Assembly Register Calling Convention Tutorial

Where to Go From Here?

Whew! That was a long one, wasn’t it? Sit back and take a break with your favorite form of liquid; you’ve earned it.

You can download the completed project from this tutorial here.

So what did you learn?

• Architectures define a calling convention which dictates where parameters to a function and its return value are stored.
• In Objective-C, the RDI register is the reference of the calling NSObject, RSI is the Selector, RDX is the first parameter and so on.
• In Swift, RDI is the first argument, RSI is the second parameter, and so on provided that the Swift method isn’t using dynamic dispatch.
• The RAX register is used for return values in functions regardless of whether you’re working with Objective-C or Swift.
• Make sure you use the Objective-C context when printing registers with $.

There’s a lot you can do with registers. Try exploring apps you don’t have the source code for; it’s a lot of fun and will build a good foundation for tackling tough debugging problems.

Try attaching to an application on the iOS Simulator and map out the UIViewControllers as they appear using assembly, a smart breakpoint, and a breakpoint command.

If you enjoyed what you learned in the tutorial, why not check out the complete Advanced Apple Debugging & Reverse Engineering book, available on our store?

Here’s a taste of what’s in the book:

• Getting Started: Learn your way around LLDB and its extensive list of subcommands and options.
• Python Power: Use LLDB’s Python module to create powerful, custom debugging commands to introspect and augment existing programs.
• Understanding Assembly: Truly understand how code works at an assembler-level and how you can explore code in memory.
• Ptrace and Friends: Learn how to leverage ptrace, dlopen and dlsym to hook into C and Swift functions to explore code that you don’t have the source for.
• Script Bridging: Extend the debugger to make it do almost anything you want, and learn how to pass in options or arguments to your debugging scripts.
• DTrace: Dig deep and hook into a function with a DTrace probe to query a massive amount of process information.
• …and more!

By the end of this book, you’ll have the tools and knowledge to answer even the most obscure question about your code — or someone else’s.

To celebrate the launch of the book, it’s currently on sale for $44.99 — that’s a $10 discount off the cover price! But don’t wait too long, as the launch deal is only on until Friday, May 19th.

If you have any questions or comments on this tutorial, feel free to join the discussion below!