[SOLVED] C math assembly software security Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs
CSCI2467: Systems Programming Concepts
Midterm review
Instructor: Matthew Toups
Spring 2019

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs
Scores so far
Your lab scores to date are posted in AutoLab (see gradebook)
Many folks lost points on datalab due to insufficient explanations in comments
Note that your grace day and late penalty are automatically applied by AutoLab
Email if there appears to be an error

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs
Upcoming exam
Midterm exam: Monday Feb 25, Wed Feb 27
Location: Math 102
Given during class time, 50 minutes per day, closed book
We will provide a sheet of notes and helpful values,
you will only bring something to write with.

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs
Two exam dates
Monday: chapter 2 (2.1-2.4)
no floating point
see practice problems (in later slides)
see activity handouts
be able to explain datalab solutions
Wednesday: chapter 3 (3.1-3.6)
will present problems in Intel assembly format
see practice problems (in later slides)
see activity handout problems
be able to identify things you have seen in bomblab

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs
Class updates
1 Midterm format
2 Chapter 2: Data operators
int
Conversion between signed & unsigned
3 Chapter 3: Machine-level programs Arithmetic
Control Activities

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs
Midterm format
Fill in a table with missing values
small examples (less than 32-bit)
using binary twos complement representation of ints
using binary operations, masking, arithmetic (w/ overflow)
is an expression true for all values?
Datalab:
Given some C code, fill in a blank or table of values
Given a C function, fill in comments explaining how it is solved
Bomblab:
Fill in missing C source code (based on given disassembly)
Given multiple C functions, circle the correct one

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs operators
Class updates
1 Midterm format
2 Chapter 2: Data operators
int
Conversion between signed & unsigned
3 Chapter 3: Machine-level programs

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs operators
Boolean Algebra
Algebraic representation of logic, developed by Boole in 1850s Encodes True as 1 and False as 0
Binary AND:
A&B = 1 when
both A = 1 and B = 1
Binary OR:
A|B = 1 when
either A = 1 or B = 1
&01 |01 000 001 101 111
Binary NOT (complement): Exclusive-Or (XOR):
A = 1 when A = 0 A B = 1 when either A = 1
or B = 1 but not both
1
01 01 10 001
Based on Figure 2.7 in CS:APP3e
110

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs operators
Logical operators
Dont confuse bitwise and logical operators! They look similar but are very different.
&&, || , !
View 0 as False
View anything non-zero as True
Always return 0 or 1
Early termination!
Examples:
!0x41 0x00
!0x00 0x01
!!0x41 0x01
0x69 && 0x55 0x01 0x69 || 0x55 0x01
a && 5/a (will never divide by zero) p && *p (avoids null pointer access)

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs operators
Shift operators
Left Shift: x << y- Shift bitvector x left y positions(Throw away extra bits on left)- Fill with 0s on rightRight Shift: x >> y
Shift bitvector x right y positions
(Throw away extra bits on right)
Logical shift: fill with 0s on left
Arithmetic shift: Replicate most significant bit on left
Undefined: Shift < 0 or word sizeExamples Argument x << 3 Log. >> 2 Arith. >> 2
01100010
00010000
00011000
00011000
Argument x << 3 Log. >> 2 Arith. >> 2
10100010
00010000
00101000
11101000

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs int
twos complement encoding example
short int x= 2467: 00001001 10100011 short int y= -2467: 11110110 01011101
Weight
1 2 4 8
16 32 64
128
2467
11 12 00 00 00 1 32 00 1 128
-2467
11 00 14 18 1 16 00 1 64 00
256
512 1024 2048 4096 8192 16384 -32768
1 256 00 00 1 2048 00 00 00 00
00 1 512 1 1024 00 1 4096 1 8192 1 16384 1 -32768
Sum:
2467
-2467

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs int
Numeric Ranges
Unsigned values
UMin=0
000 0
UMax=2w 1
Twos complement values TMin=2w1
1000
TMax=2w11
111 1
0111 Values for w = 16 (short int)
Decimal
Hex
Binary
UMax TMax TMin -1
0
65535
32767 -32768 -1 0
FF FF 7F FF 80 00 FF FF 00 00
11111111 11111111 01111111 11111111 10000000 00000000 11111111 11111111 00000000 00000000

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs Conversion between signed & unsigned
Carnegie Mellon
Mapping Between Signed & Unsigned
Mapping Between Signed & Unsigned
Twos Complement
Unsigned
T2B
B2U
T2U
X
x ux
Maintain Same Bit PaTern
Unsigned
Twos Complement
U2B
B2T
U2T
X
ux x
Maintain Same Bit PaTern
Mappings between unsigned and twos complement numbers: Keep bit representa6ons and reinterpret
Bryant and OHallaron, Computer Systems: A Programmers Perspec;ve, Third Edi;on 22

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs Conversion between signed & unsigned
Mapping Signed Unsigned
Carnegie Mellon

Bits
Signed
T2U U2T
Unsigned
0000
0
0
0001
1
1
0010
2
2
0011
3
3
0100
4
4
0101
5
5
0110
6
6
0111
7
7
1000
-8
8
1001
-7
9
1010
-6
10
1011
-5
11
1100
-4
12
1101
-3
13
1110
-2
14
1111
-1
15
Bryant and OHallaron, Computer Systems: A Programmers Perspec;ve, Third Edi;on 23
Mapping Signed Unsigned

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs Conversion between signed & unsigned
Mapping Signed Unsigned
Carnegie Mellon

Bits
Signed
=
+/- 16
Unsigned
0000
0
0
0001
1
1
0010
2
2
0011
3
3
0100
4
4
0101
5
5
0110
6
6
0111
7
7
1000
-8
8
1001
-7
9
1010
-6
10
1011
-5
11
1100
-4
12
1101
-3
13
1110
-2
14
1111
-1
15
Bryant and OHallaron, Computer Systems: A Programmers Perspec;ve, Third Edi;on 24
Mapping Signed Unsigned

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs Conversion between signed & unsigned
Carnegie Mellon
Conversion Visualized
Conversion Visualized
2s Comp. Unsigned Ordering Inversion
Nega;ve Big Posi;ve
UMax UMax 1
TMax + 1 TMax
TMax
Unsigned Range
2s Complement Range
2
TMin
00 1
Bryant and OHallaron, Computer Systems: A Programmers Perspec;ve, Third Edi;on 26

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs Conversion between signed & unsigned
Practice
CSCI 2467, Spring 2019
Class Activity: Twos complement, bitwise and logical operators Friday, February 1
2467 Instructor: M. Toups [email protected]
1 Introduction
In this activity you will practice working with binary numbers, bitwise operators, and logical operators. This activity is based in part on material developed by Professor Saturnino Garcia of the University of San Diego and is used with permission.
Each group member will get a copy of the activity to keep. The groups answers go into the response sheet, which will be turned in.
2 Review of Negative Integers

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs Conversion between signed & unsigned
More practice
We strongly recommend you check out these practice problems from the text! Textbook problems:
2.1 through 2.4 2.6 through 2.9 2.12 through 2.16

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs Arithmetic
Class updates
1 Midterm format
2 Chapter 2: Data
3 Chapter 3: Machine-level programs Arithmetic
Control Activities

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs Arithmetic
Arithemetic operations
Two operand instructions
Pay attention to order of operands
No distinction between signed & unsigned. (why not?)
Format Operands add dest,src sub dest,src imul dest,src sal dest,src sar dest,src shr dest,src xor dest,src and dest,src or dest,src
Computation
dest = dest + src dest = dest src dest = dest * src dest = dest << src dest = dest >> src dest = dest >> src dest = dest src dest = dest & src dest = dest src
(also shl) (arithmetic) (logical)

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs Arithmetic
Arithemetic operations
One operand instructions
Format Operand inc dest
dec dest
neg dest
Computation dest = dest + 1 dest = dest 1 dest = dest dest =dest
not dest
See CSAPP3e for more on these operations.

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs Arithmetic
Arithmetic expression example
long arith
(long x,long y,long z) {
long t1 = x+y;
long t2 = z+t1;
long t3 = x+4;
long t4 = y * 48; long t5 = t3 + t4; long rval = t2 * t5; return rval;
}
arith:
lea rax, [rdi+rsi] add rax , rdx
lea rcx, [rsi+rsi*2] sal rcx, 4
lea rcx, [rdi+4+rcx] imul rax, rcx
ret
Interesting instructions:
lea: address computation sal: shift left
imul: multiplication
(only used once!)
arith:

r
Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs Ca Control
CondJiutiomnapl ijnumgps
jX Instrucons
Jump to different part of code depending on condion codes
jX
Condion
Descripon
jmp
1
Uncondional
je
ZF
Equal / Zero
jne
~ZF
Not Equal / Not Zero
js
SF
Negave
jns
~SF
Nonnegave
jg
~(SF^OF)&~ZF
Greater (Signed)
jge
~(SF^OF)
Greater or Equal (Signed)
jl
(SF^OF)
Less (Signed)
jle
(SF^OF)|ZF
Less or Equal (Signed)
ja
~CF&~ZF
Above (unsigned)
jb
CF
Below (unsigned)

Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs Control
Conditional branch example
long absdiff
(long x, long y)
{
long result; if (x > y)
result = x-y;
else
result = y-x;
return result; }
absdiff:
cmp rdi , rsi jle .L2
mov rax , rdi sub rax , rsi ret
.L2: # x <= ymov rax , rsi sub rax , rdi retCompiled with: Register gcc Og S absdiff.c masm=intel rdiUse argument x rsi argument yrax return valueClass updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs ActivitiesCSCI 2467, Spring 2019Class Activity: Understanding disassembled code Friday, February 152467 Instructor: Matthew ToupsTeaching assistants: Caitlin Boyce and Jerod Dunbar1 IntroductionIn this activity you will get practice reading assembly language code which has been disassembled taken from an existing, compiled program. This reverse-engineering technique is especially useful for folks in the cyber security field who are studying malware and software vulnerabilities. It is also an excellent way for anyone to gain a deeper understanding of how their programs are actually compiled and executed. (The questions are from CS:APP3e by Bryant and OHallaron, chapter 3.)Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs Activities More practice CS:APP3e textbook practice problems: 3.183.21 3.24 3.26 3.28 Class updates Midterm format Chapter 2: Data Chapter 3: Machine-level programs Activities Get to work! We have the rest of the class to work on: – bomblab: get help with gdb / etc- midterm prep: ask questions