1

我只是在 VS2010 中检查我的 C++ 程序的反汇编。这里是 :

int main()
{
00B613A0  push        ebp  
00B613A1  mov         ebp,esp  
00B613A3  sub         esp,0D4h  
00B613A9  push        ebx  
00B613AA  push        esi  
00B613AB  push        edi  
00B613AC  lea         edi,[ebp-0D4h]  
00B613B2  mov         ecx,35h  
00B613B7  mov         eax,0CCCCCCCCh  
00B613BC  rep stos    dword ptr es:[edi]  
00B613BE  mov         eax,dword ptr [___security_cookie (0B67000h)]  
00B613C3  xor         eax,ebp  
00B613C5  mov         dword ptr [ebp-4],eax  
    char temp[] = "hello";
00B613C8  mov         eax,dword ptr [string "hello" (0B6573Ch)]  
00B613CD  mov         dword ptr [ebp-10h],eax  
00B613D0  mov         cx,word ptr ds:[0B65740h]  
00B613D7  mov         word ptr [ebp-0Ch],cx  

    return 0;
00B613DB  xor         eax,eax  
}

有问题的行是:

00B613BC  rep stos    dword ptr es:[edi]  

00B613D0  mov         cx,word ptr ds:[0B65740h]

我不明白他们为什么使用dword ptr es:[edi]and word ptr ds:[0B65740h]。虽然我知道 dword ptr 的含义,但我没有得到添加的最后一部分,:es并且:ds. 我已经看过这种语法很多次了,以至于没有注意到它。

谢谢,

开发者

4

2 回答 2

6

These are just artifacts of the disassembler. The ES segment register is already the default segment register used by the STOS instruction, the DS segment register is already the default segment register used for that MOV instruction. Hard to call it a bug but it is certainly unnecessary and inconsistently applied. I reckon that this is triggered by the REP prefix for the STOS instruction and the operand size prefix for that MOV instruction (16 bits instead of 8 or 32). A segment override is also a prefix.

32-bit code uses the flat memory model, the ES, DS, CS and SS segment registers map the entire 4 gigabyte address space. So there is very little reason to need a segment register override. Very different from 16-bit code where the segment registers are important to allow addressing more than 64 KB of memory. You will see segment overrides for the FS register in exception handling code. It points to the Thread Information Block, FS:[0] contains the current SEH frame.

于 2011-11-29T04:41:22.567 回答
1

ES 隐含为重复字符串操作的目标段,但由于 DS 和 ES 在 WIN32 上保证始终相同,因此是否存在 ES 覆盖(显式或隐式)并不重要。

于 2011-11-29T02:05:21.453 回答