EC312 Homework 3
Name: ________________
Read: (1) Lecture 3 Notes
(2) Hacking, the Art of Exploitation, pages 19-37
1.
Write a complete C program that prompts the user to enter an integer. The program should then provide
the absolute value of the integer. See the screen capture below
Turn in a copy of your source code and a screen capture of your program successfully running.
Program 1 Solution
#include <stdio.h>
int main( )
{
int number, AbsVal;
printf("Enter an integer: ");
scanf("%d", &number);
if ( number >= 0 )
{
AbsVal = number;
}
else
{
AbsVal = -1*number;
}
printf("The absolute value of the number is %d \n", AbsVal);
}
1
2.
Compile the program firstprog.c (which is located in the booksrc directory). Run this program using the
gdb debugger using Intel syntax. Display the assembly code and set a breakpoint at main. Then run
your program (up to the breakpoint).
(a)
What is the value of the eip register?
0x8048384
(b)
What is the next assembly language instruction that will be executed?
mov DWORD PTR [ebp-4], 0x0
(c)
The assembly language instruction
mov
DWORD PTR [ebp-4],0x0
places the value of 0 into the memory location whose address is stored at ebp-4. Enter nexti.
What is the value of ebp?
0xbffff818
(d)
What is the value of ebp–4?
0xbffff814
(e)
What command would you enter to examine the contents of the memory location specified by ebp–4?
x/xw $ebp-4
(f)
What is stored in the memory location specified by your answer to (d)?
0x00000000
(g)
What is the next assembly language instruction that will be executed?
cmp DWRD PTR [ebp-4], 0x9
(h)
The assembly language instruction
cmp
DWORD PTR [ebp-4],0x9
will compare the value of 9 to the value you examined in question (f). Referring back to the C source
code, what do you think this assembly language instruction is doing?
Determining if ‘i’ is less than 10
(i)
The assembly language instruction
jle
0x8048393 <main+31>
means:
If the results of the preceding comparison showed that the value stored at the memory location
whose address is stored at ebp-4 were less than 9, jump to address 0x8048393.
Enter nexti twice. Examine the value of the instruction pointer.
2
What is the value of the eip register?
0x8048393
(j)
Explain, in words, why the instruction pointer has the value that it has.
Because 0 is less than 9, the jle instruction changed the eip so that the program would continue from the
point it specified
(k)
The assembly language instructions
mov
call
DWORD PTR [esp],0x8048484
0x80482a0 <printf@plt>
moves the value 8048484 into the location pointed to by the stack pointer.
Enter nexti once. What is the value of the stack pointer?
0xbffff810
(l)
What is stored at the memory location whose address is in the stack pointer?
0x08048484
(m)
0x48
We would like to know the significance of the address
What is stored in the byte at this memory location?
or
72 or
‘H’
0x8048484
in the mov instruction above.
(n)
What is stored in the four bytes starting at this memory location?
0x6c6c6548
or
‘lleH”
(o)
So…what is the significance of the address 0x8048484 ?
It is the address that contains the first character of the string to be printed “Hello, world!
3