[*] Binary protection state of kmod
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of kmod
b 0x38d8
add r2, sp, 0x10
add r1, sp, 0xc
mov r0, r5
bl 0xd2e4
subs r4, r0, 0
blt 0x39ec
mov r0, r5
bl 0xd59c
mov r8, r0
cmp r0, 0
bne.w 0x380e
b 0x37fe
ldr r6, [0x00003a70]
movs r2, 1
ldr r1, [sp, 4]
add r6, pc
mov r0, r6
blx sym.imp.__errno_location
mov r0, r5
blx sym.imp.__vfprintf_chk
mov r4, r0
mov r0, r6
--
mov r0, r4
blx 0x1924
cmp r0, 0
beq 0x478e
mov r1, fp
mov r0, r4
blx 0x1924
cmp r0, 0
beq 0x478e
mov r0, r4
blx 0x1bb0
add.w sl, r0, r7
mov r5, r0
add.w r3, sl, 2
cmp.w r3, 0x1000
bhs 0x4852
ldr r0, [sp, 0x10]
movs r3, 0
add r2, sp, 0x20
mov r1, r4
blx sym.imp.__asprintf_chk
cmp r0, 0
blt.w 0x48ee
--
mov r2, sb
movs r0, 3
add r1, pc
bl 0x85e4
b 0x478e
ldr r1, [sp, 0x18]
mov r2, sb
movs r0, 3
bl 0x85e4
b 0x478e
adds r2, r5, 1
mov r1, r4
add.w r0, sb, r7
blx sym.imp.mmap64
addw r3, sl, 0x101
cmp.w r3, 0x1000
bhs 0x492e
ldr r0, [sp, 0x10]
movs r2, 0
mov r1, r4
blx sym.imp.__sprintf_chk
subs r5, r0, 0
blt 0x48fe
--
lsrs r0, r0, 5
b 0x51e2
movs r0, 0
b 0x51e2
blx sym.imp.stat64
lsrs r0, r2, 0x11
movs r2, r0
lsls r4, r7, 6
movs r0, r0
lsrs r2, r6, 0x10
movs r2, r0
push {r3, r4, r5, r6, r7, lr}
mov r5, r1
movs r1, 0
mov r7, r0
blx sym.imp.fstatat64
subs r4, r0, 0
blt 0x527c
movs r2, 0
mov r1, r5
blx sym.imp.__sprintf_chk
subs r6, r0, 0
blt 0x526a
--
str r3, [sp, 0x10]
bl 0x925c
cmp r0, 0
blt 0x5bca
ldr.w r3, [sl]
adds r2, r6, 1
ldr r0, [sp]
mov r1, r4
str r3, [sp, 0xc]
adds r0, r3, r0
blx sym.imp.mmap64
ldrb.w r3, [fp, 0x12]
cmp r3, 8
beq 0x5bba
cmp r3, 4
beq 0x5b22
ldr r0, [sp, 4]
movs r3, 0
add r2, sp, 0x18
mov r1, r4
blx sym.imp.__asprintf_chk
cmp r0, 0
blt 0x5bf8
ldr r3, [sp, 0x28]
and r3, r3, 0xf000
cmp.w r3, 0x8000
beq 0x5bba
cmp.w r3, 0x4000
bne 0x5bda
ldr r0, [sp, 4]
movs r2, 0
mov r1, r4
blx sym.imp.__sprintf_chk
subs r6, r0, 0
blt 0x5be8
--
str r2, [sp, 0x44]
cmp r3, 0
beq.w 0x62d2
ldr r2, [sp, 0x1c]
ldr.w r3, [0x000068b8]
ldr r3, [r2, r3]
ldr r2, [sp, 0x3c]
ldr r3, [r3]
cmp r3, r2
beq.w 0x62d8
mov r0, r6
blx sym.imp.fnmatch
mov r7, r0
cmp r0, 0
beq.w 0x700c
blx sym.imp.renameat
ldr.w r1, [0x000068e0]
movs r3, 0
ldr r2, [sp, 0x18]
add r1, pc
blx sym.imp.__asprintf_chk
mov r8, r0
cmp r0, 0
--
and r2, r2, 0xf000
cmp.w r2, 0x4000
bne 0x6770
mov r0, r5
blx sym.imp.fnmatch
mov r8, r0
cmp r0, 0
beq.w 0x7516
blx 0x1cf4
cmp r0, 0
beq 0x683a
str.w sl, [sp, 0x1c]
mov sl, r0
ldr.w fp, [sp, 0x18]
b 0x6802
mov r0, r8
blx sym.imp.renameat
mov r3, sl
mov r2, fp
mov r1, r4
blx sym.imp.__asprintf_chk
ldr r3, [sp, 0x20]
mov r2, r5
--
blx 0x1b8c
ldr r3, [sp, 0x20]
strd r4, r0, [sp, 4]
mov r0, r6
subw r3, r3, 0xa18
ldr r2, [r3]
str r2, [sp, 0x10]
movs r2, 1
ldr r3, [r3, 4]
str r3, [sp, 0xc]
ldr.w r3, [0x000076a4]
add r3, pc
str r3, [sp]
movs r3, 0xff
mov r1, r3
blx 0x1dd4
mov.w r3, 0x1a4
movs r2, 0xc1
mov r1, r6
mov r0, sl
blx sym.imp.__sprintf_chk
subs r4, r0, 0
blt.w 0x7128
--
mov sl, r0
cmp r2, 0x2e
beq 0xabe2
cmp r0, 5
bls 0xabe2
subs r0, 5
mov r1, sb
add r0, r4
blx 0x1924
cbz r0, 0xabba
sub.w r0, sl, 6
ldr r1, [sp, 0x1c]
add r0, r4
blx 0x1924
cbnz r0, 0xabe2
mov r0, r6
blx sym.imp.renameat
movs r3, 0
mov r2, r7
mov r1, r4
blx sym.imp.__asprintf_chk
ldr r3, [fp, -0x60]
and r3, r3, 0xf000
--
cmp.w r8, 0
ble 0xc624
ldr.w fp, [0x0000c660]
movw r3, 0xcccc
movs r4, 0
movt r3, 0xccc
subs r6, 1
add.w sl, r8, -1
add fp, pc
mov r5, r4
str r3, [sp, 8]
b 0xc5d2
cmp r8, r4
beq 0xc624
ldrb r1, [r6, 1]!
adds r0, r7, r5
mov.w r2, -1
mov r3, fp
str r1, [sp]
movs r1, 1
blx sym.imp.__vasprintf_chk
mov r1, r4
adds r2, r5, 2
--
mov r0, r4
bl 0xcb50
ldr r3, [sp, 0x48]
str r3, [sp, 0x20]
cbz r3, 0xdb98
str r3, [sp, 0x44]
b 0xd802
ldr r3, [0x0000dc28]
add r3, pc
str r3, [sp, 0x14]
b 0xda42
ldr r4, [0x0000dc2c]
mov r0, fp
bl 0xcfb4
movs r2, 1
mov r1, r0
add r4, pc
mov r0, r4
blx sym.imp.__errno_location
mov r0, sb
blx sym.imp.__vfprintf_chk
mov r5, r0
mov r0, r4
--
beq 0xdd40
ldr r2, [0x0000ddd8]
mov.w r3, 0x1000
ldr r1, [r0, 8]
subs r4, r5, 4
mov r7, r0
mov r0, r4
add r2, pc
strd r2, r1, [sp]
mov r1, r3
movs r2, 1
blx 0x1dd4
mov.w r1, 0x80000
mov r0, r4
blx sym.imp.fstatat64
subs.w r8, r0, 0
blt 0xdd82
ldr r1, [0x0000dddc]
mov.w r2, 0x80000
add r1, pc
blx sym.imp.__sprintf_chk
subs r6, r0, 0
bge 0xdd66
--
ldr r3, [r2, r3]
ldr r2, [r3]
ldr r3, [r1]
eors r2, r3
mov.w r3, 0
bne 0x10c6e
mov r0, r4
mov r1, r6
add.w sp, sp, 0x2000
add sp, 0x1c
pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc}
adds.w r4, r8, r4
add.w sl, r8, sb
adc.w r6, r6, r8, asr 31
cmp r1, sl
blo 0x10c4e
add.w r0, ip, sb
mov r2, r8
mov r1, r7
mov sb, sl
blx sym.imp.__printf_chk
b 0x10b76
add.w r0, ip, sb
mov r2, sl
mov r1, r7
blx sym.imp.__printf_chk
cmp.w r8, 0
beq 0x10bd4
ldr r3, [r5, 0x28]
ldr r2, [sp, 0xc]
str r3, [r2]
str.w r8, [fp]
b 0x10bd4
mov r4, r8
mov r8, sb
mov r6, r4
b 0x10c28
add r0, sb
mov r2, sl
mov r1, r7
blx sym.imp.__printf_chk
b 0x10c28
mov r0, ip
mov r1, sl
str.w sl, [r5, 0x24]
blx sym.imp.regexec
str r0, [r5, 0x28]
cmp r0, 0
beq 0x10bc6
add r0, sb
mov r2, r8
mov r1, r7
mov sb, sl
blx sym.imp.__printf_chk
b 0x10b76
blx sym.imp.stat64
--
add r2, pc
ldr r3, [r2, r3]
ldr r2, [r3]
ldr r3, [sp, 0x14]
eors r2, r3
mov.w r3, 0
bne 0x10f7e
add sp, 0x1c
pop {r4, r5, r6, r7, pc}
blx sym.imp.__isoc99_sscanf
orrs.w r1, r4, r6
ldr r7, [r0]
mov r5, r0
beq 0x10f32
mov r0, r7
blx sym.imp.system
b 0x10f32
mov r2, r4
mov r1, r6
mov r0, r5
blx sym.imp.__printf_chk
movs r0, 1
strb r7, [r5, r4]
[*] Function printf used 18 times kmod
