I'm stepping through Structured Error Handling recovery code in Windows 7 (e.g, what happens after SEH handler is done and passes back "CONTINUE" code). Here's a function which is called:
7783BD9F mov edi,edi
7783BDA1 push ebp
7783BDA2 mov ebp,esp
7783BDA4 push 1
7783BDA6 push dword ptr [ebp+0Ch]
7783BDA9 push dword ptr [ebp+8]
7783BDAC call 778692DF
7783BDB1 pop ebp
7783BDB2 ret 8
I'm used to the function prolog of "push ebp/mov ebp,esp". What's the purpose of the "mov edi,edi"?
Raymond Chen (one of the Microsoft developers) has answered this exact question:
And he links an even earlier reference:
Basically, it leaves space for a jump instruction to be inserted during hot patching.