519

CHAPTER

This appendix explains the basics of how arithmetic is implemented in assem-

bly language, and demonstrates some basic arithmetic sequences and what

they look like while reversing. Arithmetic is one of the basic pillars that make

up any program, along with control flow and data management. Some arith-

metic sequences are plain and straightforward to decipher while reversing,

but in other cases they can be slightly difficult to read because of the various

compiler optimizations performed.

This appendix opens with a description of the basic IA-32 flags used for

arithmetic and proceeds to demonstrate a variety of arithmetic sequences com-

monly found in compiler-generated IA-32 assembly language code.

Arithmetic Flags

To understand the details of how arithmetic and logic are implemented in

assembly language, you must fully understand flags and how they’re used.

Flags are used in almost every arithmetic instruction in the instruction set, and

to truly understand the meaning of arithmetic sequences in assembly lan-

guage you must understand the meanings of the individual flags and how

they are used by the arithmetic instructions.

Flags in IA-32 processors are stored in the EFLAGSregister, which is a 32-bit

register that is managed by the processor and is rarely accessed directly by

Understanding

Compiled Arithmetic

APPENDIX

B

22_574817 appb.qxd 3/16/05 8:45 PM Page 519