============================== Sample 1 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined exec_generic() ;local_40 undefined8 -40 ;local_140 undefined8 -140 ;local_148 undefined8 -148 ;local_150 undefined8 -150 ;local_154 undefined4 -154 PUSH R15 LEA RCX,[.data:games] MOV R15D,0x1 PUSH R14 PUSH R13 MOV R13,RDI PUSH R12 PUSH RBP LEA RBP,[.rodata:delim] ;= 000A092000h PUSH RBX SUB RSP,0x128 MOV dword ptr [RSP + local_154+0x158],ESI LEA R12=>local_148,[RSP + 0x10] MOV RAX,qword ptr FS:[0x28] MOV qword ptr [RSP + local_40+0x158],RAX MOV RAX,qword ptr [RDI] MOV EAX,dword ptr [RAX + 0x5c] MOV qword ptr [RSP + local_150+0x158],RAX IMUL RAX,RAX,0x138 MOV RDI,qword ptr [RCX + RAX*0x1 + offset.data:games[192] &0xff] CALL strdup_strip ;undefined strdup_strip() MOV RSI=>.rodata:delim,RBP ;= 000A092000h MOV RDI,RAX MOV R14,RAX CALL .plt:::strtok ;char * strtok(char * __s, char * __d... MOV qword ptr [RSP + local_148+0x158],RAX NOP dword ptr [RAX] LAB_00145bf8: MOV RSI=>.rodata:delim,RBP ;= 000A092000h XOR EDI,EDI MOVSXD RBX,R15D CALL .plt:::strtok ;char * strtok(char * __s, char * __d... MOV qword ptr [R12 + R15*0x8]=>local_140,RAX ADD R15,0x1 TEST RAX,RAX JNZ LAB_00145bf8 MOV RDX,qword ptr [R13 + 0x8] MOV EAX,EBX TEST RDX,RDX JZ LAB_00145c25 MOV qword ptr [RSP + RBX*0x8 + local_140+0x150],RDX ADD EAX,0x1 LAB_00145c25: CDQE LEA RBX,[.data:games] MOV EDI,dword ptr [RSP + local_154+0x158] MOV RDX,R12 MOV qword ptr [RSP + RAX*0x8 + local_140+0x150],0x0 MOV RCX,qword ptr [R13] IMUL RAX,qword ptr [RSP + local_150+0x158],0x138 MOV RSI,qword ptr [RBX + RAX*0x1 + offset.data:games[208] &0xff] CALL client_launch_exec ;undefined client_launch_exec() MOV RDI,R14 MOV R12D,EAX CALL .plt.got:::g_free ;undefined g_free() MOV RAX,qword ptr [RSP + local_40+0x158] SUB RAX,qword ptr FS:[0x28] JNZ LAB_00145c8b ADD RSP,0x128 MOV EAX,R12D POP RBX POP RBP POP R12 POP R13 POP R14 POP R15 RET LAB_00145c8b: CALL .plt:::__stack_chk_fail ;undefined __stack_chk_fail() ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined ottd_exec() ;local_40 undefined8 -40 ;local_140 undefined8 -140 ;local_148 undefined8 -148 ;local_150 undefined8 -150 ;local_154 undefined4 -154 PUSH R15 Actual src: static int exec_generic (const struct condef *con, int forkit) { char *argv[32]; int argi = 0; char *cmd; struct game *g = &games[con->s->type]; int retval; cmd = strdup_strip (g->cmd); argv[argi++] = strtok (cmd, delim); while ((argv[argi] = strtok (NULL, delim))!= NULL) argi++; if (con->server) { argv[argi++] = con->server; } argv[argi] = NULL; retval = client_launch_exec (forkit, g->real_dir, argv, con->s); g_free (cmd); return retval; } Predicted src: static void _get_get_get_get_set(const char *data) { struct NULL; if (self->data = NULL; } ============================== Sample 2 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined eph_waitack() PUSH R12 XOR R12D,R12D PUSH RBP MOV RBP,RDI SUB RSP,0x8 CALL eph_waitchar ;undefined eph_waitchar() CMP EAX,0x6 JZ LAB_0010cf38 MOV R12D,EAX AND EAX,0xfffffffb CMP EAX,0x11 JZ LAB_0010cf38 CMP R12D,0x18 JNZ LAB_0010cf48 LAB_0010cf38: ADD RSP,0x8 MOV EAX,R12D POP RBP POP R12 RET ?? 0Fh ?? 1Fh ?? 44h D ?? 00h ?? 00h LAB_0010cf48: MOV ECX,R12D MOV RDI,RBP XOR EAX,EAX MOV ESI,0x2713 LEA RDX,[.rodata:s_eph_waitack_got_%d_00110937] ;= "eph_waitack got %d" CALL eph_error ;undefined eph_error(undefined param_... ADD RSP,0x8 MOV EAX,R12D POP RBP POP R12 RET ?? 0Fh Actual src: int eph_waitack(eph_iob *iob,long timeout_usec) { int rc; if ((rc=eph_waitchar(iob,timeout_usec)) == ACK) return 0; if ((rc!= DC1) && (rc!= NAK) && (rc!= CAN)) eph_error(iob,ERR_BADREAD,"eph_waitack got %d",rc); return rc; } Predicted src: static void _get_get_set_get_get_get_set(void) { if (void) { if (void) return 0; return NULL; } } ============================== Sample 3 ============================== ASM: ;************************************************************************************************************************************************************ ;* simple_output::simple_comment(char const*) * ;************************************************************************************************************************************************************ ;undefined simple_comment(simple_output * this, char * param_1) ;this simple_outp... RDI ;param_1 char * RSI PUSH R12 MOV R12,this PUSH RBP MOV RBP,param_1 SUB RSP,0x8 CALL simple_output::flush_last_word ;undefined flush_last_word(simple_out... MOV EAX,dword ptr [R12 + 0xc] TEST EAX,EAX JNZ LAB_00118dd0 LAB_00118d7b: MOV RCX,qword ptr [R12] MOV EDX,0x5 MOV param_1,0x1 LEA this,[.rodata:s__0012b088] ;= " -->\n" CALL .plt:::fwrite ;size_t fwrite(void * __ptr, size_t _... MOV RAX,R12 MOV dword ptr [R12 + 0xc],0x0 ADD RSP,0x8 POP RBP POP R12 RET ?? 90h LAB_00118dd0: MOV param_1,qword ptr [R12] MOV this,0xa CALL .plt:::putc ;int putc(int __c, FILE * __stream) JMP LAB_00118d7b ;************************************************************************************************************************************************************ ;* simple_output::begin_comment(char const*) * ;************************************************************************************************************************************************************ ;undefined begin_comment(simple_output * this, char * param_1) ;this simple_outp... RDI ;param_1 char * RSI PUSH R13 Actual src: simple_output &simple_output::simple_comment(const char *s) { flush_last_word(); if (col!= 0) PUTC('\n', fp); FPUTS("\n", fp); col = 0; return *this; } Predicted src: static void ::set(void) { if (void) return; } ============================== Sample 4 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined dev_c1700_mb_wic2t_set_nio() CMP EDX,0x1 JA LAB_00179172 ADD EDX,dword ptr [RSI + 0x20] CMP EDX,0x20 JZ LAB_00179188 JA LAB_00179168 CMP EDX,0x10 JZ LAB_00179180 CMP EDX,0x11 JNZ LAB_00179172 MOV ESI,0x3 LAB_0017914e: MOV RAX,qword ptr [RDI + 0xa20] MOV RDX,RCX MOV RDI,qword ptr [RAX + 0x510] JMP mpc860_scc_set_nio ;undefined mpc860_scc_set_nio() ?? 0Fh ?? 1Fh ?? 40h @ ?? 00h LAB_00179168: MOV ESI,0x2 CMP EDX,0x21 JZ LAB_0017914e LAB_00179172: MOV EAX,0xffffffff RET ?? 0Fh ?? 1Fh ?? 84h ?? 00h ?? 00h ?? 00h ?? 00h ?? 00h LAB_00179180: XOR ESI,ESI JMP LAB_0017914e ?? 0Fh ?? 1Fh ?? 40h @ ?? 00h LAB_00179188: MOV ESI,0x1 JMP LAB_0017914e ?? 90h Actual src: static int dev_c1700_mb_wic2t_set_nio(vm_instance_t *vm,struct cisco_card *card, u_int port_id,netio_desc_t *nio) { u_int scc_chan; if ((port_id > 1) || (dev_c1700_mb_wic_get_scc_chan(card,port_id,&scc_chan) == -1)) return(-1); return(mpc860_scc_set_nio(VM_C1700(vm)->mpc_data,scc_chan,nio)); } Predicted src: static int _t_get_t_get_get_get_get_get_get_get_get_get_get_get(const char *data) { return NULL; if (void) { return NULL; return NULL; return NULL; if (void) } ============================== Sample 5 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined QCoreApplication_quit(void) JMP .plt:::QCoreApplication::quit ?? 66h f Actual src: void QCoreApplication_quit() { QCoreApplication::quit(); } Predicted src: void ::set(void) { return; }