I recently started to learn assembly in order to do reverse engineering. I'm reading Practical Reverse Engineering and saw this assembly code there:
loop_start:
mov eax, [edi+4]
mov eax, [eax+ebx*4]
test eax, eax
... //They also did the dots here
jz short loc_7F627F
loc_7F627F:
inc ebx
cmp ebx, [edi]
jl short loop_start
They then told that this info should give us the idea, to decompile it to this (I'm doing all the dots exactly where they did it):
typedef struct _Foo
{
DWORD size;
DWORD array[...];} FOO, *PFOO;
PFOO bar= ...;
for(i= ...; i < bar->size; i++)
{
if(bar->array[i] != 0){
...
}
}
But as jz short loc_7F627F would only jump if the content of eax was zero shouldn't the ... be after jz rather than before jz? Otherwise this would mean I test the content of eax, whether it is zero, then do some unknown stuff and later jump if it was zero (Provided that no other instruction contained in the ... is effecting the ZF flag), which does not seem to match the C-code they wrote.
This part:
loc_7F627F:
inc ebx
cmp ebx, [edi]
jl short loop_start
Translates to:
for(i= ?; i < bar->size; i++){
//do something
}
}
This part
mov eax, [edi+4]
mov eax, [eax+ebx*4]
test eax, eax
... //They also did the dots here
jz short loc_7F627F
(Does not) translate to:
if(bar->array[i] != 0){
...
}
You are correct.
The ... should only be executed if array[i] <> 0 and so the ... in the assembly statement should be after the jz skip_to_next_loop_iteration, not before.
Normally there should also be an unconditional jump to loc_7F627F after the ...; however in this case the code after the first ... can just fall through to the for loop.