Question
I was just wondering, If I have this ASM function:
https://stackoverflow.com/questions/21190964
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPUSH EBP
MOV EBP, ESP
SUB ESP, 8
LEAVE
RETN 8
That does nothing and takes two 4-bytes arguments. It seems that the first argument is at EBP+8 and the second at EBP+12. But, how to know that? Because if the function takes three 4-bytes parameters, then the third will be at EBP+16. Will the first argument be always at EBP+8 and then I just have to add the argument size to get the next one? If yes, why 8?
Thanks in advance.
Solution 2
The first stack argument will always be at [EBP+8] when using a stack frame, but calling conventions can pass arguments in both registers (general purpose and SIMD) and on the stack.
This your example assume you use a standardized convention such as __stdcall, __cdecl but arguments in __fastcall and VC++13's new __vectorcall will be in general purpose and SIMD registers respectively (and the registers themselves differ based on ABI Sys-V vs MS).
OTHER TIPS
It's at 8 because, generally, EBP+0 = caller's saved EBP, EBP+4 = return address, EBP+8 = first stack based argument.
Also, offsets like this are normally expressed in hexadecimal values so the 2nd stack based argument will be at EBP+C and the third will be at EBP+10.
A good way (not 100% though) to deduce the calling convention of the function is to see how callers of the function prepare registers and/or the stack just prior to calling the function (and also just after the function returns).
Layout of function arguments depends on calling convention being used for this function. And the calling convention can be anything that the function creator was potent to imagine.
