Note these for reversing x64 binary.
1. Windows x64 parameter passing registers
RCX - RDX - R8 - R9
2. Linux x64 parameter passing registers
RDI - RSI - RDX - RCX - R8 - R9
| 86-64 | Microsoft x64 calling convention[9] | Windows (Microsoft Visual C++, GCC,Intel C++ Compiler, Embarcadero compiler), UEFI | RCX/XMM0, RDX/XMM1, R8/XMM2, R9/XMM3 | RTL (C) | Caller | Stack aligned on 16 bytes. 32 bytes shadow space on stack. The specified 8 registers can only be used for parameters 1 through 4. |
| System V AMD64 ABI[11] | GNU/Linux, BSD, Mac OS X (GCC, Intel C++ Compiler) | RDI, RSI, RDX, RCX, R8, R9, XMM0–7 | RTL (C) | Caller | Stack aligned on 16 bytes boundary. Red zone below stack. |
'Programming' 카테고리의 다른 글
| QEMU compile on Ubuntu12.04 (0) | 2013.06.27 |
|---|---|
| IDA remote debugging (0) | 2013.06.24 |
| kernel module cross compile makefile (1) | 2013.06.14 |
| Xilinx QEMU bridge mode (0) | 2013.06.14 |
| md5 sqlinjection hash (0) | 2013.06.12 |
