Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   How to determine the parameters of a function in OllyDbg (https://forum.exetools.com/showthread.php?t=13591)

congviet 06-15-2011 09:10
How to determine the parameters of a function in OllyDbg
 
How to determine the parameters of a function in OllyDbg? the registers or the stack which holds the value of this parameter. Does anyone know please guide?
Thanks.

copyleft 06-15-2011 11:06
Function parameters are always in stack, regardless of olly or so ...

Kerlingen 06-15-2011 16:06
If the parameters don't speak for themself, you must find out the calling convention which is used. There are literally dozens of calling conventions possible, but only very few are found in todays software.

Generally, all Pascal compilers use the left-to-right order when when pushing parameters on the stack, while most other compilers (mainly C) use right-to-left order. This decides if the first function parameter is pushed first to the stack or last. This is the normal calling convention. In C it's called "cdecl", Pascal has no special name for it.

Then there is an other one called "fastcall", which follows no standardization and every compiler has its own methods. The fastcall convention means that some parameters are passed in registers instead of being pushed on the stack. Some compilers even reserve space on the stack for this kind of parameters. 1-4 registers are used for this depending on the compiler (EAX, ECX, EDX, rarely EBX), but it depends on the compiler which register holds what parameters.


All times are GMT +8. The time now is 07:28.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX