Principles of Software Security IFN657 Lecture 3

Questions and Answers

What is the primary function of the 'mov' instruction in x86 assembly?

To change the flow of execution in a program

To perform arithmetic operations on registers

To load the effective address of a memory location

To copy data from one location to another (correct)

Which instruction is used to load an effective address into a register?

pop

push

mov

lea (correct)

What does the instruction 'mov eax, [ebx+esi*4]' do?

Loads the effective address EBX+ESI into EAX

Initializes EAX with a fixed value from EBX

Copies the contents of EAX into memory at EBX+ESI

Copies data from the memory address computed by EBX+ESI*4 into EAX (correct)

Why is 'mov eax, ebx+8' considered invalid in x86 assembly?

The 'mov' instruction cannot compute memory addresses

If you want to copy a value from a memory address into a register, which instruction should you use?

mov

What does the instruction 'jg loc' do in assembly language?

Jump if the destination operand is greater than the source operand.

Which instruction performs a jump if the destination operand is less than the source operand?

jl loc

What is the effect of the instruction 'jge loc'?

Jump if the destination operand is greater than or equal to the source operand.

What condition does 'jecxz loc' check before performing the jump?

Jump to location if ECX equals zero.

Which instruction should be used for an unsigned comparison to check if the destination is greater than the source?

ja loc

What is a characteristic of the C programming language that makes it distinct from higher-level languages?

Manual memory management

Which section of computer memory grows by making function calls?

Stack

What is the primary function of a disassembler?

Translates binary to assembly language

How does an assembler differ from a compiler?

Assemblers generally work in two passes

Which of the following describes low-level languages?

Provide a human-readable version of the instruction set

What is a key feature of interpreted languages?

Executed within an interpreter after translation to bytecode

In x86 architecture, what role does microcode play?

Functions at a level close to firmware

Which statement is true regarding assembly language?

It is a class of languages focusing on x86 architecture

What is the value of argc when the program is executed with the command 'filetestprogram.exe -r filename.txt'?

3

What does the statement 'strncmp(argv, "-r", 2) == 0' check for in the program?

If the first two characters of argv are '-r'

What will happen if the condition 'argc != 3' evaluates to true?

The program will return 0 and terminate.

In the assembly code, which instruction is executed to compare argc with the value 3?

cmp [ebp+argc], 3

What is likely to occur if the command 'filetestprogram.exe -r filename.txt' is altered to 'filetestprogram.exe filename.txt'?

The program will return 0 without doing anything.

Which assembly syntax reverses the order of operands and uses a % before registers?

AT&T format

What does EAX primarily serve as in the context of x86 registers?

Primary accumulator for input/output and arithmetic

In a little-endian format, where is the low-order byte stored?

At the lower memory address

Which of the following segment registers points to the code segment containing instructions?

CS

What is the role of the EIP register in the CPU?

To track the next instruction address

What does the CF flag represent in the EFLAGS register?

It signifies a carry in arithmetic operations

Which of the following registers is used primarily as a source index for string operations?

ESI

Which general register is used for holding loop counts during iterative operations?

ECX

What is the purpose of the EBP register in x86 architecture?

To provide a reference for parameter variables

Which statement best describes segment registers in x86 architecture?

They define the logical address space within memory.

What happens to the EIP when a function is called?

Current instruction address in EIP is pushed onto the stack.

Which instruction is equivalent to using 'sub' but only sets the Zero Flag and Carry Flag without modifying the operands?

cmp

What does the 'jz' instruction do in a program's control flow?

Jumps to the specified location if ZF = 1.

What is the primary purpose of a function restoring local variables and EBP after execution?

To maintain stack integrity for the calling function.

What do conditional jumps rely on to determine program control flow?

Status flags.

What is the result of the 'test' instruction when used in a program?

It only sets the Zero Flag based on the result.

How many different types of conditional jumps are mentioned?

More than 30

In the context of stack operations, what must happen before a function call completes successfully?

The EIP must be restored.

Study Notes

QUT Acknowledgement of Traditional Owners

• QUT recognizes the Turrbal and Yugara peoples as the First Nations owners of the land.
• Respect is paid to Elders, customs, lores, and creation spirits.
• The land has always been a place of learning, teaching, and research.
• QUT acknowledges the important role of Aboriginal and Torres Strait Islander people within their community.

Principles of Software Security (IFN657 Lecture 3)

• Key Points from Last Lecture (C and C#):
  • C is efficient but error-prone, closely related to the machine model with flexible memory management.
  • C# is type-safe, with built-in bounds and string checks, and automatic memory management.
  • Computer memory is divided into sections (stack, heap).
  • Stack grows as function calls are made.
  • Heap grows dynamically as memory is allocated.

x86 Architecture - Assembly Basics

• x86 architecture and assembly basics

Machine vs. Assembly vs. C

• Shows the relationship between C code, compiled machine code, and assembly code.
• Demonstrates the translation process from a high-level language (C) to low-level machine code.
• Includes example C code, generated machine code (in hexadecimal format), and assembly instructions.

Levels of Abstraction

• Hardware: Basic electrical circuits implementing logical operations (XOR, AND, OR, NOT).
• Microcode (Firmware): Lower-level instructions.
• Machine code: Opcodes (hexadecimal digits) that tell the processor what to do.
• Low-level languages: Human-readable versions of an architecture's instruction set.
• High-level languages: Transformed into machine code at compilation (e.g., C/C++).
• Interpreted languages: Translated to bytecode, then executed.

Assembly Language

• Assembly is the highest-level language reliably recovered from machine code.
• Vulnerable code or malware is typically stored in binary at the machine code level.
• Disassemblers convert binary to assembly language code.
• Assembly language is a class of languages, with x86 as a specific focus (explained in more detail).

Assemblers and Linkers

• Assemblers and linkers are tools used in software development that manipulate object files and libraries in creating and managing executable code.
• Assembly files are transformed into object files by assemblers.
• Object files are linked into an executable file by a linker that also incorporates libraries.

Assembler vs. Compiler

• Compilers translate high-level languages to machine code in a single step.
• Assemblers translate assembly language to machine code in multiple steps.
• A compiler checks and converts the entire code simultaneously, whereas an assembler typically works in multiple passes.
• Compilers may include a lexical analyzer (scanning), syntax analyzer, semantic analyzer, code optimizer, code generator, and produce mnemonic versions.

AT&T vs. Intel Syntax (NASM)

• Two main assembly language syntax forms.
• NASM format uses a different order, and symbols before registers/literals.
• AT&T format, uses the reverse order, and includes % before registers and $ before literal values.

Fundamental Data Types

• Binary representations of data types (bytes).

Memory

• Memory addresses and their corresponding data.

Data in Memory (Little-Endian Format)

• How data is stored in memory using little-endian format

CPU Registers

• A small amount of data storage directly accessible by the CPU.
• Registers are faster accessible than memory.

x86 Registers

• Categorizes x86 registers into General, Segment, Status, and Instruction Pointer registers.

General Registers

• Storing data or memory addresses and functions like storing data.

x64 Registers

• A further division of x86 registers based on 64-bit architecture

Data Registers

• Functions of EAX, EBX, ECX, EDX registers (explained in more detail).

Index Registers

• Functions of ESI (source) and EDI (destination) registers.

Segment Registers

• Functions of CS (Code Segment), DS (Data Segment), SS (Stack Segment) for referencing code, global data and stack, respectively.
• ES, FS, and GS provide additional segments.
• Memory address are relative to the starting address of the segment.

Status Registers

• Functions of ZF, CF, SF, TF flags (zero, carry, sign, trap).

Instruction Pointer (EIP)

• Points to the next instruction to be executed.
• The complete address consists of a segment selector and offset.

Other Pointer Registers

• ESP (Stack Pointer) and EBP (Base Pointer) are described.
• ESP points to the top of the stack, while EBP points to the current stack frame or local variables in current functions.

Simple Instructions

• Functions and uses of various instructions like MOV, LEA, arithmetic instructions (e.g., ADD, SUB, INC, DEC, MUL, DIV), logic instructions(e.g., XOR, OR, SHR, ROR), and the 'nop' instruction.

Stack Layout

• Visual representation of the stack with multiple stack frames.

Function Calls

• Process of calling and returning from a function explained.

Conditionals

• Functions of test and cmp instructions and how they use flags (ZF, CF).

Branching

• Types of unconditional jumps (JMP) and conditional jumps (e.g., JZ, JNZ, JG, JGE).

Examples of Conditional Jumps

• A variety of conditional jumps.

C Main Method and Offsets

• How C programs organize arguments using the main method (argc, argv array).

A Simple C Program (and compiled form)

• C program demonstrating the usage of file operations.
• Shows assembly code after compilation.

Home Readings

• List of resources for additional learning about NASM Assembly.

Description

This quiz covers key points from Lecture 3 of Principles of Software Security. It focuses on the programming languages C and C#, highlighting their memory management differences and safety features. Additionally, it delves into foundational concepts essential for understanding assembly language in the context of x86 architecture.