Problem 1 0xbffff6ec & ret add 0xbffff6e8 & saved ebp 0xbffff6e4 & 0xbffff6e0 & 0xbffff6dc & 0xbffff6d8 & 0xbffff6d4 & 0xbffff6d0 & 0xbffff6cc & 0x080484f1 0xbffff6c8 & 0xbffff600 <-- ebp 0xbffff6c4 & 0x61000000 0xbffff6c0 & 0xbffff6bc & 0xbffff6b8 & 0xbffff6b4 & 0xbffff6c7 0xbffff6b0 & 0x08048598 ^esp points here yes no - main's ebp is corrupted, we set esp to ebp and return no no Problem 2 M=7 N=6 Problem 3 cow 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ |prime| rib | raw |XX| filet | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ bull 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ |prime|XXXXX| rib | raw |XX|roast| filet | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 0xffcd 0x00793001 0x55 0x66 0x12 Problem 4 <- buf +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | |64|72|2e|65|76|69|6c|00| | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ ^ ebp ---------- addresses increase this way ------> 0x6c *((int*)buf) = 0x652e7264 *((int*)(buf+6)) = 0x08040073 ebp = 0x6576696c Problem 5 A. union1: &s=0xbffff84c &i=0xbffff84c &d=0xbffff84c struct1: &s=0xbffff854 &t = 0xbffff856 &i=0xbffff858 &d=0xbffff85c &un=0xbffff860 sizeof(struct1) = 20 sizeof(union1) = 8 B. union1: &d struct1: none, un is already 8byte aligned and the double within is 8 byte aligned C. Both union1 and struct1 are incorrect, since they should be 8 byte aligned and aren't D. R = 7 C = 11 Problem 6 A. 4byte B. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ |c0|c1|xxxxx| str | d | u |xxxxxxxxxxx| +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ C. 24 D. 24 Problem 7 M=11 N=2