CHAPTER 43. INLINE FUNCTIONS CHAPTER 43. INLINE FUNCTIONS
43.1 Strings and memory functions
Another very common automatic optimization tactic is the inlining of string functions likestrcpy(),strcmp(),strlen(),memset(),
memcmp(),memcpy(), etc.
Sometimes it’s faster than to call a separate function.
These are very frequent patterns and it is highly advisable for reverse engineers to learn to detect automatically.
43.1.1 strcmp().
Listing 43.3: strcmp() examplebool is_bool (char *s)
{
if (strcmp (s, "true")==0)
return true;
if (strcmp (s, "false")==0)
return false;
assert(0);
};
Listing 43.4: Optimizing GCC 4.8.1.LC0:
.string "true"
.LC1:
.string "false"
is_bool:
.LFB0:
push edi
mov ecx, 5
push esi
mov edi, OFFSET FLAT:.LC0
sub esp, 20
mov esi, DWORD PTR [esp+32]
repz cmpsb
je .L3
mov esi, DWORD PTR [esp+32]
mov ecx, 6
mov edi, OFFSET FLAT:.LC1
repz cmpsb
seta cl
setb dl
xor eax, eax
cmp cl, dl
jne .L8
add esp, 20
pop esi
pop edi
ret
.L8:
mov DWORD PTR [esp], 0
call assert
add esp, 20
pop esi
pop edi
ret
.L3:
add esp, 20
mov eax, 1
pop esi
pop edi
ret
Listing 43.5: Optimizing MSVC 2010$SG3454 DB 'true', 00H