Is there a tool to show whether the calling convention is _cdecl or _stdcall or else?
A:
Calling conventions are per function - not PE file.
Library functions. at least the ones provided by MS, are all _stdcall. Everything else is spread across other calling conventions, most of them being _cdecl.
You can read more here.
The short version:
cdeclfunctions don't clear it's argument from the stack, allowing variable sized arguments. Good example isprintf()which can a different number of arguments.stdcallfunctions clears arguments from the stack themselves. Hence variable sized arguments isn't possible.
Edit: added example
Example for cdecl from the link:
push c
push b
push a
call function_name
add esp, 12 ;Stack clearing, 3 arguments take 12 bytes of space (on 32bit)
So after function_name returns, the caller clears the arguments off the stack.
joveha
2010-09-19 21:06:15
How to judge which convention is used by disassembly?
Alan
2010-09-21 15:13:42