============================== Sample 1 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined _cffi_f_ncplane_greyscale() ;local_20 undefined1 -20 ;local_30 undefined8 -30 ;local_38 undefined8 -38 ;local_40 undefined8 -40 PUSH RBP MOV RBP,RSP PUSH R13 PUSH R12 LEA R13=>local_40,[RBP + -0x38] MOV R12,RSI PUSH RBX MOV RDX,R13 SUB RSP,0x28 MOV RDI,qword ptr [.data:_cffi_types[200]] MOV RAX,qword ptr FS:[0x28] MOV qword ptr [RBP + local_30+0x8],RAX XOR EAX,EAX MOV qword ptr [RBP + local_38+0x8],0x0 CALL qword ptr [.bss:_cffi_exports[184]] TEST RAX,RAX JZ LAB_00142f48 MOV RCX,RAX XOR EAX,EAX CMP RCX,0x280 JBE LAB_00142f28 LAB_00142e96: LEA R8=>local_38,[RBP + -0x30] MOV RDX,R13 MOV RSI,R12 MOV qword ptr [RBP + local_40+0x8],RAX MOV RDI,qword ptr [.data:_cffi_types[200]] CALL _cffi_convert_array_argument ;undefined _cffi_convert_array_argume... TEST EAX,EAX JS LAB_00142f70 MOV RBX,qword ptr [RBP + local_38+0x8] CALL .plt:PyEval_SaveThread ;undefined PyEval_SaveThread() MOV R12,RAX CALL qword ptr [.bss:_cffi_exports[104]] MOV RDI,qword ptr [RBP + local_40+0x8] CALL .plt:ncplane_greyscale ;undefined ncplane_greyscale() CALL qword ptr [.bss:_cffi_exports[112]] MOV RDI,R12 CALL .plt:PyEval_RestoreThread ;undefined PyEval_RestoreThread() TEST RBX,RBX JZ LAB_00142f00 NOP word ptr CS:[RAX + RAX*0x1] LAB_00142ef0: MOV RDI,RBX MOV RBX,qword ptr [RBX] CALL .plt:PyObject_Free ;undefined PyObject_Free() TEST RBX,RBX JNZ LAB_00142ef0 LAB_00142f00: MOV RAX=>EXTERNAL:_Py_NoneStruct,qword ptr [->_Py_NoneStruct] ;= 001807f8 ;=?? ADD qword ptr [RAX]=>EXTERNAL:_Py_NoneStruct,0x1 ;=?? LAB_00142f0b: MOV RDX,qword ptr [RBP + local_30+0x8] SUB RDX,qword ptr FS:[0x28] JNZ LAB_00142f74 LEA RSP=>local_20,[RBP + -0x18] POP RBX POP R12 POP R13 POP RBP RET ?? 0Fh ?? 1Fh ?? 00h LAB_00142f28: LEA RAX,[RCX + 0x17] AND RAX,-0x10 SUB RSP,RAX LEA RAX,[RSP + 0xf] AND RAX,-0x10 JMP LAB_00142e96 ?? 0Fh ?? 1Fh ?? 80h ?? 00h ?? 00h ?? 00h ?? 00h LAB_00142f48: CALL .plt:PyEval_SaveThread ;undefined PyEval_SaveThread() MOV R12,RAX CALL qword ptr [.bss:_cffi_exports[104]] MOV RDI,qword ptr [RBP + local_40+0x8] CALL .plt:ncplane_greyscale ;undefined ncplane_greyscale() CALL qword ptr [.bss:_cffi_exports[112]] MOV RDI,R12 CALL .plt:PyEval_RestoreThread ;undefined PyEval_RestoreThread() JMP LAB_00142f00 ?? 90h LAB_00142f70: XOR EAX,EAX JMP LAB_00142f0b LAB_00142f74: CALL .plt:::__stack_chk_fail ;undefined __stack_chk_fail() NOP dword ptr [RAX] Actual src: static PyObject * _cffi_f_ncplane_greyscale(PyObject *self, PyObject *arg0) { struct ncplane * x0; Py_ssize_t datasize; struct _cffi_freeme_s *large_args_free = NULL; datasize = _cffi_prepare_pointer_call_argument( _cffi_type(25), arg0, (char **)&x0); if (datasize!= 0) { x0 = ((size_t)datasize) <= 640? (struct ncplane *)alloca((size_t)datasize) : NULL; if (_cffi_convert_array_argument(_cffi_type(25), arg0, (char **)&x0, datasize, &large_args_free) < 0) return NULL; } Py_BEGIN_ALLOW_THREADS _cffi_restore_errno(); { ncplane_greyscale(x0); } _cffi_save_errno(); Py_END_ALLOW_THREADS (void)self; /* unused */ if (large_args_free!= NULL) _cffi_free_array_arguments(large_args_free); Py_INCREF(Py_None); return Py_None; } Predicted src: static PyObject * _cffi_f_f_f_f_f(PyObject *self, PyObject *args, PyObject *kwargs) { PyObject *py_f_f; PyObject *py_f_f; PyObject *py_f_f; const char *arg1; const char *arg2; const char *arg2; const char * const char * const * const *name; const char * const * const char * const * const * const * const * const * const *name; const char * const * const * const * const * const * const * const * const; const char * const * const * const * const * const * const * const * const * const * const * const * const * const; const char * const * const * const * const * const * const * const * const * const * const * const * const * const * const * const * const; if (!PyArg_ParseTuple(args, "O:f_ParseTuple", &py_ParseTuple(args, &py_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_ff_f_f_f_ff_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_f_ff_f_ff_f_ff_f_f_ ============================== Sample 2 ============================== ASM: ;************************************************************************************************************************************************************ ;* SBMap::getLinearValue(unsigned int, unsigned int) * ;************************************************************************************************************************************************************ ;undefined getLinearValue(SBMap * this, uint param_1, uint param_2) ;this SBMap * RDI ;param_1 uint ESI ;param_2 uint EDX ;local_10 undefined8 -10 ;local_14 undefined4 -14 PUSH RBX MOV param_1,param_1 SUB RSP,0x10 MOV RAX,qword ptr FS:[0x28] MOV qword ptr [RSP + local_10+0x18],RAX XOR EAX,EAX MOV RAX,qword ptr [this + 0x68] MOV this,qword ptr [RAX + param_1*0x8] MOV R11D,dword ptr [this + 0x50] TEST R11D,R11D JNZ LAB_0022c318 MOV R8D,param_2 CMP param_2,dword ptr [this + 0x18] JNC LAB_0022c2f8 MOVZX EBX,byte ptr [this + 0x12] CMP BL,0x2 JA LAB_0022c2f8 LEA param_2=>local_14,[RSP + 0x4] MOV param_1,R8D CALL SBMapItem::getValue ;undefined getValue(SBMapItem * this,... MOV param_2,0x1 MOV ECX,EBX SHL param_2,CL CMP param_2,dword ptr [RSP + local_14+0x18] JZ LAB_0022c320 NOP dword ptr [RAX] LAB_0022c2f8: MOV RAX,qword ptr [RSP + local_10+0x18] SUB RAX,qword ptr FS:[0x28] JNZ LAB_0022c33d ADD RSP,0x10 MOV EAX,R11D POP RBX RET ?? 0Fh ?? 1Fh ?? 80h ?? 00h ?? 00h ?? 00h ?? 00h LAB_0022c318: XOR R11D,R11D JMP LAB_0022c2f8 ?? 0Fh ?? 1Fh ?? 00h LAB_0022c320: ADD param_2,RAX NOP dword ptr [RAX + RAX*0x1] LAB_0022c328: MOVZX ECX,byte ptr [RAX] SHL R11D,0x8 ADD RAX,0x1 ADD R11D,ECX CMP RAX,param_2 JNZ LAB_0022c328 JMP LAB_0022c2f8 LAB_0022c33d: CALL .plt:::__stack_chk_fail ;undefined __stack_chk_fail() NOP dword ptr CS:[RAX + RAX*0x1] Actual src: SS_UCS4 SBMap::getLinearValue (unsigned int _index, unsigned int position) { return maps[_index]->getLinearValue(position); } Predicted src: bool CItem::getItemItem(int index) const { if (index < 0) return false; for (int i = 0; i < index; i++) { if (index[i] == index) return false; } return false; } ============================== Sample 3 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined hc_AES_decrypt_key() PUSH RBX MOV RBX,RDX MOV EDX,ESI MOV RSI,RDI MOV RDI,RBX CALL _hc_rijndaelKeySetupDec ;undefined _hc_rijndaelKeySetupDec() CMP EAX,0x1 MOV dword ptr [RBX + 0xf0],EAX POP RBX SBB EAX,EAX RET ?? 66h f Actual src: int AES_set_decrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key) { key->rounds = rijndaelKeySetupDec(key->key, userkey, bits); if (key->rounds == 0) return -1; return 0; } Predicted src: static int _key_key_key_key_key(const void *key, const void *key, const void *key) { struct key_key *key = key; struct key_key *key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key = key; key->key->key = key; key->key = key; key->key = key; key->key->key = key; key->key = key; key->key = key; key->key = key; key->key->key = key; key->key = key->key; key->key = key; key->key = key; key->key = key->key; key->key = key; key->key = key->key; key->key = key->key; key->key = key->key; key->key = key; key->key = key->key; key->key = key; key->key = key->key; key->key = key->key; key = key->key; key->key = key->key; key->key = key->key; key->key = key->key; key = key->key; key->key = key->key; key = key->key; key->key->key = key->key; key->key = key->key; key->key = key->key; key->key = key->key; key->key = key->key; key->key = key->key; key->key = key->key; key->key->key = key->key; key->key = key->key; key->key = key->key; key->key = key->key; key->key = key->key; key = key->key; key->key->key->key = key->key = key->key; key->key = key->key; key->key = key->key; key->key->key = key->key; key->key = key->key; key->key = key->key; key->key = key->key->key->key = key->key; key = key->key; key; key->key->key = key->key = key->key; key->key->key->key = key->key; key->key = key->key; key->key = key->key = key->key; key->key->key = key->key; key; key->key = key->key = key->key; key->key->key->key = key->key; key->key->key = key- ============================== Sample 4 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined __glXDisp_VertexAttrib4Nubv() PUSH RBX MOV RBX,RDI LEA RDI,[.rodata:s_glVertexAttrib4Nubv_0030ab88] ;= "glVertexAttrib4Nubv" CALL __glGetProcAddress ;undefined __glGetProcAddress() MOV EDI,dword ptr [RBX] LEA RSI,[RBX + 0x4] POP RBX JMP RAX ?? 0Fh Actual src: void __glXDisp_VertexAttrib4Nubv(GLbyte * pc) { PFNGLVERTEXATTRIB4NUBVPROC VertexAttrib4Nubv = __glGetProcAddress("glVertexAttrib4Nubv"); VertexAttrib4Nubv(*(GLuint *) (pc + 0), (const GLubyte *) (pc + 4)); } Predicted src: void __glXDisp_status(struct gl_context *ctx) { struct gl_context *context = (struct gl_context *)ctx->context; gl_status(ctx->context); } ============================== Sample 5 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined menu_media_disk_disciple_drive2_saveas() MOV ESI,0x152 JMP menu_media_save ;undefined menu_media_save() ?? 66h f Actual src: static MENU_CALLBACK( menu_media_disk_disciple_drive2_saveas ) { menu_media_save( gtk_action, 0x152 ); } Predicted src: static int save_save_save_save_save(const char *name) { return (save_save_save_save_save(name, NULL)); }