I wish to analyze assembly code that calls functions, and for each 'call' find out how many arguments are passed to the function. I assume that the target functions are not accessible to me, but only the calling code. I limit myself to code that was compiled with GCC only, and to System V ABI calling convention. I tried scanning back from each 'call' instruction, but I failed to find a good enough convention (e.g., where to stop scanning? what happen on two subsequent calls with the same arguments?). Assistance is highly appreciated.
Related Questions in FUNCTION
- Dynamic array of structures in C++/ cannot fill a dynamic array of doubles in structure from dynamic array of structures
- Function is returning undefined but should be returning a matched object from array in JavaScript
- How do you import functions from one page to another in Jetpack Compose?
- Adding Modules to a Namespace using IIFE
- How to convert mathematical expression to lambda function in C++?
- Custom Bash functions & custom statements - Need some advice
- Why my code is working on everything except one instance?
- Getting a function to call an equation
- Create Symbolic Function from Double Vector MATLAB
- Recursive calls to function passed as a parameter of another method via Consumer interface
- How can I replace a word in SQL but only if it is the last word in the string for a scalar-valued function?
- iterating through raster bands to perform calculation
- How to make this sensor keep taking readings once its when_in_range function has been activated?
- TypeError: indice_delete() takes 0 positional arguments but 3 were given
- How to modify HTML in WordPress core file
Related Questions in ASSEMBLY
- Is there some way to use printf to print a horizontal list of decrementing hex digits in NASM assembly on Linux
- How to call a C language function from x86 assembly code?
- Binary Bomb Phase 2 - Decoding Assembly
- AVR Assembly Clock Cycle
- Understanding the differences between mov and lea instructions in x86 assembly
- ARM Assembly code is not executing in Vitis IDE
- Which version of ARM does the M1 chip run on?
- Why would %rbp not be equal to the value of %rsp, which is 0x28?
- Move immediate 8-bit value into RSI, RDI, RSP or RBP
- Unable to run get .exe file from assembly NASM
- DOSbox automatically freezes and crashes without any prompt warnings
- Load function written in amd64 assembly into memory and call it
- link.exe unresolved external symbol _mainCRTStartup
- x86 Wrote a boot loader that prints a message to the screen but the characters are completely different to what I expected
- running an imf file using dosbox in parallel to a game
Related Questions in CALL
- How can I verbosely track the whole process of calling a function?
- How to make efficient a function which checks and update the letters already guessed in a classic Hangman game?
- How will i add call invitation (signaling) in zego cloud?
- Calling ChaiScript function defined in another script file
- Is there a way to use .call function to transfer ERC20 token?
- How can I handle the problems with calling methods?
- GSM device server communication
- How to play wav file during voice call in Android 13 so that the receiver can listen the sound?
- Ozeki voip sip C# calling
- how to set record_sample_rate for sip call when setting record_session in parameter of "bridge" on freeswitch diaplan?
- What should the object type be to have a chained call?
- Windows cmd bat call command with /?
- agora_rtc_engine implementation for video and voice call within a chat module
- How to make a phone call directly from the app using react native?
- Flutter audio call output
Related Questions in REVERSE-ENGINEERING
- How to find a sequence of bytes on the target program from my injected dll?
- Reversing and vtable swapping in dxgi.dll
- How to know Vector3 Position in Unity Mono Game
- Extracting an archive created via Java RandomAccessFile with PHP
- How can I verbosely track the whole process of calling a function?
- How can I patch a function call to a Windows DLL (e.g. kernel32 LoadLibrary)? Is this even possible?
- Grab SSL pinning certificate using Frida on iOS
- Kaitai Struct: error accessing elements in _parent
- How to restore damaged (mp3?) file
- CGSRegionRef: How is an arbitrary region represented as union of rects?
- can a convolutional neural network be reverse engineered?
- Decode suspected timestamps
- Extract Note Text Format (Bold/Italic/Strikethrough) from iOS OTG Backup
- Reverse engineer LCD Protocol used in MPC2000XL
- Opening a serial port using a prebuilt .so library
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Reposting my comments as an answer.
You can't reliably tell in optimized code. And even doing a good job most of the time probably requires human-level AI. e.g. did a function leave a value in RSI because it's a second argument, or was it just using RSI as a scratch register while computing a value for RDI (the first argument)? As Ross says, gcc-generated code for stack-args calling-conventions have more obvious patterns, but still nothing easy to detect.
It's also potentially hard to tell the difference between stores that spill locals to the stack vs. stores that store args to the stack (since gcc can and does use
movstores for stack-args sometimes: see-maccumulate-outgoing-args). One way to tell the difference is that locals will be reloaded later, but args are always assumed to be clobbered.Compilers always re-write args before making another call, because they assume that functions clobber their args (even on the stack). The ABI says that functions "own" their args. Compilers do make code that does this (see comments), but compiler-generated code isn't always willing to re-purpose the stack memory holding its args for storing completely different args in order to enable tail-call optimization. :( This is hand-wavey because I don't remember exactly what I've seen as far as missed tail-call optimization opportunities.
Even that isn't reliable. The System V x86-64 ABI is not simple.
int foo(int, big_struct, int)would pass the two integer args in regs, but pass the big struct by value on the stack. FP args are also a major complication. You can't conclude that seeing stuff on the stack means that all 6 integer arg-passing slots are used.The Windows x64 ABI is significantly different: For example, if the 2nd arg (after adding a hidden return-value pointer if needed) is integer/pointer, it always goes in RDX, regardless of whether the first arg went in RCX, XMM0, or on the stack. It also requires the caller to leave "shadow space".
So you might be able to come up with some heuristics to will work ok for un-optimized code. Even that will be hard to get right.
For optimized code generated by different compilers, I think it would be more work to implement anything even close to useful than you'd ever save by having it.