============================== Sample 1 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined _mlgmp_z_tdiv_ui() ;local_38 undefined8 -38 ;local_40 undefined8 -40 ;local_48 undefined8 -48 ;local_50 undefined8 -50 ;local_58 undefined8 -58 ;local_60 undefined8 -60 ;local_68 undefined8 -68 PUSH RBP PUSH RBX SUB RSP,0x58 LEA RAX,[.bss:Caml_state] MOV qword ptr [RSP]=>local_68,RSI SAR RSI,1 MOV RBX,qword ptr [RAX]=>.bss:Caml_state LEA RAX=>local_58,[RSP + 0x10] MOV qword ptr [RSP + local_60+0x68],RDI MOV qword ptr [RSP + local_48+0x68],0x1 MOV qword ptr [RSP + local_50+0x68],0x2 MOV RBP,qword ptr [RBX + 0x120] MOV qword ptr [RBX + 0x120],RAX LEA RAX=>local_60,[RSP + 0x8] MOV qword ptr [RSP + local_40+0x68],RAX MOV RAX,RSP MOV qword ptr [RSP + local_58+0x68],RBP MOV qword ptr [RSP + local_38+0x68],RAX JZ LAB_0018328b MOV RAX,qword ptr [RSP + local_60+0x68] LEA RDI,[RAX + 0x8] CALL .plt:::__gmpz_tdiv_ui ;undefined __gmpz_tdiv_ui() MOV qword ptr [RBX + 0x120],RBP ADD RSP,0x58 LEA RAX,[RAX + RAX*0x1 + 0x1] POP RBX POP RBP RET LAB_0018328b: CALL division_by_zero ;undefined division_by_zero() ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined _mlgmp_z_fdiv_qr() ;local_40 undefined8 -40 ;local_48 undefined8 -48 ;local_50 undefined8 -50 ;local_58 undefined8 -58 ;local_60 undefined8 -60 ;local_68 undefined8 -68 ;local_88 undefined8 -88 ;local_90 undefined8 -90 ;local_98 undefined8 -98 ;local_a0 undefined8 -a0 ;local_a8 undefined8 -a8 ;local_b0 undefined8 -b0 ;local_b8 undefined8 -b8 ;local_c0 undefined8 -c0 ;local_d0 undefined8 -d0 ;local_d8 undefined8 -d8 PUSH R13 Actual src: z_xdivision_op(t) Predicted src: value mlml_ui_ui_ui (value x) { CAMLparam1 (x); CAMLparam1 (x); return Val_unit; } ============================== Sample 2 ============================== ASM: ;************************************************************************************************************************************************************ ;* pugi::xml_node::hash_value() const * ;************************************************************************************************************************************************************ ;undefined hash_value(xml_node * this) ;this xml_node * RDI MOV RAX,qword ptr [this] SHR RAX,0x6 RET ?? 0Fh Actual src: size_t xml_node::hash_value() const { return static_cast(reinterpret_cast(_root) / sizeof(xml_node_struct)); } Predicted src: const char* xml_node::value() const { return m_value.value(); } ============================== Sample 3 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined gdm_dbus_chooser_skeleton_init() PUSH RBX MOV RBX,RDI MOVSXD RDI,dword ptr [.bss:GdmDBusChooserSkeleton_private_offset] ADD RDI,RBX MOV qword ptr [RBX + 0x20],RDI ADD RDI,0x20 CALL .plt:::g_mutex_init ;undefined g_mutex_init() MOV RBX,qword ptr [RBX + 0x20] CALL .plt:::g_main_context_ref_thread_default ;undefined g_main_context_ref_thread_... MOV qword ptr [RBX + 0x18],RAX POP RBX RET ?? 66h f Actual src: static void gdm_dbus_chooser_skeleton_init (GdmDBusChooserSkeleton *skeleton) { #if GLIB_VERSION_MAX_ALLOWED >= GLIB_VERSION_2_38 skeleton->priv = gdm_dbus_chooser_skeleton_get_instance_private (skeleton); #else skeleton->priv = G_TYPE_INSTANCE_GET_PRIVATE (skeleton, GDM_DBUS_TYPE_CHOOSER_SKELETON, GdmDBusChooserSkeletonPrivate); #endif g_mutex_init (&skeleton->priv->lock); skeleton->priv->context = g_main_context_ref_thread_default (); } Predicted src: static void xdp_dbus_context_skeleton_init (XdpDBusContextSkeleton *skeleton) { #if GLIB_VERSION_MAX_ALLOWED >= GLIB_VERSION_2_38 skeleton->priv = XDP_dbus_context_skeleton_get_instance_private (skeleton); #else skeleton->priv = G_TYPE_INSTANCE_GET_PRIVATE (skeleton, XDP_DBUS_TYPE_CONTEXT_SKELETON, XdpDBusContextSkeletonPrivate); #endif g_mutex_init (&skeleton->priv->lock); skeleton->priv->context = g_main_context_ref_thread_default (); } ============================== Sample 4 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined scg_create_reverse() PUSH R14 PUSH R13 PUSH R12 PUSH RBP MOVSXD RBP,EDI PUSH RBX CMP EBP,0xf767 JG LAB_0010cb6e MOV R12D,ESI CMP ESI,0xf767 JG LAB_0010cb28 XOR ESI,ESI MOV EDI,R12D MOV EBX,EDX MOV R13D,ECX CALL .plt:scg_loadcg_no ;undefined scg_loadcg_no() MOV R14,RAX TEST RAX,RAX JZ LAB_0010cb67 MOV EDI,0x18 CALL .plt:::g_malloc ;undefined g_malloc() MOV RDI,qword ptr [R14 + 0x8] LEA ECX,[RBX + RBX*0x1] MOV dword ptr [RAX],0x3 OR ECX,R13D MOV R12,RAX MOV EDX,dword ptr [RDI + 0x8] MOV ESI,dword ptr [RDI + 0x4] MOV dword ptr [RAX + 0x4],EBP MOV dword ptr [RAX + 0x10],0x0 CALL stretch ;undefined stretch() MOV EDI,EBP MOV qword ptr [R12 + 0x8],RAX CALL .plt:scg_free ;undefined scg_free() MOV RAX,qword ptr [->sactprv] ;= 00124820 MOV qword ptr [RAX + RBP*0x8 + 0x2aac8]=>.bss:sactprv[174792],R12 XOR EAX,EAX LAB_0010cb1c: POP RBX POP RBP POP R12 POP R13 POP R14 RET ?? 0Fh ?? 1Fh ?? 00h LAB_0010cb28: MOV RAX,qword ptr [->sys_nextdebuglv] ;= 0034e0c8 LEA RSI,[.rodata:__FUNCTION__.8] ;= "scg_create_reverse" LEA RDI,[.rodata:s_*WARNING*(%s):_0011c308] ;= "*WARNING*(%s): " MOV dword ptr [RAX]=>EXTERNAL:sys_nextdebuglv,0x1 ;=?? XOR EAX,EAX CALL .plt:sys_message ;undefined sys_message() XOR EAX,EAX MOV EDX,0xf768 MOV ESI,R12D LEA RDI,[.rodata:s_no_is_too_large_(should_be_%d_<_%_0011ce40] ;= "no is too large (should be %d < %... CALL .plt:sys_message ;undefined sys_message() MOV EAX,0xffffffff JMP LAB_0010cb1c LAB_0010cb67: MOV EAX,0xffffffff JMP LAB_0010cb1c LAB_0010cb6e: MOV RAX,qword ptr [->sys_nextdebuglv] ;= 0034e0c8 LEA RSI,[.rodata:__FUNCTION__.8] ;= "scg_create_reverse" LEA RDI,[.rodata:s_*WARNING*(%s):_0011c308] ;= "*WARNING*(%s): " MOV dword ptr [RAX]=>EXTERNAL:sys_nextdebuglv,0x1 ;=?? XOR EAX,EAX CALL .plt:sys_message ;undefined sys_message() XOR EAX,EAX MOV EDX,0xf768 MOV ESI,EBP LEA RDI,[.rodata:s_no_is_too_large_(should_be_%d_<_%_0011ce40] ;= "no is too large (should be %d < %... CALL .plt:sys_message ;undefined sys_message() MOV EAX,0xffffffff JMP LAB_0010cb1c ?? 90h Actual src: int scg_create_reverse(int wNumCG, int wNumSrcCG, int wReverseX, int wReverseY) { cginfo_t *i, *srccg; surface_t *src; spcg_assert_no(wNumCG); spcg_assert_no(wNumSrcCG); // ¸µ¤Ë¤¹¤ëCG¤ò»²¾È (LINKCG¤Ê¤éÆÉ¤ß¹þ¤ß) if (NULL == (srccg = scg_loadcg_no(wNumSrcCG, FALSE))) { return NG; } i = g_new(cginfo_t, 1); i->type = CG_REVERSE; i->no = wNumCG; i->refcnt = 0; src = srccg->sf; i->sf = stretch(src, src->width, src->height, (wReverseX << 1) | wReverseY); // ¤â¤·Á°¤ËºîÀ®¤·¤¿¤â¤Î¤¬¤¢¤ê¡¢Ì¤³«Êü¤Î¾ì¹ç¤Ï³«Êü scg_free(wNumCG); sact.cg[wNumCG] = i; return OK; } Predicted src: int create_message(int message_id, int message_id) { int i; if (message_id == -1) { return -1; } if (message_id == -1) { message_id = g_malloc(sizeof(int) * message_id); if (message_id == -1) { message_id = g_malloc(sizeof(int) * message_id); message_id = g_malloc(sizeof(int) * message_id); message_id = g_malloc(sizeof(int) * message_id); message_id = g_malloc(sizeof(int) * message_id); message_id = g_malloc(sizeof(int) * message_id); message_id = g_malloc(sizeof(int) * message_id); message_id = g_malloc(sizeof(int) * message_id); message_id = g_malloc(sizeof(int) * message_id); message_id = g_malloc(sizeof(int) * message_id); message_id = g_malloc(sizeof(int) * message_id); message_id = g_malloc(sizeof(int) * message_id); message_id = g_malloc(sizeof(int) * message_id); message_id = g_malloc(sizeof(int) * message_id); message_id = g_malloc(sizeof(int) * message_id); message_id = g_malloc(sizeof(int) * message_id; message_id = g_malloc(sizeof(int) * message_id); message_id = g_malloc(sizeof(int) * message_id; message_id = g_malloc(sizeof(int) * message_id); message_id = g_malloc(sizeof(int) * message_id; message_id = g_malloc(sizeof(int) * message_id; message_id = g_malloc(sizeof(int) * message_id; message_id = g_malloc(sizeof(int) * message_id); message_id = g_malloc(sizeof(int) * message_id; message_id = g_malloc(sizeof(int) * message_id; message_id = g_malloc(int) * message_id; message_free(message_id); message_free(message_id); message_free(message_id); } } return 0; } ============================== Sample 5 ============================== ASM: ;************************************************************************************************************************************************************ ;* FUNCTION * ;************************************************************************************************************************************************************ ;undefined dhcp6_calc_mac() ;local_30 undefined8 -30 ;local_48 undefined1[16] -48 PUSH R13 PUSH R12 PUSH RBP PUSH RBX SUB RSP,0xc8 MOV RAX,qword ptr FS:[0x28] MOV qword ptr [RSP + local_30+0xe8],RAX XOR EAX,EAX CMP ECX,0x1 JNZ LAB_00112b80 LEA RAX,[R8 + 0x10] MOV RBX,RSI MOV RBP,R8 CMP RAX,RSI JA LAB_00112b80 MOV RSI,qword ptr [R9 + 0x28] MOV EDX,dword ptr [R9 + 0x30] MOV R13,RSP MOV R12,RDI MOV RDI,R13 CALL hmacmd5_init ;undefined hmacmd5_init() MOV EDX,EBX MOV RSI,R12 MOV RDI,R13 CALL md5_update ;undefined md5_update() LEA RSI=>local_48,[RSP + 0xa0] MOV RDI,R13 CALL hmacmd5_sign ;undefined hmacmd5_sign() XOR EAX,EAX MOVDQA XMM0,xmmword ptr [RSP + local_48[0]+0xe8] MOVUPS xmmword ptr [R12 + RBP*0x1],XMM0 LAB_00112b57: MOV RDX,qword ptr [RSP + local_30+0xe8] SUB RDX,qword ptr FS:[0x28] JNZ LAB_00112b87 ADD RSP,0xc8 POP RBX POP RBP POP R12 POP R13 RET ?? 0Fh ?? 1Fh ?? 84h ?? 00h ?? 00h ?? 00h ?? 00h ?? 00h LAB_00112b80: MOV EAX,0xffffffff JMP LAB_00112b57 LAB_00112b87: CALL .plt:::__stack_chk_fail ;undefined __stack_chk_fail() NOP dword ptr [RAX] Actual src: int dhcp6_calc_mac(buf, len, proto, alg, off, key) char *buf; size_t len, off; int proto, alg; struct keyinfo *key; { hmacmd5_t ctx; unsigned char digest[MD5_DIGESTLENGTH]; /* right now, we don't care about the protocol */ if (alg!= DHCP6_AUTHALG_HMACMD5) return (-1); if (off + MD5_DIGESTLENGTH > len) { /* * this should be assured by the caller, but check it here * for safety. */ return (-1); } hmacmd5_init(&ctx, key->secret, key->secretlen); hmacmd5_update(&ctx, buf, len); hmacmd5_sign(&ctx, digest); memcpy(buf + off, digest, MD5_DIGESTLENGTH); return (0); } Predicted src: int md5_md5_md5(md5_context context, const uint8_t *md5) { md5_md5_ctx ctx; md5_md5_t ctx; md5_md5_init(&ctx, md5); md5_md5_update(&ctx, md5); md5_md5_update(&ctx, md5); md5_md5_update(&ctx, md5); md5_md5_update(&ctx, md5); md5_md5_update(&ctx, md5); return 0; }