Question: Consider the following C Program: #include #include #define SECRET1 0x44 // Note that 0x44 is equivalent to ASCII D #define SECRET2 0x55 // Note that

Consider the following C Program:

#include #include

#define SECRET1 0x44 // Note that 0x44 is equivalent to ASCII D #define SECRET2 0x55 // Note that 0x55 is equivalent to ASCII U

int main(int argc, char *argv[]) { char user_input[100]; int *secret; int int_input;

/* the secret values will be stored on the heap */ secret = (int *) malloc(2 * sizeof(int));

/* set the secret values to some constants */ secret[0] = SECRET1; secret[1] = SECRET2;

/* print some memory addresses to help understand the attack */ printf("user_input's address is 0x%08x (on stack) ", (unsigned int) user_input); printf("int_input's address is 0x%08x (on stack) ", (unsigned int) &int_input); printf("The variable secret's address is 0x%08x (on stack) ", (unsigned int) &secret); printf("The variable secret's value is 0x%08x (on heap) ", (unsigned int) secret); printf("secret[0]'s address is 0x%08x (on heap) ", (unsigned int) &secret[0]); printf("secret[1]'s address is 0x%08x (on heap) ", (unsigned int) &secret[1]);

printf("Please enter a string "); gets(user_input); printf("Please enter a decimal integer "); scanf("%d", &int_input);

/* here's the printf string format vulnerability */ printf(user_input); printf(" ");

/* check whether your overwriting attack in Section 2.4 worked */ printf("Original secrets: 0x%02x, 0x%02x ", SECRET1, SECRET2); printf("New secrets: 0x%02x, 0x%02x ", secret[0], secret[1]);

return 0; }

When ran on a SEED Linux Virtual Machine, and entering the string abc during the string prompt and entering the number 22 for the number prompt, we get the following info:

user_input's address is 0xbffff328 (on stack)

int_input's address is 0xbffff324 (on stack)

The variable secret's address is 0xbffff320 (on stack)

The variable secret's value is 0x0804b008 (on heap)

secret[0]'s address is 0x0804b008 (on heap)

secret[1]'s address is 0x0804b00c (on heap)

Please enter a string: abc

Plase enter a decimal integer: 22

Original secrets: 0x44, 0x55

New secrets: 0x44, 0x55

Question: Draw a picture showing the stack and the heap. For both the stack and the heap your picture should show (a) the memory addresses of each item in the stack/heap (b) the name of the C variable for that item and (c) the value in that memory.

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

1 of 6 Assign-02: Writing a Linux Utility (encodeInput) Description This assignment has you writing a different utility for Linux. This utility (officially called a filter in UNIX / Linux) could be...

Q:

re Regular Languages and Finite Automata (a) Let L be the set of all strings over the alphabet {a, b} that end in a and do not contain the substring bb. Describe a deterministic finite automaton...

Q:

1. Introduction to Computer Architecture concepts; The MIPS R2000 architecture allows for up to four external coprocessors. Our local systems arIPS external coprocessors are used by describing, in...

Q:

Objectives 1. Understand the design, implementation, usage and limitation of ADT based on fixed- sized arrays. 2. Gain experience implementing abstract data types using already developed data...

Q:

Example DTM: 2. [50 Points] Deterministic Turing Machine (DTM) In 1900, mathematician David Hilbert enumerated 23 mathematical problems he considered challenges for the coming century. The tenth...

Q:

The Final Project is to develop a simple database system. The database is to handle multiple records, each composed of several fields. The database will store its information to a file, addition and...

Q:

The Final Project is to develop a simple database system. The database is to handle multiple records, each composed of several fields. The database will store its information to a file, addition and...

Q:

C++ Project Overview The Final Project is to develop a simple database system. The database is to handle multiple records, each composed of several fields. The database will store its information to...

Q:

The Final Project is to develop a simple database system. The database is to handle multiple records, each composed of several fields. The database will store its information to a file, addition and...

Q:

I need help with this please. Essentially I need to complete each of the functions listed within the directions. The main functions are just for testing the listed functions. A sample output would be...

Q:

Early one morning, Don was ushered into a closed-door meeting with the Chief Finance Officer, the CIO, and an external security auditor he hadn't met before. In the meeting, Don learned that a large...

Q:

Ringmeup Inc. had net come of $173,400 for the year ended December 31, 2019. At the beginning of the year, 40,000 shares of common stock were outstanding. On May 1, an additional 19,000 shares were...

Q:

Which of the following documents should be sent to the accounts payable department? Purchase OrderSales OrderSigned CheckA. Yes No Yes B . No Yes No C . No Yes Yes D . Yes No No

Q:

Chemical engineering question Atleast try to give correct answer please 9 4 6 .

Q:

Economist John Taylor has suggested that the Fed use the following rule for choosing its target for the federal funds interest rate (r): r = 2% + + 12 (y y*) / y* + 12 ( *), where is the average...

Q:

Suppose banks install automatic teller machines on every block and, by making cash readily available, reduce the amount of money people want to hold. a. Assume the Fed does not change the money...

Q:

Consider two policiesa tax cut that will last for only 1 year and a tax cut that is expected to be permanent. Which policy will stimulate greater spending by consumers? Which policy will have the...