问题
What function have short and large in this code portion? large is same as long dword?
mov eax, ebx
cmp [ebp+var_1], 0
jz short loc_413123
call sub_40341C
pop large dword ptr fs:0
add esp, 0Ch
回答1:
short
jz short loc_413123 merely means that the offset (i.e. distance) for this jump is so small that it fits in a single byte, so this jump has been compiled to two simple bytes:
0x74 [1-byte-offset]
Had the distance been larger, the compiler would have had to encode the jump differently, which would take up more memory:
0x0f 0x84 [4-byte-offset]
With short, IDA Pro is simply telling you what kind of encoding this jump is using.
large
pop large dword ptr fs:0 is IDA's way of bringing to your attention that fs:0 is a far pointer: a regular offset (0) but with a segment selector (fs). I.e. large has nothing to do with the width of the data (dword), but the address (segment+offset). However, large doesn't really add any new information, that line simply means pop dword ptr [fs] and that might be the disassembly you would get from a different disassembler.
You can safely ignore both these keywords when you read the disassembly and they are certainly not necessary when writing your own assembly code.
来源:https://stackoverflow.com/questions/14061439/what-is-large-dword