Writing testing
Microsoft
2004-11-13 parsing analysis
Author: Yang Yanqing E-mail: BlankmanattomDotcom is here: http://blog.9cbs.net/blankman/archive/2004/11/14/WE_MS_20041113.ASPX (Microsoft 2004-11-13 pen test questions resolution, if there is If you violate Microsoft copyright, please let us know and immediately delete it)
1. Where is the following procedure, there is an error: Struct S
{
INT I;
INT * P;
}
int main ()
{
S s;
INT * P = & S.I;
P [0] = 4;
P [1] = 3;
S.p = P;
S.p [1] = 1;
S.p [0] = 2;
Return 0;
}
[Topic Analysis]
This test is an understanding of the use of memory usage in structure. In a 32-bit operating system, the INT and pointer type variable occupancy space is 4 bytes. In this question, the value of & S.i is actually the value of & S, so "INT * P = & S.i" is also equivalent to pointing P to the starting position of the address of the structure S. As shown in Figure 1.
figure 1
Assuming that the value of & S is 0x12300, the value of P is also 0x12300, and P [0] refers to the continuous 4 bytes from 0x12300, and P [1] refers to the start of from 0x12304 (note! Not 0x12301). Continuous 4 bytes of space. In this way, P [0] is equivalent to S.I, P [1] is equivalent to S.p, analyzing this step, can determine that the program is running to "s.p = P;" here will not be wrong. Continue to look down.
After the assignment of "S.p = P;", S.p points to the first address of S. At this time, S.P [0] is equivalent to S.I, S.p [1] is equivalent to S.p.
The next sentence "S.p [1] =
1
"
After executing, the value of S.p is 1, that is, point to 0x00001, the hidden dangers appear. Execute "S.p [0] =
2
"
At the time, it is actually written to the 0x00000002 to the continuous four bytes starting to the memory 0x00001, and the memory does not belong to this program, and there will be an error that access illegal memory.
The assembly code for VC parsing is as follows (part), interested in referring to it. 14: s s ;; 15: int * p = & S.I; 00401028 Lea EAX, [EBP-8] 0040102B MOV DWORD PTR [EBP-0CH], EAX; 16: P [0] = 4; 0040102E MOV ECX , DWORD PTR [EBP-0CH] 00401031 MOV DWORD PTR [ECX], 4; 17: P [1] = 3; 00401037 MOV EDX, DWORD PTR [EBP-0CH] 0040103A MOV DWORD PTR [EDX 4], 3; 18: sp = p; 00401041 MOV EAX, DWORD PTR [EBP-0CH] 00401044 MOV DWORD PTR [EBP-4], EAX; 19: SP [1] = 1; 00401047 MOV ECX, DWORD PTR [EBP-4] 0040104A MOV DWORD PTR [ECX 4], 1; 20: SP [0] = 2; 00401051 MOV EDX, DWORD PTR [EBP-4] 00401054 MOV DWORD PTR [EDX], 22, ABCDEF is a number of 0 ~ 9 Determine the value of A to F ABCDEF * 2 = cdefabcdefab * 2 = EFABCD [Topic Analysis] The following answers provide ABCDEF to the number of 0 ~ 9, determine the value of A ~ F according to the following conditions. * 2 = CDEFAB CDEFAB * 2 = EFABCD See the topic, I immediately thought of 1/7, it just met the nature of this number. So the answer is 142857. ...... 1/7 = 0.142857 2/3 7 = 0.285714 / 0.428571 = 4 7/7 = 0.571428 5/7 = 0.714285 6/7 = 0.857142 then the cycle, no note, are Is 142857 these six numbers. The following answer provides Abcdef * 2 = CDEFAB CDEFAB * 2 = CDEFAB CDEFAB * 2 = EFABCD 2 * AB = CD 2 * EF = 1AB 2 * CD 1 = EF 8AB 2 = 100 AB AB = 14 The answer is provided by Dawangzi16 1. E> 2c> 4a; ==> a = 1or2; 2. Because of EF * 2 = AB, binding binding sub 1: (if a = 2 THEN E = 8 OR 9 is not established at this time) So = 1; e = 5; at the same time, F is greater than 5; at this time: 1bcd5f * 2 = CD5F1b; CD5F1B * 2 = 5f1bcd; 3. Since 1b * 2 = CD is launched: c = 3 or 2; also by CD * 2 = 5F; launch C = 2; D> 5; at this time: 1B2D5F * 2 = 2d5f1b; 2D5F1B * 2 = 5F1B2D; 4.
