============================== Sample 1 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined init_child_item() PUSH R12 PUSH RBP MOV RBP,RDI PUSH RBX MOV RBX,qword ptr [RDI + 0x60] CALL .plt:e_tree_get_type ;undefined e_tree_get_type() MOV R12,RAX CALL .plt:::gtk_accessible_get_type ;undefined gtk_accessible_get_type() MOV RDI,RBP MOV RSI,RAX CALL .plt:::g_type_check_instance_cast ;undefined g_type_check_instance_cast() MOV RDI,RAX CALL .plt:::gtk_accessible_get_widget ;undefined gtk_accessible_get_widget() MOV RSI,R12 MOV RDI,RAX CALL .plt:::g_type_check_instance_cast ;undefined g_type_check_instance_cast() TEST RAX,RAX JZ LAB_002ea090 MOV RDI,RAX CALL .plt:e_tree_get_item ;undefined e_tree_get_item() CMP qword ptr [RBX],0x0 JZ LAB_002ea070 POP RBX POP RBP POP R12 RET ?? 66h f ?? 90h LAB_002ea070: MOV ESI,0x50 MOV RDI,RAX CALL .plt:::g_type_check_instance_cast ;undefined g_type_check_instance_cast() MOV RDI,RAX CALL .plt:::atk_gobject_accessible_for_object ;undefined atk_gobject_accessible_for... MOV qword ptr [RBX],RAX POP RBX POP RBP POP R12 RET ?? 0Fh ?? 1Fh ?? 00h LAB_002ea090: POP RBX LEA RDX,[.rodata:DAT_00318012] ;= 74h t LEA RSI,[.rodata:__func__.0] ;= "init_child_item" POP RBP LEA RDI,[.rodata:s_evolution-util_002ef0ab] ;= "evolution-util" POP R12 JMP .plt:::g_return_if_fail_warning ;undefined g_return_if_fail_warning() ?? 66h f Actual src: static void init_child_item (GalA11yETree *a11y) { GalA11yETreePrivate *priv = a11y->priv; ETree *tree; ETableItem * eti; tree = E_TREE (gtk_accessible_get_widget (GTK_ACCESSIBLE (a11y))); g_return_if_fail (tree); eti = e_tree_get_item (tree); if (priv->child_item == NULL) { priv->child_item = atk_gobject_accessible_for_object (G_OBJECT (eti)); } } Predicted src: static void e_tree_item_init (GtkWidget *widget) { GtkWidget *widget; widget = E_TREE_ITEM (widget); g_return_if_fail (GTK_IS_WIDGET (widget)); widget = E_TREE_ITEM (widget); if (widget == NULL) return; widget->priv->items = g_object_get_data (G_OBJECT (widget), "items"); } ============================== Sample 2 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined secu_PrintDecodedBitString() ;local_28 undefined8 -28 ;local_38 undefined1[16] -38 PUSH R12 MOV R12D,ECX PUSH RBP MOV RBP,RDI PUSH RBX SUB RSP,0x20 MOV RCX,qword ptr [RSI + 0x10] MOVDQU XMM0,xmmword ptr [RSI] MOV RSI,RSP MOV EAX,ECX MOV EBX,ECX MOV qword ptr [RSP + local_28+0x38],RCX MOV ECX,R12D ADD EAX,0x7 MOVAPS xmmword ptr [RSP]=>local_38,XMM0 SHR EAX,0x3 MOV dword ptr [RSP + local_28+0x38],EAX AND EBX,0x7 JZ LAB_0010a200 CALL SECU_PrintAsHex ;undefined SECU_PrintAsHex() LEA ESI,[R12 + 0x1] MOV RDI,RBP CALL SECU_Indent ;undefined SECU_Indent() MOV ECX,0x8 MOV RDI,RBP XOR EAX,EAX SUB ECX,EBX LEA RDX,[.rodata:s_(%d_least_significant_bits_unuse_00116290] ;= "(%d least significant bits unused... MOV ESI,0x1 CALL .plt:::__fprintf_chk ;undefined __fprintf_chk() ADD RSP,0x20 POP RBX POP RBP POP R12 RET LAB_0010a200: CALL SECU_PrintAsHex ;undefined SECU_PrintAsHex() ADD RSP,0x20 POP RBX POP RBP POP R12 RET ?? 66h f Actual src: static void secu_PrintDecodedBitString(FILE *out, const SECItem *i, const char *m, int level) { int unused_bits; SECItem tmp = *i; unused_bits = (tmp.len & 0x7)? 8 - (tmp.len & 7) : 0; DER_ConvertBitString(&tmp); /* convert length to byte length */ SECU_PrintAsHex(out, &tmp, m, level); if (unused_bits) { SECU_Indent(out, level + 1); fprintf(out, "(%d least significant bits unused)\n", unused_bits); } } Predicted src: int PrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrintPrin ============================== Sample 3 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined gp_arrow_button_constructed() PUSH RBP MOV RBP,RDI MOV RDI,qword ptr [.bss:gp_arrow_button_parent_class] ;=?? MOV ESI,0x50 CALL .plt:::g_type_check_class_cast ;undefined g_type_check_class_cast() MOV RDI,RBP CALL qword ptr [RAX + 0x48] CALL .plt:::gtk_widget_get_type ;undefined gtk_widget_get_type() MOV RDI,RBP MOV RSI,RAX CALL .plt:::g_type_check_instance_cast ;undefined g_type_check_instance_cast() MOV RDI,RAX CALL .plt:::gtk_widget_get_accessible ;undefined gtk_widget_get_accessible() LEA RSI,[.rodata:s_Hide_Panel_00138771] ;= "Hide Panel" XOR EDI,EDI MOV EDX,0x5 MOV RBP,RAX CALL .plt:::dcgettext ;undefined dcgettext() MOV RDI,RBP POP RBP MOV RSI,RAX JMP .plt:::atk_object_set_name ;undefined atk_object_set_name() ?? 66h f Actual src: static void gp_arrow_button_constructed (GObject *object) { GtkWidget *widget; AtkObject *atk; G_OBJECT_CLASS (gp_arrow_button_parent_class)->constructed (object); widget = GTK_WIDGET (object); atk = gtk_widget_get_accessible (widget); atk_object_set_name (atk, _("Hide Panel")); } Predicted src: static void gtk_widget_button_set_name (GtkWidget *widget) { GtkWidget *widget; widget = GTK_WIDGET_CLASS (gtk_widget_parent_class)->set_name (widget); GTK_WIDGET_CLASS (gtk_widget_parent_class)->set_name (widget, widget); } ============================== Sample 4 ============================== ASM: ;************************************************************************************************************************************************************ ;* op_0690_40_ff(unsigned int) * ;************************************************************************************************************************************************************ ;undefined op_0690_40_ff(uint param_1) ;param_1 uint EDI AND param_1,0x7 PUSH R12 MOV RAX,qword ptr [.bss:regs[72]] MOV R12D,dword ptr [.bss:regs[32] + param_1*0x4] PUSH RBP PUSH RBX MOV EBX,dword ptr [RAX + 0x2] MOV EBP,R12D MOV param_1,R12D SHR EBP,0x10 MOV RAX,qword ptr [.bss:mem_banks + RBP*0x8] BSWAP EBX MOV EDX,dword ptr [RAX + 0x6c] OR dword ptr [.bss:special_mem],EDX CALL qword ptr [RAX] XOR ECX,ECX MOV ESI,EAX MOV EDX,EAX MOV EAX,dword ptr [.bss:regflags] ADD ESI,EBX SETZ CL AND EAX,0xffffbffe MOV param_1,ESI SHL ECX,0xe XOR param_1,EBX OR EAX,ECX MOV ECX,ESI XOR ECX,EDX AND ECX,param_1 MOV param_1,R12D SHR ECX,0x1f OR EAX,ECX AND AH,0xfe ADD EDX,EBX SETC DL Actual src: uae_u32 REGPARAM2 CPUFUNC(op_4650_0)(uae_u32 opcode) { uae_u32 srcreg = (opcode & 7); {{ uaecptr srca; srca = m68k_areg (regs, srcreg); { uae_s16 src = get_word (srca); { uae_u32 dst = ~src; CLEAR_CZNV (); SET_ZFLG (((uae_s16)(dst)) == 0); SET_NFLG (((uae_s16)(dst)) < 0); put_word (srca, dst); }}}} m68k_incpc (2); return 8 * CYCLE_UNIT / 2; } Predicted src: uae_u32 REGPARAM2 CPUFUNC(op_0a8_0)(uae_u32 opcode) { uae_u32 srcreg = (opcode & 7); {{ uaecptr srca; srca = m68k_areg (regs, srcreg) + (uae_s32)(uae_s16)get_diword (2); { uae_s8 src = get_byte (srca); CLEAR_CZNV (); SET_ZFLG (((uae_s8)(src)) == 0); SET_NFLG (((uae_s8)(src)) < 0); put_byte (srca, src); }}}} m68k_incpc (4); return 8 * CYCLE_UNIT / 2; } ============================== Sample 5 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined crashhandlerOptionsInitDisplay() ;local_1c undefined4 -1c PUSH R12 MOV EDI,0x1 MOV R12,RSI MOV ESI,0x1a8 PUSH RBP SUB RSP,0x18 CALL .plt:::calloc ;void * calloc(size_t __nmemb, size_t... TEST RAX,RAX JZ LAB_00102aa8 MOV RDI,R12 MOV RBP,RAX CALL .plt:allocateScreenPrivateIndex ;undefined allocateScreenPrivateIndex() MOV dword ptr [RBP],EAX TEST EAX,EAX JS LAB_00102a78 MOVSXD RDX,dword ptr [.bss:CrashhandlerOptionsDisplayPrivateIndex] ;=?? MOV RAX,qword ptr [R12 + 0x8] MOV RDI,R12 LEA RCX,[RBP + 0x8] MOV R8D,0x4 LEA RSI,[.bss:crashhandlerOptionsMetadata] ;=?? MOV qword ptr [RAX + RDX*0x8],RBP LEA RDX,[.data.rel.ro:crashhandlerOptionsDisplayOptionInfo] CALL .plt:compInitDisplayOptionsFromMetadata ;undefined compInitDisplayOptionsFrom... TEST EAX,EAX JZ LAB_00102a90 MOV EAX,0x1 LAB_00102a6d: ADD RSP,0x18 POP RBP POP R12 RET ?? 0Fh ?? 1Fh ?? 00h LAB_00102a78: MOV RDI,RBP CALL .plt:::free ;void free(void * __ptr) ADD RSP,0x18 XOR EAX,EAX POP RBP POP R12 RET ?? 66h f ?? 0Fh ?? 1Fh ?? 44h D ?? 00h ?? 00h LAB_00102a90: MOV RDI,RBP MOV dword ptr [RSP + local_1c+0x28],EAX CALL .plt:::free ;void free(void * __ptr) MOV EAX,dword ptr [RSP + local_1c+0x28] ADD RSP,0x18 POP RBP POP R12 RET LAB_00102aa8: XOR EAX,EAX JMP LAB_00102a6d ?? 0Fh Actual src: static Bool crashhandlerOptionsInitDisplay (CompPlugin *p, CompDisplay *d) { CrashhandlerOptionsDisplay *od; od = calloc (1, sizeof(CrashhandlerOptionsDisplay)); if (!od) return FALSE; od->screenPrivateIndex = allocateScreenPrivateIndex(d); if (od->screenPrivateIndex < 0) { free(od); return FALSE; } d->base.privates[CrashhandlerOptionsDisplayPrivateIndex].ptr = od; if (!compInitDisplayOptionsFromMetadata (d, &crashhandlerOptionsMetadata, crashhandlerOptionsDisplayOptionInfo, od->opt, CrashhandlerDisplayOptionNum)) { free (od); return FALSE; } return TRUE; } Predicted src: static CompOption * handlerOptionsInitDisplayOptions (CompPlugin *plugin, CompDisplay *d) { int i; if (!od) { return NULL; } for (i = 0; i < NUM_OPTIONS_DISPLAY (d); i++) { if (!od->base.privates[i].value) { free (od->base.privates[i].value); free (od); return NULL; } } return &od->opt; }