问题
There is a tool called the CPU window, which I get pressing Ctrl+Alt+C, that shows the disassembly of my code.
A green arrow to the left of the memory address indicates the location of the current execution point, then there is the memory addresses, but what does the second column mean, and why does the compiler sometimes jump more than one address after an instruction?
For example:
|first column|second column|assembly|
004520F4 55 push ebp //continuous
004520F5 8BEC mov ebp, esp //jumps to F7
004520F7 6A00 push $00 //jumps to F9
004520F9 53 push ebx //continuous
004520FA 33D2 xor edx,edx
回答1:
Let's look at the code:
004520F4 55 push ebp 004520F5 8BEC mov ebp, esp 004520F7 6A00 push $00 004520F9 53 push ebx 004520FA 33D2 xor edx,edx
Each line here represent a single machine instruction. The information presented is as follows:
- The first column is the address at which the instruction starts, displayed in hex.
- The second column is the machine code for the instruction, displayed in hex.
- The third column is the instruction disassembled to assembler language.
So the second and third columns represent the exact same information. The third column is provided to make the code more understandable.
Note that different instructions have different lengths. The first and fourth instructions are only a single byte long. The others are two bytes long. And that explains why the instruction address increments by more than a single byte following two byte instructions.
There are instructions that can take even more than two bytes and so you can have increments of 3, 4 and so on for such instructions. A good example would be call or jump instructions which encode the target address or offset. So, an absolute jump on a 32 bit machine might be encoded in 5 bytes, one for the opcode and four for the address.
Back in the good old days, long before I was even born, programmers didn't even have assemblers and wrote code directly in machine instructions. That must have been a whole load of fun!
回答2:
The assembly listing (third column) is the human readable form of the actual machine code that is in the second column, which the cpu is actually executing.
If by "jumping some addresses" you mean that the addresses in the first column don't always increment by one, that's because instructions have varying lengths in machine code. For example the first line, push ebp is a single byte with value 0x55 thus next address is just one more. But machine code for the second instruction, mov ebp, esp is two bytes (0x8b 0xec) hence the address increments by two.
来源:https://stackoverflow.com/questions/17108127/how-do-i-interpret-the-columns-of-the-cpu-windows-disassembly-pane