============================== Sample 1 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined MGA3026HideCursor() MOV RDX,qword ptr [RDI + 0x118] MOV RAX,qword ptr [RDX + 0xb0] MOV byte ptr [RAX + 0x3c00],0x6 MOV RCX,qword ptr [RDX + 0xb0] MOVZX EAX,byte ptr [RCX + 0x3c0a] MOV byte ptr [RCX + 0x3c00],0x6 MOV RDX,qword ptr [RDX + 0xb0] AND EAX,0xfffffffc MOV byte ptr [RDX + 0x3c0a],AL RET ?? 0Fh Actual src: static void MGA3026HideCursor(ScrnInfoPtr pScrn) { MGAPtr pMga = MGAPTR(pScrn); /* Disable cursor */ outTi3026(TVP3026_CURSOR_CTL, 0xfc, 0x00); } Predicted src: static void CursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursor(CursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCursorCurso ============================== Sample 2 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined aom_sad_skip_32x64_c() ADD ESI,ESI ADD ECX,ECX MOV R8,RDI MOV R9D,0x20 MOVSXD R11,ESI MOV RDI,RDX MOVSXD R10,ECX XOR ESI,ESI NOP dword ptr [RAX + RAX*0x1] LAB_001479d0: XOR EDX,EDX NOP word ptr [RAX + RAX*0x1] LAB_001479d8: MOVZX ECX,byte ptr [RDI + RDX*0x1] MOVZX EAX,byte ptr [R8 + RDX*0x1] SUB EAX,ECX MOV ECX,EAX NEG ECX CMOVNS EAX,ECX ADD RDX,0x1 ADD ESI,EAX CMP RDX,0x20 JNZ LAB_001479d8 ADD R8,R11 ADD RDI,R10 SUB R9D,0x1 JNZ LAB_001479d0 LEA EAX,[RSI + RSI*0x1] RET ?? 66h f Actual src: sadMxN(32, 64); Predicted src: intra_pred_highbd_highbd_highbd_highbd_highbd_sized(uint32_t, 32) ============================== Sample 3 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined g_flags_class_init() PUSH RBP PUSH RBX SUB RSP,0x8 TEST RDI,RDI JZ LAB_00115a25 CMP qword ptr [RDI],0x34 MOV RBP,RDI MOV RBX,RSI JZ LAB_00115a48 MOV ESI,0x34 CALL g_type_check_class_is_a ;undefined g_type_check_class_is_a() TEST EAX,EAX JNZ LAB_00115a48 LAB_00115a25: ADD RSP,0x8 LEA RDX,[.rodata:s_G_IS_FLAGS_CLASS_(class)_00140d3b] ;= "G_IS_FLAGS_CLASS (class)" LEA RSI,[.rodata:__func__.15] ;= "g_flags_class_init" POP RBX LEA RDI,[.rodata:s_GLib-GObject_0013f3e8] ;= "GLib-GObject" POP RBP JMP .plt:::g_return_if_fail_warning ;undefined g_return_if_fail_warning() ?? 0Fh ?? 1Fh ?? 00h LAB_00115a48: MOV qword ptr [RBP + 0x8],0x0 MOV qword ptr [RBP + 0x10],RBX TEST RBX,RBX JZ LAB_00115a86 XOR EAX,EAX CMP qword ptr [RBX + 0x8],0x0 MOV EDX,0x1 JZ LAB_00115a86 NOP word ptr [RAX + RAX*0x1] LAB_00115a70: OR EAX,dword ptr [RBX] ADD RBX,0x18 MOV dword ptr [RBP + 0xc],EDX ADD EDX,0x1 MOV dword ptr [RBP + 0x8],EAX CMP qword ptr [RBX + 0x8],0x0 JNZ LAB_00115a70 LAB_00115a86: ADD RSP,0x8 POP RBX POP RBP RET ?? 0Fh Actual src: static void g_flags_class_init (GFlagsClass *class, gpointer class_data) { g_return_if_fail (G_IS_FLAGS_CLASS (class)); class->mask = 0; class->n_values = 0; class->values = class_data; if (class->values) { GFlagsValue *values; for (values = class->values; values->value_name; values++) { class->mask |= values->value; class->n_values++; } } } Predicted src: void g_class_init (GClass *class) { GClassClass *klass; g_return_if_fail (G_IS_OBJECT (class)); klass = G_OBJECT_CLASS (class); klass->flags = G_OBJECT_CLASS (class); klass->flags = G_OBJECT_CLASS (class); klass->flags = G_OBJECT_CLASS (class); } ============================== Sample 4 ============================== ASM: ;************************************************************************************************************************************************************ ;* strcasestr_len(char const*, int, char const*) * ;************************************************************************************************************************************************************ ;undefined strcasestr_len(char * param_1, int param_2, char * param_3) ;param_1 char * RDI ;param_2 int ESI ;param_3 char * RDX PUSH R15 PUSH R14 MOV R14,param_1 MOV param_1,param_3 PUSH R13 MOV R13,param_3 PUSH R12 PUSH RBP MOVSXD RBP,param_2 PUSH RBX SUB RSP,0x8 CALL .plt:::strlen ;size_t strlen(char * __s) CMP RBP,RAX JL LAB_00135e08 MOV R15,RAX SUB RBP,RAX JS LAB_00135e08 XOR EBX,EBX JMP LAB_00135dd9 LAB_00135dd0: ADD RBX,0x1 CMP RBP,RBX JL LAB_00135e08 LAB_00135dd9: LEA R12,[R14 + RBX*0x1] MOV param_3,R15 MOV param_1,R13 MOV param_2,R12 CALL .plt:::g_ascii_strncasecmp ;undefined g_ascii_strncasecmp() TEST EAX,EAX JNZ LAB_00135dd0 LAB_00135def: ADD RSP,0x8 MOV RAX,R12 POP RBX POP RBP POP R12 POP R13 POP R14 POP R15 RET ?? 0Fh ?? 1Fh ?? 80h ?? 00h ?? 00h ?? 00h ?? 00h LAB_00135e08: XOR R12D,R12D JMP LAB_00135def ?? 0Fh Actual src: char *strcasestr_len(const char *haystack, int haystack_len, const char *needle) { gssize needle_len = (gssize)strlen(needle); int i; if (needle_len > haystack_len) return NULL; i = 0; while (i <= haystack_len - needle_len) { if (g_ascii_strncasecmp(needle, haystack + i, needle_len) == 0) return (char *)haystack + i; i++; } return NULL; } Predicted src: int g_lenlen(const char *s, int len, const char *s, int len) { int len = strlen(s); int len = strlen(s); while (len--) len += strlen(s); return len; } ============================== Sample 5 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined LzmaEnc_SetProps() ;local_10 undefined8 -10 ;local_18 undefined8 -18 ;local_28 undefined1[16] -28 ;local_38 undefined1[16] -38 ; 00128944 ;local_48 undefined1[16] -48 PUSH RBX MOV RBX,RDI SUB RSP,0x40 MOVDQU XMM0,xmmword ptr [RSI] MOVDQU XMM1,xmmword ptr [RSI + 0x10] MOV RAX,qword ptr FS:[0x28] MOV qword ptr [RSP + local_10+0x48],RAX XOR EAX,EAX MOVDQU XMM2,xmmword ptr [RSI + 0x20] MOV RAX,qword ptr [RSI + 0x30] MOV RDI,RSP MOVAPS xmmword ptr [RSP]=>local_48,XMM0 MOV qword ptr [RSP + local_18+0x48],RAX MOVAPS xmmword ptr [RSP + local_38[0]+0x48],XMM1 MOVAPS xmmword ptr [RSP + local_28[0]+0x48],XMM2 CALL LzmaEncProps_Normalize ;undefined LzmaEncProps_Normalize() CMP dword ptr [RSP + local_38[0]+0x48],0x8 MOV EAX,0x5 JG LAB_001289d0 CMP dword ptr [RSP + local_38[4]+0x48],0x4 MOV RSI,qword ptr [RSP + local_38[0]+0x48] JG LAB_001289d0 MOV EDX,dword ptr [RSP + local_38[8]+0x48] CMP EDX,0x4 JG LAB_001289d0 MOV ECX,dword ptr [RSP + local_48[4]+0x48] CMP ECX,0x60000000 JA LAB_001289d0 MOV EAX,dword ptr [RSP + local_28[0]+0x48] MOV dword ptr [RBX + 0xac],ECX MOV ECX,0x111 MOV dword ptr [RBX + 0x68],EDX MOV EDX,dword ptr [RSP + local_38[12]+0x48] CMP EAX,ECX MOV qword ptr [RBX + 0x60],RSI CMOVA EAX,ECX MOV ECX,0x5 CMP EAX,ECX CMOVC EAX,ECX MOV ECX,dword ptr [RSP + local_28[4]+0x48] MOV dword ptr [RBX + 0x44],EAX XOR EAX,EAX TEST EDX,EDX SETZ AL MOV dword ptr [RBX + 0x80],EAX TEST ECX,ECX JZ LAB_00128998 MOV EDX,dword ptr [RSP + local_28[8]+0x48] MOV byte ptr [RBX + 0x701],0x1 MOV EAX,0x2 CMP EDX,0x1 JLE LAB_001289a4 CMP EDX,0x3 MOV EAX,0x4 CMOVLE EAX,EDX JMP LAB_001289a4 ?? 0Fh ?? 1Fh ?? 00h LAB_00128998: MOV byte ptr [RBX + 0x701],0x0 MOV EAX,0x4 LAB_001289a4: MOV dword ptr [RBX + 0x73c],EAX MOV EAX,dword ptr [RSP + local_28[12]+0x48] MOV dword ptr [RBX + 0x71c],EAX MOV EAX,dword ptr [RSP + local_18+0x48] MOV dword ptr [RBX + 0x84],EAX XOR EAX,EAX CMP dword ptr [RSP + local_18+0x4c],0x1 SETG AL MOV dword ptr [RBX + 0x8c],EAX XOR EAX,EAX LAB_001289d0: MOV RDX,qword ptr [RSP + local_10+0x48] SUB RDX,qword ptr FS:[0x28] JNZ LAB_001289e6 ADD RSP,0x40 POP RBX RET LAB_001289e6: CALL .plt:::__stack_chk_fail ;undefined __stack_chk_fail() NOP dword ptr [RAX + RAX*0x1] Actual src: SRes LzmaEnc_SetProps(CLzmaEncHandle pp, const CLzmaEncProps *props2) { CLzmaEnc *p = (CLzmaEnc *)pp; CLzmaEncProps props = *props2; LzmaEncProps_Normalize(&props); if (props.lc > LZMA_LC_MAX || props.lp > LZMA_LP_MAX || props.pb > LZMA_PB_MAX || props.dictSize > ((UInt64)1 << kDicLogSizeMaxCompress) || props.dictSize > kMaxHistorySize) return SZ_ERROR_PARAM; p->dictSize = props.dictSize; { unsigned fb = props.fb; if (fb < 5) fb = 5; if (fb > LZMA_MATCH_LEN_MAX) fb = LZMA_MATCH_LEN_MAX; p->numFastBytes = fb; } p->lc = props.lc; p->lp = props.lp; p->pb = props.pb; p->fastMode = (props.algo == 0); p->matchFinderBase.btMode = (Byte)(props.btMode? 1 : 0); { UInt32 numHashBytes = 4; if (props.btMode) { if (props.numHashBytes < 2) numHashBytes = 2; else if (props.numHashBytes < 4) numHashBytes = props.numHashBytes; } p->matchFinderBase.numHashBytes = numHashBytes; } p->matchFinderBase.cutValue = props.mc; p->writeEndMark = props.writeEndMark; #ifndef _7ZIP_ST /* if (newMultiThread!= _multiThread) { ReleaseMatchFinder(); _multiThread = newMultiThread; } */ p->multiThread = (props.numThreads > 1); #endif return SZ_OK; } Predicted src: static int __pm_Set(pmContext *ctx, constpmContext *ctx, constpmContext *ctx) { pmContext *ctx = ctx->ctx; pmContext *ctx = ctx->ctx; pmContext *ctx = ctx->ctx; pmContext *ctx = ctx->ctx; pmContext *ctx = ctx->ctx; pmContext ctx = ctx->ctx; pmContext ctx = ctx->ctx; pmContext ctx = ctx->ctx; if (ctx == NULL) { ctx->ctx = ctx->ctx; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ctx->mode = ctx->mode; ct