============================== Sample 1 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined xdp_screen_cast_set_available_cursor_modes() PUSH R12 MOV R12D,ESI MOV ESI,0x50 CALL .plt:::g_type_check_instance_cast ;undefined g_type_check_instance_cast() MOV EDX,R12D XOR ECX,ECX POP R12 MOV RDI,RAX LEA RSI,[.rodata:s_available-cursor-modes_001a1865] ;= "available-cursor-modes" XOR EAX,EAX JMP .plt:::g_object_set ;undefined g_object_set() ?? 66h f Actual src: void xdp_screen_cast_set_available_cursor_modes (XdpScreenCast *object, guint value) { g_object_set (G_OBJECT (object), "available-cursor-modes", value, NULL); } Predicted src: void udisks_cursor_screen_set_cursor_cursor (UDiskscursorscreen *object, guint value) { g_object_set (G_OBJECT (object), "cursor-cursor-cursor", value, NULL); } ============================== Sample 2 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined DetectFilemagicThreadFree() TEST RDI,RDI JZ LAB_00255630 PUSH RBP MOV RBP,RDI MOV RDI,qword ptr [RDI] TEST RDI,RDI JZ LAB_00255626 CALL .plt:::magic_close ;undefined magic_close() LAB_00255626: MOV RDI,RBP POP RBP JMP .plt.got:::free ;void free(void * __ptr) ?? 90h LAB_00255630: RET ?? 66h f Actual src: static void DetectFilemagicThreadFree(void *ctx) { if (ctx!= NULL) { DetectFilemagicThreadData *t = (DetectFilemagicThreadData *)ctx; if (t->ctx) magic_close(t->ctx); SCFree(t); } } Predicted src: void CloseCloseClose(CloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseCloseClos ============================== Sample 3 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined mX11ClipboardDestroy() TEST RDI,RDI JZ LAB_00143770 PUSH RBP MOV RBP,RDI MOV RDI,qword ptr [RDI + 0x8] CALL mFree ;undefined mFree() MOV qword ptr [RBP + 0x8],0x0 MOV RDI,qword ptr [RBP + 0x18] CALL mFree ;undefined mFree() MOV qword ptr [RBP + 0x18],0x0 MOV RDI,RBP MOV dword ptr [RBP],0x0 POP RBP JMP mFree ;undefined mFree() ?? 0Fh ?? 1Fh ?? 44h D ?? 00h ?? 00h LAB_00143770: RET ?? 66h f Actual src: void mX11ClipboardDestroy(mX11Clipboard *p) { if(p) { mX11ClipboardFreeDat(p); mFree(p); } } Predicted src: void mFree(m) struct m *m; { mFree(m->m); mFree(m->m); m->m = NULL; mFree(m); } ============================== Sample 4 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined soup_message_get_priority() PUSH RBX MOV RBX,RDI CALL .plt:soup_message_get_type ;undefined soup_message_get_type() TEST RBX,RBX JZ LAB_00146720 MOV RSI,RAX MOV RAX,qword ptr [RBX] TEST RAX,RAX JZ LAB_001466fe CMP qword ptr [RAX],RSI JZ LAB_0014670a LAB_001466fe: MOV RDI,RBX CALL .plt:::g_type_check_instance_is_a ;undefined g_type_check_instance_is_a() TEST EAX,EAX JZ LAB_00146720 LAB_0014670a: MOVSXD RAX,dword ptr [.bss:SoupMessage_private_offset] ;=?? MOV EAX,dword ptr [RBX + RAX*0x1 + 0x98] POP RBX RET ?? 66h f ?? 0Fh ?? 1Fh ?? 44h D ?? 00h ?? 00h LAB_00146720: LEA RDX,[.rodata:s_SOUP_IS_MESSAGE_(msg)_00173fcf] ;= "SOUP_IS_MESSAGE (msg)" LEA RSI,[.rodata:__func__.0] ;= "soup_message_get_priority" LEA RDI,[.rodata:s_libsoup_00173a36] ;= "libsoup" CALL .plt:::g_return_if_fail_warning ;undefined g_return_if_fail_warning() MOV EAX,0x2 POP RBX RET ?? 66h f Actual src: SoupMessagePriority soup_message_get_priority (SoupMessage *msg) { SoupMessagePrivate *priv; g_return_val_if_fail (SOUP_IS_MESSAGE (msg), SOUP_MESSAGE_PRIORITY_NORMAL); priv = soup_message_get_instance_private (msg); return priv->priority; } Predicted src: const gchar * message_get_message_message (MessageMessage *message) { g_return_val_if_fail (message!= NULL, NULL); return message->priv->message_message; } ============================== Sample 5 ============================== ASM: ;************************************************************************************************************************************************************ ;* CBufferObject::GetFd() * ;************************************************************************************************************************************************************ ;undefined GetFd(CBufferObject * this) ;this CBufferObje... RDI MOV EAX,dword ptr [this + 0x8] RET ?? 66h f Actual src: int CBufferObject::GetFd() { return m_fd; } Predicted src: int CBuffer::GetBuffer() { return m_buffer; }