United States Naval Academy Electrical and Computer Engineering Department
advertisement
EC312 Six Week Exam Spring 2016
February 19, 2016
United States Naval Academy
Electrical and Computer Engineering Department
EC312 - 6 Week Midterm – Spring 2016
1.
2.
3.
4.
5.
6.
Do a page check: you should have 7 pages including this cover sheet.
You have 50 minutes to complete this exam.
An FE-approved calculator may be used for this exam. Calculators may not be shared.
This is a closed book and closed notes exam. You may use one single-sided hand-written page of notes.
Turn in your single-sided hand-written page of notes with your exam.
This exam may be given as a makeup exam to several midshipmen at a later time. No communication is
permitted concerning this exam with anyone who has not yet taken the exam.
Name:
____________________
Instructor:
____________________
Page 1 of 7
EC312 Six Week Exam Spring 2016
February 19, 2016
Question 1. (4 pts) For an NPN transistor which of the following are true? Circle ALL that apply.
a. When properly biased, IB<IE
b. Has 3 terminals: Base, Ground, and Emitter.
c. When properly biased, both junctions are forward biased.
d. Can be used to create digital logic circuits.
Question 2. For the logic circuit shown below:
1) (8 pts) Complete the truth table.
2) (4 pts) Determine the Boolean expression for the output Z in terms of A, B & C.
A
V
B
C
Z
W
Y
X
A
B
C
0
0
0
0
0
1
0
1
0
0
1
1
1
0
0
1
0
1
1
1
0
1
1
1
V
W
X
Y
Z
Z = ________________________
Question 3. (4 pts) What feature of C makes a buffer overflow attack possible? Describe this feature.
Page 2 of 7
EC312 Six Week Exam Spring 2016
February 19, 2016
Question 4. (8 pts) What will be the output of this program when it is compiled and run?
#include <stdio.h>
int main()
{
int j,i=0;
for ( j = 3 ; j > 0 ; j = j - 2 )
{
i=i+j;
printf("%d: %d\n" , j , i);
}
}
Question 5. (4 pts) Circle the correct statement.
(i)
The text segment grows from the top down, the heap is fixed, and the stack grows from the bottom up.
(ii)
The text segment is fixed, the heap grows from the top down, and the stack grows from the bottom up.
(iii)
The text segment is fixed, the heap grows from the bottom up, and the stack grows from the top down.
(iv)
The text segment grows from the top down, the heap grows from the bottom up, and the stack is fixed.
Question 6. (6 pts) Match the following:
____ ebp
____ RAM
____ CPU
____ char
____ machine code
____ high-level language
____ Boolean
____ pointer
____ gcc
____ gdb
____ eip
____ esp
a.
b.
c.
d.
e.
f.
g.
h.
i.
j.
k.
l.
program instructions stored in binary format
debugging program
a register that holds the address of the bottom of the stack
a register that holds the next instruction to be executed
contains registers
examples are C and Java
true or false
holds ASCII values
variable that stores an address
main memory
address of the top of the stack
program used to compile programs
Page 3 of 7
EC312 Six Week Exam Spring 2016
Address
Value
0xBFFFF7F4
0xBFFFF7F5
0xBFFFF7F6
0xBFFFF7F7
0xBFFFF7F8
0xBFFFF7F9
0xBFFFF7FA
0xBFFFF7FB
0xBFFFF7FC
0xBFFFF7FD
0xBFFFF7FE
0xBFFFF7FF
0xBFFFF800
0xBFFFF801
0xBFFFF802
0xBFFFF803
0xBFFFF804
0xBFFFF805
0xBFFFF806
0xBFFFF807
0xBFFFF808
0xBFFFF809
0xBFFFF80A
0xBFFFF80B
0xBFFFF80C
February 19, 2016
00
00
00
00
05
00
00
00
E4
Description
____________________________
____________________________
____________________________
____________________________
____________________________
____________________________
____________________________
____________________________
____________________________
____________________________
____________________________
____________________________
esp-main points here_________
____________________________
____________________________
____________________________
____________________________
____________________________
____________________________
____________________________
____________________________
____________________________
____________________________
____________________________
ebp-main points here_________
Question 7. Suppose a breakpoint is set at line 4 and 10 in the code below, and the program is run up until the
first breakpoint using gdb. The stack is shown to the above including the ebp and esp locations. For the
questions that follow, assume that the compiler doesn’t add any padding between items it stores on the
stack.
1
2
3
4
5
6
7
8
9
10
11
int square(int num)
{
int result = num*num;
return result;
}
int main()
{
int a = 5;
int a_squared = 0;
a_squared = square(a);
}
(a) (4 pts) If you typed i r ebp at this point in program execution, what address will be given?
(b) (4 pts) The program is run until the next breakpoint. Add the following labels in the Description
column: function argument a, return_address, prior_ebp (or saved ebp), and function variable result.
(c) (2 pts) Add the following labels in the Description column to where the esp and ebp currently point
with the labels: esp-square points here and ebp-square points here
(d) (4 pts) If you typed i r ebp at this point in program execution, what address will be given?
(e) (8 pts) If the return address is 0x08040356, fill in the values for all the items you labeled in the Value
column.
Page 4 of 7
EC312 Six Week Exam Spring 2016
February 19, 2016
Question 8. Consider the C program below. The program is run up to a breakpoint on line 8.
1
2
3
4
5
6
7
8
9
10
11
12
#include<stdio.h>
#include<string.h>
int main()
{
char slogan[10]=”Go Navy”;
char *ptr1=slogan;
char *ptr2=ptr1+3;
strcpy(ptr1,”Beat Army”);
printf("\n%s", slogan );
printf("\n%s" , ptr2 );
}
The picture below shows a portion of main memory. Each box in the figure represents one byte of storage.
Assume no padding.
Address
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
Value
Description
__________
__________
esp points here
__________
__________
__________
__________
__________
__________
__________
__________
__________
__________
__________
Address
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF6EF
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
0xBFFFF____
Value
47
6f
20
4e
61
76
79
00
81
88
Description
__________
__________
__________
__________
__________
__________
__________
__________
__________
__________
__________
__________
__________
ebp points here
(a) (3 pts) Complete the addresses in the Address column.
(b) (4 pts) Assuming that the compiler doesn't add any padding (i.e. extra space) when loading variables
onto the stack, indicate the locations where slogan, ptr1, and ptr2 are stored in memory in the
Description column.
(c) (8 pts) Enter the values for ptr1 and ptr2 in the Value column.
Question 9. (4 pts) What does the following code do?
char *ptr1;
ptr1 = (char *) malloc(10);
Page 5 of 7
EC312 Six Week Exam Spring 2016
February 19, 2016
Question 10. Consider the file listing shown below.
- rwxr-x--- l joe ultusers 6478 2016-02-04 06:13 awesomeprogram.exe
(a) (3 pts) Who is the owner of this file?
(b) (3 pts) Who can execute this file?
Question 11. (5 pts) List and describe a defense against a buffer overflow attack.
Page 6 of 7
EC312 Six Week Exam Spring 2016
February 19, 2016
Question 12. Consider the program below, named Classes.c.
#include<stdio.h>
int main()
{
int importantnumber=2003;
int class=2017;
char alpha[7];
char name[10];
printf( “Enter your name: ”);
scanf( “%s” , name );
printf( “Enter your alpha #: ”);
scanf( “%s” , alpha );
printf("\n MIDN %s (%s): Class of %d may be great, but the Class
of %d was better!\n", name, alpha, class, importantnumber);
}
Assume that no padding (extra space) is created when variables are loaded on the stack.
(10 pts) If an enterprising midshipman wants to use a buffer overflow attack to completely overwrite the
value of the variable importantnumber, what is the minimum number of characters they would have to
enter when prompted to enter their name? Justify your reasoning by including a diagram of the
program stack.
Turn in your equation sheet with your exam!
Page 7 of 7
