============================== Sample 1 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined fileAddComplexValue() TEST ESI,ESI JZ LAB_001f4080 MOV RAX,qword ptr [.bss:column] ;=?? MOV RDX,qword ptr [.bss:rowbuf] ;=?? LEA RCX,[RAX + 0x2] MOVSD qword ptr [RDX + RAX*0x8],XMM0 MOV qword ptr [.bss:column],RCX ;=?? MOVSD qword ptr [RDX + RAX*0x8 + 0x8],XMM1 RET ?? 0Fh ?? 1Fh ?? 80h ?? 00h ?? 00h ?? 00h ?? 00h LAB_001f4080: MOV ECX,0xf MOV EDX,0xf MOV EAX,0x2 LEA RSI,[.rodata:s__%.*e,%.*e_00712740] ;= "\t%.*e,%.*e\n" JMP sh_fprintf ;undefined sh_fprintf(undefined param... ?? 0Fh Actual src: static void fileAddComplexValue(FILE *fp, bool bin, IFcomplex value) { if (bin) { rowbuf[column++] = value.real; rowbuf[column++] = value.imag; } else { fprintf(fp, "\t%.*e,%.*e\n", DOUBLE_PRECISION, value.real, DOUBLE_PRECISION, value.imag); } } Predicted src: void init(void) { int i; for (i = 0; i < 1; i++) { if (i < 0) { i = i; } } } ============================== Sample 2 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined razer_string_to_bool() ;local_20 undefined8 -20 ;local_1010 undefined8 -1010 ;local_1048 undefined8 -1048 PUSH RBP PUSH RBX SUB RSP,0x1000 OR qword ptr [RSP]=>local_1010,0x0 SUB RSP,0x38 OR qword ptr [RSP]=>local_1048,0x0 ADD RSP,0x1020 MOV RBP,RSI LEA RSI,[.rodata:DAT_0011926e] ;= 79h y MOV RBX,RDI CALL .plt:::strcasecmp ;int strcasecmp(char * __s1, char * _... TEST EAX,EAX JZ LAB_0010b250 LEA RSI,[.rodata:DAT_00119272] ;= 74h t MOV RDI,RBX CALL .plt:::strcasecmp ;int strcasecmp(char * __s1, char * _... TEST EAX,EAX JZ LAB_0010b250 LEA RSI,[.rodata:s_on_0011817d+5] ;= "on" MOV RDI,RBX CALL .plt:::strcasecmp ;int strcasecmp(char * __s1, char * _... TEST EAX,EAX JZ LAB_0010b250 LEA RSI,[.rodata:DAT_00119277] ;= 6Eh n MOV RDI,RBX CALL .plt:::strcasecmp ;int strcasecmp(char * __s1, char * _... TEST EAX,EAX JZ LAB_0010b260 LEA RSI,[.rodata:s_false_0011927a] ;= "false" MOV RDI,RBX CALL .plt:::strcasecmp ;int strcasecmp(char * __s1, char * _... TEST EAX,EAX JZ LAB_0010b260 LEA RSI,[.rodata:DAT_00119280] ;= 6Fh o MOV RDI,RBX CALL .plt:::strcasecmp ;int strcasecmp(char * __s1, char * _... TEST EAX,EAX JZ LAB_0010b260 XOR EDX,EDX LEA RSI=>local_20,[RSP + 0x8] MOV RDI,RBX CALL .plt:::strtol ;long strtol(char * __nptr, char * *... MOV RDX,qword ptr [RSP + local_20+0x28] CMP RBX,RDX JZ LAB_0010b26d CMP byte ptr [RDX],0x0 JNZ LAB_0010b26d TEST EAX,EAX SETNZ byte ptr [RBP] XOR EAX,EAX JMP LAB_0010b256 ?? 90h LAB_0010b250: MOV byte ptr [RBP],0x1 XOR EAX,EAX LAB_0010b256: ADD RSP,0x18 POP RBX POP RBP RET ?? 0Fh ?? 1Fh ?? 00h LAB_0010b260: MOV byte ptr [RBP],0x0 ADD RSP,0x18 XOR EAX,EAX POP RBX POP RBP RET LAB_0010b26d: MOV EAX,0xffffffea JMP LAB_0010b256 ?? 66h f Actual src: int razer_string_to_bool(const char *string, bool *b) { int i; if (strcasecmp(string, "yes") == 0 || strcasecmp(string, "true") == 0 || strcasecmp(string, "on") == 0) { *b = 1; return 0; } if (strcasecmp(string, "no") == 0 || strcasecmp(string, "false") == 0 || strcasecmp(string, "off") == 0) { *b = 0; return 0; } if (!razer_string_to_int(string, &i)) { *b =!!i; return 0; } return -EINVAL; } Predicted src: int string_string(const char *str, const char *str) { char *str; char *str; char *str; char *str; char *str; char *str; char *str; char *str; char *str; str = strlen(str); if (!str) return -1; if (!str) return -1; if (!str) return -1; if (!str) return -1; if (!str) return -1; if (!str) return -1; if (!str) return -1; if (!str) return -1; if (!str) return -1; if (!str) return -1; if (!str) return -1; if (!str) return -1; if (!str) return -1; if (!str) return -1; return -1; } ============================== Sample 3 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined CheckForUnclosedCatches() PUSH R12 XOR R12D,R12D PUSH RBP PUSH RBX MOV RAX,qword ptr [RDI + 0x80] CMP dword ptr [RAX + 0x48],0x1 JA LAB_0013d6f0 LAB_0013d6e4: MOV EAX,R12D POP RBX POP RBP POP R12 RET ?? 0Fh ?? 1Fh ?? 40h @ ?? 00h LAB_0013d6f0: MOV RBX,RDI MOV R12D,0x1 TEST byte ptr [RDI + 0x96],0x4 JZ LAB_0013d6e4 MOV RAX,qword ptr [RDI] MOV ESI,0xffffffff LEA RDI,[.rodata:s_catch_still_active_on_exit_from_a_0026f308] ;= "catch still active on exit from a... MOV RBP,qword ptr [RAX] CALL .plt:Tcl_NewStringObj ;undefined Tcl_NewStringObj() MOV RSI,RAX MOV RDI,RBP CALL .plt:Tcl_SetObjResult ;undefined Tcl_SetObjResult() MOV RAX,qword ptr [RBX + 0x80] MOV RDI,RBP MOV RAX,qword ptr [RAX + 0x50] MOV ESI,dword ptr [RAX + 0x8] CALL .plt:Tcl_SetErrorLine ;undefined Tcl_SetErrorLine() MOV RDI,RBP XOR EAX,EAX XOR R8D,R8D LEA RCX,[.rodata:s_UNCLOSEDCATCH_0026ef21] ;= "UNCLOSEDCATCH" LEA RDX,[.rodata:s_ASSEM_0026edd1] ;= "ASSEM" LEA RSI,[.rodata:DAT_0026edd7] ;= 54h T CALL .plt:Tcl_SetErrorCode ;undefined Tcl_SetErrorCode(undefined... MOV EAX,R12D POP RBX POP RBP POP R12 RET ?? 66h f Actual src: static int CheckForUnclosedCatches( AssemblyEnv* assemEnvPtr) /* Assembly environment */ { CompileEnv* envPtr = assemEnvPtr->envPtr; /* Compilation environment */ Tcl_Interp* interp = (Tcl_Interp*) envPtr->iPtr; /* Tcl interpreter */ if (assemEnvPtr->curr_bb->catchState >= BBCS_INCATCH) { if (assemEnvPtr->flags & TCL_EVAL_DIRECT) { Tcl_SetObjResult(interp, Tcl_NewStringObj( "catch still active on exit from assembly code", -1)); Tcl_SetErrorLine(interp, assemEnvPtr->curr_bb->enclosingCatch->startLine); Tcl_SetErrorCode(interp, "TCL", "ASSEM", "UNCLOSEDCATCH", NULL); } return TCL_ERROR; } return TCL_OK; } Predicted src: static int set_name(const char *name, const char *name) { if (name == NULL) { return -1; } if (name == NULL) { return -1; } if (name == NULL) { return -1; } return -1; } ============================== Sample 4 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined startree_search() MOV R9,R8 XOR R8D,R8D JMP startree_search_for ;undefined startree_search_for() ?? 0Fh Actual src: void startree_search(const startree_t* s, const double* xyzcenter, double radius2, double** xyzresults, double** radecresults, int* nresults) { startree_search_for(s, xyzcenter, radius2, xyzresults, radecresults, NULL, nresults); } Predicted src: static int tree_tree_tree_tree_tree_tree_tree_tree(tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree, void *tree_tree_tree_tree_tree_tree_tree) { tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree_tree(tree_tree_tree_tree_tree_tree, NULL, NULL, NULL, NULL, NULL); return 0; } ============================== Sample 5 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined _deliver_in_sess() PUSH RBP MOV RBP,RDX PUSH RBX MOV RBX,RSI SUB RSP,0x8 MOV R8,qword ptr [RDX + 0x30] MOV RDI,qword ptr [RSI + 0x10] TEST R8,R8 JZ LAB_001011ea MOV RSI,RDI MOV RDI,R8 CALL .plt:jid_compare_user ;undefined jid_compare_user() TEST EAX,EAX JZ LAB_00101238 LAB_001011d8: MOV RDI,qword ptr [RBP + 0x30] TEST RDI,RDI JZ LAB_001011e6 CALL .plt:jid_free ;undefined jid_free() LAB_001011e6: MOV RDI,qword ptr [RBX + 0x10] LAB_001011ea: CALL .plt:jid_dup ;undefined jid_dup() MOV qword ptr [RBP + 0x30],RAX MOV RDI,RAX CALL .plt:jid_full ;undefined jid_full() MOV RDI,qword ptr [RBP + 0x40] XOR R9D,R9D LEA RCX,[.rodata:DAT_00102000] ;= 66h f MOV R8,RAX MOV EDX,0xffffffff MOV ESI,0x1 CALL .plt:nad_set_attr ;undefined nad_set_attr() LAB_0010121b: CMP qword ptr [RBP + 0x28],0x0 JZ LAB_00101258 LAB_00101222: MOV RDI,RBP CALL .plt:pkt_router ;undefined pkt_router() XOR EAX,EAX LAB_0010122c: ADD RSP,0x8 POP RBX POP RBP RET ?? 0Fh ?? 1Fh ?? 44h D ?? 00h ?? 00h LAB_00101238: TEST byte ptr [RBP + 0x24],0x60 JNZ LAB_0010121b MOV RSI,qword ptr [RBX + 0x10] MOV RDI,qword ptr [RBP + 0x30] CALL .plt:jid_compare_full ;undefined jid_compare_full() TEST EAX,EAX JNZ LAB_001011d8 JMP LAB_0010121b ?? 0Fh ?? 1Fh ?? 80h ?? 00h ?? 00h ?? 00h ?? 00h LAB_00101258: MOV EDX,dword ptr [RBP + 0x24] CMP EDX,0x82 JZ LAB_001012b0 AND EDX,0x80 MOV EAX,0xffffff9a JNZ LAB_0010122c MOV RDI,qword ptr [RBX + 0x10] CALL .plt:jid_dup ;undefined jid_dup() MOV qword ptr [RBP + 0x28],RAX MOV RDI,RAX CALL .plt:jid_full ;undefined jid_full() MOV RDI,qword ptr [RBP + 0x40] XOR R9D,R9D LEA RCX,[.rodata:DAT_00102005] ;= 74h t MOV R8,RAX MOV EDX,0xffffffff MOV ESI,0x1 CALL .plt:nad_set_attr ;undefined nad_set_attr() JMP LAB_00101222 ?? 66h f ?? 0Fh ?? 1Fh ?? 44h D ?? 00h ?? 00h LAB_001012b0: MOV RDI,RBP CALL .plt:pkt_free ;undefined pkt_free() XOR EAX,EAX JMP LAB_0010122c ?? 90h Actual src: static mod_ret_t _deliver_in_sess(mod_instance_t mi, sess_t sess, pkt_t pkt) { /* ensure from is set correctly if not already by client */ if(pkt->from == NULL || jid_compare_user(pkt->from, sess->jid)!= 0 || (!(pkt->type & pkt_PRESENCE) &&!(pkt->type & pkt_S10N) && jid_compare_full(pkt->from, sess->jid)!= 0)) { if(pkt->from!= NULL) jid_free(pkt->from); pkt->from = jid_dup(sess->jid); nad_set_attr(pkt->nad, 1, -1, "from", jid_full(pkt->from), 0); } /* no to address means its to us */ if(pkt->to == NULL) { /* drop iq-result packets */ /* user client is confirming all iq-set, but we usually do not track these * confirmations and we need to drop it here, not loop back to client */ if(pkt->type == pkt_IQ_RESULT) { pkt_free(pkt); return mod_HANDLED; } /* iq packets without to should have been already handled by modules */ if(pkt->type & pkt_IQ) { return -stanza_err_FEATURE_NOT_IMPLEMENTED; } /* supplant user jid as 'to' */ pkt->to = jid_dup(sess->jid); nad_set_attr(pkt->nad, 1, -1, "to", jid_full(pkt->to), 0); } /* let it go on the wire */ pkt_router(pkt); return mod_HANDLED; } Predicted src: static int _set_set_cb(struct tevent_req *req, void *data, void *data) { struct tevent_req *req = data; struct tevent_req *req = data; struct tevent_req *req = data; struct tevent_req *req = data; struct tevent_req *req = data; struct tevent_req_req_data(req); if (req == NULL) { return -1; } if (req->req == NULL) { return -1; } if (req->req == NULL) { return -1; } if (req->ctx == NULL) { return -1; } if (req->ctx == NULL) { return -1; } if (req->ctx == NULL) { return -1; } if (ctx->ctx == NULL) { return -1; } if (req->ctx == NULL) { return -1; } if (ctx->ctx == NULL) { return -1; } return -1; }