[This is a really really long Twitter thread](https://mobile.twitter.com/Foone/status/1536053690368348160) – that’s just how foone likes to write.

This is a step-by-step live walkthrough of decompiling and reverse-engineering the old game SkiFree. They start by using a few programs to take the exe and turn it back into code – completely unreadable code, but still code. The decompiler can take the machine code from the exe and generate C code that matches up with it, but none of the functions or variables are going to have useful names. The decompiler then gives you tools to start organizing and renaming the decompiled code until it’s clear.
[Here](https://twitter.com/Foone/status/1536061110662533125?s=20&t=l99fGoot0_XjoXn0Xn9f9A) they find a function that the decompiler just called “FUN_00404950”. They look at it and see that it takes a piece of text as an input, does some checks on it, then tells Windows to display a message box with that text. So they change the name of this function to “DisplayMessageBox”.

Now, they start looking around for parts of the program that call DisplayMessageBox – can we figure out what _those_ are doing? Frequently, you look at the way things are formatted or the exact bits of text used – [here](https://twitter.com/Foone/status/1536067991518912512?s=20&t=l99fGoot0_XjoXn0Xn9f9A) is some code that makes a bit of text that looks like “number:number:number.number”. If you look at the game, you notice that the player’s time is written that way: “hours:minutes:seconds.fraction”. So this function that generates that text is probably displaying the player time.

Two functions down, a few hundred to go…