为什么在加载附近的代码字节时出现意外的`0xcc`字节?是因为段寄存器%es? [英] Why am I getting an unexpected `0xcc` byte when loading nearby code bytes? Is it because of segment register %es?
问题描述
我得到了一些不一致的教学结果.
我不知道为什么会这样,所以我怀疑%es
寄存器做的事情很奇怪,但是我不确定.
I got some inconsistent result of instruction.
I don't know why this happens, so I suspect %es
register is doing something weird, but I'm not sure.
查看以下代码段.
08048400 <main>:
8048400: bf 10 84 04 08 mov $HERE,%edi
8048405: 26 8b 07 mov %es:(%edi),%eax # <----- Result 1
8048408: bf 00 84 04 08 mov $main,%edi
804840d: 26 8b 07 mov %es:(%edi),%eax # <----- Result 2
08048410 <HERE>:
8048410: 11 11 adc %edx,(%ecx)
8048412: 11 11 adc %edx,(%ecx)
结果1:
Result 1:
%eax : 0x11111111
看到此结果,我猜想mov %es:(%edi),%eax
类似于mov (%edi),%eax
.
因为0x11111111
存储在HERE
中.
Seeing this result, I guessed that mov %es:(%edi),%eax
to be something like mov (%edi),%eax
.
Because 0x11111111
is stored at HERE
.
结果2:
Result 2:
%eax : 0x048410cc
但是,结果2 的结果却大不相同.
我假设%eax为0x048410bf
,因为此值存储在main
.
但是结果却不一样,如您所见.
问题:
为什么会出现这种结果不一致的情况?
顺便说一句,在执行两条指令期间,%es
的值始终为0x7b.
However, the result of Result 2 was quite different.
I assumed %eax to be 0x048410bf
, because this value is stored at main
.
But the result was different as you can see.
Question:
Why this inconsistency of the result happens?
By the way, value of %es
was always 0x7b during execution of both instruction.
推荐答案
es
是红色鲱鱼.您看到的差异是main
,cc
与bf
处的1个字节.那是因为您在main
使用了一个软件断点,并且调试器插入了int3
指令,该指令的机器代码为cc
暂时覆盖了您的实际代码.
es
is a red herring. The difference you see is 1 byte at main
, cc
vs. bf
. That is because you used a software breakpoint at main
and your debugger inserted an int3
instruction which has machine code cc
temporarily overwriting your actual code.
请勿在要读取的位置设置断点,或使用不会修改代码的硬件断点.
Do not set a breakpoint where you intend to read from, or use a hardware breakpoint instead which does not modify code.
这篇关于为什么在加载附近的代码字节时出现意外的`0xcc`字节?是因为段寄存器%es?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!