如何找到二进制code函数的边界 [英] how to find function boundaries in binary code

问题描述

我看到二进制翻译通常是跟踪为主。是不是因为一个人不能得到函数的边界？是否有二进制code函数标签？

I see that binary translation is usually trace-based. Is it because one can not get the boundaries of functions? Is there function label in binary code?

推荐答案

有没有琐碎的答案。您可以搜索 RET 的说明，但他们不能保证它们的功能界限，你可以从函数的中间返回。

There's no trivial answer to this. You could search for ret instructions, but they are no guarantee that they are function boundaries as you could return from the middle of a function.

在搜索的东西像

mov   ebp, esp 

将工作在一定程度上，但同样，它也不能保证。

will work to some extent, but again, it's no guarantee.

一些编译器（最引人注目的是英特尔编译器），将支块移动到的之后的函数结束，并跳回功能...

Some compilers (most notably the Intel Compiler), will move branched blocks to after the function ends, and jump back into the function...

这篇关于如何找到二进制code函数的边界的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！