can either flow into the BB representing the branch target address or into the
BB that contains the code immediately following the condition. This concept is
illustrated in Figure 13.3. Note that to improve readability the actual code in
Figure 13.3 is shown as IA-32 assembly language code, whereas in most decom-
pilers BBs are represented using the decompiler’s internal instruction set.
Figure 13.3 An unstructured control flow graph representing branches in the original
program. The dotted arrows represent conditional branch instructions while the plain ones
represent fall-through cases—this is where execution proceeds when a branch isn’t taken.
004010A5 CALL [<&KERNEL32.GetLastError>]00401064 PUSH EAX
00401065 PUSH 1008
0040106A PUSH cryptex.00405050
0040106F PUSH ESI
00401070 CALL [<&KERNEL32.ReadFile>]004010CB POP EDI
004010CC XOR EAX,EAX
004010CE POP ESI
004010CF POP ECX
004010D0 RETN0040107A MOV EAX,[ESP+18]
0040107E TEST EAX,EAX
00401080 MOV DWORD PTR [ESP+14],1008
00401088 JE SHORT cryptex.004010C20040108A LEA ECX,[ESP+14]
0040108E PUSH ECX
0040108F PUSH cryptex.00405050
00401094 PUSH 0
00401096 PUSH 1
00401098 PUSH 0
0040109A PUSH EAX
0040109B CALL [<&ADVAPI32.CryptDecrypt>]004010C2 POP EDI
004010C3 MOV EAX,cryptex.00405050
004010C8 POP ESI
004010C9 POP ECX
004010CA RETN00401076 TEST EAX,EAX
00401078 JE SHORT cryptex.004010CB004010A1 TEST EAX,EAX
004010A3 JNZ SHORT cryptex.004010C2004010AB PUSH EDI
004010AC PUSH cryptex.004030E8
004010B1 CALL [<&MSVCR71.printf>]004010B7 ADD ESP,8
004010BA PUSH 1
004010BC CALL [<&MSVCR71.exit>]Decompilation 465