During some reversing practice I came across a section of assembly which caught my attention because of Ghidra’s decompilaion. Ghidra has decompiled this section of assembly into a single line with multiple bitwise operations which did not appear to be a reasonably representation.
I thought this might be a good opportunity to dissect some intriguing logic. This is Ghidra’s disassembly.

00402fb8  push  ESI
00402fb9  call  __scrt_is_ucrt_dll_in_use
00402fbe  test  EAX,EAX
00402fc0  jz    LAB_00402fe2
00402fc2  mov   EAX,FS:[0x18]
00402fc8  mov   ESI,DAT_00408448
00402fcd  mov   EDX,[EAX + 0x4]
00402fd0  jmp   LAB_00402fd6
00402fd2  cmp   EDX,EAX
00402fd4  jz    LAB_00402fe6
00402fd6  xor   EAX,EAX
00402fd8  mov   ECX,EDX
00402fda  lock
00402fdb  cmpxchg [ESI],ECX
00402fde  test  EAX,EAX
00402fe0  jnz   LAB_00402fd6
00402fe2  xor   al,al
00402fe4  pop   ESI
00402fe5  ret
00402fe6  mov   al,0x1
00402fe8  pop   ESI
00402fe9  ret

The code first calls a function and tests the result returned in EAX. If the called function returns 0 then execution jumps to a section which returns 0 for this function. Having passed that call we pull an address off the stack and place the dereferenced offset value in EDX. This value is later moved to ECX and EDX is not used again so it may be possible to remove it.

We then jump, xor EAX and complete the aforementioned mov ECX, EDX. We then reach the core instruction of this function cmpxchg, an instruction which distils roughly 5 instructions into one:

0000  cmp  EAX, [ESI]
0001  jnz  0004
0002  mov  [ESI], ECX
0003  jmp  0005
0004  mov  EAX, [ESI]

Following this instruction EAX is tested and if it is 0 the function returns 0. If [ESI] == 0 then EAX will remain untouched and the function will return 0. Otherwise it will jump and cmp EDX, EAX. EDX contains the value pulled from the stack.
At this point the logic was too much for me to hold in my head and I had to write it down.

if (0 == __scrt_is_ucrt_dll_in_use()) {
    return 0;

edx = *(stack[24] + 4);
esi = DAT_00408448;

while (true) {
    eax = 0;
    ecx = edx;

    if (eax == *esi) {
        *esi = ecx;
    } else {
        eax = *esi;

    if (0 == eax) {
        return 0;

    if (edx == eax) {
        return 1;

This can be further simplified by recognising that ECX == EDX and that EAX == 0 unless [ESI] != 0.

if (0 == __scrt_is_ucrt_dll_in_use()) {
    return 0;

edx =  *(stack[24] + 4);
esi = DAT_00408448;

while (true) {
    if (0 == *esi) {
        *esi = edx;
        return 0;

    if (edx == *esi) {
        return 1;

This seems to be initialising a value in memory from the stack. If the memory value is 0, it is set to the stack value and the function returns 0. Otherwise if the values are already equal then the function returns 1. If neither of these cases is true then the function gets stuck in an infinite loop, which indicates that this cannot be the case.

Based on this information this function is effectively checking whether the memory value is already initialised, returning 1 if so or 0 if not.