Why does the compiler generate a MOV EDI, EDI instruction at the beginning of functions?

  • Article

Why does the compiler generate a MOV  EDI, EDI instruction at the beginning of functions?

 

I’ve recently noticed that on the XPSP2 Beta that I am running the function prologs look like this:    

 

  MOV EDI, EDI

     PUSH EBP

     MOV EBP, ESP

The PUSH  EBP and MOV EBP, ESP instructions are standard frame establishment, but what is the purpose of the MOV EDI,EDI instruction?  Seems like a 2-byte NOP instruction.

 

MOV EDI,EDI is indeed a 2-byte no-op that is there to enable hot-patching.   It enables the application of a hot-fix to a function without a need for a reboot, or even a restart of a running application.   Instead, at runtime, the 2-byte NOP is replaced by a short jump to a long jump instruction that jumps to the hot-fix function.   A 2-byte instruction is required so that when patching the instruction pointer will not point in a middle of an instruction.