[*] Binary protection state of zabbix_agentd
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function mmap tear down of zabbix_agentd
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/zabbix_agentd @ 0x3e96c */
| #include <stdint.h>
|
; (fcn) sym.str_base64_decode () | void str_base64_decode (int16_t arg_84h, uint32_t arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_0h_2;
| int16_t var_4h_2;
| int16_t var_6h;
| int16_t var_7h;
| int16_t var_8h;
| int16_t var_9h;
| int16_t var_ah;
| int16_t var_bh;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_14h;
| int16_t var_18h;
| int16_t var_1ch;
| int16_t var_20h;
| int16_t var_24h;
| int16_t var_28h;
| int16_t var_2ch;
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_38h;
| int16_t var_3ch;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x0003e96c push.w {r4, r5, r6, r7, r8, sb, lr} |
0x0003e970 mov r8, r2 | r8 = r2;
0x0003e972 ldr r2, [pc, 0x2a4] |
0x0003e974 mov r7, r3 | r7 = r3;
0x0003e976 sub sp, 0x14 |
0x0003e978 ldr r3, [pc, 0x2a0] | r3 = *(0x3ec1c);
0x0003e97a add r2, pc | r2 = 0x7d598;
0x0003e97c ldr r3, [r2, r3] |
0x0003e97e ldr r3, [r3] | r3 = *(0x7d598);
0x0003e980 str r3, [sp, 0xc] | var_ch = r3;
0x0003e982 mov.w r3, 0 | r3 = 0;
0x0003e986 cmp r0, 0 |
| if (var_0h_2 == ) {
0x0003e988 beq.w 0x3ebc2 | goto label_6;
| }
0x0003e98c mov sb, r1 | sb = r1;
0x0003e98e cmp r1, 0 |
| if (r1 == 0) {
0x0003e990 beq.w 0x3ec02 | goto label_7;
| }
0x0003e994 cmp r7, 0 |
| if (r7 == 0) {
0x0003e996 beq.w 0x3ebee | goto label_8;
| }
0x0003e99a cmp.w r8, 0 |
0x0003e99e ittt gt |
| if (r8 <= 0) {
0x0003e9a0 movgt r4, 0 | r4 = 0;
| }
| if (r8 <= 0) {
0x0003e9a2 movgt r6, r0 | r6 = r0;
| }
| if (r8 <= 0) {
0x0003e9a4 strgt r4, [r7] | *(r7) = r4;
| }
| if (r8 <= 0) {
0x0003e9a6 ble.w 0x3ebda | goto label_9;
| }
| label_1:
0x0003e9aa mov.w r5, -1 | r5 = -1;
| do {
| label_0:
0x0003e9ae invalid |
0x0003e9b0 cmp r3, 0 |
| if (r3 == 0) {
0x0003e9b2 beq.w 0x3eb98 | goto label_10;
| }
0x0003e9b6 cmp r3, 0x5a |
0x0003e9b8 add.w r6, r6, 1 | r6++;
| if (r3 > 0x5a) {
0x0003e9bc bhi 0x3ea94 | goto label_11;
| }
0x0003e9be cmp r3, 0x2a |
0x0003e9c0 bls 0x3e9ae |
| } while (r3 < 0x2a);
0x0003e9c2 sub.w r2, r3, 0x2b | r2 = r3 - 0x2b;
0x0003e9c6 cmp r2, 0x2f |
| if (r2 > 0x2f) {
0x0003e9c8 bhi 0x3e9ae | goto label_0;
| }
0x0003e9ca adr r1, 8 | r1 = 8;
0x0003e9cc ldr.w r2, [r1, r2, lsl 2] | offset_0 = r2 << 2;
| r2 = *((r1 + offset_0));
0x0003e9d0 add r1, r2 | r1 += r2;
| /* switch table (48 cases) at 0x3e9d4 */
0x0003e9d2 bx r1 | return uint32_t (*r1)() ();
| label_11:
0x0003ea94 sub.w r2, r3, 0x61 | r2 = r3 - 0x61;
0x0003ea98 cmp r2, 0x19 |
| if (r2 > 0x19) {
0x0003ea9a bhi 0x3e9ae | goto label_0;
| }
0x0003ea9c add.w r2, r4, 0x10 | r2 = r4 + 0x10;
0x0003eaa0 cmp r4, 2 |
0x0003eaa2 add r2, sp, r2 | r2 = sp + r2;
0x0003eaa4 mov r5, r4 | r5 = r4;
0x0003eaa6 strb r3, [r2, -0xc] | *((r2 - 0xc)) = r3;
| if (r4 <= 2) {
0x0003eaaa ble.w 0x3ebb4 | goto label_12;
| }
0x0003eaae movs r4, 0 | r4 = 0;
0x0003eab0 mov r0, r4 | r0 = r4;
| label_2:
0x0003eab2 add r2, sp, 8 | r2 += var_8h;
0x0003eab4 add r3, sp, 4 | r3 += var_4h_2;
0x0003eab6 mov r1, r2 | r1 = r2;
| do {
0x0003eab8 ldrb lr, [r3], 1 |
0x0003eabc sub.w ip, lr, 0x41 |
0x0003eac0 uxtb.w ip, ip | ip = (int8_t) ip;
0x0003eac4 cmp.w ip, 0x19 |
| if (ip >= 0x19) {
0x0003eac8 bls 0x3eb00 |
0x0003eaca sub.w ip, lr, 0x61 |
0x0003eace cmp.w ip, 0x19 |
0x0003ead2 itt ls |
| if (ip > 0x19) {
0x0003ead4 subls ip, lr, 0x47 |
| }
| if (ip <= 0x19) {
0x0003ead8 uxtb.w ip, ip | ip = (int8_t) ip;
| }
| if (ip < 0x19) {
0x0003eadc bls 0x3eb00 | goto label_13;
| }
0x0003eade sub.w ip, lr, 0x30 |
0x0003eae2 cmp.w ip, 9 |
0x0003eae6 itt ls |
| if (ip > 9) {
0x0003eae8 addls ip, lr, 4 |
| }
| if (ip <= 9) {
0x0003eaec uxtb.w ip, ip | ip = (int8_t) ip;
| }
| if (ip < 9) {
0x0003eaf0 bls 0x3eb00 | goto label_13;
| }
0x0003eaf2 cmp.w lr, 0x2b |
0x0003eaf6 ite ne |
| if (lr == 0x2b) {
0x0003eaf8 movne ip, 0x3f |
| }
| if (lr != 0x2b) {
0x0003eafc mov.w ip, 0x3e | goto label_13;
| }
| }
| label_13:
0x0003eb00 cmp r1, r3 |
0x0003eb02 strb ip, [r2], 1 | *(r2) = ip;
| r2++;
0x0003eb06 bne 0x3eab8 |
| } while (r1 != r3);
| if (r5 != 0) {
0x0003eb08 cbz r5, 0x3eb78 |
0x0003eb0a ldrb.w r3, [sp, 9] | r3 = var_9h;
0x0003eb0e mov r1, sb | r1 = sb;
0x0003eb10 ldrb.w ip, [sp, 8] | ip = var_8h;
0x0003eb14 lsrs r2, r3, 4 | r2 = r3 >> 4;
0x0003eb16 orr.w r2, r2, ip, lsl 2 | r2 |= (ip << 2);
0x0003eb1a strb r2, [r1], 1 | *(r1) = r2;
| r1++;
0x0003eb1e ldr r2, [r7] | r2 = *(r7);
0x0003eb20 adds r2, 1 | r2++;
0x0003eb22 cmp r2, r8 |
0x0003eb24 str r2, [r7] | *(r7) = r2;
| if (r2 == r8) {
0x0003eb26 beq 0x3eb7e | goto label_3;
| }
0x0003eb28 cmp r5, 1 |
| if (r5 == 1) {
0x0003eb2a beq 0x3ebb8 | goto label_14;
| }
0x0003eb2c ldrb.w r2, [sp, 6] | r2 = var_6h;
0x0003eb30 cmp r2, 0x3d |
| if (r2 != 0x3d) {
0x0003eb32 beq 0x3eb50 |
0x0003eb34 ldrb.w r2, [sp, 0xa] | r2 = var_ah;
0x0003eb38 lsls r3, r3, 4 | r3 <<= 4;
0x0003eb3a add.w r1, sb, 2 | r1 = sb + 2;
0x0003eb3e orr.w r3, r3, r2, lsr 2 | r3 |= (r2 >> 2);
0x0003eb42 strb.w r3, [sb, 1] | *((sb + 1)) = r3;
0x0003eb46 ldr r3, [r7] | r3 = *(r7);
0x0003eb48 adds r3, 1 | r3++;
0x0003eb4a cmp r3, r8 |
0x0003eb4c str r3, [r7] | *(r7) = r3;
| if (r3 == r8) {
0x0003eb4e beq 0x3eb7e | goto label_3;
| }
| }
0x0003eb50 cmp r5, 3 |
| if (r5 != 3) {
0x0003eb52 bne 0x3ebb8 | goto label_14;
| }
0x0003eb54 ldrb.w r3, [sp, 7] | r3 = var_7h;
0x0003eb58 cmp r3, 0x3d |
| if (r3 == 0x3d) {
0x0003eb5a beq 0x3ebb8 | goto label_14;
| }
0x0003eb5c ldrb.w r2, [sp, 0xa] | r2 = var_ah;
0x0003eb60 mov sb, r1 | sb = r1;
0x0003eb62 ldrb.w r3, [sp, 0xb] | r3 = var_bh;
0x0003eb66 orr.w r3, r3, r2, lsl 6 | r3 |= (r2 << 6);
0x0003eb6a strb r3, [sb], 1 | *(sb) = r3;
| sb++;
0x0003eb6e ldr r3, [r7] | r3 = *(r7);
0x0003eb70 adds r3, 1 | r3++;
0x0003eb72 cmp r3, r8 |
0x0003eb74 str r3, [r7] | *(r7) = r3;
| if (r3 == r8) {
0x0003eb76 beq 0x3eb7e | goto label_3;
| }
| }
0x0003eb78 cmp r0, 0 |
| if (r0 == 0) {
0x0003eb7a beq.w 0x3e9aa | goto label_1;
| }
| do {
| label_3:
0x0003eb7e ldr r2, [pc, 0xa0] |
0x0003eb80 ldr r3, [pc, 0x98] | r3 = *(0x3ec1c);
0x0003eb82 add r2, pc | r2 = 0x7d7a8;
0x0003eb84 ldr r3, [r2, r3] | r3 = *(0x7d7a8);
0x0003eb86 ldr r2, [r3] | r2 = *(0x7d7a8);
0x0003eb88 ldr r3, [sp, 0xc] | r3 = var_ch;
0x0003eb8a eors r2, r3 | r2 ^= r3;
0x0003eb8c mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x0003eb90 bne 0x3ebd6 | goto label_15;
| }
0x0003eb92 add sp, 0x14 |
0x0003eb94 pop.w {r4, r5, r6, r7, r8, sb, pc} |
| label_10:
0x0003eb98 adds r0, r5, 1 | r0 = r5 + 1;
0x0003eb9a cmp r0, 3 |
| if (r0 <= 3) {
0x0003eb9c bgt 0x3ebac |
0x0003eb9e add r3, sp, 4 | r3 += var_4h_2;
0x0003eba0 rsb.w r2, r5, 3 | r2 = 3 - r5;
0x0003eba4 movs r1, 0x41 | r1 = 0x41;
0x0003eba6 add r0, r3 | r0 += r3;
0x0003eba8 blx 0xc1ac | statvfs64 ();
0x0003ebaa invalid |
| }
0x0003ebac adds r3, r5, 1 | r3 = r5 + 1;
0x0003ebae beq 0x3eb7e |
| } while (r3 == r5);
0x0003ebb0 movs r0, 1 | r0 = 1;
0x0003ebb2 b 0x3eab2 | goto label_2;
| label_12:
0x0003ebb4 adds r4, 1 | r4++;
0x0003ebb6 b 0x3e9ae | goto label_0;
| label_14:
0x0003ebb8 mov sb, r1 | sb = r1;
0x0003ebba cmp r0, 0 |
| if (r0 == 0) {
0x0003ebbc beq.w 0x3e9aa | goto label_1;
| }
0x0003ebc0 b 0x3eb7e | goto label_3;
| label_6:
0x0003ebc2 ldr r3, [pc, 0x60] |
0x0003ebc4 movs r2, 0xef | r2 = 0xef;
0x0003ebc6 ldr r1, [pc, 0x60] |
0x0003ebc8 ldr r0, [pc, 0x60] |
0x0003ebca add r3, pc | r3 = 0x7d7f4;
0x0003ebcc add r1, pc | r1 = 0x7d7fa;
0x0003ebce adds r3, 0x70 | r3 += 0x70;
0x0003ebd0 add r0, pc | r0 = 0x7d800;
0x0003ebd2 blx 0xc4a0 | fcn_0000c4a0 ();
| label_15:
0x0003ebd6 blx 0xbe48 | fcn_0000be48 ();
| label_9:
0x0003ebda ldr r3, [pc, 0x54] |
0x0003ebdc movs r2, 0xf2 | r2 = 0xf2;
0x0003ebde ldr r1, [pc, 0x54] |
0x0003ebe0 ldr r0, [pc, 0x54] |
0x0003ebe2 add r3, pc | r3 = 0x7d818;
0x0003ebe4 add r1, pc | r1 = 0x7d81e;
0x0003ebe6 adds r3, 0x70 | r3 += 0x70;
0x0003ebe8 add r0, pc | r0 = 0x7d824;
0x0003ebea blx 0xc4a0 | fcn_0000c4a0 ();
| label_8:
0x0003ebee ldr r3, [pc, 0x4c] |
0x0003ebf0 movs r2, 0xf1 | r2 = 0xf1;
0x0003ebf2 ldr r1, [pc, 0x4c] |
0x0003ebf4 ldr r0, [pc, 0x4c] |
0x0003ebf6 add r3, pc | r3 = 0x7d838;
0x0003ebf8 add r1, pc | r1 = 0x7d83e;
0x0003ebfa adds r3, 0x70 | r3 += 0x70;
0x0003ebfc add r0, pc | r0 = 0x7d844;
0x0003ebfe blx 0xc4a0 | fcn_0000c4a0 ();
| label_7:
0x0003ec02 ldr r3, [pc, 0x44] |
0x0003ec04 movs r2, 0xf0 | r2 = 0xf0;
0x0003ec06 ldr r1, [pc, 0x44] |
0x0003ec08 ldr r0, [pc, 0x44] |
0x0003ec0a add r3, pc | r3 = 0x7d858;
0x0003ec0c add r1, pc | r1 = 0x7d85e;
0x0003ec0e adds r3, 0x70 | r3 += 0x70;
0x0003ec10 add r0, pc | r0 = 0x7d864;
0x0003ec12 blx 0xc4a0 | fcn_0000c4a0 ();
0x0003ec16 nop |
0x0003ec18 b 0x3f100 |
0x0003f100 movt r3, 0xf6bb | r3 = (r3 & 0xFFFF) | 0xNaN0000;
0x0003f104 add.w lr, r2, lr, ror 21 | lr = r2 + (lr >>> 21);
0x0003f108 add r3, sl | r3 += sl;
0x0003f10a add ip, r3 |
0x0003f10c eor.w r3, r1, r2 | r3 = r1 ^ r2;
0x0003f110 eor.w r3, r3, lr | r3 ^= lr;
0x0003f114 add r3, ip | r3 += ip;
0x0003f116 movw ip, 0xbc70 |
0x0003f11a movt ip, 0xbebf |
0x0003f11e add.w r3, lr, r3, ror 16 | r3 = lr + (r3 >>> 16);
0x0003f122 add ip, r0 |
0x0003f124 add r1, ip | r1 += ip;
0x0003f126 eor.w ip, r2, lr |
0x0003f12a eor.w ip, ip, r3 |
0x0003f12e sub.w r0, r0, 0x100000 | r0 -= case.0x3207a.11;
0x0003f132 add ip, r1 |
0x0003f134 movw r1, 0x7ec6 |
0x0003f138 movt r1, 0x289b | r1 = 0xNaN;
0x0003f13c add.w ip, r3, ip, ror 9 |
0x0003f140 add r1, r5 | r1 += r5;
0x0003f142 ldr r5, [sp, 0x18] | r5 = var_18h;
0x0003f144 add r1, r2 | r1 += r2;
0x0003f146 eor.w r2, lr, r3 | r2 = lr ^ r3;
0x0003f14a eor.w r2, r2, ip | r2 ^= ip;
0x0003f14e subw r0, r0, 0xb83 | __asm ("subw r0, r0, case.0x3207a.11");
0x0003f152 add r2, r1 | r2 += r1;
0x0003f154 movw r1, 0x27fa |
0x0003f158 movt r1, 0xeaa1 | r1 = 0xNaN;
0x0003f15c add.w r2, ip, r2, ror 28 | r2 = ip + (r2 >>> 28);
0x0003f160 add r1, r6 | r1 += r6;
0x0003f162 ldr r6, [sp, 0x10] | r6 = var_10h;
0x0003f164 add lr, r1 | lr += r1;
0x0003f166 eor.w r1, r3, ip | r1 = r3 ^ ip;
0x0003f16a eors r1, r2 | r1 ^= r2;
0x0003f16c add r1, lr | r1 += lr;
0x0003f16e movw lr, 0x3085 |
0x0003f172 movt lr, 0xd4ef | lr = 0xNaN;
0x0003f176 add.w r1, r2, r1, ror 21 | r1 = r2 + (r1 >>> 21);
0x0003f17a add lr, r6 | lr += r6;
0x0003f17c ldr r6, [sp, 0xc] | r6 = var_ch;
0x0003f17e add lr, r3 | lr += r3;
0x0003f180 eor.w r3, ip, r2 | r3 = ip ^ r2;
0x0003f184 eors r3, r1 | r3 ^= r1;
0x0003f186 add r3, lr | r3 += lr;
0x0003f188 movw lr, 0x1d05 |
0x0003f18c movt lr, 0x488 | lr = 0xNaN;
0x0003f190 add.w r3, r1, r3, ror 16 | r3 = r1 + (r3 >>> 16);
0x0003f194 add lr, r5 | lr += r5;
0x0003f196 ldr r5, [sp, 0x1c] | r5 = var_1ch;
0x0003f198 add lr, ip | lr += ip;
0x0003f19a eor.w ip, r2, r1 |
0x0003f19e eor.w ip, ip, r3 |
0x0003f1a2 add ip, lr |
0x0003f1a4 movw lr, 0xd039 |
0x0003f1a8 movt lr, 0xd9d4 | lr = 0xNaN;
0x0003f1ac add.w ip, r3, ip, ror 9 |
0x0003f1b0 add lr, r4 | lr += r4;
0x0003f1b2 ldr r4, [sp, 0x2c] | r4 = var_2ch;
0x0003f1b4 add lr, r2 | lr += r2;
0x0003f1b6 eor.w r2, r1, r3 | r2 = r1 ^ r3;
0x0003f1ba eor.w r2, r2, ip | r2 ^= ip;
0x0003f1be add r2, lr | r2 += lr;
0x0003f1c0 movw lr, 0x99e5 |
0x0003f1c4 movt lr, 0xe6db | lr = 0xNaN;
0x0003f1c8 add.w r2, ip, r2, ror 28 | r2 = ip + (r2 >>> 28);
0x0003f1cc add lr, r8 | lr += r8;
0x0003f1ce add lr, r1 | lr += r1;
0x0003f1d0 eor.w r1, r3, ip | r1 = r3 ^ ip;
0x0003f1d4 eors r1, r2 | r1 ^= r2;
0x0003f1d6 add r1, lr | r1 += lr;
0x0003f1d8 movw lr, 0x7cf8 |
0x0003f1dc movt lr, 0x1fa2 | lr = 0xNaN;
0x0003f1e0 add.w r1, r2, r1, ror 21 | r1 = r2 + (r1 >>> 21);
0x0003f1e4 add lr, r7 | lr += r7;
0x0003f1e6 add r3, lr | r3 += lr;
0x0003f1e8 eor.w lr, ip, r2 | lr = ip ^ r2;
0x0003f1ec eor.w lr, lr, r1 | lr ^= r1;
0x0003f1f0 add lr, r3 | lr += r3;
0x0003f1f2 movw r3, 0x5665 |
0x0003f1f6 movt r3, 0xc4ac | r3 = 0xNaN;
0x0003f1fa add.w lr, r1, lr, ror 16 | lr = r1 + (lr >>> 16);
0x0003f1fe add r3, r6 | r3 += r6;
0x0003f200 ldr r6, [sp, 4] | r6 = var_4h_2;
0x0003f202 add ip, r3 |
0x0003f204 eor.w r3, r2, r1 | r3 = r2 ^ r1;
0x0003f208 eor.w r3, r3, lr | r3 ^= lr;
0x0003f20c add r3, ip | r3 += ip;
0x0003f20e movw ip, 0x2244 |
0x0003f212 add.w r3, lr, r3, ror 9 | r3 = lr + (r3 >>> 9);
0x0003f216 movt ip, 0xf429 |
0x0003f21a add ip, r6 |
0x0003f21c ldr r6, [sp, 0x10] | r6 = var_10h;
0x0003f21e add ip, r2 |
0x0003f220 orn r2, r3, r1 | r2 = r3 | r1;
| r2 = ~r2;
0x0003f224 eor.w r2, r2, lr | r2 ^= lr;
0x0003f228 add r2, ip | r2 += ip;
0x0003f22a movw ip, 0xff97 |
0x0003f22e add.w r2, r3, r2, ror 26 | r2 = r3 + (r2 >>> 26);
0x0003f232 movt ip, 0x432a |
0x0003f236 add ip, sl |
0x0003f238 add ip, r1 |
0x0003f23a orn r1, r2, lr | r1 = r2 | lr;
| r1 = ~r1;
0x0003f23e eors r1, r3 | r1 ^= r3;
0x0003f240 add r1, ip | r1 += ip;
0x0003f242 movw ip, 0x23a7 |
0x0003f246 add.w r1, r2, r1, ror 22 | r1 = r2 + (r1 >>> 22);
0x0003f24a movt ip, 0xab94 |
0x0003f24e add ip, r4 |
0x0003f250 ldr r4, [sp, 0x34] | r4 = var_4h;
0x0003f252 add ip, lr |
0x0003f254 orn lr, r1, r3 | lr = r1 | r3;
| lr = ~lr;
0x0003f258 eor.w lr, lr, r2 | lr ^= r2;
0x0003f25c add ip, lr |
0x0003f25e movw lr, 0xa039 | lr = (lr & 0xFFFF0000) | (case.0x3207a.11 & 0xFFFF);
0x0003f262 add.w ip, r1, ip, ror 17 |
0x0003f266 movt lr, 0xfc93 | lr = (lr & 0xFFFF) | 0xNaN0000;
0x0003f26a add lr, r4 | lr += r4;
0x0003f26c ldr r4, [sp, 0x14] | r4 = var_14h;
0x0003f26e add lr, r3 | lr += r3;
0x0003f270 orn r3, ip, r2 | r3 = ip | r2;
| r3 = ~r3;
0x0003f274 eors r3, r1 | r3 ^= r1;
0x0003f276 add r0, ip | r0 += ip;
0x0003f278 add r3, lr | r3 += lr;
0x0003f27a movw lr, 0x59c3 | lr = (lr & 0xFFFF0000) | (case.0x3207a.11 & 0xFFFF);
0x0003f27e add.w r3, ip, r3, ror 11 | r3 = ip + (r3 >>> 11);
0x0003f282 movt lr, 0x655b | lr = (lr & 0xFFFF) | 0xNaN0000;
0x0003f286 add lr, r8 | lr += r8;
0x0003f288 add lr, r2 | lr += r2;
0x0003f28a orn r2, r3, r1 | r2 = r3 | r1;
| r2 = ~r2;
0x0003f28e eor.w r2, r2, ip | r2 ^= ip;
0x0003f292 add r2, lr | r2 += lr;
0x0003f294 movw lr, 0xcc92 | lr = (lr & 0xFFFF0000) | (case.0x3207a.11 & 0xFFFF);
0x0003f298 add.w r2, r3, r2, ror 26 | r2 = r3 + (r2 >>> 26);
0x0003f29c movt lr, 0x8f0c | lr = (lr & 0xFFFF) | 0xNaN0000;
0x0003f2a0 add lr, r6 | lr += r6;
0x0003f2a2 ldr r6, [sp, 8] | r6 = var_8h;
0x0003f2a4 orn ip, r2, ip | ip = r2 | ip;
| ip = ~ip;
0x0003f2a8 add lr, r1 | lr += r1;
0x0003f2aa eor.w ip, ip, r3 |
0x0003f2ae movw r1, 0x5dd1 | r1 = (r1 & 0xFFFF0000) | (case.0x3207a.11 & 0xFFFF);
0x0003f2b2 add ip, lr |
0x0003f2b4 movt r1, 0x8584 | r1 = (r1 & 0xFFFF) | 0xNaN0000;
0x0003f2b8 add.w ip, r2, ip, ror 22 |
0x0003f2bc add r1, r6 | r1 += r6;
0x0003f2be add r1, r3 | r1 += r3;
0x0003f2c0 orn r3, ip, r3 | r3 = ip | r3;
| r3 = ~r3;
0x0003f2c4 eors r3, r2 | r3 ^= r2;
0x0003f2c6 add r3, r0 | r3 += r0;
0x0003f2c8 movw r0, 0x7e4f | r0 = (r0 & 0xFFFF0000) | (case.0x3207a.11 & 0xFFFF);
0x0003f2cc add.w r3, ip, r3, ror 17 | r3 = ip + (r3 >>> 17);
0x0003f2d0 movt r0, 0x6fa8 | r0 = (r0 & 0xFFFF) | 0xNaN0000;
0x0003f2d4 add r0, r5 | r0 += r5;
0x0003f2d6 ldr r5, [sp, 0x18] | r5 = var_18h;
0x0003f2d8 add r0, r2 | r0 += r2;
0x0003f2da orn r2, r3, r2 | r2 = r3 | r2;
| r2 = ~r2;
0x0003f2de eor.w r2, r2, ip | r2 ^= ip;
0x0003f2e2 add r2, r1 | r2 += r1;
0x0003f2e4 movw r1, 0xe6e0 | r1 = (r1 & 0xFFFF0000) | (case.0x3207a.11 & 0xFFFF);
0x0003f2e8 add.w r2, r3, r2, ror 11 | r2 = r3 + (r2 >>> 11);
0x0003f2ec movt r1, 0xfe2c | r1 = (r1 & 0xFFFF) | 0xNaN0000;
0x0003f2f0 add r1, r7 | r1 += r7;
0x0003f2f2 ldr r7, [sp, 0x24] | r7 = var_24h;
0x0003f2f4 add r1, ip | r1 += ip;
0x0003f2f6 orn ip, r2, ip | ip = r2 | ip;
| ip = ~ip;
0x0003f2fa eor.w ip, ip, r3 |
0x0003f2fe add ip, r0 |
0x0003f300 movw r0, 0x4314 | r0 = (r0 & 0xFFFF0000) | (case.0x3207a.11 & 0xFFFF);
0x0003f304 add.w ip, r2, ip, ror 26 |
0x0003f308 movt r0, 0xa301 | r0 = (r0 & 0xFFFF) | 0xNaN0000;
0x0003f30c add r0, r5 | r0 += r5;
0x0003f30e ldr r5, [sp, 0x28] | r5 = var_28h;
0x0003f310 add r0, r3 | r0 += r3;
0x0003f312 orn r3, ip, r3 | r3 = ip | r3;
| r3 = ~r3;
0x0003f316 eors r3, r2 | r3 ^= r2;
0x0003f318 add r3, r1 | r3 += r1;
0x0003f31a movw r1, 0x11a1 | r1 = (r1 & 0xFFFF0000) | (case.0x3207a.11 & 0xFFFF);
0x0003f31e add.w r3, ip, r3, ror 22 | r3 = ip + (r3 >>> 22);
0x0003f322 movt r1, 0x4e08 | r1 = (r1 & 0xFFFF) | 0xNaN0000;
0x0003f326 add r1, r5 | r1 += r5;
0x0003f328 add r1, r2 | r1 += r2;
0x0003f32a orn r2, r3, r2 | r2 = r3 | r2;
| r2 = ~r2;
0x0003f32e eor.w r2, r2, ip | r2 ^= ip;
0x0003f332 add r2, r0 | r2 += r0;
0x0003f334 movw r0, 0x7e82 | r0 = (r0 & 0xFFFF0000) | (case.0x3207a.11 & 0xFFFF);
0x0003f338 add.w r2, r3, r2, ror 17 | r2 = r3 + (r2 >>> 17);
0x0003f33c movt r0, 0xf753 | r0 = (r0 & 0xFFFF) | 0xNaN0000;
0x0003f340 add r0, r4 | r0 += r4;
0x0003f342 add r0, ip | r0 += ip;
0x0003f344 orn ip, r2, ip | ip = r2 | ip;
| ip = ~ip;
0x0003f348 eor.w ip, ip, r3 |
0x0003f34c add ip, r1 |
0x0003f34e movw r1, 0xf235 | r1 = (r1 & 0xFFFF0000) | (case.0x3207a.11 & 0xFFFF);
0x0003f352 add.w ip, r2, ip, ror 11 |
0x0003f356 movt r1, 0xbd3a | r1 = (r1 & 0xFFFF) | 0xNaN0000;
0x0003f35a add r1, r7 | r1 += r7;
0x0003f35c ldr r7, [sp, 0x38] | r7 = var_38h;
0x0003f35e add r1, r3 | r1 += r3;
0x0003f360 orn r3, ip, r3 | r3 = ip | r3;
| r3 = ~r3;
0x0003f364 eors r3, r2 | r3 ^= r2;
0x0003f366 ldr r5, [sp, 0x3c] | r5 = var_3ch;
0x0003f368 add r3, r0 | r3 += r0;
0x0003f36a ldr r6, [sp, 0xc] | r6 = var_ch;
0x0003f36c add.w r3, ip, r3, ror 26 | r3 = ip + (r3 >>> 26);
0x0003f370 ldr r4, [sp] | r4 = *(sp);
0x0003f372 adds r0, r7, r3 | r0 = r7 + r3;
0x0003f374 str r0, [r5, 8] | *((r5 + 8)) = r0;
0x0003f376 orn r0, r3, r2 | r0 = r3 | r2;
| r0 = ~r0;
0x0003f37a eor.w r0, r0, ip | r0 ^= ip;
0x0003f37e add r1, r0 | r1 += r0;
0x0003f380 ldr r0, [sp, 0x30] | r0 = var_0h;
0x0003f382 add.w r1, r3, r1, ror 22 | r1 = r3 + (r1 >>> 22);
0x0003f386 add r0, r1 | r0 += r1;
0x0003f388 str r0, [r5, 0x14] | *((r5 + 0x14)) = r0;
0x0003f38a movw r0, 0xd2bb |
0x0003f38e movt r0, 0x2ad7 | r0 = 0xNaN;
0x0003f392 add r0, r6 | r0 += r6;
0x0003f394 add r0, r2 | r0 += r2;
0x0003f396 orn r2, r1, ip | r2 = r1 | ip;
| r2 = ~r2;
0x0003f39a eors r2, r3 | r2 ^= r3;
0x0003f39c add r2, r0 | r2 += r0;
0x0003f39e add.w r2, r1, r2, ror 17 | r2 = r1 + (r2 >>> 17);
0x0003f3a2 orn r3, r2, r3 | r3 = r2 | r3;
| r3 = ~r3;
0x0003f3a6 add r4, r2 | r4 += r2;
0x0003f3a8 add r2, sb | r2 += sb;
0x0003f3aa eors r3, r1 | r3 ^= r1;
0x0003f3ac str r2, [r5, 0x10] | *((r5 + 0x10)) = r2;
0x0003f3ae mov r1, r5 | r1 = r5;
0x0003f3b0 ldr r5, [sp, 0x20] | r5 = var_20h;
0x0003f3b2 movw r2, 0xd391 |
0x0003f3b6 movt r2, 0xeb86 | r2 = 0xNaN;
0x0003f3ba add r2, r5 | r2 += r5;
0x0003f3bc add r2, ip | r2 += ip;
0x0003f3be add r3, r2 | r3 += r2;
0x0003f3c0 ldr r2, [pc, 0x5c] |
0x0003f3c2 add.w r4, r4, r3, ror 11 | r4 += (r3 >>> 11);
0x0003f3c6 ldr r3, [pc, 0x54] | r3 = *(0x3f41e);
0x0003f3c8 add r2, pc | r2 = 0x7e7ec;
0x0003f3ca str r4, [r1, 0xc] | *((r1 + 0xc)) = r4;
0x0003f3cc ldr r3, [r2, r3] | r3 = *(0x7e7ec);
0x0003f3ce ldr r2, [r3] | r2 = *(0x7e7ec);
0x0003f3d0 ldr r3, [sp, 0x84] | r3 = *(arg_84h);
0x0003f3d2 eors r2, r3 | r2 ^= r3;
0x0003f3d4 mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x0003f3d8 bne 0x3f412 |
0x0003f3da add sp, 0x8c |
0x0003f3dc pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
0x0003f412 blx 0xbe48 | fcn_0000be48 ();
0x0003f416 nop |
0x0003f418 svc 0x8a | __asm ("svc 0x8a");
0x0003f41a movs r1, r0 | r1 = r0;
0x0003f41c lsls r4, r2, 0xc | r4 = r2 << 0xc;
0x0003f41e movs r0, r0 |
| if (r0 <= r0) {
0x0003f420 bhi 0x3f46c |
0x0003f422 movs r1, r0 | r1 = r0;
| }
0x0003f46c ubfx r3, r3, 3, 6 | r3 = (r3 >> 3) & ((1 << 6) - 1);
0x0003f470 add.w r2, r2, r5, asr 29 | r2 += (r5 >> 29);
0x0003f474 str r1, [r0] | *(r0) = r1;
0x0003f476 str r2, [r0, 4] | *((r0 + 4)) = r2;
0x0003f478 itt hs |
| if (r1 < r0) {
0x0003f47a addhs r2, 1 | r2++;
| }
| if (r1 < r0) {
0x0003f47c strhs r2, [r0, 4] | *((r0 + 4)) = r2;
| }
| if (r3 != 0) {
0x0003f47e cbnz r3, 0x3f4c4 | goto label_16;
| }
0x0003f480 cmp r5, 0x3f |
| if (r5 <= 0x3f) {
0x0003f482 ble 0x3f50c | goto label_17;
| }
| label_4:
0x0003f484 mov r4, r7 | r4 = r7;
0x0003f486 adds r6, r7, r5 | r6 = r7 + r5;
| do {
0x0003f488 mov r1, r4 | r1 = r4;
0x0003f48a mov r0, r8 | r0 = r8;
0x0003f48c adds r4, 0x40 | r4 += 0x40;
0x0003f48e bl 0x3ec54 | fcn_0003ec54 (r0, r1);
0x0003f492 subs r3, r6, r4 | r3 = r6 - r4;
0x0003f494 cmp r3, 0x3f |
0x0003f496 bgt 0x3f488 |
| } while (r3 > 0x3f);
0x0003f498 sub.w r2, r5, 0x40 | r2 = r5 - 0x40;
0x0003f49c cmp r5, 0x3f |
0x0003f49e lsr.w r5, r2, 6 | r5 = r2 >> 6;
0x0003f4a2 add.w r3, r5, 1 | r3 = r5 + 1;
0x0003f4a6 lsl.w r5, r5, 6 | r5 <<= 6;
0x0003f4aa lsl.w r3, r3, 6 | r3 <<= 6;
0x0003f4ae it le |
| if (r5 > 0x3f) {
0x0003f4b0 movle r3, 0x40 | r3 = 0x40;
| }
0x0003f4b2 rsb.w r5, r5, 0 | r5 -= ;
0x0003f4b6 it le |
| if (r5 > 0x3f) {
0x0003f4b8 movle r5, 0 | r5 = 0;
| }
0x0003f4ba add r7, r3 | r7 += r3;
0x0003f4bc add r5, r2 | r5 += r2;
| if (r5 != 0) {
0x0003f4be cbnz r5, 0x3f50c | goto label_17;
| }
| label_5:
0x0003f4c0 pop.w {r4, r5, r6, r7, r8, pc} |
| label_16:
0x0003f4c4 adds r4, r5, r3 | r4 = r5 + r3;
0x0003f4c6 cmp r4, 0x40 |
| if (r4 <= 0x40) {
0x0003f4c8 ble 0x3f4f0 | goto label_18;
| }
0x0003f4ca add.w r4, r0, 0x18 | r4 = r0 + 0x18;
0x0003f4ce rsb.w r2, r3, 0x40 | r2 = 0x40 - r3;
0x0003f4d2 mov r1, r7 | r1 = r7;
0x0003f4d4 adds r0, r4, r3 | r0 = r4 + r3;
0x0003f4d6 subs r5, r5, r2 | r5 -= r2;
0x0003f4d8 add r7, r2 | r7 += r2;
0x0003f4da blx 0xbd78 | fcn_0000bd78 ();
0x0003f4de mov r1, r4 | r1 = r4;
0x0003f4e0 mov r0, r8 | r0 = r8;
0x0003f4e2 bl 0x3ec54 | fcn_0003ec54 (r0, r1);
0x0003f4e6 cmp r5, 0x3f |
| if (r5 > 0x3f) {
0x0003f4e8 bgt 0x3f484 | goto label_4;
| }
0x0003f4ea cmp r5, 0 |
| if (r5 == 0) {
0x0003f4ec beq 0x3f4c0 | goto label_5;
| }
0x0003f4ee b 0x3f50c | goto label_17;
| label_18:
0x0003f4f0 mov r2, r5 | r2 = r5;
0x0003f4f2 add.w r5, r0, 0x18 | r5 = r0 + 0x18;
0x0003f4f6 mov r1, r7 | r1 = r7;
0x0003f4f8 adds r0, r5, r3 | r0 = r5 + r3;
0x0003f4fa blx 0xbd78 | fcn_0000bd78 ();
0x0003f4fe cmp r4, 0x40 |
| if (r4 != 0x40) {
0x0003f500 bne 0x3f4c0 | goto label_5;
| }
0x0003f502 mov r1, r5 | r1 = r5;
0x0003f504 mov r0, r8 | r0 = r8;
0x0003f506 bl 0x3ec54 | fcn_0003ec54 (r0, r1);
0x0003f50a b 0x3f4c0 | goto label_5;
| label_17:
0x0003f50c mov r2, r5 | r2 = r5;
0x0003f50e mov r1, r7 | r1 = r7;
0x0003f510 add.w r0, r8, 0x18 | r0 = r8 + 0x18;
0x0003f514 pop.w {r4, r5, r6, r7, r8, lr} |
0x0003f518 b.w 0xbd74 | return void (*0xbd74)() ();
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/zabbix_agentd @ 0x3af00 */
| #include <stdint.h>
|
; (fcn) sym.zbx_replace_string () | void zbx_replace_string (int16_t arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_4h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x0003af00 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x0003af04 mov r8, r2 | r8 = r2;
0x0003af06 sub sp, 0xc |
0x0003af08 mov r7, r0 | r7 = r0;
0x0003af0a mov r0, r3 | r0 = r3;
0x0003af0c mov r5, r1 | r5 = r1;
0x0003af0e mov r6, r3 | r6 = r3;
0x0003af10 rsb.w fp, r5, 1 |
0x0003af14 blx 0xc114 | r0 = fcn_0000c114 ();
0x0003af18 mov r4, r0 | r4 = r0;
0x0003af1a ldr.w r0, [r8] | r0 = *(r8);
0x0003af1e add.w sb, r0, fp | sb = r0 + fp;
0x0003af22 cmp r4, sb |
| if (r4 == sb) {
0x0003af24 beq 0x3af5e | goto label_0;
| }
0x0003af26 ldr r3, [r7] | r3 = *(r7);
0x0003af28 add.w sl, r5, -1 | sl = r5 + -1;
0x0003af2c add sl, r4 | sl += r4;
0x0003af2e add r0, r3 | r0 += r3;
0x0003af30 str r3, [sp, 4] | var_4h = r3;
0x0003af32 blx 0xc114 | fcn_0000c114 ();
0x0003af36 cmp r4, sb |
0x0003af38 ldr r3, [sp, 4] | r3 = var_4h;
0x0003af3a add sl, r0 | sl += r0;
0x0003af3c bhi 0x3af70 |
| while (1) {
0x0003af3e add.w r1, r5, sb | r1 = r5 + sb;
0x0003af42 sub.w r2, fp, r4 | r2 = fp - r4;
0x0003af46 add.w sb, r4, r5 | sb = r4 + r5;
0x0003af4a add r1, r3 | r1 += r3;
0x0003af4c add.w r0, r3, sb | r0 = r3 + sb;
0x0003af50 add r2, sl | r2 += sl;
0x0003af52 blx 0xbcf8 | fcn_0000bcf8 ();
0x0003af56 add.w r3, sb, -1 | r3 = sb + -1;
0x0003af5a str.w r3, [r8] | __asm ("str.w r3, [r8]");
| label_0:
0x0003af5e ldr r0, [r7] | r0 = *(r7);
0x0003af60 mov r2, r4 | r2 = r4;
0x0003af62 mov r1, r6 | r1 = r6;
0x0003af64 add r0, r5 | r0 += r5;
0x0003af66 add sp, 0xc |
0x0003af68 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x0003af6c b.w 0xbd74 | void (*0xbd74)() ();
0x0003af70 ldr r0, [pc, 0x14] |
0x0003af72 mov r2, r3 | r2 = r3;
0x0003af74 mov.w r1, 0xa60 | r1 = case.0x3207a.11;
0x0003af78 add.w r3, sl, 1 | r3 = sl + 1;
0x0003af7c add r0, pc | r0 = 0x75f08;
0x0003af7e bl 0x35cb8 | r0 = zbx_realloc2 ();
0x0003af82 mov r3, r0 | r3 = r0;
0x0003af84 str r0, [r7] | *(r7) = r0;
0x0003af86 b 0x3af3e |
| }
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/zabbix_agentd @ 0x3cc0c */
| #include <stdint.h>
|
; (fcn) sym.zbx_strsplit () | void zbx_strsplit (int16_t arg1, int16_t arg3, int16_t arg4) {
| r0 = arg1;
| r2 = arg3;
| r3 = arg4;
0x0003cc0c push.w {r4, r5, r6, r7, r8, sb, sl, lr} |
0x0003cc10 mov r6, r0 | r6 = r0;
0x0003cc12 mov r5, r2 | r5 = r2;
0x0003cc14 mov r7, r3 | r7 = r3;
0x0003cc16 blx 0xc138 | r0 = fcn_0000c138 ();
0x0003cc1a mov r4, r0 | r4 = r0;
| if (r0 != 0) {
0x0003cc1c cbz r0, 0x3cc74 |
0x0003cc1e ldr.w sl, [pc, 0x6c] |
0x0003cc22 sub.w r8, r0, r6 | r8 = r0 - r6;
0x0003cc26 mov r0, r6 | r0 = r6;
0x0003cc28 blx 0xc114 | fcn_0000c114 ();
0x0003cc2c add sl, pc | sl = 0x798be;
0x0003cc2e sub.w sb, r0, r8 | sb = r0 - r8;
0x0003cc32 add.w r3, r8, 1 | r3 = r8 + 1;
0x0003cc36 movs r2, 0 | r2 = 0;
0x0003cc38 movw r1, 0x160d | r1 = (r1 & 0xFFFF0000) | (case.0x3207a.11 & 0xFFFF);
0x0003cc3c mov r0, sl | r0 = sl;
0x0003cc3e bl 0x35c28 | zbx_malloc2 ();
0x0003cc42 mov r3, sb | r3 = sb;
0x0003cc44 str r0, [r5] | *(r5) = r0;
0x0003cc46 movs r2, 0 | r2 = 0;
0x0003cc48 mov r0, sl | r0 = sl;
0x0003cc4a movw r1, 0x160e | r1 = (r1 & 0xFFFF0000) | (case.0x3207a.11 & 0xFFFF);
0x0003cc4e bl 0x35c28 | zbx_malloc2 ();
0x0003cc52 mov r1, r6 | r1 = r6;
0x0003cc54 mov r2, r8 | r2 = r8;
0x0003cc56 str r0, [r7] | *(r7) = r0;
0x0003cc58 ldr r0, [r5] | r0 = *(r5);
0x0003cc5a blx 0xbd78 | fcn_0000bd78 ();
0x0003cc5e ldr r3, [r5] | r3 = *(r5);
0x0003cc60 movs r0, 0 | r0 = 0;
0x0003cc62 mov r2, sb | r2 = sb;
0x0003cc64 adds r1, r4, 1 | r1 = r4 + 1;
0x0003cc66 strb.w r0, [r3, r8] | *((r3 + r8)) = r0;
0x0003cc6a ldr r0, [r7] | r0 = *(r7);
0x0003cc6c pop.w {r4, r5, r6, r7, r8, sb, sl, lr} |
0x0003cc70 b.w 0xbd74 | void (*0xbd74)() ();
| }
0x0003cc74 mov r2, r0 | r2 = r0;
0x0003cc76 ldr r0, [pc, 0x18] |
0x0003cc78 mov r3, r6 | r3 = r6;
0x0003cc7a movw r1, 0x1602 | r1 = (r1 & 0xFFFF0000) | (case.0x3207a.11 & 0xFFFF);
0x0003cc7e add r0, pc | r0 = 0x79914;
0x0003cc80 bl 0x35d28 | zbx_strdup2 ();
0x0003cc84 str r0, [r5] | *(r5) = r0;
0x0003cc86 str r4, [r7] | *(r7) = r4;
0x0003cc88 pop.w {r4, r5, r6, r7, r8, sb, sl, pc} |
| }
[*] Function mmap used 1 times zabbix_agentd
