assembly disassembly

Question

please can someome explain me why when I do

dumpbin /disasm "C:\simple_Win32.exe" >> "C:\users\piter\myDump5.txt"

I cannot see the names of my routines, but only eax, ebx, mov and other "not my" functions (preprocessor macros, etc). I.e. in the following example we have assembly code together with names of functions:

.text:00403D89     lea eax, [ebp+SystemTimeAsFileTime]
.text:00403D8C     push eax
.text:00403D8D     call ds:__imp__GetSystemTimeAsFileTime@4
.text:00403D93     mov esi, [ebp+SystemTimeAsFileTime.dwHighDateTime]
.text:00403D96     xor esi, [ebp+SystemTimeAsFileTime.dwLowDateTime]
.text:00403D99     call ds:__imp__GetCurrentProcessId@0
.text:00403D9F     xor esi, eax
.text:00403DA1     call ds:__imp__GetCurrentThreadId@0
.text:00403DA7     xor esi, eax
.text:00403DA9     call ds:__imp__GetTickCount@0
.text:00403DAF     xor esi, eax
.text:00403DB1     lea eax, [ebp+PerformanceCount]
.text:00403DB4     push eax
.text:00403DB5     call ds:__imp__QueryPerformanceCounter@4
.text:00403DBB     mov eax, dword ptr [ebp+PerformanceCount+4]
.text:00403DBE     xor eax, dword ptr [ebp+PerformanceCount]
.text:00403DC1     xor esi, eax
.text:00403DC3     cmp esi, edi
.text:00403DC5     jnz short loc_403DCE

then if my code is:

#include <iostream>

int Foo(int,int){return 4;}

int main(){
    //std::cout<<"\n\nHello.\n\n"<<std::endl;

    int i=Foo(2,4);
    int a=i;
    //system("pause");
return 0;
}

why I cannot find Foo in assembly dumpbined from resulting from this code exe?
should I be able to find the name Foo there?

Answer 1

"Assembling" means turning a human-readable set of machine instruction mnemonics into actual binary data that can be loaded and executed. Similarly, "disassembling" means turning binary code into a human-readable set of machine instruction mnemonics that a skilled programmer can read and understand what's going on.

Perhaps you are thinking of "compiling" a high-level programming language into machine code; the opposite of that would be a hypothetical-magical "decompiler". Some decompiling is indeed possible and tools exist, but there are always limits to how much of any given high-level language you can recover from a set of compiled machine code, and without a deep understanding of several layers of programming it'll be hard to make sense of the result in any event.

Some languages (like C# or Java) only compile to a rather high-level intermediate language, which is rather more easy to decompile and read, but C++ is not typically used in such a way, and C++ compilers usually produce lowest-level hardware machine code.

Answer 2

Names like Foo are not needed and not contained in the resulting EXE thus won't show up when disassembling - if you compile with debug information then the PDB and/or MAP file will contain such information. Also there is a difference in the handling of internal functions like Foo and functions imported from (system) DLL - the disassembler is usually able to resolve those functions by name while it needs debug information the the "internal ones".