“The first 4 arguments are saved in R0, R1, R2 and R3; the rest are saved on the stack; the
return value is saved in R0.”
A concise but informative sentence, right? To make a deeper impression, let’s see an
example:
// clang -arch armv7 -isysroot `xcrun --sdk iphoneos --show-sdk-path` -o MainBinary
main.m#include <stdio.h>int main(int argc, char **argv)
{
printf("%d, %d, %d, %d, %d", 1, 2, 3, 4, 5);
return 6;
}Save this code snippet as main.m, and compile it with the sentence in comments. Then drag
and drop MainBinary into IDA and locate to main, as shown in figure 6-9.
Figure 6-9 main in assembly
“BLX _printf” calls printf, and its 6 arguments are stored in R0, R1, R2, R3, [SP, #0x20 +
var_20], and [SP, #0x20 + var_1C] respectively; the return value is stored in R0. Because var_20
= -0x20,var_1C = -0x1C, 2 arguments in the stack are at [SP] and [SP, #0x4].
I don’t think we need further explanation.
“The first 4 arguments are saved in R0, R1, R2 and R3; the rest are saved on the stack; the
return value is saved in R0.”