============================== Sample 1 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined proto_register_irc() SUB RSP,0x8 LEA RDX,[.rodata:s_irc_03795c22+16] ;= "irc" LEA RSI,[.rodata:DAT_034f9416] ;= 49h I LEA RDI,[.rodata:s_Internet_Relay_Chat_038c6d1f] ;= "Internet Relay Chat" CALL .plt:proto_register_protocol ;undefined proto_register_protocol() MOV EDX,0xc LEA RSI,[.data:hf.2] MOV EDI,EAX MOV dword ptr [.data:proto_irc],EAX ;= FFFFFFFFh CALL .plt:proto_register_field_array ;undefined proto_register_field_array() MOV ESI,0x5 LEA RDI,[.data:ett.1] CALL .plt:proto_register_subtree_array ;undefined proto_register_subtree_arr... MOV EDI,dword ptr [.data:proto_irc] ;= FFFFFFFFh CALL .plt:expert_register_protocol ;undefined expert_register_protocol() LEA RSI,[.data:ei.0] MOV EDX,0x6 MOV RDI,RAX CALL .plt:expert_register_field_array ;undefined expert_register_field_array() LEA RSI,[.rodata:TAG_DELIMITER] ;= 0001h LEA RDI,[.bss:pbrk_tag_delimiter] ;=?? ADD RSP,0x8 JMP .plt:::ws_mempbrk_compile ;undefined ws_mempbrk_compile() ?? 66h f Actual src: void proto_register_irc(void) { static hf_register_info hf[] = { { &hf_irc_response, { "Response", "irc.response", FT_STRING, STR_ASCII, NULL, 0x0, "Line of response message", HFILL }}, { &hf_irc_request, { "Request", "irc.request", FT_STRING, STR_ASCII, NULL, 0x0, "Line of request message", HFILL }}, { &hf_irc_request_prefix, { "Prefix", "irc.request.prefix", FT_STRING, STR_ASCII, NULL, 0x0, "Request prefix", HFILL }}, { &hf_irc_request_command, { "Command", "irc.request.command", FT_STRING, STR_ASCII, NULL, 0x0, "Request command", HFILL }}, { &hf_irc_request_command_param, { "Parameter", "irc.request.command_parameter", FT_STRING, STR_ASCII, NULL, 0x0, "Request command parameter", HFILL }}, { &hf_irc_request_trailer, { "Trailer", "irc.request.trailer", FT_STRING, STR_ASCII, NULL, 0x0, "Request trailer", HFILL }}, { &hf_irc_response_prefix, { "Prefix", "irc.response.prefix", FT_STRING, STR_ASCII, NULL, 0x0, "Response prefix", HFILL }}, { &hf_irc_response_command, { "Command", "irc.response.command", FT_STRING, STR_ASCII, NULL, 0x0, "Response command", HFILL }}, { &hf_irc_response_num_command, { "Command", "irc.response.num_command", FT_UINT16, BASE_DEC, NULL, 0x0, "Response (numeric) command", HFILL }}, { &hf_irc_response_command_param, { "Parameter", "irc.response.command_parameter", FT_STRING, STR_ASCII, NULL, 0x0, "Response command parameter", HFILL }}, { &hf_irc_response_trailer, { "Trailer", "irc.response.trailer", FT_STRING, STR_ASCII, NULL, 0x0, "Response trailer", HFILL }}, { &hf_irc_ctcp, { "CTCP Data", "irc.ctcp", FT_STRING, STR_ASCII, NULL, 0x0, "Placeholder to dissect CTCP data", HFILL }} }; static gint *ett[] = { &ett_irc, &ett_irc_request, &ett_irc_request_command, &ett_irc_response, &ett_irc_response_command }; static ei_register_info ei[] = { { &ei_irc_missing_end_delimiter, { "irc.missing_end_delimiter", PI_MALFORMED, PI_ERROR, "Missing ending tag delimiter (0x01)", EXPFILL }}, { &ei_irc_tag_data_invalid, { "irc.tag_data_invalid", PI_PROTOCOL, PI_WARN, "Tag data outside of NOTICE or PRIVMSG command", EXPFILL }}, { &ei_irc_prefix_missing_ending_space, { "irc.prefix_missing_ending_space", PI_MALFORMED, PI_ERROR, "Prefix missing ending ", EXPFILL }}, { &ei_irc_request_command, { "irc.request.command.missing", PI_MALFORMED, PI_ERROR, "Request has no command", EXPFILL }}, { &ei_irc_numeric_request_command, { "irc.request.command.numeric", PI_PROTOCOL, PI_WARN, "Numeric command not allowed in request", EXPFILL }}, { &ei_irc_response_command, { "irc.response.command.missing", PI_MALFORMED, PI_ERROR, "Response has no command", EXPFILL }}, }; expert_module_t* expert_irc; proto_irc = proto_register_protocol("Internet Relay Chat", "IRC", "irc"); proto_register_field_array(proto_irc, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); expert_irc = expert_register_protocol(proto_irc); expert_register_field_array(expert_irc, ei, array_length(ei)); /* compile patterns */ ws_mempbrk_compile(&pbrk_tag_delimiter, TAG_DELIMITER); } Predicted src: void proto_register_register(void) { static hf[] = { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { { }, { { { { { { { { { { { { { { { }, { { { { { { { { { { { { { { { { { { }, { { { { { { { { { { { }, { { { { { { { { { { }, { { { { { { { { { { { { { { { { { { }, { { { { { { { { { { { { { { { { }, { { { { { { { { { { { { { { { { { { { { { }, { { { { { { { { { { { { { { }, { { { { { { { { { { { { { { { { { { { { { { { { { { { }, { { { { { { { { { { { { { }, { { { { { { { { { { { { { { { { { { { { { { { { { { { { }, { { { { { { { { { { { { { { { { { { { { { { { { { { }, { { { { { { { { { { { { { { { { { { { { { }, { { { { { { { { { { { { { { { ============================== Sample 2 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined siridb_series_update_props() PUSH R12 MOV R12,RDI PUSH RBP MOV RBP,RSI SUB RSP,0x8 CMP byte ptr [RSI + 0xf],0x2 MOV RAX,qword ptr [RSI + 0x30] JZ LAB_0013d6c0 TEST RAX,RAX JZ LAB_0013d6a0 MOV EDX,dword ptr [RSI + 0x24] TEST EDX,EDX JZ LAB_0013d680 LAB_0013d61b: MOV RDX,qword ptr [RBP + 0x40] MOV RDX,qword ptr [RDX + 0x10] LAB_0013d623: MOV qword ptr [RBP + 0x10],RDX TEST RAX,RAX JZ LAB_0013d648 LAB_0013d62c: CMP qword ptr [RAX],0x0 JZ LAB_0013d648 MOV RAX,qword ptr [RAX + 0x10] MOV RAX,qword ptr [RAX] CMP RAX,RDX JC LAB_0013d6e0 NOP word ptr [RAX + RAX*0x1] LAB_0013d648: MOV RDI,RBP CALL SERIES_update_end ;undefined SERIES_update_end() MOV ECX,dword ptr [RBP + 0x20] TEST ECX,ECX JNZ LAB_0013d698 CMP dword ptr [.data:Logger[8]],0x2 JLE LAB_0013d6f0 LAB_0013d664: ADD RSP,0x8 MOV RSI,RBP MOV RDI,R12 POP RBP POP R12 JMP siridb_series_drop ;undefined siridb_series_drop() ?? 66h f ?? 2Eh . ?? 0Fh ?? 1Fh ?? 84h ?? 00h ?? 00h ?? 00h ?? 00h ?? 00h LAB_0013d680: MOV qword ptr [RBP + 0x10],-0x1 MOV RDX,-0x1 JMP LAB_0013d62c ?? 0Fh ?? 1Fh ?? 80h ?? 00h ?? 00h ?? 00h ?? 00h LAB_0013d698: ADD RSP,0x8 POP RBP POP R12 RET LAB_0013d6a0: CMP dword ptr [.data:Logger[8]],0x3 JG LAB_0013d664 MOV EDX,dword ptr [RSI + 0x4] MOV RSI,qword ptr [RSI + 0x38] LEA RDI,[.rodata:s_Drop_'%s'_(%u)_since_no_buffer_i_00166038] ;= "Drop '%s' (%u) since no buffer is... CALL log__error ;undefined log__error(undefined param... JMP LAB_0013d664 ?? 66h f ?? 90h LAB_0013d6c0: MOV ESI,dword ptr [RSI + 0x24] MOV RDX,-0x1 TEST ESI,ESI JZ LAB_0013d623 JMP LAB_0013d61b ?? 66h f ?? 0Fh ?? 1Fh ?? 84h ?? 00h ?? 00h ?? 00h ?? 00h ?? 00h LAB_0013d6e0: MOV qword ptr [RBP + 0x10],RAX JMP LAB_0013d648 ?? 0Fh ?? 1Fh ?? 80h ?? 00h ?? 00h ?? 00h ?? 00h LAB_0013d6f0: MOV EDX,dword ptr [RBP + 0x4] MOV RSI,qword ptr [RBP + 0x38] LEA RDI,[.rodata:s_Drop_'%s'_(%u)_since_no_data_is_f_00166070] ;= "Drop '%s' (%u) since no data is f... XOR EAX,EAX CALL log__warning ;undefined log__warning(undefined par... JMP LAB_0013d664 ?? 66h f Actual src: void siridb_series_update_props(siridb_t * siridb, siridb_series_t * series) { if (series->tp!= TP_STRING && series->buffer == NULL) { log_error( "Drop '%s' (%" PRIu32 ") since no buffer is found for this series", series->name, series->id); siridb_series_drop(siridb, series); } else { SERIES_update_start(series); SERIES_update_end(series); if (!series->length) { log_warning( "Drop '%s' (%" PRIu32 ") since no data is found for this series", series->name, series->id); siridb_series_drop(siridb, series); } } } Predicted src: static void update_update_buffer(void *data, const char *buffer, size_t size) { update_buffer(buffer, buffer, size); update_buffer(buffer, buffer, size); } ============================== Sample 3 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined MGA3026HideCursor() MOV RDX,qword ptr [RDI + 0x118] MOV RAX,qword ptr [RDX + 0xb0] MOV byte ptr [RAX + 0x3c00],0x6 MOV RCX,qword ptr [RDX + 0xb0] MOVZX EAX,byte ptr [RCX + 0x3c0a] MOV byte ptr [RCX + 0x3c00],0x6 MOV RDX,qword ptr [RDX + 0xb0] AND EAX,0xfffffffc MOV byte ptr [RDX + 0x3c0a],AL RET ?? 0Fh Actual src: static void MGA3026HideCursor(ScrnInfoPtr pScrn) { MGAPtr pMga = MGAPTR(pScrn); /* Disable cursor */ outTi3026(TVP3026_CURSOR_CTL, 0xfc, 0x00); } Predicted src: static void on_button(Widget w, XtPointer client_data, XtPointer call_data) { client_data *data = (client_data *) client_data; client_data->x = client_data->x; client_data->x = client_data->y; client_data->x = client_data->y; client_data->x = client_data->y; client_data->y = client_data->y; } ============================== Sample 4 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined V_FillRect8() PUSH R14 MOVSXD RSI,ESI MOVSXD R14,ECX PUSH R13 PUSH R12 PUSH RBP LEA RBP,[.bss:screens] PUSH RBX MOVSXD RBX,EDI SHL RBX,0x5 LEA RAX,[RBP + RBX*0x1] IMUL EDX,dword ptr [RAX + 0x14]=>.bss:screens[20] MOVSXD RDX,EDX LEA RCX,[RDX + RSI*0x1] ADD RCX,qword ptr [RAX]=>.bss:screens TEST R8D,R8D JZ LAB_001f36cf LEA R12D,[R8 + -0x1] MOVZX R13D,R9B NOP dword ptr [RAX] LAB_001f36b0: MOV RDI,RCX MOV RDX,R14 MOV ESI,R13D CALL .plt:::memset ;void * memset(void * __s, int __c, s... MOV RCX,RAX MOVSXD RAX,dword ptr [RBP + RBX*0x1 + 0x14]=>.bss:screens[20] ADD RCX,RAX SUB R12D,0x1 JNC LAB_001f36b0 LAB_001f36cf: POP RBX POP RBP POP R12 POP R13 POP R14 RET ?? 0Fh Actual src: static void V_FillRect8(int scrn, int x, int y, int width, int height, byte colour) { byte* dest = screens[scrn].data + x + y*screens[scrn].byte_pitch; while (height--) { memset(dest, colour, width); dest += screens[scrn].byte_pitch; } } Predicted src: void new_f(void) { int i; for (i = 0; i < MAX_SIZE; i++) { for (i = 0; i < MAX_SIZE; i++) { for (i = 0; i < MAX_SIZE; i++) f[i].f[i].f[i].f[i].f[i].f[i]; } } } ============================== Sample 5 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined _mlgmp_z_tdiv_ui() ;local_38 undefined8 -38 ;local_40 undefined8 -40 ;local_48 undefined8 -48 ;local_50 undefined8 -50 ;local_58 undefined8 -58 ;local_60 undefined8 -60 ;local_68 undefined8 -68 PUSH RBP PUSH RBX SUB RSP,0x58 LEA RAX,[.bss:Caml_state] MOV qword ptr [RSP]=>local_68,RSI SAR RSI,1 MOV RBX,qword ptr [RAX]=>.bss:Caml_state LEA RAX=>local_58,[RSP + 0x10] MOV qword ptr [RSP + local_60+0x68],RDI MOV qword ptr [RSP + local_48+0x68],0x1 MOV qword ptr [RSP + local_50+0x68],0x2 MOV RBP,qword ptr [RBX + 0x120] MOV qword ptr [RBX + 0x120],RAX LEA RAX=>local_60,[RSP + 0x8] MOV qword ptr [RSP + local_40+0x68],RAX MOV RAX,RSP MOV qword ptr [RSP + local_58+0x68],RBP MOV qword ptr [RSP + local_38+0x68],RAX JZ LAB_0018328b MOV RAX,qword ptr [RSP + local_60+0x68] LEA RDI,[RAX + 0x8] CALL .plt:::__gmpz_tdiv_ui ;undefined __gmpz_tdiv_ui() MOV qword ptr [RBX + 0x120],RBP ADD RSP,0x58 LEA RAX,[RAX + RAX*0x1 + 0x1] POP RBX POP RBP RET LAB_0018328b: CALL division_by_zero ;undefined division_by_zero() ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined _mlgmp_z_fdiv_qr() ;local_40 undefined8 -40 ;local_48 undefined8 -48 ;local_50 undefined8 -50 ;local_58 undefined8 -58 ;local_60 undefined8 -60 ;local_68 undefined8 -68 ;local_88 undefined8 -88 ;local_90 undefined8 -90 ;local_98 undefined8 -98 ;local_a0 undefined8 -a0 ;local_a8 undefined8 -a8 ;local_b0 undefined8 -b0 ;local_b8 undefined8 -b8 ;local_c0 undefined8 -c0 ;local_d0 undefined8 -d0 ;local_d8 undefined8 -d8 PUSH R13 Actual src: z_xdivision_op(t) Predicted src: value _wrap_get_state (value v, value v) { CAMLparam1 (v); CAMLparam1 (v); CAMLparam1 (v); CAMLparam1 (v); }