IDA Pro Custom Assembly Calling Convention: __usercall (Patreon)

IDA Calling Convention: __usercall

• Custom user-defined calling convention only in IDA used to define a non-standard function type
• Use the @<reg> convention to define a register argument
• Use the @<^start.end> convention to define the stack location of an argument
• Arguments without a specified location are assumed to be on the stack (right-to-left)
• Hex-Rays documentation is your friend!

Full documentation for __usercall can be found in the Hex-Rays Documentation 

Practice Examples

Attached to this post is a copy of the malware shell code  file from our tutorial. 

**This sample is live malware please only open in a safe environment like your FLARE-VM 

The sample is in a .zip file with the password infected

You are encouraged to open this sample in your FLARE-VM using IDA and identify the __usercall calling conventions.