Calling Conventions

Rizin uses calling conventions to help in identifying function formal arguments and return types. It is used also as a guide for basic function prototype and type propagation.

[0x00000000]> afc?
Usage: afc[agl?]
| afc convention  Manually set calling convention for current function
| afc             Show Calling convention for the Current function
| afcr[j]         Show register usage for the current function
| afca            Analyse function for finding the current calling convention
| afcf[j] [name]  Prints return type function(arg1, arg2...), see afij
| afck            List SDB details of call loaded calling conventions
| afcl            List all available calling conventions
| afco path       Open Calling Convention sdb profile from the given path
| afcR            Register telescoping using the calling conventions order
[0x00000000]>

To list all available calling conventions for current architecture using afcl command

[0x00000000]> afcl
swift
amd64
amd64syscall
ms
reg

The default calling convention for a particular architecture/binary is defined with analysis.cc for user-mode calls and analysis.syscc for syscalls.

To display a function prototype of standard library functions you have the afcf command

[0x00000000]> afcf printf
int printf(const char *format)
[0x00000000]> afcf fgets
char *fgets(char *s, int size, FILE *stream)

All this information is loaded via sdb under /librz/analysis/d/cc-[arch]-[bits].sdb

default.cc=amd64

ms=cc
cc.ms.name=ms
cc.ms.arg1=rcx
cc.ms.arg2=rdx
cc.ms.arg3=r8
cc.ms.arg3=r9
cc.ms.argn=stack
cc.ms.ret=rax

cc.x.argi=rax is used to set the ith argument of this calling convention to register name rax

cc.x.argn=stack means that all the arguments (or the rest of them in case there was argi for any i as counting number) will be stored in the stack from left to right

cc.x.argn=stack_rev same as cc.x.argn=stack except for it means argument are passed right to left