问题
I came accross a problem with debugging a 64 bit binary in Windows using IDA. Normally, after a push RSP value should be deducted by 8. But occasionally, from IDA I saw that RSP was only deducted by 2, and then 8 for the next Push.
The codes involved are
push rax
push rbx
push rsi
push rdi
I'm quite new to x64 environment, thus could anyone explain this behavior ?
回答1:
You're probably getting mixed up by hexadecimal. Counting by 8 goes
0 8 10 18 20 28 30
Are you looking at that and thinking 10 - 8 == 2? Because it's 0x10 - 0x8 == 0x8.
来源:https://stackoverflow.com/questions/35958737/intel-64-bits-strange-rsp-behavior