Quiz2 Study Guide

Quiz 2 is closed-book, closed-note, and no electronic devices are allowed. You should be familiar with everything from the Quiz1 study guide, however the quiz will be focused on Chapter 3, sections 3.1 to 3.10 in the book (skip section 3.9.2 on unions).

3.1 A Historical Perspective

What is Moore’s Law and why is it important?

3.2 Programing Encodings

Difference between assembly and machine language
Understand the parts of processor state that are normally hidden from a program:
- Registers
- Program Counter
- Condition Codes
What is objump and how is it used?
How can you generate the assembly code from a c program and a binary.

3.3 Data Formats

Understand how the sizes of C basic data types relate to the assembly-code suffixes (Figure 3.1 in your textbook).

3.4 Accessing Information

Understand the various forms of the x86-64 operands (Figure 3.3 in your textbook).
- Given an operand be able to compute its value.
The mov instruction in all its forms.
The push and pop instructions and how they manipulate the stack.

3.5 Arithmetic and Logical Operations

How the load effective address lea instruction works and how is it different from the mov instruction.
Be familiar with the Integer arithmetic operations.

3.6 Control

What are the Condition Codes of the x86-64 processor, what do they mean, how are they set, and how do other instructions use them (e.g., jne, setne, and cmovne)?
- CF: Carry Flag
- ZF: Zero Flag
- SF: Sign Flag
- OF: Overflow flag
Understand how the cmpq and test instructions work.
Understand the set, jmp, and cmove instructions.
How to implementing conditional branches with conditional moves.
Be able to recognize the assembly forms of loops and branches and be able to understand what C code could produce them (while loops, for loops, do while loops).
Understand the syntax of the goto statement in C.
How switch statements are implemented in assembly:
- Indirect jumps (jmp *Operand)
- Jump tables

3.7 Procedures

Understand how stack frames are allocated for function calls.
How are arguments are passed into functions (first 6 in designated registers, 7+ on the stack).
- Diane’s Silk Dress Cost $89
How return values passed back to the calling function (%rax).
The mechanics of the call instruction (place the return address on the stack, jump to the address of the start of the function).
The mechanics of the ret instruction (pop the return address off the stack and jump to that address).
How local variables are stored on the stack (sections 3.7.4 and 3.7.5).
Mechanics of recursive procedures (3.7.6).

3.8 Array Allocation and Access

Array syntax in C and how arrays are allocated in memory (3.8.1).
Understand the assembly code to access an element of an array.
How pointer arithmetic works, why is it used, and how is it different from regular arithmetic (3.8.2).
Two dimensional arrays, how are they allocated in memory (row-major order) and the assembly code to access an element of the array (3.8.4).

3.9 Structures and Alignment

Structures in C (3.9.1)
The C syntax for creating structures.
How to access a member of a struct (dot notation).
How to access a member of a pointer to a struct (arrow notation).
How structures are laid out in memory (in order as declared in struct with padding if needed for alignment).
Structure data alignment (3.9.1).
Alignment rules for fields within the structure (field members must be aligned to an address that is a multiple of the size of the object).
Alignment rules for the entire structure (must be padded to be a multiple of the largest field size).

3.10 Buffer Overflow

How can a buffer overflow occur, and why it is a problem.
Given a function with a buffer overflow error, give an attack string to execute some other code.
What are the ways to protect from buffer overflow problems and how can hackers work around these techniques.
- Stack Randomization
- Stack Canaries
- Marking the stack as non-executable
What are ROP attacks and how are they used to attack a binary.