# Practical Reverse Engineering Exercise Solutions: Page 35 / Exercise 8

Contents

Our task as formulated in exercise 8:

Sample H. Decompile `sub_11732` and explain the most likely programming construct used in the original code.

The function’s disassembly:

 `````` 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 `````` ``````sub_1172E: push esi mov esi, [esp+8] dec esi jz short loc_1175F dec esi jz short loc_11755 dec esi jz short loc_1174B sub esi, 9 jnz short loc_1176B mov esi, [eax+8] shr esi, 1 add eax, 0Ch jmp short loc_11767 ; --------------------------------------------------------------------------- loc_1174B: mov esi, [eax+3Ch] shr esi, 1 add eax, 5Eh jmp short loc_11767 ; --------------------------------------------------------------------------- loc_11755: mov esi, [eax+3Ch] shr esi, 1 add eax, 44h jmp short loc_11767 ; --------------------------------------------------------------------------- loc_1175F: mov esi, [eax+3Ch] shr esi, 1 add eax, 40h loc_11767: mov [ecx], esi mov [edx], eax loc_1176B: pop esi retn 4 ``````

Obviously, the sought-after programming construct in this case is a `switch...case` statement.

Translating the assembly code from above in pseudo-C-code yields:

 `````` 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 `````` ``````function(eax, ecx, edx, enum) { switch (enum): case 1: goto 5F; case 2: goto 55; case 3: goto 4B; case 12: var = *(eax+8); var >> 1; // equal to var / 2 eax = eax + 0x0C goto 67; default: goto 6B; 4B: var = *(eax+0x3C) var >> 1; // equal to var / 2 eax = eax + 0x5E; goto 67; 55: var = *(eax+0x3C) var >> 1; // equal to var / 2 eax = eax + 0x44; goto 67; 5F: var = *(eax+0x3C) var >> 1; // equal to var / 2 eax = eax + 0x40; 67: *ecx = var; *edx = eax; 6B: return eax; } ``````