|
阅读:1659回复:6
OSKRNL中的奇怪指令
在NTOSKRNL中的函数里经常看到这个奇怪的指令
mov edi, edi 之所以奇怪是因为很多函数的第一条指令就是它。 有两个问题: 这是用什么编译器生成的? 这有什么用?或者说为什么要在开头生成这样的指令? 哪位能说说? |
|
|
沙发#
发布于:2007-04-02 12:27
it is generated by visual C/C++ compiler
A 2 bytes nop for hotpatch (a near jmp) |
|
|
板凳#
发布于:2007-04-02 13:33
great
 |
|
|
|
地板#
发布于:2007-04-02 15:38
引用第1楼Odyssey于2007-04-02 12:27发表的“”: 需要什么选项吗? 我用VC6和VS2005都生成不了这样的代码 WIN2000DDK和VISTA DDK也生成不了 |
|
|
地下室#
发布于:2007-04-03 11:50
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 14.00.50727.42 for 80x86
Copyright (C) Microsoft Corporation. All rights reserved. C/C++ COMPILER OPTIONS -OPTIMIZATION- /O1 minimize space /O2 maximize speed /Ob<n> inline expansion (default n=0) /Od disable optimizations (default) /Og enable global optimization /Oi[-] enable intrinsic functions /Os favor code space /Ot favor code speed /Ox maximum optimizations /Oy[-] enable frame pointer omission -CODE GENERATION- /GF enable read-only string pooling /Gm[-] enable minimal rebuild /Gy[-] separate functions for linker /GS[-] enable security checks /GR[-] enable C++ RTTI /GX[-] enable C++ EH (same as /EHsc) /EHs enable C++ EH (no SEH exceptions) /EHa enable C++ EH (w/ SEH exceptions) /EHc extern "C" defaults to nothrow /fp:<except[-]|fast|precise|strict> choose floating-point model: except[-] - consider floating-point exceptions when generating code fast - "fast" floating-point model; results are less predictable (press <return> to continue) precise - "precise" floating-point model; results are predictable strict - "strict" floating-point model (implies /fp:except) /GL[-] enable link-time code generation /GA optimize for Windows Application /Ge force stack checking for all funcs /Gs[num] control stack checking calls /Gh enable _penter function call /GH enable _pexit function call /GT generate fiber-safe TLS accesses /RTC1 Enable fast checks (/RTCsu) /RTCc Convert to smaller type checks /RTCs Stack Frame runtime checking /RTCu Uninitialized local usage checks /clr[:option] compile for common language runtime, where option is: pure - produce IL-only output file (no native executable code) safe - produce IL-only verifiable output file oldSyntax - accept the Managed Extensions syntax from Visual C++ 2002/2003 initialAppDomain - enable initial AppDomain behavior of Visual C++ 2002 noAssembly - do not produce an assembly /Gd __cdecl calling convention /Gr __fastcall calling convention /Gz __stdcall calling convention /GZ Enable stack checks (/RTCs) /QIfist[-] use FIST instead of ftol() /hotpatch ensure function padding for hotpatchable images /arch:<SSE|SSE2> minimum CPU architecture requirements, one of: SSE - enable use of instructions available with SSE enabled CPUs SSE2 - enable use of instructions available with SSE2 enabled CPUs -OUTPUT FILES- (press <return> to continue) maybe you can use /hotpatch switch.  |
|
驱动小牛
|
5楼#
发布于:2007-04-03 15:40
 花指令,相当于NOP |
|
6楼#
发布于:2007-04-04 08:43
感谢感谢
|
|