Binary Exploitation Stack Frame & Calling Convention

February 23, 2021 at 12:46 AM Edit on GitHub

Stack Frame & Calling Convention

Table of Contents

tags: Security PWN

Stack Frame

Basic

Stack

Calling Convention

how to pass array argument on the stack

  1. dca0 dca8分別指向陣列的兩個值
  2. 注意0x0結尾 (不確定是不是必要)
  3. 假如此參數是由rdx傳送 則 mov rdx, 0x7fffffffdca0

Unix/Linux Calling Convention

UNIX & Linux calling convention on i386 and x86-64

Kernel Interface

x86-32 aka i386 Linux System Call convention

x86-32 [Free|Open|Net|DragonFly]BSD UNIX System Call convention:

x86-64 Linux System Call convention

User Interface: function calling

x86-32 Function Calling convention

x86-64 System V user-space Function Calling convention

Once arguments are classified, the registers get assigned (in left-to-right order) for passing as follows:

If the class is MEMORY, pass the argument on the stack. If the class is INTEGER, the next available register of the sequence %rdi, %rsi, %rdx, %rcx, %r8 and %r9 is used

Microsoft Calling Convention

__stdcall (link)

The __stdcall calling convention is used to call Win32 API functions

__cdecl (link)

__cdecl is the default calling convention for C and C++ programs

Microsoft x64 calling convention