Function name decoration (decorated name) mode
The name decoration of a function (decorated name) is a string that the compiler creates during compilation to indicate the definition or prototype of a function. The link program or other tool sometimes needs to specify the function's name decoration to locate the correct position of the function. In most cases the programmer does not need to know the function's name decoration, and the link program or other tool will automatically differentiate them. Of course, in some cases it is necessary to specify the name decoration of the function, for example, in a C + + program, in order for the link program or other tools to match the correct function name, you must specify the name decorations for the overloaded function and some special functions such as constructors and destructors. Another case where the name decoration of a function needs to be specified is a function called C or C + + in the assembler. If the function name, calling convention, return value type or function parameter has any changes, the original name decoration is no longer valid, you must specify a new name decoration. The functions of C and C + + programs use different name decorations internally, which are described in each of these two ways.
1. C compiler's function name decoration rules
For the __stdcall calling convention, the compiler and linker precede the output function name with an underscore prefix, followed by a "@" sign and the number of bytes of its arguments, such as [email protected]. The __cdecl calling convention only adds an underscore prefix to the name of the output function, such as _functionname. The __fastcall calling convention adds an "@" symbol to the output function name followed by an "@" symbol and the number of bytes of its argument, for example @[email protected]
2. The C + + compiler's function name decoration rules
C + + 's function name decoration rules are somewhat complex, but the information is more sufficient, through the analysis of decorated names can not only know how to call the function, return value type, number of parameters and even parameter types. Regardless of the __cdecl,__fastcall or __stdcall invocation, the function decoration takes a "?" Start, followed by the name of the function followed by the start of the parameter table and the parameter list by the parameter type code. For __stdcall mode, the start identifier of the parameter table is "@ @YG", the __cdecl method is "@ @YA", and the __fastcall method is "@ @YI". The spelling codes for the parameter table are as follows:
X--void
D--char
e--unsigned Char
F--short
H--int
i--unsigned int
J--long
k--unsigned Long (DWORD)
M--float
N--double
_n--bool
U--struct
....
Pointers are somewhat special, using PA to represent pointers, and PB for const type pointers. The following code indicates the pointer type, and if a pointer of the same type appears consecutively, substituting "0", a "0" represents a repetition. U represents the struct type, usually followed by the type name of the struct, and "@@" indicates the end of the struct type name. The return value of a function is not specially handled, and it is described in the same way as a function parameter, followed by the start flag of the parameter table, that is, the first item in the function parameter table is actually the return value type that represents the function. The parameter table identifies the end of the entire name as "@z" and ends with the "Z" identifier if the function has no arguments. Here are two examples, if you have the following function declaration:
int Function1 (char *var1,unsigned long);
Its function is decorated with the name "[email protected]@[email protected]" and for function declarations:
void Function2 ();
The function modifier name is "[email protected] @YGXXZ".
For C + + class member functions (which are called thiscall), the function's name decoration is slightly different from the non-member C + + function, starting with the insertion of the class name guided by the "@" character between the function name and the parameter table, followed by the start of the parameter table. The identity of the public member function is "@ @QAE", the identity of the protection (protected) member function is "@ @IAE", the identity of the private member function is "@ @AAE", and if the function declaration uses the Const keyword, the corresponding identity should be "@ @QBE", "@ @IBE" and "@ @ABE". If the parameter type is a reference to a class instance, use "AAV1" and "ABV1" for a reference to a const type. The following is a description of the name decoration rules for C + + member functions in class CTest:
classCTest {Private: voidFunction (int); protected: voidCopyinfo (ConstCTest &src); Public: LongDrawText (HDC hdc,LongPosConsttchar* text, Rgbquad color, BYTE bUnder,BOOLBSet); LongInsightclass (DWORD dwclass)Const; };
For member function functions, whose function is decorated with the name "[email protected]@@[email protected]", the string "@ @AAE" means that this is a private function. The member function Copyinfo has only one parameter, which is a const reference parameter to the class CTest, whose function is decorated with the name "[Email protected]@@[email protected]@z". DrawText is a more complex function declaration, with not only string parameters, but also struct parameters and hdc handle parameters, it is necessary to point out that HDC is actually a pointer to a hdc__ struct type, which is represented by "[Email protected]@", Its complete function modifier is called "[email protected]@@[email protected]@[email protected]@[email protected]". Insightclass is a common const function whose member function identifier is "@ @QBE", and the full decorated name is "[email protected]@@[email protected]".
Both the C function name decoration method and the C + + function name modification do not change the character case in the output function name, which differs from the Pascal calling convention in that the function name of the Pascal contract output is not decorated and capitalized.
3. View the function's name decoration
There are two ways to check the name decoration of a function in your program: Use the Compile output list or use the DUMPBIN tool. Use the/fac,/fas or/FACS command-line arguments to have the compiler output a list of functions or variable names. You can also get a list of functions or variable names in an obj file or lib file using the Dumpbin.exe/symbols command. In addition, you can use Undname.exe to convert a decorated name to an unmodified form.
4. In the high-level language, these two problems are illustrated by function calling conventions. The common calling conventions are:
__stdcall/_stdcall
__cdecl/_cdecl
__fastcall/_fastcall
__thiscall
__stdcall calling convention
__stdcall is often called the Pascal calling convention, because Pascal is a very common teaching computer programming language, its syntax is rigorous, and the function calling convention used is stdcall. In the Microsoft C + + series, the C + + compiler often uses Pascal macros to declare this calling convention, and similar macros have WINAPI and callback.
The syntax for the __stdcall calling convention declaration is (for example, that function in the previous article):
int __stdcall function (int a,int b)
The calling convention of the stdcall means: 1) The parameters are pressed from right to left into the stack, 2) The function itself modifies the stack 3) the functions are automatically preceded by a leading underscore, followed by an @ symbol followed by the size of the parameter
Taking this function as an example, the parameter B is first compressed, then the parameter a, the function call functions (at the end of the call) is translated into assembly language will be:
Push 2//second parameter into the stack
Push 1//first parameter in stack
Call function//calling parameter, note that the CS:EIP is automatically put into the stack at this time
For the function itself, it can be translated as:
Push EBP//Save the EBP register, which will be used to hold the stack-top pointer of the heap and can be restored when the function exits
MOV ebp,esp//Save stack pointer
mov eax,[ebp + 8H]//stack before EBP points to position in order to save EBP,CS:EIP,A,B,EBP + 8 point A
Add EAX,[EBP + 0CH]//Stack in EBP + 1 2 saved at B
MOV ESP,EBP//recovery ESP
Pop EBP
RET 8
And at compile time, the name of this function is translated into [email protected]
Where the function is kept at the beginning of the ESP into EBP, at the end of the function recovery is a common method of the compiler.
From a function call, 2 and 1 are then push into the stack in turn, and in the function, the parameters are accessed by an offset relative to the EBP (that is, the stack pointer when the function is just entered).
After the function ends, ret 8 cleans up the 8-byte stack, and the function recovers the stack itself.
CDECL calling convention
The cdecl calling convention, also known as the C calling convention, is the C language default calling convention, and its definition syntax is:
int function (int a, int b)//No decoration is the C calling convention
int __cdecl function (int a,int b)//explicitly indicate C calling convention
The parameters of the cdecl calling convention are stacked in the same order as stdcall, and the parameters are first pushed to the left by the stack.
The difference is that the function itself does not clean up the stack, and the caller is responsible for cleaning up the stack.
Because of this change, the C calling convention allows the number of parameters of the function is not fixed, which is a major feature of C language.
For the preceding function functions, the assembly code after using CDECL becomes:
Call Place
Push 1
Push 2
Call Functionadd
esp,8//NOTE: Here the caller is recovering the stack
called function at _function
Push EBP//Save the EBP register, which will be used to hold the stack-top pointer of the heap and can be restored when the function exits
MOV ebp,esp//Save stack pointer
mov eax,[ebp + 8H]//In the stack before EBP points to the position, save with EBP, CS:EIP,A,B,EBP +8 Point A
Add EAX,[EBP + 0CH]//Stack in EBP + 12 saved b
MOV ESP,EBP//recovery ESP
Pop EBP
RET//Note that the stack is not modified here
MSDN says the adornment automatically preceded the function name with a leading underscore, so the function name is recorded as _function in the symbol table, but I don't seem to see this change at compile time.
Since the parameters are stacked in the right-to-left order, the first parameter is closest to the top of the stack, so when the variable number of parameters is used, the position in the stack must be known, as long as the indefinite number of parameters can be determined according to the first subsequent explicit parameters, you can use the indefinite parameter, For example, the sprintf function in the CRT is defined as:
int sprintf (char* buffer,const char* format,...)
Since all the indeterminate parameters can be determined by format, it is no problem to use an indefinite number of parameters.
__fastcall calling convention
The __fastcall calling convention is similar to stdcall, which means:
The first and second DWORD parameters of a function (or smaller size) are passed through ECX and edx, and other parameters are pushed through the right-to-left order
called function cleanup stack
Function name modification rules same as stdcall
Its declaration syntax is: int __fastcall function (int a,int b)
The C + + compiler's function name decoration rules