CHAPTER 21. STRUCTURES CHAPTER 21. STRUCTURES
21.5.1 OllyDbg.
Let’s load the example into OllyDbg and take a look atouter_structin memory:
Figure 21.5:OllyDbg: Beforeprintf()executionThat’s how the values are located in memory:
- (outer_struct.a)(byte) 1 + 3 bytes of random garbage;
- (outer_struct.b)(32-bit word) 2;
- (inner_struct.a)(32-bit word) 0x64 (100);
- (inner_struct.b)(32-bit word) 0x65 (101);
- (outer_struct.d)(byte) 3 + 3 bytes of random garbage;
- (outer_struct.e)(32-bit word) 4.
21.6 Bit fields in a structure
21.6.1 CPUID example.
The C/C++ language allows to define the exact number of bits for each structure field. It is very useful if one needs to save
memory space. For example, one bit is enough for aboolvariable. But of course, it is not rational if speed is important.
Let’s consider theCPUID^9 instruction example. This instruction returns information about the current CPU and its features.
If theEAXis set to 1 before the instruction’s execution,CPUIDreturning this information packed into theEAXregister:
3:0 (4 bits) Stepping
7:4 (4 bits) Model
11:8 (4 bits) Family
13:12 (2 bits) Processor Type
19:16 (4 bits) Extended Model
27:20 (8 bits) Extended FamilyMSVC 2010 hasCPUIDmacro, but GCC 4.4.1 does not. So let’s make this function by ourselves for GCC with the help of its
built-in assembler^10.
#include <stdio.h>
#ifdef GNUC
static inline void cpuid(int code, int a, int b, int c, int d) {
asm volatile("cpuid":"=a"(a),"=b"(b),"=c"(c),"=d"(d):"a"(code));
}
(^9) wikipedia
(^10) More about internal GCC assembler