Question

1. In Buffer overflow, EIP can be controlled to execute malicious code at all levesl except
   1. Root level
   2. Application level
   3. User level
   4. System level
2. The EBP register is the base of the current stack frame of a process in higher address
   1. True
   2. False
3. Which one of the following isn’t a part of the stack operation?
   1. Saving the calling program’s EBP register on the stack
   2. Decrementing the ESP register to make room for the function’s local variables
   3. Incrementing ESP to EBP to clear the stack
   4. Read the EBP for addresses of local DLL

Answer 1

Q. In Buffer overflow, EIP can be controlled to execute malicious code at all levels except

1. Root level
2. Application level
3. User level
4. System level

Reason: The EIP(Extended Instruction Pointer) can be controlled to execute malicious code at the user level if the infected code lies with the user files. Similarly it can happen at root or system level when the functionalities /programs requiring root access are vulnerable . For example passwd is a program requiring root access but when a user executes it, it runs as root process. If this program itself is vulnerable, it can do malicious things gaining root access/ownerships

Q. The EBP register is the base of the current stack frame of a process in higher address

1. True
2. False

Reason: The stack grows backwards. Two registers ESP(extended stack pointer) and EBP (Extended base pointer) works with stack . ESP points to the lower addresses (top of stack) while EBP points to higher addresses(current frame of the stack)

Q. Which one of the following isn’t a part of the stack operation?

1. Saving the calling program’s EBP register on the stack
2. Decrementing the ESP register to make room for the function’s local variables
3. Incrementing ESP to EBP to clear the stack
4. Read the EBP for addresses of local DLL

Reason: When a function is called, the called functions' s first job is to save the calling program 's EBP onto the stack(return address). Next job is to decrement ESP to make room for local variables of the called function so that the function can execute. Last job is to clean up the stack by incementing ESP to EBP effectively don eby the leave statement. Next EIP is popped out of the stack to return to calling program