Endianness ( Big / Little Endian ) Concept for Exploit Developers

Photo by Marek Studzinski on Unsplash

In this article, I will be talking about the Endianness structure and the exploit development process. Endianness refers to the order in which bytes are stored in a computer’s memory. The two main types of endianness are big-endian and little-endian.

In big-endian systems, the most significant byte (the “big end”) of a multi-byte value is stored at the lowest memory address, while in little-endian systems, the least significant byte (the “little end”) is stored at the lowest memory address.

For example, consider the hexadecimal value 0x12345678. In a big-endian system, this value would be stored as follows:

12 34 56 78

In a little-endian system, it would be stored as follows:

78 56 34 12

Endianness refers to the order in which bytes are stored in a computer’s memory. There are two main types of endianness: little-endian and big-endian.

In a little-endian system, the least significant byte (the byte containing the least significant bits) is stored first. For example, the 32-bit value 0x12345678 would be stored in memory as the following bytes: 0x78, 0x56, 0x34, 0x12.

In a big-endian system, the most significant byte is stored first. Using the same example, the value 0x12345678 would be stored in memory as the following bytes: 0x12, 0x34, 0x56, 0x78.

Endianness is important in exploit development because it can affect how data is interpreted and processed by a computer. For example, if an attacker is trying to exploit a vulnerability by injecting code into a program, the endianness of the target system will determine the order in which the bytes of the injected code are stored in memory. This can affect the success of the exploit, as the injected code may need to be written in a specific endianness to function correctly.

Here is an example of C code that demonstrates the difference between big-endian and little-endian systems:

#include <stdio.h>
#include <stdint.h>

int main(void) {
    uint32_t value = 0x12345678;
    uint8_t *p = (uint8_t *)&value;

    printf("Value: 0x%x\n", value);
    printf("Big-endian: ");
    for (int i = 0; i < 4; i++) {
        printf("%02x ", p[i]);
    }
    printf("\nLittle-endian: ");
    for (int i = 3; i >= 0; i--) {
        printf("%02x ", p[i]);
    }
    printf("\n");

    return 0;
}

On a big-endian system, this code will output the following:

Value: 0x12345678
Big-endian: 12 34 56 78
Little-endian: 12 34 56 78

On a little-endian system, it will output the following:

Value: 0x12345678
Big-endian: 12 34 56 78
Little-endian: 78 56 34 12

Harry Potter and Lord Voldemort — Dark Arts

In this article, I talked about the Endianness structure and the exploit development process. Take care and see you in my next post.