关于MOV EDI,EDI

最近在逆向一个程序，以前倒是没有怎么注意。无论在OD,还是在ida里面，进入一个子程序后会发现有这样三句代码：

     MOV    EDI, EDI

     PUSH   EBP

     MOV    EBP, ESP

第二句和第三句的意思相信不用多说，就是第一句 mov edi，edi。于是查了资料说法不一，在http://blogs.msdn.com/ishai/archive/2004/06/24/165143.aspx倒是有一些说明。如下：

Why does the compiler generate a MOV EDI, EDI instruction at the beginning of functions?

Why does the compiler generate a MOV  EDI, EDI instruction at the beginning of functions?

 

I’ve recently noticed that on the XPSP2 Beta that I am running the function prologs look like this:    

 

     MOV    EDI, EDI

     PUSH   EBP

     MOV    EBP, ESP

 

The PUSH  EBP and MOV EBP, ESP instructions are standard frame establishment, but what is the purpose of the MOV EDI,EDI instruction?  Seems like a 2-byte NOP instruction.

 

MOV EDI,EDI is indeed a 2-byte no-op that is there to enable hot-patching.   It enables the application of a hot-fix to a function without a need for a reboot, or even a restart of a running application.   Instead, at runtime, the 2-byte NOP is replaced by a short jump to a long jump instruction that jumps to the hot-fix function.   A 2-byte instruction is required so that when patching the instruction pointer will not point in a middle of an instruction

但是问题随之而来，是不是只有他上面说的这个功能，就没有其他的了吗？