AppleHDA 10.9.3 disassm 1

1.通过AppleHDAFunctionGroupFactory::createAppleHDAFunctionGroup(DevIdStruct *)实际创建相应的
AppleHDAFunctionGroupSTAC9220
AppleHDAFunctionGroup_80862805
AppleHDAFunctionGroupWM8800
AppleHDAFunctionGroupCS4206
AppleHDAFunctionGroupATI_RS730
...
AppleHDAFunctionGroupAD1984
AppleHDAFunctionGroupAD1988
AppleHDAFunctionGroupALC885
...
AppleHDAFunctionGroup这样的对象
10.9.3 : 0x48162
createAppleHDAFunctionGroup由AppleHDACodecGeneric::start(IOService *)调用
AppleHDACodecGeneric::start: 0x478A
call create... : 0x4ceb

var_58 = DevIdStruct*

0x4d26: call qword [r10 + 1F0] ; r10 = AppleHDAFunctionGroup*
eax = (AppleHDAFunctionGroup* var_hf)->

0x4cf0: AppleHDACodecGeneric:
r13(this) + 0xA8 = AppleHDAFunctionGroup*
r13(this) + 88h = IOService *
r13(this) + 90h = 0x480a call return，其0x5d0 -> start

AppleHDACodecGeneric::start中
r13 --> this
r12 --> IOService * 参数

2.AppleHDAFunctionGroup的虚表(0x7c680)：
vtable + 0x200 [0x400a6] => initForNodeID(unsigned short, OSObject *, OSObject *, DevIdStruct *, bool)
vtable + 0x130 [0x3fa08] => AppleHDANode::runVerb(unsigned short, unsigned short, unsigned int*)
vtable + 0x1F0 [0x3fd4e] => AppleHDANode::isBitDepthSupported(unsigned int)

3.AppleHDACodec的虚表：
vtable + 0x5d0 => start()

X86-64有16个64位寄存器，分别是：%rax，%rbx，%rcx，%rdx，%esi，%edi，%rbp，%rsp，%r8，%r9，%r10，%r11，%r12，%r13，%r14，%r15。其中：

%rax 作为函数返回值使用。
%rsp 栈指针寄存器，指向栈顶
%rdi，%rsi，%rdx，%rcx，%r8，%r9 用作函数参数，依次对应第1参数，第2参数。。。
%rbx，%rbp，%r12，%r13，%14，%15 用作数据存储，遵循被调用者使用规则，简单说就是随便用，调用子函数之前要备份它，以防他被修改
%r10，%r11 用作数据存储，遵循调用者使用规则，简单说就是使用之前要先保存原值
X86-64寄存器和栈帧:
http://www.searchtb.com/2013/03/x86-64_register_and_function_frame.html

AppleHDA 10.9.3 disassm 1,,5-wow.com