0

I'm reverting an assembly code to C. I came across a part of the code that I cannot understand.

 mov ecx,8A69
 mov eax,66666667
 imul ecx
 sar edx,2
 mov eax,ecx
 sar eax,1F
 sub edx,eax
 mov eax,edx
 shl eax,2
 add eax,edx
 add eax,eax
 sub ecx,eax
 mov eax,ecx

When passing through IMUL ECX, "EAX = 3333863F" and "EDX = 375D". How can I pass this to C and continue to revert this code?

fpmurphy
  • 2,464
  • 1
  • 18
  • 22
FoioLag
  • 59
  • 8
  • 4
    That's doing signed integer division by a constant, like `x / 123` or something: [Why does GCC use multiplication by a strange number in implementing integer division?](https://stackoverflow.com/q/41183935). But both inputs are constant so it's really pointless to do at runtime. (Note the `sar eax,31` to broadcast the sign bit to all positions as a fixup for negative; that's how you can tell it's signed.) – Peter Cordes Jun 30 '20 at 00:34
  • Looking at the answer to this question, I saw that the code tests if a number is multiple of 10. However, I have no idea how I can reach this same conclusion. – FoioLag Jun 30 '20 at 20:22
  • I don't know the formula for inverting a fixed-point multiplicative inverse back into the original divisor. One simple thing would be to try it for one large dividend by single-stepping in a debugger (so you don't need to add a call to printf). Given a dividend and quotient, you can find the divisor the code is implementing. – Peter Cordes Jun 30 '20 at 20:44

0 Answers0