============================== Sample 1 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined Ligature_find_N() LEA EAX,[RDI + -0x132] CMP EAX,0x11044 JA LAB_001ce84d PUSH RBX MOV EBX,EDI CMP EDI,0xffff JBE LAB_001ce7f0 CMP EDI,0x10f26 JBE LAB_001ce7cc MOV ECX,0x3 XOR ESI,ESI LEA RDI,[.rodata:ligature32] NOP word ptr [RAX + RAX*0x1] LAB_001ce7a8: CMP RCX,RSI JBE LAB_001ce7cc LAB_001ce7ad: LEA RDX,[RCX + RSI*0x1] SHR RDX,1 LEA RAX,[RDX*0x4] ; FWD[2,0]: 0045e44c,0045e450 CMP dword ptr [RDI + RDX*0x4]=>.rodata:ligature32[4],EBX JA LAB_001ce7d8 JZ LAB_001ce7e0 LEA RSI,[RDX + 0x1] CMP RCX,RSI JA LAB_001ce7ad LAB_001ce7cc: MOV EAX,0xffffffff POP RBX RET ?? 0Fh ?? 1Fh ?? 44h D ?? 00h ?? 00h LAB_001ce7d8: MOV RCX,RDX JMP LAB_001ce7a8 ?? 0Fh ?? 1Fh ?? 00h LAB_001ce7e0: SAR RAX,0x2 POP RBX ADD EAX,0x1ff RET ?? 0Fh ?? 1Fh ?? 44h D ?? 00h ?? 00h LAB_001ce7f0: CALL .plt:ffUnicodeUtype ;undefined ffUnicodeUtype() TEST EAX,0x20000000 JZ LAB_001ce7cc MOV R8D,EBX MOV ECX,0x1ff XOR ESI,ESI LEA RDI,[.rodata:ligature16] CMP EBX,0xfefc JA LAB_001ce7cc NOP dword ptr [RAX] LAB_001ce818: CMP RCX,RSI JBE LAB_001ce7cc LAB_001ce81d: LEA RAX,[RCX + RSI*0x1] MOV RDX,RAX AND RAX,-0x2 SHR RDX,1 ; FWD[2,0]: 0045e65e,0045e75e CMP R8W,word ptr [RDI + RDX*0x2]=>.rodata:ligature16[510] JC LAB_001ce840 JZ LAB_001ce848 LEA RSI,[RDX + 0x1] CMP RCX,RSI JA LAB_001ce81d JMP LAB_001ce7cc ?? 90h LAB_001ce840: MOV RCX,RDX JMP LAB_001ce818 ?? 0Fh ?? 1Fh ?? 00h LAB_001ce848: SAR RAX,1 POP RBX RET LAB_001ce84d: MOV EAX,0xffffffff RET ?? 66h f Actual src: int Ligature_find_N(uint32 uCode) { uint16 uCode16, *p16; uint32 *p32; int n=-1; if ( uCode < FF_ligature16FIRST || uCode > FF_ligature32LAST || \ ((uCode < FF_UTYPE_MAXC) && (isligorfrac(uCode)==0)) ) return( -1 ); if ( uCode <= FF_ligature16LAST ) { uCode16 = uCode; p16 = (uint16 *)(bsearch(&uCode16, ligature16, FF_ligatureTOTAL16, \ sizeof(uint16), compare_codepoints16)); if ( p16 ) n = p16 - ligature16; } else if ( uCode >= FF_ligature32FIRST ) { p32 = (uint32 *)(bsearch(&uCode, ligature32, FF_ligatureTOTAL32, \ sizeof(uint32), compare_codepoints32)); if ( p32 ) n = p32 - ligature32 + FF_ligatureTOTAL16; } return( n ); } Predicted src: uint32_t find_uint32(uint32_t n, uint32_t n) { uint32_t i; for (i = 0; i < n; i++) if (n < n) return -1; for (i = 0; i < n; i++) if (n < n) return -1; for (i = 0; i < n; i++) if (n < n) return -1; for (i = 0; i < n; i++) if (n[i] == n) return -1; return n; } ============================== Sample 2 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined eph_waitack() PUSH R12 XOR R12D,R12D PUSH RBP MOV RBP,RDI SUB RSP,0x8 CALL eph_waitchar ;undefined eph_waitchar() CMP EAX,0x6 JZ LAB_0010cf38 MOV R12D,EAX AND EAX,0xfffffffb CMP EAX,0x11 JZ LAB_0010cf38 CMP R12D,0x18 JNZ LAB_0010cf48 LAB_0010cf38: ADD RSP,0x8 MOV EAX,R12D POP RBP POP R12 RET ?? 0Fh ?? 1Fh ?? 44h D ?? 00h ?? 00h LAB_0010cf48: MOV ECX,R12D MOV RDI,RBP XOR EAX,EAX MOV ESI,0x2713 LEA RDX,[.rodata:s_eph_waitack_got_%d_00110937] ;= "eph_waitack got %d" CALL eph_error ;undefined eph_error(undefined param_... ADD RSP,0x8 MOV EAX,R12D POP RBP POP R12 RET ?? 0Fh Actual src: int eph_waitack(eph_iob *iob,long timeout_usec) { int rc; if ((rc=eph_waitchar(iob,timeout_usec)) == ACK) return 0; if ((rc!= DC1) && (rc!= NAK) && (rc!= CAN)) eph_error(iob,ERR_BADREAD,"eph_waitack got %d",rc); return rc; } Predicted src: int wait_wait_wait_wait_wait(const char *name) { if (wait_wait_wait(name, "wait_wait_wait_wait_wait") == 0) return -1; if (wait_wait_wait_wait(name, "wait_wait_wait_wait") == 0) return -1; return 0; } ============================== Sample 3 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined fd_write() PUSH R13 MOV R13,RCX PUSH R12 MOV R12,RDX XOR EDX,EDX PUSH RBP MOV EBP,EDI PUSH RBX MOV RBX,RSI SUB RSP,0x8 CALL .plt:::lseek ;__off_t lseek(int __fd, __off_t __of... CMP RAX,RBX JNZ LAB_00139860 ADD RSP,0x8 MOV RDX,R13 MOV RSI,R12 MOV EDI,EBP POP RBX POP RBP POP R12 POP R13 JMP .plt:::write ;ssize_t write(int __fd, void * __buf... ?? 0Fh ?? 1Fh ?? 84h ?? 00h ?? 00h ?? 00h ?? 00h ?? 00h LAB_00139860: ADD RSP,0x8 MOV RAX,-0x1 POP RBX POP RBP POP R12 POP R13 RET ?? 66h f Actual src: ssize_t fd_write(int fd, off_t offset, const void *src, size_t size) { if (lseek(fd, offset, SEEK_SET)!= offset) return -1; return write(fd, src, size); } Predicted src: static void write_write(int fd, char *buf, size_t len) { int fd; fd = write(fd, buf, len); if (fd < 0) return; fd = write(fd, buf, len); } ============================== Sample 4 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined dev_c1700_mb_wic2t_set_nio() CMP EDX,0x1 JA LAB_00179172 ADD EDX,dword ptr [RSI + 0x20] CMP EDX,0x20 JZ LAB_00179188 JA LAB_00179168 CMP EDX,0x10 JZ LAB_00179180 CMP EDX,0x11 JNZ LAB_00179172 MOV ESI,0x3 LAB_0017914e: MOV RAX,qword ptr [RDI + 0xa20] MOV RDX,RCX MOV RDI,qword ptr [RAX + 0x510] JMP mpc860_scc_set_nio ;undefined mpc860_scc_set_nio() ?? 0Fh ?? 1Fh ?? 40h @ ?? 00h LAB_00179168: MOV ESI,0x2 CMP EDX,0x21 JZ LAB_0017914e LAB_00179172: MOV EAX,0xffffffff RET ?? 0Fh ?? 1Fh ?? 84h ?? 00h ?? 00h ?? 00h ?? 00h ?? 00h LAB_00179180: XOR ESI,ESI JMP LAB_0017914e ?? 0Fh ?? 1Fh ?? 40h @ ?? 00h LAB_00179188: MOV ESI,0x1 JMP LAB_0017914e ?? 90h Actual src: static int dev_c1700_mb_wic2t_set_nio(vm_instance_t *vm,struct cisco_card *card, u_int port_id,netio_desc_t *nio) { u_int scc_chan; if ((port_id > 1) || (dev_c1700_mb_wic_get_scc_chan(card,port_id,&scc_chan) == -1)) return(-1); return(mpc860_scc_set_nio(VM_C1700(vm)->mpc_data,scc_chan,nio)); } Predicted src: static int ipmi_set_mode (ipmi_ipmi_ipmi_t *ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmi_ipmiipmi_ipmi_ipmi_ipmi_ipmi_ipmiipmi_ipmi_ipmiipmi_ipmiipmi_ipmi_ipmiipmi_ipmiipmi_ipmiipmi_ipmiipmi_ipmiipmi_ipmiipmi_ipmiipmi_ipmiipmi_ipmiipmi_ipmiipmi_ipmiipmiipmi_ipmiipmi_ipmiipmiipmi_ipmiipmiipmi_ipmiipmiipmi_ipmiipmiipmiipmi_ipmiipmiipmi_ipmiipmiipmi_ipmiipmi_ipmiipmi_ipmiipmiipmi_ipmiipmiipmiipmi_ipmiipmiipmiipmi_ipmiipmiipmiipmiipmiipmi_ipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipmiipm ============================== Sample 5 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined rowind_set_cb() PUSH R12 MOV R12,RDI PUSH RBP MOV RBP,RSI SUB RSP,0x8 CALL .plt:::gtk_combo_box_get_type ;undefined gtk_combo_box_get_type() MOV RDI,R12 MOV RSI,RAX CALL .plt:::g_type_check_instance_cast ;undefined g_type_check_instance_cast() MOV RDI,RAX CALL .plt:::gtk_combo_box_get_active ;undefined gtk_combo_box_get_active() ADD RSP,0x8 MOV RSI,RBP MOV EDI,EAX POP RBP POP R12 JMP .plt:LAB_0012c340 ?? 66h f Actual src: static void rowind_set_cb (GtkWidget *w, ggobid *gg) { rowind_set (gtk_combo_box_get_active(GTK_COMBO_BOX(w)), gg); } Predicted src: static void set_cb (GtkWidget *widget, gpointer user_data) { gtk_combo_box_set_active (GTK_COMBO_BOX (widget), TRUE); }