Graphics Programs Reference
In-Depth Information
This is slightly confusing, because sometimes the term
word
also refers to
2-byte values. In this case a
double word
or
DWORD
refers to a 4-byte value. In this
book, words and DWORDs both refer to 4-byte values. If I'm talking about a
2-byte value, I'll call it a
short
or a halfword. The following GDB output shows
memory displayed in various sizes.
(gdb) x/8xb $eip
0x8048384 <main+16>: 0xc7 0x45 0xfc 0x00 0x00 0x00 0x00 0x83
(gdb) x/8xh $eip
0x8048384 <main+16>: 0x45c7 0x00fc 0x0000 0x8300 0xfc7d 0x7e09 0xeb02 0xc713
(gdb) x/8xw $eip
0x8048384 <main+16>: 0x00fc45c7 0x83000000 0x7e09fc7d 0xc713eb02
0x8048394 <main+32>: 0x84842404 0x01e80804 0x8dffffff 0x00fffc45
(gdb)
If you look closely, you may notice something odd about the data above.
The first e
x
amine command shows the first eight bytes, and naturally, the
e
x
amine commands that use bigger units display more data in total. However,
the first e
x
amine shows the first two bytes to be
0xc7
and
0x45
, but when a
halfword is examined at the exact same memory address, the value
0x45c7
is
shown, with the bytes reversed. This same byte-reversal effect can be seen
when a full four-byte word is shown as
0x00fc45c7
, but when the first four bytes
are shown byte by byte, they are in the order of
0xc7
,
0x45
,
0xfc
, and
0x00
.
This is because on the
x
86 processor values are stored in
little-endian
byte order
, which means the least significant byte is stored first. For example,
if four bytes are to be interpreted as a single value, the bytes must be used
in reverse order. The GDB debugger is smart enough to know how values
are stored, so when a word or halfword is examined, the bytes must be
reversed to display the correct values in hexadecimal. Revisiting these
values displayed both as hexadecimal and unsigned decimals might help
clear up any confusion.
(gdb) x/4xb $eip
0x8048384 <main+16>: 0xc7 0x45 0xfc 0x00
(gdb) x/4ub $eip
0x8048384 <main+16>: 199 69 252 0
(gdb) x/1xw $eip
0x8048384 <main+16>: 0x00fc45c7
(gdb) x/1uw $eip
0x8048384 <main+16>: 16532935
(gdb) quit
The program is running. Exit anyway? (y or n) y
reader@hacking:~/booksrc $ bc -ql
199*(256^3) + 69*(256^2) + 252*(256^1) + 0*(256^0)
3343252480
0*(256^3) + 252*(256^2) + 69*(256^1) + 199*(256^0)
16532935
quit
r
eader@hacking:~/booksrc $
