You can read the code line by line and try to determine the program's logic, but it would be easier if you translate it back to some high-level language. To understand the preceding program, let's use the same logic that was covered previously. The preceding code contains four memory references. First, let's label these addresses - ebp-4=a, ebp-8=b , ebp-0Ch=c, and ebp-10H=d. After labeling the addresses, it translates to the following:
mov dword ptr [a], 16h
mov dword ptr [b], 5
mov eax, [a]
add eax, [b]
mov [c], eax
mov ecx, [a]
sub ecx, [b]
mov [d], ecx
Now, let's translate the preceding code into a pseudocode (high-level language equivalent). The code will as follows:
a = 16h ; h represents hexadecmial, so 16h (0x16) is 22 in decimal
b = 5
eax = a
eax = eax + b ➊
c = eax ➊
ecx = a
ecx = ecx-b ➊
d = ecx ➊
Replacing all of the register names with their corresponding values on the right-hand side of the = operator (in other words, at ➊), we get the following code:
a = 22
b = 5
eax = a ➋
eax = a+b ➋
c = a+b
ecx = a ➋
ecx = a-b ➋
d = a-b
After removing all of the entries containing registers on the left-hand side of the = sign at ➋ (because registers are used for temporary calculations), we are left with the following code:
a = 22
b = 5
c = a+b
d = a-b
Now, we have reduced the eight lines of assembly code to four lines of pseudocode. At this point, you can tell that the code performs addition and subtraction operations and stores the results. You can determine the variable types based on the sizes and how they are used in the code (context), as mentioned earlier. The variables a and b are used in addition and subtraction, so these variables have to be of integer data types, and the variables c and d store the results of integer addition and subtraction, so it can be guessed that they are also integer types. Now, the preceding code can be written as follows:
int a,b,c,d;
a = 22;
b = 5;
c = a+b;
d = a-b;
If you are curious about how the original C program of the disassembled output looks, then the following is the original C program to satisfy your curiosity. Notice how we were able to write an assembly code back to its equivalent high-level language:
int num1 = 22;
int num2 = 5;
int diff;
int sum;
sum = num1 + num2;
diff = num1 - num2;