Comp Security- Week 4

Question 1

What register is the instruction pointer?

Answer 1

EIP

Question 2

The EIP register is…

Answer 2

The instruction pointer; points to address. It holds the address of the next instruction inside of memory to be executed

Question 3

What are the EFLAGS Registers?

Answer 3

Flags for logical conditions (true/false); condition codes

Question 4

What are ESP AND EBP used for?

Answer 4

Related to stack pointer; created when we have functions called

Question 5

In AT&T which comes first source or destination?

Answer 5

Source before destination

Question 6

In Intel which comes first source or destination?

Answer 6

Destination before Source

Question 7

Suppose we have ebx=eax how would it look like in At&T syntax, how in Intel?

Answer 7

AT&T: movl %eax, %ebx
Intel: mov ebx, eax

Question 8

The GDB debugger provides a direct method to examine memory using command…

Answer 8

x

Question 9

x/11xb main means

Answer 9

Examine 11 bytes in hexadecimal starting at main

Question 10

x/2xw $eip means

Answer 10

Examine 2 words (4bytes) in hexadecimal at $eip

Question 11

x/i $eip means

Answer 11

Display the memory as disassembled assembly language instructions

Question 12

List the memory layout from high address to low address

Answer 12

Stack, heap, data, text

Question 13

Stack

Answer 13

Memory allocated temporarily when we have a function call, procedure call, etc. It stores information
Ex. Local variables that are mainly used for function calls

Question 14

Heap

Answer 14

Dynamically allocated storage (Dynamically= i dont know its size)
Ex when call malloc() calloc() new()

Question 15

Data

Answer 15

Statically (i know its size) allocated memory thats declared in code
Ex. String, array

Question 16

Text

Answer 16

Executable machine instructions, read only

Question 17

A stack frame provides..

Answer 17

A stack frame provides space for these values (local variables, parameters, return values)

Question 18

What is stack discipline?

Answer 18

LIFO (last in first out)

Question 19

Stack frame contents :

Answer 19

Local variables, return information, temporary space

Question 20

Stack frame management

Answer 20

Space allocated when enter procedure and deallocated when return

Question 21

What are the two stack pointers?

Answer 21

Base/Frame pointer %ebp and Stack pointer %esp

Question 22

Why do we need two pointers in stack and what do they do?

Answer 22

Base/Frame pointer: Doesnt move or change
Stack pointer: At the top of stack
When you push stack increments by 1 and when you pull/pop stack decrements by 1
When theyre equal stack is empty

Question 23

When is stack created? When is it deleted?

Answer 23

Stack is created when there is a function call
Stack is deleted when the base/frame and stack pointer are equal

Question 24

A call is made, a stack is created and now the stack is no longer referenced by base/frame pointer or stack pointer. Will the info inside the memory be deleted or stay?

Answer 24

The info will remain it wont delete but the reference to them wont be there.

Question 25

Buffer overflow occurs when..

Answer 25

Buffer overflow occurs when data is written outside the boundaries of the memory allocated to a particular data structure

Question 26

Buffer overflows can be exploited to modify..

Answer 26

a variable, data pointer, function pointer, or return address on the stack

Question 27

A modified variable due to buffer overflow may be used to

Answer 27

change important info, change the behavior of the program

Question 28

A modified pointer or return address due to buffer overflow may be used to

Answer 28

can allow execution of arbitrary code

Question 29

Internally a program stack is used to..

Answer 29

To keep track of a program execution and state by storing:
1. return address in the calling function
2. arguments to the functions
3. local variables (temporarily)

Question 30

The program stack /stack is modified during

Answer 30

During function calls, function initialization, when returning from a subroutine

Question 31

The esp stack pointer holds the top stack address and it can be modified..

Answer 31

directly- by direct operations ex. add esp, 08h shrinks stack by 2 words or 8 bytes
indirectly- push or pop operations (adding/removing data elements)

Question 32

The amount of memory required to store is a string is..

Answer 32

The # of characters + 1

Question 33

Buffer overflow prevention:

Answer 33

1. use functions that respect buffer bounds such as fgets, strncpy, strncat
2. ensure null termination of strings
3. invalidate stack execution since stack based buffer overflows are the easiest to exploit
4. make sure the format string argument is explicitly specified
5. static analysis and dynamic analysis testing
6. run time safe guards