Module 7 Hint
- For starters, let’s look at the need for the ASCII table for this assignment. Let’s pretend you ran your program with the string “hello”. If you look in the ‘Hx’ (hex) column on asciitable.com, you
will find that those letter each correspond to the following 1-byte entities (yes, each character
requires 1 byte or 8 bits): 0x68 (h) – 0x65 (e) – 0x6C (l) – 0x6C (l) – 0x6F (o). To see where these fall
in memory, within MARS, choose $sp from the dropdown in the middle of the console to show
the program’s call stack. You should see these bytes somewhere in memory on the first row. You
might also see a 0x0A nearby, what is that?
- Once you’ve located the hex values for “hello” in memory, play around with the stack a little bit.
What happens if you type “hellohello”, for example? Do the bytes appear in the same order in
which you typed them? Why/why not?
- Our ultimate goal is to execute the ‘print_a’ function. Use the dropdown to show the memory
layout of the .text section. What is the address of the first instruction in the ‘print_a’ function?
That is the address we want to put into $ra just before the ‘print’ function calls jr $ra.
- Speaking of $ra, run the program with an input of “hello” again and take another look at the
stack’s memory layout. You will see the hex values for the characters in “hello”, but look to the
right; what do you see? You should see two memory addresses that have already been added to
the stack! One of these is the current $ra!
At this point, you should be able to figure out where $ra is being stored on the stack, notice that the more
characters you type in as the initial input the closer you get to overwriting $ra, know the address of the
‘print_a’ function, and understand how to craft a 4-character input (using the ASCII table) that you can
use to overwrite $ra and trick the program into returning to the start of the ‘print_a’ function rather than
back to the original $ra location.
- Module 7 Hint