FANDOM


One problem in decompilation is how do you get rid of the register assignments?

Firstly, you encapsulate all assignments by

  • mov eax,1
  • add eax,2

Here, mov eax,1 creates 1. add eax,2 adds on 2.

So getting rid of eax is simple. The answer is 1+2.

We use 3 kinds of variable:

  • BLocal - This is where eax is set to, say, 1 in an If block. In the Else block, it's set to 2. The way to deal with this is
  • LLocal - This is where eax is used as a loop variable.
  • FLocal - This is where the return value from a function is used. Clearly, if we encapsulate the call, we get fopen(a) then later on, fopen(a) again, as eax is repeated. The solution is to count the calls. 1 call means fopen(a). 2 calls or more become FLocal1. When FLocal1 is first used,