[*] Binary protection state of inet_diag.ko
No RELRO No Canary found NX disabled REL No RPATH No RUNPATH Symbols
[*] Function strcpy tear down of inet_diag.ko
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis8/kernel/net/ipv4/inet_diag.ko @ 0x8000cec */
| #include <stdint.h>
|
; (fcn) sym.__inet_diag_dump_start () | void inet_diag_dump_start (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x08000cec push {r3, r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x08000cf0 stmdaeq r0, {r1, r2, r3, r6, r7, r8, sb, sl, lr} | __asm ("stmdaeq r0, {r1, r2, r3, r6, r7, r8, sb, sl, lr}");
0x08000cf4 stmdaeq r0, {r1, r2, r3, r6, r7, r8, sb, sl, lr} | __asm ("stmdaeq r0, {r1, r2, r3, r6, r7, r8, sb, sl, lr}");
0x08000cf8 mov r5, r0 | r5 = r0;
0x08000cfc mov r6, r1 | r6 = r1;
0x08000d00 mov r1, 0xdc0 | r1 = 0xdc0;
0x08000d04 ldr r0, [r3, 0x18] | r0 = *((r3 + 0x18));
0x08000d08 ldm r5, {r7, r8} | r7 = *(r5);
| r8 = *((r5 + 4));
0x08000d0c stmdaeq r0, {r1, r4, r6, r7, r8, sb, sl, lr} | __asm ("stmdaeq r0, {r1, r4, r6, r7, r8, sb, sl, lr}");
0x08000d10 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 == r0) {
0x08000d14 beq 0x8000f4c | goto label_1;
| }
0x08000d18 mov r1, r6 | r1 = r6;
0x08000d1c mov r0, r8 | r0 = r8;
0x08000d20 mov r2, r4 | r2 = r4;
0x08000d24 bl 0x8000070 | r0 = inet_diag_parse_attrs ();
0x08000d28 subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 != r0) {
0x08000d2c bne 0x8000eac | goto label_2;
| }
0x08000d30 ldr r8, [r4, 4] | r8 = *((r4 + 4));
0x08000d34 cmp r8, 0 |
| if (r8 != 0) {
0x08000d38 beq 0x8000df4 |
0x08000d3c mov r0, r7 | r0 = r7;
0x08000d40 mov r1, 0xc | r1 = 0xc;
0x08000d44 stmdaeq r0, {r1, r2, r4, r6, r7, r8, sb, sl, lr} | __asm ("stmdaeq r0, {r1, r2, r4, r6, r7, r8, sb, sl, lr}");
0x08000d48 ldrh r7, [r8] | r7 = *(r8);
0x08000d4c sub r7, r7, 4 | r7 -= 4;
0x08000d50 cmp r7, 3 |
| if (r7 < 3) {
0x08000d54 bls 0x8000ea8 | goto label_3;
| }
0x08000d58 add lr, r8, 4 | lr = r8 + 4;
0x08000d5c subs r2, r7, 0 | r2 = r7 - 0;
| if (r2 > r7) {
0x08000d60 ble 0x8000dec |
0x08000d64 mov ip, lr |
0x08000d68 ldrb r3, [ip] | r3 = *(ip);
0x08000d6c cmp r3, 0xd |
| if (r3 > 0xd) {
| /* switch table (14 cases) at 0x8000d78 */
0x08000d70 ldrls pc, [pc, r3, lsl 2] | offset_0 = r3 << 2;
| pc = *((pc + offset_0));
| }
0x08000d74 b 0x8000ea8 | goto label_3;
| }
0x08000dec cmp r2, 0 |
| if (r2 != 0) {
0x08000df0 bne 0x8000ea8 | goto label_3;
| }
| }
0x08000df4 ldr r0, [r4, 8] | r0 = *((r4 + 8));
0x08000df8 cmp r0, 0 |
| if (r0 != 0) {
0x08000dfc beq 0x8000e14 |
0x08000e00 stmdaeq r0, {r1, r3, r4, r6, r7, r8, sb, sl, lr} | __asm ("stmdaeq r0, {r1, r3, r4, r6, r7, r8, sb, sl, lr}");
0x08000e04 cmn r0, 0x1000 |
0x08000e08 mov r3, r0 | r3 = r0;
| if (r0 > 0x1000) {
0x08000e0c strls r0, [r4, 0x10] | *((r4 + 0x10)) = r0;
| }
| if (r0 > 0x1000) {
0x08000e10 bhi 0x8000f14 | goto label_4;
| }
| }
0x08000e14 str r4, [r5, 0x10] | *((r5 + 0x10)) = r4;
| do {
| label_0:
0x08000e18 mov r0, r6 | r0 = r6;
0x08000e1c pop {r3, r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_3:
0x08000ea8 mvn r6, 0x15 | r6 = ~0x15;
| label_2:
0x08000eac mov r0, r4 | r0 = r4;
0x08000eb0 stmdaeq r0, {r1, r2, r5, r7, r8, sb, sl, lr} | __asm ("stmdaeq r0, {r1, r2, r5, r7, r8, sb, sl, lr}");
0x08000eb4 mov r0, r6 | r0 = r6;
0x08000eb8 pop {r3, r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_4:
0x08000f14 mov r0, r4 | r0 = r4;
0x08000f18 mov r6, r3 | r6 = r3;
0x08000f1c stmdaeq r0, {r1, r2, r5, r7, r8, sb, sl, lr} | __asm ("stmdaeq r0, {r1, r2, r5, r7, r8, sb, sl, lr}");
0x08000f20 b 0x8000e18 |
| } while (1);
| label_1:
0x08000f4c mvn r6, 0xb | r6 = ~0xb;
0x08000f50 b 0x8000e18 | goto label_0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis8/kernel/net/ipv4/inet_diag.ko @ 0x8000784 */
| #include <stdint.h>
|
; (fcn) sym.inet_diag_cmd_exact () | void inet_diag_cmd_exact (int32_t arg_90h, int32_t arg1, int32_t arg2) {
| int32_t var_4h;
| int32_t var_8h;
| int32_t var_ch;
| int32_t var_10h;
| int32_t var_14h;
| int32_t var_18h;
| int32_t var_1ch;
| int32_t var_20h;
| int32_t var_28h;
| int32_t var_7ch;
| r0 = arg1;
| r1 = arg2;
0x08000784 push {r4, r5, r6, r7, lr} |
0x08000788 mov r5, r2 | r5 = r2;
0x0800078c mov r7, r1 | r7 = r1;
0x08000790 sub sp, sp, 0x7c |
0x08000794 mov r1, r3 | r1 = r3;
0x08000798 mov r6, r0 | r6 = r0;
0x0800079c add r2, sp, 4 | r2 += var_4h;
0x080007a0 mov r0, r5 | r0 = r5;
0x080007a4 mov r3, 0 | r3 = 0;
0x080007a8 str r3, [sp, 4] | var_4h = r3;
0x080007ac str r3, [sp, 8] | var_8h = r3;
0x080007b0 str r3, [sp, 0xc] | var_ch = r3;
0x080007b4 str r3, [sp, 0x10] | var_10h = r3;
0x080007b8 str r3, [sp, 0x14] | var_14h = r3;
0x080007bc bl 0x8000070 | r0 = inet_diag_parse_attrs ();
0x080007c0 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 != r0) {
0x080007c4 bne 0x800080c | goto label_2;
| }
0x080007c8 ldr r3, [sp, 0x10] | r3 = var_10h;
0x080007cc cmp r3, 0 |
| if (r3 != 0) {
0x080007d0 ldreq r3, [sp, 0x90] | r3 = *(arg_90h);
| }
| if (r3 == 0) {
0x080007d4 ldrne r0, [r3, 4] | r0 = *((r3 + 4));
| }
| if (r3 != 0) {
0x080007d8 ldrbeq r0, [r3, 1] | r0 = *((r3 + 1));
| }
0x080007dc bl 0x80005d8 | r0 = inet_diag_lock_handler ();
0x080007e0 mov r4, r0 | r4 = r0;
0x080007e4 cmn r0, 0x1000 |
| if (r0 <= 0x1000) {
0x080007e8 bhi 0x8000800 |
0x080007ec cmp r6, 0x14 |
| if (r6 == 0x14) {
0x080007f0 beq 0x8000818 | goto label_3;
| }
0x080007f4 cmp r6, 0x15 |
| if (r6 == 0x15) {
0x080007f8 beq 0x800085c | goto label_4;
| }
| label_0:
0x080007fc mvn r4, 0x5e | r4 = ~0x5e;
| }
| label_1:
0x08000800 stmdaeq r0, {r3, r4, r6, sb, sl, sp} | __asm ("stmdaeq r0, {r3, r4, r6, sb, sl, sp}");
0x08000804 stmdaeq r0, {r3, r4, r6, sb, sl, sp} | __asm ("stmdaeq r0, {r3, r4, r6, sb, sl, sp}");
0x08000808 stmdaeq r0, {r1, r2, r3, r4, r7, r8, sb, sl, lr} | __asm ("stmdaeq r0, {r1, r2, r3, r4, r7, r8, sb, sl, lr}");
| do {
| label_2:
0x0800080c mov r0, r4 | r0 = r4;
0x08000810 add sp, sp, 0x7c |
0x08000814 pop {r4, r5, r6, r7, pc} |
| label_3:
0x08000818 mov r2, 0x58 | r2 = 0x58;
0x0800081c mov r1, 0 | r1 = 0;
0x08000820 add r0, sp, 0x20 | r0 += var_20h;
0x08000824 stmdaeq r0, {r1, r4, r5, r7, r8, sb, sl, lr} | __asm ("stmdaeq r0, {r1, r4, r5, r7, r8, sb, sl, lr}");
0x08000828 add r3, sp, 4 | r3 += var_4h;
0x0800082c str r5, [sp, 0x1c] | var_1ch = r5;
0x08000830 add r0, sp, 0x18 | r0 += var_18h;
0x08000834 str r3, [sp, 0x28] | var_28h = r3;
0x08000838 ldr r1, [sp, 0x90] | r1 = *(arg_90h);
0x0800083c ldr r3, [r4, 4] | r3 = *((r4 + 4));
0x08000840 str r7, [sp, 0x18] | var_18h = r7;
0x08000844 blx r3 | r0 = uint32_t (*r3)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x08000848 mov r4, r0 | r4 = r0;
0x0800084c stmdaeq r0, {r3, r4, r6, sb, sl, sp} | __asm ("stmdaeq r0, {r3, r4, r6, sb, sl, sp}");
0x08000850 stmdaeq r0, {r3, r4, r6, sb, sl, sp} | __asm ("stmdaeq r0, {r3, r4, r6, sb, sl, sp}");
0x08000854 stmdaeq r0, {r1, r2, r3, r4, r7, r8, sb, sl, lr} | __asm ("stmdaeq r0, {r1, r2, r3, r4, r7, r8, sb, sl, lr}");
0x08000858 b 0x800080c |
| } while (1);
| label_4:
0x0800085c ldr r3, [r0, 0x14] | r3 = *((r0 + 0x14));
0x08000860 cmp r3, 0 |
| if (r3 == 0) {
0x08000864 beq 0x80007fc | goto label_0;
| }
0x08000868 ldr r1, [sp, 0x90] | r1 = *(arg_90h);
0x0800086c mov r0, r7 | r0 = r7;
0x08000870 blx r3 | r0 = uint32_t (*r3)(uint32_t, uint32_t) (r0, r1);
0x08000874 mov r4, r0 | r4 = r0;
0x08000878 b 0x8000800 | goto label_1;
| }
[*] Function strcpy used 1 times inet_diag.ko
