Layout of stat struct in x86

Question

I was running through a reverse engineering exercise when I came across a question that dealt with looking at linux's struct stat. When I compiled my code for some reason the fields weren't aligned as how I expected. There appears two be two 0 words gap between st_dev and st_ino which I don't understand why this is as only compiled with.

gcc -m32 struct.c

Struct.c

#include <sys/types.h>
#include <sys/stat.h>
#include <time.h>
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char *argv[]) 
{
    struct stat sb;

    sb.st_dev=0xbeef;
    sb.st_ino=0xdead;
    sb.st_mode=0xfeed;
    sb.st_nlink=0xffff;
    sb.st_uid=0x888f;
}

Relavant Assembly

08048374 <main>:
 8048374:   8d 4c 24 04             lea    0x4(%esp),%ecx
 8048378:   83 e4 f0                and    $0xfffffff0,%esp
 804837b:   ff 71 fc                pushl  0xfffffffc(%ecx)
 804837e:   55                      push   %ebp
 804837f:   89 e5                   mov    %esp,%ebp
 8048381:   51                      push   %ecx
 8048382:   83 ec 60                sub    $0x60,%esp
 8048385:   c7 45 a4 ef be 00 00    movl   $0xbeef,0xffffffa4(%ebp)
 804838c:   c7 45 a8 00 00 00 00    movl   $0x0,0xffffffa8(%ebp)
 8048393:   c7 45 b0 ed be 00 00    movl   $0xdead,0xffffffb0(%ebp)
 804839a:   c7 45 b4 ed fe 00 00    movl   $0xfeed,0xffffffb4(%ebp)
 80483a1:   c7 45 b8 ff ff 00 00    movl   $0xffff,0xffffffb8(%ebp)
 80483a8:   c7 45 bc 8f 88 00 00    movl   $0x888f,0xffffffbc(%ebp)
 80483af:   83 c4 60                add    $0x60,%esp

I expected 0xdead to be at 0xffffffa8(%ebp) but don't understand why this is not the case.

For reference I was looking at this binary, and what the field it was printing represented http://beginners.re/exercises/per_chapter/struct_exercise_Linux86.tar from http://beginners.re/ 20.7.1 Exercise #1 tar

Answer 1

The real stat structure is defined in /usr/include/bits/stat.h (included from <sys/stat.h>). You'll understand the offsets there.