What is large dword?

2019-05-04 12:20发布

问题:

What function have short and large in this code portion? large is same as long dword?

mov eax, ebx
cmp [ebp+var_1], 0
jz  short loc_413123
call sub_40341C
pop large dword ptr fs:0
add esp, 0Ch

回答1:

short

jz short loc_413123 merely means that the offset (i.e. distance) for this jump is so small that it fits in a single byte, so this jump has been compiled to two simple bytes:

0x74 [1-byte-offset]

Had the distance been larger, the compiler would have had to encode the jump differently, which would take up more memory:

0x0f 0x84 [4-byte-offset]

With short, IDA Pro is simply telling you what kind of encoding this jump is using.

large

pop large dword ptr fs:0 is IDA's way of bringing to your attention that fs:0 is a far pointer: a regular offset (0) but with a segment selector (fs). I.e. large has nothing to do with the width of the data (dword), but the address (segment+offset). However, large doesn't really add any new information, that line simply means pop dword ptr [fs] and that might be the disassembly you would get from a different disassembler.


You can safely ignore both these keywords when you read the disassembly and they are certainly not necessary when writing your own assembly code.