============================== Sample 1 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined ioe_err_free() PUSH RBX MOV RBX,RDI MOV RDI,qword ptr [RDI] CALL .plt:free ;void free(void * __ptr) MOV RDI,qword ptr [RBX + 0x10] POP RBX JMP .plt:free ;void free(void * __ptr) ?? 66h f Actual src: void ioe_err_free(ioe_err_t *err) { free(err->path); free(err->msg); } Predicted src: void free_err(err_t *err) { free(err->err); free(err); } ============================== Sample 2 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined bio_close() PUSH RBP MOV RBP,RDI PUSH RBX SUB RSP,0x8 CMP byte ptr [RDI + 0x24],0x1 JZ LAB_0010c0e0 LAB_0010c0af: CMP byte ptr [RBP + 0x25],0x0 MOV EDI,dword ptr [RBP + 0x28] JNZ LAB_0010c0d8 CALL .plt:::close ;int close(int __fd) LAB_0010c0bd: MOV RDI,qword ptr [RBP] CALL .plt.got:::free ;void free(void * __ptr) ADD RSP,0x8 MOV RDI,RBP POP RBX POP RBP JMP .plt.got:::free ;void free(void * __ptr) ?? 0Fh ?? 1Fh ?? 40h @ ?? 00h LAB_0010c0d8: CALL tcpclose ;undefined tcpclose() JMP LAB_0010c0bd ?? 90h LAB_0010c0e0: CMP byte ptr [RDI + 0x26],0x0 JNZ LAB_0010c0af MOV EBX,dword ptr [RDI + 0xc] TEST EBX,EBX JZ LAB_0010c0af CMP byte ptr [RBP + 0x25],0x0 MOV EDI,dword ptr [RDI + 0x28] MOV RSI,qword ptr [RBP] JZ LAB_0010c120 MOV ECX,dword ptr [RBP + 0x14] MOV EDX,EBX CALL tcptowrite ;undefined tcptowrite() LAB_0010c104: CMP EBX,EAX JLE LAB_0010c110 MOV byte ptr [RBP + 0x26],0x1 TEST EAX,EAX JS LAB_0010c116 LAB_0010c110: CDQE ADD qword ptr [RBP + 0x18],RAX LAB_0010c116: MOV dword ptr [RBP + 0xc],0x0 JMP LAB_0010c0af ?? 90h LAB_0010c120: MOV EDX,EBX CALL .plt:::write ;ssize_t write(int __fd, void * __buf... JMP LAB_0010c104 ?? 0Fh Actual src: void bio_close(bio *b) { if (b->direction==BIO_WRITE) { bio_flush(b); } if (b->type==0) { close(b->fd); } else { tcpclose(b->fd); } free(b->buff); free(b); } Predicted src: static void write_to_close (void *data) { struct close_state *state = data; if (state->fd >= 0) close (state->fd); if (state->fd >= 0) close (state->fd); if (state->fd >= 0) close (state->fd); if (state->fd >= 0) close (state->fd); if (state->fd >= 0) close (state->fd); if (state->fd >= 0) close (state->fd); close (state); } ============================== Sample 3 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined mX11ClipboardDestroy() TEST RDI,RDI JZ LAB_00143770 PUSH RBP MOV RBP,RDI MOV RDI,qword ptr [RDI + 0x8] CALL mFree ;undefined mFree() MOV qword ptr [RBP + 0x8],0x0 MOV RDI,qword ptr [RBP + 0x18] CALL mFree ;undefined mFree() MOV qword ptr [RBP + 0x18],0x0 MOV RDI,RBP MOV dword ptr [RBP],0x0 POP RBP JMP mFree ;undefined mFree() ?? 0Fh ?? 1Fh ?? 44h D ?? 00h ?? 00h LAB_00143770: RET ?? 66h f Actual src: void mX11ClipboardDestroy(mX11Clipboard *p) { if(p) { mX11ClipboardFreeDat(p); mFree(p); } } Predicted src: void mFreeFree(mFree *m) { m->mFree = NULL; m->mFree = NULL; m->mFree = NULL; m->mFree = NULL; m->mFree = NULL; m->mFree = NULL; m->mFree = NULL; m->mFree = NULL; } ============================== Sample 4 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined sdl_mixer_init() SUB RSP,0x8 MOVZX EAX,byte ptr [.bss:is_audio_initialized] ;=?? TEST AL,AL JZ LAB_0017987e CMP byte ptr [.bss:audio_open],0x0 ;=?? JZ LAB_0017989d LAB_00179879: ADD RSP,0x8 RET LAB_0017987e: LEA RCX,[.rodata:__PRETTY_FUNCTION__.16] ;= "sdl_mixer_init" MOV EDX,0x2b5 LEA RSI,[.rodata:s_c_utils.c_00253f10] ;= "c_utils.c" LEA RDI,[.rodata:s_is_audio_initialized_00253fd8] ;= "is_audio_initialized" CALL .plt:::__assert_fail ;void __assert_fail(char * __assertio... LAB_0017989d: MOV ECX,0x1000 MOV EDX,0x2 MOV ESI,0x8010 MOV EDI,0xac44 CALL .plt:::Mix_OpenAudio ;undefined Mix_OpenAudio() TEST EAX,EAX JNZ LAB_001798c3 MOV byte ptr [.bss:audio_open],0x1 ;=?? JMP LAB_00179879 LAB_001798c3: MOV byte ptr [.bss:audio_open],0x0 ;=?? LEA RDI,[.rodata:s_Unable_to_open_audio!_00253fed] ;= "Unable to open audio!\r" CALL .plt:::puts ;int puts(char * __s) JMP LAB_00179879 ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined play_mod() PUSH RBP Actual src: void sdl_mixer_init(void) { static const Uint16 audio_format = AUDIO_S16; static const int audio_channels = 2; static const int audio_buffers = 4096; //printf ("sdl_mixer_init called, is_audio_initialized=%d, audio_open=%d\r\n", is_audio_initialized, audio_open); assert (is_audio_initialized); //assert (!audio_open); if (audio_open) /* avoid double initialization */ return; if (Mix_OpenAudio(audio_rate, audio_format, audio_channels, audio_buffers)) { audio_open = 0; printf("Unable to open audio!\r\n"); } else { audio_open = 1; } } Predicted src: void audio_audio_init(void) { if (!audio_is_audio) return; audio_is_audio = false; audio_is_audio = false; audio_is_audio = false; audio_is_audio = false; } ============================== Sample 5 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined QCoreApplication_quit(void) JMP .plt:::QCoreApplication::quit ?? 66h f Actual src: void QCoreApplication_quit() { QCoreApplication::quit(); } Predicted src: void QStyleOptionEdit_quit(QStyleOptionEditH handle) { ((QStyleOptionEdit *)handle)->quit(); }