stack the flags are also a core area of a decompiler. The decompiler has to know which flags are affected by each assembler command, the correct flag value and which flag combinations are tested by the conditional jump or set commands.
Note in the following example the cmp command affects all relevant flags while the dec command affects some flags but not the carry flag which is tested by the jump command jb. This means that the dec command has no effect on the control flow and since also its changed register value is not used, it has no effect on the result value.
test:
movl $10, %eax
cmpl $10, %ebx
dec %ecx
jb .L1
movl $7, %eax
jmp .L2
.L1:
movl $42, %eax
.L2:
ret
A correct decompiled version could be:
// addr = 080483a0.0
// signature= func(test, ret=[<0, int(undef, 4),,unknown>], para=[<0, int(undef, 4),p1,reg[ebx]>, <1, int(undef, 4),p2,reg[ecx]>], varargs=false)
??? test(???)
{
return p1 < 10 ? 42 : 7;
}
Wrong would be a variant using ecx.
]]>