How can I figure out which general-purpose registers are modified by a function call. I am programming a Win32 Assembly program that calls IsDebuggerPresent(). According to MSDN, it will return a boolean value of nonzero is a debugger is present. How would I find out which register is modified without having to assemble and link the program to test it.
Asked
Active
Viewed 99 times
1 Answers
6
In general, this concept is referred to as register preservation or register volatility.
From http://en.wikipedia.org/wiki/X86_calling_conventions#Register_preservation --
According to the Intel ABI to which the vast majority of compilers conform, the
EAX,EDX, andECXare to be free for use within a procedure or function, and need not be preserved.
In other words, an API function such as IsDebuggerPresent() might modify EAX, EDX, and/or ECX, but it won't modify EBX, ESP, or EBP.
Jason Geffner
- 20,681
- 1
- 36
- 75