flat assembler
Message board for the users of flat assembler.

Index > Windows > Should I use "fastcall" or "call" in PE64?

Author
Thread Post new topic Reply to topic
Flier-Mate



Joined: 26 May 2023
Posts: 88
Flier-Mate 03 Jun 2023, 13:09
I am excited to start my journey in 64-bit Windows Assembly programming. Just had a quick read about x64 calling convention.

I am confused whether to use "fastcall" macro or just use "call" for calling Win32 API function.
My first program work even if changing "fastcall" to "call".
Code:
sub  rsp, 16

mov  rcx, -11
fastcall [GetStdHandle]

push 0
mov  r9, 0
mov  r8, _len
mov  rdx, hindi
mov  rcx, rax
fastcall [WriteConsoleA]

mov  rcx, 0
fastcall [ExitProcess]         


From disassembly by using IDA Freeware, a "fastcall" would reserve stack of 32-byte before calling, and restore the stack after return, as shown below:
Code:
sub     rsp, 20h
call    cs:GetStdHandle
add     rsp, 20h

sub     rsp, 20h
call    cs:WriteConsoleA
add     rsp, 20h

sub     rsp, 20h
call    cs:ExitProcess
add     rsp, 20h
    


What is the difference between using "fastcall" macro and "call"?

I read this:
Quote:
The x64 Application Binary Interface (ABI) uses a four-register fast-call calling convention by default.


Quote:
Since 16 bytes is a common alignment size for XMM operations, this value should work for most code.


https://learn.microsoft.com/en-us/cpp/build/x64-calling-convention?view=msvc-170

Can someone advise?


Description: Disassembly of 64-bit PE that uses "fastcall"
Filesize: 25.11 KB
Viewed: 1798 Time(s)

fastcall.png


Post 03 Jun 2023, 13:09
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20292
Location: In your JS exploiting you and your system
revolution 03 Jun 2023, 13:11
fastcall is a macro. If you give it no parameters like above, then it is the same as a plain call.

The difference is when you want a macro to assign the parameters and do stack adjustment for you. call can't do that, only the fastcall macro can.
Post 03 Jun 2023, 13:11
View user's profile Send private message Visit poster's website Reply with quote
Flier-Mate



Joined: 26 May 2023
Posts: 88
Flier-Mate 03 Jun 2023, 13:26
I see, revolution.

I have some more question about stack, in PE64DEMO.asm example that came along with FASM, I noticed:
Code:
sub     rsp,8*5         ; reserve stack for API use and make stack dqword aligned 
    


Can I just "sub rsp, 16" instead of "sub rsp, 40"?

Also, do I really need to "add rsp, 20h" before "call [xxxx]", and "sub rsp, 20h" after return from API function call?

Sorry for noob question.
Post 03 Jun 2023, 13:26
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20292
Location: In your JS exploiting you and your system
revolution 03 Jun 2023, 13:30
You don't need to continually use sub/add. You can do only at entry and exit as long as you reserve enough for the largest needed for any function call.

Also proper aligned is a requirement, or you risk the code crashing. You can allocate in increments of 16-bytes only. Upon each entry the stack has a return address and is unaligned, so you have to adjust by 8 more bytes to fix it, and then in multiples of 16-bytes.
Post 03 Jun 2023, 13:30
View user's profile Send private message Visit poster's website Reply with quote
Flier-Mate



Joined: 26 May 2023
Posts: 88
Flier-Mate 03 Jun 2023, 13:39
revolution wrote:
You don't need to continually use sub/add. You can do only at entry and exit as long as you reserve enough for the largest needed for any function call.

Also proper aligned is a requirement, or you risk the code crashing. You can allocate in increments of 16-bytes only. Upon each entry the stack has a return address and is unaligned, so you have to adjust by 8 more bytes to fix it, and then in multiples of 16-bytes.


Thank you very much for the explanation, it helps a lot.
Post 03 Jun 2023, 13:39
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.