问题
I'm stepping through Structured Error Handling recovery code in Windows 7 (e.g, what happens after SEH handler is done and passes back "CONTINUE" code). Here's a function which is called:
7783BD9F mov edi,edi
7783BDA1 push ebp
7783BDA2 mov ebp,esp
7783BDA4 push 1
7783BDA6 push dword ptr [ebp+0Ch]
7783BDA9 push dword ptr [ebp+8]
7783BDAC call 778692DF
7783BDB1 pop ebp
7783BDB2 ret 8
I'm used to the function prolog of "push ebp/mov ebp,esp". What's the purpose of the "mov edi,edi"?
回答1:
Raymond Chen (one of the Microsoft developers) has answered this exact question:
- Why do Windows functions all begin with a pointless MOV EDI, EDI instruction?
And he links an even earlier reference:
- Why does the compiler generate a MOV EDI, EDI instruction at the beginning of functions?
Basically, it leaves space for a jump instruction to be inserted during hot patching.
来源:https://stackoverflow.com/questions/11337433/windows32-api-mov-edi-edi-on-function-entry