Results 1 to 5 of 5

Thread: parameters passed to a call

  1. #1
    The Keeper
    Guest

    parameters passed to a call

    Hello,

    suppose i have

    push ecx
    push eax
    call 404444

    then ecx and eax are parameters passed to this call right ?

    in this example :

    lea eax, [ebp-24h]
    push eax
    lea ecx, [ebp-0Ch]
    lea edx, [ebp-6Dh]
    lea eax, [ebp-14h]
    call 404444

    what are the params passed to the call ?

    is there a way to easily recognize how many and which are the parameters passed to a call ?

    Regards
    The Keeper
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2

    Re: The CTRL-C CTRL-V power

    Originally posted by ArthaXerXes
    Microsoft Specific

    -snip-

    The following calling conventions are supported by the Visual C/C++ compiler.

    Keyword Stack cleanup Parameter passing
    __cdecl Caller Pushes parameters on the stack, in reverse order (right to left)
    __stdcall Callee Pushes parameters on the stack, in reverse order (right to left)
    __fastcall Callee Stored in registers, then pushed on stack
    thiscall
    (not a keyword) Callee Pushed on stack; this pointer stored in ECX
    I thought I'd just clarify this -
    __cdecl : caller pushes args _and_ caller cleans up stack after call.

    __stdcall : caller pushes args, but callee cleans up stack

    its the way in which the stack is cleaned up that is the fundemental difference between the two.

    -shadz

  3. #3
    CTRL-D
    Guest
    Hi there !

    im not that much into pushing and popping.
    Isnt it a good idea to have a look in the call itself to find out if it has been a fastcall (parameters moved to registers) or a standardcall (only eax has been pushed in his example).
    Tell me if im totally wrong :]

    CTRL-D
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    If u really want to know which are the args to the function, u could
    check which regs get used whinin the call...

    This would be a definitive way of telling which regs hold arguments and
    which hold temp values not destined to be used by the caller.

    -shadz

  5. #5
    grosse
    Guest
    only the eax seems to be the param... it is being pushed on to stack before the call - that's a pointer to whatever's at ebp-24h... the others r just lea's into regs... unless the params r passed through registers... virtually unknown except old dos interrupts.
    btw... the ebp-24 will be the address passed not ebp-14
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Replies: 26
    Last Post: August 24th, 2010, 13:45
  2. parameters
    By Shadlol in forum OllyDbg Support Forums
    Replies: 1
    Last Post: January 11th, 2009, 15:13
  3. oldone passed away?
    By homersux in forum Off Topic
    Replies: 1
    Last Post: February 7th, 2006, 21:43
  4. Replies: 1
    Last Post: November 27th, 2005, 23:57
  5. parameters
    By death in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: March 20th, 2002, 19:12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •