are already filled in for you; you only need to indicate
the last three hexadecimal digits.
(b)
(2 pts) Why didn't the programmer state that the size of the array LuckyNumbers should be 3 in
order to allow space for the NULL terminator?
Answer:
(c)
(3 pts) Annotate the diagram above to show how the character FavoriteGrade is stored in memory.
Express all values in hexadecimal.
(d)
(2 pts) Show in the space below how the character FavoriteGrade is represented in binary.
Answer:
THIS PROBLEM CONTINUES ON NEXT PAGE
Page 2 of 8
EC310 Six Week Exam Fall 2015
(e)
October 1, 2015
(7 pts) Annotate the diagram above to show how both values of the array LuckyNumbers are stored
in memory. Express all values in hexadecimal. In addition to annotating the diagram, show your work
below.
Returning to the C program, the section shown as <more code> is actually this:
LuckyNumbers[2] = 76 ;
printf("My favorite grade is %c\n " , FavoriteGrade
);
Do not make any changes to your diagram on the previous page, since that diagram holds your answers
to questions (a) through (e)!!!
(f)
(7 pts) What is printed out by the printf statement in the box above? In the space below, explain
how you arrive at your answer (using, if helpful, the drawing of main memory shown below). (Do not
modify your picture on the previous page!)
Answer:
(g)
(3 pts) In order to run your program named funtimes.c, you entered:
./a.out
Why did you have to execute the program a.out instead of just executing the program funtimes.c?
Answer:
Page 3 of 8
EC310 Six Week Exam Fall 2015
October 1, 2015
Question 2. (36 pts) Consider the C program named morefun.c shown below:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
#include<stdio.h>
#include<string.h>
int main( )
{
int start_val
int end_val =
char string1[
char string2[
(a)
(2 pts) What is the ASCII value of string1[ 3 ] ?
(b)
(3 pts) How many times will the for loop (lines 10-20) iterate?
(c)
(6 pts) What is the exact output of this C program?
}
= 8 , number;
14;
8 ] = "Fun!";
15 ] = "Cyber is fun!";
for( number = start_val ; number != end_val ; number = number + 2)
{
if( number != 8 )
{
printf( "%s\n" , string1 );
}
else
{
printf( "%s\n" , string2 );
}
}
Answer:
Answer:
Answer:
(d)
(6 pts) Consider the variable declarations in the program above (lines 5 through 8). How many total
bytes are reserved for all of the variables used by this program?
Answer:
(e)
(2 pts) Of the C statements listed below, circle the two choices that if inserted as line 9 would cause a
buffer overflow.
(i)
(ii)
(iii)
(iv)
(v)
strcpy(
strcpy(
strcpy(
strcpy(
strcpy(
string1
string2
string1
string2
string2
,
,
,
,
,
"string2" ) ;
string1 ) ;
string2 ) ;
"50 characters" ) ;
"Cyber for everyone!" ) ;
THIS PROBLEM CONTINUES ON NEXT PAGE
Page 4 of 8
EC310 Six Week Exam Fall 2015
October 1, 2015
You compile and run morefun.c with gdb and examine the debugger's partial output, shown below.
(f)
(2 pts) Where (physically) is the esp register (i.e., the stack pointer) (Circle one choice)
In the C program
(g)
In the operating system
In the CPU hardware
In main memory
(2 pts)What is the address of the most recent assembly language instruction that has already executed?
Answer:
(h)
(5 pts) What is the address where the variable end_val is stored in memory? Your answer should be
an address expressed as eight hexadecimal digits. Briefly explain your answer.
Answer:
(i)
(8 pts) Suppose the following four lines of code were inserted between lines 20 and 21 in the program
on the previous page:
char *string3 ;
string3 = string2 + 3;
strcpy( string3 , "Navy!" );
printf( "%s\n" , string2 );
What would be printed to the monitor by the final printf statement? Explain your answer, using a
brief sketch if helpful.
Answer:
Page 5 of 8
EC310 Six Week Exam Fall 2015
October 1, 2015
Question 3. (20 pts) Consider the program below, named AutoFry.c
#include<stdio.h>
int main( )
{
int days_restriction = 60;
int fry_level = 6000;
char offender_name[ 20 ];
int tours = 30;
printf( "Enter offender’s last name: ");
scanf( "%s" , offender_name );
}
printf("\n MIDN %s is awarded %d days restriction and %d tours \n"
,offender_name, days_restriction, tours);
Assume that no padding (extra space) is created when variables are loaded on the stack.
(a)
(10 pts) If an enterprising midshipman wants to use a buffer overflow attack to completely overwrite the
value of the variable days_restriction, what is the minimum number of characters he would have
to enter when prompted? Justify your reasoning by including a diagram of the program stack.
Answer:
(b)
(5 pts) Is it possible to change the value of the variable named tours by performing a buffer overflow
attack (i.e. by entering characters when prompted)? Why or why not? Justify your reasoning.
Answer:
(c)
(5 pts) What is the fundamental issue with the C programming language that makes a buffer overflow
exploit possible? (Your answer should be limited to a sentence or two.)
Answer:
Page 6 of 8
EC310 Six Week Exam Fall 2015
October 1, 2015
Question 4. (15 pts) Consider the program shown below:
#include<stdio.h>
void happytimes( int x , int y )
{
char alpha_code[ 7 ];
printf("\nEnter your alpha code:" );
scanf("%s" , alpha_code );
printf("\nYour alpha code is: %s\n" , alpha_code );
}
int main( )
{
int a = 32;
int b = 21;
happytimes( a , b );
}
The program above is run up to the point immediately before the function named happytimes is called.
The debugger output shown below is produced.
(a)
(10 pts) What two addresses are saved on the stack prior to jumping to the function, and what is the
order in which they are stored? Your answers for the values of the two addresses should be expressed in
hexadecimal. Indicate the correct order by drawing one of the addresses above the other on a simple
picture of the stack that displays just these two values.
Answer:
(b)
(5 pts) How many characters would the user need to enter when prompted to enter their alpha code in
order to completely overwrite the saved value of the base pointer? Show work.
Answer:
Turn in your equation sheet with your exam!
Page 7 of 8
EC310 Six Week Exam Fall 2015
October 1, 2015
This page is intentionally blank.
Page 8 of 8