Reversing : The Hacker's Guide to Reverse Engineering

Figure A.3 High-level/low-level view of a two-way conditional with two conditional statements. The guidelines for identifying su ...

Figure A.4 High-level/low-level view of conditional code with multiple alternate execution paths. Logical Operators High-level l ...

consecutive conditions that conditionally branch to the same address. Here is an example: cmp [Variable1], 100 jne AfterConditio ...

Another common logical operator is the ORoperator, which is used for cre- ating conditional statements that only require for one ...

Again, the most noticeable element in this snippet is the sequence of condi- tional jumps all pointing to the same code. Keep in ...

Simple Combinations What happens when any of the logical operators are used to specify more than two conditions? Usually it is j ...

Figure A.9 High-level/low-level view of a conditional statement with three conditions combined using a more efficient version of ...

Figure A.10 High-level/low-level view of a compound conditional statement with three conditions combined using the ANDoperator. ...

It is not easy to define truly generic rules for reading compound condition- als in assembly language, but the basic parameter t ...

the program jump to the default block. To efficiently implement the table lookup, the compiler subtracts 1 from ByteValueand com ...

Figure A.11 A table implementation of a switch block. The general idea is to divide the searchable items into two equally sized ...

To implement a binary search for switch blocks, the compiler must inter- nally represent the switch block as a tree. The idea is ...

Figure A.12 demonstrates how the preceding switch block can be viewed as a tree by the compiler and presents the compiler-genera ...

One relatively unusual quality of tree-based n-way conditionals that makes them a bit easier to make out while reading disassemb ...

mov ecx, DWORD PTR [array] xor eax, eax LoopStart: mov DWORD PTR [ecx+eax*4], eax add eax, 1 cmp eax, 1000 jl LoopStart It appea ...

For the purpose of this particular discussion a forloop is equivalent to a pretested loop such as the ones discussed earlier. Po ...

initialized and jumps to AfterLoopif it is nonzero. This is your break statement—simply an elegant name for the good old gotocom ...

Here is the same code with a slight modification: mov eax, DWORD PTR [c] mov ecx, DWORD PTR [array] LoopStart: cmp DWORD PTR [ec ...

times, so that each iteration actually performs the work of three iterations instead of one. The counter incrementing code has b ...

Pure Arithmetic Implementations Certain logical statements can be converted directly into a series of arithmetic operations, inv ...