============================== Sample 1 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined get_cursor_from_program() ;local_48 undefined1 -48 ;local_4c undefined4 -4c PUSH R13 PUSH R12 PUSH RBP MOV RBP,RDI PUSH RBX MOV RBX,RSI SUB RSP,0x38 MOV RAX,qword ptr [.bss:cobglobptr] ;=?? MOV RAX,qword ptr [RAX + 0x8] TEST RAX,RAX JZ LAB_001451d8 MOV R12,qword ptr [RAX + 0x48] TEST R12,R12 JZ LAB_001451d8 MOV RAX,qword ptr [R12 + 0x10] TEST byte ptr [RAX],0x10 JNZ LAB_001451f0 MOV R13,qword ptr [R12] MOV EAX,R13D AND EAX,0xfffffffd CMP EAX,0x4 JNZ LAB_00145228 MOV RSI,qword ptr [R12 + 0x8] MOVSXD RDX,R13D LEA RDI=>local_48,[RSP + 0x10] MOV ECX,0x20 ADD R13D,0x1 CALL .plt:::__memcpy_chk ;undefined __memcpy_chk() MOVSXD R13,R13D LEA RDX=>local_4c,[RSP + 0xc] LEA RSI,[.rodata:s_%d_0014e6af+17] ;= "%d" MOV RDI,RAX XOR EAX,EAX MOV byte ptr [RSP + R13*0x1 + 0x10],0x0 CALL .plt:::__isoc99_sscanf ;undefined __isoc99_sscanf() TEST EAX,EAX JZ LAB_00145228 MOV EAX,dword ptr [RSP + local_4c+0x58] CMP qword ptr [R12],0x4 MOVSXD RDX,EAX JZ LAB_00145202 LAB_001451a2: IMUL RDX,RDX,0x10624dd3 MOV ECX,EAX SAR ECX,0x1f SAR RDX,0x26 SUB EDX,ECX LEA ECX,[RDX + -0x1] IMUL EDX,EDX,0x3e8 SUB EAX,EDX SUB EAX,0x1 LAB_001451c2: MOV dword ptr [RBP],ECX MOV dword ptr [RBX],EAX ADD RSP,0x38 POP RBX POP RBP POP R12 POP R13 RET ?? 66h f ?? 0Fh ?? 1Fh ?? 44h D ?? 00h ?? 00h LAB_001451d8: MOV dword ptr [RBP],0xffffffff MOV dword ptr [RBX],0xffffffff ADD RSP,0x38 POP RBX POP RBP POP R12 POP R13 RET LAB_001451f0: MOV RDI,R12 CALL .plt:cob_get_int ;undefined cob_get_int() CMP qword ptr [R12],0x4 MOVSXD RDX,EAX JNZ LAB_001451a2 LAB_00145202: IMUL RDX,RDX,0x51eb851f MOV ECX,EAX SAR ECX,0x1f SAR RDX,0x25 SUB EDX,ECX LEA ECX,[RDX + -0x1] IMUL EDX,EDX,0x64 SUB EAX,EDX SUB EAX,0x1 JMP LAB_001451c2 ?? 0Fh ?? 1Fh ?? 80h ?? 00h ?? 00h ?? 00h ?? 00h LAB_00145228: MOV EDI,0x3 CALL .plt:cob_fatal_error ;undefined cob_fatal_error() NOP dword ptr CS:[RAX + RAX*0x1] Actual src: static void get_cursor_from_program (int *line, int *column) { if (COB_MODULE_PTR && COB_MODULE_PTR->cursor_pos) { cob_field *cursor_field = COB_MODULE_PTR->cursor_pos; int cursor_pos; if (COB_FIELD_IS_NUMERIC (cursor_field)) { cursor_pos = cob_get_int (cursor_field); } else { char buff[32]; int maxsize = cursor_field->size; /* LCOV_EXCL_START */ if (unlikely (maxsize!= 4 && maxsize!= 6)) { cob_fatal_error (COB_FERROR_CODEGEN); } /* LCOV_EXCL_STOP */ memcpy (buff, cursor_field->data, maxsize); buff[maxsize + 1] = 0; if (unlikely (!sscanf (buff, "%d", &cursor_pos))) { cob_fatal_error (COB_FERROR_CODEGEN); } } if (cursor_field->size == 4) { *line = (cursor_pos / 100) - 1; *column = (cursor_pos % 100) - 1; } else { *line = (cursor_pos / 1000) - 1; *column = (cursor_pos % 1000) - 1; } } else { *column = *line = -1; } } Predicted src: static int get_cursor_from_cursor(int argc, char **argv) { int ret = -1; int ret = 0; if (argc < 2) return -1; if (argc > 2) return -1; ret = get_cursor_from_cursor(argc, argv[0], &ret); if (ret < 0) return -1; if (ret < 0) return -1; ret = get_cursor_from_cursor(argv[1], &ret); if (ret < 0) return ret; return ret; } ============================== Sample 2 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined MPI_Type_hvector() ;local_20 undefined8 -20 ;local_28 undefined8 -28 PUSH R13 MOV R13,RDX PUSH R12 MOV R12D,ESI PUSH RBP MOV EBP,EDI SUB RSP,0x10 MOV RAX,qword ptr [->ompi_mpi_param_check] ;= 0021a918 CMP byte ptr [RAX]=>.data:ompi_mpi_param_check,0x0 ;= 01h JZ LAB_00199df8 MOV RAX,qword ptr [->ompi_mpi_state] ;= 0023b2f4 MOV EAX=>.bss:ompi_mpi_state,dword ptr [RAX] ;=?? SUB EAX,0x2 CMP EAX,0x2 JA LAB_00199e68 LAB_00199dd2: CMP RCX,qword ptr [->ompi_mpi_datatype_null] ;= 00225120 SETZ AL TEST RCX,RCX SETZ DL OR AL,DL JNZ LAB_00199e10 TEST R8,R8 JZ LAB_00199e10 TEST EBP,EBP JS LAB_00199e98 TEST R12D,R12D JS LAB_00199e40 LAB_00199df8: ADD RSP,0x10 MOV RDX,R13 MOV ESI,R12D MOV EDI,EBP POP RBP POP R12 POP R13 JMP .plt:LAB_0012a220 ?? 66h f ?? 90h LAB_00199e10: MOV RSI=>.bss:ompi_mpi_comm_world,qword ptr [->ompi_mpi_comm_world] ;= 00229ee0 ;=?? LEA R8,[.rodata:FUNC_NAME] ;= "MPI_Type_hvector" MOV ECX,0x3 MOV EDX,dword ptr [RSI + 0x140]=>.bss:ompi_mpi_comm_world[320] MOV RDI,qword ptr [RSI + 0x138]=>.bss:ompi_mpi_comm_world[312] LAB_00199e30: ADD RSP,0x10 POP RBP POP R12 POP R13 JMP .plt:ompi_errhandler_invoke ;undefined ompi_errhandler_invoke() ?? 66h f ?? 90h LAB_00199e40: MOV RSI,qword ptr [->ompi_mpi_comm_world] ;= 00229ee0 LEA R8,[.rodata:FUNC_NAME] ;= "MPI_Type_hvector" MOV ECX,0xd MOV EDX,dword ptr [RSI + 0x140]=>.bss:ompi_mpi_comm_world[320] MOV RDI,qword ptr [RSI + 0x138]=>.bss:ompi_mpi_comm_world[312] JMP LAB_00199e30 ?? 66h f ?? 0Fh ?? 1Fh ?? 44h D ?? 00h ?? 00h LAB_00199e68: LEA RDX,[.rodata:FUNC_NAME] ;= "MPI_Type_hvector" XOR ESI,ESI XOR EDI,EDI XOR EAX,EAX MOV qword ptr [RSP + local_20+0x28],R8 MOV qword ptr [RSP]=>local_28,RCX CALL .plt.got:ompi_mpi_errors_are_fatal_comm_handler ;undefined ompi_mpi_errors_are_fatal_... MOV R8,qword ptr [RSP + local_20+0x28] MOV RCX,qword ptr [RSP]=>local_28 JMP LAB_00199dd2 ?? 0Fh ?? 1Fh ?? 80h ?? 00h ?? 00h ?? 00h ?? 00h LAB_00199e98: MOV RSI,qword ptr [->ompi_mpi_comm_world] ;= 00229ee0 LEA R8,[.rodata:FUNC_NAME] ;= "MPI_Type_hvector" MOV ECX,0x2 MOV EDX,dword ptr [RSI + 0x140]=>.bss:ompi_mpi_comm_world[320] MOV RDI,qword ptr [RSI + 0x138]=>.bss:ompi_mpi_comm_world[312] JMP LAB_00199e30 ?? 0Fh Actual src: int MPI_Type_hvector(int count, int blocklength, MPI_Aint stride, MPI_Datatype oldtype, MPI_Datatype *newtype) { MEMCHECKER( memchecker_datatype(oldtype); ); if ( MPI_PARAM_CHECK ) { OMPI_ERR_INIT_FINALIZE(FUNC_NAME); if (NULL == oldtype || MPI_DATATYPE_NULL == oldtype || NULL == newtype) { return OMPI_ERRHANDLER_INVOKE(MPI_COMM_WORLD, MPI_ERR_TYPE, FUNC_NAME ); } else if (count < 0) { return OMPI_ERRHANDLER_INVOKE(MPI_COMM_WORLD, MPI_ERR_COUNT, FUNC_NAME ); } else if (blocklength < 0) { return OMPI_ERRHANDLER_INVOKE(MPI_COMM_WORLD, MPI_ERR_ARG, FUNC_NAME ); } } return PMPI_Type_create_hvector(count, blocklength, stride, oldtype, newtype); } Predicted src: int ipmi_mpi_handler_handler(int argc, char **argv, int argc, char **argv) { int ret; if (argc!= 2) { ret = 0; } else if (argc!= 2) { if (argc!= 2) { ret = 2; } else if (argc!= 2) { ret = 2; } else if (argc!= 2) { ret = 2; } else if (argc!= 2) { ret = 2; } else if (argc!= 2) { ret = 2; } else { ret = 2; } } return ret; } ============================== Sample 3 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined ltks_rsp() SUB RSP,0x8 TEST DIL,DIL JZ LAB_001105b8 MOVZX ESI,DIL LEA RDX,[.rodata:s__00131096] ;= "" CMP DIL,0x15 JA LAB_00110598 MOVSXD RAX,ESI LEA RDX,[.data.rel.ro:mgmt_status] MOV RDX=>.data.rel.ro:mgmt_status,qword ptr [RDX + RAX*0x8] LAB_00110598: LEA RDI,[.rodata:DAT_00133660] ;= 01h XOR EAX,EAX CALL bt_shell_printf ;undefined bt_shell_printf(undefined... XOR EDI,EDI ADD RSP,0x8 JMP bt_shell_noninteractive_quit ;undefined bt_shell_noninteractive_qu... ?? 0Fh ?? 1Fh ?? 80h ?? 00h ?? 00h ?? 00h ?? 00h LAB_001105b8: LEA RDI,[.rodata:s_Long_term_keys_successfully_load_001336a0] ;= "Long term keys successfully loade... XOR EAX,EAX CALL bt_shell_printf ;undefined bt_shell_printf(undefined... XOR EDI,EDI ADD RSP,0x8 JMP bt_shell_noninteractive_quit ;undefined bt_shell_noninteractive_qu... ?? 66h f Actual src: static void ltks_rsp(uint8_t status, uint16_t len, const void *param, void *user_data) { if (status!= 0) error("Load keys failed with status 0x%02x (%s)", status, mgmt_errstr(status)); else print("Long term keys successfully loaded"); bt_shell_noninteractive_quit(EXIT_SUCCESS); } Predicted src: static void status_status_cb (int status, void *user_data) { if (status == 0) return; switch (status) { case 0: break; case 0: return; case 0: return; case 0: return; case 0: return; case 0: return; case 0: return; case 0: return; case 0: return; case 0: return; case 0: return; case 0: return; case 0: return; default: break; } } ============================== Sample 4 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined enic_vf_link_update() PUSH RBP LEA RCX,[.rodata:__func__.7] ;= "enic_vf_link_update" PUSH RBX LEA RDX,[.rodata:s_%s_>>_0011fc20] ;= "%s >>\n" MOV RBX,RDI MOV EDI,0x8 PUSH RAX LEA RAX,[.bss:enic_pmd_logtype] ;=?? MOV ESI,dword ptr [RAX]=>.bss:enic_pmd_logtype ;=?? XOR EAX,EAX CALL .plt:::rte_log ;undefined rte_log() MOV RAX,qword ptr [RBX + 0x38] MOV RAX,qword ptr [RAX + 0x60] MOV RBP,qword ptr [RAX + 0x6b8] MOV RDI,qword ptr [RBP + 0x88] CALL enic_link_update ;undefined enic_link_update() MOV RAX,qword ptr [RBP + 0x88] MOV RAX,qword ptr [RAX + 0x38] MOV RAX,qword ptr [RAX + 0x68] MOV RDX,qword ptr [RBX + 0x38] XCHG qword ptr [RDX + 0x68],RAX XOR EAX,EAX POP RDX POP RBX POP RBP RET ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined enic_vf_representor_init() ;local_40 undefined8 -40 PUSH R15 Actual src: static int enic_vf_link_update(struct rte_eth_dev *eth_dev, int wait_to_complete __rte_unused) { struct enic_vf_representor *vf; struct rte_eth_link link; struct enic *pf; ENICPMD_FUNC_TRACE(); vf = eth_dev->data->dev_private; pf = vf->pf; /* * Link status and speed are same as PF. Update PF status and then * copy it to VF. */ enic_link_update(pf->rte_dev); rte_eth_linkstatus_get(pf->rte_dev, &link); rte_eth_linkstatus_set(eth_dev, &link); return 0; } Predicted src: static int __link_link_update(struct rte_eth_dev *dev) { struct rte_eth_dev *eth_dev = dev->dev_private; struct rte_eth_dev *eth_dev = dev->eth_dev; struct rte_eth_dev *eth_dev = dev->eth_dev; struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)eth_dev->eth_dev; eth_dev->dev_update(eth_dev); eth_dev->dev_update(eth_dev); return 0; } ============================== Sample 5 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined CG_CreateBlend() ;local_3c undefined4 -3c PUSH R15 XOR EAX,EAX PUSH R14 PUSH R13 PUSH R12 PUSH RBP PUSH RBX SUB RSP,0x18 CALL .plt:getCaliValue ;undefined getCaliValue() MOV EBP,EAX XOR EAX,EAX CALL .plt:getCaliValue ;undefined getCaliValue() MOV R12D,EAX XOR EAX,EAX CALL .plt:getCaliValue ;undefined getCaliValue() MOV R13D,EAX XOR EAX,EAX CALL .plt:getCaliValue ;undefined getCaliValue() MOV R14D,EAX XOR EAX,EAX CALL .plt:getCaliValue ;undefined getCaliValue() MOV EBX,EAX XOR EAX,EAX CALL .plt:getCaliValue ;undefined getCaliValue() MOV R15D,EAX MOV RAX,qword ptr [->sys_nextdebuglv] ;= 0034e0c8 MOV dword ptr [RAX]=>EXTERNAL:sys_nextdebuglv,0x2 ;=?? XOR EAX,EAX CALL .plt:sl_getIndex ;undefined sl_getIndex() MOV dword ptr [RSP + local_3c+0x48],EAX XOR EAX,EAX CALL .plt:sl_getPage ;undefined sl_getPage() MOV EDX,dword ptr [RSP + local_3c+0x48] LEA RDI,[.rodata:s_%d,%x:_0011c03b] ;= "%d,%x: " MOV ESI,EAX XOR EAX,EAX CALL .plt:sys_message ;undefined sys_message() SUB RSP,0x8 MOV R9D,EBX MOV R8D,R14D PUSH R15 MOV ECX,R13D MOV EDX,R12D MOV ESI,EBP LEA RDI,[.rodata:s_SACT.CG_CreateBlend_%d,%d,%d,%d,_0011cae0] ;= "SACT.CG_CreateBlend %d,%d,%d,%d,%... XOR EAX,EAX CALL .plt:sys_message ;undefined sys_message() ADD RSP,0x28 MOV R9D,R15D MOV R8D,EBX MOV ECX,R14D POP RBX MOV EDX,R13D MOV ESI,R12D MOV EDI,EBP POP RBP POP R12 POP R13 POP R14 POP R15 JMP .plt:LAB_00107970 ?? 66h f Actual src: void CG_CreateBlend() { int wNumDstCG = getCaliValue(); int wNumBaseCG = getCaliValue(); int wX = getCaliValue(); int wY = getCaliValue(); int wNumBlendCG = getCaliValue(); int wAlphaMapMode = getCaliValue(); DEBUG_COMMAND_YET("SACT.CG_CreateBlend %d,%d,%d,%d,%d,%d:\n", wNumDstCG, wNumBaseCG, wX, wY, wNumBlendCG, wAlphaMapMode); scg_create_blend(wNumDstCG, wNumBaseCG, wX, wY, wNumBlendCG, wAlphaMapMode); } Predicted src: void F2Create(void) { int i; int i; i = getCaliValue(); DEBUG_COMMAND_YET("F2Create %d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%