问题
This is the source code I have:
section .data
msg: db "pppaaa"
len: equ $
section .text
global main
main:
mov edx,len
mov ecx,msg
mov ebx,1
mov eax,4
int 0x80
And when I debug this code I will see:
(gdb) info register ecx
ecx 0x804a010 134520848
(gdb) x 0x804a010
0x804a010 <msg>: 0x61707070
(gdb) x 0x804a014
0x804a014: 0x00006161
"70" here represents the character 'p' and "61" the character 'a' obviously.
What I am confused about is, why is the data in location 0x804a010 is 0x61707070 (appp) and moving 4 bytes forward at 0x804a014 the data is --aa ?
I would expect to see (pppa) for the first location and (aa--) for the second location. Why is this the case?
回答1:
GDB doesn't know that you have a bunch of chars. You are just asking it to look at a memory location and it is displaying what is there, defaulting to a 4-byte integer. It assumes the integer is stored least significant byte first, because that is how it is done on Intel, so you get your bytes reversed.
To fix this, use a format specifier with your x command, like this:
x/10c 0x804a010
(will print 10 chars beginning at 0x804a010).
help x in GDB will give more information.
回答2:
Everything data in memory is translated to little-endian order. Ohhh.. following the comment from Koray Tugay How can I switch to high endian?
Sure.. you can use bswap instruction. So yeah, this is not example of your code, but the example using bswap instruction something like this :
mov eax,0x61707070
bswap eax
Following the debugger :
% gdb -q bswap
Reading symbols from bswap...(no debugging symbols found)...done.
(gdb) r
Starting program: /home/user/programming/assembly/bswap
Program received signal SIGSEGV, Segmentation fault.
0x08048067 in ?? ()
(gdb) i r $eax
eax 0x70707061 1886416993
(gdb)
来源:https://stackoverflow.com/questions/27849798/why-is-data-stored-in-memory-reversed