Windows32 API: “mov edi,edi” on function entry?
-
19-06-2021 - |
题
I'm stepping through Structured Error Handling recovery code in Windows 7 (e.g, what happens after SEH handler is done and passes back "CONTINUE" code). Here's a function which is called:
7783BD9F mov edi,edi
7783BDA1 push ebp
7783BDA2 mov ebp,esp
7783BDA4 push 1
7783BDA6 push dword ptr [ebp+0Ch]
7783BDA9 push dword ptr [ebp+8]
7783BDAC call 778692DF
7783BDB1 pop ebp
7783BDB2 ret 8
I'm used to the function prolog of "push ebp/mov ebp,esp". What's the purpose of the "mov edi,edi"?
解决方案
Raymond Chen (one of the Microsoft developers) has answered this exact question:
And he links an even earlier reference:
Basically, it leaves space for a jump instruction to be inserted during hot patching.
不隶属于 StackOverflow