title: Calling Conventions date: 2021-01-13 categories: [cheatsheets]

tags: [security, reverse-engineering]

x86 Calling Convetions

cdecl:
- most popular
- Parameters a pushed on the stack, from right to left
- caller needs to clean up the stack
stdcall
- like cdecl, but callee needs to clean up the stack
- standard calling convention for the Windows API
fastcall
- first few Arguments are passed in registers (in Windows mostly edx, ecx)
- other Arguments are pushed on the stack, from right to left
- often a little bit more efficient (less Stack usage)

Compiler Differences

Different compilers use different conventions, even when passing parameters over the stack, gcc differs from vs compiler: vsc pushes the params. on the stack, gcc moves them on the stack.

visual studio compiler:

push ebx
push ecx
call add

gcc:

mov [esp+4], ebx
mov [esp], ecx
call add

32Bit vs 64Bit

Detaild List:

https://en.wikipedia.org/wiki/X86_calling_conventions#x86-64_calling_conventions

32 Bit: Parameters are passed over the Stack

64 Bit:

* Windows:  RCX, RDX, R8, R9 - Rest over the Stack
* Linux:    RDI, RSI, RDX, RCX, R8, R9 - Rest over the Stack

calling-conventions.md 1.2 KB パーマリンク 履歴 Raw

tags: [security, reverse-engineering]

x86 Calling Convetions

Compiler Differences

32Bit vs 64Bit

calling-conventions.md 1.2 KB

パーマリンク履歴 Raw