============================== Sample 1 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined _go_rsm_shutdown() SUB RSP,0x8 MOV EAX,dword ptr [.bss:debug] ;=?? TEST EAX,EAX JNZ LAB_001f2c10 LAB_001f2bee: MOV RDI,qword ptr [.bss:rsm] ;=?? CALL .plt.got:::g_hash_table_destroy ;undefined g_hash_table_destroy() MOV qword ptr [.bss:rsm],0x0 ;=?? ADD RSP,0x8 RET ?? 66h f ?? 0Fh ?? 1Fh ?? 44h D ?? 00h ?? 00h LAB_001f2c10: MOV RDI,qword ptr [.bss:rsm] ;=?? CALL .plt:::g_hash_table_size ;undefined g_hash_table_size() LEA RDI,[.rodata:s_Shutting_down_with_%d_resources_00261f70] ;= "Shutting down with %d resources\n" MOV ESI,EAX XOR EAX,EAX CALL .plt:::g_printerr ;undefined g_printerr() JMP LAB_001f2bee ?? 66h f Actual src: void _go_rsm_shutdown (void) { if (debug) g_printerr ("Shutting down with %d resources\n", g_hash_table_size (rsm)); g_hash_table_destroy (rsm); rsm = NULL; } Predicted src: static void _debug_shutdown (void) { if (g_hash_table_destroy (debug_table)) { g_hash_table_destroy (debug_table); debug_table = NULL; } g_hash_table_destroy (debug_table); } ============================== Sample 2 ============================== ASM: ;************************************************************************************************************************************************************ ;* RGWGetBucketPolicyStatus_ObjStore_S3::send_response() * ;************************************************************************************************************************************************************ ;undefined send_response(RGWGetBucketPolicyStatus_ObjStore_S3 * this) ;this RGWGetBucke... RDI PUSH RBX MOV ESI,dword ptr [this + 0x70] MOV RBX,this TEST ESI,ESI JNZ LAB_00902160 LAB_0090209f: MOV this,qword ptr [RBX + 0x8] CALL dump_errno ;undefined dump_errno(req_state * par... MOV this,qword ptr [RBX + 0x8] XOR R9D,R9D XOR R8D,R8D MOV RCX,-0x1 LEA RDX,[.rodata:s_application/xml_00be3a9c] ;= "application/xml" MOV RSI,RBX CALL end_header ;undefined end_header(req_state * par... MOV this,qword ptr [RBX + 0x8] CALL dump_start ;undefined dump_start(req_state * par... MOV RAX,qword ptr [RBX + 0x8] LEA RCX,[.rodata:s_http://s3.amazonaws.com/doc/2006_00bba808] ;= "http://s3.amazonaws.com/doc/2006-... MOV ESI,0xc LEA RDX,[.rodata:s_PolicyStatus_00c1d571+12] ;= "PolicyStatus" MOV this,qword ptr [RAX + 0x28] MOV RAX,qword ptr [this] CALL qword ptr [RAX + 0x58] MOV RAX,qword ptr [RBX + 0x8] MOVZX ECX,byte ptr [RBX + 0x74] MOV this,qword ptr [RAX + 0x28] MOV R9,qword ptr [this] MOV RAX,qword ptr [R9 + 0x88] CMP RAX,qword ptr [->ceph::Formatter::dump_bool] ;= 004e9af0 JNZ LAB_00902170 TEST CL,CL LEA RAX,[.rodata:s_false_00b9dbb7] ;= "false" LEA R8,[.rodata:DAT_00ba59e0] ;= 74h MOV ESI,0x8 CMOVZ R8,RAX LEA RCX,[.rodata:s_%s_00c380b4+25] ;= "%s" LEA RDX,[.rodata:s_IsPublic_00bfb2e5] ;= "IsPublic" XOR EAX,EAX CALL qword ptr [R9 + 0xb0] LAB_00902141: MOV RAX,qword ptr [RBX + 0x8] MOV this,qword ptr [RAX + 0x28] MOV RAX,qword ptr [this] CALL qword ptr [RAX + 0x60] MOV this,qword ptr [RBX + 0x8] POP RBX MOV RSI,qword ptr [this + 0x28] JMP rgw_flush_formatter_and_reset ;undefined rgw_flush_formatter_and_re... ?? 0Fh ?? 1Fh ?? 00h LAB_00902160: MOV this,qword ptr [this + 0x8] CALL set_req_state_err ;undefined set_req_state_err(req_stat... JMP LAB_0090209f ?? 66h f ?? 90h LAB_00902170: MOV ESI,0x8 LEA RDX,[.rodata:s_IsPublic_00bfb2e5] ;= "IsPublic" CALL RAX JMP LAB_00902141 ;************************************************************************************************************************************************************ ;*boost::date_time::date::TEMPNAMEPLACEHOLDERVALUE(boost::gr...* ;************************************************************************************************************************************************************ ;undefined operator-(date * this, date * param_1) ;this dateformatter->open_object_section_in_ns("PolicyStatus", XMLNS_AWS_S3); // https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETPolicyStatus.html // mentions TRUE and FALSE, but boto/aws official clients seem to want lower // case which is returned by AWS as well; so let's be bug to bug compatible // with the API s->formatter->dump_bool("IsPublic", isPublic); s->formatter->close_section(); rgw_flush_formatter_and_reset(s, s->formatter); } Predicted src: void GetSource::on_state() { assert(m_state!= nullptr); assert(m_state->m_state!= nullptr); assert(m_state->m_state->m_state!= nullptr); assert(m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m_state->m ============================== Sample 3 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined measure_select_all() PUSH R12 MOV R12,qword ptr [.bss:sysenv[616]] PUSH RBP PUSH RBX TEST R12,R12 JZ LAB_001513b8 MOV RBX,qword ptr [R12 + 0x168] TEST RBX,RBX JNZ LAB_00151361 JMP LAB_001513a4 ?? 0Fh ?? 1Fh ?? 44h D ?? 00h ?? 00h LAB_00151338: TEST EAX,EAX JLE LAB_00151358 MOV RDI,qword ptr [RBP + 0x10] MOV RDX,R12 XOR ESI,ESI CALL select_core ;undefined select_core() MOV RDI,qword ptr [RBP + 0x18] MOV RDX,R12 XOR ESI,ESI CALL select_core ;undefined select_core() LAB_00151358: MOV RBX,qword ptr [RBX + 0x8] TEST RBX,RBX JZ LAB_001513a4 LAB_00151361: MOV RBP,qword ptr [RBX] MOV EAX,dword ptr [RBP] CMP EAX,0x3 JLE LAB_00151338 CMP EAX,0x4 JNZ LAB_00151358 MOV RDI,qword ptr [RBP + 0x10] MOV RDX,R12 XOR ESI,ESI CALL select_core ;undefined select_core() MOV RDI,qword ptr [RBP + 0x18] MOV RDX,R12 XOR ESI,ESI CALL select_core ;undefined select_core() MOV RDI,qword ptr [RBP + 0x20] MOV RDX,R12 XOR ESI,ESI CALL select_core ;undefined select_core() MOV RBX,qword ptr [RBX + 0x8] TEST RBX,RBX JNZ LAB_00151361 LAB_001513a4: POP RBX MOV EDI,0x1 POP RBP POP R12 JMP redraw_canvas ;undefined redraw_canvas() ?? 66h f ?? 0Fh ?? 1Fh ?? 44h D ?? 00h ?? 00h LAB_001513b8: POP RBX POP RBP POP R12 RET ?? 0Fh Actual src: void measure_select_all(void) { GSList *list; struct model_pak *model; struct measure_pak *m; model = sysenv.active_model; if (!model) return; for (list=model->measure_list ; list ; list=g_slist_next(list)) { m = list->data; switch (m->type) { case MEASURE_INTER: case MEASURE_INTRA: case MEASURE_DISTANCE: select_core(m->core[0], FALSE, model); select_core(m->core[1], FALSE, model); break; case MEASURE_ANGLE: select_core(m->core[0], FALSE, model); select_core(m->core[1], FALSE, model); select_core(m->core[2], FALSE, model); break; } } redraw_canvas(SINGLE); } Predicted src: static void select_all_all (void) { struct list *list; struct list *list; list = list; while (list) { list = list->next; list = list->next; list = list->next; while (list) { list = list->next; list = list->next; list = list->next; list = list->next; list = list->next; list = list->next; list = list->next; list = list->next; list = list->next; list = list->next; list = list->next; } } } ============================== Sample 4 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined secu_PrintDecodedBitString() ;local_28 undefined8 -28 ;local_38 undefined1[16] -38 PUSH R12 MOV R12D,ECX PUSH RBP MOV RBP,RDI PUSH RBX SUB RSP,0x20 MOV RCX,qword ptr [RSI + 0x10] MOVDQU XMM0,xmmword ptr [RSI] MOV RSI,RSP MOV EAX,ECX MOV EBX,ECX MOV qword ptr [RSP + local_28+0x38],RCX MOV ECX,R12D ADD EAX,0x7 MOVAPS xmmword ptr [RSP]=>local_38,XMM0 SHR EAX,0x3 MOV dword ptr [RSP + local_28+0x38],EAX AND EBX,0x7 JZ LAB_0010a200 CALL SECU_PrintAsHex ;undefined SECU_PrintAsHex() LEA ESI,[R12 + 0x1] MOV RDI,RBP CALL SECU_Indent ;undefined SECU_Indent() MOV ECX,0x8 MOV RDI,RBP XOR EAX,EAX SUB ECX,EBX LEA RDX,[.rodata:s_(%d_least_significant_bits_unuse_00116290] ;= "(%d least significant bits unused... MOV ESI,0x1 CALL .plt:::__fprintf_chk ;undefined __fprintf_chk() ADD RSP,0x20 POP RBX POP RBP POP R12 RET LAB_0010a200: CALL SECU_PrintAsHex ;undefined SECU_PrintAsHex() ADD RSP,0x20 POP RBX POP RBP POP R12 RET ?? 66h f Actual src: static void secu_PrintDecodedBitString(FILE *out, const SECItem *i, const char *m, int level) { int unused_bits; SECItem tmp = *i; unused_bits = (tmp.len & 0x7)? 8 - (tmp.len & 7) : 0; DER_ConvertBitString(&tmp); /* convert length to byte length */ SECU_PrintAsHex(out, &tmp, m, level); if (unused_bits) { SECU_Indent(out, level + 1); fprintf(out, "(%d least significant bits unused)\n", unused_bits); } } Predicted src: int PrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrin ============================== Sample 5 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined _mlgmp_z_tdiv_ui() ;local_38 undefined8 -38 ;local_40 undefined8 -40 ;local_48 undefined8 -48 ;local_50 undefined8 -50 ;local_58 undefined8 -58 ;local_60 undefined8 -60 ;local_68 undefined8 -68 PUSH RBP PUSH RBX SUB RSP,0x58 LEA RAX,[.bss:Caml_state] MOV qword ptr [RSP]=>local_68,RSI SAR RSI,1 MOV RBX,qword ptr [RAX]=>.bss:Caml_state LEA RAX=>local_58,[RSP + 0x10] MOV qword ptr [RSP + local_60+0x68],RDI MOV qword ptr [RSP + local_48+0x68],0x1 MOV qword ptr [RSP + local_50+0x68],0x2 MOV RBP,qword ptr [RBX + 0x120] MOV qword ptr [RBX + 0x120],RAX LEA RAX=>local_60,[RSP + 0x8] MOV qword ptr [RSP + local_40+0x68],RAX MOV RAX,RSP MOV qword ptr [RSP + local_58+0x68],RBP MOV qword ptr [RSP + local_38+0x68],RAX JZ LAB_0018328b MOV RAX,qword ptr [RSP + local_60+0x68] LEA RDI,[RAX + 0x8] CALL .plt:::__gmpz_tdiv_ui ;undefined __gmpz_tdiv_ui() MOV qword ptr [RBX + 0x120],RBP ADD RSP,0x58 LEA RAX,[RAX + RAX*0x1 + 0x1] POP RBX POP RBP RET LAB_0018328b: CALL division_by_zero ;undefined division_by_zero() ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined _mlgmp_z_fdiv_qr() ;local_40 undefined8 -40 ;local_48 undefined8 -48 ;local_50 undefined8 -50 ;local_58 undefined8 -58 ;local_60 undefined8 -60 ;local_68 undefined8 -68 ;local_88 undefined8 -88 ;local_90 undefined8 -90 ;local_98 undefined8 -98 ;local_a0 undefined8 -a0 ;local_a8 undefined8 -a8 ;local_b0 undefined8 -b0 ;local_b8 undefined8 -b8 ;local_c0 undefined8 -c0 ;local_d0 undefined8 -d0 ;local_d8 undefined8 -d8 PUSH R13 Actual src: z_xdivision_op(t) Predicted src: void zui_ui_ui(zui_ui_t z, zui_ui_t z) { zui_ui_t *z = z; z->z = z; z->z = z; z->z = z->z; z->z = z->z; z->z = z->z; z->z = z->z; }