FANDOM


If you have this code compiled in a C compiler:

  • if ((a == 1) || (b == 2))
  • {
  • printf("Match!")
  • }
  • c = 3

It compiles it in a very non-obvious way to decompile.

But we think we have a solution.

In the above statement, there are 2 blocks of code and 3 important addresses. The first block of code goes from the 'if' and stops on the { line. This is called the 'conditional block'. The second block of code goes from '{' and ends on the start of 'c=3'. This is called the 'code block'.

The first address is from the 'if'. The second address is on '{' The third address is on '}'

Now we have these 2 blocks established, and the 3 addresses, here's how we figure out if it's an or.

Any jz that points to the second address is an 'or', because if true, it skips the rest of the conditional block.

Any jz that points to the third address is an 'and' because if false, it skips everything.

Any jz that points INSIDE the conditional block, might be a and.

Finally, the last jz in the conditional block has its arithop flipped (so instead of a==2, we flip it to a!=2).

More on OR's soon.

We don't need to worry about any branches to within the if block.

As for finding the start of a conditional block, use the function find-starts on the first If of the block.