Question

In Buffer overflow, EIP can be controlled to execute malicious code at all levesl except Root...

  1. In Buffer overflow, EIP can be controlled to execute malicious code at all levesl except
    1. Root level
    2. Application level
    3. User level
    4. System level
  2. The EBP register is the base of the current stack frame of a process in higher address
    1. True
    2. False
  3. Which one of the following isn’t a part of the stack operation?
    1. Saving the calling program’s EBP register on the stack
    2. Decrementing the ESP register to make room for the function’s local variables
    3. Incrementing ESP to EBP to clear the stack
    4. Read the EBP for addresses of local DLL
0 0
Add a comment Improve this question Transcribed image text
Answer #1

Q. In Buffer overflow, EIP can be controlled to execute malicious code at all levels except

  1. Root level
  2. Application level
  3. User level
  4. System level

Reason: The EIP(Extended Instruction Pointer) can be controlled to execute malicious code at the user level if the infected code lies with the user files. Similarly it can happen at root or system level when the functionalities /programs requiring root access are vulnerable . For example passwd is a program requiring root access but when a user executes it, it runs as root process. If this program itself is vulnerable, it can do malicious things gaining root access/ownerships

Q. The EBP register is the base of the current stack frame of a process in higher address

  1. True
  2. False

Reason: The stack grows backwards. Two registers ESP(extended stack pointer) and EBP (Extended base pointer) works with stack . ESP points to the lower addresses (top of stack) while EBP points to higher addresses(current frame of the stack)

Q. Which one of the following isn’t a part of the stack operation?

  1. Saving the calling program’s EBP register on the stack
  2. Decrementing the ESP register to make room for the function’s local variables
  3. Incrementing ESP to EBP to clear the stack
  4. Read the EBP for addresses of local DLL

Reason: When a function is called, the called functions' s first job is to save the calling program 's EBP onto the stack(return address). Next job is to decrement ESP to make room for local variables of the called function so that the function can execute. Last job is to clean up the stack by incementing ESP to EBP effectively don eby the leave statement. Next EIP is popped out of the stack to return to calling program

Add a comment
Know the answer?
Add Answer to:
In Buffer overflow, EIP can be controlled to execute malicious code at all levesl except Root...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
  • TRUE/FALSE QUESTIONS:  Foundations of Information Security and Assurance 1. There is a problem anticipating and testing for...

    TRUE/FALSE QUESTIONS:  Foundations of Information Security and Assurance 1. There is a problem anticipating and testing for all potential types of non-standard inputs that might be exploited by an attacker to subvert a program. 2. Without suitable synchronization of accesses it is possible that values may be corrupted, or changes lost, due to over-lapping access, use, and replacement of shared values. 3. The biggest change of the nature in Windows XP SP2 was to change all anonymous remote procedure call (RPC)...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT