Msoft

< <

Get flash to fully experience Pearltrees

MSDN Blogs - MSDN Blogs

http://blogs.msdn.com/b/oldnewthing/archive/2011/09/21/10214405.aspx

Why do Windows functions all begin with a pointless MOV EDI, EDI instruction? - The Old New Thing

If you look at the disassembly of functions inside Windows DLLs, you'll find that they begin with the seemingly pointless instruction MOV EDI, EDI . This instruction copies a register to itself and updates no flags; it is completely meaningless. So why is it there? It's a hot-patch point . The MOV EDI, EDI instruction is a two-byte NOP , which is just enough space to patch in a jump instruction so that the function can be updated on the fly. The intention is that the MOV EDI, EDI instruction will be replaced with a two-byte JMP $-5 instruction to redirect control to five bytes of patch space that comes immediately before the start of the function.

Msoft

MSDN Blogs - MSDN Blogs

Why do Windows functions all begin with a pointless MOV EDI, EDI instruction? - The Old New Thing

Category:Windows 7 Services - Process and Service wiki