In MS x64 calling convention I am reading that caller should create a shadow space if we make calls to a Win64 API.
However I created a simple C++ program and making call to MessageBox and after disassembling this is what I see :
00007FF614FC2AD9 mov r9d,136h
00007FF614FC2ADF lea r8,[__xt_z+150h (07FF614FD5BF0h)]
00007FF614FC2AE6 lea rdx,[__xt_z+170h (07FF614FD5C10h)]
00007FF614FC2AED xor ecx,ecx
00007FF614FC2AEF call qword ptr [__imp_MessageBoxW (07FF614FDF6C0h)]
00007FF614FC2AF5 mov dword ptr [msgboxID],eax
I don't see any Shadow space reservation.(Not even in the preceding instructions that are not shown here) What am I missing ?
Edit: Here is the C++ code for above:
#include <Windows.h>
int main()
{
int msgboxID = MessageBox(
NULL,
(LPCWSTR) L"Resource not available\nDo you want to try again?",
(LPCWSTR) L"Account Details",
MB_ICONWARNING | MB_CANCELTRYCONTINUE | MB_DEFBUTTON2
);
return 0;
}
Actually it does generate shadow space. But at the very beginning of the call.(not shown above stack) I thought it would create shadow space just before the call apparently that is not the case. So I will close this question and open a more proper one.