[*] Binary protection state of mod_mpm_worker.so
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function strcat tear down of mod_mpm_worker.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/apache2/modules/mod_mpm_worker.so @ 0x3d28 */
| #include <stdint.h>
|
; (fcn) fcn.00003d28 () | void fcn_00003d28 (int16_t arg1, uint32_t arg2, int16_t arg3) {
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_14h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x00003d28 invalid |
0x00003d2c push.w {r4, r5, r6, r7, r8, sb, sl, lr} |
0x00003d30 mov r4, r1 | r4 = r1;
0x00003d32 ldr.w sl, [pc, 0x1c0] | sl = *(0x00003ef4);
0x00003d36 sub sp, 0x18 |
0x00003d38 add ip, pc |
0x00003d3a mov sb, r0 | sb = r0;
0x00003d3c ldr.w r5, [ip] | r5 = *(ip);
0x00003d40 mov r6, r2 | r6 = r2;
0x00003d42 add sl, pc | sl += pc;
0x00003d44 ldr.w r8, [pc, 0x1b0] | r8 = *(0x00003ef8);
0x00003d48 ldr.w r7, [sl, 0x1c] | r7 = *((sl + 0x1c));
0x00003d4c ldr r3, [r5, 0x18] | r3 = *((r5 + 0x18));
0x00003d4e add r8, pc | r8 += pc;
0x00003d50 cmp r3, r1 |
0x00003d52 itt le |
| if (r3 > r1) {
0x00003d54 addle r3, r1, 1 | r3 = r1 + 1;
| }
| if (r3 > r1) {
0x00003d56 strle r3, [r5, 0x18] | *((r5 + 0x18)) = r3;
| }
0x00003d58 cmp r7, 0 |
| if (r7 != 0) {
0x00003d5a bne.w 0x3eac | goto label_4;
| }
0x00003d5e blx 0x20bc | r0 = fcn_000020bc ();
0x00003d62 adds r3, r0, 1 | r3 = r0 + 1;
0x00003d64 mov r5, r0 | r5 = r0;
| if (r3 == r0) {
0x00003d66 beq 0x3e4c | goto label_5;
| }
0x00003d68 cmp r0, 0 |
| if (r0 == 0) {
0x00003d6a beq.w 0x3e88 | goto label_6;
| }
0x00003d6e ldr r3, [pc, 0x18c] | r3 = *(0x3efe);
0x00003d70 add.w r6, r4, r4, lsl 3 | r6 = r4 + (r4 << 3);
0x00003d74 lsls r6, r6, 2 | r6 <<= 2;
0x00003d76 ldr.w sb, [r8, r3] | sb = *((r8 + r3));
0x00003d7a ldr.w r3, [sb] | r3 = *(sb);
0x00003d7e ldr r2, [r3, 4] | r2 = *(0x3f02);
0x00003d80 ldr r3, [pc, 0x17c] | r3 = *(0x3f00);
0x00003d82 ldr r1, [r2, r6] | r1 = *(0x3f02);
0x00003d84 add.w ip, r2, r6 |
0x00003d88 ldr.w sl, [r8, r3] | sl = *((r8 + r3));
0x00003d8c cbnz r1, 0x3db8 |
| while (1) {
0x00003d8e ldr r2, [pc, 0x174] |
0x00003d90 mov r3, r4 | r3 = r4;
0x00003d92 movs r4, 0 | r4 = 0;
0x00003d94 ldr.w r0, [sl] | r0 = *(sl);
0x00003d98 strb.w r4, [ip, 8] | *((ip + 8)) = r4;
0x00003d9c mov r1, r5 | r1 = r5;
0x00003d9e add r2, pc |
0x00003da0 ldr r2, [r2] |
0x00003da2 ldr r2, [r2] |
0x00003da4 ldr r2, [r2, 0x14] | r2 = *(0x7cbc);
0x00003da6 strd r5, r2, [ip] | __asm ("strd r5, r2, [ip]");
0x00003daa str r4, [sp] | *(sp) = r4;
0x00003dac blx 0x20e0 | fcn_000020e0 ();
| label_3:
0x00003db0 mov r0, r7 | r0 = r7;
0x00003db2 add sp, 0x18 |
0x00003db4 pop.w {r4, r5, r6, r7, r8, sb, sl, pc} |
0x00003db8 ldr r3, [pc, 0x14c] | r3 = *(0x3f08);
0x00003dba ldr.w r0, [sl] | r0 = *(sl);
0x00003dbe ldr.w r3, [r8, r3] | r3 = *((r8 + r3));
0x00003dc2 ldr r2, [r3, 8] | r2 = *(0x3f10);
| if (r0 != 0) {
0x00003dc4 cbz r0, 0x3dda |
0x00003dc6 cmp r2, 0 |
| if (r2 < 0) {
0x00003dc8 blt 0x3e44 | goto label_7;
| }
0x00003dca ldr r3, [r0, 0x10] | r3 = *((r0 + 0x10));
0x00003dcc cmp r3, 0 |
| if (r3 == 0) {
0x00003dce beq 0x3e44 | goto label_7;
| }
0x00003dd0 ldrsb r3, [r3, r2] | r3 = *((r3 + r2));
0x00003dd2 cmp r3, 0 |
| if (r3 < 0) {
0x00003dd4 blt 0x3e44 | goto label_7;
| }
0x00003dd6 cmp r3, 6 |
| if (r3 <= 6) {
0x00003dd8 ble 0x3e14 | goto label_2;
| }
| }
| label_1:
0x00003dda ldrb.w r3, [ip, 8] | r3 = *((ip + 8));
| if (r3 != 0) {
0x00003dde cbnz r3, 0x3e3e | goto label_8;
| }
0x00003de0 ldr r3, [pc, 0x128] |
0x00003de2 add r3, pc | r3 = 0x7cf2;
| label_0:
0x00003de4 str r3, [sp, 0x14] | var_14h = r3;
0x00003de6 ldr r3, [pc, 0x128] |
0x00003de8 str r0, [sp, 4] | var_4h = r0;
0x00003dea ldr r0, [pc, 0x128] |
0x00003dec add r3, pc |
0x00003dee str r1, [sp, 0x10] | var_10h = r1;
0x00003df0 str r3, [sp, 8] | var_8h = r3;
0x00003df2 movs r3, 0 | r3 = 0;
0x00003df4 add r0, pc | r0 = 0x7d0e;
0x00003df6 mov.w r1, 0x198 | r1 = 0x198;
0x00003dfa str r3, [sp] | *(sp) = r3;
0x00003dfc movs r3, 7 | r3 = 7;
0x00003dfe str r5, [sp, 0xc] | var_ch = r5;
0x00003e00 blx 0x1f3c | fcn_00001f3c ();
0x00003e04 ldr.w r3, [sb] | r3 = *(sb);
0x00003e08 ldr.w r0, [sl] | r0 = *(sl);
0x00003e0c ldr r3, [r3, 4] | r3 = *(0x7d06);
0x00003e0e ldr r1, [r3, r6] | r1 = *(0x7d06);
0x00003e10 add.w ip, r3, r6 |
| label_2:
0x00003e14 movs r3, 2 | r3 = 2;
0x00003e16 ldr.w r2, [ip, 4] | r2 = *((ip + 4));
0x00003e1a str r3, [sp] | *(sp) = r3;
0x00003e1c mov r3, r4 | r3 = r4;
0x00003e1e blx 0x20e0 | fcn_000020e0 ();
0x00003e22 ldr.w r3, [sb] | r3 = *(sb);
0x00003e26 ldr r3, [r3, 4] | r3 = *((r3 + 4));
0x00003e28 adds r2, r3, r6 | r2 = r3 + r6;
0x00003e2a ldr r0, [r3, r6] | r0 = *((r3 + r6));
0x00003e2c ldr r1, [r2, 4] | r1 = *((r2 + 4));
0x00003e2e blx 0x2134 | fcn_00002134 ();
0x00003e32 ldr.w r3, [sb] | r3 = *(sb);
0x00003e36 ldr r3, [r3, 4] | r3 = *((r3 + 4));
0x00003e38 add.w ip, r3, r6 |
0x00003e3c b 0x3d8e |
| }
| label_8:
0x00003e3e ldr r3, [pc, 0xd8] |
0x00003e40 add r3, pc | r3 = 0x7d5e;
0x00003e42 b 0x3de4 | goto label_0;
| label_7:
0x00003e44 ldr r3, [r0, 0x14] | r3 = *((r0 + 0x14));
0x00003e46 cmp r3, 6 |
| if (r3 > 6) {
0x00003e48 bgt 0x3dda | goto label_1;
| }
0x00003e4a b 0x3e14 | goto label_2;
| label_5:
0x00003e4c ldr r3, [pc, 0xb8] | r3 = *(0x3f08);
0x00003e4e mov r7, r0 | r7 = r0;
0x00003e50 ldr.w r3, [r8, r3] | r3 = *((r8 + r3));
0x00003e54 ldr r4, [r3, 8] | r4 = *(0x3f10);
0x00003e56 blx 0x1ffc | fcn_00001ffc ();
0x00003e5a ldr r1, [pc, 0xc0] |
0x00003e5c movs r3, 3 | r3 = 3;
0x00003e5e str.w sb, [sp, 4] | __asm ("str.w sb, [var_4h]");
0x00003e62 mov r2, r4 | r2 = r4;
0x00003e64 add r1, pc | r1 = 0x7d86;
0x00003e66 str r1, [sp, 8] | var_8h = r1;
0x00003e68 ldr r1, [r0] | r1 = *(r0);
0x00003e6a ldr r0, [pc, 0xb4] |
0x00003e6c str r1, [sp] | *(sp) = r1;
0x00003e6e movw r1, 0x521 | r1 = 0x521;
0x00003e72 add r0, pc | r0 = 0x7d98;
0x00003e74 blx 0x1f3c | fcn_00001f3c ();
0x00003e78 movw r0, 0x9680 |
0x00003e7c movs r1, 0 | r1 = 0;
0x00003e7e movt r0, 0x98 | r0 = 0x989680;
0x00003e82 blx 0x2068 | fcn_00002068 ();
0x00003e86 b 0x3db0 | goto label_3;
| label_6:
0x00003e88 blx 0x1e90 | fcn_00001e90 ();
0x00003e8c ldr.w r3, [sl, 0x38] | r3 = *((sl + 0x38));
0x00003e90 movs r2, 0xc | r2 = 0xc;
0x00003e92 ldr r1, [pc, 0x90] |
0x00003e94 movs r0, 0xf | r0 = 0xf;
0x00003e96 mla r3, r2, r6, r3 | __asm ("mla r3, r2, r6, r3");
0x00003e9a add r1, pc | r1 = 0x7dc4;
0x00003e9c str.w r3, [sl, 0x68] | __asm ("str.w r3, [sl, 0x68]");
0x00003ea0 blx 0x21c4 | fcn_000021c4 ();
0x00003ea4 mov r1, r6 | r1 = r6;
0x00003ea6 mov r0, r4 | r0 = r4;
0x00003ea8 bl 0x37f4 | fcn_000037f4 (r0, r1, r2);
| label_4:
0x00003eac ldr.w r3, [sl, 0x38] | r3 = *((sl + 0x38));
0x00003eb0 str.w r3, [sl, 0x68] | __asm ("str.w r3, [sl, 0x68]");
0x00003eb4 blx 0x1f78 | fcn_00001f78 ();
0x00003eb8 ldr r3, [pc, 0x40] |
0x00003eba mov r1, r0 | r1 = r0;
0x00003ebc ldr r2, [r5] | r2 = *(r5);
0x00003ebe movs r0, 0x24 | r0 = 0x24;
0x00003ec0 mul r0, r4, r0 | r0 = r4 * r0;
0x00003ec4 movs r5, 0 | r5 = 0;
0x00003ec6 ldr.w r3, [r8, r3] | r3 = *((r8 + r3));
0x00003eca ldr r2, [r2, 0x14] | r2 = *((r2 + 0x14));
0x00003ecc ldr r3, [r3] |
0x00003ece ldr r3, [r3, 4] | r3 = *(0x3f00);
0x00003ed0 str r1, [r3, r0] | *((r3 + r0)) = r1;
0x00003ed2 add r3, r0 | r3 += r0;
0x00003ed4 str r2, [r3, 4] | *((r3 + 4)) = r2;
0x00003ed6 ldr r3, [pc, 0x28] | r3 = *(0x3f02);
0x00003ed8 ldr.w r3, [r8, r3] | r3 = *((r8 + r3));
0x00003edc str r5, [sp] | *(sp) = r5;
0x00003ede ldr r0, [r3] | r0 = *(0x3f02);
0x00003ee0 mov r3, r4 | r3 = r4;
0x00003ee2 blx 0x20e0 | fcn_000020e0 ();
0x00003ee6 mov r1, r5 | r1 = r5;
0x00003ee8 mov r0, r4 | r0 = r4;
0x00003eea bl 0x37f4 | fcn_000037f4 (r0, r1, r2);
0x00003eee nop |
0x00003ef0 orrs r0, r1 | r0 |= r1;
0x00003ef2 movs r1, r0 | r1 = r0;
0x00003ef4 cmn r6, r7 |
0x00003ef6 movs r1, r0 | r1 = r0;
0x00003ef8 eors r2, r7 | r2 ^= r7;
0x00003efa movs r1, r0 | r1 = r0;
0x00003efc lsls r4, r0, 8 | r4 = r0 << 8;
0x00003efe movs r0, r0 |
0x00003f00 lsls r0, r6, 7 | r0 = r6 << 7;
0x00003f02 movs r0, r0 |
0x00003f04 cmp r2, r4 |
0x00003f06 movs r1, r0 | r1 = r0;
0x00003f08 lsls r0, r5, 8 | r0 = r5 << 8;
0x00003f0a movs r0, r0 |
0x00003f0c cmp r7, 0x2e |
0x00003f0e movs r0, r0 |
0x00003f10 cmp r0, 0xcc |
0x00003f12 movs r0, r0 |
0x00003f14 adds r4, r2, r6 | r4 = r2 + r6;
0x00003f16 movs r0, r0 |
0x00003f18 cmp r0, 0x3c |
0x00003f1a movs r0, r0 |
0x00003f1c cmp r0, 0x28 |
0x00003f1e movs r0, r0 |
0x00003f20 adds r6, r2, r4 | r6 = r2 + r4;
0x00003f22 movs r0, r0 |
0x00003f24 bl 0xffdf7f26 | void (*0xffdf7f26)(uint32_t, uint32_t, uint32_t) (r0, r1, r2);
| }
[*] Function strcat used 1 times mod_mpm_worker.so
