0

Allocated array for 10000 bits = 1250 bytes(10000/8):

mov edi, 1250
call malloc

tested the pointer:

cmp rax, 0
jz .error ; error handling at label down the code

memory was allocated:

(gdb) p/x $rax
$3 = 0x6030c0

attempted to fill that allocated memory with zeros:

mov rdi, rax
xor esi, esi
mov edx, 1250 ; 10000 bits
call memset

checked first byte:

(gdb) p/x $rax
$2 = 0x6030c0
(gdb) x/xg $rax + 0
0x6030c0: 0x0000000000000000

checked last byte(0 - first byte, 1249 - last byte)

(gdb) p/x $rax + 1249
$3 = 0x6035a1
(gdb) x/xg $rax + 1249
0x6035a1: 0x6100000000000000

SOLVED QUESTION Should have typed x/1c $rax + 1249

Bulat M.
  • 680
  • 9
  • 25
  • 1
    Last byte is zero: 0x61000000000000**00**. As you read 8 byte value, you get 7 bytes after last one, and you not ask to zeroing them. – user4003407 Sep 11 '16 at 08:37
  • I am using intel x64(i3) with little endian. So it looks like that most significant byte(0x61) should be last in the buffer? Or I am making mistake, correct, please. – Bulat M. Sep 11 '16 at 08:41
  • 1
    You need to use `$rax + 1242` to read 8 last bytes of your buffer. Now you read only 1 last byte of your buffer plus 7 bytes after your buffer. That 7 bytes not required to be zero. – user4003407 Sep 11 '16 at 08:54
  • 1
    Little-endian means least significant byte come first (have lesser address):0x($rax + 1256)61($rax +1255)00($rax +1254)00($rax +1253)00($rax +1252)00($rax +1251)00($rax +1250)00($rax +1249)00. – user4003407 Sep 11 '16 at 09:02
  • Now I understand, the command should be `x/1c $rax + 1249` and will show exactly last byte. – Bulat M. Sep 11 '16 at 09:18

1 Answers1

2

You interpreted memory as a 64 bit integer, but you forgot that endianness of intel is little endian. So bytes were reversed.

0x6100000000000000 is the value that the CPU reads when de-serializing the memory at this address. Since it's little endian, the 0x61 byte is last in memory (not very convenient to dump memory in this format, unless you have a big endian architecture)

Use x /10bx $rax + 1249 you'll see that it's zero at the correct location. The rest is garbage (happens to be zero for a while, then garbage)

0x00    0x00    0x00    0x00    0x00    0x00    0x61
Jean-François Fabre
  • 137,073
  • 23
  • 153
  • 219
  • I get `0x6035a1: 0 '\000' 0 '\000' 0 '\000' '\000' 0 '\'000' 0 '\'000' 0 '\'000' 97 'a'`, very strange – Bulat M. Sep 11 '16 at 08:48
  • 1
    This debug format issues the values + the char representation. So this is normal. And with this format, you get what's in memory, not what the CPU interprets when it loads data in the integer registers. – Jean-François Fabre Sep 11 '16 at 09:00