Home/ Questions/Q 8548155
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T13:25:45+00:00

This was disassembled from a x86 exe that was (probably) created with MSVC. Any

  • 0

This was disassembled from a x86 exe that was (probably) created with MSVC.
Any reason for these loops or are they just bloat?

00428D08   |> B9 02000000    MOV ECX,2
00428D0D   |> 33C0           /XOR EAX,EAX
00428D0F   |> 8BF0           |/MOV ESI,EAX
00428D11   |. 48             ||DEC EAX
00428D12   |. 83F8 E9        ||CMP EAX,-17
00428D15   |.^7F F8          |\JG SHORT File.00428D0F
00428D17   |. 49             |DEC ECX
00428D18   |.^75 F3          \JNZ SHORT File.00428D0D

ESI is later on used in a sort of jump table, but this seems to me like an overly complicated way to set ESI twice

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If there are no additional entry points and no self-modifying code, there is one unique way how the code can be walked through:

    mov ecx,2              ; ecx = 2
xor eax,eax            ; eax = 0, ecx = 2, SF = 0, ZF = 0
mov esi,eax            ; eax = 0, ecx = 2, esi = 0, no changes to flags
dec eax                ; eax = 0xFFFFFFFF, ecx = 2, esi = 0, SF = 1, ZF = 0
cmp eax,-17            ; OF = 0, SF = 1, ZF = 0
jg SHORT File.00428D0F ; jump if (SF==OF and ZF==0) -> jump.

    mov esi, eax ; eax = 0xFFFFFFFF, ecx = 2, esi = 0xFFFFFFFF

    After 16 inner loops the situation is the following:

    mov esi,eax            ; eax = -16, ecx = 2, esi = -16
dec eax                ; eax = -17, ecx = 2, esi = -16, SF = 1, ZF = 0
cmp eax,-17            ; OF = 0, SF = 0, ZF = 1
jg SHORT File.00428D0F ; jump if (SF==OF and ZF==0) -> no jump.
dec ecx                ; eax = -17, esi = -16, ecx = 1, SF = 0, ZF = 0

    The outer loop is trivial. If it is certain that there are no other entry points except 00428D08 (the start of this code, mov ecx,2), that is code is not modified from somewhere else and that this code is not used as data, the code can be replaced with:

    If flags’ values are used after the end of this code:

    mov eax,-17
cmp eax,-17
mov ecx,1
dec ecx
mov esi,-16

    If flags’ values are not important:

    mov eax,-17
mov ecx,0
mov esi,-16
    • 0