[*] Binary protection state of pidstat
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of pidstat
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/bin/pidstat @ 0x6e6c */
| #include <stdint.h>
|
; (fcn) fcn.00006e6c () | void fcn_00006e6c (int16_t arg1) {
| int32_t var_0h;
| int32_t var_0h_2;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_1ch;
| int16_t var_4h;
| r0 = arg1;
0x00006e6c push {r1, r2, r3} |
0x00006e6e mov.w r3, 0x400 | r3 = 0x400;
0x00006e72 ldr r1, [pc, 0x74] |
0x00006e74 ldr.w ip, [pc, 0x74] | ip = *(0x00006eec);
0x00006e78 add r1, pc | r1 = 0xdd66;
0x00006e7a push {r4, r5, lr} |
0x00006e7c mov r5, r0 | r5 = r0;
0x00006e7e addw r0, r1, 0x40c | __asm ("addw r0, r1, 0x40c");
0x00006e82 sub sp, 0x10 |
0x00006e84 add ip, pc |
0x00006e86 ldr r1, [pc, 0x68] |
0x00006e88 add r2, sp, 0x1c | r2 += var_1ch;
0x00006e8a ldr r4, [r2], 4 | r4 = *(r2);
| r2 += 4;
0x00006e8e ldr.w r1, [ip, r1] | r1 = *((ip + r1));
0x00006e92 ldr r1, [r1] | r1 = *(0x6ef2);
0x00006e94 str r1, [sp, 0xc] | var_ch = r1;
0x00006e96 mov.w r1, 0 | r1 = 0;
0x00006e9a strd r4, r2, [sp] | __asm ("strd r4, r2, [sp]");
0x00006e9e str r2, [sp, 8] | var_8h = r2;
0x00006ea0 mov r1, r3 | r1 = r3;
0x00006ea2 movs r2, 1 | r2 = 1;
0x00006ea4 blx 0xf64 | vsnprintf_chk ()
0x00006ea8 cmp r5, 0 |
| if (r5 <= 0) {
0x00006eaa ble 0x6eba | goto label_0;
| }
0x00006eac movs r4, 0 | r4 = 0;
| do {
0x00006eae movs r0, 9 | r0 = 9;
0x00006eb0 adds r4, 1 | r4++;
0x00006eb2 blx 0x1134 | fcn_00001134 ();
0x00006eb6 cmp r5, r4 |
0x00006eb8 bne 0x6eae |
| } while (r5 != r4);
| label_0:
0x00006eba ldr r0, [pc, 0x38] |
0x00006ebc add r0, pc | r0 = 0xddb6;
0x00006ebe addw r0, r0, 0x40c | __asm ("addw r0, r0, 0x40c");
0x00006ec2 blx 0x1058 | fcn_00001058 ();
0x00006ec6 ldr r2, [pc, 0x30] |
0x00006ec8 ldr r3, [pc, 0x24] | r3 = *(0x6ef0);
0x00006eca add r2, pc | r2 = 0xddc8;
0x00006ecc ldr r3, [r2, r3] | r3 = *(0xddc8);
0x00006ece ldr r2, [r3] | r2 = *(0xddc8);
0x00006ed0 ldr r3, [sp, 0xc] | r3 = var_ch;
0x00006ed2 eors r2, r3 | r2 ^= r3;
0x00006ed4 mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x00006ed8 bne 0x6ee4 |
0x00006eda add sp, 0x10 |
0x00006edc pop.w {r4, r5, lr} |
0x00006ee0 add sp, 0xc |
0x00006ee2 bx lr | return;
| }
0x00006ee4 blx 0xfa0 | stack_chk_fail ();
0x00006ee8 ldr r4, [r5, 0x58] | r4 = *((r5 + 0x58));
0x00006eea movs r1, r0 | r1 = r0;
0x00006eec ands r4, r0 | r4 &= r0;
0x00006eee movs r1, r0 | r1 = r0;
0x00006ef0 lsls r4, r1, 5 | r4 = r1 << 5;
0x00006ef2 movs r0, r0 |
0x00006ef4 ldr r0, [r5, 0x54] | r0 = *((r5 + 0x54));
0x00006ef6 movs r1, r0 | r1 = r0;
0x00006ef8 subs r7, 0xbe | r7 -= 0xbe;
0x00006efa movs r1, r0 | r1 = r0;
| }
[*] Function printf used 2 times pidstat
