So I am taking a class in Viruses and Defense against Viruses. As such there entails much x86 programming. I do know how to program in x86 and the calling conventions and so forth. But that is only because I learned it from my instructor. However, I am not sure how the stack actually works. Only that you need to preserve the eax, and the pointers. And then you need to push and pop, etc. So I was wondering if I could get a thorough enough explanation that is easier to understand. From what I know so far besides the calling convention is that there is a block in the stack that is the caller and inside that is the callee and then the ebp (which has the esp in moved to it), then moves back and forth based on a subroutine. This is 32 bit x86 by the way. I need to understand exactly what happens on the stack in terms of any kind of code dealing with x86 based on the calling convention, because I have encountered some complicated looking code in which I need to immediately recognize where a virus has attacked besides just the tricky jump.
Also if anybody has any mneumonics on remembering particular malware that would be great too or if anyone could make a good one. That helps me to remember whether something is parasitic or not, whether it grows in population, and whether it self replicates, etc. What I mean by types of malware is worms, rabbits, etc.