为什么otool的结果第一列不连续?
如果这真的是一个菜鸟问题,我很抱歉。我正在使用 otool 反汇编文件,这是我感兴趣的方法的结果:
_KTDriverIsRunning:
0000000000000d98 pushq %rbp
0000000000000d99 movq %rsp,%rbp
0000000000000d9c xorl %eax,%eax
0000000000000d9e testq %rdi,%rdi
0000000000000da1 je 0x00000dac
0000000000000da3 xorl %eax,%eax
0000000000000da5 cmpl $__mh_dylib_header,0x14(%rdi)
0000000000000da9 setne %al
0000000000000dac movzbl %al,%eax
0000000000000daf leave
0000000000000db0 ret
如您所见,第一列不连续。这是否意味着有些指令是otool无法反汇编的?或者这是否意味着某些汇编指令只是实际(机器)指令的长度不同?
谢谢你!
I'm sorry if this is a really noob question. I'm using otool to disassemble a file and this is the result of a method that I'm interested in:
_KTDriverIsRunning:
0000000000000d98 pushq %rbp
0000000000000d99 movq %rsp,%rbp
0000000000000d9c xorl %eax,%eax
0000000000000d9e testq %rdi,%rdi
0000000000000da1 je 0x00000dac
0000000000000da3 xorl %eax,%eax
0000000000000da5 cmpl $__mh_dylib_header,0x14(%rdi)
0000000000000da9 setne %al
0000000000000dac movzbl %al,%eax
0000000000000daf leave
0000000000000db0 ret
As you can see, the first column is not continuous. Does this mean there are some instructions that otool can't disassemble? Or does this mean that some assembly instructions just have different length of the actual (machine) instructions?
Thank you!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
有些汇编指令只是与实际(机器)指令的长度不同。
例如,
pushq %rbp是 1 个字节长(55),但是testq %rdi,%rdi需要 3 个字节来表示(55) >48 85 ff)。这种可变长度编码是x86(-64) 的特性之一。有些指令可能长达 15 个字节。这里的
otool没有任何问题。Some assembly instructions just have different length of the actual (machine) instructions.
For instance,
pushq %rbpis 1 byte long (55), buttestq %rdi,%rdineed 3 bytes to represent (48 85 ff). This variable-length encoding is one of the characteristic of x86(-64). Some instructions may be as long as 15 bytes.There's nothing wrong with
otoolhere.