SI485H: Stack Based Binary Exploits (SP17)


Home Policy Calendar Units Assignments Resources

HW 1: C Programming Review

Instructions

  • You must turn in a sheet of paper that is neatly typed or written answering the questions below. (You are strongly encouraged to type your homework.)
  • This homework is graded out of 100 points. Point values are associated to each question.

Questions

  1. (10-points) For the following C program below, label the different parts of it:

    #include <stdio.h>
    #include <stdlib.h>
    int main(int argc, char * argv[]){
      printf("Hello World!\n");
    
      return 0;
    }
    

    a. number of command line arguments

    b. library functions

    c. return value

    d. header files

  2. (5 points) Assume you got the following compiler error:

    user@si485H-base:demo$ gcc -o hello hello.c /tmp/ccC4VYbK.o:
    In function `main': hello.c:(.text+0x20): undefined reference to `world' collect2: error: ld returned 1 exit status
    

    a. Explain this compiler error

    b. what would the programmer need to provide in order to complete the compilation?

  3. (5 points) What is the difference between a system call and a library call? Provide a concrete example of a each (one library call and one system call) in your answer.
  4. (15 points) Clone the following git repo:

    git clone git@saddleback.academy.usna.edu:aviv/HW-1.git
    

    Where you will find trace-me-1:

    a. In trace-me-1: What are the library functions used in this program as reported by ltrace

    b. In trace-me-1: Match the system calls, via strace (or ltrace!), to the library calls.

  5. (20 points) In the same repo, you'll find another program, trace-me-2 that has a secret message embedded within it. Using ltrace and strace, extract the secret message, and explain how you did so. If you were unable to find the secret message, describe your process for partial credit.
  6. (10 points) Convert the four-byte hex values into their signed and unsigned values (Yes! You could use a computer for this!).

    a. 0xffffffff

    b. 0x0000000b

    c. 0x8000000b

    d. 0xdeadbeef

  7. (10 points) Complete the memory model for the following program at each of the labeled marks.

    #include <stdio.h>
    #include <stdlib.h>
    
    int main(int argc, char * argv[]){
      int a[] = {10,11,12,13};
      int * p = a; //MARK 0
    
      p++; //MARK 1
    
      p[1] = 50;
      p--; //MARK 2
    
      *p = 12; //MARK 3
    }
    

    Diagram at MARK 0

         .------.
    a--> |  10  | <--.
         |------|    |
         |  11  |    |
         |------|    |
         |  12  |    |
         |------|    |
         |  13  |    | 
         |------|    | 
      p  |   .--+----'         
         '------'
    
  8. (10 points) Fill in the memory diagram for array values byte-by-byte. Pay careful attention to the memory addresses in the diagram.

    #include <stdio.h>
    #include <stdlib.h>
    
    int main(int argc, char * argv[]){
      int a[] = {0xcafebabe,0xdeadbeef};
      char * p = (char *) a;
    
      p++;
      *p = 0x00; //MARK
    }
    

    Diagram to be completed

       a == 0xbffff6b4
    
       addr       value
    .------------------.
    | 0xbffff6b4 |     |
    | 0xbffff6b5 |     |
    | 0xbffff6b6 |     |
    | 0xbffff6b7 |     |
    | 0xbffff6b8 |     |
    | 0xbffff6b9 |     |
    | 0xbffff6ba |     |
    | 0xbffff6bb |     |
    '------------'-----.
    
  9. (15 points) Consider the following program, label the place in memory where each of the variable's values are stored. The answers can be reserved, stack, heap, text, or bss.

    #include <stdio.h>
    #include <stdlib.h>
    
    int mystrlen(int *s){
      int i;
      for(i=0;*s++;i++);
      return i;
    }
    
    int main(int argc, char * argv[]){
      char a[] = "hello";
      char * b = getenv("PATH");
      char * c = "world";
    }
    

    a. &a

    b. b

    c. c

    d. mystrlen

    e. s