Some knowledge about call conventions (cdecl, fastcall, and thiscall)

Function call Specification 

When a high-level language function is compiled into a machine code, there is a problem that must be solved: Because the CPU cannot know how many and what parameters a function call requires. That is, the computer does not know how to pass parameters to this function. The operation of passing parameters must be coordinated by the function caller and the function itself. Therefore, the computer provides a data structure called Stack to support parameter transmission. When a function is called, the caller pushes the parameter to the stack in sequence and then calls the function. After the function is called, the caller obtains data in the stack for calculation. After function compute is completed, the user or function modifies the stack to restore the stack to its original state. Two important issues in parameter passing must be clearly stated: 1) when there are more than one parameter, in what order the parameter is pushed into the stack; 2) after the function is called, who will restore the stack to its original state. 3) Where is the function return value? In advanced languages, calling conventions are used to illustrate these two problems. Common call specifications include:Stdcall, cdecl, fastcall, thiscall & naked call Stdcall call SpecificationStdcall is often referred to as Pascal's call specification, because Pascal is a very common language used for teaching computer programming. Its syntax is rigorous, and the function call Convention used is stdcall. In Microsoft C ++ C/C ++ compilers, Pascal macro is often used to declare this call Convention. Similar macros include winapi and callback. The syntax for stdcall to call the standard declaration is: int _ stdcall function (int A, int B) The call Convention of stdcall means: 1) the parameter is pushed from right to left into the stack; 2) the function modifies the stack; 3) the function name is automatically followed by a leading underline followed by a @ symbol, followed by the parameter size. The preceding function is used as an example. parameter B is first pushed to the stack, and parameter A is followed. The function call function (1, 2) is translated into an assembly language: Push 2 second parameter into Stack Push 1 first parameter into Stack Call function call parameters. Note that CS: EIP is automatically added to the stack. For the function itself, you can translate it: Push EBP to save the EBP register, which will be used to save the stack top pointer of the stack and can be restored when the function exits. MoV EBP, esp save Stack pointer MoV eax, [EBP + 8 h] EBP in the stack is stored in order with EBP, CS: EIP, A, B, EBP + 8 pointing to Add eax, [EBP + 0ch] B is saved at EBP + 12 in the stack MoV ESP and EBP resume ESP Pop EBP RET 8 During compilation, the name of this function is translated into _ FUNCTION @ 8. Note that different compilers insert their own assembly code to provide compilation versatility, but the general code is like this. The ESP is retained to EBP at the beginning of the function, which is a common method used by the compiler when the function is restored. From the perspective of function calls, 2 and 1 are pushed into the stack sequentially, and in the function, they access parameters through the offset relative to EBP (that is, the stack pointer when the function is just introduced. After the function is completed, RET 8 indicates that the 8-byte stack is cleared and the function restores the stack.Cdecl call SpecificationThe cdecl call Convention, also known as the C call Convention, is the default call Convention of C language. Its definition syntax is: int function (int A, int B) // without modification, the C call Convention int _ cdecl function (int A, int B) // specify the C call Convention The parameter pressure stack sequence in cdecl call conventions is the same as that in stdcall. parameters are first pushed from right to left into the stack. The difference is that the function itself does not clean up the stack, and the caller is responsible for clearing the stack. Due to this change, the number of parameters allowed by the C call convention is not fixed, which is also a major feature of C language. For the previous function, the assembly code after cdecl is changed: Call Process Push 1 Push 2 Call Function Add ESP, 8 Note: here the caller is restoring the stack Called function _ Function Push EBP to save the EBP register, which will be used to save the stack top pointer of the stack and can be restored when the function exits. MoV EBP, esp save Stack pointer MoV eax, [EBP + 8 h] EBP in the stack is stored in order with EBP, CS: EIP, A, B, EBP + 8 pointing to Add eax, [EBP + 0ch] B is saved at EBP + 12 in the stack MoV ESP and EBP resume ESP Pop EBP RET note: the stack is not modified here According to msdn, this modifier is automatically prefixed with a leading underline before the function name, so the function name is recorded as _ function in the symbol table. Because the parameters are pressed from the right to the left, the initial parameter is at the position closest to the top of the stack. Therefore, when an indefinite number of parameters are used, the position of the first parameter in the stack must be known. As long as the number of parameters is determined based on the explicit parameters of the first and later, the parameter can be used, for example, the sprintf function is defined: Int sprintf (char * buffer, constchar * format ,...) Since all the indefinite parameters can be determined through format, it is no problem to use the indefinite number of parameters.Fastcall call SpecificationThe fastcall call Convention is similar to stdcall, which means: 1) The first and second DWORD parameters of the function (or smaller size) are passed through ECx and EDX, other parameters are pushed from right to left sequentially. 2) The called function clears the stack. 3) the function name modification rules are the same as stdcall. The statement syntax is: int _ fastcall function (int A, int B)Thiscall call SpecificationThiscall is the only function modifier that cannot be explicitly specified, because thiscall is not a keyword. It is the default call Convention for C ++ class member functions. Because the member function call has another this pointer, it must be specially processed. thiscall means: 1) the parameter goes from right to left into the stack; 2) if the number of parameters is determined, this pointer is passed to the called through ECx; if the number of parameters is not sure, this pointer is pushed into the stack after all parameter pressure stacks; 3) if the number of parameters is not fixed, the caller clears the stack, otherwise, the function clears the stack by itself. To illustrate this call Convention, define the following classes and use code: Class { Public: Int function1 (int A, int B ); Int function2 (int ,...); }; Int A: function1 (int A, int B) { Return A + B; } Int A: function2 (int ,...) { Va_list AP; Va_start (AP, ); Int I; Int result = 0; For (I = 0; I <A; I ++) { Result + = va_arg (AP, INT ); } Return result; } Void callee () { A; A. function1 (1, 2 ); A. function2 (3,1, 2,3 ); } After the callee function is translated into an assembly, it becomes: // Function function1 call 0401c1d push 2 00401c1f Push 1 00401c21 Lea ECx, [ebp-8] 00401c24 call function1 note that this is not included in the stack // Function function2 call 00401c29 Push 3 00401c2b push 2 00401c2d Push 1 00401c2f Push 3 00401c31 Lea eax, [ebp-8] Here introducing this pointer 00401c34 push eax 00401c35 call function2 00401c3a add ESP, 14 h It can be seen that when the number of parameters is fixed, it is similar to stdcall, and cdecl is similar to when the number of parameters is not specified. Naked call SpecificationThis is a rare call Convention. Generally, it is recommended that you do not use it. The compiler does not add initialization and cleanup code for such functions. More specifically, you cannot use return to return values. Instead, you can only use insert assembly to return results. This is generally used for real-Mode Driver Design. Suppose we define a sum addition program, which can be defined: _ Declspec (naked) int add (int A, int B) { _ ASM mov eax, _ ASM add eax, B _ ASM RET } Note: This function does not return an explicit return value. The returned result is implemented by modifying the eax register, and the RET commands that exit the function must be explicitly inserted. The code above is translated into an assembly and then changed: MoV eax, [EBP + 8] Add eax, [EBP + 12] RET 8 Note that this modifier is used in combination with _ stdcall and cdecl. The code used in combination with cdecl is mentioned earlier. For the code combined with stdcall, it becomes: _ Declspec (naked) int _ stdcall function (int A, int B) { _ ASM mov eax, _ ASM add eax, B _ Asm ret 8 // pay attention to the following 8 } This function is called in the same way as the common cdecl and stdcall call functions.  Common problems caused by function call conventionsIf the defined and used conventions are inconsistent, the stack will be damaged, leading to serious problems. The following are two common problems: 1) the function prototype declaration and function body definition are inconsistent. 2) different function conventions are defined when a DLL is imported into a function.