__cdecl 是C DECLaration的缩写(declaration,声明),表示C语言默认的函数调用方法:所有参数从右到左依次入栈,这些参数由调用者清除,称为手动清栈。被调用函数不会要求调用者传递多少参数,调用者传递过多或者过少的参数,甚至完全不同的参数都不会产生编译阶段的错误。
_stdcall 是StandardCall的缩写,是C++的标准调用方式:所有参数从右到左依次入栈,如果是调用类成员的话,最后一个入栈的是this指针。这些堆栈中的参数由被调用的函数在返回时清除,使用的指令是 retnX,X表示参数占用的字节数,CPU在ret之后自动弹出X个字节的堆栈空间。称为自动清栈。函数在编译的时候就必须确定参数个数,并且调用者必须严格的控制参数的生成,不能多,不能少,否则返回后会出错。
_fastcall 是编译器指定的快速调用方式。由于大多数的函数参数个数很少,使用堆栈传递比较费时。因此_fastcall通常规定将前两个(或若干个)参数由寄存器传递,其余参数还是通过堆栈传递。不同编译器编译的程序规定的寄存器不同。返回方式和_stdcall相当。
__thiscall 是为了解决类成员调用中this指针传递而规定的。__thiscall要求把this指针放在特定寄存器中,该寄存器由编译器决定。VC使用ecx,Borland的C++编译器使用eax。返回方式和_stdcall相当。
_fastcall 和 __thiscall涉及的寄存器由编译器决定,因此不能用作跨编译器的接口。所以Windows上的COM对象接口都定义为_stdcall调用方式。
调用类型 | 参数入栈顺序 | 由谁负责清栈 | 寄存器传递 |
__stdecl | 从右到左依次入栈 | 调用函数 | this |
_stdcall | 从右到左依次入栈 | 被调用函数 | this |
_fastcall | 从右到左依次入栈 | 被调用函数 | this 和参数 |
__thiscall | 从右到左依次入栈 | 被调用函数 | this |
默认(vs2005) | 从右到左依次入栈 | 被调用函数 | this |
下面来通过代码来查看一下他们到底是如何传递参数和出入栈:
- class TestCallType
- {
- public:
- int default_call(int ,int);
- int __cdecl __cdecl_call(int a, int b);
- int _stdcall _stdcall_call(int a, int b);
- int _fastcall _fastcall_call(int a, int b);
- int __thiscall _thiscall_call(int,int);
- int x;
- };
- int TestCallType::default_call(int a, int b)
- {
- this->x = a + b;
- return this->x;
- }
- int TestCallType::__cdecl_call(int a, int b)
- {
- this->x = a + b;
- return this->x;
- }
- int TestCallType::_stdcall_call(int a, int b)
- {
- this->x = a + b;
- return this->x;
- }
- int TestCallType::_fastcall_call(int a, int b)
- {
- this->x = a + b;
- return this->x;
- }
- int TestCallType::_thiscall_call(int a, int b)
- {
- this->x = a + b;
- return this->x;
- }
调用的地方反汇编出来如下:
- int _tmain(int argc, _TCHAR* argv[])
- {
- 004115B0 push ebp
- 004115B1 mov ebp,esp
- 004115B3 sub esp,0CCh
- 004115B9 push ebx
- 004115BA push esi
- 004115BB push edi
- 004115BC lea edi,[ebp-0CCh]
- 004115C2 mov ecx,33h
- 004115C7 mov eax,0CCCCCCCCh
- 004115CC rep stos dword ptr es:[edi]
- TestCallType call_type;
- call_type.default_call(1, 2);
- 004115CE push 2 /* 参数入栈 */
- 004115D0 push 1 /* 参数入栈 */
- 004115D2 lea ecx,[call_type] /* this指针 */
- 004115D5 call TestCallType::default_call (411113h)
- call_type.__cdecl_call(1, 2);
- 004115DA push 2 /* 参数入栈 */
- 004115DC push 1 /* 参数入栈 */
- 004115DE lea eax,[call_type] /* this指针 */
- 004115E1 push eax
- 004115E2 call TestCallType::__cdecl_call (41112Ch)
- 004115E7 add esp,0Ch /* 调用者负责清栈 */
- call_type._fastcall_call(1,2);
- 004115EA push 2 /* 参数入栈 */
- 004115EC mov edx,1 /* 第一个参数通过寄存器传递 */
- 004115F1 lea ecx,[call_type] /* this指针 */
- 004115F4 call TestCallType::_fastcall_call (41100Ah)
- call_type._stdcall_call(1,2);
- 004115F9 push 2
- 004115FB push 1
- 004115FD lea eax,[call_type] /* this指针 */
- 00411600 push eax
- 00411601 call TestCallType::_stdcall_call (4110EBh)
- call_type._thiscall_call(1, 2);
- 00411606 push 2
- 00411608 push 1
- 0041160A lea ecx,[call_type] /* this指针 */
- 0041160D call TestCallType::_thiscall_call (41117Ch)
- return 0;
- 0041161E xor eax,eax
- }
函数定义的地方反汇编:
- int TestCallType::default_call(int a, int b)
- {
- 004113D0 push ebp
- 004113D1 mov ebp,esp
- 004113D3 sub esp,0CCh
- 004113D9 push ebx
- 004113DA push esi
- 004113DB push edi
- 004113DC push ecx
- 004113DD lea edi,[ebp-0CCh]
- 004113E3 mov ecx,33h
- 004113E8 mov eax,0CCCCCCCCh
- 004113ED rep stos dword ptr es:[edi]
- 004113EF pop ecx
- 004113F0 mov dword ptr [ebp-8],ecx
- this->x = a + b;
- 004113F3 mov eax,dword ptr [a]
- 004113F6 add eax,dword ptr [b]
- 004113F9 mov ecx,dword ptr [this]
- 004113FC mov dword ptr [ecx],eax
- return this->x;
- 004113FE mov eax,dword ptr [this]
- 00411401 mov eax,dword ptr [eax]
- }
- 00411403 pop edi
- 00411404 pop esi
- 00411405 pop ebx
- 00411406 mov esp,ebp
- 00411408 pop ebp /* 默认调用是_stdcall 被调用函数负责清栈 */
- 00411409 ret 8
- --- No source file -------------------------------------------------------------
- int TestCallType::__cdecl_call(int a, int b)
- {
- 00411420 push ebp
- 00411421 mov ebp,esp
- 00411423 sub esp,0C0h
- 00411429 push ebx
- 0041142A push esi
- 0041142B push edi
- 0041142C lea edi,[ebp-0C0h]
- 00411432 mov ecx,30h
- 00411437 mov eax,0CCCCCCCCh
- 0041143C rep stos dword ptr es:[edi]
- this->x = a + b;
- 0041143E mov eax,dword ptr [a]
- 00411441 add eax,dword ptr [b]
- 00411444 mov ecx,dword ptr [this]
- 00411447 mov dword ptr [ecx],eax
- return this->x;
- 00411449 mov eax,dword ptr [this]
- 0041144C mov eax,dword ptr [eax]
- }
- 0041144E pop edi
- 0041144F pop esi
- 00411450 pop ebx
- 00411451 mov esp,ebp
- 00411453 pop ebp
- 00411454 ret /* __cdecl 不用负责栈清除 */
- --- No source file -------------------------------------------------------------
- int TestCallType::_stdcall_call(int a, int b)
- {
- 00411470 push ebp
- 00411471 mov ebp,esp
- 00411473 sub esp,0C0h
- 00411479 push ebx
- 0041147A push esi
- 0041147B push edi
- 0041147C lea edi,[ebp-0C0h]
- 00411482 mov ecx,30h
- 00411487 mov eax,0CCCCCCCCh
- 0041148C rep stos dword ptr es:[edi]
- this->x = a + b;
- 0041148E mov eax,dword ptr [a]
- 00411491 add eax,dword ptr [b]
- 00411494 mov ecx,dword ptr [this]
- 00411497 mov dword ptr [ecx],eax
- return this->x;
- 00411499 mov eax,dword ptr [this]
- 0041149C mov eax,dword ptr [eax]
- }
- 0041149E pop edi
- 0041149F pop esi
- 004114A0 pop ebx
- 004114A1 mov esp,ebp
- 004114A3 pop ebp
- 004114A4 ret 0Ch //清除栈,字节数和参数入栈对应
- --- No source file -------------------------------------------------------------
- int TestCallType::_fastcall_call(int a, int b)
- {
- 004114C0 push ebp
- 004114C1 mov ebp,esp
- 004114C3 sub esp,0D8h
- 004114C9 push ebx
- 004114CA push esi
- 004114CB push edi
- 004114CC push ecx
- 004114CD lea edi,[ebp-0D8h]
- 004114D3 mov ecx,36h
- 004114D8 mov eax,0CCCCCCCCh
- 004114DD rep stos dword ptr es:[edi]
- 004114DF pop ecx
- 004114E0 mov dword ptr [ebp-8],edx
- 004114E3 mov dword ptr [ebp-14h],ecx
- this->x = a + b;
- 004114E6 mov eax,dword ptr [a]
- 004114E9 add eax,dword ptr [b]
- 004114EC mov ecx,dword ptr [this]
- 004114EF mov dword ptr [ecx],eax
- return this->x;
- 004114F1 mov eax,dword ptr [this]
- 004114F4 mov eax,dword ptr [eax]
- }
- 004114F6 pop edi
- 004114F7 pop esi
- 004114F8 pop ebx
- 004114F9 mov esp,ebp
- 004114FB pop ebp
- 004114FC ret 4 //清除栈,字节数和参数入栈对应
- --- No source file -------------------------------------------------------------
- int TestCallType::_thiscall_call(int a, int b)
- {
- 00411510 push ebp
- 00411511 mov ebp,esp
- 00411513 sub esp,0CCh
- 00411519 push ebx
- 0041151A push esi
- 0041151B push edi
- 0041151C push ecx
- 0041151D lea edi,[ebp-0CCh]
- 00411523 mov ecx,33h
- 00411528 mov eax,0CCCCCCCCh
- 0041152D rep stos dword ptr es:[edi]
- 0041152F pop ecx
- 00411530 mov dword ptr [ebp-8],ecx
- this->x = a + b;
- 00411533 mov eax,dword ptr [a]
- 00411536 add eax,dword ptr [b]
- 00411539 mov ecx,dword ptr [this]
- 0041153C mov dword ptr [ecx],eax
- return this->x;
- 0041153E mov eax,dword ptr [this]
- 00411541 mov eax,dword ptr [eax]
- }
- 00411543 pop edi
- 00411544 pop esi
- 00411545 pop ebx
- 00411546 mov esp,ebp
- 00411548 pop ebp
- 00411549 ret 8 //清除栈,字节数和参数入栈对应
- --- No source file -------------------------------------------------------------