I'm sorry if this is a really noob question. I'm using otool to disassemble a file and this is the result of a method that I'm interested in:
_KTDriverIsRunning:
0000000000000d98 pushq %rbp
0000000000000d99 movq %rsp,%rbp
0000000000000d9c xorl %eax,%eax
0000000000000d9e testq %rdi,%rdi
0000000000000da1 je 0x00000dac
0000000000000da3 xorl %eax,%eax开发者_如何学Python
0000000000000da5 cmpl $__mh_dylib_header,0x14(%rdi)
0000000000000da9 setne %al
0000000000000dac movzbl %al,%eax
0000000000000daf leave
0000000000000db0 ret
As you can see, the first column is not continuous. Does this mean there are some instructions that otool can't disassemble? Or does this mean that some assembly instructions just have different length of the actual (machine) instructions?
Thank you!
Some assembly instructions just have different length of the actual (machine) instructions.
For instance, pushq %rbp
is 1 byte long (55
), but testq %rdi,%rdi
need 3 bytes to represent (48 85 ff
). This variable-length encoding is one of the characteristic of x86(-64). Some instructions may be as long as 15 bytes.
There's nothing wrong with otool
here.
精彩评论