Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

7. eCPPTv2 > Architecture > Flashcards

Architecture Flashcards

1
Q

What part of a computer executes machine code?

A
  • CPU
  • machine code instructions are processed by the CPU
  • each instruction is a primitive command that executes a specific command, such as moving data
  • written in HEX
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What translates machine code into assembly language?

A
  • Assembler

- NASM (Netwide Assembler)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

ISA

A
  • Instruction Set Architecture
  • set of instructions that a programmer (compiler) must understand and use to write a program
  • memory, registers, instructions, etc.
  • EX: x86 instruction set (or architecture)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does 32 or 64 refer to in ISA?

A
  • width of the CPU registers
  • each CPU has a fixed set of registers
  • registers are temporary variables used by the CPU to get and store data
  • EX: GPRs (General Purpose Registers)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the eight general purpose registers?

A
  • EAX
  • ECX
  • EDX
  • EBX
  • ESP
  • EBP
  • ESI
  • EDI
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

EAX

A
  • Accumulator

- used in arithmetic operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ECX

A
  • Counter

- used in shift/rotate instruction and loops

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

EDX

A
  • Data

- used in arithmetic operation and I/O

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

EBX

A
  • Base

- used as a pointer to data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ESP

A
  • Stack Pointer

- pointer to the top of the stack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

EBP

A
  • Base Pointer

- pointer to the base of the stack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ESI

A
  • Source Index

- used as a pointer to a source in stream operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

EDI

A
  • Destination

- used as a pointer to a destination in stream operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the additional register that is important for x86 architecture?

A
  • EIP
  • The Instruction Pointer
  • controls the program execution by storing a pointer to the address of the next instruction (machine code) that will be executed.
  • it tells the CPU where the next instruction is
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the four regions that process memory is divided into?

A
  • text
  • data
  • the heap
  • the stack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Text Region

A
  • instruction segment
  • contains the program code (instructions)
  • marked as read-only since the program should not change during execution
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Data Region

A
  • divided into initialized data and uninitialized data
  • initialized data includes items such as static and global declared variables (pre-defined; can be modified)
  • uninitialized data, named Block Started by Symbol (BSS), also initializes variables that are initialized to zero or do not have explicit initialization (ex. static int t)
18
Q

Heap

A
  • starts right after the BSS segment

- during execution, the program can request more space in memory via BRK and SBRK system calls

19
Q

Stack

A
  • LIFO block of memory
  • located in the higher part of memory
  • an array used for saving a function’s return addresses, passing function arguments, and storing local variables
  • ESP identifies the top of the stack
  • ESP is modified each time a value is pushed in (PUSH) or popped out (POP)
20
Q

Which direction does the stack grow?

A
  • The stack grows downwards
  • starts at higher memory and grows towards lower memory addresses
  • knowing the limits of the memory allowed lets the programmer know who big the Heap or Stack will be
21
Q

Which direction does the heap grow?

A
  • The Heap grows upwards

- starts from lower memory addresses and grows to higher memory addresses

22
Q

Explain the PUSH process?

A
  • a PUSH instruction subtracts 4 (32-bit) or 8 (64-bit) from the ESP and writes the data to the memory address in the ESP
  • then the ESP is updated to the top of the stack
  • the Stack grows backward, therefore the PUSH subtracts 4 or 8 in order to point to a lower memory location on the Stack.
  • if we do not subtract, the PUSH operation will overwrite the current location pointed by ESP (the top) and we would lose data
23
Q

Explain the POP process?

A
  • the POP operation is the opposition of PUSH
  • it retrieves data from the top of the Stack
  • therefore, the data contained at the address location in ESP (the top of the stack) is retrieved and stored (usually in another register)
  • after a POP operation, the ESP value is incremented, in x86 by 4
24
Q

Prologue

A
  • a Function component

- prepares the Stack to be used, similar to putting a bookmark in a book

25
Q

Epilogue

A
  • a Function component

- when the function has completed, the epilogue resets the stack to the prologue settings

26
Q

What happens when a function or procedure is started?

A
  • a stack frame is created and assigned to the current ESP location (top of the stack)
  • this allows the subroutine to operate independently in its own location in the Stack
27
Q

What happens when a function or procedure ends?

A
  • Two things happen:
    1. the program receives the parameters passed from the subroutine
    2. the EIP is reset to the location at the time of the initial call
28
Q

Little-Endian

A
  • the LSB is stored at the lower memory address

- the MSB is stored at the higher memory address

29
Q

NOP

A
  • No Operation instruction
  • instruction that does nothing
  • when the program encounters a NOP, it will simply skip to the next instruction
  • In x86 CPUs, NOP instructions with 0x90
30
Q

NOP-sled

A
  • a technique used during BOF exploitation
  • its only purpose is to fill a large or small portion of the Stack with NOPs
  • this will allow us to slide down to the instruction we want to execute, which is usually put after the NOP-sled
31
Q

What security implementations are used to try and prevent BOF?

A
  • ASLR
  • DEP
  • Canary
32
Q

ASLR

A
  • Address Space Layout Randomization
  • the goal is to introduce randomness for executables, libraries, and stacks in the memory address space
  • this makes it more difficult for the attacker to predict memory addresses and cause exploits to fail and crash the process
  • the OS loads the same executable at a different location in memory every time
33
Q

DEP

A
  • Data Execution Prevention
  • defensive hardware and software measure that prevents the execution of code from pages in memory that are not explicitly marked as executable
34
Q

Canary

A
  • Stack cookie
  • places a value next to the return address on the stack
  • the function PROLOGUE loads a value into this location, while the EPILOGUE makes sure that the value is intact
  • When the EPILOGUE runs, it checks to make sure the value is still there and that it is correct
35
Q

Assembler

A
  • a program that translates the Assembly language into machine code
36
Q

MASM

A
  • Microsoft Macro Assembler
  • x86 assembler
  • uses the Intel syntax for MS-DOS and Windows
37
Q

GAS

A
  • GNU Assembler

- default back-end of GCC

38
Q

NASM

A
  • Netwide Assembler
  • x86
  • Most popular for Linux
39
Q

FASM

A
  • x86

- Intel-style assembly

40
Q

Compiler

A
  • similar to the assembler

- converts high-level source code (such as C) into low-level code or directly into an object file

7. eCPPTv2 (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions