To start the ball rolling:
.text:6FC01A00 sub_6FC01A00 proc near ; CODE XREF: .text:6FC01000�p
.text:6FC01A00 ; D2Net_10025�p ...
.text:6FC01A00 mov eax, Variable
.text:6FC01A05 cmp eax, 1
.text:6FC01A08 jnz short loc_6FC01A0B
.text:6FC01A0A retn
.text:6FC01A0B ; ---------------------------------------------------------------------------
.text:6FC01A0B
.text:6FC01A0B loc_6FC01A0B: ; CODE XREF: sub_6FC01A00+8�j
.text:6FC01A0B xor ecx, ecx
.text:6FC01A0D cmp eax, 2
.text:6FC01A10 setz cl
.text:6FC01A13 mov eax, ecx
.text:6FC01A15 retn
.text:6FC01A15 sub_6FC01A00 endp
This has two optimizations, the first one is more obvoius, though.
The top half would be this:
if((eax = Variable) == false) return; // keeping in mind that return value is in eax
Then in the second half, it compares it sets ecx to null, does the comparison, sets cl to 1, moves ecx to eax, then returns.
I've seen this construct many times, and all it's really doing is,
if(eax == 2) return true;
hmm, I should add the most famous optimization:
.text:6FC0132E ADC xor esi, esi
is the same as,
esi = 0.
Still consider myself rather newb at this, so feel free to delete if wrong.
mov edx, eax
dec eax
test edx, edx
jz return
Equivalent to:
if(!eax) return -1;
add edx, 0FFFFFFFCh
For those of you who don't know, this has the same effect as subtracting 4 from edx.
Right Answer
mov edx, [some variable]
movzx edx, dl
Is the same as:
mov edx, [some variable]
and edx, 0xFF
(movZx stants for mov with Zero extend)
On the other hand, this:
mov edx, [some variable]
movsx edx, dl
Will do the same thing if dl is positive, but will sign-extend if dl is negative, so:
7F will become 0000007F, and 80 will become FFFFFF80.
(movsx means mov with Sign extend)
Finally,
mov edx, [some variable]
mov edx, dl
Will have no affect because mov extends nothing and leaves the rest of the register intact.
(Thanks to skywing for correcting me on this :))
This is a very important pattern I see all the time:
.text:1503AABB mov eax, esi
.text:1503AABD neg eax
.text:1503AABF sbb eax, eax
.text:1503AAC1 mov ecx, edi
.text:1503AAC3 neg ecx
.text:1503AAC5 sbb ecx, ecx
.text:1503AAC7 test ecx, eax ; Make sure both arguments are valid
.......
this is the same as,
if(esi != NULL && edi != NULL).....
In C++, and many other languages, the compiler will generate the following code to access an item in an array:
mov eax, [arraybase+index*arraytypesize]
arraybase is the pointer to the base of the array, index is the item in the array you are trying to retreive, and arraytypesize is the size of the type the array is declared as.
For some arithmatic:
This C code:
int edx = 3;
edx = edx * 2 + 5;
will probably look like this:
mov edx, 3
lea edx, [5 + edx*2]
lea's can be used for arithmatic.