Microsoft
2004-10-16 parsing analysis
Author: Yang Yanqing E-mail: Blankmanattomdotcom's exquisite: http://blog.9cbs.net/blankman/archive/2004/11/we_ms_20041016.aspx (Microsoft 2004-11-13 pen test analysis, if there is If you invade Microsoft copyright, please let us know, immediately delete it) 1. Ask the function return value, enter x = 9999; int func (x) {int countX = 0; while (x) {countx ; x = x & (x-1 } Return countx;} [Question analysis] When this question, if you take out a binary number to analyze, X = X & (X-1) is actually the binary form of X The last "1" becomes "0", and how many "1" cycles do in the binary form of X. 9999/256 = 39 15. The two numbers are converted soon. 39 = 32 4 2 1 = 00100111 15 = 0f = 00001111 So 9999 = 001001100001111, there are 8 1, the answer is 8 2. Implement the following procedures to facilitate the Binary Search. To process the error statement. The size of the assignment of the queue is fixed Max_LEN, input by the second parameter INSERT (int * arr, // queue size_l Len, // Queue size SIZE_L Count, // Queue Element Number INT VARL // To Process Data) Returns Index (INT * ARR, SIZE_L LEN, SIZE_L COUNT, INT VARL) of Insert Data Remove Index Search (int " * Arr, size_l len, size_l count, int var, Returns the index of the search path element [Question analysis] There are data structures. 3, the stack r, from the top to the end: {2, 4, 6, 8, 10}, take out the queue Q by one by one, then take out in the q, ask now the order of the top to bottom in the stack R .
[Question analysis] This is not available, {10, 8, 6, 4, 2} 4, the result of writing procedures: ___________ int funa (int * a) {a [0] ;} int funb (int B []) {b [1] = 5;} main () {Int a [5] = {2, 3, 4, 5, 6}; int b [5] = {2, 3, 4, 5 , 6}; int * p; p = & a [0]; (* p) ; funa (p); for (int i = 0; i <3; i ) Printf ("% d,", A [ I]); p = & b [1]; funb (p); for (i = 0; i <3; i ) printf ("% d,", b [i]);} [topic analysis] result is: 4, 3, 4, 2, 3, 9 (* p) ; that is, A [0] ; Funa (P); A [0] is the array A [0] , only the first element is added twice 1, p = & b [1]; Point P to the second element FUNB (P) of the array B; B [1] = 5 is Add 55 in the third element in the array b [2] = 5 array b, find the Bugint CopystringandCount (CHAR * STR) of the following program 1 {int ncount = 0; char * pBuffer; 2 PBuffer = New char [MAX_PATH_LENGTH]; 3 4 STRCPY (PBuffer, Str); For (; PBuffer 5; PBuffer ) IF (PBuffer 6 == '//') ncount ; 7 return ncount;} [Topic Analysis] 1 (const char * STR) If you do not need to change the content of the string in the function, it is best to add const to avoid erroneous modification string content 2 char * pBuffer = null; pointer declaration, it is best to assign the initial value NULL 3 if (! PBuffer) Return -1 After the opening of the space, there is no success, there is no error check 4 if (Strlen (STR)> (MA) X_Path_Length-1)) Return -2; No newly opened space can accommodate the string, otherwise it is possible to cross the world in the PBUFFER topic is to jump out of the cycle when the string is at the end of the string, so it should be taken The content of the string 6 is the same as 57 delete pBuffer; pBuffer = null; no newly opened space will cause memory leaks 6, what is the next generation browser should add? [Topic Analysis] Casual written, such as security, search function, etc.
7. Give the function strcmp () test solution INT STRCMP (Const Char * STR1, Const Char * STR2) [Topic Analysis] Mainly examined the comprehensive type of problem, I think there is an example of refrigerator test, I wrote a few (For reference only): str1 str2 null null 'a' Null Null 'A' A '' ABC '' ABC '' ACD '' .xj '' sefn'8, test a DVD Player if you only have limited How will you do it? [Topic Analysis] just said that my idea is not a standard answer. First test the basic function, then it is common function, then the advanced feature. 9. In the past years, which biggest difficulty you have encountered, how do you solve it? Are you doing a decision to do with others? Why do this decision? What is the current result? 10. Logic questions: there is a five-seater roller coaster, each energy saving, existing Luair, Jack, Gwen, Tom, Mark, Paul, 6 people go to the bus, have the following conditions 1, Luair and others Tong 2, Mark is not in harmony, and the front of the Mark is empty 3, TOM does not compete with any one of GWEN and Paul. The gwen is 3, or 4 .... Below is some assertive statements Let you judge the right or wrong [topic analysis] Mark and the empty car can be treated as a whole, and the rest is to arrange a combination according to rules, and the possible type is not too much. If you draw a sketch with a pen, it is easier. (Supplement ...) (Microsoft 2004-11-13 pen test analysis, if there is any violation of Microsoft copyright, please let us know, immediately delete) 1. Where is the following procedure Where is wrong: Struct S
{
INT I;
INT * P;
}
int main ()
{
S s;
INT * P = & S.I;
P [0] = 4;
P [1] = 3;
S.p = P;
S.p [1] = 1;
S.p [0] = 2;
Return 0;
}
[Topic Analysis]
This test is an understanding of the use of memory usage in structure. In a 32-bit operating system, the INT and pointer type variable occupancy space is 4 bytes. In this question, the value of & S.i is actually the value of & S, so "INT * P = & S.i" is also equivalent to pointing P to the starting position of the address of the structure S. As shown in Figure 1.
figure 1
Assuming that the value of & S is 0x12300, the value of P is also 0x12300, and P [0] refers to the continuous 4 bytes from 0x12300, and P [1] refers to the start of from 0x12304 (note! Not 0x12301). Continuous 4 bytes of space. In this way, P [0] is equivalent to S.I, P [1] is equivalent to S.p, analyzing this step, can determine that the program is running to "s.p = P;" here will not be wrong. Continue to look down.
After the assignment of "S.p = P;", S.p points to the first address of S. At this time, S.P [0] is equivalent to S.I, S.p [1] is equivalent to S.p.
The next sentence "S.p [1] = 1
"
After executing, the value of S.p is 1, that is, point to 0x00001, the hidden dangers appear. Execute "S.p [0] =
2
"
At the time, it is actually written to the 0x00000002 to the continuous four bytes starting to the memory 0x00001, and the memory does not belong to this program, and there will be an error that access illegal memory.
The assembly code for VC parsing is as follows (part), interested in referring to it. 14: s s ;; 15: int * p = & S.I; 00401028 Lea EAX, [EBP-8] 0040102B MOV DWORD PTR [EBP-0CH], EAX; 16: P [0] = 4; 0040102E MOV ECX , DWORD PTR [EBP-0CH] 00401031 MOV DWORD PTR [ECX], 4; 17: P [1] = 3; 00401037 MOV EDX, DWORD PTR [EBP-0CH] 0040103A MOV DWORD PTR [EDX 4], 3; 18: sp = p; 00401041 MOV EAX, DWORD PTR [EBP-0CH] 00401044 MOV DWORD PTR [EBP-4], EAX; 19: SP [1] = 1; 00401047 MOV ECX, DWORD PTR [EBP-4] 0040104A MOV DWORD PTR [ECX 4], 1; 20: SP [0] = 2; 00401051 MOV EDX, DWORD PTR [EBP-4] 00401054 MOV DWORD PTR [EDX], 22, ABCDEF is a number of 0 ~ 9 Determine the value of A ~ F ABCDEF * 2 = CDEFABCDEFAB * 2 = EFABCD [Topic Analysis] There is no good idea for the time being, except for exhaustion
