Q. What is a classic case of a trivial overflow bug?

View solution

Q. What is an example of a tool that can be used to disassemble a program?

View solution

Q. How are parameters passed in cdecl functions?

View solution

Q. What is the disadvantage of the optimization chosen by the compiler for unwinding function parameters?

View solution

Q. Why does the function end up using a bit more stack space?

View solution

Q. Which type of threads in Windows have a very limited stack space?

View solution

Q. What is the disadvantage of the function's stack unwinding approach from the program's perspective?

View solution

Q. Why is it important to ensure that the code that’s accessing a large block of stack space is properly aware of its size?

View solution

Q. What are intrinsic implementations?

View solution

Q. Why are string-manipulation routines historically a reason for vulnerabilities?

View solution

Q. What is the aim of using automatic, compiler-generated stack checking?

View solution

Q. How does automatic, compiler-generated stack checking work?

View solution

Q. What is the purpose of the cookie used in stack checking?

View solution

Q. Why does the cookie used in stack checking need to be a random number?

View solution

Q. How does the use of a pseudorandom number as a cookie prevent an attacker from fooling the cookie verification code?

View solution

Q. What is stack checking?

View solution

Q. How does stack checking work?

View solution

Q. Why must the cookie be a random number in stack checking?

View solution

Q. Can stack checking completely eliminate the problem of buffer overflow bugs?

View solution

Q. How can an attacker defeat stack checking?

View solution