When playing windbg, I found the function DisassemblyCodeThe first part always contains a move EDI and EDI command. For example, the following code
StaticUnsignedInt_ Stdcall maid (unsignedIntN ){Switch(N ){Case0: stop_on_debugger;Return0;Case1:Return1;Default:ReturnFibonacci_stdcall (n-1) + maid (n-2 );}}
The start part of the generated assembly code is as follows:
The push EBP, mov EBP, and ESP commands are established by the standard stack framework. But what is mov EDI and EDI? It seems to be a two-byte NOP command.
Positive Solution:
MoV EDI, EDI is indeed a dual-byte no-op command, which aims to make hot-patching possible. it enables the hot-fix of a function to take effect without restarting the machine or even running applications.ProgramYou do not need to restart. if the program is not restarted, it replaces the 2-byte NOP command with a short jump command at runtime. This short jump will redirect the program to another long jump command, the long jump command redirects the execution of the program to the hotfix function. here we need 2-byte commands, so that the pointer will not point to the middle part of a function during the patch application.
References
============
Why does the compiler generate a mov EDI, EDI instruction at the beginning of functions?
Http://blogs.msdn.com/ B /ishai/archive/2004/06/24/165143.aspx