AMD64 - nopw汇编指令?指令、nopw

由网友(街燈下的回憶)分享简介:我在C中做了如下(疯狂)code:I made the following (insane) code in C:long i = 0;main() {recurse();}recurse() {i++;recurse();}在编译的gcc -O2 ,编译器可识别的无限循环,并把它变成一个无限循环;它这样做这么...


I made the following (insane) code in C:

long i = 0;

main() {

recurse() {

在编译的gcc -O2 ,编译器可识别的无限循环,并把它变成一个无限循环;它这样做这么好,事实上,它实际上是在主回路()不调用递归()函数。这产生了位运算code /汇编,我不完全得到,但:

When compiled with gcc -O2, the compiler recognizes the infinite recursion and turns it into an infinite loop; it does this so well, in fact, that it actually loops in the main() without calling the recurse() function. This produced a bit of opcode / assembly that I don't quite get, though:

00000000004004d0 <main>:
  4004d0:       eb fe                   jmp    4004d0 <main>
  4004d2:       66 66 66 66 66 2e 0f    nopw   %cs:0x0(%rax,%rax,1)
  4004d9:       1f 84 00 00 00 00 00

有关于nopw在 的一些讨论。任何人都可以解释4004d2-4004e0意思?通过观察运code名单,似乎 66 .. codeS是多字节扩展。我觉得我大概可以得到一个更好的答案,这比在这里我想除非我试图神交运code列表了几个小时。

There is some discussion about "nopw" at Can anybody explain the meaning of 4004d2-4004e0? From looking at the opcode list, it seems that 66 .. codes are multi-byte expansions. I feel I could probably get a better answer to this here than I would unless I tried to grok the opcode list for a few hours.



The 0x66 bytes are an "Operand-Size Override" prefix. Having more than one of these is equivalent to having one.

该0x2E读取是在64位模式下的空preFIX'(这是一个CS:段覆盖,否则 - 这就是为什么它显示在组装记忆)

The 0x2e is a 'null prefix' in 64-bit mode (it's a CS: segment override otherwise - which is why it shows up in the assembly mnemonic).

为0x0F 0x1F的是一个2字节操作code的NOP,需要一个ModRM字节

0x0f 0x1f is a 2 byte opcode for a NOP that takes a ModRM byte


0x84 is the ModRM byte


And to be honest, I'm not sure exactly how the ModRM byte modifies the 2 byte NOP.

从本质上讲,这些字节是一个长NOP指令,将永远不会执行的。它在那里,以确保下一个功能是在一个16字节边界对齐的,我会承担。而博客文章链接的问题(解释了为什么编译器使用一束单字节0×90 NOP指令的复杂的单一NOP指令代替。

Essentially, those bytes are one long NOP instruction that will never get executed anyway. It's in there to ensure that the next function is aligned on a 16-byte boundary, I'd assume. And the blog article the question linked to ( explains why the compiler uses a complicated single NOP instruction instead of a bunch of single-byte 0x90 NOP instructions.


You can find the details on the instruction encoding in AMD's tech ref documents:


Mainly in the "AMD64 Architecture Programmer's Manual Volume 3: General Purpose and System Instructions". I'm sure Intel's technical references for the x64 architecture will have the same information (and might even be more understandable).


