One problem in decompilation is how do you get rid of the register assignments?
Firstly, you encapsulate all assignments by
- mov eax,1
- add eax,2
Here, mov eax,1 creates 1. add eax,2 adds on 2.
So getting rid of eax is simple. The answer is 1+2.
We use 3 kinds of variable:
- BLocal - This is where eax is set to, say, 1 in an If block. In the Else block, it's set to 2. The way to deal with this is
- LLocal - This is where eax is used as a loop variable.
- FLocal - This is where the return value from a function is used. Clearly, if we encapsulate the call, we get fopen(a) then later on, fopen(a) again, as eax is repeated. The solution is to count the calls. 1 call means fopen(a). 2 calls or more become FLocal1. When FLocal1 is first used,