开发者

How to investigate the calling convention of PE binary file in windows?

开发者 https://www.devze.com 2023-01-16 19:10 出处:网络
Is there a tool to show whether the 开发者_Go百科calling convention is _cdecl or _stdcall or else?Calling conventions are per function - not PE file.

Is there a tool to show whether the 开发者_Go百科calling convention is _cdecl or _stdcall or else?


Calling conventions are per function - not PE file.

Library functions. at least the ones provided by MS, are all _stdcall. Everything else is spread across other calling conventions, most of them being _cdecl.

You can read more here.

The short version:

  • cdecl functions don't clear it's argument from the stack, allowing variable sized arguments. Good example is printf() which can a different number of arguments.
  • stdcall functions clears arguments from the stack themselves. Hence variable sized arguments isn't possible.

Edit: added example

Example for cdecl from the link:

push c
push b
push a
call function_name
add esp, 12 ;Stack clearing, 3 arguments take 12 bytes of space (on 32bit)

So after function_name returns, the caller clears the arguments off the stack.

0

精彩评论

暂无评论...
验证码 换一张
取 消