you can also deduct that there is some casts in there since edx (the high part of the long long results is always discarted)

tmp = (long)(Var1 * Var2) * (long)(Var1 * Var2);
Var3 = Var2;

you can also assume that tmp will be used later (if optimizations are on)

Could this be the solution?

int result = 1; // [esi]
for(int i = 0; i < 8; i++) // i is [ebx]
{
result *= result;
}

Like shokora said, result is always 1. So you can simplify it and just write "result = 1" with the same result :D

Here is my first version of the C++-Code for the ones who have problems to get the solution:

int p_esi = 1;
int edx = 0;
int p_ebx = edx;
int ecx;
while(p_ebx < 8)
{
ecx = p_esi;
ecx = ecx * p_esi
p_esi = ecx
p_ebx++;
}


var_4=1;
var_8=0;

var_4 goes from 1 to 64 then back down to 4 as its final value

mazuki’s optimized code is probably the actual source.

Dr. Schnieder, an explanation of how the lines in C\C++ translate to the lines of ASM would be helpful.

if you XOR eax by itself, you will ALWAYS get a 0, never anything different, it’s impossible.

so this will automatically make the zero flag set, which makes the JZ execute

then you get to mov ecx,1 then test ecx,ecx well a test is a lot like a cmp with itself, so if it’s true it will jump, as a test will return 0 if it’s true and set the zero flag

so you will end up with eax being 0 and ecx being 1 regardless of what parameters are pushed it seems

variables
a,i

while i > -1{
if i < 6 {a = a SHL 1}
else {
i = 0;
while i < 4 {
a = a SHR 1}
exit;
}

a is the constant 1 stored in the code, eax will always return 0 and the var_4 will always return 0×04

i optimized the code to be something like this:

for i = 0 to 10
if i < 6{a = a*2;}
else{a = a/2;}

b = 3.14;
a = (long)b;
}

int main(int argc, char* argv[])
{
unsigned char myChar; myChar = 0; myChar = 255; // 1 byte
signed char mySignedChar; mySignedChar = -128; mySignedChar = 127; // 2 bytes

unsigned short int myShort; myShort = 0; myShort = 65535;
signed short int mySignedShort; mySignedShort = -32768; mySignedShort = 32767;

unsigned int myInt; myInt = 0; myInt = 4294967295 ; // 4 bytes
signed int mySignedInt; myInt = -2147483648; myInt = 2147483647; // 4 bytes

unsigned long int myLong; myLong=0; myLong=4294967295; // 4 bytes
signed long int mySignedLong; mySignedLong=-2147483648; mySignedLong=2147483647; // 4 bytes

bool myTrue; myTrue = true; // 1 byte
bool myFalse; myFalse = false; // 1 byte

float myFloat; myFloat = 5.3431243774; // 4 bytes

double myDouble; myDouble = 5.3431243774; // 8 bytes

long double myLongDouble; myLongDouble = 5.3431243774; // 8 bytes

wchar_t myWChar; myWChar = ‘A’; //2 or 4 bytes

return 0;
}

Next we have these types, my byte sizes from the usual x86 compiler defaults
don’t match up with the sizes I see declared. I have one more DWORD and one less BYTE
sized values. Even if my stuff did match up the best I could do is a guess, you CAN’T know
that something is a char just because you move 0×41 ‘A’ into it. Also I can’t presume a var is
signed just because you move 0xFF(-1) into it, it could just be holding 0xFF in an unsigned manner!

1 unsigned char,
1 signed char,
1 bool,
2 unsigned short int,
2 signed short int,
2 wchar_t,
4 unsigned long int,
4 signed long int,
4 unsigned int,
4 signed int,

So I think the correct answer is, you can tell the floats, but you AT BEST can take a wild guess as
to the types of the other variables.

loop_until_8: ;{
mov ecx, [esi] ; ecx = 1
imul ecx, [esi] ; 1 * 1 = 1
mov [esi], ecx ; [esi] = 1
inc dword ptr [ebx] ; EBX = ebx + 1 ; (2) ebx = ebx + 1.. until EBX = 8

compare_ebx:
cmp dword ptr [ebx], 8 ; if(EBX >= 8) break;
jl loop_until_8 ; }
————————————-
var_esi = 1;
var_ebx = 0;
for(var_ebx = 0; var_ebx < 8;var_ebx++){
var_ecx = var_esi; // 1;
var_esi = var_ecx * var_esi; // var_esi = 1 * 1
}

Any feedback would be appreciated.
-Daniel Clemens

is a variant of imul that generates a 32 (vice 64) bit result into the destination register (in this case edx). Here you have effectively:

edx *= eax;

with no extension to 64 bits. Any overflow is simply lost. The single register version uses edx:eax as the implied destination register

float var_C;
unsigned char var_D;
bool var_E;
bool var_F;
double var_8;
short var_14;
unsigned short var_18;
int var_1C;
wchar_t var_20;
unsigned int var_24;
char var_25;
long var_2C;
long double var_38;

#define PI 3.14159265
#define PI2 (2 * PI)

int main() {
double var_10 = 1.0;
double var_8 = PI2 * var_10;
return 0;
}

So EDX could be storing the upper 32bits of the result of the multiplication.

The next instruction:
mov edx,eax

moves the lower 32 bits of the product into EDX, thus overwriting the upper 32 bits of the product which EDX was storing.

correct?

int n = 1;
for (int i = 0; i < 8; i++)
n = n * n;

On the first box, a xor (logical exclusive or) is done, if the flag is zero goes to 40100B where an AND is done for ecx, if zero goes to the bottom box which exits the application. If the flag is not zero, goes to 401014 where another xor is done before exiting the program.

If the flag in the first/main box is not zero, goes to 401007 where a xor is done before exiting the application.

int main(int argc, char *argv[], char *envp){

int var_4,var_8,var_C;

var_4 = 5;
var_8 = 6;
var_C = 9;

var_4 = var_4 + 6;
var_8 = var_8 – 5;
var_C = var_C * 3;

return 0;
}