[*] Binary protection state of ntpd
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of ntpd
nop
push.w {r4, r5, r6, r7, r8, lr}
mov r4, r0
ldr r0, [r0, 0x18]
mov r5, r2
mov r6, r1
adds r0, 4
bl 0x865c
ldr.w r3, [r4, 0x2ec]
mov r7, r0
cmp r3, r5
beq 0x2980
ldr r0, [0x00002998]
mov r2, r7
mov r1, r6
str.w r5, [r4, 0x2ec]
pop.w {r4, r5, r6, r7, r8, lr}
add r0, pc
b.w 0x3ee4
mov r0, r3
blx sym.imp.__vfprintf_chk
mov r3, r0
ldr r0, [0x0000299c]
--
cmp r4, 0
bne 0x306e
pop {r4, pc}
bx lr
nop
push.w {r4, r5, r6, r7, r8, sb, lr}
mov r6, r0
ldr r0, [0x00003188]
sub sp, 0x2c
add r4, sp, 4
movs r2, 0x20
ldr r3, [0x0000318c]
mov r8, r1
add r0, pc
movs r1, 0
ldr r3, [r0, r3]
mov r0, r4
ldr r3, [r3]
str r3, [sp, 0x24]
mov.w r3, 0
blx sym.imp.__fprintf_chk
movs r1, 2
mov r3, sp
--
ldr r4, [0x000034d4]
sub sp, 0x7c
mov r5, r0
movs r2, 0
ldr r3, [0x000034d8]
movt r1, 8
add r4, pc
movs r0, 1
ldr r3, [r4, r3]
ldr r3, [r3]
str r3, [sp, 0x74]
mov.w r3, 0
blx 0x1bf8
mov r4, r0
adds r0, 1
beq 0x3448
add r7, sp, 4
movs r2, 0x6e
movs r1, 0
mov r0, r7
blx sym.imp.__fprintf_chk
movs r6, 1
movs r2, 0x6c
--
mov r0, r4
bl 0x3348
ldr r2, [0x000034e0]
ldr r3, [0x000034d8]
add r2, pc
ldr r3, [r2, r3]
ldr r2, [r3]
ldr r3, [sp, 0x74]
eors r2, r3
mov.w r3, 0
bne 0x34d0
mov r0, r4
add sp, 0x7c
pop {r4, r5, r6, r7, pc}
ldr r0, [0x000034e4]
add r0, pc
bl 0x3ee4
b 0x342e
blx sym.imp.bind
ldr r0, [r0]
blx sym.imp.__vfprintf_chk
mov r1, r0
ldr r0, [0x000034e8]
--
ldr r0, [0x000034f0]
mov r1, r5
add r0, pc
bl 0x3ee4
mov r0, r4
mov r4, r6
blx sym.imp.getgrnam
mov r0, r7
blx 0x1c04
b 0x342e
ldr r0, [0x000034f4]
mov r1, r5
add r0, pc
bl 0x3ee4
mov r0, r4
mov r4, r6
blx sym.imp.getgrnam
b 0x342e
blx sym.imp.bind
ldr r0, [r0]
blx sym.imp.__vfprintf_chk
mov r1, r0
ldr r0, [0x000034f8]
--
movs r1, r0
push {r4, r5, r6, lr}
mov r4, r0
sub sp, 8
cbz r1, 0x3eb2
mov r0, r2
mov.w r3, 0x2000
ldr r6, [0x00003ec0]
movs r2, 1
strd r1, r0, [sp]
mov r1, r3
ldr r0, [0x00003ec4]
add r6, pc
add r0, pc
blx 0x17e0
ldr r3, [0x00003ec8]
add r3, pc
ldr r5, [r3, 8]
cbz r4, 0x3e9c
mov r0, r4
blx sym.imp.__vfprintf_chk
ldr r3, [0x00003ecc]
mov r2, r5
--
movs r0, r0
push {r0, r1, r2, r3}
ldr r2, [0x00003f8c]
ldr r3, [0x00003f90]
push {r4, r5, r6, lr}
sub sp, 0x18
add r2, pc
ldr r6, [sp, 0x28]
ldr r3, [r2, r3]
ldr r3, [r3]
str r3, [sp, 0x14]
mov.w r3, 0
blx sym.imp.bind
ldr r5, [r0]
mov r4, r0
cmp r6, 0
beq 0x3f74
add r3, sp, 0x2c
mov r0, r5
str r3, [sp, 0x10]
blx sym.imp.__vfprintf_chk
ldr r2, [0x00003f94]
mov r3, r6
--
blx 0x17a4
ldr r2, [0x00003f98]
ldr r3, [0x00003f90]
str r5, [r4]
add r2, pc
ldr r3, [r2, r3]
ldr r2, [r3]
ldr r3, [sp, 0x14]
eors r2, r3
mov.w r3, 0
bne 0x3f88
add sp, 0x18
pop.w {r4, r5, r6, lr}
add sp, 0x10
bx lr
ldr r2, [sp, 0x10]
mov r1, r6
movs r0, 4
bl 0x3d38
mov r0, r5
blx sym.imp.__vfprintf_chk
ldr r1, [0x00003f9c]
mov r2, r0
movs r0, 4
add r1, pc
bl 0x3e04
b 0x3f36
mov r0, r5
blx sym.imp.__vfprintf_chk
ldr r1, [0x00003fa0]
mov r2, r0
--
ldr.w r3, [r8]
add r3, r0
str.w r3, [r8]
ldr r5, [r5]
b 0x4830
ldr.w r3, [0x00004fc0]
add r3, pc
ldr r3, [r3, 0x10]
ldr r5, [r3, 8]
cbz r5, 0x485c
mov r0, r5
bl 0x24ec
ldr r5, [r5]
b 0x4850
ldr.w r3, [0x00004fc4]
movs r2, 0x28
mov r1, r5
add r3, pc
ldr r6, [r3, 0x10]
adds r0, r6, r2
blx sym.imp.__fprintf_chk
movs r3, 0
movs r2, 0
--
add r5, r3
ldr r3, [sp, 0x34]
adds r5, 3
add r5, r3
ldr r3, [sp, 0xc]
cmp r3, r5
bhs 0x4978
mov r0, fp
movs r2, 8
mov r1, r5
blx sym.imp.free
mov fp, r0
cmp r0, 0
beq.w 0x4f04
str r5, [sp, 0xc]
ldr r3, [sp, 0xc]
movs r1, 0
mov r0, fp
movs r5, 3
lsls r2, r3, 3
blx sym.imp.__fprintf_chk
ldr r3, [sp, 4]
movs r1, 0
ldr r0, [sp, 8]
lsls r2, r3, 2
blx sym.imp.__fprintf_chk
bl 0x8480
ldr.w r2, [0x00004fec]
--
cmp r3, 0x53
beq 0x68d0
cmp r3, 0x61
it eq
moveq r4, 3
bne 0x68c4
movs r1, 1
movs r2, 0
mov r0, r1
blx 0x1bf8
cmp.w r0, -1
mov r8, r0
beq 0x68d4
ldr r7, [0x00006a84]
add r6, sp, 0x2c
movs r2, 0x6e
movs r1, 0
mov r0, r6
movs r5, 1
add r7, pc
blx sym.imp.__fprintf_chk
movs r2, 0x6c
mov r1, r7
--
bne.w 0x8260
movs r0, 0
add sp, 0x140
vpop {d8}
pop.w {r4, r5, r6, r7, r8, pc}
mov r5, r0
bl 0x8280
mov r2, r5
add r5, sp, 0x18
mov r1, r8
mov r3, r5
mov r0, r7
vmov.f64 d8, d0
bl 0x589c
adds r0, 1
beq 0x8136
add.w r8, sp, 0x48
movs r2, 0x30
movs r1, 0
mov r0, r8
blx sym.imp.__fprintf_chk
ldrb.w r3, [r4, 0x48]
cmp r3, 0
--
b 0x87c2
mov.w r0, -1
pop {r4, r5, r6, pc}
nop
push {r4, r5, r6, r7, lr}
mov r5, r0
ldr r0, [0x00008918]
mov r4, r1
movs r2, 0x80
movs r1, 0
ldr r3, [0x0000891c]
add r0, pc
vpush {d8}
sub sp, 0x8c
ldr r3, [r0, r3]
add r7, sp, 4
mov r0, r7
ldr r3, [r3]
str r3, [sp, 0x84]
mov.w r3, 0
blx sym.imp.__fprintf_chk
cbz r5, 0x8864
movs r3, 2
--
movs r0, r0
strb r6, [r0, r4]
movs r1, r0
bics r2, r0
movs r0, r0
muls r0, r7, r0
movs r0, r0
ldr.w ip, [0x000089a0]
movs r2, 0x7c
ldr r3, [0x000089a4]
movs r1, 0
push {r4, lr}
sub sp, 0x88
add ip, pc
mov r4, r0
add r0, sp, 8
ldr.w r3, [ip, r3]
ldr r3, [r3]
str r3, [sp, 0x84]
mov.w r3, 0
blx sym.imp.__fprintf_chk
movs r3, 0x10
str r3, [sp, 4]
--
b 0x896c
blx sym.imp.__register_atfork
strb r2, [r1, r2]
movs r1, r0
lsls r0, r7, 7
movs r0, r0
strb r4, [r3, r1]
movs r1, r0
orrs r4, r5
movs r0, r0
push {r4, r5, r6, lr}
add.w r5, r0, 0x10000
mov r4, r0
add.w r0, r5, 0x10
mov r6, r1
bl 0x8f50
movs r2, 8
movs r1, 0
movt r2, 1
add.w r0, r4, 8
blx sym.imp.__fprintf_chk
strd r6, r6, [r5, 0x1c]
blx sym.imp.setsid
--
pop {r3, r4, r5, r6, r7, pc}
nop
push {r4, r5, r6, r7, lr}
sub.w sp, sp, 0x2000
ldr r4, [0x000090ac]
sub sp, 0xc
add.w r7, sp, 0x2000
add r5, sp, 4
ldr r3, [0x000090b0]
mov r6, r0
add r4, pc
mov.w r2, 0x2000
adds r7, 4
movs r1, 0
ldr r3, [r4, r3]
mov r0, r5
ldr r3, [r3]
str r3, [r7]
mov.w r3, 0
movw r7, 0x401
blx sym.imp.__fprintf_chk
ldr r4, [r6]
movs r2, 1
--
movs r1, r0
push.w {r4, r5, r6, r7, r8, lr}
mov r7, r0
ldr r0, [0x00009200]
sub.w sp, sp, 0x2000
sub sp, 0x30
mov.w r2, 0x2000
ldr r3, [0x00009204]
add.w r8, sp, 0x30
add r0, pc
add.w r4, sp, 0x2000
sub.w r6, r8, 4
adds r4, 0x2c
ldr r3, [r0, r3]
movs r1, 0
mov r0, r6
mov r5, sp
ldr r3, [r3]
str r3, [r4]
mov.w r3, 0
blx sym.imp.__fprintf_chk
ldr r4, [r7]
movs r3, 0
--
cmp r0, 0
beq 0x9c1c
mov r2, r7
mov r1, r5
blx 0x17f0
mov r0, r5
mov.w r2, -1
mov r1, r4
blx 0x1b74
mov r0, r5
blx 0x17a4
mov r0, r6
pop {r3, r4, r5, r6, r7, pc}
blx sym.imp.__errno_location
cmp r0, r6
bls 0x9b96
mov r2, r6
movs r1, 0
adds r0, r5, r7
mov r6, r5
blx sym.imp.__fprintf_chk
b 0x9bbc
mov r0, r7
blx sym.imp.strftime
mov r6, r0
cbz r0, 0x9c1c
mov r2, r4
mov r1, r5
blx 0x17f0
subs r2, r7, r4
movs r1, 0
adds r0, r6, r4
blx sym.imp.__fprintf_chk
b 0x9baa
umull r6, r0, r2, r3
--
rsb.w r5, r0, 0x400
mov r1, r5
add r0, r6
str r3, [sp, 4]
mov.w r3, -1
blx 0x17e0
adds r3, r0, 1
beq 0x9d46
cmp r5, r0
bls 0x9d46
ldrd r0, r2, [r4]
mov r1, r6
bl 0x9e68
ldr r2, [r4, 4]
cmp r0, r2
bhs 0x9d46
ldr r3, [r4]
subs r2, r2, r0
movs r1, 0
add r0, r3
blx sym.imp.__fprintf_chk
b 0x9d46
blx sym.imp.__register_atfork
--
ldr.w r8, [0x0000a64c]
add.w sb, r5, 0x40
mov r0, r5
add r8, pc
ldr.w r7, [r8, 4]
cmp r7, 0
beq 0xa564
ldr r6, [0x0000a650]
mov r1, sb
bl 0xa42c
movs r1, 0
movs r2, 0x28
add r6, pc
ldr r0, [r6, 8]
strd r1, r1, [r0, 0x30]
adds r0, 0x40
ldr r3, [r5, 0x60]
str r3, [r0, -0x8]
ldr r3, [r5, 0x64]
str r3, [r0, -0x4]
blx sym.imp.__fprintf_chk
ldr r3, [r6, 4]
mov.w r2, 0x3d8
str r2, [r3]
ldr r5, [0x0000a654]
movs r2, 0x28
mov r1, r2
mov r0, r4
blx 0x1b74
add r5, pc
movs r1, 0
ldr r3, [r5, 4]
mov.w r2, 0x400
str r1, [r3]
ldr r0, [r5, 8]
adds r0, 0x40
blx sym.imp.__fprintf_chk
ldr r2, [r5, 4]
mov.w r3, 0x6a00
--
add.w r2, r0, 0x40
mov r1, r2
bl 0x9fd4
ldrd r7, r6, [r5, 4]
add.w r8, r6, 0x40
mov r0, r6
cbz r7, 0xa75a
ldr r4, [0x0000a7d0]
mov r1, r8
bl 0xa42c
movs r1, 0
movs r2, 0x28
add r4, pc
ldr r0, [r4, 8]
strd r1, r1, [r0, 0x30]
adds r0, 0x40
ldr r3, [r6, 0x60]
str r3, [r0, -0x8]
ldr r3, [r6, 0x64]
str r3, [r0, -0x4]
blx sym.imp.__fprintf_chk
ldr r3, [r4, 4]
mov.w r2, 0x3d8
--
ldr.w r0, [r8, 8]
add.w r2, r0, 0x40
mov r1, r2
bl 0x9fd4
ldrd sb, r7, [r8, 4]
add.w fp, r7, 0x40
mov r0, r7
cmp.w sb, 0
beq 0xa902
mov r1, fp
bl 0xa42c
ldr.w r3, [sl, 8]
movs r1, 0
movs r2, 0x28
strd r1, r1, [r3, 0x30]
ldr r0, [r7, 0x60]
str r0, [r3, 0x38]
add.w r0, r3, 0x40
ldr r7, [r7, 0x64]
str r7, [r3, 0x3c]
blx sym.imp.__fprintf_chk
ldr.w r3, [sl, 4]
mov.w r2, 0x3d8
--
ldr r0, [0x0000a998]
add r0, pc
adds r0, 0xc
add sp, 0x14
pop.w {r4, r5, r6, r7, r8, sb, sl, fp, lr}
b.w sym.imp.pthread_mutex_unlock
sub.w sb, r3, r7
cmp r7, r4
it hs
movhs r7, r4
add.w sb, sb, 0x440
mov r0, r6
mov r1, sb
mov r2, r7
add r6, r7
blx 0x17f0
mov r2, r7
movs r1, 0
mov r0, sb
subs r4, r4, r7
blx sym.imp.__fprintf_chk
ldr r2, [r5, 4]
ldr r3, [r2]
[*] Function fprintf used 27 times ntpd
