问题描述

此代码部分的 short 和 large 具有什么功能?大跟长双字一样吗?

What function have short and large in this code portion? large is same as long dword?

mov eax, ebx
cmp [ebp+var_1], 0
jz  short loc_413123
call sub_40341C
pop large dword ptr fs:0
add esp, 0Ch

推荐答案

short

jz short loc_413123仅表示此跳转的偏移量(即距离)非常小，以至于只能容纳一个字节，因此该跳转已编译为两个简单字节:

short

jz short loc_413123 merely means that the offset (i.e. distance) for this jump is so small that it fits in a single byte, so this jump has been compiled to two simple bytes:

0x74 [1-byte-offset]

如果距离更大，编译器将不得不对跳转进行不同的编码，这将占用更多的内存:

Had the distance been larger, the compiler would have had to encode the jump differently, which would take up more memory:

0x0f 0x84 [4-byte-offset]

使用short，IDA Pro可以简单地告诉您此跳转使用的是哪种编码.

With short, IDA Pro is simply telling you what kind of encoding this jump is using.

pop large dword ptr fs:0是IDA引起您注意的方法，fs:0是远指针:常规偏移量(0)，但带有段选择器(fs). IE. large与数据(dword)的宽度无关，但与地址(段+偏移量)无关.但是，large并没有真正添加任何新信息，该行仅表示pop dword ptr [fs]，这可能是您从其他反汇编程序获得的反汇编信息.

pop large dword ptr fs:0 is IDA's way of bringing to your attention that fs:0 is a far pointer: a regular offset (0) but with a segment selector (fs). I.e. large has nothing to do with the width of the data (dword), but the address (segment+offset). However, large doesn't really add any new information, that line simply means pop dword ptr [fs] and that might be the disassembly you would get from a different disassembler.

在阅读反汇编时，您可以放心地忽略这两个关键字，并且在编写自己的汇编代码时肯定不需要这两个关键字.

You can safely ignore both these keywords when you read the disassembly and they are certainly not necessary when writing your own assembly code.

这篇关于什么是大双字?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！