============================== Sample 1 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined CG_CreateBlend() ;local_3c undefined4 -3c PUSH R15 XOR EAX,EAX PUSH R14 PUSH R13 PUSH R12 PUSH RBP PUSH RBX SUB RSP,0x18 CALL .plt:getCaliValue ;undefined getCaliValue() MOV EBP,EAX XOR EAX,EAX CALL .plt:getCaliValue ;undefined getCaliValue() MOV R12D,EAX XOR EAX,EAX CALL .plt:getCaliValue ;undefined getCaliValue() MOV R13D,EAX XOR EAX,EAX CALL .plt:getCaliValue ;undefined getCaliValue() MOV R14D,EAX XOR EAX,EAX CALL .plt:getCaliValue ;undefined getCaliValue() MOV EBX,EAX XOR EAX,EAX CALL .plt:getCaliValue ;undefined getCaliValue() MOV R15D,EAX MOV RAX,qword ptr [->sys_nextdebuglv] ;= 0034e0c8 MOV dword ptr [RAX]=>EXTERNAL:sys_nextdebuglv,0x2 ;=?? XOR EAX,EAX CALL .plt:sl_getIndex ;undefined sl_getIndex() MOV dword ptr [RSP + local_3c+0x48],EAX XOR EAX,EAX CALL .plt:sl_getPage ;undefined sl_getPage() MOV EDX,dword ptr [RSP + local_3c+0x48] LEA RDI,[.rodata:s_%d,%x:_0011c03b] ;= "%d,%x: " MOV ESI,EAX XOR EAX,EAX CALL .plt:sys_message ;undefined sys_message() SUB RSP,0x8 MOV R9D,EBX MOV R8D,R14D PUSH R15 MOV ECX,R13D MOV EDX,R12D MOV ESI,EBP LEA RDI,[.rodata:s_SACT.CG_CreateBlend_%d,%d,%d,%d,_0011cae0] ;= "SACT.CG_CreateBlend %d,%d,%d,%d,%... XOR EAX,EAX CALL .plt:sys_message ;undefined sys_message() ADD RSP,0x28 MOV R9D,R15D MOV R8D,EBX MOV ECX,R14D POP RBX MOV EDX,R13D MOV ESI,R12D MOV EDI,EBP POP RBP POP R12 POP R13 POP R14 POP R15 JMP .plt:LAB_00107970 ?? 66h f Actual src: void CG_CreateBlend() { int wNumDstCG = getCaliValue(); int wNumBaseCG = getCaliValue(); int wX = getCaliValue(); int wY = getCaliValue(); int wNumBlendCG = getCaliValue(); int wAlphaMapMode = getCaliValue(); DEBUG_COMMAND_YET("SACT.CG_CreateBlend %d,%d,%d,%d,%d,%d:\n", wNumDstCG, wNumBaseCG, wX, wY, wNumBlendCG, wAlphaMapMode); scg_create_blend(wNumDstCG, wNumBaseCG, wX, wY, wNumBlendCG, wAlphaMapMode); } Predicted src: void CreateCreateCreate(void) { int i; for (i = 0; i < 3; i++) { CreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreateCreat ============================== Sample 2 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined bufferevent_remove_from_rate_limit_group_internal_() PUSH R12 PUSH RBP MOV EBP,ESI PUSH RBX MOV RSI,qword ptr [RDI + 0x1d0] MOV RBX,RDI TEST RSI,RSI JZ LAB_00115f21 MOV RAX,qword ptr [->evthread_lock_fns_] ;= 00135120 XOR EDI,EDI CALL qword ptr [RAX + 0x18]=>.bss:evthread_lock_fns_[24] LAB_00115f21: MOV RAX,qword ptr [RBX + 0x1e8] TEST RAX,RAX JZ LAB_00115fac MOV R12,qword ptr [RAX + 0x10] TEST R12,R12 JZ LAB_00115fac MOV RSI,qword ptr [R12 + 0x110] TEST RSI,RSI JZ LAB_00115f56 MOV RAX,qword ptr [->evthread_lock_fns_] ;= 00135120 XOR EDI,EDI CALL qword ptr [RAX + 0x18]=>.bss:evthread_lock_fns_[24] MOV RAX,qword ptr [RBX + 0x1e8] LAB_00115f56: MOV qword ptr [RAX + 0x10],0x0 SUB dword ptr [R12 + 0x70],0x1 MOV RAX,qword ptr [RBX + 0x1e8] MOV RDX,qword ptr [RAX] TEST RDX,RDX JZ LAB_00115f8c MOV RDX,qword ptr [RDX + 0x1e8] MOV RAX,qword ptr [RAX + 0x8] MOV qword ptr [RDX + 0x8],RAX MOV RAX,qword ptr [RBX + 0x1e8] MOV RDX,qword ptr [RAX] LAB_00115f8c: MOV RAX,qword ptr [RAX + 0x8] MOV qword ptr [RAX],RDX MOV RSI,qword ptr [R12 + 0x110] TEST RSI,RSI JZ LAB_00115fac MOV RAX,qword ptr [->evthread_lock_fns_] ;= 00135120 XOR EDI,EDI CALL qword ptr [RAX + 0x20]=>.bss:evthread_lock_fns_[32] LAB_00115fac: TEST EBP,EBP JNZ LAB_00115fd0 LAB_00115fb0: MOV RSI,qword ptr [RBX + 0x1d0] TEST RSI,RSI JZ LAB_00115fc8 MOV RAX,qword ptr [->evthread_lock_fns_] ;= 00135120 XOR EDI,EDI CALL qword ptr [RAX + 0x20]=>.bss:evthread_lock_fns_[32] LAB_00115fc8: POP RBX XOR EAX,EAX POP RBP POP R12 RET ?? 90h LAB_00115fd0: MOV RDI,RBX MOV ESI,0x4 CALL .plt:bufferevent_unsuspend_read_ ;undefined bufferevent_unsuspend_read_() MOV ESI,0x4 MOV RDI,RBX CALL .plt:bufferevent_unsuspend_write_ ;undefined bufferevent_unsuspend_writ... JMP LAB_00115fb0 ?? 0Fh Actual src: int bufferevent_remove_from_rate_limit_group_internal_(struct bufferevent *bev, int unsuspend) { struct bufferevent_private *bevp = BEV_UPCAST(bev); BEV_LOCK(bev); if (bevp->rate_limiting && bevp->rate_limiting->group) { struct bufferevent_rate_limit_group *g = bevp->rate_limiting->group; LOCK_GROUP(g); bevp->rate_limiting->group = NULL; --g->n_members; LIST_REMOVE(bevp, rate_limiting->next_in_group); UNLOCK_GROUP(g); } if (unsuspend) { bufferevent_unsuspend_read_(bev, BEV_SUSPEND_BW_GROUP); bufferevent_unsuspend_write_(bev, BEV_SUSPEND_BW_GROUP); } BEV_UNLOCK(bev); return 0; } Predicted src: int ipmi_group_remove_lock(ipmi_group_t *group, const char *name) { ipmi_group_lock_lock_lock(group); ipmi_group_lock_lock_lock_lock(group); ipmi_group_lock_lock_lock_lock(group); ipmi_group_lock_lock_lock_lock(group); ipmi_group_lock_lock_lock_lock(group); ipmi_group_lock_lock_lock_lock(group); ipmi_group_lock_lock_lock_lock(group); ipmi_group_lock_lock_lock_lock(group); ipmi_group_lock_lock_lock_lock(group); ipmi_group_lock_lock_lock_lock(group); ipmi_group_lock_lock_lock_lock(group); ipmi_group_lock_lock_lock_lock(group); ipmi_group_lock_lock_lock_lock(group); return 0; } ============================== Sample 3 ============================== ASM: ;************************************************************************************************************************************************************ ;* StringUtils::Trim(std::__cxx11::basic_string, std::allocator >&) * ;************************************************************************************************************************************************************ ;undefined Trim(basic_string * param_1) ;param_1 basic_string * RDI PUSH RBP MOV RBP,param_1 CALL .plt:StringUtils::TrimLeft ;undefined TrimLeft(basic_string * pa... MOV param_1,RBP POP RBP JMP .plt:LAB_001042f0 ?? 66h f Actual src: std::string& StringUtils::Trim(std::string &str) { TrimLeft(str); return TrimRight(str); } Predicted src: void string::string(std::string &s) { string(s.c_str()); string(s.c_str()); } ============================== Sample 4 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined setting_int_action_left_default() ;local_10 undefined8 -10 ;local_18 undefined8 -18 PUSH R12 SUB RSP,0x10 TEST RDI,RDI JZ LAB_0016afea MOV RAX,qword ptr [RDI + 0xe0] PXOR XMM0,XMM0 XOR R12D,R12D CMP byte ptr [RDI + 0x11],0x0 MOVSD XMM1,qword ptr [RDI + 0x38] CVTSI2SS XMM0,dword ptr [RAX] SUBSS XMM0,dword ptr [RDI + 0x20] CVTTSS2SI EDX,XMM0 MOV dword ptr [RAX],EDX JZ LAB_0016af85 PXOR XMM0,XMM0 CVTSI2SD XMM0,EDX COMISD XMM1,XMM0 JA LAB_0016af90 LAB_0016af85: ADD RSP,0x10 MOV EAX,R12D POP R12 RET ?? 90h LAB_0016af90: MOV qword ptr [RSP + local_10+0x18],RDI MOVSD qword ptr [RSP]=>local_18,XMM1 CALL config_get_ptr ;undefined config_get_ptr() MOV RDI,qword ptr [RSP + local_10+0x18] MOVSD XMM1,qword ptr [RSP]=>local_18 TEST RAX,RAX MOVSD XMM0,qword ptr [RDI + 0x40] JZ LAB_0016afd0 CMP byte ptr [RAX + 0x3a],0x0 JZ LAB_0016afd0 CVTTSD2SI EDX,XMM0 MOV RAX,qword ptr [RDI + 0xe0] MOV dword ptr [RAX],EDX JMP LAB_0016af85 ?? 0Fh ?? 1Fh ?? 84h ?? 00h ?? 00h ?? 00h ?? 00h ?? 00h LAB_0016afd0: CVTTSD2SI EDX,XMM1 MOV RAX,qword ptr [RDI + 0xe0] XOR R12D,R12D MOV dword ptr [RAX],EDX ADD RSP,0x10 MOV EAX,R12D POP R12 RET LAB_0016afea: MOV R12D,0xffffffff JMP LAB_0016af85 ?? 66h f Actual src: static int setting_int_action_left_default(void *data, bool wraparound) { rarch_setting_t *setting = (rarch_setting_t*)data; double min = 0.0f; if (!setting) return -1; min = setting->min; (void)wraparound; /* TODO/FIXME - handle this */ *setting->value.target.integer = *setting->value.target.integer - setting->step; if (setting->enforce_minrange) { if (*setting->value.target.integer < min) { settings_t *settings = config_get_ptr(); #ifdef HAVE_MENU double max = setting->max; if (settings && settings->bools.menu_navigation_wraparound_enable) *setting->value.target.integer = max; else #endif *setting->value.target.integer = min; } } return 0; } Predicted src: static int action_action_get_action_action(struct rte_dev *dev) { struct rte_dev *dev = dev->dev; struct rte_dev *dev = dev->dev; if (!dev) return -1; dev->action = dev->action; dev->action = dev->action; dev->action = dev->action; dev->action = dev->action; return 0; } ============================== Sample 5 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined nl80211_update_dh_ie() PUSH R15 MOV R15,RCX PUSH R14 MOVZX R14D,DX PUSH R13 MOV R13,RDI PUSH R12 MOV R12,RSI PUSH RBP PUSH RBX MOV RBX,R8 SUB RSP,0x10 MOVZX ECX,byte ptr [RSI + 0x1] MOVZX EDX,byte ptr [RSI] MOV RBP,qword ptr [RDI] PUSH R14 MOV EDI,0x2 MOVZX EAX,byte ptr [RSI + 0x5] PUSH RAX MOVZX EAX,byte ptr [RSI + 0x4] PUSH RAX MOVZX R9D,byte ptr [RSI + 0x3] XOR EAX,EAX MOVZX R8D,byte ptr [RSI + 0x2] LEA RSI,[.rodata:s_nl80211:_Updating_DH_IE_peer:_%0_003a7ab8] ;= "nl80211: Updating DH IE peer: %02... CALL wpa_printf ;undefined wpa_printf(undefined param... MOV ESI,dword ptr [R13 + 0x10] MOV RDI,qword ptr [R13] XOR EDX,EDX ADD RSP,0x20 MOV ECX,0x87 CALL nl80211_ifindex_msg ;undefined nl80211_ifindex_msg() MOV R13,RAX TEST RAX,RAX JZ LAB_002f5ea8 MOV RCX,R12 MOV EDX,0x6 MOV ESI,0x6 MOV RDI,RAX CALL .plt:::nla_put ;undefined nla_put() TEST EAX,EAX JNZ LAB_002f5ea8 MOV EDX,R14D MOV ESI,0x48 MOV RDI,R13 CALL .plt:::nla_put_u16 ;undefined nla_put_u16() TEST EAX,EAX JNZ LAB_002f5ea8 TEST R15,R15 JZ LAB_002f5e45 MOV RCX,R15 MOV EDX,EBX MOV ESI,0x2a MOV RDI,R13 CALL .plt:::nla_put ;undefined nla_put() TEST EAX,EAX JNZ LAB_002f5ea8 LAB_002f5e45: MOV RDI,qword ptr [RBP] SUB RSP,0x8 MOV RDX,R13 XOR R9D,R9D XOR R8D,R8D XOR ECX,ECX MOV RSI,qword ptr [RDI + 0x40] PUSH 0x0 CALL send_and_recv ;undefined send_and_recv(undefined pa... MOV R12D,EAX POP RAX POP RDX TEST R12D,R12D JNZ LAB_002f5e80 LAB_002f5e6d: ADD RSP,0x8 MOV EAX,R12D POP RBX POP RBP POP R12 POP R13 POP R14 POP R15 RET ?? 90h LAB_002f5e80: MOV EDI,R12D NEG EDI CALL .plt:::strerror ;char * strerror(int __errnum) MOV EDX,R12D MOV EDI,0x2 LEA RSI,[.rodata:s_nl80211:_update_dh_ie_failed_err_003a7b00] ;= "nl80211: update_dh_ie failed err=... MOV RCX,RAX XOR EAX,EAX CALL wpa_printf ;undefined wpa_printf(undefined param... JMP LAB_002f5e6d ?? 0Fh ?? 1Fh ?? 00h LAB_002f5ea8: MOV RDI,R13 MOV R12D,0xffffff97 CALL .plt:::nlmsg_free ;undefined nlmsg_free() JMP LAB_002f5e6d ?? 0Fh Actual src: static int nl80211_update_dh_ie(void *priv, const u8 *peer_mac, u16 reason_code, const u8 *ie, size_t ie_len) { int ret; struct nl_msg *msg; struct i802_bss *bss = priv; struct wpa_driver_nl80211_data *drv = bss->drv; wpa_printf(MSG_DEBUG, "nl80211: Updating DH IE peer: " MACSTR " reason %u", MAC2STR(peer_mac), reason_code); if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_UPDATE_OWE_INFO)) || nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer_mac) || nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, reason_code) || (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) { nlmsg_free(msg); return -ENOBUFS; } ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL); if (ret) { wpa_printf(MSG_DEBUG, "nl80211: update_dh_ie failed err=%d (%s)", ret, strerror(-ret)); } return ret; } Predicted src: static int put_msg_msg(struct msg_msg *msg, struct msg_msg *msg) { struct msg_msg *msg = msg_msg_msg_msg(msg); struct msg_msg *msg = msg_msg_msg_msg(msg); if (!msg) return -EINVAL; if (!msg) return -EINVAL; msg_msg_free(msg->msg); msg_msg_free(msg); msg_msg_free(msg); msg_msg_free(msg); return 0; }