I wish to analyze assembly code that calls functions, and for each 'call' find out how many arguments are passed to the function. I assume that the target functions are not accessible to me, but only the calling code. I limit myself to code that was compiled with GCC only, and to System V ABI calling convention. I tried scanning back from each 'call' instruction, but I failed to find a good enough convention (e.g., where to stop scanning? what happen on two subsequent calls with the same arguments?). Assistance is highly appreciated.
How many arguments are passed in a function call?
1.5k Views Asked by Jaaz At
1
There are 1 best solutions below
Related Questions in FUNCTION
- Angular Show All When No Filter Is Supplied
- Using pagination on a table in AngularJS
- State with different subviews
- Getting and passing MVC Model data to AngularJS controller
- Implementing prerender.io middleware in sails.js
- Token based authorization in nodejs/ExpressJs and Angular(Single Page Application)
- AngularJS, Google App Engine and URLrewrite
- send data from table to another page into forms
- How to write tests for classes with inheritance
- angularJS sending OPTIONS instead of POST
Related Questions in ASSEMBLY
- Angular Show All When No Filter Is Supplied
- Using pagination on a table in AngularJS
- State with different subviews
- Getting and passing MVC Model data to AngularJS controller
- Implementing prerender.io middleware in sails.js
- Token based authorization in nodejs/ExpressJs and Angular(Single Page Application)
- AngularJS, Google App Engine and URLrewrite
- send data from table to another page into forms
- How to write tests for classes with inheritance
- angularJS sending OPTIONS instead of POST
Related Questions in CALL
- Angular Show All When No Filter Is Supplied
- Using pagination on a table in AngularJS
- State with different subviews
- Getting and passing MVC Model data to AngularJS controller
- Implementing prerender.io middleware in sails.js
- Token based authorization in nodejs/ExpressJs and Angular(Single Page Application)
- AngularJS, Google App Engine and URLrewrite
- send data from table to another page into forms
- How to write tests for classes with inheritance
- angularJS sending OPTIONS instead of POST
Related Questions in REVERSE-ENGINEERING
- Angular Show All When No Filter Is Supplied
- Using pagination on a table in AngularJS
- State with different subviews
- Getting and passing MVC Model data to AngularJS controller
- Implementing prerender.io middleware in sails.js
- Token based authorization in nodejs/ExpressJs and Angular(Single Page Application)
- AngularJS, Google App Engine and URLrewrite
- send data from table to another page into forms
- How to write tests for classes with inheritance
- angularJS sending OPTIONS instead of POST
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Reposting my comments as an answer.
You can't reliably tell in optimized code. And even doing a good job most of the time probably requires human-level AI. e.g. did a function leave a value in RSI because it's a second argument, or was it just using RSI as a scratch register while computing a value for RDI (the first argument)? As Ross says, gcc-generated code for stack-args calling-conventions have more obvious patterns, but still nothing easy to detect.
It's also potentially hard to tell the difference between stores that spill locals to the stack vs. stores that store args to the stack (since gcc can and does use
movstores for stack-args sometimes: see-maccumulate-outgoing-args). One way to tell the difference is that locals will be reloaded later, but args are always assumed to be clobbered.Compilers always re-write args before making another call, because they assume that functions clobber their args (even on the stack). The ABI says that functions "own" their args. Compilers do make code that does this (see comments), but compiler-generated code isn't always willing to re-purpose the stack memory holding its args for storing completely different args in order to enable tail-call optimization. :( This is hand-wavey because I don't remember exactly what I've seen as far as missed tail-call optimization opportunities.
Even that isn't reliable. The System V x86-64 ABI is not simple.
int foo(int, big_struct, int)would pass the two integer args in regs, but pass the big struct by value on the stack. FP args are also a major complication. You can't conclude that seeing stuff on the stack means that all 6 integer arg-passing slots are used.The Windows x64 ABI is significantly different: For example, if the 2nd arg (after adding a hidden return-value pointer if needed) is integer/pointer, it always goes in RDX, regardless of whether the first arg went in RCX, XMM0, or on the stack. It also requires the caller to leave "shadow space".
So you might be able to come up with some heuristics to will work ok for un-optimized code. Even that will be hard to get right.
For optimized code generated by different compilers, I think it would be more work to implement anything even close to useful than you'd ever save by having it.