Analysis of the clever principle of the C/C ++ condition (tri-objective) Operator

Recently, I have been studying the reverse engineering of a lib library that is very valuable to me. Today, after work, I was suddenly inspired by the intermittent reversal of the core management class for nearly a week. Finally, we have finished the reverse operation today. In the last function, I encountered a command that I had never used before. (Haha, the Experts laughed !) Of course, there is no way to see the specific role of a Single-sentence Assembly command, and it is likely that the original author was originally implemented by assembly! Haha, don't talk nonsense first. First paste the disassembly code for quick:

MoV dword ptr [B], 64 h // int B
XOR eax, eax
Cmp dword ptr [B], 0
Setg al
Sub eax, 1
And eax, 64 h
Add eax, 0c8h
MoV dword ptr [a], eax // int

 

The confusing code in today's lib is the same as this code, but the and B variables are different. Of course, this does not affect the results. At first, you may not know the purpose of the setg command. The second is to look at the three blue commands below, What Is subtraction, and, and add some inexplicable and wonderful instant numbers. It's confusing how this code is translated into C ++. Is it just a sentence of translation? In this case, I am afraid a compilation is a C ++ statement. The setg command does not know how to translate it into a C ++ statement. Haha! This may be one of the fun of reverse engineering (personal opinion )!

Okay. No nonsense. Analyze it first. First, B is a variable. First, it is assigned 0x64 (100 ). Then compare B with 0. If you are interested, you may find it strange that the following CMP statement is not a jump statement. Generally, the statements are compared and then jump based on the comparison result. Otherwise, what is the significance of CMP? Here, we are misled by the setg command. To understand it, you must first know that CMP will affect the flag bit of the Mark register. CMP is the subtraction operation executed. The first operand is subtracted from the subsequent operand. The difference with sub is that it does not place the reduced value in the destination operand. Therefore, CMP may reduce overflow and affect the flag bit. As a result, we can even guess that setg should be related to the flag. Then, find the table through the information or Pentium x86 Instruction Set (my platform is intel X86 CPU ). It can be seen that the setg command is true if it is greater than zero. If the value of setg Al is greater than zero after CMP comparison, the value in Al will be 0x01. The setg judgment Expression is (ZF = 0 and Sf = of), and there is also a setle (ZF = 1 or Sf <> of), there are a few more, which are not described here. If you are interested, you can check it out.

After careful analysis of the three blue commands, we will find that if eax is 0, sub eax, and eax after 1 will be 0 xffffffff. Then and eax, 64 h results in eax being 64 h, followed by c8h. Then, the variable A is given. Then, analyze another situation. If eax is 1, Sub eax, and 1, it will be 0, and then and equals no operation. Then, it will be followed by c8h. In front of XOR eax, eax is not mentioned, that is, eax is cleared. This analysis can have a rough cone of C ++ statements. That is, the three-object operator :(? :).

Okay, this c ++ statement is short, that is:

 

Int B = 100;

Int A = (B <= 0 )? 300: 200;

 

Haha, That's easy! In fact, the reverse is like this. analyzing a large segment of C ++ code is likely to be translated. This article describes the clever principle. The clever thing here is that the compiler is very clever (MS is very powerful), and these Detailed skills can give us a lot of inspiration. At the Assembly level, the compiler will calculate the difference between the numbers on both sides of the colon, and the difference will be used for the and operation. After B <= 100, the eax value is either 1 or 0. Therefore, after sub eax and 1, eax is either 0 xffffffff or 0. For 0xffffffffff, B is less than or equal to 0. After B is less than or equal to 0 and eax, 64 h will assign the 300-200 difference 100 to eax, and then add c8h (200) to get 300. Otherwise, sub eax, after 1. Eax will be 0. After the and operation, the difference value is not calculated, and the number after the colon is added. It is a small 200. Haha! These details, Ms programs are very careful!

Another point is that the difference recorded here is signed, and it is a fixed number before the colon minus the number after. If the preceding number is smaller than the following number, the record is a negative value in the same principle.

Let's take another example:

MoV dword ptr [B], 1
XOR eax, eax
Cmp dword ptr [B], 0
Setg al
Lea eax, [eax + eax-1]
MoV dword ptr [a], eax

Needless to say, paste the C ++ Code directly:

Int B = 1;
Int A = (B> 0 )? 1:-1;

Or bool type. Pay attention to the clever use of The Red Command, which directly replaces the and add commands. Let's get started!

 

If either side of the colon is a variable, it will not be compiled like this, and it will be compiled into a normal jump similar to the IF statement.

Well, here is a little bit of experience. It should be a long memory. Master Daniel skipped it! -Prepare to go to bed later!