1. cdecl (C declaration)

• Arguments → pushed on stack (right to left)
• Caller cleans the stack

push arg2  
push arg1  
call func  
add esp, 8   ; caller cleanup

(Common in C programs)

2. stdcall

• Arguments → stack (same as cdecl)
• Callee cleans the stack

push arg2  
push arg1  
call func  
; no add esp here

(Common in Windows API)

3. fastcall

• First arguments → registers (usually ECX, EDX)
• Rest → stack (usually ESP+4, ESP+8, ESP+C)

Faster (less stack usage)

4. x64 (modern standard)

Completely different:

• First 4 args → registers:

  RCX, RDX, R8, R9

• Rest → stack

• Return value → RAX

(Most modern malware)