highly detailed information regarding the program and the data types it deals
with, which makes it possible to produce a reasonably accurate high-level lan-
guage representation of the program through decompilation. Because of this
level of transparency, developers often obfuscate their code to make it more
difficult to comprehend. The process of reversing .NET programs and the
effects of the various obfuscation tools are discussed in Chapter 12.
Low-Level Perspectives
The complexity in reversing arises when we try to create an intuitive link
between the high-level concepts described earlier and the low-level perspec-
tive we get when we look at a program’s binary. It is critical that you develop
a sort of “mental image” of how high-level constructs such as procedures,
modules, and variables are implemented behind the curtains. The following
sections describe how basic program constructs such as data structures and
control flow constructs are represented in the lower-levels.
Low-Level Data Management
One of the most important differences between high-level programming lan-
guages and any kind of low-level representation of a program is in data man-
agement. The fact is that high-level programming languages hide quite a few
details regarding data management. Different languages hide different levels
of details, but even plain ANSI C (which is considered to be a relatively low-
level language among the high-level language crowd) hides significant data
management details from developers.
For instance, consider the following simple C language code snippet.
int Multiply(int x, int y)
{
int z;
z = x * y;
return z;
}This function, as simple as it may seem, could never be directly translated
into a low-level representation. Regardless of the platform, CPUs rarely have
instructions for declaring a variable or for multiplying two variables to yield a
third. Hardware limitations and performance considerations dictate and limit
the level of complexity that a single instruction can deal with. Even though
Intel IA-32 CPUs support a very wide range of instructions, some of which
remarkably powerful, most of these instructions are still very primitive com-
pared to high-level language statements.
Low-Level Software 37