============================== Sample 1 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined lxsession_lxde_session_server_CanShutdown() PUSH R14 MOV R14,RDX PUSH R13 MOV R13,RSI PUSH R12 MOV R12,RDI MOV EDI,0x40 PUSH RBP SUB RSP,0x8 CALL .plt:::g_slice_alloc ;undefined g_slice_alloc() PXOR XMM0,XMM0 XOR ESI,ESI MOV RDX,R13 MOV RDI,R12 MOVUPS xmmword ptr [RAX],XMM0 MOV RCX,R14 MOV RBP,RAX MOVUPS xmmword ptr [RAX + 0x10],XMM0 MOVUPS xmmword ptr [RAX + 0x20],XMM0 MOVUPS xmmword ptr [RAX + 0x30],XMM0 CALL .plt:::g_task_new ;undefined g_task_new() LEA RDX,[lxsession_lxde_session_server_CanShutdown_data_free] MOV RSI,RBP MOV RDI,RAX MOV qword ptr [RBP + 0x18],RAX CALL .plt:::g_task_set_task_data ;undefined g_task_set_task_data() TEST R12,R12 JZ LAB_0011ca0a MOV RDI,R12 CALL .plt:::g_object_ref ;undefined g_object_ref() MOV R12,RAX LAB_0011ca0a: MOV qword ptr [RBP + 0x20],R12 ADD RSP,0x8 MOV RDI,RBP POP RBP POP R12 POP R13 POP R14 JMP lxsession_lxde_session_server_CanShutdown_co.isra.0 ;undefined lxsession_lxde_session_ser... ?? 66h f Actual src: void lxsession_lxde_session_server_CanShutdown (LxsessionLxdeSessionServer* self, GAsyncReadyCallback _callback_, gpointer _user_data_) { lxsession_lxde_session_server_CanShutdownData* _data_; LxsessionLxdeSessionServer* _tmp0_; g_return_if_fail (self!= NULL); _data_ = g_slice_new0 (lxsession_lxde_session_server_CanShutdownData); _data_->_async_result = g_task_new (G_OBJECT (self), NULL, _callback_, _user_data_); g_task_set_task_data (_data_->_async_result, _data_, lxsession_lxde_session_server_CanShutdown_data_free); _tmp0_ = _g_object_ref0 (self); _data_->self = _tmp0_; lxsession_lxde_session_server_CanShutdown_co (_data_); } Predicted src: static void g_task_set_data_async (GObject *source_object, GAsyncResult *res, gpointer user_data) { g_task_set_data_async (source_object, res, user_data); g_return_if_fail (res!= NULL); g_task_free (res); res->data = g_task_new (res); res->data = NULL; g_task_free (res); } ============================== Sample 2 ============================== ASM: ;************************************************************************************************************************************************************ ;* new_outline(text_object*, char*, unsigned int) * ;************************************************************************************************************************************************************ ;undefined new_outline(text_object * param_1, char * param_2, uint param_3) ;param_1 text_object * RDI ;param_2 char * RSI ;param_3 uint EDX ;local_10 undefined8 -10 TEST param_3,param_3 JNZ LAB_0013fb18 RET ?? 0Fh ?? 1Fh ?? 00h LAB_0013fb18: SUB RSP,0x18 MOV RAX,param_1 PXOR XMM0,XMM0 MOV param_1,param_2 CVTSI2SD XMM0,qword ptr [RAX + 0x20] MOV param_2,0x6 MOVSD qword ptr [RSP + local_10+0x18],XMM0 CALL new_special ;undefined new_special(char * param_1... MOVSD XMM0,qword ptr [RSP + local_10+0x18] MOVSD qword ptr [RAX + 0x8],XMM0 ADD RSP,0x18 RET ?? 0Fh Actual src: void new_outline(struct text_object *obj, char *p, unsigned int p_max_size) { if (p_max_size == 0) { return; } new_special(p, OUTLINE)->arg = obj->data.l; } Predicted src: void object_object_object_object(object_object *object, const char *name, const char *value) { object_object_object_t *object = object; object_object_object_t *object; object = object->object; object->object = value; object->object = value; } ============================== Sample 3 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined rpmfiFMode() MOV ESI,0xffffffff TEST RDI,RDI JZ LAB_00141700 MOV ESI,dword ptr [RDI] MOV RDI,qword ptr [RDI + 0x28] LAB_00141700: JMP .plt:rpmfilesFMode ;undefined rpmfilesFMode() ?? 66h f Actual src: RPMFI_ITERFUNC(rpm_mode_t, FMode, i) Predicted src: static void ModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeModeMod ============================== Sample 4 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined ltks_rsp() SUB RSP,0x8 TEST DIL,DIL JZ LAB_001105b8 MOVZX ESI,DIL LEA RDX,[.rodata:s__00131096] ;= "" CMP DIL,0x15 JA LAB_00110598 MOVSXD RAX,ESI LEA RDX,[.data.rel.ro:mgmt_status] MOV RDX=>.data.rel.ro:mgmt_status,qword ptr [RDX + RAX*0x8] LAB_00110598: LEA RDI,[.rodata:DAT_00133660] ;= 01h XOR EAX,EAX CALL bt_shell_printf ;undefined bt_shell_printf(undefined... XOR EDI,EDI ADD RSP,0x8 JMP bt_shell_noninteractive_quit ;undefined bt_shell_noninteractive_qu... ?? 0Fh ?? 1Fh ?? 80h ?? 00h ?? 00h ?? 00h ?? 00h LAB_001105b8: LEA RDI,[.rodata:s_Long_term_keys_successfully_load_001336a0] ;= "Long term keys successfully loade... XOR EAX,EAX CALL bt_shell_printf ;undefined bt_shell_printf(undefined... XOR EDI,EDI ADD RSP,0x8 JMP bt_shell_noninteractive_quit ;undefined bt_shell_noninteractive_qu... ?? 66h f Actual src: static void ltks_rsp(uint8_t status, uint16_t len, const void *param, void *user_data) { if (status!= 0) error("Load keys failed with status 0x%02x (%s)", status, mgmt_errstr(status)); else print("Long term keys successfully loaded"); bt_shell_noninteractive_quit(EXIT_SUCCESS); } Predicted src: static void status_status_status_status (void) { if (status_status_status_status_status_status_status_status_status_status (status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status (status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status)) { status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status (status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status_status); } } ============================== Sample 5 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined Ligature_find_N() LEA EAX,[RDI + -0x132] CMP EAX,0x11044 JA LAB_001ce84d PUSH RBX MOV EBX,EDI CMP EDI,0xffff JBE LAB_001ce7f0 CMP EDI,0x10f26 JBE LAB_001ce7cc MOV ECX,0x3 XOR ESI,ESI LEA RDI,[.rodata:ligature32] NOP word ptr [RAX + RAX*0x1] LAB_001ce7a8: CMP RCX,RSI JBE LAB_001ce7cc LAB_001ce7ad: LEA RDX,[RCX + RSI*0x1] SHR RDX,1 LEA RAX,[RDX*0x4] ; FWD[2,0]: 0045e44c,0045e450 CMP dword ptr [RDI + RDX*0x4]=>.rodata:ligature32[4],EBX JA LAB_001ce7d8 JZ LAB_001ce7e0 LEA RSI,[RDX + 0x1] CMP RCX,RSI JA LAB_001ce7ad LAB_001ce7cc: MOV EAX,0xffffffff POP RBX RET ?? 0Fh ?? 1Fh ?? 44h D ?? 00h ?? 00h LAB_001ce7d8: MOV RCX,RDX JMP LAB_001ce7a8 ?? 0Fh ?? 1Fh ?? 00h LAB_001ce7e0: SAR RAX,0x2 POP RBX ADD EAX,0x1ff RET ?? 0Fh ?? 1Fh ?? 44h D ?? 00h ?? 00h LAB_001ce7f0: CALL .plt:ffUnicodeUtype ;undefined ffUnicodeUtype() TEST EAX,0x20000000 JZ LAB_001ce7cc MOV R8D,EBX MOV ECX,0x1ff XOR ESI,ESI LEA RDI,[.rodata:ligature16] CMP EBX,0xfefc JA LAB_001ce7cc NOP dword ptr [RAX] LAB_001ce818: CMP RCX,RSI JBE LAB_001ce7cc LAB_001ce81d: LEA RAX,[RCX + RSI*0x1] MOV RDX,RAX AND RAX,-0x2 SHR RDX,1 ; FWD[2,0]: 0045e65e,0045e75e CMP R8W,word ptr [RDI + RDX*0x2]=>.rodata:ligature16[510] JC LAB_001ce840 JZ LAB_001ce848 LEA RSI,[RDX + 0x1] CMP RCX,RSI JA LAB_001ce81d JMP LAB_001ce7cc ?? 90h LAB_001ce840: MOV RCX,RDX JMP LAB_001ce818 ?? 0Fh ?? 1Fh ?? 00h LAB_001ce848: SAR RAX,1 POP RBX RET LAB_001ce84d: MOV EAX,0xffffffff RET ?? 66h f Actual src: int Ligature_find_N(uint32 uCode) { uint16 uCode16, *p16; uint32 *p32; int n=-1; if ( uCode < FF_ligature16FIRST || uCode > FF_ligature32LAST || \ ((uCode < FF_UTYPE_MAXC) && (isligorfrac(uCode)==0)) ) return( -1 ); if ( uCode <= FF_ligature16LAST ) { uCode16 = uCode; p16 = (uint16 *)(bsearch(&uCode16, ligature16, FF_ligatureTOTAL16, \ sizeof(uint16), compare_codepoints16)); if ( p16 ) n = p16 - ligature16; } else if ( uCode >= FF_ligature32FIRST ) { p32 = (uint32 *)(bsearch(&uCode, ligature32, FF_ligatureTOTAL32, \ sizeof(uint32), compare_codepoints32)); if ( p32 ) n = p32 - ligature32 + FF_ligatureTOTAL16; } return( n ); } Predicted src: int32_t find_find_find_uint32 (uint32_t n, uint32_t n) { uint32_t i; for (i = 0; i < n; i++) { if (n < n) return -1; } for (i = 0; i < n; i++) { if (n < n) return -1; } return 0; }