Instructions: By Friday, 10:00 AM, send email to the course staff email alias (which is available on the home page) in which you:

• Answer the question below. Don't worry about getting it exactly right; give it your best shot.
• Pose an additional question about the paper that articulates what you found most confusing, least specified, etc.

Draw the ROP chain (the contents of the stack) for the write() system call that dumps the server binary over the socket to the attacking client. Assume the following:

• The attacker knows the socket number (so it can appear on the stack)
• The attacker knows the address of the start of the binary's .text section (so it too can appear on the stack)
• The attacker knows the addresses of the following gadgets:
  • pop rdi; ret
  • pop rsi; pop r15; ret
  • strcmp()
• The attacker knows the address of call write

You can and should use notation to represent the addresess known to the attacker. You may need to make other assumptions and introduce other notation as well.