MOV EDI,EDI指令的解释(整理)
来源:互联网 发布:苹果录屏大师 for mac 编辑:程序博客网 时间:2024/05/26 22:09
源文:http://blog.csdn.net/qq276592716/article/details/7007396
XP系统程序中开头的MOV EDI,EDI指令的解释:
在VS .NET 2003的VC7\INCLUDE目录中的listing.inc文件中定义了1到7个字节的无破坏性NOP操作的宏
MOV EDI,EDI 就是两个字节的NOP
在程序中与NOP指令的意义相同。
为什么要用MOV EDI,EDI 而不用两个NOP?
我的理解是:
用两个NOP指令耗费的CPU时钟周期要比用MOV EDI,EDI指令要长,为了提高效率,就采用了MOV EDI,EDI
listing.inc文件的内容
;; LISTING.INC
;;
;; This file contains assembler macros and is included by the files created
;; with the -FA compiler switch to be assembled by MASM (Microsoft Macro
;; Assembler).
;;
;; Copyright (c) 1993, Microsoft Corporation. All rights reserved.
;; non destructive nops
npad macro size
if size eq 1
nop
else
if size eq 2
mov edi, edi
else
if size eq 3
; lea ecx, [ecx+00]
DB 8DH, 49H, 00H
else
if size eq 4
; lea esp, [esp+00]
DB 8DH, 64H, 24H, 00H
else
if size eq 5
add eax, DWORD PTR 0
else
if size eq 6
; lea ebx, [ebx+00000000]
DB 8DH, 9BH, 00H, 00H, 00H, 00H
else
if size eq 7
; lea esp, [esp+00000000]
DB 8DH, 0A4H, 24H, 00H, 00H, 00H, 00H
else
%out error: unsupported npad size
.err
endif
endif
endif
endif
endif
endif
endif
endm
;; destructive nops
dpad macro size, reg
if size eq 1
inc reg
else
%out error: unsupported dpad size
.err
endif
endm
在VS .NET 2003的VC7\INCLUDE目录中的listing.inc文件中定义了1到7个字节的无破坏性NOP操作的宏
MOV EDI,EDI 就是两个字节的NOP
在程序中与NOP指令的意义相同。
为什么要用MOV EDI,EDI 而不用两个NOP?
我的理解是:
用两个NOP指令耗费的CPU时钟周期要比用MOV EDI,EDI指令要长,为了提高效率,就采用了MOV EDI,EDI
listing.inc文件的内容
;; LISTING.INC
;;
;; This file contains assembler macros and is included by the files created
;; with the -FA compiler switch to be assembled by MASM (Microsoft Macro
;; Assembler).
;;
;; Copyright (c) 1993, Microsoft Corporation. All rights reserved.
;; non destructive nops
npad macro size
if size eq 1
nop
else
if size eq 2
mov edi, edi
else
if size eq 3
; lea ecx, [ecx+00]
DB 8DH, 49H, 00H
else
if size eq 4
; lea esp, [esp+00]
DB 8DH, 64H, 24H, 00H
else
if size eq 5
add eax, DWORD PTR 0
else
if size eq 6
; lea ebx, [ebx+00000000]
DB 8DH, 9BH, 00H, 00H, 00H, 00H
else
if size eq 7
; lea esp, [esp+00000000]
DB 8DH, 0A4H, 24H, 00H, 00H, 00H, 00H
else
%out error: unsupported npad size
.err
endif
endif
endif
endif
endif
endif
endif
endm
;; destructive nops
dpad macro size, reg
if size eq 1
inc reg
else
%out error: unsupported dpad size
.err
endif
endm
Ishai的解释~
The PUSH EBP and MOV EBP, ESP instructions are standard frame establishment, but what is the purpose of the MOV EDI,EDI instruction? Seems like a 2-byte NOP instruction.
MOV EDI,EDI is indeed a 2-byte no-op that is there to enable hot-patching. It enables the application of a hot-fix to a function without a need for a reboot, or even a restart of a running application. Instead, at runtime, the 2-byte NOP is replaced by a short jump to a long jump instruction that jumps to the hot-fix function. A 2-byte instruction is required so that when patching the instruction pointer will not point in a middle of an instruction.
Detours change a binary file offline. Hot patching is done on a running executable and they want to guarantee that the instruction pointer does not point in the middle of the patched area.
Using the Detours method on a live process would require suspending threads and making sure no thread instruction pointer is pointing at the second, third, forth, or fifth byte of a function that is being Detoured and handling the case that it does.
A Detour will also put limitation on the code generation (i.e. never jump to instructions in bytes 2-5).
Seems to be possible but more complicated than placing a gap between functions and ensuring a 2-byte first instruction.
Using the Detours method on a live process would require suspending threads and making sure no thread instruction pointer is pointing at the second, third, forth, or fifth byte of a function that is being Detoured and handling the case that it does.
A Detour will also put limitation on the code generation (i.e. never jump to instructions in bytes 2-5).
Seems to be possible but more complicated than placing a gap between functions and ensuring a 2-byte first instruction.
个人认同Ishai的说法~方便热补丁~~
- MOV EDI,EDI指令的解释(整理)
- MOV EDI,EDI指令的解释(整理)
- XP系统程序中开头的MOV EDI,EDI指令的解释
- XP系统程序中开头的MOV EDI,EDI指令的解释
- 关于MOV EDI,EDI
- mov edi,edi
- mov edi,edi是
- mov edi,edi - hook api
- 函数开始处的MOV EDI, EDI的作用
- 函数开始处的MOV EDI, EDI的作用收藏
- 函数开始处的MOV EDI, EDI的作用
- 函数开始处的MOV EDI, EDI的作用
- 函数开始处的MOV EDI, EDI的作用
- 为什么会有mov edi, edi?(转)
- mov edi,edi和Hot Patching详解
- 函数调用之mov edi, edi
- [EDI]实例解释EDI的应用及其协议标准
- edi
- Power BI中的QA功能预览
- lr学习笔记3:运行场景时遇到的问题及解决
- UVa 138 Street Numbers(数论&Pell方程)
- AIX常用命令略记
- WebShpere MQ 网络通信编程总结
- MOV EDI,EDI指令的解释(整理)
- myeclipse6.5的自动提示只有4个字符怎么解决
- php中的日期函数
- jquery客户管理 全选
- HDU 4643 GSM 简单计算几何 (2013多校联合)
- Eclipse调试JDK源代码~watch(监视)变量时报:<error(s)_during_the_evaluation>
- 什么是线程安全和线程不安全
- hdu4105 Electric wave
- PHP长连接导致mysql连接数打满
