oi BA:
Originally Posted by
B1ackAnge1
(ok hint : you'd see something more like this but without the nice readable variable names)
Code:
...
push MB_OK
push offset HelloWorld
push offset HelloWorld
push NULL
call MessageBoxA
...
shouldn't push NULL and push MB_OK be swapped around? since its stdcall not cdecl?
note: I don't use Masm or whatever, __asm is all I've used so far
Code:
.386
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
.data
HelloWorld db "Hello World!", 0
.code
start:
invoke MessageBoxA, NULL, addr HelloWorld, addr HelloWorld, MB_OK
invoke ExitProcess, 0
end start
would translate into(roughly)
Code:
push MB_OK
push hello.00403000
push hello.00403000
push NULL
call MessageBoxA
and
Code:
.386
.model flat, cdecl
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
.data
HelloWorld db "Hello World!", 0
.code
start:
invoke MessageBoxA, NULL, addr HelloWorld, addr HelloWorld, MB_OK
invoke ExitProcess, 0
end start
would rougly translate into
Code:
push NULL
push hello.00403000
push hello.00403000
push MB_OK
call MessageBoxA
cdecl adds them onto stack in the order you passed them in(so A(b,c) would be push b, push c, call A) while stdcall reverses them(so A(b,c) would be push c, push b, call A)
Right?
or is cdecl automaticly turned into stdcall(or the other way around) at compile time? how would decompilers know if it is cdecl or stdcall?
Because when decompiling stuff with IDA Pro it says 'asuming cdecl by default', what if the function was stdcall? what effect would that have on the decompiler? o__O