Log in

View Full Version : IDA argument list - c++ program

mcensamuel
May 4th, 2004, 12:54
hi,

i am trying to disassamble one c++ program( i dont have source code for that).
I opened the executable file in the IDA.I searched for some function and entered that function.On the entry point of that function,IDA shows it have two orguments,but when i checked in 'functions' window ,it shows that function has only one argument.What might be the reason,why IDA is showing two arguments in the place of only one argument...

i tried one simply "hello world" C++ program,,in that case, it shows only one argument for a function with one argument.

Why it is showing differently for this program ???
sorry for my bad english...

thanks
naides
May 4th, 2004, 13:06
Quote:
[Originally Posted by mcensamuel]hi,

i am trying to disassamble one c++ program( i dont have source code for that).
I opened the executable file in the IDA.I searched for some function and entered that function.On the entry point of that function,IDA shows it have two orguments,but when i checked in 'functions' window ,it shows that function has only one argument.What might be the reason,why IDA is showing two arguments in the place of only one argument...

i tried one simply "hello world" C++ program,,in that case, it shows only one argument for a function with one argument.

Why it is showing differently for this program ???
sorry for my bad english...

thanks



Class functions have a hidden argument: "this", which is a pointer to the class structure.
this might be one explanation.
mcensamuel
May 4th, 2004, 13:36
Quote:
[Originally Posted by naides]Class functions have a hidden argument: "this", which is a pointer to the class structure.
this might be one explanation.



thanks for your reply.
I have tried this with two sample program...when i tried debuf using GDB..i got differnet argument insert order for C and C++.

When i complied a C program,that has a function like
functionname(int aa,int bb)....for this first 'bb' is inserted into stack and then ''aa" is inserted to stack..

But for a c++ program that has a function like
private_fnt(int &int_var,int defau=20)
First 'int_var' is inserted into stack.
Second 'defau' is inserted into stack.
Third "this" inserted into stack.

Is this correct or am i missing anything ??

Thanks in advance...
mcensamuel
May 4th, 2004, 13:42
Quote:
[Originally Posted by mcensamuel]thanks for your reply.
I have tried this with two sample program...when i tried debuf using GDB..i got differnet argument insert order for C and C++.

When i complied a C program,that has a function like
functionname(int aa,int bb)....for this first 'bb' is inserted into stack and then ''aa" is inserted to stack..

But for a c++ program that has a function like
private_fnt(int &int_var,int defau=20)
First 'int_var' is inserted into stack.
Second 'defau' is inserted into stack.
Third "this" inserted into stack.

Is this correct or am i missing anything ??

Thanks in advance...


sorry...i did a mistake in this...sorryyyy
nikolatesla20
May 4th, 2004, 13:44
Well, apparently your C++ compiler uses a different calling convention.., which would cause a difference in which parameters are pushed, like you said.

Looking at the Windows calling conventions, most of them are right to left, and member functions without variable args by default use the "thiscall" (MSVC++, anyway) convention..however, thiscall uses ecx as the this pointer, so I'm not sure what calling convention you are seeing here.

-nt20
Polaris
May 4th, 2004, 15:15
Quote:
[Originally Posted by mcensamuel]thanks for your reply.
I have tried this with two sample program...when i tried debuf using GDB..i got differnet argument insert order for C and C++.

When i complied a C program,that has a function like
functionname(int aa,int bb)....for this first 'bb' is inserted into stack and then ''aa" is inserted to stack..

But for a c++ program that has a function like
private_fnt(int &int_var,int defau=20)
First 'int_var' is inserted into stack.
Second 'defau' is inserted into stack.
Third "this" inserted into stack.

Is this correct or am i missing anything ??

Thanks in advance...


But which compiler are you using? Recognizing the compiler you are dealing with can greatly help. As nikolatesla20 says this is a really strange way of passing parameters... The strange thing is a C/C++ compiler pushing parameters from left to right... This usually is the behaviour of pascal/modula2 compilers.
barny451
May 5th, 2004, 17:28
Quote:
[Originally Posted by Polaris]But which compiler are you using? Recognizing the compiler you are dealing with can greatly help. As nikolatesla20 says this is a really strange way of passing parameters... The strange thing is a C/C++ compiler pushing parameters from left to right... This usually is the behaviour of pascal/modula2 compilers.

The original reason for pushing from right to left was that this also works for a variable number of arguments (the ANSI ... in a function prototype), because the stack pointer ends up pointing at the left-most (i.e. first) parameter.
While this was a common compiler implementation choice, there is nothing to stop a compiler from optimising by recognising functions which don't have a variable number of arguments and generating different code (both for caller and the function itself) which does left-to-right parameters (i.e. stack pointing at the last param). This is usually more efficient which is why most windose API calls are declared as PASCAL, which explicitly forces left-to-right parameter pushing to Windows compilers.

HTH
barny