How to investigate the calling convention of PE binary file in windows?

Is there a tool to show whether the 开发者_Go百科calling convention is _cdecl or _stdcall or else?

Calling conventions are per function - not PE file.

Library functions. at least the ones provided by MS, are all _stdcall. Everything else is spread across other calling conventions, most of them being _cdecl.

You can read more here.

The short version:

• cdecl functions don't clear it's argument from the stack, allowing variable sized arguments. Good example is printf() which can a different number of arguments.
• stdcall functions clears arguments from the stack themselves. Hence variable sized arguments isn't possible.

Edit: added example

Example for cdecl from the link:

push c
push b
push a
call function_name
add esp, 12 ;Stack clearing, 3 arguments take 12 bytes of space (on 32bit)

So after function_name returns, the caller clears the arguments off the stack.