Igor Bezverhi Igor Bezverhi - 1 year ago 120
C++ Question

What is the 'shadow space' in x64 Assembly?

I found plenty of topics about this shadow space, but I couldn't find the answer in none of them, so my question is:

How much exactly bytes I need to subtract from the stack pointer, before entering to a procedure?

And should I push the procedure parameters to the stack before subtracting the "shadow space"?

I've disassembled my code, but I couldn't find the logic.

Answer Source

The Shadow space (also sometimes called Spill space or Home space) is meant to be used, to make debugging x64 easier.

Recall that the first 4 parameters are passed in registers. If you break into the debugger and inspect the call stack for a thread, you won't be able to see any parameters passed to functions. The values stored in registers are transient, and cannot be reconstructed when moving up the call stack.

This is where the Home space comes into play: It can be used by compilers to leave a copy of the register values on the stack for later inspection in the debugger. This usually happens for unoptimized builds. When optimizations are enabled, however, compilers generally treat the Home space as available for scratch use. No copies are left on the stack, and debugging a crash dump turns into a nightmare.

Challenges of Debugging Optimized x64 Code offers in-depth information on the issue.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download