Figure A.3 High-level/low-level view of a two-way conditional with two conditional
statements.The guidelines for identifying such blocks are very similar to the ones used
for plain two-way conditionals in the previous section. The difference here is
that the compiler adds additional “alternate blocks” that consist of one or
more logical checks, the actual conditional code block, and the final JMPthat
skips to the end of the entire block. Of course, the JMPonly gets executed if the
condition is satisfied. Unlike ‘switch’blocks where several conditions can
lead to the same code block, with these kinds of ‘else-if’blocks each con-
dition is linked to just one code block. Figure A.4 demonstrates a four-way
conditional sequence with one ‘if’and three alternate ‘else-if’paths
that follow.Compound Conditionals
In real-life, programs often use conditional statements that are based on more
than just a single condition. It is very common to check two or more conditions
in order to decide whether to enter a conditional code block or not. This
slightly complicates things for reversers because the low-level code generated
for a combination of logical checks is not always easy to decipher. The follow-
ing sections demonstrate typical compound conditionals and how they are
deciphered. I will begin by briefly discussing the most common logical opera-
tors used for constructing compound conditionals and proceed to demon-
strate several different compound conditionals from both the low-level and
the high-level perspectives.if (SomeVariable < 10)
SomeFunction();else if (SomeVariable == 345)SomeOtherFunction();cmp [Variable1], 10
jae AlternateBlock
call SomeFunction
jmp AfterIfBlock
AlternateBlock:
cmp [Variable1], 345
jne AfterIfBlock
call SomeOtherFunction
AfterIfBlock:
...Assembly Language Code High-Level CodeReversedReversedDeciphering Code Structures 49121_574817 appa.qxd 3/16/05 8:52 PM Page 491