loads one of the possible results into ECXand the other into EAX. The code
checks EDXagainst the conditional value (zero in this case), and uses CMOVE
(conditional move if equals) to conditionally load EDXwith the value from
ECXif the values are equal. If the condition isn’t satisfied, the conditional move
won’t take place, and so EAXwill retain its previous value (1,000). If the condi-
tional move does take place, EAXis loaded with 2,000. From this you can eas-
ily deduce that the source code was similar to the following code:if (SomeVariable == 0)
return 2000;
else
return 1000;Effects of Working-Set Tuning on Reversing
Working-set tuning is the process of rearranging the layout of code in an exe-
cutable by gathering the most frequently used code areas in the beginning of
the module. The idea is to delay the loading of rarely used code, so that only
frequently used portions of the program reside constantly in memory. The
benefit is a significant reduction in memory consumption and an improved
program startup speed. Working-set tuning can be applied to both programs
and to the operating system.Function-Level Working-Set Tuning
The conventional form of working-set tuning is based on a function-level reor-
ganization. A program is launched, and the working-set tuner programDeciphering Code Structures 515CMOV IN MODERN COMPILERS
CMOVis a pretty unusual sight when reversing an average compiler-generated
program. The reason is probably that CMOVwas not available in the earlier
crops of IA-32 processors and was first introduced in the Pentium Pro
processor. Because of this, most compilers don’t seem to use this instruction,
probably to avoid backward-compatibility issues. The interesting thing is that
even if they are specifically configured to generate code for the more modern
CPUs some compilers still don’t seem to want to use it. The two C/C++
compilers that actually use the CMOVinstruction are the Intel C++ Compiler and
GCC (the GNU C Compiler). The latest version of the Microsoft C/C++
Optimizing Compiler (version 13.10.3077) doesn’t seem to ever want to use
CMOV, even when the target processor is explicitly defined as one of the newer
generation processors.21_574817 appa.qxd 3/16/05 8:54 PM Page 515