How to investigate the calling convention of PE binary file in windows?

Calling conventions are per function - not PE file.

Up vote -1 down vote favorite share g+ share fb share tw.

Calling-convention pe link|improve this question asked Sep 15 '10 at 13:20Alan26529 34% accept rate.

Calling conventions are per function - not PE file. Library functions. At least the ones provided by MS, are all _stdcall.

Everything else is spread across other calling conventions, most of them being _cdecl. You can read more here. The short version: cdecl functions don't clear it's argument from the stack, allowing variable sized arguments.

Good example is printf() which can a different number of arguments. Stdcall functions clears arguments from the stack themselves. Hence variable sized arguments isn't possible.

Edit: added example Example for cdecl from the link: push c push be push a call function_name add esp, 12 ;Stack clearing, 3 arguments take 12 bytes of space (on 32bit) So after function_name returns, the caller clears the arguments off the stack.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.