So I am taking a class in Viruses and Defense against Viruses. As such there entails much x86 programming. I do know how to program in x86 and the calling conventions and so forth. But that is only because I learned it from my instructor. However, I am not sure how the stack actually works. Only that you need to preserve the eax, and the pointers. And then you need to push and pop, etc. So I was wondering if I could get a thorough enough explanation that is easier to understand. From what I know so far besides the calling convention is that there is a block in the stack that is the caller and inside that is the callee and then the ebp (which has the esp in moved to it), then moves back and forth based on a subroutine. This is 32 bit x86 by the way. I need to understand exactly what happens on the stack in terms of any kind of code dealing with x86 based on the calling convention, because I have encountered some complicated looking code in which I need to immediately recognize where a virus has attacked besides just the tricky jump.

Also if anybody has any mneumonics on remembering particular malware that would be great too or if anyone could make a good one. That helps me to remember whether something is parasitic or not, whether it grows in population, and whether it self replicates, etc. What I mean by types of malware is worms, rabbits, etc.

5 Years
Discussion Span
Last Post by iret

Agner Fog wrote an excellent article on Calling Conventions:
Calling conventions for different C++ compilers and operating systems [agner.org]

The following Wikipedia article has an excellent general description of hardware stacks:
Wikipedia: Stack (data structure) - Hardware stacks

The following OSDev article shows how the x86 32-bit stack works:
Stack - OSDev Wiki

The following section of the YASM manual provides some information on the x64 stack:
YASM User Manual: x64 Stack, Register, and Function Parameter Conventions

Windows and Linux share the same standard calling conventions. Windows adds a couple more calling conventions. Linux, as far as I know, does not.

Regarding mneumonics to help you remember, I can't help you there. At least not directly. What I would do is make a chart for each type, list its basic characteristics, then group them by patterns. Perhaps memorizing the malware types by group will be easier.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.