1.24. STRUCTURES
OllyDbg
Let’s load the example into OllyDbg and take a look atouter_structin memory:
Figure 1.107:OllyDbg: Beforeprintf()executionThat’s how the values are located in memory:
- (outer_struct.a)(byte) 1 + 3 bytes of random garbage;
- (outer_struct.b)(32-bit word) 2;
- (inner_struct.a)(32-bit word) 0x64 (100);
- (inner_struct.b)(32-bit word) 0x65 (101);
- (outer_struct.d)(byte) 3 + 3 bytes of random garbage;
- (outer_struct.e)(32-bit word) 4.
1.24.6 Bit fields in a structure
CPUID example
The C/C++ language allows to define the exact number of bits for each structure field. It is very useful if
one needs to save memory space. For example, one bit is enough for aboolvariable. But of course, it is
not rational if speed is important.
Let’s consider theCPUID^166 instruction example. This instruction returns information about the current
CPU and its features.
If theEAXis set to 1 before the instruction’s execution,CPUIDreturning this information packed into the
EAXregister:
3:0 (4 bits) Stepping
7:4 (4 bits) Model
11:8 (4 bits) Family
13:12 (2 bits) Processor Type
19:16 (4 bits) Extended Model
27:20 (8 bits) Extended FamilyMSVC 2010 hasCPUIDmacro, but GCC 4.4.1 does not. So let’s make this function by ourselves for GCC
with the help of its built-in assembler^167.
(^166) wikipedia
(^167) More about internal GCC assembler