├── tests ├── fixtures │ └── bifrose_archive │ │ ├── equates.json │ │ ├── decomp │ │ ├── 10002f88_FUN_10002f88.c │ │ ├── 10002b08_FUN_10002b08.c │ │ ├── 100041f4_FUN_100041f4.c │ │ ├── 10002b11_FUN_10002b11.c │ │ ├── 10002d47_FUN_10002d47.c │ │ ├── 10003f93_FUN_10003f93.c │ │ ├── 10004061_FUN_10004061.c │ │ ├── 100041eb_FUN_100041eb.c │ │ ├── 10005758_FUN_10005758.c │ │ ├── 10006c6f_FUN_10006c6f.c │ │ ├── 10006e3e_FUN_10006e3e.c │ │ ├── 10006fa4_FUN_10006fa4.c │ │ ├── 10008cca_FUN_10008cca.c │ │ ├── 100016f4_FUN_100016f4.c │ │ ├── 10003a2f_FUN_10003a2f.c │ │ ├── 10003a38_FUN_10003a38.c │ │ ├── 10003bee_FUN_10003bee.c │ │ ├── 10003bfa_FUN_10003bfa.c │ │ ├── 10004370_FUN_10004370.c │ │ ├── 10004703_FUN_10004703.c │ │ ├── 10004ace_FUN_10004ace.c │ │ ├── 10004e3e_FUN_10004e3e.c │ │ ├── 100096ff_FUN_100096ff.c │ │ ├── 1000263e_FUN_1000263e.c │ │ ├── 10005a14_FUN_10005a14.c │ │ ├── 10001537_entry.c │ │ ├── 100088bc_FUN_100088bc.c │ │ ├── 10007166_FUN_10007166.c │ │ ├── 10007973_FUN_10007973.c │ │ ├── 10007a54_FUN_10007a54.c │ │ ├── 10008584_FUN_10008584.c │ │ ├── 10009304_FUN_10009304.c │ │ ├── 1000429f_FUN_1000429f.c │ │ ├── 100041bc_FUN_100041bc.c │ │ ├── 10005422_FUN_10005422.c │ │ ├── 10001393_FUN_10001393.c │ │ ├── 10002cf7_FUN_10002cf7.c │ │ ├── 1000594b_FUN_1000594b.c │ │ ├── 10003e56_FUN_10003e56.c │ │ ├── 10002d38___cexit.c │ │ ├── 10002d0c__exit.c │ │ ├── 10002d22___exit.c │ │ ├── 10005987_FUN_10005987.c │ │ ├── 10005996_FUN_10005996.c │ │ ├── 100059a5_FUN_100059a5.c │ │ ├── 10003865___encoded_null.c │ │ ├── 100086c6_FUN_100086c6.c │ │ ├── 1000995c__atol.c │ │ ├── 100013a6___get_printf_count_output.c │ │ ├── 1000521c__isleadbyte.c │ │ ├── 10008788___global_unwind2.c │ │ ├── 10004b07____initmbctable.c │ │ ├── 100057ca____get_sigabrt.c │ │ ├── 10009a2a____initconout.c │ │ ├── 1000543e__EH4_CallFilterFunc.c │ │ ├── 10005de3___ismbblead.c │ │ ├── 10007a5e___freea.c │ │ ├── 1000951b__mbtowc.c │ │ ├── 10002af0____crtExitProcess.c │ │ ├── 1000575e__atexit.c │ │ ├── 100013bc_fast_error_exit.c │ │ ├── 10003aba___getptd.c │ │ ├── 1000546e__EH4_GlobalUnwind.c │ │ ├── 10005626___initp_eh_hooks.c │ │ ├── 100027dd___errno.c │ │ ├── 10005488__EH4_LocalUnwind.c │ │ ├── 10005775___initp_misc_winsig.c │ │ ├── 100027f0____doserrno.c │ │ ├── 100051c7__wctomb_s.c │ │ ├── 1000286d___SEH_epilog4.c │ │ ├── 10002a9c___amsg_exit.c │ │ ├── 10009bbe_RtlUnwind.c │ │ ├── 100037a7___RTC_Initialize.c │ │ ├── 10002b1a___initterm.c │ │ ├── 10003d90___heap_init.c │ │ ├── 10009708___unlock_fhandle.c │ │ ├── 10001a33_write_multi_char.c │ │ ├── 10005a23___callnewh.c │ │ ├── 1000889d___NLG_Notify.c │ │ ├── 10009946___alloca_probe_8.c │ │ ├── 1000180c___lock_file2.c │ │ ├── 10001945___ftbuf.c │ │ ├── 10004379___lock.c │ │ ├── 10002803___dosmaperr.c │ │ ├── 100038e9____set_flsgetvalue.c │ │ ├── 1000930e___freebuf.c │ │ ├── 10009930___alloca_probe_16.c │ │ ├── 1000187a___unlock_file2.c │ │ ├── 10002b37___initterm_e.c │ │ ├── 10004442_CPtoLCID.c │ │ ├── 1000126a___security_check_cookie.c │ │ ├── 10008aee__strtol.c │ │ ├── 10004410___fileno.c │ │ ├── 100054a0___ValidateImageBase.c │ │ ├── 10005722___onexit.c │ │ ├── 10004fae___initp_misc_cfltcvt_tab.c │ │ ├── 10006165____sbh_find_block.c │ │ ├── 100017cb___lock_file.c │ │ ├── 10002f4f___FF_MSGBANNER.c │ │ ├── 100055ed_terminate.c │ │ ├── 10005793_siglookup.c │ │ ├── 10005455__EH4_TransferToHandler.c │ │ ├── 1000183e___unlock_file.c │ │ ├── 100059b4____crtInitCritSecAndSpinCount.c │ │ ├── 10002ac5____crtCorExitProcess.c │ │ ├── 1000972f____ansicp.c │ │ ├── 100012be____inittime.c │ │ ├── 1000391d___mtterm.c │ │ ├── 10002d56___init_pointers.c │ │ ├── 1000279b___get_errno_from_oserr.c │ │ ├── 10006c29__V6_HeapAlloc.c │ │ ├── 100016c0___allmul.c │ │ ├── 10002a6c___crt_waiting_on_module_handle.c │ │ ├── 100051e4___isleadbyte_l.c │ │ ├── 100081fc____free_lconv_num.c │ │ ├── 10005d45___set_error_mode.c │ │ ├── 10001279__clock.c │ │ ├── 10009540___alloca_probe.c │ │ ├── 100040d2___fflush_nolock.c │ │ ├── 10001a59_write_string.c │ │ ├── 10002a1c___CxxUnhandledExceptionFilter.c │ │ ├── 100043ac___isatty.c │ │ ├── 100070f2_FUN_100070f2.c │ │ ├── 10003e5e___malloc_crt.c │ │ ├── 100041fd___mtinitlocks.c │ │ ├── 1000858e___getbuf.c │ │ ├── 100085e0_fastzero_I.c │ │ ├── 10003ea3___calloc_crt.c │ │ ├── 10004d96___updatetlocinfoEx_nolock.c │ │ ├── 10001a00_write_char.c │ │ ├── 10003eef___realloc_crt.c │ │ ├── 10004dd4____updatetlocinfo.c │ │ ├── 10002775___invalid_parameter.c │ │ ├── 10002b5b___cinit.c │ │ ├── 100054e0___FindPESection.c │ │ ├── 10007e23____crtLCMapStringA.c │ │ ├── 1000707b___fclose_nolock.c │ │ ├── 10008025____crtGetStringTypeA.c │ │ ├── 10008b19__abort.c │ │ ├── 1000406a___flush.c │ │ ├── 100095f1___get_osfhandle.c │ │ ├── 10004248___mtdeletelocks.c │ │ ├── 10005530___IsNonwritableInCurrentImage.c │ │ ├── 10002828___SEH_prolog4.c │ │ ├── 10005d90_x_ismbbtype_l.c │ │ ├── 100087ed___local_unwind2.c │ │ ├── 10008c30___msize.c │ │ ├── 10003f3d__free.c │ │ ├── 10003fcb_FUN_10003fcb.c │ │ ├── 10004471_setSBCS.c │ │ ├── 100037f3___encode_pointer.c │ │ ├── 1000386e___decode_pointer.c │ │ ├── 10009668____lock_fhandle.c │ │ ├── 1000470c_getSystemCP.c │ │ ├── 10004fd0__strlen.c │ │ ├── 10005cdd__strcpy_s.c │ │ ├── 100083f0___lseeki64_nolock.c │ │ ├── 10008241____free_lconv_mon.c │ │ ├── 100012f7__printf.c │ │ ├── 10003a41___getptd_noexit.c │ │ ├── 1000956b___free_osfhnd.c │ │ ├── 100064ab____sbh_alloc_new_region.c │ │ ├── 10003dc0____security_init_cookie.c │ │ ├── 1000534c___local_unwind4.c │ │ ├── 100091a5___close_nolock.c │ │ ├── 10003361___setargv.c │ │ ├── 1000264d___invoke_watson.c │ │ ├── 10004c6e____addlocaleref.c │ │ ├── 10005637___onexit_nolock.c │ │ ├── 10008637___VEC_memzero.c │ │ ├── 10004668____updatetmbcinfo.c │ │ ├── 10005bb4__strcat_s.c │ │ ├── 10009241___close.c │ │ ├── 10004cfd____removelocaleref.c │ │ ├── 100042b6___mtinitlocknum.c │ │ ├── 10006c78__malloc.c │ │ ├── 100018a9___stbuf.c │ │ ├── 10005230___aulldvrm.c │ │ ├── 10009a80____ascii_strnicmp.c │ │ ├── 10001979__LocaleUpdate.c │ │ ├── 1000411a_flsall.c │ │ ├── 100078a1___write.c │ │ ├── 100052d0__memset.c │ │ ├── 10001650___aulldiv.c │ │ ├── 1000395a___initptd.c │ │ ├── 10009972___isctype_l.c │ │ ├── 10008716___get_sse2_info.c │ │ ├── 1000797d___commit.c │ │ ├── 100083b0__strpbrk.c │ │ ├── 100082d0__strcspn.c │ │ ├── 1000933f___putwch_nolock.c │ │ ├── 10008067____free_lc_time.c │ │ ├── 100030e9___setenvp.c │ │ ├── 100013e5____tmainCRTStartup.c │ │ ├── 10008475___lseeki64.c │ │ ├── 10006d42___calloc_impl.c │ │ ├── 10002be0_doexit.c │ │ ├── 10008d5a___VEC_memcpy.c │ │ ├── 1000655b____sbh_alloc_new_group.c │ │ ├── 10004b25____freetlocinfo.c │ │ ├── 10005c28__strncpy_s.c │ │ ├── 10009404___mbtowc_l.c │ │ ├── 10005a4b____crtMessageBoxA.c │ │ ├── 10003c03___mtinit.c │ │ ├── 10004e4a___flsbuf.c │ │ ├── 10008cd3_FUN_10008cd3.c │ │ ├── 10001541____report_gsfailure.c │ │ ├── 1000341c____crtGetEnvironmentStringsA.c │ │ ├── 10002f89___XcptFilter.c │ │ ├── 10002890___except_handler4.c │ │ └── 1000505b___wctomb_s_l.c │ │ ├── meta.json │ │ ├── capa_summary.json │ │ └── sections.json ├── test_oneshot_pruner.py ├── test_snapshot_tools.py ├── test_cli_zip.py └── test_agent.py ├── docs └── images │ ├── ask.png │ └── summary.png ├── kernagent ├── oneshot │ └── __init__.py ├── __main__.py ├── snapshot │ └── __init__.py ├── __init__.py ├── log.py ├── config.py └── llm_client.py ├── .gitignore ├── pyproject.toml ├── config.env.example ├── install.sh ├── NOTICE └── docker-compose.yml /tests/fixtures/bifrose_archive/equates.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /docs/images/ask.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Karib0u/kernagent/HEAD/docs/images/ask.png -------------------------------------------------------------------------------- /docs/images/summary.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Karib0u/kernagent/HEAD/docs/images/summary.png -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002f88_FUN_10002f88.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10002f88(void) 3 | 4 | { 5 | return; 6 | } 7 | 8 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002b08_FUN_10002b08.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10002b08(void) 3 | 4 | { 5 | __lock(8); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100041f4_FUN_100041f4.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_100041f4(void) 3 | 4 | { 5 | flsall(1); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002b11_FUN_10002b11.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10002b11(void) 3 | 4 | { 5 | FUN_1000429f(8); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002d47_FUN_10002d47.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10002d47(void) 3 | 4 | { 5 | doexit(0,1,1); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003f93_FUN_10003f93.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10003f93(void) 3 | 4 | { 5 | FUN_1000429f(4); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004061_FUN_10004061.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10004061(void) 3 | 4 | { 5 | FUN_1000429f(1); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100041eb_FUN_100041eb.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_100041eb(void) 3 | 4 | { 5 | FUN_1000429f(1); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005758_FUN_10005758.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10005758(void) 3 | 4 | { 5 | FUN_10002b11(); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10006c6f_FUN_10006c6f.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10006c6f(void) 3 | 4 | { 5 | FUN_1000429f(4); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10006e3e_FUN_10006e3e.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10006e3e(void) 3 | 4 | { 5 | FUN_1000429f(4); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10006fa4_FUN_10006fa4.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10006fa4(void) 3 | 4 | { 5 | FUN_1000429f(4); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10008cca_FUN_10008cca.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10008cca(void) 3 | 4 | { 5 | FUN_1000429f(4); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100016f4_FUN_100016f4.c: -------------------------------------------------------------------------------- 1 | 2 | undefined ** FUN_100016f4(void) 3 | 4 | { 5 | return &PTR_DAT_1000d010; 6 | } 7 | 8 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003a2f_FUN_10003a2f.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10003a2f(void) 3 | 4 | { 5 | FUN_1000429f(0xd); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003a38_FUN_10003a38.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10003a38(void) 3 | 4 | { 5 | FUN_1000429f(0xc); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003bee_FUN_10003bee.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10003bee(void) 3 | 4 | { 5 | FUN_1000429f(0xd); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003bfa_FUN_10003bfa.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10003bfa(void) 3 | 4 | { 5 | FUN_1000429f(0xc); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004370_FUN_10004370.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10004370(void) 3 | 4 | { 5 | FUN_1000429f(10); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004703_FUN_10004703.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10004703(void) 3 | 4 | { 5 | FUN_1000429f(0xd); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004ace_FUN_10004ace.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10004ace(void) 3 | 4 | { 5 | FUN_1000429f(0xd); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004e3e_FUN_10004e3e.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10004e3e(void) 3 | 4 | { 5 | FUN_1000429f(0xc); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100096ff_FUN_100096ff.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_100096ff(void) 3 | 4 | { 5 | FUN_1000429f(10); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000263e_FUN_1000263e.c: -------------------------------------------------------------------------------- 1 | 2 | void __cdecl FUN_1000263e(undefined4 param_1) 3 | 4 | { 5 | DAT_1000e248 = param_1; 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005a14_FUN_10005a14.c: -------------------------------------------------------------------------------- 1 | 2 | void __cdecl FUN_10005a14(undefined4 param_1) 3 | 4 | { 5 | DAT_1000e87c = param_1; 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10001537_entry.c: -------------------------------------------------------------------------------- 1 | 2 | void entry(void) 3 | 4 | { 5 | ___security_init_cookie(); 6 | ___tmainCRTStartup(); 7 | return; 8 | } 9 | 10 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100088bc_FUN_100088bc.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_100088bc(void) 3 | 4 | { 5 | code *in_EAX; 6 | 7 | (*in_EAX)(); 8 | return; 9 | } 10 | 11 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10007166_FUN_10007166.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10007166(void) 3 | 4 | { 5 | FILE *unaff_ESI; 6 | 7 | __unlock_file(unaff_ESI); 8 | return; 9 | } 10 | 11 | -------------------------------------------------------------------------------- /kernagent/oneshot/__init__.py: -------------------------------------------------------------------------------- 1 | """Oneshot pruning utilities.""" 2 | 3 | from .pruner import OneshotPruningError, build_oneshot_summary 4 | 5 | __all__ = ["build_oneshot_summary", "OneshotPruningError"] 6 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10007973_FUN_10007973.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10007973(void) 3 | 4 | { 5 | int unaff_EBP; 6 | 7 | __unlock_fhandle(*(int *)(unaff_EBP + 8)); 8 | return; 9 | } 10 | 11 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10007a54_FUN_10007a54.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10007a54(void) 3 | 4 | { 5 | int unaff_EBP; 6 | 7 | __unlock_fhandle(*(int *)(unaff_EBP + 8)); 8 | return; 9 | } 10 | 11 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10008584_FUN_10008584.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10008584(void) 3 | 4 | { 5 | int unaff_EBP; 6 | 7 | __unlock_fhandle(*(int *)(unaff_EBP + 8)); 8 | return; 9 | } 10 | 11 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10009304_FUN_10009304.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10009304(void) 3 | 4 | { 5 | int unaff_EBP; 6 | 7 | __unlock_fhandle(*(int *)(unaff_EBP + 8)); 8 | return; 9 | } 10 | 11 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000429f_FUN_1000429f.c: -------------------------------------------------------------------------------- 1 | 2 | void __cdecl FUN_1000429f(int param_1) 3 | 4 | { 5 | LeaveCriticalSection((LPCRITICAL_SECTION)(&DAT_1000d528)[param_1 * 2]); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100041bc_FUN_100041bc.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_100041bc(void) 3 | 4 | { 5 | int unaff_ESI; 6 | 7 | __unlock_file2(unaff_ESI,*(void **)(DAT_1000eabc + unaff_ESI * 4)); 8 | return; 9 | } 10 | 11 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005422_FUN_10005422.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10005422(int param_1) 3 | 4 | { 5 | __local_unwind4(*(uint **)(param_1 + 0x28),*(int *)(param_1 + 0x18),*(uint *)(param_1 + 0x1c)); 6 | return; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /kernagent/__main__.py: -------------------------------------------------------------------------------- 1 | """Allow `python -m kernagent` to invoke the CLI.""" 2 | 3 | from .cli import main 4 | 5 | 6 | def run() -> None: 7 | main() 8 | 9 | 10 | if __name__ == "__main__": # pragma: no cover 11 | run() 12 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10001393_FUN_10001393.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10001393(void) 3 | 4 | { 5 | undefined **ppuVar1; 6 | 7 | ppuVar1 = FUN_100016f4(); 8 | __unlock_file2(1,ppuVar1 + 8); 9 | return; 10 | } 11 | 12 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002cf7_FUN_10002cf7.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_10002cf7(void) 3 | 4 | { 5 | int unaff_EBP; 6 | 7 | if (*(int *)(unaff_EBP + 0x10) != 0) { 8 | FUN_1000429f(8); 9 | } 10 | return; 11 | } 12 | 13 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000594b_FUN_1000594b.c: -------------------------------------------------------------------------------- 1 | 2 | void FUN_1000594b(void) 3 | 4 | { 5 | int unaff_EBP; 6 | 7 | if (*(int *)(unaff_EBP + -0x1c) != 0) { 8 | FUN_1000429f(0); 9 | } 10 | return; 11 | } 12 | 13 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003e56_FUN_10003e56.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ 3 | 4 | void FUN_10003e56(void) 5 | 6 | { 7 | _DAT_1000e98c = 0; 8 | return; 9 | } 10 | 11 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002d38___cexit.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __cexit 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl __cexit(void) 8 | 9 | { 10 | doexit(0,0,1); 11 | return; 12 | } 13 | 14 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002d0c__exit.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _exit 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl _exit(int _Code) 8 | 9 | { 10 | doexit(_Code,0,0); 11 | return; 12 | } 13 | 14 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002d22___exit.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __exit 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl __exit(int param_1) 8 | 9 | { 10 | doexit(param_1,1,0); 11 | return; 12 | } 13 | 14 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005987_FUN_10005987.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ 3 | 4 | void __cdecl FUN_10005987(undefined4 param_1) 5 | 6 | { 7 | _DAT_1000e868 = param_1; 8 | return; 9 | } 10 | 11 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005996_FUN_10005996.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ 3 | 4 | void __cdecl FUN_10005996(undefined4 param_1) 5 | 6 | { 7 | _DAT_1000e874 = param_1; 8 | return; 9 | } 10 | 11 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100059a5_FUN_100059a5.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ 3 | 4 | void __cdecl FUN_100059a5(undefined4 param_1) 5 | 6 | { 7 | _DAT_1000e878 = param_1; 8 | return; 9 | } 10 | 11 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003865___encoded_null.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __encoded_null 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __encoded_null(void) 8 | 9 | { 10 | __encode_pointer(0); 11 | return; 12 | } 13 | 14 | -------------------------------------------------------------------------------- /kernagent/snapshot/__init__.py: -------------------------------------------------------------------------------- 1 | """Snapshot utilities for kernagent.""" 2 | 3 | from .extractor import SnapshotError, build_snapshot # noqa: F401 4 | from .tools import SnapshotTools, build_tool_map # noqa: F401 5 | 6 | __all__ = ["SnapshotError", "build_snapshot", "SnapshotTools", "build_tool_map"] 7 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100086c6_FUN_100086c6.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | 5 | undefined4 FUN_100086c6(void) 6 | 7 | { 8 | return 1; 9 | } 10 | 11 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000995c__atol.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _atol 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | long __cdecl _atol(char *_Str) 8 | 9 | { 10 | long lVar1; 11 | 12 | lVar1 = _strtol(_Str,(char **)0x0,10); 13 | return lVar1; 14 | } 15 | 16 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100013a6___get_printf_count_output.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __get_printf_count_output 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __get_printf_count_output(void) 8 | 9 | { 10 | return (uint)(DAT_1000df08 == (DAT_1000d004 | 1)); 11 | } 12 | 13 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000521c__isleadbyte.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _isleadbyte 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl _isleadbyte(int _C) 8 | 9 | { 10 | int iVar1; 11 | 12 | iVar1 = __isleadbyte_l(_C,(_locale_t)0x0); 13 | return iVar1; 14 | } 15 | 16 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10008788___global_unwind2.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __global_unwind2 4 | 5 | Library: Visual Studio */ 6 | 7 | void __cdecl __global_unwind2(PVOID param_1) 8 | 9 | { 10 | RtlUnwind(param_1,(PVOID)0x100087a0,(PEXCEPTION_RECORD)0x0,(PVOID)0x0); 11 | return; 12 | } 13 | 14 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004b07____initmbctable.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___initmbctable 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | undefined4 ___initmbctable(void) 8 | 9 | { 10 | if (DAT_1000eaac == 0) { 11 | __setmbcp(-3); 12 | DAT_1000eaac = 1; 13 | } 14 | return 0; 15 | } 16 | 17 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100057ca____get_sigabrt.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___get_sigabrt 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | _PHNDLR __cdecl ___get_sigabrt(void) 8 | 9 | { 10 | _PHNDLR p_Var1; 11 | 12 | p_Var1 = (_PHNDLR)__decode_pointer(DAT_1000e85c); 13 | return p_Var1; 14 | } 15 | 16 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10009a2a____initconout.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___initconout 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl ___initconout(void) 8 | 9 | { 10 | DAT_1000de84 = CreateFileA("CONOUT$",0x40000000,3,(LPSECURITY_ATTRIBUTES)0x0,3,0,(HANDLE)0x0); 11 | return; 12 | } 13 | 14 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Python 2 | __pycache__/ 3 | .python-version 4 | 5 | # Environment 6 | .env 7 | 8 | # Logs and outputs 9 | *.log 10 | repomix-output.xml 11 | 12 | # Archives 13 | *.zip 14 | 15 | # Malware samples and analysis artifacts (do not commit) 16 | *.exe 17 | *.dll 18 | *.bin 19 | *_ghidra/ 20 | samples/ 21 | 22 | .venv/ 23 | 24 | # MacOS 25 | 26 | .DS_Store -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000543e__EH4_CallFilterFunc.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | @_EH4_CallFilterFunc@8 4 | 5 | Library: Visual Studio 2008 Release 6 | __fastcall _EH4_CallFilterFunc,8 */ 7 | 8 | void __fastcall _EH4_CallFilterFunc(undefined *param_1) 9 | 10 | { 11 | (*(code *)param_1)(); 12 | return; 13 | } 14 | 15 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005de3___ismbblead.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __ismbblead 4 | 5 | Libraries: Visual Studio 2008 Release, Visual Studio 2010 Release */ 6 | 7 | int __cdecl __ismbblead(uint _C) 8 | 9 | { 10 | int iVar1; 11 | 12 | iVar1 = x_ismbbtype_l((localeinfo_struct *)0x0,_C,0,4); 13 | return iVar1; 14 | } 15 | 16 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10007a5e___freea.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __freea 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl __freea(void *_Memory) 8 | 9 | { 10 | if ((_Memory != (void *)0x0) && (*(int *)((int)_Memory + -8) == 0xdddd)) { 11 | _free((int *)((int)_Memory + -8)); 12 | } 13 | return; 14 | } 15 | 16 | -------------------------------------------------------------------------------- /kernagent/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | kernagent package. 3 | 4 | Provides reusable primitives for building reverse-engineering workflows that 5 | operate on static snapshot artifacts. 6 | """ 7 | 8 | from .config import Settings, load_settings # noqa: F401 9 | from .log import get_logger, setup_logging # noqa: F401 10 | 11 | __all__ = ["Settings", "load_settings", "setup_logging", "get_logger"] 12 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000951b__mbtowc.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _mbtowc 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl _mbtowc(wchar_t *_DstCh,char *_SrcCh,size_t _SrcSizeInBytes) 8 | 9 | { 10 | int iVar1; 11 | 12 | iVar1 = __mbtowc_l(_DstCh,_SrcCh,_SrcSizeInBytes,(_locale_t)0x0); 13 | return iVar1; 14 | } 15 | 16 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002af0____crtExitProcess.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___crtExitProcess 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl ___crtExitProcess(int param_1) 8 | 9 | { 10 | ___crtCorExitProcess(param_1); 11 | /* WARNING: Subroutine does not return */ 12 | ExitProcess(param_1); 13 | } 14 | 15 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000575e__atexit.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _atexit 4 | 5 | Libraries: Visual Studio 2008 Release, Visual Studio 2010 Release */ 6 | 7 | int __cdecl _atexit(_func_4879 *param_1) 8 | 9 | { 10 | _onexit_t p_Var1; 11 | 12 | p_Var1 = __onexit((_onexit_t)param_1); 13 | return (p_Var1 != (_onexit_t)0x0) - 1; 14 | } 15 | 16 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100013bc_fast_error_exit.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _fast_error_exit 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl fast_error_exit(int param_1) 8 | 9 | { 10 | if (DAT_1000df14 != 2) { 11 | __FF_MSGBANNER(); 12 | } 13 | __NMSG_WRITE(param_1); 14 | ___crtExitProcess(0xff); 15 | return; 16 | } 17 | 18 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003aba___getptd.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __getptd 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | _ptiddata __cdecl __getptd(void) 8 | 9 | { 10 | _ptiddata p_Var1; 11 | 12 | p_Var1 = __getptd_noexit(); 13 | if (p_Var1 == (_ptiddata)0x0) { 14 | __amsg_exit(0x10); 15 | } 16 | return p_Var1; 17 | } 18 | 19 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000546e__EH4_GlobalUnwind.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | @_EH4_GlobalUnwind@4 4 | 5 | Library: Visual Studio 2008 Release 6 | __fastcall _EH4_GlobalUnwind,4 */ 7 | 8 | void __fastcall _EH4_GlobalUnwind(PVOID param_1) 9 | 10 | { 11 | RtlUnwind(param_1,(PVOID)0x10005483,(PEXCEPTION_RECORD)0x0,(PVOID)0x0); 12 | return; 13 | } 14 | 15 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005626___initp_eh_hooks.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ 3 | /* Library Function - Single Match 4 | __initp_eh_hooks 5 | 6 | Library: Visual Studio 2008 Release */ 7 | 8 | void __initp_eh_hooks(void) 9 | 10 | { 11 | _DAT_1000e850 = __encode_pointer(0x100055ed); 12 | return; 13 | } 14 | 15 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100027dd___errno.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __errno 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int * __cdecl __errno(void) 8 | 9 | { 10 | _ptiddata p_Var1; 11 | 12 | p_Var1 = __getptd_noexit(); 13 | if (p_Var1 == (_ptiddata)0x0) { 14 | return (int *)&DAT_1000d400; 15 | } 16 | return &p_Var1->_terrno; 17 | } 18 | 19 | -------------------------------------------------------------------------------- /tests/test_oneshot_pruner.py: -------------------------------------------------------------------------------- 1 | from pathlib import Path 2 | 3 | from kernagent.oneshot import build_oneshot_summary 4 | 5 | 6 | def test_build_oneshot_summary_returns_sections(): 7 | archive = Path(__file__).parent / "fixtures" / "bifrose_archive" 8 | summary = build_oneshot_summary(archive) 9 | assert "file" in summary 10 | assert "sections" in summary 11 | assert summary["file"]["format"] 12 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005488__EH4_LocalUnwind.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | @_EH4_LocalUnwind@16 4 | 5 | Library: Visual Studio 2008 Release 6 | __fastcall _EH4_LocalUnwind,16 */ 7 | 8 | void __fastcall _EH4_LocalUnwind(int param_1,uint param_2,undefined4 param_3,uint *param_4) 9 | 10 | { 11 | __local_unwind4(param_4,param_1,param_2); 12 | return; 13 | } 14 | 15 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005775___initp_misc_winsig.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __initp_misc_winsig 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl __initp_misc_winsig(undefined4 param_1) 8 | 9 | { 10 | DAT_1000e854 = param_1; 11 | DAT_1000e858 = param_1; 12 | DAT_1000e85c = param_1; 13 | DAT_1000e860 = param_1; 14 | return; 15 | } 16 | 17 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100027f0____doserrno.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___doserrno 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | ulong * __cdecl ___doserrno(void) 8 | 9 | { 10 | _ptiddata p_Var1; 11 | 12 | p_Var1 = __getptd_noexit(); 13 | if (p_Var1 == (_ptiddata)0x0) { 14 | return (ulong *)&DAT_1000d404; 15 | } 16 | return &p_Var1->_tdoserrno; 17 | } 18 | 19 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100051c7__wctomb_s.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _wctomb_s 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | errno_t __cdecl _wctomb_s(int *_SizeConverted,char *_MbCh,rsize_t _SizeInBytes,wchar_t _WCh) 8 | 9 | { 10 | errno_t eVar1; 11 | 12 | eVar1 = __wctomb_s_l(_SizeConverted,_MbCh,_SizeInBytes,_WCh,(_locale_t)0x0); 13 | return eVar1; 14 | } 15 | 16 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000286d___SEH_epilog4.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: This is an inlined function */ 3 | /* Library Function - Single Match 4 | __SEH_epilog4 5 | 6 | Library: Visual Studio */ 7 | 8 | void __SEH_epilog4(void) 9 | 10 | { 11 | undefined4 *unaff_EBP; 12 | undefined4 unaff_retaddr; 13 | 14 | ExceptionList = (void *)unaff_EBP[-4]; 15 | *unaff_EBP = unaff_retaddr; 16 | return; 17 | } 18 | 19 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002a9c___amsg_exit.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __amsg_exit 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl __amsg_exit(int param_1) 8 | 9 | { 10 | code *pcVar1; 11 | 12 | __FF_MSGBANNER(); 13 | __NMSG_WRITE(param_1); 14 | pcVar1 = (code *)__decode_pointer((int)PTR___exit_1000d408); 15 | (*pcVar1)(0xff); 16 | return; 17 | } 18 | 19 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10009bbe_RtlUnwind.c: -------------------------------------------------------------------------------- 1 | 2 | void RtlUnwind(PVOID TargetFrame,PVOID TargetIp,PEXCEPTION_RECORD ExceptionRecord,PVOID ReturnValue) 3 | 4 | { 5 | /* WARNING: Could not recover jumptable at 0x10009bbe. Too many branches */ 6 | /* WARNING: Treating indirect jump as call */ 7 | RtlUnwind(TargetFrame,TargetIp,ExceptionRecord,ReturnValue); 8 | return; 9 | } 10 | 11 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100037a7___RTC_Initialize.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Removing unreachable block (ram,0x100037bb) */ 3 | /* WARNING: Removing unreachable block (ram,0x100037c1) */ 4 | /* WARNING: Removing unreachable block (ram,0x100037c3) */ 5 | /* Library Function - Single Match 6 | __RTC_Initialize 7 | 8 | Library: Visual Studio 2008 Release */ 9 | 10 | void __RTC_Initialize(void) 11 | 12 | { 13 | return; 14 | } 15 | 16 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002b1a___initterm.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __initterm 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl __initterm(undefined4 *param_1) 8 | 9 | { 10 | undefined4 *in_EAX; 11 | 12 | for (; in_EAX < param_1; in_EAX = in_EAX + 1) { 13 | if ((code *)*in_EAX != (code *)0x0) { 14 | (*(code *)*in_EAX)(); 15 | } 16 | } 17 | return; 18 | } 19 | 20 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003d90___heap_init.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __heap_init 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __heap_init(void) 8 | 9 | { 10 | int in_stack_00000004; 11 | 12 | DAT_1000e6b4 = HeapCreate((uint)(in_stack_00000004 == 0),0x1000,0); 13 | if (DAT_1000e6b4 == (HANDLE)0x0) { 14 | return 0; 15 | } 16 | DAT_1000e990 = 1; 17 | return 1; 18 | } 19 | 20 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10009708___unlock_fhandle.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __unlock_fhandle 4 | 5 | Libraries: Visual Studio 2008 Release, Visual Studio 2010 Release */ 6 | 7 | void __cdecl __unlock_fhandle(int _Filehandle) 8 | 9 | { 10 | LeaveCriticalSection 11 | ((LPCRITICAL_SECTION) 12 | ((&DAT_1000e9a0)[_Filehandle >> 5] + 0xc + (_Filehandle & 0x1fU) * 0x40)); 13 | return; 14 | } 15 | 16 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10001a33_write_multi_char.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _write_multi_char 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl write_multi_char(undefined4 param_1,int param_2) 8 | 9 | { 10 | int *in_EAX; 11 | 12 | do { 13 | if (param_2 < 1) { 14 | return; 15 | } 16 | param_2 = param_2 + -1; 17 | write_char(); 18 | } while (*in_EAX != -1); 19 | return; 20 | } 21 | 22 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005a23___callnewh.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __callnewh 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __callnewh(size_t _Size) 8 | 9 | { 10 | code *pcVar1; 11 | int iVar2; 12 | 13 | pcVar1 = (code *)__decode_pointer(DAT_1000e87c); 14 | if (pcVar1 != (code *)0x0) { 15 | iVar2 = (*pcVar1)(_Size); 16 | if (iVar2 != 0) { 17 | return 1; 18 | } 19 | } 20 | return 0; 21 | } 22 | 23 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000889d___NLG_Notify.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __NLG_Notify 4 | 5 | Libraries: Visual Studio 2017 Debug, Visual Studio 2017 Release, Visual Studio 2019 Debug, Visual 6 | Studio 2019 Release */ 7 | 8 | void __NLG_Notify(ulong param_1) 9 | 10 | { 11 | undefined4 in_EAX; 12 | undefined4 unaff_EBP; 13 | 14 | DAT_1000dda8 = param_1; 15 | DAT_1000dda4 = in_EAX; 16 | DAT_1000ddac = unaff_EBP; 17 | return; 18 | } 19 | 20 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10009946___alloca_probe_8.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: This is an inlined function */ 3 | /* WARNING: Function: __alloca_probe replaced with injection: alloca_probe */ 4 | /* Library Function - Single Match 5 | __alloca_probe_8 6 | 7 | Library: Visual Studio */ 8 | 9 | uint __alloca_probe_8(void) 10 | 11 | { 12 | uint in_EAX; 13 | uint uVar1; 14 | 15 | uVar1 = 4 - in_EAX & 7; 16 | return in_EAX + uVar1 | -(uint)CARRY4(in_EAX,uVar1); 17 | } 18 | 19 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000180c___lock_file2.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __lock_file2 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl __lock_file2(int _Index,void *_File) 8 | 9 | { 10 | if (_Index < 0x14) { 11 | __lock(_Index + 0x10); 12 | *(uint *)((int)_File + 0xc) = *(uint *)((int)_File + 0xc) | 0x8000; 13 | return; 14 | } 15 | EnterCriticalSection((LPCRITICAL_SECTION)((int)_File + 0x20)); 16 | return; 17 | } 18 | 19 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10001945___ftbuf.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __ftbuf 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl __ftbuf(int _Flag,FILE *_File) 8 | 9 | { 10 | if ((_Flag != 0) && ((_File->_flag & 0x1000U) != 0)) { 11 | __flush(_File); 12 | _File->_flag = _File->_flag & 0xffffeeff; 13 | _File->_bufsiz = 0; 14 | _File->_ptr = (char *)0x0; 15 | _File->_base = (char *)0x0; 16 | } 17 | return; 18 | } 19 | 20 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004379___lock.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __lock 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl __lock(int _File) 8 | 9 | { 10 | int iVar1; 11 | 12 | if ((&DAT_1000d528)[_File * 2] == 0) { 13 | iVar1 = __mtinitlocknum(_File); 14 | if (iVar1 == 0) { 15 | __amsg_exit(0x11); 16 | } 17 | } 18 | EnterCriticalSection((LPCRITICAL_SECTION)(&DAT_1000d528)[_File * 2]); 19 | return; 20 | } 21 | 22 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002803___dosmaperr.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __dosmaperr 4 | 5 | Libraries: Visual Studio 2008 Release, Visual Studio 2010 Release */ 6 | 7 | void __cdecl __dosmaperr(ulong param_1) 8 | 9 | { 10 | ulong *puVar1; 11 | int iVar2; 12 | int *piVar3; 13 | 14 | puVar1 = ___doserrno(); 15 | *puVar1 = param_1; 16 | iVar2 = __get_errno_from_oserr(param_1); 17 | piVar3 = __errno(); 18 | *piVar3 = iVar2; 19 | return; 20 | } 21 | 22 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100038e9____set_flsgetvalue.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___set_flsgetvalue 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | LPVOID ___set_flsgetvalue(void) 8 | 9 | { 10 | LPVOID lpTlsValue; 11 | 12 | lpTlsValue = TlsGetValue(DAT_1000d51c); 13 | if (lpTlsValue == (LPVOID)0x0) { 14 | lpTlsValue = (LPVOID)__decode_pointer(DAT_1000e6a8); 15 | TlsSetValue(DAT_1000d51c,lpTlsValue); 16 | } 17 | return lpTlsValue; 18 | } 19 | 20 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000930e___freebuf.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __freebuf 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl __freebuf(FILE *_File) 8 | 9 | { 10 | if (((_File->_flag & 0x83U) != 0) && ((_File->_flag & 8U) != 0)) { 11 | _free(_File->_base); 12 | _File->_flag = _File->_flag & 0xfffffbf7; 13 | _File->_ptr = (char *)0x0; 14 | _File->_base = (char *)0x0; 15 | _File->_cnt = 0; 16 | } 17 | return; 18 | } 19 | 20 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10009930___alloca_probe_16.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: This is an inlined function */ 3 | /* WARNING: Function: __alloca_probe replaced with injection: alloca_probe */ 4 | /* Library Function - Single Match 5 | __alloca_probe_16 6 | 7 | Library: Visual Studio 2008 Release */ 8 | 9 | uint __alloca_probe_16(void) 10 | 11 | { 12 | uint in_EAX; 13 | uint uVar1; 14 | 15 | uVar1 = 4 - in_EAX & 0xf; 16 | return in_EAX + uVar1 | -(uint)CARRY4(in_EAX,uVar1); 17 | } 18 | 19 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000187a___unlock_file2.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __unlock_file2 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl __unlock_file2(int _Index,void *_File) 8 | 9 | { 10 | if (_Index < 0x14) { 11 | *(uint *)((int)_File + 0xc) = *(uint *)((int)_File + 0xc) & 0xffff7fff; 12 | FUN_1000429f(_Index + 0x10); 13 | return; 14 | } 15 | LeaveCriticalSection((LPCRITICAL_SECTION)((int)_File + 0x20)); 16 | return; 17 | } 18 | 19 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002b37___initterm_e.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __initterm_e 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl __initterm_e(undefined4 *param_1,undefined4 *param_2) 8 | 9 | { 10 | int iVar1; 11 | 12 | iVar1 = 0; 13 | while ((param_1 < param_2 && (iVar1 == 0))) { 14 | if ((code *)*param_1 != (code *)0x0) { 15 | iVar1 = (*(code *)*param_1)(); 16 | } 17 | param_1 = param_1 + 1; 18 | } 19 | return; 20 | } 21 | 22 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004442_CPtoLCID.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | int __cdecl CPtoLCID(int) 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl CPtoLCID(int param_1) 8 | 9 | { 10 | int in_EAX; 11 | 12 | if (in_EAX == 0x3a4) { 13 | return 0x411; 14 | } 15 | if (in_EAX == 0x3a8) { 16 | return 0x804; 17 | } 18 | if (in_EAX == 0x3b5) { 19 | return 0x412; 20 | } 21 | if (in_EAX != 0x3b6) { 22 | return 0; 23 | } 24 | return 0x404; 25 | } 26 | 27 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000126a___security_check_cookie.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | @__security_check_cookie@4 4 | 5 | Libraries: Visual Studio 2005 Release, Visual Studio 2008 Release, Visual Studio 2010 Release 6 | __fastcall __security_check_cookie,4 */ 7 | 8 | void __fastcall __security_check_cookie(int param_1) 9 | 10 | { 11 | if (param_1 == DAT_1000d004) { 12 | return; 13 | } 14 | /* WARNING: Subroutine does not return */ 15 | ___report_gsfailure(); 16 | } 17 | 18 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10008aee__strtol.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _strtol 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | long __cdecl _strtol(char *_Str,char **_EndPtr,int _Radix) 8 | 9 | { 10 | ulong uVar1; 11 | undefined **ppuVar2; 12 | 13 | if (DAT_1000e82c == 0) { 14 | ppuVar2 = &PTR_DAT_1000dc58; 15 | } 16 | else { 17 | ppuVar2 = (undefined **)0x0; 18 | } 19 | uVar1 = strtoxl((localeinfo_struct *)ppuVar2,_Str,_EndPtr,_Radix,0); 20 | return uVar1; 21 | } 22 | 23 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004410___fileno.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __fileno 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __fileno(FILE *_File) 8 | 9 | { 10 | int *piVar1; 11 | int iVar2; 12 | 13 | if (_File == (FILE *)0x0) { 14 | piVar1 = __errno(); 15 | *piVar1 = 0x16; 16 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 17 | iVar2 = -1; 18 | } 19 | else { 20 | iVar2 = _File->_file; 21 | } 22 | return iVar2; 23 | } 24 | 25 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100054a0___ValidateImageBase.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __ValidateImageBase 4 | 5 | Libraries: Visual Studio 2008 Release, Visual Studio 2010 Release */ 6 | 7 | BOOL __cdecl __ValidateImageBase(PBYTE pImageBase) 8 | 9 | { 10 | if ((*(short *)pImageBase == 0x5a4d) && 11 | (*(int *)(pImageBase + *(int *)(pImageBase + 0x3c)) == 0x4550)) { 12 | return (uint)((short)*(int *)((int)(pImageBase + *(int *)(pImageBase + 0x3c)) + 0x18) == 0x10b); 13 | } 14 | return 0; 15 | } 16 | 17 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005722___onexit.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* Library Function - Single Match 5 | __onexit 6 | 7 | Library: Visual Studio 2008 Release */ 8 | 9 | _onexit_t __cdecl __onexit(_onexit_t _Func) 10 | 11 | { 12 | _onexit_t p_Var1; 13 | 14 | FUN_10002b08(); 15 | p_Var1 = (_onexit_t)__onexit_nolock((int)_Func); 16 | FUN_10005758(); 17 | return p_Var1; 18 | } 19 | 20 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004fae___initp_misc_cfltcvt_tab.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __initp_misc_cfltcvt_tab 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __initp_misc_cfltcvt_tab(void) 8 | 9 | { 10 | int *piVar1; 11 | int iVar2; 12 | uint uVar3; 13 | 14 | uVar3 = 0; 15 | do { 16 | piVar1 = (int *)((int)&PTR_LAB_1000dc60 + uVar3); 17 | iVar2 = __encode_pointer(*piVar1); 18 | uVar3 = uVar3 + 4; 19 | *piVar1 = iVar2; 20 | } while (uVar3 < 0x28); 21 | return; 22 | } 23 | 24 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10006165____sbh_find_block.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___sbh_find_block 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | uint __cdecl ___sbh_find_block(int param_1) 8 | 9 | { 10 | uint uVar1; 11 | 12 | uVar1 = DAT_1000e978; 13 | while( true ) { 14 | if (DAT_1000e974 * 0x14 + DAT_1000e978 <= uVar1) { 15 | return 0; 16 | } 17 | if ((uint)(param_1 - *(int *)(uVar1 + 0xc)) < 0x100000) break; 18 | uVar1 = uVar1 + 0x14; 19 | } 20 | return uVar1; 21 | } 22 | 23 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100017cb___lock_file.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __lock_file 4 | 5 | Libraries: Visual Studio 2008 Release, Visual Studio 2010 Release */ 6 | 7 | void __cdecl __lock_file(FILE *_File) 8 | 9 | { 10 | if ((_File < &PTR_DAT_1000d010) || ((FILE *)&DAT_1000d270 < _File)) { 11 | EnterCriticalSection((LPCRITICAL_SECTION)(_File + 1)); 12 | } 13 | else { 14 | __lock(((int)&_File[-0x800681]._file >> 5) + 0x10); 15 | _File->_flag = _File->_flag | 0x8000; 16 | } 17 | return; 18 | } 19 | 20 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002f4f___FF_MSGBANNER.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __FF_MSGBANNER 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl __FF_MSGBANNER(void) 8 | 9 | { 10 | int iVar1; 11 | 12 | iVar1 = __set_error_mode(3); 13 | if (iVar1 != 1) { 14 | iVar1 = __set_error_mode(3); 15 | if (iVar1 != 0) { 16 | return; 17 | } 18 | if (DAT_1000d000 != 1) { 19 | return; 20 | } 21 | } 22 | __NMSG_WRITE(0xfc); 23 | __NMSG_WRITE(0xff); 24 | return; 25 | } 26 | 27 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100055ed_terminate.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* Library Function - Single Match 4 | void __cdecl terminate(void) 5 | 6 | Library: Visual Studio 2008 Release */ 7 | 8 | void __cdecl terminate(void) 9 | 10 | { 11 | _ptiddata p_Var1; 12 | 13 | p_Var1 = __getptd(); 14 | if ((code *)p_Var1->_terminate != (code *)0x0) { 15 | (*(code *)p_Var1->_terminate)(); 16 | } 17 | /* WARNING: Subroutine does not return */ 18 | _abort(); 19 | } 20 | 21 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005793_siglookup.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _siglookup 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | uint __cdecl siglookup(uint param_1) 8 | 9 | { 10 | uint uVar1; 11 | int in_EDX; 12 | 13 | uVar1 = param_1; 14 | do { 15 | if (*(int *)(uVar1 + 4) == in_EDX) break; 16 | uVar1 = uVar1 + 0xc; 17 | } while (uVar1 < DAT_1000d4d4 * 0xc + param_1); 18 | if ((DAT_1000d4d4 * 0xc + param_1 <= uVar1) || (*(int *)(uVar1 + 4) != in_EDX)) { 19 | uVar1 = 0; 20 | } 21 | return uVar1; 22 | } 23 | 24 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005455__EH4_TransferToHandler.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | @_EH4_TransferToHandler@8 4 | 5 | Library: Visual Studio 2008 Release 6 | __fastcall _EH4_TransferToHandler,8 */ 7 | 8 | void __fastcall _EH4_TransferToHandler(undefined *UNRECOVERED_JUMPTABLE) 9 | 10 | { 11 | __NLG_Notify(1); 12 | /* WARNING: Could not recover jumptable at 0x1000546c. Too many branches */ 13 | /* WARNING: Treating indirect jump as call */ 14 | (*(code *)UNRECOVERED_JUMPTABLE)(); 15 | return; 16 | } 17 | 18 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000183e___unlock_file.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __unlock_file 4 | 5 | Libraries: Visual Studio 2008 Release, Visual Studio 2010 Release, Visual Studio 2012 Release */ 6 | 7 | void __cdecl __unlock_file(FILE *_File) 8 | 9 | { 10 | if (((FILE *)0x1000d00f < _File) && (_File < (FILE *)0x1000d271)) { 11 | _File->_flag = _File->_flag & 0xffff7fff; 12 | FUN_1000429f(((int)&_File[-0x800681]._file >> 5) + 0x10); 13 | return; 14 | } 15 | LeaveCriticalSection((LPCRITICAL_SECTION)(_File + 1)); 16 | return; 17 | } 18 | 19 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100059b4____crtInitCritSecAndSpinCount.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* Library Function - Single Match 5 | ___crtInitCritSecAndSpinCount 6 | 7 | Library: Visual Studio 2008 Release */ 8 | 9 | BOOL __cdecl ___crtInitCritSecAndSpinCount(LPCRITICAL_SECTION param_1,DWORD param_2) 10 | 11 | { 12 | BOOL BVar1; 13 | 14 | BVar1 = InitializeCriticalSectionAndSpinCount(param_1,param_2); 15 | return BVar1; 16 | } 17 | 18 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002ac5____crtCorExitProcess.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___crtCorExitProcess 4 | 5 | Libraries: Visual Studio 2008 Release, Visual Studio 2010 Release */ 6 | 7 | void __cdecl ___crtCorExitProcess(int param_1) 8 | 9 | { 10 | HMODULE hModule; 11 | FARPROC pFVar1; 12 | 13 | hModule = GetModuleHandleW(L"mscoree.dll"); 14 | if (hModule != (HMODULE)0x0) { 15 | pFVar1 = GetProcAddress(hModule,"CorExitProcess"); 16 | if (pFVar1 != (FARPROC)0x0) { 17 | (*pFVar1)(param_1); 18 | } 19 | } 20 | return; 21 | } 22 | 23 | -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- 1 | [project] 2 | name = "kernagent" 3 | version = "1.0.0" 4 | description = "Kernel Agent is a reverse-engineering copilot built on top of Ghidra snapshots." 5 | readme = "README.md" 6 | requires-python = ">=3.12" 7 | dependencies = [ 8 | "flare-capa>=9.2.1", 9 | "openai>=2.7.1", 10 | "pyghidra>=2.2.0", 11 | "python-dotenv>=1.0.0", 12 | ] 13 | 14 | [dependency-groups] 15 | dev = [ 16 | "pytest>=8.4.2", 17 | ] 18 | 19 | [build-system] 20 | requires = ["hatchling"] 21 | build-backend = "hatchling.build" 22 | 23 | [tool.hatch.build.targets.wheel] 24 | only-include = ["kernagent"] 25 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000972f____ansicp.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___ansicp 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl ___ansicp(LCID param_1) 8 | 9 | { 10 | int iVar1; 11 | CHAR local_10 [6]; 12 | undefined1 local_a; 13 | uint local_8; 14 | 15 | local_8 = DAT_1000d004 ^ (uint)&stack0xfffffffc; 16 | local_a = 0; 17 | iVar1 = GetLocaleInfoA(param_1,0x1004,local_10,6); 18 | if (iVar1 != 0) { 19 | _atol(local_10); 20 | } 21 | __security_check_cookie(local_8 ^ (uint)&stack0xfffffffc); 22 | return; 23 | } 24 | 25 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100012be____inittime.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ 3 | /* Library Function - Single Match 4 | ___inittime 5 | 6 | Libraries: Visual Studio 2003 Release, Visual Studio 2005 Release, Visual Studio 2008 Release */ 7 | 8 | undefined4 ___inittime(void) 9 | 10 | { 11 | longlong lVar1; 12 | _FILETIME local_c; 13 | 14 | GetSystemTimeAsFileTime(&local_c); 15 | lVar1 = __allmul(local_c.dwHighDateTime,0,0,1); 16 | _DAT_1000df00 = lVar1 + (ulonglong)local_c.dwLowDateTime; 17 | return 0; 18 | } 19 | 20 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000391d___mtterm.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __mtterm 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl __mtterm(void) 8 | 9 | { 10 | code *pcVar1; 11 | int iVar2; 12 | 13 | if (DAT_1000d518 != -1) { 14 | iVar2 = DAT_1000d518; 15 | pcVar1 = (code *)__decode_pointer(DAT_1000e6b0); 16 | (*pcVar1)(iVar2); 17 | DAT_1000d518 = -1; 18 | } 19 | if (DAT_1000d51c != 0xffffffff) { 20 | TlsFree(DAT_1000d51c); 21 | DAT_1000d51c = 0xffffffff; 22 | } 23 | __mtdeletelocks(); 24 | return; 25 | } 26 | 27 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002d56___init_pointers.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __init_pointers 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl __init_pointers(void) 8 | 9 | { 10 | undefined4 uVar1; 11 | 12 | uVar1 = __encoded_null(); 13 | FUN_10005a14(uVar1); 14 | FUN_100059a5(uVar1); 15 | FUN_1000263e(uVar1); 16 | FUN_10005996(uVar1); 17 | FUN_10005987(uVar1); 18 | __initp_misc_winsig(uVar1); 19 | FUN_10002f88(); 20 | __initp_eh_hooks(); 21 | PTR___exit_1000d408 = (undefined *)__encode_pointer(0x10002d22); 22 | return; 23 | } 24 | 25 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000279b___get_errno_from_oserr.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __get_errno_from_oserr 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __get_errno_from_oserr(ulong param_1) 8 | 9 | { 10 | uint uVar1; 11 | 12 | uVar1 = 0; 13 | do { 14 | if (param_1 == (&DAT_1000d298)[uVar1 * 2]) { 15 | return *(int *)(uVar1 * 8 + 0x1000d29c); 16 | } 17 | uVar1 = uVar1 + 1; 18 | } while (uVar1 < 0x2d); 19 | if (param_1 - 0x13 < 0x12) { 20 | return 0xd; 21 | } 22 | return (-(uint)(0xe < param_1 - 0xbc) & 0xe) + 8; 23 | } 24 | 25 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10006c29__V6_HeapAlloc.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* Library Function - Single Match 5 | _V6_HeapAlloc 6 | 7 | Library: Visual Studio 2008 Release */ 8 | 9 | int * __cdecl _V6_HeapAlloc(uint *param_1) 10 | 11 | { 12 | undefined4 local_20; 13 | 14 | local_20 = (int *)0x0; 15 | if (param_1 <= DAT_1000e97c) { 16 | __lock(4); 17 | local_20 = ___sbh_alloc_block(param_1); 18 | FUN_10006c6f(); 19 | } 20 | return local_20; 21 | } 22 | 23 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100016c0___allmul.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __allmul 4 | 5 | Libraries: Visual Studio 2003 Release, Visual Studio 2005 Release, Visual Studio 2008 Release */ 6 | 7 | longlong __allmul(uint param_1,int param_2,uint param_3,int param_4) 8 | 9 | { 10 | if (param_4 == 0 && param_2 == 0) { 11 | return (ulonglong)param_1 * (ulonglong)param_3; 12 | } 13 | return CONCAT44((int)((ulonglong)param_1 * (ulonglong)param_3 >> 0x20) + 14 | param_2 * param_3 + param_1 * param_4, 15 | (int)((ulonglong)param_1 * (ulonglong)param_3)); 16 | } 17 | 18 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002a6c___crt_waiting_on_module_handle.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __crt_waiting_on_module_handle 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl __crt_waiting_on_module_handle(LPCWSTR param_1) 8 | 9 | { 10 | HMODULE pHVar1; 11 | DWORD dwMilliseconds; 12 | 13 | dwMilliseconds = 1000; 14 | do { 15 | Sleep(dwMilliseconds); 16 | pHVar1 = GetModuleHandleW(param_1); 17 | dwMilliseconds = dwMilliseconds + 1000; 18 | if (60000 < dwMilliseconds) { 19 | return; 20 | } 21 | } while (pHVar1 == (HMODULE)0x0); 22 | return; 23 | } 24 | 25 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100051e4___isleadbyte_l.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __isleadbyte_l 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __isleadbyte_l(int _C,_locale_t _Locale) 8 | 9 | { 10 | ushort uVar1; 11 | int local_14 [2]; 12 | int local_c; 13 | char local_8; 14 | 15 | _LocaleUpdate::_LocaleUpdate((_LocaleUpdate *)local_14,_Locale); 16 | uVar1 = *(ushort *)(*(int *)(local_14[0] + 200) + (_C & 0xffU) * 2); 17 | if (local_8 != '\0') { 18 | *(uint *)(local_c + 0x70) = *(uint *)(local_c + 0x70) & 0xfffffffd; 19 | } 20 | return uVar1 & 0x8000; 21 | } 22 | 23 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100081fc____free_lconv_num.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___free_lconv_num 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl ___free_lconv_num(undefined4 *param_1) 8 | 9 | { 10 | if (param_1 != (undefined4 *)0x0) { 11 | if ((undefined *)*param_1 != PTR_DAT_1000dd58) { 12 | _free((undefined *)*param_1); 13 | } 14 | if ((undefined *)param_1[1] != PTR_DAT_1000dd5c) { 15 | _free((undefined *)param_1[1]); 16 | } 17 | if ((undefined *)param_1[2] != PTR_DAT_1000dd60) { 18 | _free((undefined *)param_1[2]); 19 | } 20 | } 21 | return; 22 | } 23 | 24 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005d45___set_error_mode.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __set_error_mode 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __set_error_mode(int _Mode) 8 | 9 | { 10 | int *piVar1; 11 | int iVar2; 12 | 13 | if (-1 < _Mode) { 14 | if (_Mode < 3) { 15 | iVar2 = DAT_1000df14; 16 | DAT_1000df14 = _Mode; 17 | return iVar2; 18 | } 19 | if (_Mode == 3) { 20 | return DAT_1000df14; 21 | } 22 | } 23 | piVar1 = __errno(); 24 | *piVar1 = 0x16; 25 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 26 | return -1; 27 | } 28 | 29 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/meta.json: -------------------------------------------------------------------------------- 1 | { 2 | "file_name": "bifrose.exe", 3 | "file_path": "/data/bifrose.exe", 4 | "image_base": "10000000", 5 | "min_address": "10000000", 6 | "max_address": "ffdfffff", 7 | "md5": "2ef2faffaf5a504e5400aef8d9adc340", 8 | "sha256": "f7f193e94e6c43ff8196621172db8a0484123b1baac9264412d52feb764a764b", 9 | "crc32": "0xa07cd4c0", 10 | "file_size": 85373, 11 | "language": "x86:LE:32:default", 12 | "compiler": "windows", 13 | "endian": "little", 14 | "processor": "x86", 15 | "executable_format": "Portable Executable (PE)", 16 | "creation_date": "Fri Nov 07 14:57:19 UTC 2025", 17 | "format": "Portable Executable (PE)" 18 | } -------------------------------------------------------------------------------- /config.env.example: -------------------------------------------------------------------------------- 1 | # Ghidra AI Configuration 2 | # Copy this file to ~/.config/kernagent/config.env (or set KERNAGENT_CONFIG) and fill in your values 3 | 4 | # OpenAI Configuration (for GPT-4 / GPT-3.5) 5 | OPENAI_API_KEY=sk-your-key-here 6 | OPENAI_BASE_URL=https://api.openai.com/v1 7 | OPENAI_MODEL=gpt-4o 8 | 9 | # Alternative: Local LLM (llama.cpp, LMStudio, etc.) 10 | # OPENAI_API_KEY=not-needed 11 | # OPENAI_BASE_URL=http://host.docker.internal:1234/v1 12 | # OPENAI_MODEL="qwen3-4b-instruct-2507" 13 | 14 | # Alternative: Other OpenAI-compatible APIs 15 | # OPENAI_API_KEY=your-key 16 | # OPENAI_BASE_URL=https://api.groq.com/openai/v1 17 | # OPENAI_MODEL=mixtral-8x7b-32768 18 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10001279__clock.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ 3 | /* Library Function - Single Match 4 | _clock 5 | 6 | Library: Visual Studio 2003 Release */ 7 | 8 | clock_t __cdecl _clock(void) 9 | 10 | { 11 | longlong lVar1; 12 | undefined8 uVar2; 13 | _FILETIME local_c; 14 | 15 | GetSystemTimeAsFileTime(&local_c); 16 | lVar1 = __allmul(local_c.dwHighDateTime,0,0,1); 17 | lVar1 = (lVar1 - CONCAT44(_DAT_1000df04,_DAT_1000df00)) + (ulonglong)local_c.dwLowDateTime; 18 | uVar2 = __aulldiv((uint)lVar1,(uint)((ulonglong)lVar1 >> 0x20),10000,0); 19 | return (clock_t)uVar2; 20 | } 21 | 22 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10009540___alloca_probe.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: This is an inlined function */ 3 | /* Library Function - Single Match 4 | __chkstk 5 | 6 | Library: Visual Studio 2008 Release */ 7 | 8 | void __alloca_probe(void) 9 | 10 | { 11 | undefined1 *in_EAX; 12 | undefined4 *puVar1; 13 | undefined4 *puVar2; 14 | undefined4 unaff_retaddr; 15 | undefined1 auStack_4 [4]; 16 | 17 | puVar2 = (undefined4 *)((int)&stack0x00000000 - (int)in_EAX & ~-(uint)(&stack0x00000000 < in_EAX)) 18 | ; 19 | for (puVar1 = (undefined4 *)((uint)auStack_4 & 0xfffff000); puVar2 < puVar1; 20 | puVar1 = puVar1 + -0x400) { 21 | } 22 | *puVar2 = unaff_retaddr; 23 | return; 24 | } 25 | 26 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100040d2___fflush_nolock.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __fflush_nolock 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __fflush_nolock(FILE *_File) 8 | 9 | { 10 | int iVar1; 11 | 12 | if (_File == (FILE *)0x0) { 13 | iVar1 = flsall(0); 14 | } 15 | else { 16 | iVar1 = __flush(_File); 17 | if (iVar1 == 0) { 18 | if ((_File->_flag & 0x4000U) == 0) { 19 | iVar1 = 0; 20 | } 21 | else { 22 | iVar1 = __fileno(_File); 23 | iVar1 = __commit(iVar1); 24 | iVar1 = -(uint)(iVar1 != 0); 25 | } 26 | } 27 | else { 28 | iVar1 = -1; 29 | } 30 | } 31 | return iVar1; 32 | } 33 | 34 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10001a59_write_string.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _write_string 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl write_string(int param_1) 8 | 9 | { 10 | int *in_EAX; 11 | int *piVar1; 12 | int unaff_EDI; 13 | 14 | if (((*(byte *)(unaff_EDI + 0xc) & 0x40) == 0) || (*(int *)(unaff_EDI + 8) != 0)) { 15 | while (0 < param_1) { 16 | param_1 = param_1 + -1; 17 | write_char(); 18 | if (*in_EAX == -1) { 19 | piVar1 = __errno(); 20 | if (*piVar1 != 0x2a) { 21 | return; 22 | } 23 | write_char(); 24 | } 25 | } 26 | } 27 | else { 28 | *in_EAX = *in_EAX + param_1; 29 | } 30 | return; 31 | } 32 | 33 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002a1c___CxxUnhandledExceptionFilter.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | long __stdcall __CxxUnhandledExceptionFilter(struct _EXCEPTION_POINTERS *) 4 | 5 | Libraries: Visual Studio 2008 Release, Visual Studio 2010 Release */ 6 | 7 | long __CxxUnhandledExceptionFilter(_EXCEPTION_POINTERS *param_1) 8 | 9 | { 10 | PEXCEPTION_RECORD pEVar1; 11 | ULONG_PTR UVar2; 12 | 13 | pEVar1 = param_1->ExceptionRecord; 14 | if (((pEVar1->ExceptionCode == 0xe06d7363) && (pEVar1->NumberParameters == 3)) && 15 | ((UVar2 = pEVar1->ExceptionInformation[0], UVar2 == 0x19930520 || 16 | (((UVar2 == 0x19930521 || (UVar2 == 0x19930522)) || (UVar2 == 0x1994000)))))) { 17 | terminate(); 18 | } 19 | return 0; 20 | } 21 | 22 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100043ac___isatty.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __isatty 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __isatty(int _FileHandle) 8 | 9 | { 10 | int *piVar1; 11 | uint uVar2; 12 | 13 | if (_FileHandle == -2) { 14 | piVar1 = __errno(); 15 | *piVar1 = 9; 16 | return 0; 17 | } 18 | if ((_FileHandle < 0) || (DAT_1000e994 <= (uint)_FileHandle)) { 19 | piVar1 = __errno(); 20 | *piVar1 = 9; 21 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 22 | uVar2 = 0; 23 | } 24 | else { 25 | uVar2 = (int)*(char *)((&DAT_1000e9a0)[_FileHandle >> 5] + 4 + (_FileHandle & 0x1fU) * 0x40) & 26 | 0x40; 27 | } 28 | return uVar2; 29 | } 30 | 31 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100070f2_FUN_100070f2.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | 5 | int __cdecl FUN_100070f2(FILE *param_1) 6 | 7 | { 8 | int *piVar1; 9 | int local_20; 10 | 11 | local_20 = -1; 12 | if (param_1 == (FILE *)0x0) { 13 | piVar1 = __errno(); 14 | *piVar1 = 0x16; 15 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 16 | local_20 = -1; 17 | } 18 | else if ((param_1->_flag & 0x40) == 0) { 19 | __lock_file(param_1); 20 | local_20 = __fclose_nolock(param_1); 21 | FUN_10007166(); 22 | } 23 | else { 24 | param_1->_flag = 0; 25 | } 26 | return local_20; 27 | } 28 | 29 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003e5e___malloc_crt.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __malloc_crt 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void * __cdecl __malloc_crt(size_t _Size) 8 | 9 | { 10 | void *pvVar1; 11 | uint dwMilliseconds; 12 | 13 | dwMilliseconds = 0; 14 | while( true ) { 15 | pvVar1 = _malloc(_Size); 16 | if (pvVar1 != (void *)0x0) { 17 | return pvVar1; 18 | } 19 | if (DAT_1000e6b8 == 0) break; 20 | Sleep(dwMilliseconds); 21 | dwMilliseconds = dwMilliseconds + 1000; 22 | if (DAT_1000e6b8 < dwMilliseconds) { 23 | dwMilliseconds = 0xffffffff; 24 | } 25 | if (dwMilliseconds == 0xffffffff) { 26 | return (void *)0x0; 27 | } 28 | } 29 | return (void *)0x0; 30 | } 31 | 32 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100041fd___mtinitlocks.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __mtinitlocks 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __mtinitlocks(void) 8 | 9 | { 10 | BOOL BVar1; 11 | int iVar2; 12 | undefined *puVar3; 13 | 14 | iVar2 = 0; 15 | puVar3 = &DAT_1000e6c0; 16 | do { 17 | if ((&DAT_1000d52c)[iVar2 * 2] == 1) { 18 | (&DAT_1000d528)[iVar2 * 2] = puVar3; 19 | puVar3 = puVar3 + 0x18; 20 | BVar1 = ___crtInitCritSecAndSpinCount((LPCRITICAL_SECTION)(&DAT_1000d528)[iVar2 * 2],4000); 21 | if (BVar1 == 0) { 22 | (&DAT_1000d528)[iVar2 * 2] = 0; 23 | return 0; 24 | } 25 | } 26 | iVar2 = iVar2 + 1; 27 | } while (iVar2 < 0x24); 28 | return 1; 29 | } 30 | 31 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000858e___getbuf.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ 3 | /* Library Function - Single Match 4 | __getbuf 5 | 6 | Library: Visual Studio 2008 Release */ 7 | 8 | void __cdecl __getbuf(FILE *_File) 9 | 10 | { 11 | char *pcVar1; 12 | 13 | _DAT_1000e23c = _DAT_1000e23c + 1; 14 | pcVar1 = (char *)__malloc_crt(0x1000); 15 | _File->_base = pcVar1; 16 | if (pcVar1 == (char *)0x0) { 17 | _File->_flag = _File->_flag | 4; 18 | _File->_base = (char *)&_File->_charbuf; 19 | _File->_bufsiz = 2; 20 | } 21 | else { 22 | _File->_flag = _File->_flag | 8; 23 | _File->_bufsiz = 0x1000; 24 | } 25 | _File->_cnt = 0; 26 | _File->_ptr = _File->_base; 27 | return; 28 | } 29 | 30 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100085e0_fastzero_I.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _fastzero_I 4 | 5 | Libraries: Visual Studio 2005, Visual Studio 2008, Visual Studio 2019 */ 6 | 7 | void __cdecl fastzero_I(undefined1 (*param_1) [16],uint param_2) 8 | 9 | { 10 | uint uVar1; 11 | 12 | uVar1 = param_2 >> 7; 13 | do { 14 | *param_1 = (undefined1 [16])0x0; 15 | param_1[1] = (undefined1 [16])0x0; 16 | param_1[2] = (undefined1 [16])0x0; 17 | param_1[3] = (undefined1 [16])0x0; 18 | param_1[4] = (undefined1 [16])0x0; 19 | param_1[5] = (undefined1 [16])0x0; 20 | param_1[6] = (undefined1 [16])0x0; 21 | param_1[7] = (undefined1 [16])0x0; 22 | param_1 = param_1 + 8; 23 | uVar1 = uVar1 - 1; 24 | } while (uVar1 != 0); 25 | return; 26 | } 27 | 28 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003ea3___calloc_crt.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __calloc_crt 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void * __cdecl __calloc_crt(size_t _Count,size_t _Size) 8 | 9 | { 10 | int *piVar1; 11 | uint dwMilliseconds; 12 | 13 | dwMilliseconds = 0; 14 | while( true ) { 15 | piVar1 = __calloc_impl(_Count,_Size,(undefined4 *)0x0); 16 | if (piVar1 != (int *)0x0) { 17 | return piVar1; 18 | } 19 | if (DAT_1000e6b8 == 0) break; 20 | Sleep(dwMilliseconds); 21 | dwMilliseconds = dwMilliseconds + 1000; 22 | if (DAT_1000e6b8 < dwMilliseconds) { 23 | dwMilliseconds = 0xffffffff; 24 | } 25 | if (dwMilliseconds == 0xffffffff) { 26 | return (void *)0x0; 27 | } 28 | } 29 | return (void *)0x0; 30 | } 31 | 32 | -------------------------------------------------------------------------------- /tests/test_snapshot_tools.py: -------------------------------------------------------------------------------- 1 | from pathlib import Path 2 | 3 | from kernagent.snapshot import SnapshotTools 4 | 5 | 6 | SNAPSHOT_ROOT = Path(__file__).parent / "fixtures" / "bifrose_archive" 7 | 8 | 9 | def test_read_json_loads_meta(): 10 | tools = SnapshotTools(SNAPSHOT_ROOT) 11 | meta = tools.read_json("meta.json") 12 | assert "file_name" in meta 13 | 14 | 15 | def test_get_function_stats_reports_counts(): 16 | tools = SnapshotTools(SNAPSHOT_ROOT) 17 | stats = tools.get_function_stats() 18 | assert stats["total"] > 0 19 | assert stats["with_decomp"] >= 0 20 | 21 | 22 | def test_search_data_handles_empty_results(): 23 | tools = SnapshotTools(SNAPSHOT_ROOT) 24 | result = tools.search_data(name_pattern="__unlikely_name__", limit=5) 25 | assert result["count"] == 0 26 | assert result["limit"] == 5 27 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004d96___updatetlocinfoEx_nolock.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __updatetlocinfoEx_nolock 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | LONG * __updatetlocinfoEx_nolock(void) 8 | 9 | { 10 | LONG *pLVar1; 11 | undefined4 *in_EAX; 12 | LONG *unaff_EDI; 13 | 14 | if ((unaff_EDI != (LONG *)0x0) && (in_EAX != (undefined4 *)0x0)) { 15 | pLVar1 = (LONG *)*in_EAX; 16 | if (pLVar1 != unaff_EDI) { 17 | *in_EAX = unaff_EDI; 18 | ___addlocaleref(unaff_EDI); 19 | if (pLVar1 != (LONG *)0x0) { 20 | ___removelocaleref(pLVar1); 21 | if ((*pLVar1 == 0) && (pLVar1 != (LONG *)&DAT_1000db78)) { 22 | ___freetlocinfo(pLVar1); 23 | } 24 | } 25 | } 26 | return unaff_EDI; 27 | } 28 | return (LONG *)0x0; 29 | } 30 | 31 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10001a00_write_char.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _write_char 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl write_char(void) 8 | 9 | { 10 | int *piVar1; 11 | byte in_AL; 12 | uint uVar2; 13 | FILE *in_ECX; 14 | int *unaff_ESI; 15 | 16 | if (((in_ECX->_flag & 0x40) == 0) || (in_ECX->_base != (char *)0x0)) { 17 | piVar1 = &in_ECX->_cnt; 18 | *piVar1 = *piVar1 + -1; 19 | if (*piVar1 < 0) { 20 | uVar2 = __flsbuf((int)(char)in_AL,in_ECX); 21 | } 22 | else { 23 | *in_ECX->_ptr = in_AL; 24 | in_ECX->_ptr = in_ECX->_ptr + 1; 25 | uVar2 = (uint)in_AL; 26 | } 27 | if (uVar2 == 0xffffffff) { 28 | *unaff_ESI = -1; 29 | return; 30 | } 31 | } 32 | *unaff_ESI = *unaff_ESI + 1; 33 | return; 34 | } 35 | 36 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003eef___realloc_crt.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __realloc_crt 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void * __cdecl __realloc_crt(void *_Ptr,size_t _NewSize) 8 | 9 | { 10 | void *pvVar1; 11 | uint dwMilliseconds; 12 | 13 | dwMilliseconds = 0; 14 | do { 15 | pvVar1 = _realloc(_Ptr,_NewSize); 16 | if (pvVar1 != (void *)0x0) { 17 | return pvVar1; 18 | } 19 | if (_NewSize == 0) { 20 | return (void *)0x0; 21 | } 22 | if (DAT_1000e6b8 == 0) { 23 | return (void *)0x0; 24 | } 25 | Sleep(dwMilliseconds); 26 | dwMilliseconds = dwMilliseconds + 1000; 27 | if (DAT_1000e6b8 < dwMilliseconds) { 28 | dwMilliseconds = 0xffffffff; 29 | } 30 | } while (dwMilliseconds != 0xffffffff); 31 | return (void *)0x0; 32 | } 33 | 34 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004dd4____updatetlocinfo.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* Library Function - Single Match 5 | ___updatetlocinfo 6 | 7 | Library: Visual Studio 2008 Release */ 8 | 9 | pthreadlocinfo __cdecl ___updatetlocinfo(void) 10 | 11 | { 12 | _ptiddata p_Var1; 13 | 14 | p_Var1 = __getptd(); 15 | if (((p_Var1->_ownlocale & DAT_1000db6c) == 0) || (p_Var1->ptlocinfo == (pthreadlocinfo)0x0)) { 16 | __lock(0xc); 17 | __updatetlocinfoEx_nolock(); 18 | FUN_10004e3e(); 19 | } 20 | else { 21 | p_Var1 = __getptd(); 22 | p_Var1 = (_ptiddata)p_Var1->ptlocinfo; 23 | } 24 | if (p_Var1 == (_ptiddata)0x0) { 25 | __amsg_exit(0x20); 26 | } 27 | return (pthreadlocinfo)p_Var1; 28 | } 29 | 30 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | IFS=$'\n\t' 4 | 5 | # Simple bootstrapper: run local scripts/install.sh if present, 6 | # otherwise download and execute it from the repo. 7 | 8 | SCRIPT_DIR="$(cd -- "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)" 9 | TARGET_SCRIPT="${SCRIPT_DIR}/scripts/install.sh" 10 | REMOTE_URL="${KERNAGENT_INSTALL_URL:-https://raw.githubusercontent.com/Karib0u/kernagent/main/scripts/install.sh}" 11 | 12 | if [[ -f "$TARGET_SCRIPT" ]]; then 13 | exec "$TARGET_SCRIPT" "$@" 14 | fi 15 | 16 | tmp="$(mktemp)" 17 | cleanup(){ rm -f "$tmp"; } 18 | trap cleanup EXIT 19 | 20 | if command -v curl >/dev/null 2>&1; then 21 | curl -fsSL "$REMOTE_URL" -o "$tmp" 22 | elif command -v wget >/dev/null 2>&1; then 23 | wget -qO "$tmp" "$REMOTE_URL" 24 | else 25 | echo "[x] curl or wget is required" >&2 26 | exit 1 27 | fi 28 | chmod +x "$tmp" 29 | exec "$tmp" "$@" 30 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002775___invalid_parameter.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __invalid_parameter 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl 8 | __invalid_parameter(wchar_t *param_1,wchar_t *param_2,wchar_t *param_3,uint param_4, 9 | uintptr_t param_5) 10 | 11 | { 12 | code *UNRECOVERED_JUMPTABLE; 13 | 14 | UNRECOVERED_JUMPTABLE = (code *)__decode_pointer(DAT_1000e248); 15 | if (UNRECOVERED_JUMPTABLE != (code *)0x0) { 16 | /* WARNING: Could not recover jumptable at 0x1000278b. Too many branches */ 17 | /* WARNING: Treating indirect jump as call */ 18 | (*UNRECOVERED_JUMPTABLE)(); 19 | return; 20 | } 21 | FUN_10003e56(); 22 | /* WARNING: Subroutine does not return */ 23 | __invoke_watson(param_1,param_2,param_3,param_4,param_5); 24 | } 25 | 26 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002b5b___cinit.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __cinit 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __cinit(int param_1) 8 | 9 | { 10 | BOOL BVar1; 11 | int iVar2; 12 | 13 | if (DAT_1000eab0 != (code *)0x0) { 14 | BVar1 = __IsNonwritableInCurrentImage((PBYTE)&DAT_1000eab0); 15 | if (BVar1 != 0) { 16 | (*DAT_1000eab0)(param_1); 17 | } 18 | } 19 | __initp_misc_cfltcvt_tab(); 20 | iVar2 = __initterm_e((undefined4 *)&DAT_1000a12c,(undefined4 *)&DAT_1000a148); 21 | if (iVar2 == 0) { 22 | _atexit((_func_4879 *)&LAB_100037cd); 23 | __initterm((undefined4 *)&DAT_1000a128); 24 | if (DAT_1000eab4 != (code *)0x0) { 25 | BVar1 = __IsNonwritableInCurrentImage((PBYTE)&DAT_1000eab4); 26 | if (BVar1 != 0) { 27 | (*DAT_1000eab4)(0,2,0); 28 | } 29 | } 30 | iVar2 = 0; 31 | } 32 | return iVar2; 33 | } 34 | 35 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100054e0___FindPESection.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __FindPESection 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | PIMAGE_SECTION_HEADER __cdecl __FindPESection(PBYTE pImageBase,DWORD_PTR rva) 8 | 9 | { 10 | int iVar1; 11 | PIMAGE_SECTION_HEADER p_Var2; 12 | uint uVar3; 13 | 14 | iVar1 = *(int *)(pImageBase + 0x3c); 15 | uVar3 = 0; 16 | p_Var2 = (PIMAGE_SECTION_HEADER) 17 | (pImageBase + *(ushort *)(pImageBase + iVar1 + 0x14) + 0x18 + iVar1); 18 | if (*(ushort *)(pImageBase + iVar1 + 6) != 0) { 19 | do { 20 | if ((p_Var2->VirtualAddress <= rva) && 21 | (rva < (p_Var2->Misc).PhysicalAddress + p_Var2->VirtualAddress)) { 22 | return p_Var2; 23 | } 24 | uVar3 = uVar3 + 1; 25 | p_Var2 = p_Var2 + 1; 26 | } while (uVar3 < *(ushort *)(pImageBase + iVar1 + 6)); 27 | } 28 | return (PIMAGE_SECTION_HEADER)0x0; 29 | } 30 | 31 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10007e23____crtLCMapStringA.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___crtLCMapStringA 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl 8 | ___crtLCMapStringA(_locale_t _Plocinfo,LPCWSTR _LocaleName,DWORD _DwMapFlag,LPCSTR _LpSrcStr, 9 | int _CchSrc,LPSTR _LpDestStr,int _CchDest,int _Code_page,BOOL _BError) 10 | 11 | { 12 | int iVar1; 13 | int in_stack_ffffffec; 14 | int local_c; 15 | char local_8; 16 | 17 | _LocaleUpdate::_LocaleUpdate((_LocaleUpdate *)&stack0xffffffec,_Plocinfo); 18 | iVar1 = __crtLCMapStringA_stat 19 | ((localeinfo_struct *)_LocaleName,_DwMapFlag,(ulong)_LpSrcStr,(char *)_CchSrc, 20 | (int)_LpDestStr,(char *)_CchDest,_Code_page,_BError,in_stack_ffffffec); 21 | if (local_8 != '\0') { 22 | *(uint *)(local_c + 0x70) = *(uint *)(local_c + 0x70) & 0xfffffffd; 23 | } 24 | return iVar1; 25 | } 26 | 27 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000707b___fclose_nolock.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __fclose_nolock 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __fclose_nolock(FILE *_File) 8 | 9 | { 10 | int *piVar1; 11 | int iVar2; 12 | int iVar3; 13 | 14 | iVar3 = -1; 15 | if (_File == (FILE *)0x0) { 16 | piVar1 = __errno(); 17 | *piVar1 = 0x16; 18 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 19 | iVar3 = -1; 20 | } 21 | else { 22 | if ((_File->_flag & 0x83) != 0) { 23 | iVar3 = __flush(_File); 24 | __freebuf(_File); 25 | iVar2 = __fileno(_File); 26 | iVar2 = __close(iVar2); 27 | if (iVar2 < 0) { 28 | iVar3 = -1; 29 | } 30 | else if (_File->_tmpfname != (char *)0x0) { 31 | _free(_File->_tmpfname); 32 | _File->_tmpfname = (char *)0x0; 33 | } 34 | } 35 | _File->_flag = 0; 36 | } 37 | return iVar3; 38 | } 39 | 40 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10008025____crtGetStringTypeA.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___crtGetStringTypeA 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | BOOL __cdecl 8 | ___crtGetStringTypeA 9 | (_locale_t _Plocinfo,DWORD _DWInfoType,LPCSTR _LpSrcStr,int _CchSrc,LPWORD _LpCharType, 10 | int _Code_page,BOOL _BError) 11 | 12 | { 13 | int iVar1; 14 | int in_stack_00000020; 15 | int in_stack_ffffffec; 16 | int local_c; 17 | char local_8; 18 | 19 | _LocaleUpdate::_LocaleUpdate((_LocaleUpdate *)&stack0xffffffec,_Plocinfo); 20 | iVar1 = __crtGetStringTypeA_stat 21 | ((localeinfo_struct *)_DWInfoType,(ulong)_LpSrcStr,(char *)_CchSrc, 22 | (int)_LpCharType,(ushort *)_Code_page,_BError,in_stack_00000020, 23 | in_stack_ffffffec); 24 | if (local_8 != '\0') { 25 | *(uint *)(local_c + 0x70) = *(uint *)(local_c + 0x70) & 0xfffffffd; 26 | } 27 | return iVar1; 28 | } 29 | 30 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10008b19__abort.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _abort 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl _abort(void) 8 | 9 | { 10 | code *pcVar1; 11 | _PHNDLR p_Var2; 12 | EXCEPTION_RECORD local_32c; 13 | _EXCEPTION_POINTERS local_2dc; 14 | undefined4 local_2d4; 15 | 16 | if ((DAT_1000ddb0 & 1) != 0) { 17 | __NMSG_WRITE(10); 18 | } 19 | p_Var2 = ___get_sigabrt(); 20 | if (p_Var2 != (_PHNDLR)0x0) { 21 | _raise(0x16); 22 | } 23 | if ((DAT_1000ddb0 & 2) != 0) { 24 | local_2d4 = 0x10001; 25 | _memset(&local_32c,0,0x50); 26 | local_2dc.ExceptionRecord = &local_32c; 27 | local_2dc.ContextRecord = (PCONTEXT)&local_2d4; 28 | local_32c.ExceptionCode = 0x40000015; 29 | SetUnhandledExceptionFilter((LPTOP_LEVEL_EXCEPTION_FILTER)0x0); 30 | UnhandledExceptionFilter(&local_2dc); 31 | } 32 | __exit(3); 33 | pcVar1 = (code *)swi(3); 34 | (*pcVar1)(); 35 | return; 36 | } 37 | 38 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000406a___flush.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __flush 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __flush(FILE *_File) 8 | 9 | { 10 | int _FileHandle; 11 | uint uVar1; 12 | int iVar2; 13 | uint uVar3; 14 | char *_Buf; 15 | 16 | iVar2 = 0; 17 | if ((((byte)_File->_flag & 3) == 2) && ((_File->_flag & 0x108U) != 0)) { 18 | _Buf = _File->_base; 19 | uVar3 = (int)_File->_ptr - (int)_Buf; 20 | if (0 < (int)uVar3) { 21 | uVar1 = uVar3; 22 | _FileHandle = __fileno(_File); 23 | uVar1 = __write(_FileHandle,_Buf,uVar1); 24 | if (uVar1 == uVar3) { 25 | if ((char)_File->_flag < '\0') { 26 | _File->_flag = _File->_flag & 0xfffffffd; 27 | } 28 | } 29 | else { 30 | _File->_flag = _File->_flag | 0x20; 31 | iVar2 = -1; 32 | } 33 | } 34 | } 35 | _File->_cnt = 0; 36 | _File->_ptr = _File->_base; 37 | return iVar2; 38 | } 39 | 40 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100095f1___get_osfhandle.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __get_osfhandle 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | intptr_t __cdecl __get_osfhandle(int _FileHandle) 8 | 9 | { 10 | ulong *puVar1; 11 | int *piVar2; 12 | intptr_t *piVar3; 13 | intptr_t iVar4; 14 | 15 | if (_FileHandle == -2) { 16 | puVar1 = ___doserrno(); 17 | *puVar1 = 0; 18 | piVar2 = __errno(); 19 | *piVar2 = 9; 20 | return -1; 21 | } 22 | if (((_FileHandle < 0) || (DAT_1000e994 <= (uint)_FileHandle)) || 23 | (piVar3 = (intptr_t *)((_FileHandle & 0x1fU) * 0x40 + (&DAT_1000e9a0)[_FileHandle >> 5]), 24 | (*(byte *)(piVar3 + 1) & 1) == 0)) { 25 | puVar1 = ___doserrno(); 26 | *puVar1 = 0; 27 | piVar2 = __errno(); 28 | *piVar2 = 9; 29 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 30 | iVar4 = -1; 31 | } 32 | else { 33 | iVar4 = *piVar3; 34 | } 35 | return iVar4; 36 | } 37 | 38 | -------------------------------------------------------------------------------- /kernagent/log.py: -------------------------------------------------------------------------------- 1 | """Logging helpers for kernagent.""" 2 | 3 | from __future__ import annotations 4 | 5 | import logging 6 | 7 | 8 | def setup_logging(debug: bool = False) -> None: 9 | """Configure root logger with a consistent format.""" 10 | level = logging.DEBUG if debug else logging.INFO 11 | logging.basicConfig( 12 | level=level, 13 | format="%(asctime)s [%(levelname)s] %(name)s: %(message)s", 14 | ) 15 | 16 | if not debug: 17 | logging.getLogger("httpx").setLevel(logging.WARNING) 18 | # Quiet noisy dependencies (vivisect/capa) unless explicitly debugging 19 | for noisy in ( 20 | "vivisect", 21 | "vivisect.base", 22 | "vivisect.analysis", 23 | "vivisect.tools", 24 | "viv_utils", 25 | ): 26 | logging.getLogger(noisy).setLevel(logging.ERROR) 27 | 28 | 29 | def get_logger(name: str) -> logging.Logger: 30 | """Return a namespaced logger.""" 31 | return logging.getLogger(name) 32 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004248___mtdeletelocks.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __mtdeletelocks 4 | 5 | Libraries: Visual Studio 2005 Release, Visual Studio 2008 Release */ 6 | 7 | void __cdecl __mtdeletelocks(void) 8 | 9 | { 10 | LPCRITICAL_SECTION lpCriticalSection; 11 | undefined4 *puVar1; 12 | 13 | puVar1 = &DAT_1000d528; 14 | do { 15 | lpCriticalSection = (LPCRITICAL_SECTION)*puVar1; 16 | if ((lpCriticalSection != (LPCRITICAL_SECTION)0x0) && (puVar1[1] != 1)) { 17 | DeleteCriticalSection(lpCriticalSection); 18 | _free(lpCriticalSection); 19 | *puVar1 = 0; 20 | } 21 | puVar1 = puVar1 + 2; 22 | } while ((int)puVar1 < 0x1000d648); 23 | puVar1 = &DAT_1000d528; 24 | do { 25 | if (((LPCRITICAL_SECTION)*puVar1 != (LPCRITICAL_SECTION)0x0) && (puVar1[1] == 1)) { 26 | DeleteCriticalSection((LPCRITICAL_SECTION)*puVar1); 27 | } 28 | puVar1 = puVar1 + 2; 29 | } while ((int)puVar1 < 0x1000d648); 30 | return; 31 | } 32 | 33 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005530___IsNonwritableInCurrentImage.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __IsNonwritableInCurrentImage 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | BOOL __cdecl __IsNonwritableInCurrentImage(PBYTE pTarget) 8 | 9 | { 10 | BOOL BVar1; 11 | PIMAGE_SECTION_HEADER p_Var2; 12 | void *local_14; 13 | code *pcStack_10; 14 | uint local_c; 15 | undefined4 local_8; 16 | 17 | pcStack_10 = __except_handler4; 18 | local_14 = ExceptionList; 19 | local_c = DAT_1000d004 ^ 0x1000ba38; 20 | ExceptionList = &local_14; 21 | local_8 = 0; 22 | BVar1 = __ValidateImageBase((PBYTE)&IMAGE_DOS_HEADER_10000000); 23 | if (BVar1 != 0) { 24 | p_Var2 = __FindPESection((PBYTE)&IMAGE_DOS_HEADER_10000000,(DWORD_PTR)(pTarget + -0x10000000)); 25 | if (p_Var2 != (PIMAGE_SECTION_HEADER)0x0) { 26 | ExceptionList = local_14; 27 | return ~(p_Var2->Characteristics >> 0x1f) & 1; 28 | } 29 | } 30 | ExceptionList = local_14; 31 | return 0; 32 | } 33 | 34 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002828___SEH_prolog4.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: This is an inlined function */ 3 | /* WARNING: Unable to track spacebase fully for stack */ 4 | /* WARNING: Variable defined which should be unmapped: param_2 */ 5 | /* Library Function - Single Match 6 | __SEH_prolog4 7 | 8 | Library: Visual Studio */ 9 | 10 | void __cdecl __SEH_prolog4(undefined4 param_1,int param_2) 11 | 12 | { 13 | int iVar1; 14 | undefined4 unaff_EBX; 15 | undefined4 unaff_ESI; 16 | undefined4 unaff_EDI; 17 | undefined4 unaff_retaddr; 18 | uint auStack_1c [5]; 19 | undefined1 local_8 [8]; 20 | 21 | iVar1 = -param_2; 22 | *(undefined4 *)((int)auStack_1c + iVar1 + 0x10) = unaff_EBX; 23 | *(undefined4 *)((int)auStack_1c + iVar1 + 0xc) = unaff_ESI; 24 | *(undefined4 *)((int)auStack_1c + iVar1 + 8) = unaff_EDI; 25 | *(uint *)((int)auStack_1c + iVar1 + 4) = DAT_1000d004 ^ (uint)¶m_2; 26 | *(undefined4 *)((int)auStack_1c + iVar1) = unaff_retaddr; 27 | ExceptionList = local_8; 28 | return; 29 | } 30 | 31 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005d90_x_ismbbtype_l.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | int __cdecl x_ismbbtype_l(struct localeinfo_struct *,unsigned int,int,int) 4 | 5 | Libraries: Visual Studio 2008 Release, Visual Studio 2010 Release */ 6 | 7 | int __cdecl x_ismbbtype_l(localeinfo_struct *param_1,uint param_2,int param_3,int param_4) 8 | 9 | { 10 | uint uVar1; 11 | int local_14; 12 | int local_10; 13 | int local_c; 14 | char local_8; 15 | 16 | _LocaleUpdate::_LocaleUpdate((_LocaleUpdate *)&local_14,param_1); 17 | if ((*(byte *)(local_10 + 0x1d + (param_2 & 0xff)) & (byte)param_4) == 0) { 18 | if (param_3 == 0) { 19 | uVar1 = 0; 20 | } 21 | else { 22 | uVar1 = (uint)*(ushort *)(*(int *)(local_14 + 200) + (param_2 & 0xff) * 2) & param_3; 23 | } 24 | if (uVar1 == 0) goto LAB_10005dd4; 25 | } 26 | uVar1 = 1; 27 | LAB_10005dd4: 28 | if (local_8 != '\0') { 29 | *(uint *)(local_c + 0x70) = *(uint *)(local_c + 0x70) & 0xfffffffd; 30 | } 31 | return uVar1; 32 | } 33 | 34 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100087ed___local_unwind2.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __local_unwind2 4 | 5 | Libraries: Visual Studio 2017 Debug, Visual Studio 2017 Release, Visual Studio 2019 Debug, Visual 6 | Studio 2019 Release */ 7 | 8 | void __cdecl __local_unwind2(int param_1,uint param_2) 9 | 10 | { 11 | uint uVar1; 12 | void *local_20; 13 | undefined1 *puStack_1c; 14 | undefined4 local_18; 15 | int iStack_14; 16 | 17 | iStack_14 = param_1; 18 | puStack_1c = &LAB_100087a8; 19 | local_20 = ExceptionList; 20 | ExceptionList = &local_20; 21 | while( true ) { 22 | uVar1 = *(uint *)(param_1 + 0xc); 23 | if ((uVar1 == 0xffffffff) || ((param_2 != 0xffffffff && (uVar1 <= param_2)))) break; 24 | local_18 = *(undefined4 *)(*(int *)(param_1 + 8) + uVar1 * 0xc); 25 | *(undefined4 *)(param_1 + 0xc) = local_18; 26 | if (*(int *)(*(int *)(param_1 + 8) + 4 + uVar1 * 0xc) == 0) { 27 | __NLG_Notify(0x101); 28 | FUN_100088bc(); 29 | } 30 | } 31 | ExceptionList = local_20; 32 | return; 33 | } 34 | 35 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10008c30___msize.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* Library Function - Single Match 5 | __msize 6 | 7 | Library: Visual Studio 2008 Release */ 8 | 9 | size_t __cdecl __msize(void *_Memory) 10 | 11 | { 12 | int *piVar1; 13 | size_t sVar2; 14 | uint uVar3; 15 | size_t local_20; 16 | 17 | if (_Memory == (void *)0x0) { 18 | piVar1 = __errno(); 19 | *piVar1 = 0x16; 20 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 21 | sVar2 = 0xffffffff; 22 | } 23 | else { 24 | if (DAT_1000e990 == 3) { 25 | __lock(4); 26 | uVar3 = ___sbh_find_block((int)_Memory); 27 | if (uVar3 != 0) { 28 | local_20 = *(int *)((int)_Memory + -4) - 9; 29 | } 30 | FUN_10008cca(); 31 | if (uVar3 != 0) { 32 | return local_20; 33 | } 34 | } 35 | sVar2 = HeapSize(DAT_1000e6b4,0,_Memory); 36 | } 37 | return sVar2; 38 | } 39 | 40 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003f3d__free.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* Library Function - Single Match 5 | _free 6 | 7 | Library: Visual Studio 2008 Release */ 8 | 9 | void __cdecl _free(void *_Memory) 10 | 11 | { 12 | uint *puVar1; 13 | BOOL BVar2; 14 | int *piVar3; 15 | DWORD DVar4; 16 | int iVar5; 17 | 18 | if (_Memory != (void *)0x0) { 19 | if (DAT_1000e990 == 3) { 20 | __lock(4); 21 | puVar1 = (uint *)___sbh_find_block((int)_Memory); 22 | if (puVar1 != (uint *)0x0) { 23 | ___sbh_free_block(puVar1,(int)_Memory); 24 | } 25 | FUN_10003f93(); 26 | if (puVar1 != (uint *)0x0) { 27 | return; 28 | } 29 | } 30 | BVar2 = HeapFree(DAT_1000e6b4,0,_Memory); 31 | if (BVar2 == 0) { 32 | piVar3 = __errno(); 33 | DVar4 = GetLastError(); 34 | iVar5 = __get_errno_from_oserr(DVar4); 35 | *piVar3 = iVar5; 36 | } 37 | } 38 | return; 39 | } 40 | 41 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003fcb_FUN_10003fcb.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | 5 | int FUN_10003fcb(void) 6 | 7 | { 8 | FILE *pFVar1; 9 | int iVar2; 10 | int iVar3; 11 | int iVar4; 12 | int local_20; 13 | 14 | local_20 = 0; 15 | __lock(1); 16 | for (iVar4 = 3; iVar4 < DAT_1000fac0; iVar4 = iVar4 + 1) { 17 | iVar3 = iVar4 * 4; 18 | if (*(int *)(DAT_1000eabc + iVar3) != 0) { 19 | pFVar1 = *(FILE **)(DAT_1000eabc + iVar3); 20 | if ((pFVar1->_flag & 0x83) != 0) { 21 | iVar2 = FUN_100070f2(pFVar1); 22 | if (iVar2 != -1) { 23 | local_20 = local_20 + 1; 24 | } 25 | } 26 | if (0x13 < iVar4) { 27 | DeleteCriticalSection((LPCRITICAL_SECTION)(*(int *)(iVar3 + DAT_1000eabc) + 0x20)); 28 | _free(*(void **)(iVar3 + DAT_1000eabc)); 29 | *(undefined4 *)(iVar3 + DAT_1000eabc) = 0; 30 | } 31 | } 32 | } 33 | FUN_10004061(); 34 | return local_20; 35 | } 36 | 37 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004471_setSBCS.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | void __cdecl setSBCS(struct threadmbcinfostruct *) 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl setSBCS(threadmbcinfostruct *param_1) 8 | 9 | { 10 | int in_EAX; 11 | undefined1 *puVar1; 12 | int iVar2; 13 | 14 | _memset((void *)(in_EAX + 0x1c),0,0x101); 15 | *(undefined4 *)(in_EAX + 4) = 0; 16 | *(undefined4 *)(in_EAX + 8) = 0; 17 | *(undefined4 *)(in_EAX + 0xc) = 0; 18 | *(undefined4 *)(in_EAX + 0x10) = 0; 19 | *(undefined4 *)(in_EAX + 0x14) = 0; 20 | *(undefined4 *)(in_EAX + 0x18) = 0; 21 | puVar1 = (undefined1 *)(in_EAX + 0x1c); 22 | iVar2 = 0x101; 23 | do { 24 | *puVar1 = puVar1[(int)&DAT_1000d648 - in_EAX]; 25 | puVar1 = puVar1 + 1; 26 | iVar2 = iVar2 + -1; 27 | } while (iVar2 != 0); 28 | puVar1 = (undefined1 *)(in_EAX + 0x11d); 29 | iVar2 = 0x100; 30 | do { 31 | *puVar1 = puVar1[(int)&DAT_1000d648 - in_EAX]; 32 | puVar1 = puVar1 + 1; 33 | iVar2 = iVar2 + -1; 34 | } while (iVar2 != 0); 35 | return; 36 | } 37 | 38 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100037f3___encode_pointer.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __encode_pointer 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __encode_pointer(int param_1) 8 | 9 | { 10 | LPVOID pvVar1; 11 | code *pcVar2; 12 | int iVar3; 13 | HMODULE hModule; 14 | FARPROC pFVar4; 15 | 16 | pvVar1 = TlsGetValue(DAT_1000d51c); 17 | if ((pvVar1 != (LPVOID)0x0) && (DAT_1000d518 != -1)) { 18 | iVar3 = DAT_1000d518; 19 | pcVar2 = (code *)TlsGetValue(DAT_1000d51c); 20 | iVar3 = (*pcVar2)(iVar3); 21 | if (iVar3 != 0) { 22 | pFVar4 = *(FARPROC *)(iVar3 + 0x1f8); 23 | goto LAB_10003853; 24 | } 25 | } 26 | hModule = GetModuleHandleW(L"KERNEL32.DLL"); 27 | if ((hModule == (HMODULE)0x0) && 28 | (hModule = (HMODULE)__crt_waiting_on_module_handle(L"KERNEL32.DLL"), hModule == (HMODULE)0x0)) 29 | { 30 | return param_1; 31 | } 32 | pFVar4 = GetProcAddress(hModule,"EncodePointer"); 33 | LAB_10003853: 34 | if (pFVar4 != (FARPROC)0x0) { 35 | param_1 = (*pFVar4)(param_1); 36 | } 37 | return param_1; 38 | } 39 | 40 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000386e___decode_pointer.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __decode_pointer 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __decode_pointer(int param_1) 8 | 9 | { 10 | LPVOID pvVar1; 11 | code *pcVar2; 12 | int iVar3; 13 | HMODULE hModule; 14 | FARPROC pFVar4; 15 | 16 | pvVar1 = TlsGetValue(DAT_1000d51c); 17 | if ((pvVar1 != (LPVOID)0x0) && (DAT_1000d518 != -1)) { 18 | iVar3 = DAT_1000d518; 19 | pcVar2 = (code *)TlsGetValue(DAT_1000d51c); 20 | iVar3 = (*pcVar2)(iVar3); 21 | if (iVar3 != 0) { 22 | pFVar4 = *(FARPROC *)(iVar3 + 0x1fc); 23 | goto LAB_100038ce; 24 | } 25 | } 26 | hModule = GetModuleHandleW(L"KERNEL32.DLL"); 27 | if ((hModule == (HMODULE)0x0) && 28 | (hModule = (HMODULE)__crt_waiting_on_module_handle(L"KERNEL32.DLL"), hModule == (HMODULE)0x0)) 29 | { 30 | return param_1; 31 | } 32 | pFVar4 = GetProcAddress(hModule,"DecodePointer"); 33 | LAB_100038ce: 34 | if (pFVar4 != (FARPROC)0x0) { 35 | param_1 = (*pFVar4)(param_1); 36 | } 37 | return param_1; 38 | } 39 | 40 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10009668____lock_fhandle.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* Library Function - Single Match 5 | ___lock_fhandle 6 | 7 | Library: Visual Studio 2008 Release */ 8 | 9 | int __cdecl ___lock_fhandle(int _Filehandle) 10 | 11 | { 12 | BOOL BVar1; 13 | int iVar2; 14 | uint local_20; 15 | 16 | iVar2 = (_Filehandle & 0x1fU) * 0x40 + (&DAT_1000e9a0)[_Filehandle >> 5]; 17 | local_20 = 1; 18 | if (*(int *)(iVar2 + 8) == 0) { 19 | __lock(10); 20 | if (*(int *)(iVar2 + 8) == 0) { 21 | BVar1 = ___crtInitCritSecAndSpinCount((LPCRITICAL_SECTION)(iVar2 + 0xc),4000); 22 | local_20 = (uint)(BVar1 != 0); 23 | *(int *)(iVar2 + 8) = *(int *)(iVar2 + 8) + 1; 24 | } 25 | FUN_100096ff(); 26 | } 27 | if (local_20 != 0) { 28 | EnterCriticalSection 29 | ((LPCRITICAL_SECTION) 30 | ((&DAT_1000e9a0)[_Filehandle >> 5] + 0xc + (_Filehandle & 0x1fU) * 0x40)); 31 | } 32 | return local_20; 33 | } 34 | 35 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000470c_getSystemCP.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | int __cdecl getSystemCP(int) 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl getSystemCP(int param_1) 8 | 9 | { 10 | UINT UVar1; 11 | int unaff_ESI; 12 | int local_14 [2]; 13 | int local_c; 14 | char local_8; 15 | 16 | _LocaleUpdate::_LocaleUpdate((_LocaleUpdate *)local_14,(localeinfo_struct *)0x0); 17 | DAT_1000e810 = 0; 18 | if (unaff_ESI == -2) { 19 | DAT_1000e810 = 1; 20 | UVar1 = GetOEMCP(); 21 | } 22 | else if (unaff_ESI == -3) { 23 | DAT_1000e810 = 1; 24 | UVar1 = GetACP(); 25 | } 26 | else { 27 | if (unaff_ESI != -4) { 28 | if (local_8 == '\0') { 29 | DAT_1000e810 = 0; 30 | return unaff_ESI; 31 | } 32 | *(uint *)(local_c + 0x70) = *(uint *)(local_c + 0x70) & 0xfffffffd; 33 | return unaff_ESI; 34 | } 35 | UVar1 = *(UINT *)(local_14[0] + 4); 36 | DAT_1000e810 = 1; 37 | } 38 | if (local_8 != '\0') { 39 | *(uint *)(local_c + 0x70) = *(uint *)(local_c + 0x70) & 0xfffffffd; 40 | } 41 | return UVar1; 42 | } 43 | 44 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004fd0__strlen.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _strlen 4 | 5 | Library: Visual Studio */ 6 | 7 | size_t __cdecl _strlen(char *_Str) 8 | 9 | { 10 | uint uVar1; 11 | uint *puVar2; 12 | uint *puVar3; 13 | 14 | uVar1 = (uint)_Str & 3; 15 | puVar2 = (uint *)_Str; 16 | while (uVar1 != 0) { 17 | uVar1 = *puVar2; 18 | puVar2 = (uint *)((int)puVar2 + 1); 19 | if ((char)uVar1 == '\0') goto LAB_10005033; 20 | uVar1 = (uint)puVar2 & 3; 21 | } 22 | do { 23 | do { 24 | puVar3 = puVar2; 25 | puVar2 = puVar3 + 1; 26 | } while (((*puVar3 ^ 0xffffffff ^ *puVar3 + 0x7efefeff) & 0x81010100) == 0); 27 | uVar1 = *puVar3; 28 | if ((char)uVar1 == '\0') { 29 | return (int)puVar3 - (int)_Str; 30 | } 31 | if ((char)(uVar1 >> 8) == '\0') { 32 | return (size_t)((int)puVar3 + (1 - (int)_Str)); 33 | } 34 | if ((uVar1 & 0xff0000) == 0) { 35 | return (size_t)((int)puVar3 + (2 - (int)_Str)); 36 | } 37 | } while ((uVar1 & 0xff000000) != 0); 38 | LAB_10005033: 39 | return (size_t)((int)puVar2 + (-1 - (int)_Str)); 40 | } 41 | 42 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005cdd__strcpy_s.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _strcpy_s 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | errno_t __cdecl _strcpy_s(char *_Dst,rsize_t _SizeInBytes,char *_Src) 8 | 9 | { 10 | char cVar1; 11 | int *piVar2; 12 | char *pcVar3; 13 | errno_t eVar4; 14 | 15 | if ((_Dst != (char *)0x0) && (_SizeInBytes != 0)) { 16 | pcVar3 = _Dst; 17 | if (_Src != (char *)0x0) { 18 | do { 19 | cVar1 = *_Src; 20 | *pcVar3 = cVar1; 21 | _Src = _Src + 1; 22 | if (cVar1 == '\0') break; 23 | _SizeInBytes = _SizeInBytes - 1; 24 | pcVar3 = pcVar3 + 1; 25 | } while (_SizeInBytes != 0); 26 | if (_SizeInBytes != 0) { 27 | return 0; 28 | } 29 | *_Dst = '\0'; 30 | piVar2 = __errno(); 31 | eVar4 = 0x22; 32 | *piVar2 = 0x22; 33 | goto LAB_10005cff; 34 | } 35 | *_Dst = '\0'; 36 | } 37 | piVar2 = __errno(); 38 | eVar4 = 0x16; 39 | *piVar2 = 0x16; 40 | LAB_10005cff: 41 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 42 | return eVar4; 43 | } 44 | 45 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100083f0___lseeki64_nolock.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __lseeki64_nolock 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | longlong __cdecl __lseeki64_nolock(int _FileHandle,longlong _Offset,int _Origin) 8 | 9 | { 10 | byte *pbVar1; 11 | HANDLE hFile; 12 | int *piVar2; 13 | DWORD DVar3; 14 | DWORD DVar4; 15 | LONG in_stack_00000008; 16 | LONG local_8; 17 | 18 | local_8 = (LONG)_Offset; 19 | hFile = (HANDLE)__get_osfhandle(_FileHandle); 20 | if (hFile == (HANDLE)0xffffffff) { 21 | piVar2 = __errno(); 22 | *piVar2 = 9; 23 | LAB_10008421: 24 | DVar3 = 0xffffffff; 25 | local_8 = -1; 26 | } 27 | else { 28 | DVar3 = SetFilePointer(hFile,in_stack_00000008,&local_8,_Offset._4_4_); 29 | if (DVar3 == 0xffffffff) { 30 | DVar4 = GetLastError(); 31 | if (DVar4 != 0) { 32 | __dosmaperr(DVar4); 33 | goto LAB_10008421; 34 | } 35 | } 36 | pbVar1 = (byte *)((&DAT_1000e9a0)[_FileHandle >> 5] + 4 + (_FileHandle & 0x1fU) * 0x40); 37 | *pbVar1 = *pbVar1 & 0xfd; 38 | } 39 | return CONCAT44(local_8,DVar3); 40 | } 41 | 42 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10008241____free_lconv_mon.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___free_lconv_mon 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl ___free_lconv_mon(int param_1) 8 | 9 | { 10 | if (param_1 != 0) { 11 | if (*(undefined **)(param_1 + 0xc) != PTR_DAT_1000dd64) { 12 | _free(*(undefined **)(param_1 + 0xc)); 13 | } 14 | if (*(undefined **)(param_1 + 0x10) != PTR_DAT_1000dd68) { 15 | _free(*(undefined **)(param_1 + 0x10)); 16 | } 17 | if (*(undefined **)(param_1 + 0x14) != PTR_DAT_1000dd6c) { 18 | _free(*(undefined **)(param_1 + 0x14)); 19 | } 20 | if (*(undefined **)(param_1 + 0x18) != PTR_DAT_1000dd70) { 21 | _free(*(undefined **)(param_1 + 0x18)); 22 | } 23 | if (*(undefined **)(param_1 + 0x1c) != PTR_DAT_1000dd74) { 24 | _free(*(undefined **)(param_1 + 0x1c)); 25 | } 26 | if (*(undefined **)(param_1 + 0x20) != PTR_DAT_1000dd78) { 27 | _free(*(undefined **)(param_1 + 0x20)); 28 | } 29 | if (*(undefined **)(param_1 + 0x24) != PTR_DAT_1000dd7c) { 30 | _free(*(undefined **)(param_1 + 0x24)); 31 | } 32 | } 33 | return; 34 | } 35 | 36 | -------------------------------------------------------------------------------- /tests/test_cli_zip.py: -------------------------------------------------------------------------------- 1 | import zipfile 2 | from pathlib import Path 3 | 4 | import pytest 5 | 6 | from kernagent.cli import _safe_extract_zip 7 | from kernagent.snapshot import SnapshotError 8 | 9 | 10 | def build_zip(target: Path, entries: dict[str, str]) -> None: 11 | with zipfile.ZipFile(target, "w") as zf: 12 | for name, contents in entries.items(): 13 | zf.writestr(name, contents) 14 | 15 | 16 | def test_safe_extract_allows_normal_entries(tmp_path): 17 | zip_path = tmp_path / "snapshot.zip" 18 | build_zip(zip_path, {"safe_dir/file.txt": "hello"}) 19 | 20 | output_dir = tmp_path / "output" 21 | _safe_extract_zip(zip_path, output_dir) 22 | 23 | extracted = output_dir / "safe_dir" / "file.txt" 24 | assert extracted.read_text() == "hello" 25 | 26 | 27 | @pytest.mark.parametrize("entry_name", ["../escape.txt", "/abs/path.txt", r"C:\\evil.txt"]) 28 | def test_safe_extract_blocks_unsafe_members(tmp_path, entry_name): 29 | zip_path = tmp_path / "malicious.zip" 30 | build_zip(zip_path, {entry_name: "oops"}) 31 | 32 | output_dir = tmp_path / "output" 33 | with pytest.raises(SnapshotError): 34 | _safe_extract_zip(zip_path, output_dir) 35 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100012f7__printf.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* Library Function - Single Match 5 | _printf 6 | 7 | Library: Visual Studio 2008 Release */ 8 | 9 | int __cdecl _printf(char *_Format,...) 10 | 11 | { 12 | int *piVar1; 13 | int iVar2; 14 | undefined **ppuVar3; 15 | int _Flag; 16 | _locale_t _Locale; 17 | va_list _ArgList; 18 | 19 | if (_Format == (char *)0x0) { 20 | piVar1 = __errno(); 21 | *piVar1 = 0x16; 22 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 23 | iVar2 = -1; 24 | } 25 | else { 26 | ppuVar3 = FUN_100016f4(); 27 | __lock_file2(1,ppuVar3 + 8); 28 | ppuVar3 = FUN_100016f4(); 29 | _Flag = __stbuf((FILE *)(ppuVar3 + 8)); 30 | _ArgList = &stack0x00000008; 31 | _Locale = (_locale_t)0x0; 32 | ppuVar3 = FUN_100016f4(); 33 | iVar2 = __output_l((FILE *)(ppuVar3 + 8),_Format,_Locale,_ArgList); 34 | ppuVar3 = FUN_100016f4(); 35 | __ftbuf(_Flag,(FILE *)(ppuVar3 + 8)); 36 | FUN_10001393(); 37 | } 38 | return iVar2; 39 | } 40 | 41 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003a41___getptd_noexit.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __getptd_noexit 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | _ptiddata __cdecl __getptd_noexit(void) 8 | 9 | { 10 | DWORD dwErrCode; 11 | code *pcVar1; 12 | _ptiddata _Ptd; 13 | int iVar2; 14 | DWORD DVar3; 15 | undefined4 uVar4; 16 | _ptiddata p_Var5; 17 | 18 | dwErrCode = GetLastError(); 19 | uVar4 = DAT_1000d518; 20 | pcVar1 = (code *)___set_flsgetvalue(); 21 | _Ptd = (_ptiddata)(*pcVar1)(uVar4); 22 | if (_Ptd == (_ptiddata)0x0) { 23 | _Ptd = (_ptiddata)__calloc_crt(1,0x214); 24 | if (_Ptd != (_ptiddata)0x0) { 25 | uVar4 = DAT_1000d518; 26 | p_Var5 = _Ptd; 27 | pcVar1 = (code *)__decode_pointer(DAT_1000e6ac); 28 | iVar2 = (*pcVar1)(uVar4,p_Var5); 29 | if (iVar2 == 0) { 30 | _free(_Ptd); 31 | _Ptd = (_ptiddata)0x0; 32 | } 33 | else { 34 | __initptd(_Ptd,(pthreadlocinfo)0x0); 35 | DVar3 = GetCurrentThreadId(); 36 | _Ptd->_thandle = 0xffffffff; 37 | _Ptd->_tid = DVar3; 38 | } 39 | } 40 | } 41 | SetLastError(dwErrCode); 42 | return _Ptd; 43 | } 44 | 45 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000956b___free_osfhnd.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __free_osfhnd 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __free_osfhnd(int param_1) 8 | 9 | { 10 | int *piVar1; 11 | ulong *puVar2; 12 | int iVar3; 13 | DWORD nStdHandle; 14 | 15 | if ((-1 < param_1) && ((uint)param_1 < DAT_1000e994)) { 16 | iVar3 = (param_1 & 0x1fU) * 0x40; 17 | piVar1 = (int *)((&DAT_1000e9a0)[param_1 >> 5] + iVar3); 18 | if (((*(byte *)(piVar1 + 1) & 1) != 0) && (*piVar1 != -1)) { 19 | if (DAT_1000d000 == 1) { 20 | if (param_1 == 0) { 21 | nStdHandle = 0xfffffff6; 22 | } 23 | else if (param_1 == 1) { 24 | nStdHandle = 0xfffffff5; 25 | } 26 | else { 27 | if (param_1 != 2) goto LAB_100095cd; 28 | nStdHandle = 0xfffffff4; 29 | } 30 | SetStdHandle(nStdHandle,(HANDLE)0x0); 31 | } 32 | LAB_100095cd: 33 | *(undefined4 *)(iVar3 + (&DAT_1000e9a0)[param_1 >> 5]) = 0xffffffff; 34 | return 0; 35 | } 36 | } 37 | piVar1 = __errno(); 38 | *piVar1 = 9; 39 | puVar2 = ___doserrno(); 40 | *puVar2 = 0; 41 | return -1; 42 | } 43 | 44 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100064ab____sbh_alloc_new_region.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___sbh_alloc_new_region 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | undefined4 * ___sbh_alloc_new_region(void) 8 | 9 | { 10 | LPVOID pvVar1; 11 | undefined4 *puVar2; 12 | 13 | if (DAT_1000e974 == DAT_1000e984) { 14 | pvVar1 = HeapReAlloc(DAT_1000e6b4,0,DAT_1000e978,(DAT_1000e984 + 0x10) * 0x14); 15 | if (pvVar1 == (LPVOID)0x0) { 16 | return (undefined4 *)0x0; 17 | } 18 | DAT_1000e984 = DAT_1000e984 + 0x10; 19 | DAT_1000e978 = pvVar1; 20 | } 21 | puVar2 = (undefined4 *)(DAT_1000e974 * 0x14 + (int)DAT_1000e978); 22 | pvVar1 = HeapAlloc(DAT_1000e6b4,8,0x41c4); 23 | puVar2[4] = pvVar1; 24 | if (pvVar1 != (LPVOID)0x0) { 25 | pvVar1 = VirtualAlloc((LPVOID)0x0,0x100000,0x2000,4); 26 | puVar2[3] = pvVar1; 27 | if (pvVar1 != (LPVOID)0x0) { 28 | puVar2[2] = 0xffffffff; 29 | *puVar2 = 0; 30 | puVar2[1] = 0; 31 | DAT_1000e974 = DAT_1000e974 + 1; 32 | *(undefined4 *)puVar2[4] = 0xffffffff; 33 | return puVar2; 34 | } 35 | HeapFree(DAT_1000e6b4,0,(LPVOID)puVar2[4]); 36 | } 37 | return (undefined4 *)0x0; 38 | } 39 | 40 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003dc0____security_init_cookie.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___security_init_cookie 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl ___security_init_cookie(void) 8 | 9 | { 10 | DWORD DVar1; 11 | DWORD DVar2; 12 | DWORD DVar3; 13 | uint uVar4; 14 | LARGE_INTEGER local_14; 15 | _FILETIME local_c; 16 | 17 | local_c.dwLowDateTime = 0; 18 | local_c.dwHighDateTime = 0; 19 | if ((DAT_1000d004 == 0xbb40e64e) || ((DAT_1000d004 & 0xffff0000) == 0)) { 20 | GetSystemTimeAsFileTime(&local_c); 21 | uVar4 = local_c.dwHighDateTime ^ local_c.dwLowDateTime; 22 | DVar1 = GetCurrentProcessId(); 23 | DVar2 = GetCurrentThreadId(); 24 | DVar3 = GetTickCount(); 25 | QueryPerformanceCounter(&local_14); 26 | DAT_1000d004 = uVar4 ^ DVar1 ^ DVar2 ^ DVar3 ^ local_14.s.HighPart ^ local_14.s.LowPart; 27 | if (DAT_1000d004 == 0xbb40e64e) { 28 | DAT_1000d004 = 0xbb40e64f; 29 | } 30 | else if ((DAT_1000d004 & 0xffff0000) == 0) { 31 | DAT_1000d004 = DAT_1000d004 | DAT_1000d004 << 0x10; 32 | } 33 | DAT_1000d008 = ~DAT_1000d004; 34 | } 35 | else { 36 | DAT_1000d008 = ~DAT_1000d004; 37 | } 38 | return; 39 | } 40 | 41 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000534c___local_unwind4.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __local_unwind4 4 | 5 | Libraries: Visual Studio 2017 Debug, Visual Studio 2017 Release, Visual Studio 2019 Debug, Visual 6 | Studio 2019 Release */ 7 | 8 | void __cdecl __local_unwind4(uint *param_1,int param_2,uint param_3) 9 | 10 | { 11 | undefined4 *puVar1; 12 | uint uVar2; 13 | void *pvStack_28; 14 | undefined1 *puStack_24; 15 | uint local_20; 16 | uint uStack_1c; 17 | int iStack_18; 18 | uint *puStack_14; 19 | 20 | puStack_14 = param_1; 21 | iStack_18 = param_2; 22 | uStack_1c = param_3; 23 | puStack_24 = &LAB_100053dc; 24 | pvStack_28 = ExceptionList; 25 | local_20 = DAT_1000d004 ^ (uint)&pvStack_28; 26 | ExceptionList = &pvStack_28; 27 | while( true ) { 28 | uVar2 = *(uint *)(param_2 + 0xc); 29 | if ((uVar2 == 0xfffffffe) || ((param_3 != 0xfffffffe && (uVar2 <= param_3)))) break; 30 | puVar1 = (undefined4 *)((*(uint *)(param_2 + 8) ^ *param_1) + 0x10 + uVar2 * 0xc); 31 | *(undefined4 *)(param_2 + 0xc) = *puVar1; 32 | if (puVar1[1] == 0) { 33 | __NLG_Notify(0x101); 34 | FUN_100088bc(); 35 | } 36 | } 37 | ExceptionList = pvStack_28; 38 | return; 39 | } 40 | 41 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100091a5___close_nolock.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __close_nolock 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __close_nolock(int _FileHandle) 8 | 9 | { 10 | intptr_t iVar1; 11 | intptr_t iVar2; 12 | HANDLE hObject; 13 | BOOL BVar3; 14 | DWORD DVar4; 15 | int iVar5; 16 | 17 | iVar1 = __get_osfhandle(_FileHandle); 18 | if (iVar1 != -1) { 19 | if (((_FileHandle == 1) && ((*(byte *)(DAT_1000e9a0 + 0x84) & 1) != 0)) || 20 | ((_FileHandle == 2 && ((*(byte *)(DAT_1000e9a0 + 0x44) & 1) != 0)))) { 21 | iVar1 = __get_osfhandle(2); 22 | iVar2 = __get_osfhandle(1); 23 | if (iVar2 == iVar1) goto LAB_1000920b; 24 | } 25 | hObject = (HANDLE)__get_osfhandle(_FileHandle); 26 | BVar3 = CloseHandle(hObject); 27 | if (BVar3 == 0) { 28 | DVar4 = GetLastError(); 29 | goto LAB_1000920d; 30 | } 31 | } 32 | LAB_1000920b: 33 | DVar4 = 0; 34 | LAB_1000920d: 35 | __free_osfhnd(_FileHandle); 36 | *(undefined1 *)((&DAT_1000e9a0)[_FileHandle >> 5] + 4 + (_FileHandle & 0x1fU) * 0x40) = 0; 37 | if (DVar4 == 0) { 38 | iVar5 = 0; 39 | } 40 | else { 41 | __dosmaperr(DVar4); 42 | iVar5 = -1; 43 | } 44 | return iVar5; 45 | } 46 | 47 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003361___setargv.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ 3 | /* Library Function - Single Match 4 | __setargv 5 | 6 | Library: Visual Studio 2008 Release */ 7 | 8 | int __cdecl __setargv(void) 9 | 10 | { 11 | uint _Size; 12 | uint uVar1; 13 | undefined4 *puVar2; 14 | uint local_10; 15 | uint local_c; 16 | char *local_8; 17 | 18 | if (DAT_1000eaac == 0) { 19 | ___initmbctable(); 20 | } 21 | DAT_1000e69c = 0; 22 | GetModuleFileNameA((HMODULE)0x0,&DAT_1000e598,0x104); 23 | _DAT_1000e26c = &DAT_1000e598; 24 | if ((DAT_1000fac4 == (char *)0x0) || (local_8 = DAT_1000fac4, *DAT_1000fac4 == '\0')) { 25 | local_8 = &DAT_1000e598; 26 | } 27 | parse_cmdline((undefined4 *)0x0,(byte *)0x0,(int *)&local_c); 28 | uVar1 = local_c; 29 | if ((local_c < 0x3fffffff) && (local_10 != 0xffffffff)) { 30 | _Size = local_c * 4 + local_10; 31 | if ((local_10 <= _Size) && 32 | (puVar2 = (undefined4 *)__malloc_crt(_Size), puVar2 != (undefined4 *)0x0)) { 33 | parse_cmdline(puVar2,(byte *)(puVar2 + uVar1),(int *)&local_c); 34 | DAT_1000e250 = local_c - 1; 35 | DAT_1000e254 = puVar2; 36 | return 0; 37 | } 38 | } 39 | return -1; 40 | } 41 | 42 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000264d___invoke_watson.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __invoke_watson 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl 8 | __invoke_watson(wchar_t *param_1,wchar_t *param_2,wchar_t *param_3,uint param_4,uintptr_t param_5) 9 | 10 | { 11 | uint uVar1; 12 | BOOL BVar2; 13 | LONG LVar3; 14 | HANDLE hProcess; 15 | UINT uExitCode; 16 | EXCEPTION_RECORD local_32c; 17 | _EXCEPTION_POINTERS local_2dc; 18 | undefined4 local_2d4; 19 | 20 | uVar1 = DAT_1000d004 ^ (uint)&stack0xfffffffc; 21 | local_32c.ExceptionCode = 0; 22 | _memset(&local_32c.ExceptionFlags,0,0x4c); 23 | local_2dc.ExceptionRecord = &local_32c; 24 | local_2dc.ContextRecord = (PCONTEXT)&local_2d4; 25 | local_2d4 = 0x10001; 26 | local_32c.ExceptionCode = 0xc0000417; 27 | local_32c.ExceptionFlags = 1; 28 | BVar2 = IsDebuggerPresent(); 29 | SetUnhandledExceptionFilter((LPTOP_LEVEL_EXCEPTION_FILTER)0x0); 30 | LVar3 = UnhandledExceptionFilter(&local_2dc); 31 | if ((LVar3 == 0) && (BVar2 == 0)) { 32 | FUN_10003e56(); 33 | } 34 | uExitCode = 0xc0000417; 35 | hProcess = GetCurrentProcess(); 36 | TerminateProcess(hProcess,uExitCode); 37 | __security_check_cookie(uVar1 ^ (uint)&stack0xfffffffc); 38 | return; 39 | } 40 | 41 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | kernagent 2 | Copyright 2025 Karib0u 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 7 | 8 | This distribution bundles third-party components. Their required notices follow. 9 | 10 | --- 11 | 12 | **Ghidra** 13 | Copyright (c) National Security Agency 14 | (https://www.nsa.gov) 15 | 16 | This product includes software developed at the National Security Agency (NSA). 17 | Portions of this product were created by the U.S. Government and are not subject 18 | to U.S. copyright protections under 17 U.S.C. 19 | 20 | The Ghidra software is released under the Apache License, Version 2.0. 21 | See the LICENSE and LICENSE.txt files in Ghidra’s distribution for details. 22 | 23 | --- 24 | 25 | **capa (FLARE / Mandiant)** 26 | Copyright (c) 2020 Mandiant, The FLARE Team 27 | https://github.com/mandiant/capa 28 | 29 | If you use this software, please cite it as: 30 | The FLARE Team. “capa, a tool to identify capabilities in programs and sandbox traces.” (2020) 31 | https://github.com/mandiant/capa 32 | 33 | Released under the Apache License, Version 2.0. 34 | 35 | --- 36 | 37 | For license details, see the LICENSE file accompanying this project. 38 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004c6e____addlocaleref.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___addlocaleref 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl ___addlocaleref(LONG *param_1) 8 | 9 | { 10 | LONG *pLVar1; 11 | LONG *pLVar2; 12 | 13 | pLVar1 = param_1; 14 | InterlockedIncrement(param_1); 15 | if ((LONG *)param_1[0x2c] != (LONG *)0x0) { 16 | InterlockedIncrement((LONG *)param_1[0x2c]); 17 | } 18 | if ((LONG *)param_1[0x2e] != (LONG *)0x0) { 19 | InterlockedIncrement((LONG *)param_1[0x2e]); 20 | } 21 | if ((LONG *)param_1[0x2d] != (LONG *)0x0) { 22 | InterlockedIncrement((LONG *)param_1[0x2d]); 23 | } 24 | if ((LONG *)param_1[0x30] != (LONG *)0x0) { 25 | InterlockedIncrement((LONG *)param_1[0x30]); 26 | } 27 | pLVar2 = param_1 + 0x14; 28 | param_1 = (LONG *)0x6; 29 | do { 30 | if (((undefined *)pLVar2[-2] != &DAT_1000db70) && ((LONG *)*pLVar2 != (LONG *)0x0)) { 31 | InterlockedIncrement((LONG *)*pLVar2); 32 | } 33 | if ((pLVar2[-1] != 0) && ((LONG *)pLVar2[1] != (LONG *)0x0)) { 34 | InterlockedIncrement((LONG *)pLVar2[1]); 35 | } 36 | pLVar2 = pLVar2 + 4; 37 | param_1 = (LONG *)((int)param_1 + -1); 38 | } while (param_1 != (LONG *)0x0); 39 | InterlockedIncrement((LONG *)(pLVar1[0x35] + 0xb4)); 40 | return; 41 | } 42 | 43 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005637___onexit_nolock.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __onexit_nolock 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __onexit_nolock(int param_1) 8 | 9 | { 10 | int *_Memory; 11 | int *piVar1; 12 | size_t sVar2; 13 | size_t sVar3; 14 | void *pvVar4; 15 | int iVar5; 16 | 17 | _Memory = (int *)__decode_pointer(DAT_1000eaa8); 18 | piVar1 = (int *)__decode_pointer(DAT_1000eaa4); 19 | if ((piVar1 < _Memory) || (iVar5 = (int)piVar1 - (int)_Memory, iVar5 + 4U < 4)) { 20 | return 0; 21 | } 22 | sVar2 = __msize(_Memory); 23 | if (sVar2 < iVar5 + 4U) { 24 | sVar3 = 0x800; 25 | if (sVar2 < 0x800) { 26 | sVar3 = sVar2; 27 | } 28 | if ((sVar3 + sVar2 < sVar2) || 29 | (pvVar4 = __realloc_crt(_Memory,sVar3 + sVar2), pvVar4 == (void *)0x0)) { 30 | if (sVar2 + 0x10 < sVar2) { 31 | return 0; 32 | } 33 | pvVar4 = __realloc_crt(_Memory,sVar2 + 0x10); 34 | if (pvVar4 == (void *)0x0) { 35 | return 0; 36 | } 37 | } 38 | piVar1 = (int *)((int)pvVar4 + (iVar5 >> 2) * 4); 39 | DAT_1000eaa8 = __encode_pointer((int)pvVar4); 40 | } 41 | iVar5 = __encode_pointer(param_1); 42 | *piVar1 = iVar5; 43 | DAT_1000eaa4 = __encode_pointer((int)(piVar1 + 1)); 44 | return param_1; 45 | } 46 | 47 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10008637___VEC_memzero.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __VEC_memzero 4 | 5 | Libraries: Visual Studio 2005 Debug, Visual Studio 2005 Release, Visual Studio 2008 Debug, Visual 6 | Studio 2008 Release */ 7 | 8 | undefined1 (*) [16] __cdecl 9 | __VEC_memzero(undefined1 (*param_1) [16],undefined4 param_2,uint param_3) 10 | 11 | { 12 | int iVar1; 13 | uint uVar2; 14 | int iVar3; 15 | undefined1 *puVar4; 16 | undefined1 (*pauVar5) [16]; 17 | 18 | uVar2 = (int)param_1 >> 0x1f; 19 | iVar3 = (((uint)param_1 ^ uVar2) - uVar2 & 0xf ^ uVar2) - uVar2; 20 | if (iVar3 == 0) { 21 | uVar2 = param_3 & 0x7f; 22 | if (param_3 != uVar2) { 23 | fastzero_I(param_1,param_3 - uVar2); 24 | } 25 | if (uVar2 != 0) { 26 | puVar4 = (undefined1 *)((int)param_1 + (param_3 - uVar2)); 27 | for (; uVar2 != 0; uVar2 = uVar2 - 1) { 28 | *puVar4 = 0; 29 | puVar4 = puVar4 + 1; 30 | } 31 | } 32 | } 33 | else { 34 | iVar3 = 0x10 - iVar3; 35 | pauVar5 = param_1; 36 | for (iVar1 = iVar3; iVar1 != 0; iVar1 = iVar1 + -1) { 37 | (*pauVar5)[0] = 0; 38 | pauVar5 = (undefined1 (*) [16])(*pauVar5 + 1); 39 | } 40 | __VEC_memzero((undefined1 (*) [16])((int)param_1 + iVar3),0,param_3 - iVar3); 41 | } 42 | return param_1; 43 | } 44 | 45 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004668____updatetmbcinfo.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* Library Function - Single Match 5 | ___updatetmbcinfo 6 | 7 | Library: Visual Studio 2008 Release */ 8 | 9 | pthreadmbcinfo __cdecl ___updatetmbcinfo(void) 10 | 11 | { 12 | _ptiddata p_Var1; 13 | LONG LVar2; 14 | pthreadmbcinfo lpAddend; 15 | 16 | p_Var1 = __getptd(); 17 | if (((p_Var1->_ownlocale & DAT_1000db6c) == 0) || (p_Var1->ptlocinfo == (pthreadlocinfo)0x0)) { 18 | __lock(0xd); 19 | lpAddend = p_Var1->ptmbcinfo; 20 | if (lpAddend != (pthreadmbcinfo)PTR_DAT_1000da70) { 21 | if (lpAddend != (pthreadmbcinfo)0x0) { 22 | LVar2 = InterlockedDecrement(&lpAddend->refcount); 23 | if ((LVar2 == 0) && (lpAddend != (pthreadmbcinfo)&DAT_1000d648)) { 24 | _free(lpAddend); 25 | } 26 | } 27 | p_Var1->ptmbcinfo = (pthreadmbcinfo)PTR_DAT_1000da70; 28 | lpAddend = (pthreadmbcinfo)PTR_DAT_1000da70; 29 | InterlockedIncrement((LONG *)PTR_DAT_1000da70); 30 | } 31 | FUN_10004703(); 32 | } 33 | else { 34 | lpAddend = p_Var1->ptmbcinfo; 35 | } 36 | if (lpAddend == (pthreadmbcinfo)0x0) { 37 | __amsg_exit(0x20); 38 | } 39 | return lpAddend; 40 | } 41 | 42 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005bb4__strcat_s.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _strcat_s 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | errno_t __cdecl _strcat_s(char *_Dst,rsize_t _SizeInBytes,char *_Src) 8 | 9 | { 10 | char cVar1; 11 | int *piVar2; 12 | char *pcVar3; 13 | errno_t eVar4; 14 | 15 | if ((_Dst != (char *)0x0) && (_SizeInBytes != 0)) { 16 | pcVar3 = _Dst; 17 | if (_Src != (char *)0x0) { 18 | do { 19 | if (*pcVar3 == '\0') break; 20 | pcVar3 = pcVar3 + 1; 21 | _SizeInBytes = _SizeInBytes - 1; 22 | } while (_SizeInBytes != 0); 23 | if (_SizeInBytes != 0) { 24 | do { 25 | cVar1 = *_Src; 26 | *pcVar3 = cVar1; 27 | pcVar3 = pcVar3 + 1; 28 | _Src = _Src + 1; 29 | if (cVar1 == '\0') break; 30 | _SizeInBytes = _SizeInBytes - 1; 31 | } while (_SizeInBytes != 0); 32 | if (_SizeInBytes != 0) { 33 | return 0; 34 | } 35 | *_Dst = '\0'; 36 | piVar2 = __errno(); 37 | eVar4 = 0x22; 38 | *piVar2 = 0x22; 39 | goto LAB_10005bd6; 40 | } 41 | } 42 | *_Dst = '\0'; 43 | } 44 | piVar2 = __errno(); 45 | eVar4 = 0x16; 46 | *piVar2 = 0x16; 47 | LAB_10005bd6: 48 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 49 | return eVar4; 50 | } 51 | 52 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10009241___close.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* Library Function - Single Match 5 | __close 6 | 7 | Library: Visual Studio 2008 Release */ 8 | 9 | int __cdecl __close(int _FileHandle) 10 | 11 | { 12 | ulong *puVar1; 13 | int *piVar2; 14 | int iVar3; 15 | int local_20; 16 | 17 | if (_FileHandle == -2) { 18 | puVar1 = ___doserrno(); 19 | *puVar1 = 0; 20 | piVar2 = __errno(); 21 | *piVar2 = 9; 22 | } 23 | else { 24 | if ((-1 < _FileHandle) && ((uint)_FileHandle < DAT_1000e994)) { 25 | iVar3 = (_FileHandle & 0x1fU) * 0x40; 26 | if ((*(byte *)((&DAT_1000e9a0)[_FileHandle >> 5] + 4 + iVar3) & 1) != 0) { 27 | ___lock_fhandle(_FileHandle); 28 | if ((*(byte *)((&DAT_1000e9a0)[_FileHandle >> 5] + 4 + iVar3) & 1) == 0) { 29 | piVar2 = __errno(); 30 | *piVar2 = 9; 31 | local_20 = -1; 32 | } 33 | else { 34 | local_20 = __close_nolock(_FileHandle); 35 | } 36 | FUN_10009304(); 37 | return local_20; 38 | } 39 | } 40 | puVar1 = ___doserrno(); 41 | *puVar1 = 0; 42 | piVar2 = __errno(); 43 | *piVar2 = 9; 44 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 45 | } 46 | return -1; 47 | } 48 | 49 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004cfd____removelocaleref.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___removelocaleref 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | LONG * __cdecl ___removelocaleref(LONG *param_1) 8 | 9 | { 10 | LONG *pLVar1; 11 | LONG *pLVar2; 12 | 13 | pLVar1 = param_1; 14 | if (param_1 != (LONG *)0x0) { 15 | InterlockedDecrement(param_1); 16 | if ((LONG *)param_1[0x2c] != (LONG *)0x0) { 17 | InterlockedDecrement((LONG *)param_1[0x2c]); 18 | } 19 | if ((LONG *)param_1[0x2e] != (LONG *)0x0) { 20 | InterlockedDecrement((LONG *)param_1[0x2e]); 21 | } 22 | if ((LONG *)param_1[0x2d] != (LONG *)0x0) { 23 | InterlockedDecrement((LONG *)param_1[0x2d]); 24 | } 25 | if ((LONG *)param_1[0x30] != (LONG *)0x0) { 26 | InterlockedDecrement((LONG *)param_1[0x30]); 27 | } 28 | pLVar2 = param_1 + 0x14; 29 | param_1 = (LONG *)0x6; 30 | do { 31 | if (((undefined *)pLVar2[-2] != &DAT_1000db70) && ((LONG *)*pLVar2 != (LONG *)0x0)) { 32 | InterlockedDecrement((LONG *)*pLVar2); 33 | } 34 | if ((pLVar2[-1] != 0) && ((LONG *)pLVar2[1] != (LONG *)0x0)) { 35 | InterlockedDecrement((LONG *)pLVar2[1]); 36 | } 37 | pLVar2 = pLVar2 + 4; 38 | param_1 = (LONG *)((int)param_1 + -1); 39 | } while (param_1 != (LONG *)0x0); 40 | InterlockedDecrement((LONG *)(pLVar1[0x35] + 0xb4)); 41 | } 42 | return pLVar1; 43 | } 44 | 45 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100042b6___mtinitlocknum.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* Library Function - Single Match 5 | __mtinitlocknum 6 | 7 | Library: Visual Studio 2008 Release */ 8 | 9 | int __cdecl __mtinitlocknum(int _LockNum) 10 | 11 | { 12 | LPCRITICAL_SECTION _Memory; 13 | int *piVar1; 14 | BOOL BVar2; 15 | int iVar3; 16 | int local_20; 17 | 18 | iVar3 = 1; 19 | local_20 = 1; 20 | if (DAT_1000e6b4 == 0) { 21 | __FF_MSGBANNER(); 22 | __NMSG_WRITE(0x1e); 23 | ___crtExitProcess(0xff); 24 | } 25 | piVar1 = &DAT_1000d528 + _LockNum * 2; 26 | if (*piVar1 == 0) { 27 | _Memory = (LPCRITICAL_SECTION)__malloc_crt(0x18); 28 | if (_Memory == (LPCRITICAL_SECTION)0x0) { 29 | piVar1 = __errno(); 30 | *piVar1 = 0xc; 31 | iVar3 = 0; 32 | } 33 | else { 34 | __lock(10); 35 | if (*piVar1 == 0) { 36 | BVar2 = ___crtInitCritSecAndSpinCount(_Memory,4000); 37 | if (BVar2 == 0) { 38 | _free(_Memory); 39 | piVar1 = __errno(); 40 | *piVar1 = 0xc; 41 | local_20 = 0; 42 | } 43 | else { 44 | *piVar1 = (int)_Memory; 45 | } 46 | } 47 | else { 48 | _free(_Memory); 49 | } 50 | FUN_10004370(); 51 | iVar3 = local_20; 52 | } 53 | } 54 | return iVar3; 55 | } 56 | 57 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10006c78__malloc.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _malloc 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void * __cdecl _malloc(size_t _Size) 8 | 9 | { 10 | int *piVar1; 11 | int iVar2; 12 | size_t sVar3; 13 | uint dwBytes; 14 | 15 | if (_Size < 0xffffffe1) { 16 | do { 17 | if (DAT_1000e6b4 == (HANDLE)0x0) { 18 | __FF_MSGBANNER(); 19 | __NMSG_WRITE(0x1e); 20 | ___crtExitProcess(0xff); 21 | } 22 | if (DAT_1000e990 == 1) { 23 | dwBytes = _Size; 24 | if (_Size == 0) { 25 | dwBytes = 1; 26 | } 27 | LAB_10006ce7: 28 | piVar1 = (int *)HeapAlloc(DAT_1000e6b4,0,dwBytes); 29 | } 30 | else if ((DAT_1000e990 != 3) || (piVar1 = _V6_HeapAlloc((uint *)_Size), piVar1 == (int *)0x0)) 31 | { 32 | sVar3 = _Size; 33 | if (_Size == 0) { 34 | sVar3 = 1; 35 | } 36 | dwBytes = sVar3 + 0xf & 0xfffffff0; 37 | goto LAB_10006ce7; 38 | } 39 | if (piVar1 != (int *)0x0) { 40 | return piVar1; 41 | } 42 | if (DAT_1000e8a4 == 0) { 43 | piVar1 = __errno(); 44 | *piVar1 = 0xc; 45 | break; 46 | } 47 | iVar2 = __callnewh(_Size); 48 | } while (iVar2 != 0); 49 | piVar1 = __errno(); 50 | *piVar1 = 0xc; 51 | } 52 | else { 53 | __callnewh(_Size); 54 | piVar1 = __errno(); 55 | *piVar1 = 0xc; 56 | } 57 | return (void *)0x0; 58 | } 59 | 60 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100018a9___stbuf.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ 3 | /* Library Function - Single Match 4 | __stbuf 5 | 6 | Library: Visual Studio 2008 Release */ 7 | 8 | int __cdecl __stbuf(FILE *_File) 9 | 10 | { 11 | int *piVar1; 12 | char *pcVar2; 13 | int iVar3; 14 | undefined **ppuVar4; 15 | void *pvVar5; 16 | 17 | iVar3 = __fileno(_File); 18 | iVar3 = __isatty(iVar3); 19 | if (iVar3 == 0) { 20 | return 0; 21 | } 22 | ppuVar4 = FUN_100016f4(); 23 | if (_File == (FILE *)(ppuVar4 + 8)) { 24 | iVar3 = 0; 25 | } 26 | else { 27 | ppuVar4 = FUN_100016f4(); 28 | if (_File != (FILE *)(ppuVar4 + 0x10)) { 29 | return 0; 30 | } 31 | iVar3 = 1; 32 | } 33 | _DAT_1000e23c = _DAT_1000e23c + 1; 34 | if ((_File->_flag & 0x10cU) != 0) { 35 | return 0; 36 | } 37 | piVar1 = &DAT_1000e240 + iVar3; 38 | if (*piVar1 == 0) { 39 | pvVar5 = __malloc_crt(0x1000); 40 | *piVar1 = (int)pvVar5; 41 | if (pvVar5 == (void *)0x0) { 42 | _File->_base = (char *)&_File->_charbuf; 43 | _File->_ptr = (char *)&_File->_charbuf; 44 | _File->_bufsiz = 2; 45 | _File->_cnt = 2; 46 | goto LAB_10001932; 47 | } 48 | } 49 | pcVar2 = (char *)*piVar1; 50 | _File->_base = pcVar2; 51 | _File->_ptr = pcVar2; 52 | _File->_bufsiz = 0x1000; 53 | _File->_cnt = 0x1000; 54 | LAB_10001932: 55 | _File->_flag = _File->_flag | 0x1102; 56 | return 1; 57 | } 58 | 59 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005230___aulldvrm.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __aulldvrm 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | undefined8 __aulldvrm(uint param_1,uint param_2,uint param_3,uint param_4) 8 | 9 | { 10 | ulonglong uVar1; 11 | longlong lVar2; 12 | uint uVar3; 13 | int iVar4; 14 | uint uVar5; 15 | uint uVar6; 16 | uint uVar7; 17 | uint uVar8; 18 | uint uVar9; 19 | 20 | uVar3 = param_1; 21 | uVar8 = param_4; 22 | uVar6 = param_2; 23 | uVar9 = param_3; 24 | if (param_4 == 0) { 25 | uVar3 = param_2 / param_3; 26 | iVar4 = (int)(((ulonglong)param_2 % (ulonglong)param_3 << 0x20 | (ulonglong)param_1) / 27 | (ulonglong)param_3); 28 | } 29 | else { 30 | do { 31 | uVar5 = uVar8 >> 1; 32 | uVar9 = uVar9 >> 1 | (uint)((uVar8 & 1) != 0) << 0x1f; 33 | uVar7 = uVar6 >> 1; 34 | uVar3 = uVar3 >> 1 | (uint)((uVar6 & 1) != 0) << 0x1f; 35 | uVar8 = uVar5; 36 | uVar6 = uVar7; 37 | } while (uVar5 != 0); 38 | uVar1 = CONCAT44(uVar7,uVar3) / (ulonglong)uVar9; 39 | iVar4 = (int)uVar1; 40 | lVar2 = (ulonglong)param_3 * (uVar1 & 0xffffffff); 41 | uVar3 = (uint)((ulonglong)lVar2 >> 0x20); 42 | uVar8 = uVar3 + iVar4 * param_4; 43 | if (((CARRY4(uVar3,iVar4 * param_4)) || (param_2 < uVar8)) || 44 | ((param_2 <= uVar8 && (param_1 < (uint)lVar2)))) { 45 | iVar4 = iVar4 + -1; 46 | } 47 | uVar3 = 0; 48 | } 49 | return CONCAT44(uVar3,iVar4); 50 | } 51 | 52 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10009a80____ascii_strnicmp.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___ascii_strnicmp 4 | 5 | Library: Visual Studio */ 6 | 7 | int __cdecl ___ascii_strnicmp(char *_Str1,char *_Str2,size_t _MaxCount) 8 | 9 | { 10 | char cVar1; 11 | byte bVar2; 12 | ushort uVar3; 13 | uint uVar4; 14 | bool bVar5; 15 | 16 | if (_MaxCount != 0) { 17 | do { 18 | bVar2 = *_Str1; 19 | cVar1 = *_Str2; 20 | uVar3 = CONCAT11(bVar2,cVar1); 21 | if (bVar2 == 0) break; 22 | uVar3 = CONCAT11(bVar2,cVar1); 23 | uVar4 = (uint)uVar3; 24 | if (cVar1 == '\0') break; 25 | _Str1 = (char *)((byte *)_Str1 + 1); 26 | _Str2 = _Str2 + 1; 27 | if ((0x40 < bVar2) && (bVar2 < 0x5b)) { 28 | uVar4 = (uint)CONCAT11(bVar2 + 0x20,cVar1); 29 | } 30 | uVar3 = (ushort)uVar4; 31 | bVar2 = (byte)uVar4; 32 | if ((0x40 < bVar2) && (bVar2 < 0x5b)) { 33 | uVar3 = (ushort)CONCAT31((int3)(uVar4 >> 8),bVar2 + 0x20); 34 | } 35 | bVar2 = (byte)(uVar3 >> 8); 36 | bVar5 = bVar2 < (byte)uVar3; 37 | if (bVar2 != (byte)uVar3) goto LAB_10009ad1; 38 | _MaxCount = _MaxCount - 1; 39 | } while (_MaxCount != 0); 40 | _MaxCount = 0; 41 | bVar2 = (byte)(uVar3 >> 8); 42 | bVar5 = bVar2 < (byte)uVar3; 43 | if (bVar2 != (byte)uVar3) { 44 | LAB_10009ad1: 45 | _MaxCount = 0xffffffff; 46 | if (!bVar5) { 47 | _MaxCount = 1; 48 | } 49 | } 50 | } 51 | return _MaxCount; 52 | } 53 | 54 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10001979__LocaleUpdate.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | public: __thiscall _LocaleUpdate::_LocaleUpdate(struct localeinfo_struct *) 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | _LocaleUpdate * __thiscall 8 | _LocaleUpdate::_LocaleUpdate(_LocaleUpdate *this,localeinfo_struct *param_1) 9 | 10 | { 11 | uint *puVar1; 12 | _ptiddata p_Var2; 13 | pthreadlocinfo ptVar3; 14 | pthreadmbcinfo ptVar4; 15 | 16 | this[0xc] = (_LocaleUpdate)0x0; 17 | if (param_1 == (localeinfo_struct *)0x0) { 18 | p_Var2 = __getptd(); 19 | *(_ptiddata *)(this + 8) = p_Var2; 20 | *(pthreadlocinfo *)this = p_Var2->ptlocinfo; 21 | *(pthreadmbcinfo *)(this + 4) = p_Var2->ptmbcinfo; 22 | if ((*(undefined **)this != PTR_DAT_1000dc50) && ((p_Var2->_ownlocale & DAT_1000db6c) == 0)) { 23 | ptVar3 = ___updatetlocinfo(); 24 | *(pthreadlocinfo *)this = ptVar3; 25 | } 26 | if ((*(undefined **)(this + 4) != PTR_DAT_1000da70) && 27 | ((*(uint *)(*(int *)(this + 8) + 0x70) & DAT_1000db6c) == 0)) { 28 | ptVar4 = ___updatetmbcinfo(); 29 | *(pthreadmbcinfo *)(this + 4) = ptVar4; 30 | } 31 | if ((*(byte *)(*(int *)(this + 8) + 0x70) & 2) == 0) { 32 | puVar1 = (uint *)(*(int *)(this + 8) + 0x70); 33 | *puVar1 = *puVar1 | 2; 34 | this[0xc] = (_LocaleUpdate)0x1; 35 | } 36 | } 37 | else { 38 | *(pthreadlocinfo *)this = param_1->locinfo; 39 | *(pthreadmbcinfo *)(this + 4) = param_1->mbcinfo; 40 | } 41 | return this; 42 | } 43 | 44 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000411a_flsall.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* Library Function - Single Match 5 | _flsall 6 | 7 | Libraries: Visual Studio 2008 Release, Visual Studio 2010 Release */ 8 | 9 | int __cdecl flsall(int param_1) 10 | 11 | { 12 | int *piVar1; 13 | void *_File; 14 | FILE *_File_00; 15 | int iVar2; 16 | int _Index; 17 | int local_28; 18 | int local_20; 19 | 20 | local_20 = 0; 21 | local_28 = 0; 22 | __lock(1); 23 | for (_Index = 0; _Index < DAT_1000fac0; _Index = _Index + 1) { 24 | piVar1 = (int *)(DAT_1000eabc + _Index * 4); 25 | if ((*piVar1 != 0) && (_File = (void *)*piVar1, (*(byte *)((int)_File + 0xc) & 0x83) != 0)) { 26 | __lock_file2(_Index,_File); 27 | _File_00 = *(FILE **)(DAT_1000eabc + _Index * 4); 28 | if ((_File_00->_flag & 0x83U) != 0) { 29 | if (param_1 == 1) { 30 | iVar2 = __fflush_nolock(_File_00); 31 | if (iVar2 != -1) { 32 | local_20 = local_20 + 1; 33 | } 34 | } 35 | else if ((param_1 == 0) && ((_File_00->_flag & 2U) != 0)) { 36 | iVar2 = __fflush_nolock(_File_00); 37 | if (iVar2 == -1) { 38 | local_28 = -1; 39 | } 40 | } 41 | } 42 | FUN_100041bc(); 43 | } 44 | } 45 | FUN_100041eb(); 46 | if (param_1 != 1) { 47 | local_20 = local_28; 48 | } 49 | return local_20; 50 | } 51 | 52 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100078a1___write.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* Library Function - Single Match 5 | __write 6 | 7 | Library: Visual Studio 2008 Release */ 8 | 9 | int __cdecl __write(int _FileHandle,void *_Buf,uint _MaxCharCount) 10 | 11 | { 12 | ulong *puVar1; 13 | int *piVar2; 14 | int iVar3; 15 | int local_20; 16 | 17 | if (_FileHandle == -2) { 18 | puVar1 = ___doserrno(); 19 | *puVar1 = 0; 20 | piVar2 = __errno(); 21 | *piVar2 = 9; 22 | } 23 | else { 24 | if ((-1 < _FileHandle) && ((uint)_FileHandle < DAT_1000e994)) { 25 | iVar3 = (_FileHandle & 0x1fU) * 0x40; 26 | if ((*(byte *)((&DAT_1000e9a0)[_FileHandle >> 5] + 4 + iVar3) & 1) != 0) { 27 | ___lock_fhandle(_FileHandle); 28 | if ((*(byte *)((&DAT_1000e9a0)[_FileHandle >> 5] + 4 + iVar3) & 1) == 0) { 29 | piVar2 = __errno(); 30 | *piVar2 = 9; 31 | puVar1 = ___doserrno(); 32 | *puVar1 = 0; 33 | local_20 = -1; 34 | } 35 | else { 36 | local_20 = __write_nolock(_FileHandle,_Buf,_MaxCharCount); 37 | } 38 | FUN_10007973(); 39 | return local_20; 40 | } 41 | } 42 | puVar1 = ___doserrno(); 43 | *puVar1 = 0; 44 | piVar2 = __errno(); 45 | *piVar2 = 9; 46 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 47 | } 48 | return -1; 49 | } 50 | 51 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100052d0__memset.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _memset 4 | 5 | Libraries: Visual Studio 2005 Debug, Visual Studio 2005 Release, Visual Studio 2008 Debug, Visual 6 | Studio 2008 Release */ 7 | 8 | void * __cdecl _memset(void *_Dst,int _Val,size_t _Size) 9 | 10 | { 11 | uint uVar1; 12 | undefined1 (*pauVar2) [16]; 13 | uint uVar3; 14 | size_t sVar4; 15 | uint *puVar5; 16 | 17 | if (_Size == 0) { 18 | return _Dst; 19 | } 20 | uVar1 = _Val & 0xff; 21 | if ((((char)_Val == '\0') && (0xff < _Size)) && (DAT_1000e970 != 0)) { 22 | pauVar2 = __VEC_memzero((undefined1 (*) [16])_Dst,_Val,_Size); 23 | return pauVar2; 24 | } 25 | puVar5 = (uint *)_Dst; 26 | if (3 < _Size) { 27 | uVar3 = -(int)_Dst & 3; 28 | sVar4 = _Size; 29 | if (uVar3 != 0) { 30 | sVar4 = _Size - uVar3; 31 | do { 32 | *(char *)puVar5 = (char)_Val; 33 | puVar5 = (uint *)((int)puVar5 + 1); 34 | uVar3 = uVar3 - 1; 35 | } while (uVar3 != 0); 36 | } 37 | uVar1 = uVar1 * 0x1010101; 38 | _Size = sVar4 & 3; 39 | uVar3 = sVar4 >> 2; 40 | if (uVar3 != 0) { 41 | for (; uVar3 != 0; uVar3 = uVar3 - 1) { 42 | *puVar5 = uVar1; 43 | puVar5 = puVar5 + 1; 44 | } 45 | if (_Size == 0) { 46 | return _Dst; 47 | } 48 | } 49 | } 50 | do { 51 | *(char *)puVar5 = (char)uVar1; 52 | puVar5 = (uint *)((int)puVar5 + 1); 53 | _Size = _Size - 1; 54 | } while (_Size != 0); 55 | return _Dst; 56 | } 57 | 58 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10001650___aulldiv.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __aulldiv 4 | 5 | Libraries: Visual Studio 2003 Release, Visual Studio 2005 Release, Visual Studio 2008 Release */ 6 | 7 | undefined8 __aulldiv(uint param_1,uint param_2,uint param_3,uint param_4) 8 | 9 | { 10 | ulonglong uVar1; 11 | longlong lVar2; 12 | uint uVar3; 13 | int iVar4; 14 | uint uVar5; 15 | uint uVar6; 16 | uint uVar7; 17 | uint uVar8; 18 | uint uVar9; 19 | 20 | uVar3 = param_1; 21 | uVar8 = param_4; 22 | uVar6 = param_2; 23 | uVar9 = param_3; 24 | if (param_4 == 0) { 25 | uVar3 = param_2 / param_3; 26 | iVar4 = (int)(((ulonglong)param_2 % (ulonglong)param_3 << 0x20 | (ulonglong)param_1) / 27 | (ulonglong)param_3); 28 | } 29 | else { 30 | do { 31 | uVar5 = uVar8 >> 1; 32 | uVar9 = uVar9 >> 1 | (uint)((uVar8 & 1) != 0) << 0x1f; 33 | uVar7 = uVar6 >> 1; 34 | uVar3 = uVar3 >> 1 | (uint)((uVar6 & 1) != 0) << 0x1f; 35 | uVar8 = uVar5; 36 | uVar6 = uVar7; 37 | } while (uVar5 != 0); 38 | uVar1 = CONCAT44(uVar7,uVar3) / (ulonglong)uVar9; 39 | iVar4 = (int)uVar1; 40 | lVar2 = (ulonglong)param_3 * (uVar1 & 0xffffffff); 41 | uVar3 = (uint)((ulonglong)lVar2 >> 0x20); 42 | uVar8 = uVar3 + iVar4 * param_4; 43 | if (((CARRY4(uVar3,iVar4 * param_4)) || (param_2 < uVar8)) || 44 | ((param_2 <= uVar8 && (param_1 < (uint)lVar2)))) { 45 | iVar4 = iVar4 + -1; 46 | } 47 | uVar3 = 0; 48 | } 49 | return CONCAT44(uVar3,iVar4); 50 | } 51 | 52 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000395a___initptd.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* Library Function - Single Match 5 | __initptd 6 | 7 | Library: Visual Studio 2008 Release */ 8 | 9 | void __cdecl __initptd(_ptiddata _Ptd,pthreadlocinfo _Locale) 10 | 11 | { 12 | HMODULE hModule; 13 | FARPROC pFVar1; 14 | 15 | hModule = GetModuleHandleW(L"KERNEL32.DLL"); 16 | if (hModule == (HMODULE)0x0) { 17 | hModule = (HMODULE)__crt_waiting_on_module_handle(L"KERNEL32.DLL"); 18 | } 19 | _Ptd->_pxcptacttab = &DAT_1000a7f8; 20 | _Ptd->_holdrand = 1; 21 | if (hModule != (HMODULE)0x0) { 22 | pFVar1 = GetProcAddress(hModule,"EncodePointer"); 23 | *(FARPROC *)((_Ptd->_setloc_data)._cacheout + 0x1d) = pFVar1; 24 | pFVar1 = GetProcAddress(hModule,"DecodePointer"); 25 | *(FARPROC *)((_Ptd->_setloc_data)._cacheout + 0x1f) = pFVar1; 26 | } 27 | _Ptd->_ownlocale = 1; 28 | *(undefined1 *)((_Ptd->_setloc_data)._cachein + 8) = 0x43; 29 | *(undefined1 *)((int)(_Ptd->_setloc_data)._cachein + 0x93) = 0x43; 30 | _Ptd->ptmbcinfo = (pthreadmbcinfo)&DAT_1000d648; 31 | __lock(0xd); 32 | InterlockedIncrement(&_Ptd->ptmbcinfo->refcount); 33 | FUN_10003a2f(); 34 | __lock(0xc); 35 | _Ptd->ptlocinfo = _Locale; 36 | if (_Locale == (pthreadlocinfo)0x0) { 37 | _Ptd->ptlocinfo = (pthreadlocinfo)PTR_DAT_1000dc50; 38 | } 39 | ___addlocaleref(&_Ptd->ptlocinfo->refcount); 40 | FUN_10003a38(); 41 | return; 42 | } 43 | 44 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10009972___isctype_l.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __isctype_l 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __isctype_l(int _C,int _Type,_locale_t _Locale) 8 | 9 | { 10 | int iVar1; 11 | BOOL BVar2; 12 | CHAR CVar3; 13 | localeinfo_struct local_1c; 14 | int local_14; 15 | char local_10; 16 | CHAR local_c; 17 | CHAR local_b; 18 | undefined1 local_a; 19 | ushort local_8 [2]; 20 | 21 | _LocaleUpdate::_LocaleUpdate((_LocaleUpdate *)&local_1c,_Locale); 22 | if (_C + 1U < 0x101) { 23 | local_8[0] = *(ushort *)(local_1c.locinfo[1].lc_category[0].locale + _C * 2); 24 | } 25 | else { 26 | iVar1 = __isleadbyte_l(_C >> 8 & 0xff,&local_1c); 27 | CVar3 = (CHAR)_C; 28 | if (iVar1 == 0) { 29 | local_b = '\0'; 30 | iVar1 = 1; 31 | local_c = CVar3; 32 | } 33 | else { 34 | _C._0_1_ = (CHAR)((uint)_C >> 8); 35 | local_c = (CHAR)_C; 36 | local_a = 0; 37 | iVar1 = 2; 38 | local_b = CVar3; 39 | } 40 | BVar2 = ___crtGetStringTypeA 41 | (&local_1c,1,&local_c,iVar1,local_8,(local_1c.locinfo)->lc_codepage, 42 | (BOOL)(local_1c.locinfo)->lc_category[0].wlocale); 43 | if (BVar2 == 0) { 44 | if (local_10 != '\0') { 45 | *(uint *)(local_14 + 0x70) = *(uint *)(local_14 + 0x70) & 0xfffffffd; 46 | } 47 | return 0; 48 | } 49 | } 50 | if (local_10 != '\0') { 51 | *(uint *)(local_14 + 0x70) = *(uint *)(local_14 + 0x70) & 0xfffffffd; 52 | } 53 | return (uint)local_8[0] & _Type; 54 | } 55 | 56 | -------------------------------------------------------------------------------- /kernagent/config.py: -------------------------------------------------------------------------------- 1 | """Runtime configuration for kernagent.""" 2 | 3 | from __future__ import annotations 4 | 5 | import os 6 | from dataclasses import dataclass 7 | from pathlib import Path 8 | 9 | try: 10 | from dotenv import load_dotenv 11 | except ImportError: # pragma: no cover - optional dependency 12 | load_dotenv = None 13 | 14 | 15 | @dataclass 16 | class Settings: 17 | """Container for runtime configuration values.""" 18 | 19 | api_key: str = os.getenv("OPENAI_API_KEY", "not-needed") 20 | base_url: str = os.getenv("OPENAI_BASE_URL", "http://localhost:1234/v1") 21 | model: str = os.getenv("OPENAI_MODEL", "kernagent-default-model") 22 | debug: bool = os.getenv("DEBUG", "false").lower() == "true" 23 | 24 | 25 | def load_settings() -> Settings: 26 | """Load settings from environment (optionally via python-dotenv).""" 27 | if load_dotenv: 28 | config_path = os.environ.get( 29 | "KERNAGENT_CONFIG", 30 | str( 31 | Path(os.environ.get("XDG_CONFIG_HOME", Path.home() / ".config")) 32 | / "kernagent" 33 | / "config.env" 34 | ), 35 | ) 36 | if os.path.exists(config_path): 37 | load_dotenv(config_path) 38 | 39 | # Explicitly read environment variables AFTER loading config file 40 | return Settings( 41 | api_key=os.getenv("OPENAI_API_KEY", "not-needed"), 42 | base_url=os.getenv("OPENAI_BASE_URL", "http://localhost:1234/v1"), 43 | model=os.getenv("OPENAI_MODEL", "kernagent-default-model"), 44 | debug=os.getenv("DEBUG", "false").lower() == "true", 45 | ) 46 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10008716___get_sse2_info.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Removing unreachable block (ram,0x10008753) */ 3 | /* WARNING: Removing unreachable block (ram,0x10008740) */ 4 | /* Library Function - Single Match 5 | __get_sse2_info 6 | 7 | Libraries: Visual Studio 2005 Release, Visual Studio 2008 Release */ 8 | 9 | undefined4 __get_sse2_info(void) 10 | 11 | { 12 | uint uVar1; 13 | int iVar2; 14 | undefined4 uVar3; 15 | byte in_AF; 16 | byte in_TF; 17 | byte in_IF; 18 | byte in_NT; 19 | byte in_AC; 20 | byte in_VIF; 21 | byte in_VIP; 22 | byte in_ID; 23 | uint uVar4; 24 | undefined4 local_8; 25 | 26 | local_8 = 0; 27 | uVar4 = (uint)(in_NT & 1) * 0x4000 | (uint)(in_IF & 1) * 0x200 | (uint)(in_TF & 1) * 0x100 | 0x40 28 | | (uint)(in_AF & 1) * 0x10 | 4 | (uint)(in_ID & 1) * 0x200000 | 29 | (uint)(in_VIP & 1) * 0x100000 | (uint)(in_VIF & 1) * 0x80000 | (uint)(in_AC & 1) * 0x40000 30 | ; 31 | uVar1 = uVar4 ^ 0x200000; 32 | if (((uint)((uVar1 & 0x4000) != 0) * 0x4000 | (uint)((uVar1 & 0x200) != 0) * 0x200 | 33 | (uint)((uVar1 & 0x100) != 0) * 0x100 | (uint)((uVar1 & 0x40) != 0) * 0x40 | 34 | (uint)((uVar1 & 0x10) != 0) * 0x10 | (uint)((uVar1 & 4) != 0) * 4 | 35 | (uint)((uVar1 & 0x200000) != 0) * 0x200000 | (uint)((uVar1 & 0x40000) != 0) * 0x40000) != 36 | uVar4) { 37 | cpuid_basic_info(0); 38 | iVar2 = cpuid_Version_info(1); 39 | local_8 = *(uint *)(iVar2 + 8); 40 | } 41 | if (((local_8 & 0x4000000) == 0) || (iVar2 = FUN_100086c6(), iVar2 == 0)) { 42 | uVar3 = 0; 43 | } 44 | else { 45 | uVar3 = 1; 46 | } 47 | return uVar3; 48 | } 49 | 50 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000797d___commit.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* Library Function - Single Match 5 | __commit 6 | 7 | Library: Visual Studio 2008 Release */ 8 | 9 | int __cdecl __commit(int _FileHandle) 10 | 11 | { 12 | int *piVar1; 13 | HANDLE hFile; 14 | BOOL BVar2; 15 | ulong *puVar3; 16 | int iVar4; 17 | DWORD local_20; 18 | 19 | if (_FileHandle == -2) { 20 | piVar1 = __errno(); 21 | *piVar1 = 9; 22 | } 23 | else { 24 | if ((-1 < _FileHandle) && ((uint)_FileHandle < DAT_1000e994)) { 25 | iVar4 = (_FileHandle & 0x1fU) * 0x40; 26 | if ((*(byte *)(iVar4 + 4 + (&DAT_1000e9a0)[_FileHandle >> 5]) & 1) != 0) { 27 | ___lock_fhandle(_FileHandle); 28 | if ((*(byte *)(iVar4 + 4 + (&DAT_1000e9a0)[_FileHandle >> 5]) & 1) != 0) { 29 | hFile = (HANDLE)__get_osfhandle(_FileHandle); 30 | BVar2 = FlushFileBuffers(hFile); 31 | if (BVar2 == 0) { 32 | local_20 = GetLastError(); 33 | } 34 | else { 35 | local_20 = 0; 36 | } 37 | if (local_20 == 0) goto LAB_10007a3f; 38 | puVar3 = ___doserrno(); 39 | *puVar3 = local_20; 40 | } 41 | piVar1 = __errno(); 42 | *piVar1 = 9; 43 | local_20 = 0xffffffff; 44 | LAB_10007a3f: 45 | FUN_10007a54(); 46 | return local_20; 47 | } 48 | } 49 | piVar1 = __errno(); 50 | *piVar1 = 9; 51 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 52 | } 53 | return -1; 54 | } 55 | 56 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100083b0__strpbrk.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _strpbrk 4 | 5 | Library: Visual Studio */ 6 | 7 | char * __cdecl _strpbrk(char *_Str,char *_Control) 8 | 9 | { 10 | byte bVar1; 11 | byte *pbVar2; 12 | byte abStack_28 [32]; 13 | 14 | abStack_28[0x1c] = 0; 15 | abStack_28[0x1d] = 0; 16 | abStack_28[0x1e] = 0; 17 | abStack_28[0x1f] = 0; 18 | abStack_28[0x18] = 0; 19 | abStack_28[0x19] = 0; 20 | abStack_28[0x1a] = 0; 21 | abStack_28[0x1b] = 0; 22 | abStack_28[0x14] = 0; 23 | abStack_28[0x15] = 0; 24 | abStack_28[0x16] = 0; 25 | abStack_28[0x17] = 0; 26 | abStack_28[0x10] = 0; 27 | abStack_28[0x11] = 0; 28 | abStack_28[0x12] = 0; 29 | abStack_28[0x13] = 0; 30 | abStack_28[0xc] = 0; 31 | abStack_28[0xd] = 0; 32 | abStack_28[0xe] = 0; 33 | abStack_28[0xf] = 0; 34 | abStack_28[8] = 0; 35 | abStack_28[9] = 0; 36 | abStack_28[10] = 0; 37 | abStack_28[0xb] = 0; 38 | abStack_28[4] = 0; 39 | abStack_28[5] = 0; 40 | abStack_28[6] = 0; 41 | abStack_28[7] = 0; 42 | abStack_28[0] = 0; 43 | abStack_28[1] = 0; 44 | abStack_28[2] = 0; 45 | abStack_28[3] = 0; 46 | while( true ) { 47 | bVar1 = *_Control; 48 | if (bVar1 == 0) break; 49 | _Control = (char *)((byte *)_Control + 1); 50 | abStack_28[(int)(uint)bVar1 >> 3] = abStack_28[(int)(uint)bVar1 >> 3] | '\x01' << (bVar1 & 7); 51 | } 52 | do { 53 | pbVar2 = (byte *)_Str; 54 | bVar1 = *pbVar2; 55 | if (bVar1 == 0) { 56 | return (char *)(uint)bVar1; 57 | } 58 | _Str = (char *)(pbVar2 + 1); 59 | } while ((abStack_28[(int)(uint)bVar1 >> 3] >> (bVar1 & 7) & 1) == 0); 60 | return (char *)pbVar2; 61 | } 62 | 63 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100082d0__strcspn.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _strcspn 4 | 5 | Library: Visual Studio */ 6 | 7 | size_t __cdecl _strcspn(char *_Str,char *_Control) 8 | 9 | { 10 | byte bVar1; 11 | size_t sVar2; 12 | byte abStack_28 [32]; 13 | 14 | abStack_28[0x1c] = 0; 15 | abStack_28[0x1d] = 0; 16 | abStack_28[0x1e] = 0; 17 | abStack_28[0x1f] = 0; 18 | abStack_28[0x18] = 0; 19 | abStack_28[0x19] = 0; 20 | abStack_28[0x1a] = 0; 21 | abStack_28[0x1b] = 0; 22 | abStack_28[0x14] = 0; 23 | abStack_28[0x15] = 0; 24 | abStack_28[0x16] = 0; 25 | abStack_28[0x17] = 0; 26 | abStack_28[0x10] = 0; 27 | abStack_28[0x11] = 0; 28 | abStack_28[0x12] = 0; 29 | abStack_28[0x13] = 0; 30 | abStack_28[0xc] = 0; 31 | abStack_28[0xd] = 0; 32 | abStack_28[0xe] = 0; 33 | abStack_28[0xf] = 0; 34 | abStack_28[8] = 0; 35 | abStack_28[9] = 0; 36 | abStack_28[10] = 0; 37 | abStack_28[0xb] = 0; 38 | abStack_28[4] = 0; 39 | abStack_28[5] = 0; 40 | abStack_28[6] = 0; 41 | abStack_28[7] = 0; 42 | abStack_28[0] = 0; 43 | abStack_28[1] = 0; 44 | abStack_28[2] = 0; 45 | abStack_28[3] = 0; 46 | while( true ) { 47 | bVar1 = *_Control; 48 | if (bVar1 == 0) break; 49 | _Control = (char *)((byte *)_Control + 1); 50 | abStack_28[(int)(uint)bVar1 >> 3] = abStack_28[(int)(uint)bVar1 >> 3] | '\x01' << (bVar1 & 7); 51 | } 52 | sVar2 = 0xffffffff; 53 | do { 54 | sVar2 = sVar2 + 1; 55 | bVar1 = *_Str; 56 | if (bVar1 == 0) { 57 | return sVar2; 58 | } 59 | _Str = (char *)((byte *)_Str + 1); 60 | } while ((abStack_28[(int)(uint)bVar1 >> 3] >> (bVar1 & 7) & 1) == 0); 61 | return sVar2; 62 | } 63 | 64 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000933f___putwch_nolock.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __putwch_nolock 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | wint_t __cdecl __putwch_nolock(wchar_t _WCh) 8 | 9 | { 10 | wint_t wVar1; 11 | BOOL BVar2; 12 | DWORD DVar3; 13 | UINT CodePage; 14 | wchar_t *lpWideCharStr; 15 | int cchWideChar; 16 | CHAR *lpMultiByteStr; 17 | int cbMultiByte; 18 | LPCSTR lpDefaultChar; 19 | LPBOOL lpUsedDefaultChar; 20 | DWORD local_14; 21 | CHAR local_10 [8]; 22 | uint local_8; 23 | 24 | local_8 = DAT_1000d004 ^ (uint)&stack0xfffffffc; 25 | if (DAT_1000ddc0 != 0) { 26 | if (DAT_1000de84 == (HANDLE)0xfffffffe) { 27 | ___initconout(); 28 | } 29 | if (DAT_1000de84 == (HANDLE)0xffffffff) goto LAB_100093eb; 30 | BVar2 = WriteConsoleW(DAT_1000de84,&_WCh,1,&local_14,(LPVOID)0x0); 31 | if (BVar2 != 0) { 32 | DAT_1000ddc0 = 1; 33 | goto LAB_100093eb; 34 | } 35 | if ((DAT_1000ddc0 != 2) || (DVar3 = GetLastError(), DVar3 != 0x78)) goto LAB_100093eb; 36 | DAT_1000ddc0 = 0; 37 | } 38 | lpUsedDefaultChar = (LPBOOL)0x0; 39 | lpDefaultChar = (LPCSTR)0x0; 40 | cbMultiByte = 5; 41 | lpMultiByteStr = local_10; 42 | cchWideChar = 1; 43 | lpWideCharStr = &_WCh; 44 | DVar3 = 0; 45 | CodePage = GetConsoleOutputCP(); 46 | DVar3 = WideCharToMultiByte(CodePage,DVar3,lpWideCharStr,cchWideChar,lpMultiByteStr,cbMultiByte, 47 | lpDefaultChar,lpUsedDefaultChar); 48 | if (DAT_1000de84 != (HANDLE)0xffffffff) { 49 | WriteConsoleA(DAT_1000de84,local_10,DVar3,&local_14,(LPVOID)0x0); 50 | } 51 | LAB_100093eb: 52 | wVar1 = __security_check_cookie(local_8 ^ (uint)&stack0xfffffffc); 53 | return wVar1; 54 | } 55 | 56 | -------------------------------------------------------------------------------- /kernagent/llm_client.py: -------------------------------------------------------------------------------- 1 | """OpenAI-compatible client wrapper.""" 2 | 3 | from __future__ import annotations 4 | 5 | try: 6 | from openai import OpenAI 7 | except ImportError: # pragma: no cover - handled lazily 8 | OpenAI = None # type: ignore[assignment] 9 | 10 | from .config import Settings 11 | from .log import get_logger 12 | 13 | logger = get_logger(__name__) 14 | 15 | 16 | class LLMClient: 17 | """Thin convenience wrapper around the OpenAI SDK.""" 18 | 19 | def __init__(self, settings: Settings): 20 | if OpenAI is None: # pragma: no cover - depends on local tooling setup 21 | raise ImportError( 22 | "The OpenAI SDK is required to use LLMClient. " 23 | "Install it with `pip install openai`." 24 | ) 25 | self.settings = settings 26 | self.client = OpenAI( 27 | api_key=settings.api_key, 28 | base_url=settings.base_url, 29 | ) 30 | 31 | def chat(self, verbose: bool = False, **kwargs): 32 | """Call the chat completions API. 33 | 34 | Args: 35 | verbose: If True, log API call details. 36 | **kwargs: Arguments passed to the OpenAI chat completions API. 37 | """ 38 | kwargs.setdefault("model", self.settings.model) 39 | 40 | if verbose: 41 | logger.info("Calling LLM API with model: %s", kwargs["model"]) 42 | 43 | response = self.client.chat.completions.create(**kwargs) 44 | 45 | if verbose and hasattr(response, "usage") and response.usage: 46 | logger.info( 47 | "LLM response received - tokens: prompt=%d, completion=%d, total=%d", 48 | response.usage.prompt_tokens, 49 | response.usage.completion_tokens, 50 | response.usage.total_tokens, 51 | ) 52 | 53 | return response 54 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10008067____free_lc_time.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___free_lc_time 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl ___free_lc_time(undefined4 *param_1) 8 | 9 | { 10 | if (param_1 != (undefined4 *)0x0) { 11 | _free((void *)param_1[1]); 12 | _free((void *)param_1[2]); 13 | _free((void *)param_1[3]); 14 | _free((void *)param_1[4]); 15 | _free((void *)param_1[5]); 16 | _free((void *)param_1[6]); 17 | _free((void *)*param_1); 18 | _free((void *)param_1[8]); 19 | _free((void *)param_1[9]); 20 | _free((void *)param_1[10]); 21 | _free((void *)param_1[0xb]); 22 | _free((void *)param_1[0xc]); 23 | _free((void *)param_1[0xd]); 24 | _free((void *)param_1[7]); 25 | _free((void *)param_1[0xe]); 26 | _free((void *)param_1[0xf]); 27 | _free((void *)param_1[0x10]); 28 | _free((void *)param_1[0x11]); 29 | _free((void *)param_1[0x12]); 30 | _free((void *)param_1[0x13]); 31 | _free((void *)param_1[0x14]); 32 | _free((void *)param_1[0x15]); 33 | _free((void *)param_1[0x16]); 34 | _free((void *)param_1[0x17]); 35 | _free((void *)param_1[0x18]); 36 | _free((void *)param_1[0x19]); 37 | _free((void *)param_1[0x1a]); 38 | _free((void *)param_1[0x1b]); 39 | _free((void *)param_1[0x1c]); 40 | _free((void *)param_1[0x1d]); 41 | _free((void *)param_1[0x1e]); 42 | _free((void *)param_1[0x1f]); 43 | _free((void *)param_1[0x20]); 44 | _free((void *)param_1[0x21]); 45 | _free((void *)param_1[0x22]); 46 | _free((void *)param_1[0x23]); 47 | _free((void *)param_1[0x24]); 48 | _free((void *)param_1[0x25]); 49 | _free((void *)param_1[0x26]); 50 | _free((void *)param_1[0x27]); 51 | _free((void *)param_1[0x28]); 52 | _free((void *)param_1[0x29]); 53 | _free((void *)param_1[0x2a]); 54 | } 55 | return; 56 | } 57 | 58 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100030e9___setenvp.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ 3 | /* Library Function - Single Match 4 | __setenvp 5 | 6 | Library: Visual Studio 2008 Release */ 7 | 8 | int __cdecl __setenvp(void) 9 | 10 | { 11 | undefined4 *puVar1; 12 | size_t sVar2; 13 | char *_Dst; 14 | errno_t eVar3; 15 | char *pcVar4; 16 | int iVar5; 17 | 18 | if (DAT_1000eaac == 0) { 19 | ___initmbctable(); 20 | } 21 | iVar5 = 0; 22 | pcVar4 = DAT_1000df0c; 23 | if (DAT_1000df0c != (char *)0x0) { 24 | for (; *pcVar4 != '\0'; pcVar4 = pcVar4 + sVar2 + 1) { 25 | if (*pcVar4 != '=') { 26 | iVar5 = iVar5 + 1; 27 | } 28 | sVar2 = _strlen(pcVar4); 29 | } 30 | puVar1 = (undefined4 *)__calloc_crt(iVar5 + 1,4); 31 | pcVar4 = DAT_1000df0c; 32 | DAT_1000e25c = puVar1; 33 | if (puVar1 != (undefined4 *)0x0) { 34 | do { 35 | if (*pcVar4 == '\0') { 36 | _free(DAT_1000df0c); 37 | DAT_1000df0c = (char *)0x0; 38 | *puVar1 = 0; 39 | _DAT_1000eaa0 = 1; 40 | return 0; 41 | } 42 | sVar2 = _strlen(pcVar4); 43 | sVar2 = sVar2 + 1; 44 | if (*pcVar4 != '=') { 45 | _Dst = (char *)__calloc_crt(sVar2,1); 46 | *puVar1 = _Dst; 47 | if (_Dst == (char *)0x0) { 48 | _free(DAT_1000e25c); 49 | DAT_1000e25c = (undefined4 *)0x0; 50 | return -1; 51 | } 52 | eVar3 = _strcpy_s(_Dst,sVar2,pcVar4); 53 | if (eVar3 != 0) { 54 | /* WARNING: Subroutine does not return */ 55 | __invoke_watson((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 56 | } 57 | puVar1 = puVar1 + 1; 58 | } 59 | pcVar4 = pcVar4 + sVar2; 60 | } while( true ); 61 | } 62 | } 63 | return -1; 64 | } 65 | 66 | -------------------------------------------------------------------------------- /tests/test_agent.py: -------------------------------------------------------------------------------- 1 | from kernagent.agent import ReverseEngineeringAgent 2 | 3 | 4 | class DummyToolCallFunction: 5 | def __init__(self, name: str, arguments: str): 6 | self.name = name 7 | self.arguments = arguments 8 | 9 | 10 | class DummyToolCall: 11 | def __init__(self, name: str, arguments: str = "{}"): 12 | self.id = "call_1" 13 | self.type = "function" 14 | self.function = DummyToolCallFunction(name, arguments) 15 | 16 | 17 | class DummyMessage: 18 | def __init__(self, content, tool_calls=None): 19 | self.role = "assistant" 20 | self.content = content 21 | self.tool_calls = tool_calls or [] 22 | 23 | 24 | class DummyResponse: 25 | def __init__(self, message): 26 | self.choices = [type("Choice", (), {"message": message})()] 27 | 28 | 29 | class FakeLLM: 30 | def __init__(self): 31 | self.invocations = 0 32 | 33 | def chat(self, **kwargs): 34 | if self.invocations == 0: 35 | self.invocations += 1 36 | tool_call = DummyToolCall("echo_tool", '{"text": "hi"}') 37 | return DummyResponse(DummyMessage(None, [tool_call])) 38 | 39 | self.invocations += 1 40 | return DummyResponse(DummyMessage("final-answer")) 41 | 42 | 43 | def test_agent_runs_tool_loop(): 44 | llm = FakeLLM() 45 | 46 | def echo_tool(**kwargs): 47 | return {"received": kwargs} 48 | 49 | agent = ReverseEngineeringAgent( 50 | llm=llm, 51 | tools_spec=[ 52 | { 53 | "type": "function", 54 | "function": { 55 | "name": "echo_tool", 56 | "parameters": {"type": "object", "properties": {"text": {"type": "string"}}}, 57 | }, 58 | } 59 | ], 60 | tool_map={"echo_tool": echo_tool}, 61 | ) 62 | 63 | answer = agent.run("test question") 64 | assert answer == "final-answer" 65 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/100013e5____tmainCRTStartup.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ 5 | /* Library Function - Single Match 6 | ___tmainCRTStartup 7 | 8 | Library: Visual Studio 2008 Release */ 9 | 10 | int ___tmainCRTStartup(void) 11 | 12 | { 13 | int iVar1; 14 | bool bVar2; 15 | 16 | if ((((IMAGE_DOS_HEADER_10000000.e_magic == (char [2])0x5a4d) && 17 | (*(int *)(IMAGE_DOS_HEADER_10000000.e_lfanew + 0x10000000) == 0x4550)) && 18 | (*(short *)((int)IMAGE_DOS_HEADER_10000000.e_res_4_ + (IMAGE_DOS_HEADER_10000000.e_lfanew - 4) 19 | ) == 0x10b)) && 20 | (0xe < *(uint *)(IMAGE_DOS_HEADER_10000000.e_program + 21 | IMAGE_DOS_HEADER_10000000.e_lfanew + 0x34))) { 22 | bVar2 = *(int *)(&UNK_100000e8 + IMAGE_DOS_HEADER_10000000.e_lfanew) != 0; 23 | } 24 | else { 25 | bVar2 = false; 26 | } 27 | iVar1 = __heap_init(); 28 | if (iVar1 == 0) { 29 | fast_error_exit(0x1c); 30 | } 31 | iVar1 = __mtinit(); 32 | if (iVar1 == 0) { 33 | fast_error_exit(0x10); 34 | } 35 | __RTC_Initialize(); 36 | iVar1 = __ioinit(); 37 | if (iVar1 < 0) { 38 | __amsg_exit(0x1b); 39 | } 40 | DAT_1000fac4 = GetCommandLineA(); 41 | DAT_1000df0c = ___crtGetEnvironmentStringsA(); 42 | iVar1 = __setargv(); 43 | if (iVar1 < 0) { 44 | __amsg_exit(8); 45 | } 46 | iVar1 = __setenvp(); 47 | if (iVar1 < 0) { 48 | __amsg_exit(9); 49 | } 50 | iVar1 = __cinit(1); 51 | if (iVar1 != 0) { 52 | __amsg_exit(iVar1); 53 | } 54 | _DAT_1000e260 = DAT_1000e25c; 55 | iVar1 = FUN_10001020(); 56 | if (!bVar2) { 57 | /* WARNING: Subroutine does not return */ 58 | _exit(iVar1); 59 | } 60 | __cexit(); 61 | return iVar1; 62 | } 63 | 64 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10008475___lseeki64.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* Library Function - Single Match 5 | __lseeki64 6 | 7 | Library: Visual Studio 2008 Release */ 8 | 9 | longlong __cdecl __lseeki64(int _FileHandle,longlong _Offset,int _Origin) 10 | 11 | { 12 | ulong *puVar1; 13 | int *piVar2; 14 | int iVar3; 15 | int in_stack_ffffffc8; 16 | undefined8 local_28; 17 | 18 | if (_FileHandle == -2) { 19 | puVar1 = ___doserrno(); 20 | *puVar1 = 0; 21 | piVar2 = __errno(); 22 | *piVar2 = 9; 23 | } 24 | else { 25 | if ((-1 < _FileHandle) && ((uint)_FileHandle < DAT_1000e994)) { 26 | iVar3 = (_FileHandle & 0x1fU) * 0x40; 27 | if ((*(byte *)((&DAT_1000e9a0)[_FileHandle >> 5] + 4 + iVar3) & 1) == 0) { 28 | puVar1 = ___doserrno(); 29 | *puVar1 = 0; 30 | piVar2 = __errno(); 31 | *piVar2 = 9; 32 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 33 | local_28._4_4_ = 0xffffffff; 34 | local_28._0_4_ = 0xffffffff; 35 | } 36 | else { 37 | ___lock_fhandle(_FileHandle); 38 | if ((*(byte *)((&DAT_1000e9a0)[_FileHandle >> 5] + 4 + iVar3) & 1) == 0) { 39 | piVar2 = __errno(); 40 | *piVar2 = 9; 41 | puVar1 = ___doserrno(); 42 | *puVar1 = 0; 43 | local_28 = -1; 44 | } 45 | else { 46 | local_28 = __lseeki64_nolock(_FileHandle,_Offset,in_stack_ffffffc8); 47 | } 48 | FUN_10008584(); 49 | } 50 | goto LAB_1000857e; 51 | } 52 | puVar1 = ___doserrno(); 53 | *puVar1 = 0; 54 | piVar2 = __errno(); 55 | *piVar2 = 9; 56 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 57 | } 58 | local_28._0_4_ = 0xffffffff; 59 | local_28._4_4_ = 0xffffffff; 60 | LAB_1000857e: 61 | return CONCAT44(local_28._4_4_,(undefined4)local_28); 62 | } 63 | 64 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10006d42___calloc_impl.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* Library Function - Single Match 5 | __calloc_impl 6 | 7 | Library: Visual Studio 2008 Release */ 8 | 9 | int * __cdecl __calloc_impl(uint param_1,uint param_2,undefined4 *param_3) 10 | 11 | { 12 | int *piVar1; 13 | int iVar2; 14 | uint *_Size; 15 | uint *dwBytes; 16 | 17 | if ((param_1 == 0) || (param_2 <= 0xffffffe0 / param_1)) { 18 | _Size = (uint *)(param_1 * param_2); 19 | dwBytes = _Size; 20 | if (_Size == (uint *)0x0) { 21 | dwBytes = (uint *)0x1; 22 | } 23 | do { 24 | piVar1 = (int *)0x0; 25 | if (dwBytes < (uint *)0xffffffe1) { 26 | if ((DAT_1000e990 == 3) && 27 | (dwBytes = (uint *)((int)dwBytes + 0xfU & 0xfffffff0), _Size <= DAT_1000e97c)) { 28 | __lock(4); 29 | piVar1 = ___sbh_alloc_block(_Size); 30 | FUN_10006e3e(); 31 | if (piVar1 != (int *)0x0) { 32 | _memset(piVar1,0,(size_t)_Size); 33 | goto LAB_10006df3; 34 | } 35 | } 36 | else { 37 | LAB_10006df3: 38 | if (piVar1 != (int *)0x0) { 39 | return piVar1; 40 | } 41 | } 42 | piVar1 = (int *)HeapAlloc(DAT_1000e6b4,8,(SIZE_T)dwBytes); 43 | } 44 | if (piVar1 != (int *)0x0) { 45 | return piVar1; 46 | } 47 | if (DAT_1000e8a4 == 0) { 48 | if (param_3 == (undefined4 *)0x0) { 49 | return (int *)0x0; 50 | } 51 | *param_3 = 0xc; 52 | return (int *)0x0; 53 | } 54 | iVar2 = __callnewh((size_t)dwBytes); 55 | } while (iVar2 != 0); 56 | if (param_3 != (undefined4 *)0x0) { 57 | *param_3 = 0xc; 58 | } 59 | } 60 | else { 61 | piVar1 = __errno(); 62 | *piVar1 = 0xc; 63 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 64 | } 65 | return (int *)0x0; 66 | } 67 | 68 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/capa_summary.json: -------------------------------------------------------------------------------- 1 | { 2 | "schema_version": "capa_summary_v1", 3 | "capa_version": "9.2.1", 4 | "generated_at": "2025-01-01T00:00:00Z", 5 | "rules_source": "tests", 6 | "rules_loaded": 2, 7 | "sample": { 8 | "sha256": "deadbeef", 9 | "md5": "badc0de", 10 | "path": "bifrose.exe" 11 | }, 12 | "counts": { 13 | "rules": 2, 14 | "matches": 3, 15 | "attack_mappings": 1, 16 | "mbc_mappings": 1 17 | }, 18 | "highlights": { 19 | "top_attack_ids": [ 20 | { 21 | "id": "T1050", 22 | "count": 1, 23 | "technique": "Service Execution", 24 | "tactic": ["Persistence"] 25 | } 26 | ], 27 | "top_tactics": [ 28 | {"tactic": "Persistence", "count": 1} 29 | ], 30 | "top_namespaces": [ 31 | {"namespace": "persistence/service", "count": 1}, 32 | {"namespace": "collection/keylogging", "count": 1} 33 | ] 34 | }, 35 | "rules": [ 36 | { 37 | "name": "installs service", 38 | "namespace": "persistence/service", 39 | "scope": "function", 40 | "description": "Creates a Windows service for persistence", 41 | "attack": [ 42 | { 43 | "id": "T1050", 44 | "technique": "Service Execution", 45 | "subtechnique": null, 46 | "tactic": ["Persistence"] 47 | } 48 | ], 49 | "mbc": [], 50 | "locations": [ 51 | {"type": "address", "address": "0x401000"} 52 | ], 53 | "tags": ["service", "persistence"], 54 | "match_count": 2 55 | }, 56 | { 57 | "name": "captures keystrokes", 58 | "namespace": "collection/keylogging", 59 | "scope": "function", 60 | "description": "Hooks keyboard events", 61 | "attack": [], 62 | "mbc": [ 63 | { 64 | "id": "MBC-1", 65 | "behavior": "Keylogging", 66 | "objective": ["Collection"], 67 | "method": "Hooking" 68 | } 69 | ], 70 | "locations": [ 71 | {"type": "address", "address": "0x402000"} 72 | ], 73 | "tags": ["keylog"], 74 | "match_count": 1 75 | } 76 | ] 77 | } 78 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002be0_doexit.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Function: __SEH_prolog4 replaced with injection: SEH_prolog4 */ 3 | /* WARNING: Function: __SEH_epilog4 replaced with injection: EH_epilog3 */ 4 | /* WARNING: Removing unreachable block (ram,0x10002cfd) */ 5 | /* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ 6 | /* Library Function - Single Match 7 | _doexit 8 | 9 | Library: Visual Studio 2008 Release */ 10 | 11 | void __cdecl doexit(int param_1,int param_2,int param_3) 12 | 13 | { 14 | int *piVar1; 15 | int *piVar2; 16 | int iVar3; 17 | code *pcVar4; 18 | int *piVar5; 19 | int *piVar6; 20 | int *local_2c; 21 | int *local_24; 22 | int *local_20; 23 | 24 | __lock(8); 25 | if (DAT_1000e27c != 1) { 26 | _DAT_1000e278 = 1; 27 | DAT_1000e274 = (undefined1)param_3; 28 | if (param_2 == 0) { 29 | piVar1 = (int *)__decode_pointer(DAT_1000eaa8); 30 | if (piVar1 != (int *)0x0) { 31 | piVar2 = (int *)__decode_pointer(DAT_1000eaa4); 32 | local_2c = piVar1; 33 | local_24 = piVar2; 34 | local_20 = piVar1; 35 | while (piVar2 = piVar2 + -1, piVar1 <= piVar2) { 36 | iVar3 = __encoded_null(); 37 | if (*piVar2 != iVar3) { 38 | if (piVar2 < piVar1) break; 39 | pcVar4 = (code *)__decode_pointer(*piVar2); 40 | iVar3 = __encoded_null(); 41 | *piVar2 = iVar3; 42 | (*pcVar4)(); 43 | piVar5 = (int *)__decode_pointer(DAT_1000eaa8); 44 | piVar6 = (int *)__decode_pointer(DAT_1000eaa4); 45 | if ((local_20 != piVar5) || (piVar1 = local_2c, local_24 != piVar6)) { 46 | piVar2 = piVar6; 47 | piVar1 = piVar5; 48 | local_2c = piVar5; 49 | local_24 = piVar6; 50 | local_20 = piVar5; 51 | } 52 | } 53 | } 54 | } 55 | __initterm((undefined4 *)&DAT_1000a158); 56 | } 57 | __initterm((undefined4 *)&DAT_1000a160); 58 | } 59 | FUN_10002cf7(); 60 | if (param_3 == 0) { 61 | DAT_1000e27c = 1; 62 | FUN_1000429f(8); 63 | ___crtExitProcess(param_1); 64 | return; 65 | } 66 | return; 67 | } 68 | 69 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10008d5a___VEC_memcpy.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __VEC_memcpy 4 | 5 | Libraries: Visual Studio 2005 Debug, Visual Studio 2005 Release, Visual Studio 2008 Debug, Visual 6 | Studio 2008 Release */ 7 | 8 | undefined4 * __cdecl __VEC_memcpy(undefined4 *param_1,undefined4 *param_2,uint param_3) 9 | 10 | { 11 | int iVar1; 12 | int iVar2; 13 | uint uVar3; 14 | undefined1 *puVar4; 15 | undefined4 *puVar5; 16 | uint uVar6; 17 | undefined1 *puVar7; 18 | undefined4 *puVar8; 19 | 20 | uVar3 = (int)param_2 >> 0x1f; 21 | iVar1 = (((uint)param_2 ^ uVar3) - uVar3 & 0xf ^ uVar3) - uVar3; 22 | uVar3 = (int)param_1 >> 0x1f; 23 | uVar6 = ((uint)param_1 ^ uVar3) - uVar3 & 0xf ^ uVar3; 24 | if (iVar1 == 0 && uVar6 == uVar3) { 25 | uVar3 = param_3 & 0x7f; 26 | if (param_3 != uVar3) { 27 | FUN_10008cd3(param_1,param_2,param_3 - uVar3); 28 | } 29 | if (uVar3 != 0) { 30 | puVar4 = (undefined1 *)((int)param_2 + (param_3 - uVar3)); 31 | puVar7 = (undefined1 *)((int)param_1 + (param_3 - uVar3)); 32 | for (; uVar3 != 0; uVar3 = uVar3 - 1) { 33 | *puVar7 = *puVar4; 34 | puVar4 = puVar4 + 1; 35 | puVar7 = puVar7 + 1; 36 | } 37 | } 38 | } 39 | else if (iVar1 == uVar6 - uVar3) { 40 | iVar1 = 0x10 - iVar1; 41 | puVar5 = param_2; 42 | puVar8 = param_1; 43 | for (iVar2 = iVar1; iVar2 != 0; iVar2 = iVar2 + -1) { 44 | *(undefined1 *)puVar8 = *(undefined1 *)puVar5; 45 | puVar5 = (undefined4 *)((int)puVar5 + 1); 46 | puVar8 = (undefined4 *)((int)puVar8 + 1); 47 | } 48 | __VEC_memcpy((undefined4 *)((int)param_1 + iVar1),(undefined4 *)((int)param_2 + iVar1), 49 | param_3 - iVar1); 50 | } 51 | else { 52 | puVar5 = param_1; 53 | for (uVar3 = param_3 >> 2; uVar3 != 0; uVar3 = uVar3 - 1) { 54 | *puVar5 = *param_2; 55 | param_2 = param_2 + 1; 56 | puVar5 = puVar5 + 1; 57 | } 58 | for (uVar3 = param_3 & 3; uVar3 != 0; uVar3 = uVar3 - 1) { 59 | *(undefined1 *)puVar5 = *(undefined1 *)param_2; 60 | param_2 = (undefined4 *)((int)param_2 + 1); 61 | puVar5 = (undefined4 *)((int)puVar5 + 1); 62 | } 63 | } 64 | return param_1; 65 | } 66 | 67 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000655b____sbh_alloc_new_group.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___sbh_alloc_new_group 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl ___sbh_alloc_new_group(int param_1) 8 | 9 | { 10 | char cVar1; 11 | int iVar2; 12 | int iVar3; 13 | int iVar4; 14 | LPVOID pvVar5; 15 | int *piVar6; 16 | int iVar7; 17 | int iVar8; 18 | LPVOID lpAddress; 19 | 20 | iVar2 = *(int *)(param_1 + 0x10); 21 | iVar8 = 0; 22 | for (iVar3 = *(int *)(param_1 + 8); -1 < iVar3; iVar3 = iVar3 * 2) { 23 | iVar8 = iVar8 + 1; 24 | } 25 | iVar3 = iVar8 * 0x204 + 0x144 + iVar2; 26 | iVar7 = 0x3f; 27 | iVar4 = iVar3; 28 | do { 29 | *(int *)(iVar4 + 8) = iVar4; 30 | *(int *)(iVar4 + 4) = iVar4; 31 | iVar4 = iVar4 + 8; 32 | iVar7 = iVar7 + -1; 33 | } while (iVar7 != 0); 34 | lpAddress = (LPVOID)(iVar8 * 0x8000 + *(int *)(param_1 + 0xc)); 35 | pvVar5 = VirtualAlloc(lpAddress,0x8000,0x1000,4); 36 | if (pvVar5 == (LPVOID)0x0) { 37 | iVar8 = -1; 38 | } 39 | else { 40 | if (lpAddress <= (LPVOID)((int)lpAddress + 0x7000U)) { 41 | piVar6 = (int *)((int)lpAddress + 0x10); 42 | iVar7 = ((uint)((int)((int)lpAddress + 0x7000U) - (int)lpAddress) >> 0xc) + 1; 43 | do { 44 | piVar6[-2] = -1; 45 | piVar6[0x3fb] = -1; 46 | *piVar6 = (int)(piVar6 + 0x3ff); 47 | piVar6[-1] = 0xff0; 48 | piVar6[1] = (int)(piVar6 + -0x401); 49 | piVar6[0x3fa] = 0xff0; 50 | piVar6 = piVar6 + 0x400; 51 | iVar7 = iVar7 + -1; 52 | } while (iVar7 != 0); 53 | } 54 | *(int *)(iVar3 + 0x1fc) = (int)lpAddress + 0xc; 55 | *(int *)((int)lpAddress + 0x14) = iVar3 + 0x1f8; 56 | *(int *)(iVar3 + 0x200) = (int)lpAddress + 0x700c; 57 | *(int *)((int)lpAddress + 0x7010) = iVar3 + 0x1f8; 58 | *(undefined4 *)(iVar2 + 0x44 + iVar8 * 4) = 0; 59 | *(undefined4 *)(iVar2 + 0xc4 + iVar8 * 4) = 1; 60 | cVar1 = *(char *)(iVar2 + 0x43); 61 | *(char *)(iVar2 + 0x43) = cVar1 + '\x01'; 62 | if (cVar1 == '\0') { 63 | *(uint *)(param_1 + 4) = *(uint *)(param_1 + 4) | 1; 64 | } 65 | *(uint *)(param_1 + 8) = *(uint *)(param_1 + 8) & ~(0x80000000U >> ((byte)iVar8 & 0x1f)); 66 | } 67 | return iVar8; 68 | } 69 | 70 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004b25____freetlocinfo.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___freetlocinfo 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | void __cdecl ___freetlocinfo(void *param_1) 8 | 9 | { 10 | int *piVar1; 11 | undefined **ppuVar2; 12 | void *_Memory; 13 | undefined4 *puVar3; 14 | 15 | _Memory = param_1; 16 | if ((((*(undefined ***)((int)param_1 + 0xbc) != (undefined **)0x0) && 17 | (*(undefined ***)((int)param_1 + 0xbc) != &PTR_DAT_1000dd58)) && 18 | (*(int **)((int)param_1 + 0xb0) != (int *)0x0)) && (**(int **)((int)param_1 + 0xb0) == 0)) { 19 | piVar1 = *(int **)((int)param_1 + 0xb8); 20 | if ((piVar1 != (int *)0x0) && (*piVar1 == 0)) { 21 | _free(piVar1); 22 | ___free_lconv_mon(*(int *)((int)param_1 + 0xbc)); 23 | } 24 | piVar1 = *(int **)((int)param_1 + 0xb4); 25 | if ((piVar1 != (int *)0x0) && (*piVar1 == 0)) { 26 | _free(piVar1); 27 | ___free_lconv_num(*(undefined4 **)((int)param_1 + 0xbc)); 28 | } 29 | _free(*(void **)((int)param_1 + 0xb0)); 30 | _free(*(void **)((int)param_1 + 0xbc)); 31 | } 32 | if ((*(int **)((int)param_1 + 0xc0) != (int *)0x0) && (**(int **)((int)param_1 + 0xc0) == 0)) { 33 | _free((void *)(*(int *)((int)param_1 + 0xc4) + -0xfe)); 34 | _free((void *)(*(int *)((int)param_1 + 0xcc) + -0x80)); 35 | _free((void *)(*(int *)((int)param_1 + 0xd0) + -0x80)); 36 | _free(*(void **)((int)param_1 + 0xc0)); 37 | } 38 | ppuVar2 = *(undefined ***)((int)param_1 + 0xd4); 39 | if ((ppuVar2 != &PTR_DAT_1000dc98) && (ppuVar2[0x2d] == (undefined *)0x0)) { 40 | ___free_lc_time(ppuVar2); 41 | _free(*(void **)((int)param_1 + 0xd4)); 42 | } 43 | puVar3 = (undefined4 *)((int)param_1 + 0x50); 44 | param_1 = (void *)0x6; 45 | do { 46 | if ((((undefined *)puVar3[-2] != &DAT_1000db70) && 47 | (piVar1 = (int *)*puVar3, piVar1 != (int *)0x0)) && (*piVar1 == 0)) { 48 | _free(piVar1); 49 | } 50 | if (((puVar3[-1] != 0) && (piVar1 = (int *)puVar3[1], piVar1 != (int *)0x0)) && (*piVar1 == 0)) 51 | { 52 | _free(piVar1); 53 | } 54 | puVar3 = puVar3 + 4; 55 | param_1 = (void *)((int)param_1 + -1); 56 | } while (param_1 != (void *)0x0); 57 | _free(_Memory); 58 | return; 59 | } 60 | 61 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005c28__strncpy_s.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | _strncpy_s 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | errno_t __cdecl _strncpy_s(char *_Dst,rsize_t _SizeInBytes,char *_Src,rsize_t _MaxCount) 8 | 9 | { 10 | char cVar1; 11 | int *piVar2; 12 | char *pcVar3; 13 | rsize_t rVar4; 14 | errno_t eVar5; 15 | 16 | if (_MaxCount == 0) { 17 | if (_Dst == (char *)0x0) { 18 | if (_SizeInBytes == 0) { 19 | return 0; 20 | } 21 | } 22 | else { 23 | LAB_10005c4e: 24 | if (_SizeInBytes != 0) { 25 | if (_MaxCount == 0) { 26 | *_Dst = '\0'; 27 | return 0; 28 | } 29 | if (_Src != (char *)0x0) { 30 | pcVar3 = _Dst; 31 | rVar4 = _SizeInBytes; 32 | if (_MaxCount == 0xffffffff) { 33 | do { 34 | cVar1 = *_Src; 35 | *pcVar3 = cVar1; 36 | pcVar3 = pcVar3 + 1; 37 | _Src = _Src + 1; 38 | if (cVar1 == '\0') break; 39 | rVar4 = rVar4 - 1; 40 | } while (rVar4 != 0); 41 | } 42 | else { 43 | do { 44 | cVar1 = *_Src; 45 | *pcVar3 = cVar1; 46 | pcVar3 = pcVar3 + 1; 47 | _Src = _Src + 1; 48 | if ((cVar1 == '\0') || (rVar4 = rVar4 - 1, rVar4 == 0)) break; 49 | _MaxCount = _MaxCount - 1; 50 | } while (_MaxCount != 0); 51 | if (_MaxCount == 0) { 52 | *pcVar3 = '\0'; 53 | } 54 | } 55 | if (rVar4 != 0) { 56 | return 0; 57 | } 58 | if (_MaxCount == 0xffffffff) { 59 | _Dst[_SizeInBytes - 1] = '\0'; 60 | return 0x50; 61 | } 62 | *_Dst = '\0'; 63 | piVar2 = __errno(); 64 | eVar5 = 0x22; 65 | *piVar2 = 0x22; 66 | goto LAB_10005c5f; 67 | } 68 | *_Dst = '\0'; 69 | } 70 | } 71 | } 72 | else if (_Dst != (char *)0x0) goto LAB_10005c4e; 73 | piVar2 = __errno(); 74 | eVar5 = 0x16; 75 | *piVar2 = 0x16; 76 | LAB_10005c5f: 77 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 78 | return eVar5; 79 | } 80 | 81 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/sections.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "Headers", 4 | "start": "10000000", 5 | "end": "100003ff", 6 | "size": 1024, 7 | "permissions": { 8 | "read": true, 9 | "write": false, 10 | "execute": false 11 | }, 12 | "initialized": true, 13 | "type": "Default", 14 | "comment": null 15 | }, 16 | { 17 | "name": ".text", 18 | "start": "10001000", 19 | "end": "10009bff", 20 | "size": 35840, 21 | "permissions": { 22 | "read": true, 23 | "write": false, 24 | "execute": true 25 | }, 26 | "initialized": true, 27 | "type": "Default", 28 | "comment": null 29 | }, 30 | { 31 | "name": ".rdata", 32 | "start": "1000a000", 33 | "end": "1000c3ff", 34 | "size": 9216, 35 | "permissions": { 36 | "read": true, 37 | "write": false, 38 | "execute": false 39 | }, 40 | "initialized": true, 41 | "type": "Default", 42 | "comment": null 43 | }, 44 | { 45 | "name": ".data", 46 | "start": "1000d000", 47 | "end": "1000fac7", 48 | "size": 10952, 49 | "permissions": { 50 | "read": true, 51 | "write": true, 52 | "execute": false 53 | }, 54 | "initialized": true, 55 | "type": "Default", 56 | "comment": null 57 | }, 58 | { 59 | "name": ".rsrc", 60 | "start": "10010000", 61 | "end": "100177ff", 62 | "size": 30720, 63 | "permissions": { 64 | "read": true, 65 | "write": true, 66 | "execute": true 67 | }, 68 | "initialized": true, 69 | "type": "Default", 70 | "comment": null 71 | }, 72 | { 73 | "name": ".reloc", 74 | "start": "10018000", 75 | "end": "10018fff", 76 | "size": 4096, 77 | "permissions": { 78 | "read": true, 79 | "write": false, 80 | "execute": false 81 | }, 82 | "initialized": true, 83 | "type": "Default", 84 | "comment": null 85 | }, 86 | { 87 | "name": "tdb", 88 | "start": "ffdff000", 89 | "end": "ffdfffff", 90 | "size": 4096, 91 | "permissions": { 92 | "read": true, 93 | "write": true, 94 | "execute": false 95 | }, 96 | "initialized": true, 97 | "type": "Default", 98 | "comment": null 99 | } 100 | ] -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10009404___mbtowc_l.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __mbtowc_l 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __mbtowc_l(wchar_t *_DstCh,char *_SrcCh,size_t _SrcSizeInBytes,_locale_t _Locale) 8 | 9 | { 10 | wchar_t *pwVar1; 11 | int iVar2; 12 | int *piVar3; 13 | localeinfo_struct local_14; 14 | int local_c; 15 | char local_8; 16 | 17 | if ((_SrcCh != (char *)0x0) && (_SrcSizeInBytes != 0)) { 18 | if (*_SrcCh != '\0') { 19 | _LocaleUpdate::_LocaleUpdate((_LocaleUpdate *)&local_14,_Locale); 20 | if ((local_14.locinfo)->lc_category[0].wlocale != (wchar_t *)0x0) { 21 | iVar2 = __isleadbyte_l((uint)(byte)*_SrcCh,&local_14); 22 | if (iVar2 == 0) { 23 | iVar2 = MultiByteToWideChar((local_14.locinfo)->lc_codepage,9,_SrcCh,1,_DstCh, 24 | (uint)(_DstCh != (wchar_t *)0x0)); 25 | if (iVar2 != 0) goto LAB_10009453; 26 | } 27 | else { 28 | pwVar1 = (local_14.locinfo)->locale_name[3]; 29 | if ((((1 < (int)pwVar1) && ((int)pwVar1 <= (int)_SrcSizeInBytes)) && 30 | (iVar2 = MultiByteToWideChar((local_14.locinfo)->lc_codepage,9,_SrcCh,(int)pwVar1, 31 | _DstCh,(uint)(_DstCh != (wchar_t *)0x0)), iVar2 != 0)) || 32 | (((local_14.locinfo)->locale_name[3] <= _SrcSizeInBytes && (_SrcCh[1] != '\0')))) { 33 | pwVar1 = (local_14.locinfo)->locale_name[3]; 34 | if (local_8 == '\0') { 35 | return (int)pwVar1; 36 | } 37 | *(uint *)(local_c + 0x70) = *(uint *)(local_c + 0x70) & 0xfffffffd; 38 | return (int)pwVar1; 39 | } 40 | } 41 | piVar3 = __errno(); 42 | *piVar3 = 0x2a; 43 | if (local_8 != '\0') { 44 | *(uint *)(local_c + 0x70) = *(uint *)(local_c + 0x70) & 0xfffffffd; 45 | } 46 | return -1; 47 | } 48 | if (_DstCh != (wchar_t *)0x0) { 49 | *_DstCh = (ushort)(byte)*_SrcCh; 50 | } 51 | LAB_10009453: 52 | if (local_8 != '\0') { 53 | *(uint *)(local_c + 0x70) = *(uint *)(local_c + 0x70) & 0xfffffffd; 54 | } 55 | return 1; 56 | } 57 | if (_DstCh != (wchar_t *)0x0) { 58 | *_DstCh = L'\0'; 59 | } 60 | } 61 | return 0; 62 | } 63 | 64 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | kernagent: 3 | build: 4 | context: . 5 | dockerfile: Dockerfile 6 | image: ghcr.io/karib0u/kernagent:latest 7 | container_name: kernagent 8 | volumes: 9 | - ${KERNAGENT_CONFIG:-${HOME}/.config/kernagent/config.env}:/config/config.env:ro 10 | # Example: mount a directory with binaries for analysis 11 | # - ./samples:/data 12 | # - /path/to/your/binaries:/binaries 13 | env_file: 14 | - ${KERNAGENT_CONFIG:-${HOME}/.config/kernagent/config.env} 15 | environment: 16 | # Override or add environment variables here if needed 17 | - PYTHONUNBUFFERED=1 18 | - KERNAGENT_CONFIG=/config/config.env 19 | stdin_open: true 20 | tty: true 21 | # Default command shows help 22 | command: ["--help"] 23 | 24 | # Development service with source code mounted for live editing 25 | kernagent-dev: 26 | build: 27 | context: . 28 | dockerfile: Dockerfile 29 | image: ghcr.io/karib0u/kernagent:latest 30 | container_name: kernagent-dev 31 | volumes: 32 | # Example: mount a directory with binaries for analysis 33 | # - ./samples:/data 34 | # Mount source code for development 35 | - ./kernagent:/workspace/kernagent/kernagent 36 | - ./tests:/workspace/tests 37 | - ${KERNAGENT_CONFIG:-${HOME}/.config/kernagent/config.env}:/config/config.env:ro 38 | env_file: 39 | - ${KERNAGENT_CONFIG:-${HOME}/.config/kernagent/config.env} 40 | environment: 41 | - PYTHONUNBUFFERED=1 42 | - KERNAGENT_CONFIG=/config/config.env 43 | stdin_open: true 44 | tty: true 45 | command: ["--help"] 46 | 47 | # Example usage: 48 | # 49 | # Pull pre-built image (recommended for end users): 50 | # docker compose pull 51 | # 52 | # Or build the image locally (for development): 53 | # docker compose build 54 | # 55 | # Run analysis: 56 | # docker compose run --rm kernagent summary /data/binary.exe 57 | # docker compose run --rm kernagent ask /data/binary.exe "What does this do?" 58 | # docker compose run --rm kernagent oneshot /data/sample.bin 59 | # 60 | # Development mode with live code changes: 61 | # docker compose run --rm kernagent-dev summary /data/binary.exe 62 | # 63 | # Run tests: 64 | # docker compose run --rm kernagent-dev pytest 65 | # 66 | # Interactive shell: 67 | # docker compose run --rm kernagent bash 68 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10005a4b____crtMessageBoxA.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___crtMessageBoxA 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl ___crtMessageBoxA(LPCSTR _LpText,LPCSTR _LpCaption,UINT _UType) 8 | 9 | { 10 | int iVar1; 11 | HMODULE hModule; 12 | FARPROC pFVar2; 13 | code *pcVar3; 14 | code *pcVar4; 15 | int iVar5; 16 | undefined1 local_18 [8]; 17 | byte local_10; 18 | undefined1 local_c [4]; 19 | int local_8; 20 | 21 | iVar1 = __encoded_null(); 22 | local_8 = 0; 23 | if (DAT_1000e880 == 0) { 24 | hModule = LoadLibraryA("USER32.DLL"); 25 | if (hModule == (HMODULE)0x0) { 26 | return 0; 27 | } 28 | pFVar2 = GetProcAddress(hModule,"MessageBoxA"); 29 | if (pFVar2 == (FARPROC)0x0) { 30 | return 0; 31 | } 32 | DAT_1000e880 = __encode_pointer((int)pFVar2); 33 | pFVar2 = GetProcAddress(hModule,"GetActiveWindow"); 34 | DAT_1000e884 = __encode_pointer((int)pFVar2); 35 | pFVar2 = GetProcAddress(hModule,"GetLastActivePopup"); 36 | DAT_1000e888 = __encode_pointer((int)pFVar2); 37 | pFVar2 = GetProcAddress(hModule,"GetUserObjectInformationA"); 38 | DAT_1000e890 = __encode_pointer((int)pFVar2); 39 | if (DAT_1000e890 != 0) { 40 | pFVar2 = GetProcAddress(hModule,"GetProcessWindowStation"); 41 | DAT_1000e88c = __encode_pointer((int)pFVar2); 42 | } 43 | } 44 | if ((DAT_1000e88c != iVar1) && (DAT_1000e890 != iVar1)) { 45 | pcVar3 = (code *)__decode_pointer(DAT_1000e88c); 46 | pcVar4 = (code *)__decode_pointer(DAT_1000e890); 47 | if (((pcVar3 != (code *)0x0) && (pcVar4 != (code *)0x0)) && 48 | (((iVar5 = (*pcVar3)(), iVar5 == 0 || 49 | (iVar5 = (*pcVar4)(iVar5,1,local_18,0xc,local_c), iVar5 == 0)) || ((local_10 & 1) == 0)))) 50 | { 51 | _UType = _UType | 0x200000; 52 | goto LAB_10005b8d; 53 | } 54 | } 55 | if ((((DAT_1000e884 != iVar1) && 56 | (pcVar3 = (code *)__decode_pointer(DAT_1000e884), pcVar3 != (code *)0x0)) && 57 | (local_8 = (*pcVar3)(), local_8 != 0)) && 58 | ((DAT_1000e888 != iVar1 && 59 | (pcVar3 = (code *)__decode_pointer(DAT_1000e888), pcVar3 != (code *)0x0)))) { 60 | local_8 = (*pcVar3)(local_8); 61 | } 62 | LAB_10005b8d: 63 | pcVar3 = (code *)__decode_pointer(DAT_1000e880); 64 | if (pcVar3 == (code *)0x0) { 65 | return 0; 66 | } 67 | iVar1 = (*pcVar3)(local_8,_LpText,_LpCaption,_UType); 68 | return iVar1; 69 | } 70 | 71 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10003c03___mtinit.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __mtinit 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __mtinit(void) 8 | 9 | { 10 | HMODULE hModule; 11 | BOOL BVar1; 12 | int iVar2; 13 | code *pcVar3; 14 | _ptiddata _Ptd; 15 | DWORD DVar4; 16 | undefined1 *puVar5; 17 | _ptiddata p_Var6; 18 | 19 | hModule = GetModuleHandleW(L"KERNEL32.DLL"); 20 | if (hModule == (HMODULE)0x0) { 21 | hModule = (HMODULE)__crt_waiting_on_module_handle(L"KERNEL32.DLL"); 22 | } 23 | if (hModule != (HMODULE)0x0) { 24 | DAT_1000e6a4 = GetProcAddress(hModule,"FlsAlloc"); 25 | DAT_1000e6a8 = GetProcAddress(hModule,"FlsGetValue"); 26 | DAT_1000e6ac = GetProcAddress(hModule,"FlsSetValue"); 27 | DAT_1000e6b0 = GetProcAddress(hModule,"FlsFree"); 28 | if ((((DAT_1000e6a4 == (FARPROC)0x0) || (DAT_1000e6a8 == (FARPROC)0x0)) || 29 | (DAT_1000e6ac == (FARPROC)0x0)) || (DAT_1000e6b0 == (FARPROC)0x0)) { 30 | DAT_1000e6a8 = TlsGetValue_exref; 31 | DAT_1000e6a4 = (FARPROC)&LAB_100038e0; 32 | DAT_1000e6ac = TlsSetValue_exref; 33 | DAT_1000e6b0 = TlsFree_exref; 34 | } 35 | DAT_1000d51c = TlsAlloc(); 36 | if (DAT_1000d51c == 0xffffffff) { 37 | return 0; 38 | } 39 | BVar1 = TlsSetValue(DAT_1000d51c,DAT_1000e6a8); 40 | if (BVar1 == 0) { 41 | return 0; 42 | } 43 | __init_pointers(); 44 | DAT_1000e6a4 = (FARPROC)__encode_pointer((int)DAT_1000e6a4); 45 | DAT_1000e6a8 = (FARPROC)__encode_pointer((int)DAT_1000e6a8); 46 | DAT_1000e6ac = (FARPROC)__encode_pointer((int)DAT_1000e6ac); 47 | DAT_1000e6b0 = (FARPROC)__encode_pointer((int)DAT_1000e6b0); 48 | iVar2 = __mtinitlocks(); 49 | if (iVar2 != 0) { 50 | puVar5 = &LAB_10003ad4; 51 | pcVar3 = (code *)__decode_pointer((int)DAT_1000e6a4); 52 | DAT_1000d518 = (*pcVar3)(puVar5); 53 | if ((DAT_1000d518 != -1) && (_Ptd = (_ptiddata)__calloc_crt(1,0x214), _Ptd != (_ptiddata)0x0)) 54 | { 55 | iVar2 = DAT_1000d518; 56 | p_Var6 = _Ptd; 57 | pcVar3 = (code *)__decode_pointer((int)DAT_1000e6ac); 58 | iVar2 = (*pcVar3)(iVar2,p_Var6); 59 | if (iVar2 != 0) { 60 | __initptd(_Ptd,(pthreadlocinfo)0x0); 61 | DVar4 = GetCurrentThreadId(); 62 | _Ptd->_thandle = 0xffffffff; 63 | _Ptd->_tid = DVar4; 64 | return 1; 65 | } 66 | } 67 | } 68 | } 69 | __mtterm(); 70 | return 0; 71 | } 72 | 73 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10004e4a___flsbuf.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __flsbuf 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __flsbuf(int _Ch,FILE *_File) 8 | 9 | { 10 | char *_Buf; 11 | char *pcVar1; 12 | FILE *_File_00; 13 | int *piVar2; 14 | undefined **ppuVar3; 15 | int iVar4; 16 | undefined *puVar5; 17 | int unaff_EDI; 18 | uint uVar6; 19 | longlong lVar7; 20 | uint local_8; 21 | 22 | _File_00 = _File; 23 | _File = (FILE *)__fileno(_File); 24 | uVar6 = _File_00->_flag; 25 | if ((uVar6 & 0x82) == 0) { 26 | piVar2 = __errno(); 27 | *piVar2 = 9; 28 | LAB_10004e70: 29 | _File_00->_flag = _File_00->_flag | 0x20; 30 | return -1; 31 | } 32 | if ((uVar6 & 0x40) != 0) { 33 | piVar2 = __errno(); 34 | *piVar2 = 0x22; 35 | goto LAB_10004e70; 36 | } 37 | if ((uVar6 & 1) != 0) { 38 | _File_00->_cnt = 0; 39 | if ((uVar6 & 0x10) == 0) { 40 | _File_00->_flag = uVar6 | 0x20; 41 | return -1; 42 | } 43 | _File_00->_ptr = _File_00->_base; 44 | _File_00->_flag = uVar6 & 0xfffffffe; 45 | } 46 | uVar6 = _File_00->_flag; 47 | _File_00->_flag = uVar6 & 0xffffffef | 2; 48 | _File_00->_cnt = 0; 49 | local_8 = 0; 50 | if (((uVar6 & 0x10c) == 0) && 51 | (((ppuVar3 = FUN_100016f4(), _File_00 != (FILE *)(ppuVar3 + 8) && 52 | (ppuVar3 = FUN_100016f4(), _File_00 != (FILE *)(ppuVar3 + 0x10))) || 53 | (iVar4 = __isatty((int)_File), iVar4 == 0)))) { 54 | __getbuf(_File_00); 55 | } 56 | if ((_File_00->_flag & 0x108U) == 0) { 57 | uVar6 = 1; 58 | local_8 = __write((int)_File,&_Ch,1); 59 | } 60 | else { 61 | _Buf = _File_00->_base; 62 | pcVar1 = _File_00->_ptr; 63 | _File_00->_ptr = _Buf + 1; 64 | uVar6 = (int)pcVar1 - (int)_Buf; 65 | _File_00->_cnt = _File_00->_bufsiz + -1; 66 | if ((int)uVar6 < 1) { 67 | if ((_File == (FILE *)0xffffffff) || (_File == (FILE *)0xfffffffe)) { 68 | puVar5 = &DAT_1000d4d8; 69 | } 70 | else { 71 | puVar5 = (undefined *)(((uint)_File & 0x1f) * 0x40 + (&DAT_1000e9a0)[(int)_File >> 5]); 72 | } 73 | if (((puVar5[4] & 0x20) != 0) && 74 | (lVar7 = __lseeki64((int)_File,0x200000000,unaff_EDI), lVar7 == -1)) goto LAB_10004f98; 75 | } 76 | else { 77 | local_8 = __write((int)_File,_Buf,uVar6); 78 | } 79 | *_File_00->_base = (char)_Ch; 80 | } 81 | if (local_8 == uVar6) { 82 | return _Ch & 0xff; 83 | } 84 | LAB_10004f98: 85 | _File_00->_flag = _File_00->_flag | 0x20; 86 | return -1; 87 | } 88 | 89 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10008cd3_FUN_10008cd3.c: -------------------------------------------------------------------------------- 1 | 2 | void __cdecl FUN_10008cd3(undefined4 *param_1,undefined4 *param_2,uint param_3) 3 | 4 | { 5 | undefined4 uVar1; 6 | undefined4 uVar2; 7 | undefined4 uVar3; 8 | undefined4 uVar4; 9 | undefined4 uVar5; 10 | undefined4 uVar6; 11 | undefined4 uVar7; 12 | undefined4 uVar8; 13 | undefined4 uVar9; 14 | undefined4 uVar10; 15 | undefined4 uVar11; 16 | undefined4 uVar12; 17 | undefined4 uVar13; 18 | undefined4 uVar14; 19 | undefined4 uVar15; 20 | uint uVar16; 21 | 22 | uVar16 = param_3 >> 7; 23 | do { 24 | uVar1 = param_2[1]; 25 | uVar2 = param_2[2]; 26 | uVar3 = param_2[3]; 27 | uVar4 = param_2[4]; 28 | uVar5 = param_2[5]; 29 | uVar6 = param_2[6]; 30 | uVar7 = param_2[7]; 31 | uVar8 = param_2[8]; 32 | uVar9 = param_2[9]; 33 | uVar10 = param_2[10]; 34 | uVar11 = param_2[0xb]; 35 | uVar12 = param_2[0xc]; 36 | uVar13 = param_2[0xd]; 37 | uVar14 = param_2[0xe]; 38 | uVar15 = param_2[0xf]; 39 | *param_1 = *param_2; 40 | param_1[1] = uVar1; 41 | param_1[2] = uVar2; 42 | param_1[3] = uVar3; 43 | param_1[4] = uVar4; 44 | param_1[5] = uVar5; 45 | param_1[6] = uVar6; 46 | param_1[7] = uVar7; 47 | param_1[8] = uVar8; 48 | param_1[9] = uVar9; 49 | param_1[10] = uVar10; 50 | param_1[0xb] = uVar11; 51 | param_1[0xc] = uVar12; 52 | param_1[0xd] = uVar13; 53 | param_1[0xe] = uVar14; 54 | param_1[0xf] = uVar15; 55 | uVar1 = param_2[0x11]; 56 | uVar2 = param_2[0x12]; 57 | uVar3 = param_2[0x13]; 58 | uVar4 = param_2[0x14]; 59 | uVar5 = param_2[0x15]; 60 | uVar6 = param_2[0x16]; 61 | uVar7 = param_2[0x17]; 62 | uVar8 = param_2[0x18]; 63 | uVar9 = param_2[0x19]; 64 | uVar10 = param_2[0x1a]; 65 | uVar11 = param_2[0x1b]; 66 | uVar12 = param_2[0x1c]; 67 | uVar13 = param_2[0x1d]; 68 | uVar14 = param_2[0x1e]; 69 | uVar15 = param_2[0x1f]; 70 | param_1[0x10] = param_2[0x10]; 71 | param_1[0x11] = uVar1; 72 | param_1[0x12] = uVar2; 73 | param_1[0x13] = uVar3; 74 | param_1[0x14] = uVar4; 75 | param_1[0x15] = uVar5; 76 | param_1[0x16] = uVar6; 77 | param_1[0x17] = uVar7; 78 | param_1[0x18] = uVar8; 79 | param_1[0x19] = uVar9; 80 | param_1[0x1a] = uVar10; 81 | param_1[0x1b] = uVar11; 82 | param_1[0x1c] = uVar12; 83 | param_1[0x1d] = uVar13; 84 | param_1[0x1e] = uVar14; 85 | param_1[0x1f] = uVar15; 86 | param_2 = param_2 + 0x20; 87 | param_1 = param_1 + 0x20; 88 | uVar16 = uVar16 - 1; 89 | } while (uVar16 != 0); 90 | return; 91 | } 92 | 93 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10001541____report_gsfailure.c: -------------------------------------------------------------------------------- 1 | 2 | /* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ 3 | /* Library Function - Single Match 4 | ___report_gsfailure 5 | 6 | Libraries: Visual Studio 2005 Release, Visual Studio 2008 Release, Visual Studio 2010 Release */ 7 | 8 | void __cdecl ___report_gsfailure(void) 9 | 10 | { 11 | undefined4 in_EAX; 12 | HANDLE hProcess; 13 | undefined4 in_ECX; 14 | undefined4 in_EDX; 15 | undefined4 unaff_EBX; 16 | undefined4 unaff_EBP; 17 | undefined4 unaff_ESI; 18 | undefined4 unaff_EDI; 19 | undefined2 in_ES; 20 | undefined2 in_CS; 21 | undefined2 in_SS; 22 | undefined2 in_DS; 23 | undefined2 in_FS; 24 | undefined2 in_GS; 25 | byte in_AF; 26 | byte in_TF; 27 | byte in_IF; 28 | byte in_NT; 29 | byte in_AC; 30 | byte in_VIF; 31 | byte in_VIP; 32 | byte in_ID; 33 | undefined4 unaff_retaddr; 34 | UINT uExitCode; 35 | undefined4 local_32c; 36 | undefined4 local_328; 37 | 38 | _DAT_1000e030 = 39 | (uint)(in_NT & 1) * 0x4000 | (uint)SBORROW4((int)&stack0xfffffffc,0x328) * 0x800 | 40 | (uint)(in_IF & 1) * 0x200 | (uint)(in_TF & 1) * 0x100 | (uint)((int)&local_32c < 0) * 0x80 | 41 | (uint)(&stack0x00000000 == (undefined1 *)0x32c) * 0x40 | (uint)(in_AF & 1) * 0x10 | 42 | (uint)((POPCOUNT((uint)&local_32c & 0xff) & 1U) == 0) * 4 | 43 | (uint)(&stack0xfffffffc < (undefined1 *)0x328) | (uint)(in_ID & 1) * 0x200000 | 44 | (uint)(in_VIP & 1) * 0x100000 | (uint)(in_VIF & 1) * 0x80000 | (uint)(in_AC & 1) * 0x40000; 45 | _DAT_1000e034 = &stack0x00000004; 46 | _DAT_1000df70 = 0x10001; 47 | _DAT_1000df18 = 0xc0000409; 48 | _DAT_1000df1c = 1; 49 | local_32c = DAT_1000d004; 50 | local_328 = DAT_1000d008; 51 | _DAT_1000df24 = unaff_retaddr; 52 | _DAT_1000dffc = in_GS; 53 | _DAT_1000e000 = in_FS; 54 | _DAT_1000e004 = in_ES; 55 | _DAT_1000e008 = in_DS; 56 | _DAT_1000e00c = unaff_EDI; 57 | _DAT_1000e010 = unaff_ESI; 58 | _DAT_1000e014 = unaff_EBX; 59 | _DAT_1000e018 = in_EDX; 60 | _DAT_1000e01c = in_ECX; 61 | _DAT_1000e020 = in_EAX; 62 | _DAT_1000e024 = unaff_EBP; 63 | DAT_1000e028 = unaff_retaddr; 64 | _DAT_1000e02c = in_CS; 65 | _DAT_1000e038 = in_SS; 66 | DAT_1000df68 = IsDebuggerPresent(); 67 | FUN_10003e56(); 68 | SetUnhandledExceptionFilter((LPTOP_LEVEL_EXCEPTION_FILTER)0x0); 69 | UnhandledExceptionFilter((_EXCEPTION_POINTERS *)&PTR_DAT_1000a18c); 70 | if (DAT_1000df68 == 0) { 71 | FUN_10003e56(); 72 | } 73 | uExitCode = 0xc0000409; 74 | hProcess = GetCurrentProcess(); 75 | TerminateProcess(hProcess,uExitCode); 76 | return; 77 | } 78 | 79 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000341c____crtGetEnvironmentStringsA.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | ___crtGetEnvironmentStringsA 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | LPVOID __cdecl ___crtGetEnvironmentStringsA(void) 8 | 9 | { 10 | char cVar1; 11 | WCHAR WVar2; 12 | DWORD DVar3; 13 | WCHAR *pWVar4; 14 | WCHAR *pWVar5; 15 | int iVar6; 16 | size_t _Size; 17 | LPSTR lpMultiByteStr; 18 | LPCH _Src; 19 | char *pcVar7; 20 | void *_Dst; 21 | LPWCH lpWideCharStr; 22 | LPSTR local_8; 23 | char *pcVar8; 24 | 25 | lpWideCharStr = (LPWCH)0x0; 26 | if (DAT_1000e6a0 == 0) { 27 | lpWideCharStr = GetEnvironmentStringsW(); 28 | if (lpWideCharStr != (LPWCH)0x0) { 29 | DAT_1000e6a0 = 1; 30 | goto LAB_10003471; 31 | } 32 | DVar3 = GetLastError(); 33 | if (DVar3 == 0x78) { 34 | DAT_1000e6a0 = 2; 35 | } 36 | } 37 | if (DAT_1000e6a0 != 1) { 38 | if ((DAT_1000e6a0 != 2) && (DAT_1000e6a0 != 0)) { 39 | return (LPVOID)0x0; 40 | } 41 | _Src = GetEnvironmentStrings(); 42 | if (_Src == (LPCH)0x0) { 43 | return (LPVOID)0x0; 44 | } 45 | cVar1 = *_Src; 46 | pcVar7 = _Src; 47 | while (cVar1 != '\0') { 48 | do { 49 | pcVar8 = pcVar7; 50 | pcVar7 = pcVar8 + 1; 51 | } while (*pcVar7 != '\0'); 52 | pcVar7 = pcVar8 + 2; 53 | cVar1 = *pcVar7; 54 | } 55 | _Dst = __malloc_crt((size_t)(pcVar7 + (1 - (int)_Src))); 56 | if (_Dst == (void *)0x0) { 57 | FreeEnvironmentStringsA(_Src); 58 | return (LPVOID)0x0; 59 | } 60 | _memcpy(_Dst,_Src,(size_t)(pcVar7 + (1 - (int)_Src))); 61 | FreeEnvironmentStringsA(_Src); 62 | return _Dst; 63 | } 64 | LAB_10003471: 65 | if ((lpWideCharStr == (LPWCH)0x0) && 66 | (lpWideCharStr = GetEnvironmentStringsW(), lpWideCharStr == (LPWCH)0x0)) { 67 | return (LPVOID)0x0; 68 | } 69 | WVar2 = *lpWideCharStr; 70 | pWVar5 = lpWideCharStr; 71 | while (WVar2 != L'\0') { 72 | do { 73 | pWVar4 = pWVar5; 74 | pWVar5 = pWVar4 + 1; 75 | } while (*pWVar5 != L'\0'); 76 | pWVar5 = pWVar4 + 2; 77 | WVar2 = *pWVar5; 78 | } 79 | iVar6 = ((int)pWVar5 - (int)lpWideCharStr >> 1) + 1; 80 | _Size = WideCharToMultiByte(0,0,lpWideCharStr,iVar6,(LPSTR)0x0,0,(LPCSTR)0x0,(LPBOOL)0x0); 81 | local_8 = (LPSTR)0x0; 82 | if (((_Size != 0) && (lpMultiByteStr = (LPSTR)__malloc_crt(_Size), lpMultiByteStr != (LPSTR)0x0)) 83 | && (iVar6 = WideCharToMultiByte(0,0,lpWideCharStr,iVar6,lpMultiByteStr,_Size,(LPCSTR)0x0, 84 | (LPBOOL)0x0), local_8 = lpMultiByteStr, iVar6 == 0)) { 85 | _free(lpMultiByteStr); 86 | local_8 = (LPSTR)0x0; 87 | } 88 | FreeEnvironmentStringsW(lpWideCharStr); 89 | return local_8; 90 | } 91 | 92 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002f89___XcptFilter.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __XcptFilter 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | int __cdecl __XcptFilter(ulong _ExceptionNum,_EXCEPTION_POINTERS *_ExceptionPtr) 8 | 9 | { 10 | ulong *puVar1; 11 | code *pcVar2; 12 | void *pvVar3; 13 | ulong uVar4; 14 | _ptiddata p_Var5; 15 | ulong *puVar6; 16 | int iVar7; 17 | int iVar8; 18 | 19 | p_Var5 = __getptd_noexit(); 20 | if (p_Var5 != (_ptiddata)0x0) { 21 | puVar1 = (ulong *)p_Var5->_pxcptacttab; 22 | puVar6 = puVar1; 23 | do { 24 | if (*puVar6 == _ExceptionNum) break; 25 | puVar6 = puVar6 + 3; 26 | } while (puVar6 < puVar1 + DAT_1000d4d4 * 3); 27 | if ((puVar1 + DAT_1000d4d4 * 3 <= puVar6) || (*puVar6 != _ExceptionNum)) { 28 | puVar6 = (ulong *)0x0; 29 | } 30 | if ((puVar6 == (ulong *)0x0) || (pcVar2 = (code *)puVar6[2], pcVar2 == (code *)0x0)) { 31 | p_Var5 = (_ptiddata)0x0; 32 | } 33 | else if (pcVar2 == (code *)0x5) { 34 | puVar6[2] = 0; 35 | p_Var5 = (_ptiddata)0x1; 36 | } 37 | else { 38 | if (pcVar2 != (code *)0x1) { 39 | pvVar3 = p_Var5->_tpxcptinfoptrs; 40 | p_Var5->_tpxcptinfoptrs = _ExceptionPtr; 41 | if (puVar6[1] == 8) { 42 | if (DAT_1000d4c8 < DAT_1000d4cc + DAT_1000d4c8) { 43 | iVar7 = DAT_1000d4c8 * 0xc; 44 | iVar8 = DAT_1000d4c8; 45 | do { 46 | *(undefined4 *)(iVar7 + 8 + (int)p_Var5->_pxcptacttab) = 0; 47 | iVar8 = iVar8 + 1; 48 | iVar7 = iVar7 + 0xc; 49 | } while (iVar8 < DAT_1000d4cc + DAT_1000d4c8); 50 | } 51 | uVar4 = *puVar6; 52 | iVar8 = p_Var5->_tfpecode; 53 | if (uVar4 == 0xc000008e) { 54 | p_Var5->_tfpecode = 0x83; 55 | } 56 | else if (uVar4 == 0xc0000090) { 57 | p_Var5->_tfpecode = 0x81; 58 | } 59 | else if (uVar4 == 0xc0000091) { 60 | p_Var5->_tfpecode = 0x84; 61 | } 62 | else if (uVar4 == 0xc0000093) { 63 | p_Var5->_tfpecode = 0x85; 64 | } 65 | else if (uVar4 == 0xc000008d) { 66 | p_Var5->_tfpecode = 0x82; 67 | } 68 | else if (uVar4 == 0xc000008f) { 69 | p_Var5->_tfpecode = 0x86; 70 | } 71 | else if (uVar4 == 0xc0000092) { 72 | p_Var5->_tfpecode = 0x8a; 73 | } 74 | (*pcVar2)(8,p_Var5->_tfpecode); 75 | p_Var5->_tfpecode = iVar8; 76 | } 77 | else { 78 | puVar6[2] = 0; 79 | (*pcVar2)(puVar6[1]); 80 | } 81 | p_Var5->_tpxcptinfoptrs = pvVar3; 82 | } 83 | p_Var5 = (_ptiddata)0xffffffff; 84 | } 85 | } 86 | return (int)p_Var5; 87 | } 88 | 89 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/10002890___except_handler4.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __except_handler4 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | undefined4 __cdecl __except_handler4(int *param_1,PVOID param_2,undefined4 param_3) 8 | 9 | { 10 | int iVar1; 11 | int iVar2; 12 | BOOL BVar3; 13 | PVOID pvVar4; 14 | int *piVar5; 15 | int *local_1c; 16 | undefined4 local_18; 17 | uint *local_14; 18 | undefined4 local_10; 19 | PVOID local_c; 20 | char local_5; 21 | 22 | piVar5 = (int *)(*(uint *)((int)param_2 + 8) ^ DAT_1000d004); 23 | local_5 = '\0'; 24 | local_10 = 1; 25 | iVar1 = (int)param_2 + 0x10; 26 | if (*piVar5 != -2) { 27 | __security_check_cookie(piVar5[1] + iVar1 ^ *(uint *)(*piVar5 + iVar1)); 28 | } 29 | __security_check_cookie(piVar5[3] + iVar1 ^ *(uint *)(piVar5[2] + iVar1)); 30 | pvVar4 = param_2; 31 | if ((*(byte *)(param_1 + 1) & 0x66) == 0) { 32 | *(int ***)((int)param_2 + -4) = &local_1c; 33 | pvVar4 = *(PVOID *)((int)param_2 + 0xc); 34 | local_1c = param_1; 35 | local_18 = param_3; 36 | if (pvVar4 == (PVOID)0xfffffffe) { 37 | return local_10; 38 | } 39 | do { 40 | local_14 = (uint *)(piVar5 + (int)pvVar4 * 3 + 4); 41 | local_c = (PVOID)*local_14; 42 | if ((undefined *)piVar5[(int)pvVar4 * 3 + 5] != (undefined *)0x0) { 43 | iVar2 = _EH4_CallFilterFunc((undefined *)piVar5[(int)pvVar4 * 3 + 5]); 44 | local_5 = '\x01'; 45 | if (iVar2 < 0) { 46 | local_10 = 0; 47 | goto LAB_10002938; 48 | } 49 | if (0 < iVar2) { 50 | if (((*param_1 == -0x1f928c9d) && (DAT_1000eab8 != (code *)0x0)) && 51 | (BVar3 = __IsNonwritableInCurrentImage((PBYTE)&DAT_1000eab8), BVar3 != 0)) { 52 | (*DAT_1000eab8)(param_1,1); 53 | } 54 | _EH4_GlobalUnwind(param_2); 55 | if (*(PVOID *)((int)param_2 + 0xc) != pvVar4) { 56 | _EH4_LocalUnwind((int)param_2,(uint)pvVar4,iVar1,&DAT_1000d004); 57 | } 58 | *(PVOID *)((int)param_2 + 0xc) = local_c; 59 | if (*piVar5 != -2) { 60 | __security_check_cookie(piVar5[1] + iVar1 ^ *(uint *)(*piVar5 + iVar1)); 61 | } 62 | __security_check_cookie(piVar5[3] + iVar1 ^ *(uint *)(piVar5[2] + iVar1)); 63 | _EH4_TransferToHandler((undefined *)local_14[2]); 64 | goto LAB_100029fc; 65 | } 66 | } 67 | pvVar4 = local_c; 68 | } while (local_c != (PVOID)0xfffffffe); 69 | if (local_5 == '\0') { 70 | return local_10; 71 | } 72 | } 73 | else { 74 | LAB_100029fc: 75 | if (*(int *)((int)pvVar4 + 0xc) == -2) { 76 | return local_10; 77 | } 78 | _EH4_LocalUnwind((int)pvVar4,0xfffffffe,iVar1,&DAT_1000d004); 79 | } 80 | LAB_10002938: 81 | if (*piVar5 != -2) { 82 | __security_check_cookie(piVar5[1] + iVar1 ^ *(uint *)(*piVar5 + iVar1)); 83 | } 84 | __security_check_cookie(piVar5[3] + iVar1 ^ *(uint *)(piVar5[2] + iVar1)); 85 | return local_10; 86 | } 87 | 88 | -------------------------------------------------------------------------------- /tests/fixtures/bifrose_archive/decomp/1000505b___wctomb_s_l.c: -------------------------------------------------------------------------------- 1 | 2 | /* Library Function - Single Match 3 | __wctomb_s_l 4 | 5 | Library: Visual Studio 2008 Release */ 6 | 7 | errno_t __cdecl 8 | __wctomb_s_l(int *_SizeConverted,char *_MbCh,size_t _SizeInBytes,wchar_t _WCh,_locale_t _Locale) 9 | 10 | { 11 | char *lpMultiByteStr; 12 | size_t _Size; 13 | int iVar1; 14 | int *piVar2; 15 | DWORD DVar3; 16 | int local_14 [2]; 17 | int local_c; 18 | char local_8; 19 | 20 | _Size = _SizeInBytes; 21 | lpMultiByteStr = _MbCh; 22 | if ((_MbCh == (char *)0x0) && (_SizeInBytes != 0)) { 23 | if (_SizeConverted != (int *)0x0) { 24 | *_SizeConverted = 0; 25 | } 26 | LAB_1000507f: 27 | iVar1 = 0; 28 | } 29 | else { 30 | if (_SizeConverted != (int *)0x0) { 31 | *_SizeConverted = -1; 32 | } 33 | if (0x7fffffff < _SizeInBytes) { 34 | piVar2 = __errno(); 35 | *piVar2 = 0x16; 36 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 37 | return 0x16; 38 | } 39 | _LocaleUpdate::_LocaleUpdate((_LocaleUpdate *)local_14,_Locale); 40 | if (*(int *)(local_14[0] + 0x14) == 0) { 41 | if ((ushort)_WCh < 0x100) { 42 | if (lpMultiByteStr != (char *)0x0) { 43 | if (_Size == 0) goto LAB_10005116; 44 | *lpMultiByteStr = (char)_WCh; 45 | } 46 | if (_SizeConverted != (int *)0x0) { 47 | *_SizeConverted = 1; 48 | } 49 | LAB_10005151: 50 | if (local_8 != '\0') { 51 | *(uint *)(local_c + 0x70) = *(uint *)(local_c + 0x70) & 0xfffffffd; 52 | } 53 | goto LAB_1000507f; 54 | } 55 | if ((lpMultiByteStr != (char *)0x0) && (_Size != 0)) { 56 | _memset(lpMultiByteStr,0,_Size); 57 | } 58 | } 59 | else { 60 | _MbCh = (char *)0x0; 61 | iVar1 = WideCharToMultiByte(*(UINT *)(local_14[0] + 4),0,&_WCh,1,lpMultiByteStr,_Size, 62 | (LPCSTR)0x0,(LPBOOL)&_MbCh); 63 | if (iVar1 == 0) { 64 | DVar3 = GetLastError(); 65 | if (DVar3 == 0x7a) { 66 | if ((lpMultiByteStr != (char *)0x0) && (_Size != 0)) { 67 | _memset(lpMultiByteStr,0,_Size); 68 | } 69 | LAB_10005116: 70 | piVar2 = __errno(); 71 | *piVar2 = 0x22; 72 | __invalid_parameter((wchar_t *)0x0,(wchar_t *)0x0,(wchar_t *)0x0,0,0); 73 | if (local_8 == '\0') { 74 | return 0x22; 75 | } 76 | *(uint *)(local_c + 0x70) = *(uint *)(local_c + 0x70) & 0xfffffffd; 77 | return 0x22; 78 | } 79 | } 80 | else if (_MbCh == (char *)0x0) { 81 | if (_SizeConverted != (int *)0x0) { 82 | *_SizeConverted = iVar1; 83 | } 84 | goto LAB_10005151; 85 | } 86 | } 87 | piVar2 = __errno(); 88 | *piVar2 = 0x2a; 89 | piVar2 = __errno(); 90 | iVar1 = *piVar2; 91 | if (local_8 != '\0') { 92 | *(uint *)(local_c + 0x70) = *(uint *)(local_c + 0x70) & 0xfffffffd; 93 | } 94 | } 95 | return iVar1; 96 | } 97 | 98 | --------------------------------------------------------------------------------