Results 1 to 7 of 7

Thread: IDA argument list - c++ program

  1. #1
    mcensamuel
    Guest

    IDA argument list - c++ program

    hi,

    i am trying to disassamble one c++ program( i dont have source code for that).
    I opened the executable file in the IDA.I searched for some function and entered that function.On the entry point of that function,IDA shows it have two orguments,but when i checked in 'functions' window ,it shows that function has only one argument.What might be the reason,why IDA is showing two arguments in the place of only one argument...

    i tried one simply "hello world" C++ program,,in that case, it shows only one argument for a function with one argument.

    Why it is showing differently for this program ???
    sorry for my bad english...

    thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Quote Originally Posted by mcensamuel
    hi,

    i am trying to disassamble one c++ program( i dont have source code for that).
    I opened the executable file in the IDA.I searched for some function and entered that function.On the entry point of that function,IDA shows it have two orguments,but when i checked in 'functions' window ,it shows that function has only one argument.What might be the reason,why IDA is showing two arguments in the place of only one argument...

    i tried one simply "hello world" C++ program,,in that case, it shows only one argument for a function with one argument.

    Why it is showing differently for this program ???
    sorry for my bad english...

    thanks

    Class functions have a hidden argument: "this", which is a pointer to the class structure.
    this might be one explanation.

  3. #3
    mcensamuel
    Guest

    IDA argument list - c++ program - continuation

    Quote Originally Posted by naides
    Class functions have a hidden argument: "this", which is a pointer to the class structure.
    this might be one explanation.

    thanks for your reply.
    I have tried this with two sample program...when i tried debuf using GDB..i got differnet argument insert order for C and C++.

    When i complied a C program,that has a function like
    functionname(int aa,int bb)....for this first 'bb' is inserted into stack and then ''aa" is inserted to stack..

    But for a c++ program that has a function like
    private_fnt(int &int_var,int defau=20)
    First 'int_var' is inserted into stack.
    Second 'defau' is inserted into stack.
    Third "this" inserted into stack.

    Is this correct or am i missing anything ??

    Thanks in advance...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    mcensamuel
    Guest
    Quote Originally Posted by mcensamuel
    thanks for your reply.
    I have tried this with two sample program...when i tried debuf using GDB..i got differnet argument insert order for C and C++.

    When i complied a C program,that has a function like
    functionname(int aa,int bb)....for this first 'bb' is inserted into stack and then ''aa" is inserted to stack..

    But for a c++ program that has a function like
    private_fnt(int &int_var,int defau=20)
    First 'int_var' is inserted into stack.
    Second 'defau' is inserted into stack.
    Third "this" inserted into stack.

    Is this correct or am i missing anything ??

    Thanks in advance...
    sorry...i did a mistake in this...sorryyyy
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    : Code Injector : nikolatesla20's Avatar
    Join Date
    Apr 2002
    Location
    :ether:
    Posts
    815
    Well, apparently your C++ compiler uses a different calling convention.., which would cause a difference in which parameters are pushed, like you said.

    Looking at the Windows calling conventions, most of them are right to left, and member functions without variable args by default use the "thiscall" (MSVC++, anyway) convention..however, thiscall uses ecx as the this pointer, so I'm not sure what calling convention you are seeing here.

    -nt20

  6. #6
    Master Of Nebulah Frost Polaris's Avatar
    Join Date
    Jun 2002
    Location
    Invincible Cyclones Of FrostWinds
    Posts
    221
    Quote Originally Posted by mcensamuel
    thanks for your reply.
    I have tried this with two sample program...when i tried debuf using GDB..i got differnet argument insert order for C and C++.

    When i complied a C program,that has a function like
    functionname(int aa,int bb)....for this first 'bb' is inserted into stack and then ''aa" is inserted to stack..

    But for a c++ program that has a function like
    private_fnt(int &int_var,int defau=20)
    First 'int_var' is inserted into stack.
    Second 'defau' is inserted into stack.
    Third "this" inserted into stack.

    Is this correct or am i missing anything ??

    Thanks in advance...
    But which compiler are you using? Recognizing the compiler you are dealing with can greatly help. As nikolatesla20 says this is a really strange way of passing parameters... The strange thing is a C/C++ compiler pushing parameters from left to right... This usually is the behaviour of pascal/modula2 compilers.
    Stand In The Fog With So Cold A Heart... Watching The Death Of The Sun...

  7. #7
    barny451
    Guest

    IDA argument list - c++ program

    Quote Originally Posted by Polaris
    But which compiler are you using? Recognizing the compiler you are dealing with can greatly help. As nikolatesla20 says this is a really strange way of passing parameters... The strange thing is a C/C++ compiler pushing parameters from left to right... This usually is the behaviour of pascal/modula2 compilers.
    The original reason for pushing from right to left was that this also works for a variable number of arguments (the ANSI ... in a function prototype), because the stack pointer ends up pointing at the left-most (i.e. first) parameter.
    While this was a common compiler implementation choice, there is nothing to stop a compiler from optimising by recognising functions which don't have a variable number of arguments and generating different code (both for caller and the function itself) which does left-to-right parameters (i.e. stack pointing at the last param). This is usually more efficient which is why most windose API calls are declared as PASCAL, which explicitly forces left-to-right parameter pushing to Windows compilers.

    HTH
    barny
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Changing the argument
    By maslo in forum OllyDbg Support Forums
    Replies: 1
    Last Post: August 20th, 2012, 14:53
  2. ollydbg plugin list
    By muxum in forum Plugins (General)
    Replies: 4
    Last Post: February 19th, 2006, 19:28
  3. IDA & argument propagation
    By tom_324 in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: September 1st, 2002, 21:40
  4. argument name propogation in IDA 4.15
    By mike in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: March 7th, 2001, 04:34
  5. How to get functions argument types in IDA. (ida plugIns programing)
    By Mostek in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: February 2nd, 2001, 06:28

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •