How so? Most real world apps will be compiled and the compilers follow these conventions. Malware authors or those that use assembly may find it easier to deviate - but even malware authors regularly use standard compilers. Decompilers and disassemblers simply recover what was originally compiled.
Thank you so much Josh! The calling convention for a particular program is the same for all functions, right? If different calling conventions are used for different functions in the same program, then the program can't be compiled, right?
I can’t say for sure as I haven’t looked into it in too much detail. Some compilers let you define the convention, but as to if they enforce that for every function or just programmer written ones I’m not sure. My assumption is that it is the same, that is usually what I see with programs that are not malware. Of course, malware authors or those trying to protect IP may throw all sorts of things at you!
![Assembly Calling Conventions For Reverse Engineers [Patreon Unlocked]](http://i.ytimg.com/vi/9lzW0I9_cpY/mqdefault.jpg)
Great! super clear explanations and good examples
Glad you liked it
Really Amazing video, it deserves more views. Thanks
Thanks a lot!
i hope you resume or update this course :o
2025 is the year!
@ hahaha that sounds amazing!!
real world decompiled apps for the most part never follow these convention rules. its almost always mixed up in some way or another
How so? Most real world apps will be compiled and the compilers follow these conventions. Malware authors or those that use assembly may find it easier to deviate - but even malware authors regularly use standard compilers. Decompilers and disassemblers simply recover what was originally compiled.
Thank you so much Josh! The calling convention for a particular program is the same for all functions, right? If different calling conventions are used for different functions in the same program, then the program can't be compiled, right?
I can’t say for sure as I haven’t looked into it in too much detail. Some compilers let you define the convention, but as to if they enforce that for every function or just programmer written ones I’m not sure. My assumption is that it is the same, that is usually what I see with programs that are not malware. Of course, malware authors or those trying to protect IP may throw all sorts of things at you!
@@jstrosch Thanks Prof!