Table A.4 (continued)
SATISFIED
MNEMONICS FLAGS WHEN COMMENTS
If Below or CF = 1 OR ZF = 1 X<= Y This code is the same
Equal (BE) as the above with the
If Not exception that it also
Above (NA) checks ZF, and so
would also be
satisfied if the
operands are equal.
If Equal (E) ZF = 1 X= Y ZF is set so we know
If Zero (Z) that the result was
zero, meaning that the
operands are equal.
If Not Equal (NE) ZF = 0 Z!= Y ZF is unset so we
If Not Zero (NZ) know that the result
was nonzero, which
implies that the
operands are unequal.Control Flow & Program Layout
The vast majority of logic in the average computer program is implemented
through branches. These are the most common programming constructs,
regardless of the high-level language. A program tests one or more logical con-
ditions, and branches to a different part of the program based on the result of
the logical test. Identifying branches and figuring out their meaning and pur-
pose is one of the most basic code-level reversing tasks.
The following sections introduce the most popular control flow constructs
and program layout elements. I start with a discussion of procedures and how
they are represented in assembly language and proceed to a discussion of the
most common control flow constructs and to a comparison of their low-level
representations with their high-level representations. The constructs discussed
are single branch conditionals, two-way conditionals, n-way conditionals, and
loops, among others.Deciphering Functions
The most basic building block in a program is the procedure, or function. From
a reversing standpoint functions are very easy to detect because of function
prologuesand epilogues. These are standard initialization sequences that compilers486 Appendix A21_574817 appa.qxd 3/16/05 8:52 PM Page 486