Again, the most noticeable element in this snippet is the sequence of condi-
tional jumps all pointing to the same code. Keep in mind that with this
approach the conditional jumps actually point to the conditional block (as
opposed to the previous cases that have been discussed, where conditional
jumps point to the code that follows the conditional blocks). This approach is
employed by GCC and several other compilers and has the advantage (at least
from a reversing perspective) of being fairly readable and intuitive. It does
have a minor performance disadvantage because of that final JMP that’s
reached when neither condition is met.
Other optimizing compilers such as the Microsoft compilers get around this
problem of having an extra JMPby employing a slightly different approach for
implementing the ORoperator. The idea is that only the second condition is
reversed and is pointed at the code after the conditional block, while the first
condition still points to the conditional block itself. Figure A.7 illustrates what
the same logic looks like when compiled using this approach.
The first condition checks whether Variable1equals 100, just as it’s stated
in the source code. The second condition has been reversed and is now check-
ing whether Variable2doesn’tequal 50. This is so because you want the first
condition to jump to the conditional code if the condition is met and the sec-
ond condition to notjump if the (reversed) condition is met. The second con-
dition skips the conditional block when it is not met.Figure A.7 High-level/low-level view of a conditional statement with two conditions
combined using a more efficient version of the OR operator.if (Variable1 == 100 ||
Variable2 == 50)
Result = 1;
...cmp [Variable1], 100
je ConditionalBlock
cmp [Variable2], 50
jne AfterConditionalBlock
ConditionalBlock:
mov [Result], 1
AfterConditionalBlock:
...Assembly Language Code High-Level CodeDeciphering Code Structures 49521_574817 appa.qxd 3/16/05 8:52 PM Page 495