I am studying a topic of mine that I am fascinated with, reverse engineering. But I have run into a little speed bump. I know the bitwise operator xor and what it does to the bits but it doesnt seem to be working correctly when I watch it in process in the disassembler. The small segement of code I am dealing with is:
MOV EAX, 0040305D
XOR DWORD PTR [EAX], 1234567
Before the xor has taken place, the number that resides at the location 0040305D is 1234 or 31323334 hexadecimal (It is represented as ASCII because it was taken from a user input and it firmly resides as 31323334 in memory). When I looked up a xor calculator on the internet to check to make sure I was doing everything alright on paper I got the result of the xor calculation as 30117653 hexadecimal. But when I run the operation in disassembler it replaced the memory location held in EAX with 56771035.
What just happened? Am I missing something here? I checked the xor calculation on many calculators and I am not able to get the answer of 56771035. Can someone give me a hand and tell me what I am doing wrong?
-Dan
The numbers displayed are all in hex and you have forgotten to use proper endianness. If the user input was ascii 1234 that means the memory contains the bytes 31 32 33 34. Since x86 is little endian, the operand 1234567 is byte sequence 67 45 23 01. Performing the xor operation we get the byte sequence 56 77 10 35 which is what you see.