Calling Conventions

Radare2 uses calling conventions to help in identifying function formal arguments and return types. It is used also as a guide for basic function prototype and type propagation.

  1. [0x00000000]> afc?
  2. |Usage: afc[agl?]
  3. | afc convention  Manually set calling convention for current function
  4. | afc             Show Calling convention for the Current function
  5. | afc=([cctype])  Select or show default calling convention
  6. | afcr[j]         Show register usage for the current function
  7. | afca            Analyse function for finding the current calling convention
  8. | afcf[j] [name]  Prints return type function(arg1, arg2...), see afij
  9. | afck            List SDB details of call loaded calling conventions
  10. | afcl            List all available calling conventions
  11. | afco path       Open Calling Convention sdb profile from given path
  12. | afcR            Register telescoping using the calling conventions order
  13. [0x00000000]>
  • To list all available calling conventions for current architecture using afcl command
  1. [0x00000000]> afcl
  2. amd64
  3. ms
  • To display function prototype of standard library functions you have afcf command
  1. [0x00000000]> afcf printf
  2. int printf(const char *format)
  3. [0x00000000]> afcf fgets
  4. char *fgets(char *s, int size, FILE *stream)

All this information is loaded via sdb under /libr/anal/d/cc-[arch]-[bits].sdb

  1. default.cc=amd64
  3. ms=cc
  4. cc.ms.name=ms
  5. cc.ms.arg1=rcx
  6. cc.ms.arg2=rdx
  7. cc.ms.arg3=r8
  8. cc.ms.arg3=r9
  9. cc.ms.argn=stack
  10. cc.ms.ret=rax

cc.x.argi=rax is used to set the ith argument of this calling convention to register name rax

cc.x.argn=stack means that all the arguments (or the rest of them in case there was argi for any i as counting number) will be stored in stack from left to right

cc.x.argn=stack_rev same as cc.x.argn=stack except for it means argument are passed right to left