User Account

All Pages

Briefly describe the process of compilation

Assignment Help Software Engineering
Reference no: EM132477755 , Length: 10 pages

Part 1 - Computer Architecture Review Questions

Question 1. Briefly describe the process of compilation. In your discussion, include the role of the high-level languages, low-level languages, machine code, opcodes, and binary form.

Question 2. If you reverse engineer a sample of malware that was compiled using an interpreted language, explain why the disassembly will not produce processor specific assembly (such as x86).

Question 3. List and explain the three hardware components of the Von Neumann architecture. Further define the main components of the CPU.

Question 4. A program is a dormant piece of software stored on disk. A compiled Windows program contains the sections discussed in week 1 (.code/.text, .data, etc). Once a program begins execution, the operating system loads it into memory. A program in execution (i.e. loaded into memory) is called a process. List and briefly define the four major sections of main memory (RAM) for a process.

Question 5. Endianness is something to be aware of when looking at data in memory. Suppose you observe the following value at a specific memory location on an x86 architecture: 0x0100ABC0. You suspect this represents an IPv4 address. What is the IP address?

Question 6. Which x86 register is used to store the address of the next instruction to execute?

Question 7. Suppose the EAX register contains the value 0xA7025F31. What are the values of AX, AH, and AL?

Part 2 - Disassembly Exercise

Load lab2-1.exe into IDA to observe the disassembly. This program does not do anything interesting. We are studying it to practice our assembly skills. Make sure the entire binary is analyzed by IDA before you begin navigating. You will know when IDA is done with analysis when you see the following "finished" message:

Click on Options -> General then place a check mark next to Line Prefixes. This option shows the relative memory addresses in IDA-View. We also want to see the opcodes, so enter 6 into the Number of opcode bytes entry.

Navigate to the Functions Window and go to functionsub_401020.

Question 1) The first two instruction in this function are establishing the stack frame. It is normal to always see this code upon function entry. How many bytes of object code (opcodes) is requires to establish the stack frame?

Question 2) What are the values in the eax and edx registers after the instruction at 0x00401025 has executed?

Question 3) What are the value in the eax and edx registers after the instruction at 0x0040102A has executed?

Question 4) What are the value in the eax and edx registers after the instruction at 0x0040102C has executed?

Question 5) What is the opcode for push eax?

Question 6) How many parameters does function sub_401000 have?

Question 7) In this case, what are the values of the parameters passed to sub_401000?

Question 8) Double click on sub_401000 to analyze the function. How many local variables are there?

Question 9) What are the values of [ebp+arg_0] and [ebp+arg_4]?

Question 10) In which register do value returning functions normally store their return value?

Question 11) What value does function sub_401000 return?

Question 12) Click the back arrow on the upper left of your IDA display to return to the calling function. Explain the code at 0x0040103E. What will be the values of the ZF and CF bits in the flags register?

Part 3 - Reverse Engineering Exercise

Load lab2-2.exe into IDA to observe the disassembly. Make sure the entire binary is analyzed before you begin navigating. You will know when IDA is done with analysis when you see the following "finished" message:

Click on Options -> General then place a check mark next to Line Prefixes. This option shows the relative memory addresses in IDA-View.

Navigate to the Functions Window and go to function sub_401030.

Question 1) How many parameters are in sub_401030? How many local variables?

So sub_401030 is actually our int main(int argc, char* argv[]) function. Unfortunately, IDA does not recognize it as the entry point. You can rename the function by right-clicking on sub_401030 and giving a new name that is more intuitive. Let's call it MAIN.

Since we know the function prototype is the main function defined above, we can rename the arguments to enhance our readability of the program. Since arguments are pushed onto the stack in right to left order, the first argument is always the one closest to EBP. Therefore, arg_0 is int argc. Right-click on arg_0 and rename as argc. This is our argument counter, which holds an integer value that indicates the number of command-line arguments passed to the program when it is executed. Rename arg_4 to argv. argv is a character array that contains the command line arguments.

Question 2) Show a screenshot like the one below with the function and the arguments renamed.

Question 3) At 0x00401036, what value is being compared to argc?

Question 4) What is the address of the next instruction executed if the values from problem three are not equivalent?

The at address 0x0040103C through 0x00401047 is grabbing the first element of the argv array, or argv[0], and storing it into the eax register. At 0x00401050 and at 0x00401089, we see the same function, sub_4010B1, being called. This function is the standard C printf function. Rename sub_4010B1 to printf. You may wish to quickly research the C printf function if you are not familiar.

Question 5) What are the arguments being passed to the printf function when it is called at 0x00401050?

Question 6) Explain the purpose of the three instructions at 0x00401055,0x00401058, and 0x0040105A.

Question 7) What is the purpose of the code block at loc_401098?

Question 8) Now we need to analyze the code block at loc_40105C. Under what conditions does this code get executed? Remember, it has to do with the instruction at 0x00401036.

Instructions 0x0040105C through 0x00401067 are grabbing the second value in argv, or argv[1], and storing it into eax. This value is then passed as an argument to sub_401160. This function is the C standard atoi function. Rename sub_401160 to atoi. The atoi function (ASCII to Integer) takes an ASCII character as a parameter and returns a decimal value. For example:

As you can see, the atoi function takes an ASCII character, in this case ‘7', and returns the actual decimal value of 7. If a use enters ‘7' in a keyboard, the value 0x37 (or 55 in decimal) is what gets recorded, not the decimal value 7. The atoi function is commonly used to resolve human integer input into its logical meaning.

The value returned from atoi gets stored into var_4. It is then passed to sub_401000 as an argument. We don't know what that function does yet, we will have to reverse engineer it. For now, skip over it and let's finish analyzing the rest of this code. We will go back to that function later.

Question 9) What gets stored in var_8?

Question 10) What gets printed at the call to printf at 0x0040108E?

Question 11) Double-click on aD:

This brings you to the location in the binary where this string is stored. At which address and section (text, data, rsrc, etc) is this string stored?

Question 12) Now go back and double-click on sub_401000 to analyze its code. Try to reverse engineer this function. It is a tricky one, since it involves recursion. Explain your conclusion.

Question 13) Summarize the overall functionality of the program. Execute the program to validate your analysis.

Extra Challenge.

Write a C program (or pseudo-code) equivalent of the lab2-2.exe.

Attachment:- Malware Forensics.rar

Reference no: EM132477755

Questions Cloud

What is the preferred debt ratio : Consider a scenario with NO taxes and NO bankruptcy risks, if MM 1958 proposition is true, what is the preferred debt ratio (i.e., the weight of debt) if a firm
What is pay-off and profit-loss : When the option expires, the value of the underlying asset is $54. What is your pay-off and profit / loss?
What type of communication intervention will be appropriate : Six year-old Alex uses both immediate and delayed echolalia. When asked, "What do you want?" he replies, "What do you want?"
How did the parents react : How can the after-school program become more of an attractive option for W.? Was any type of mental health evaluation suggested? If so, what type(s)?
Briefly describe the process of compilation : Malware Forensics - Briefly describe the process of compilation. In your discussion, include the role of the high-level languages, low-level languages
What is robinson inn wacc : Question: What is Robinson Inn's WACC if it pays taxes at 21%?
How are social skills and social competence evaluated : How are social skills and social competence evaluated? What social skills training strategies are available to teach social skills to individuals with ASD?
What is donaghy corporation total net cash flow : What is Donaghy Corporation's total net cash flow available from the current lockbox system to meet payroll?
Which one will you employ to stabilize very distraught woman : Case of Mildred. Mildred is a 42-year-old white female who is recently divorced. She is not doing well in her love life and comes to you to get some immediate.

Reviews

Write a Review

Software Engineering Questions & Answers

  Use case dependency for making an account deposit

Describe (in a one to two (1-2) page narrative) a use case dependency for making an account deposit. Illustrate this use case with Visio or a similar product

  Discuss at least four common mistakes that occurred

Using your own words, discuss at least four common Mistakes that occurred during the design phase.

  Describe how these new forms meet usability standards

Describe how these new forms meet usability standards? Incorporate additional research or academic information to support your presentation.

  Describe use of software development lifecycle principles

Ddescribe which direction SewWorld must take. How would SewWorld use Software Development Lifecycle principles and systems analysis tools to implement their software strategy?

  Explain the conceptual terms for analyzing human interaction

Describe the relationship between the cognitive principles and their application to interfaces and products.

  What does a curved message call line do

Describe sequence diagrams. Include in your discussion how to read them. What does a curved message call line do

  Internet for political purposes

Write review on this article. The Internet for Political Purposes The United States was the first who started to use tools and technologies of Internet communication.

  What are systems selection goals

What is systems selection?- What are systems selection goals?- What are reasons for developing software internally versus acquiring it from external sources?

  Software engineering course

Create a hierarchy of five (no more or no less) of the most important topics that you feel need to be addressed in this one-day course that best fits the course title of "Software Engineering: The Essentials Presented in One Day.

  Explain commercial applications development

Eight clubs compete in a tenpin bowling competition. There are ten frames (sets of pins) and two balls are available if required by each competitor in each frame to knock down all pins. A "strike" is when all pins are knocked down with the first b..

  Create the architectural context diagram

Describe the interface and component-level design for the Auto rental shop software. Create the Architectural Context Diagram.

  Compare top three brand of virtualization software available

Compare and contrast the top three brands of virtualization software available. Focus your efforts on components such as standard configuration, hardware requirements price, and associated costs.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd