Sample
- SHA256
-
9fac07f878f13c457853b54872d8594bcdbfb8d69214720cfb5fea72dd9cc3f9 - Difficulty
- easy
- Platform
- Windows
- Tags
- calling conventions clean fastcall x64
- Likes
- 0
- Views
- 10
- Submitter
- struppigel
Analysis
Goal
Open the sample in Ghidra and understand how x64 fastcall and shadow space work. How does the stack look like right before the first call in main is executed. What part of that is the shadow space?
Description
fastcallx64_shadowspace.exe
Recommended Tools
Ghidra
Comments
Please login to view and post comments.