[*] Binary protection state of motion
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of motion
lw s7, -0x7fd8(gp)
sw v0, 0x24(sp)
lw v0, -0x7fd8(gp)
lw s6, -0x7fd8(gp)
sw v0, 0x28(sp)
lw v0, -0x7fd8(gp)
lw s5, -0x7fd8(gp)
sw v0, 0x2c(sp)
lw v0, -0x7fd8(gp)
move a1, zero
addiu v0, v0, 0x213c
sw v0, 0x30(sp)
lw v0, -0x7fd8(gp)
addiu s4, sp, 0x50
addiu v0, v0, 0x1d1c
sw v0, 0x34(sp)
lw v0, -0x7fd8(gp)
addiu v0, v0, 0x1d24
sw v0, 0x38(sp)
lw v0, -0x7fd8(gp)
addiu v0, v0, 0x1d30
sw v0, 0x3c(sp)
lw v0, -0x7fd8(gp)
addiu v0, v0, 0x1d38
sw v0, 0x40(sp)
lw t9, -sym.imp.g_strdup_printf(gp)
jalr t9
lw a0, 0x30(sp)
lw gp, 0x18(sp)
lw a0, 0xc(s3)
move a1, s4
lw t9, -sym.imp.g_hash_table_lookup(gp)
jalr t9
move s0, v0
lw gp, 0x18(sp)
lw a3, (v0)
lw a2, 0x34(sp)
lw t9, -sym.imp.g_key_file_set_string(gp)
move a1, s0
move a0, s2
jalr t9
move s1, v0
lw gp, 0x18(sp)
lw a3, 4(s1)
lw a2, 0x38(sp)
lw t9, -sym.imp.g_key_file_set_integer(gp)
--
lw t9, -sym.imp.g_hash_table_insert(gp)
jalr t9
move a0, s1
lw gp, 0x20(sp)
lw t9, -sym.imp.g_hash_table_size(gp)
jalr t9
move a0, s1
beqz v0, 0xa0bc
lw gp, 0x20(sp)
beqz s1, 0x9a68
lw v0, -0x7fd8(gp)
lw t9, -sym.imp.g_string_new(gp)
addiu a0, v0, 0x14f4
jalr t9
sw v0, 0x2c(sp)
lw t9, 0x28(sp)
move a0, s3
jalr t9
move s5, v0
move s2, v0
lw gp, 0x20(sp)
lw a2, 4(s2)
addiu v0, zero, -1
lw s3, -0x7fd8(gp)
bne a2, v0, 0x996c
lw t9, -sym.imp.g_strdup_printf(gp)
lw a2, 4(s4)
lw a0, -0x7fd8(gp)
addiu a1, s3, 0x1e00
jalr t9
addiu a0, a0, 0x1f24
lw gp, 0x20(sp)
addiu a0, zero, 4
lw t9, -sym.imp.g_malloc(gp)
jalr t9
move s4, v0
lw gp, 0x20(sp)
lw v1, 0x58(sp)
lw a0, 0xc(s0)
lw t9, -sym.imp.g_hash_table_replace(gp)
move a2, s2
move a1, v0
jalr t9
sw v1, (v0)
lw gp, 0x20(sp)
lw t9, -sym.imp.configuration_event_initialize_change_string(gp)
--
lw v0, 0x54(sp)
lw v1, 0x2c(sp)
lw a2, -0x7fd8(gp)
lw v0, 8(v0)
lw t9, -sym.imp.g_log(gp)
addiu a3, v1, 0x14f4
addiu a2, a2, 0x1fac
addiu a1, zero, 0x100
move a0, zero
jalr t9
sw v0, 0x10(sp)
lw gp, 0x20(sp)
lw t9, -sym.imp.g_error_free(gp)
jalr t9
lw a0, 0x54(sp)
b 0x9a24
sw zero, 0x54(sp)
lw a1, -0x7fd8(gp)
lw a2, (s2)
lw t9, -sym.imp.configuration_event_append_escaped_pair_to_change_string(gp)
lw s6, -0x7fd8(gp)
jalr t9
addiu a1, a1, 0x1154
lw gp, 0x20(sp)
lw a1, 8(s2)
lw t9, -sym.imp.g_strdup_printf(gp)
jalr t9
addiu a0, s6, 0x213c
lw gp, 0x20(sp)
lw a0, (s0)
move a2, v0
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.configuration_event_append_escaped_pair_to_change_string(gp)
addiu a1, a1, 0x1148
jalr t9
move s7, v0
lw gp, 0x20(sp)
lw t9, -0x7bb0(gp)
jalr t9
move a0, s7
lw gp, 0x20(sp)
lw a1, 0x10(s2)
lw t9, -sym.imp.g_strdup_printf(gp)
jalr t9
addiu a0, s6, 0x213c
lw gp, 0x20(sp)
lw a0, (s0)
move a2, v0
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.configuration_event_append_escaped_pair_to_change_string(gp)
addiu a1, a1, 0x110c
jalr t9
move s7, v0
lw gp, 0x20(sp)
lw t9, -0x7bb0(gp)
jalr t9
move a0, s7
lw gp, 0x20(sp)
lw a1, 0x14(s2)
lw t9, -sym.imp.g_strdup_printf(gp)
jalr t9
addiu a0, s6, 0x213c
lw gp, 0x20(sp)
lw a0, (s0)
move a2, v0
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.configuration_event_append_escaped_pair_to_change_string(gp)
addiu a1, a1, 0x1114
jalr t9
move s7, v0
lw gp, 0x20(sp)
lw t9, -0x7bb0(gp)
jalr t9
move a0, s7
lw gp, 0x20(sp)
lw a1, 0x18(s2)
lw t9, -sym.imp.g_strdup_printf(gp)
jalr t9
addiu a0, s6, 0x213c
lw gp, 0x20(sp)
lw a0, (s0)
move a2, v0
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.configuration_event_append_escaped_pair_to_change_string(gp)
addiu a1, a1, 0x111c
jalr t9
move s7, v0
lw gp, 0x20(sp)
lw t9, -0x7bb0(gp)
jalr t9
move a0, s7
lw gp, 0x20(sp)
lw a1, 0x1c(s2)
lw t9, -sym.imp.g_strdup_printf(gp)
jalr t9
addiu a0, s6, 0x213c
lw gp, 0x20(sp)
lw a0, (s0)
move a2, v0
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.configuration_event_append_escaped_pair_to_change_string(gp)
addiu a1, a1, 0x1120
jalr t9
move s7, v0
lw gp, 0x20(sp)
lw t9, -0x7bb0(gp)
jalr t9
move a0, s7
lw gp, 0x20(sp)
lw v1, 0x34(sp)
lw a2, 0x20(s2)
lw v0, 0x38(sp)
lw a1, -0x7fd8(gp)
movn v0, v1, a2
lw a0, (s0)
lw t9, -sym.imp.configuration_event_append_escaped_pair_to_change_string(gp)
move a2, v0
jalr t9
addiu a1, a1, 0x1ee0
lw gp, 0x20(sp)
lw a1, 0x24(s2)
lw t9, -sym.imp.g_strdup_printf(gp)
jalr t9
addiu a0, s6, 0x213c
lw gp, 0x20(sp)
lw a0, (s0)
move a2, v0
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.configuration_event_append_escaped_pair_to_change_string(gp)
addiu a1, a1, 0x1128
jalr t9
move s7, v0
lw gp, 0x20(sp)
lw t9, -0x7bb0(gp)
jalr t9
move a0, s7
lw gp, 0x20(sp)
lw a1, 0x28(s2)
lw t9, -sym.imp.g_strdup_printf(gp)
jalr t9
addiu a0, s6, 0x213c
lw gp, 0x20(sp)
lw a0, (s0)
move a2, v0
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.configuration_event_append_escaped_pair_to_change_string(gp)
addiu a1, a1, 0x1134
jalr t9
move s7, v0
lw gp, 0x20(sp)
lw t9, -0x7bb0(gp)
jalr t9
move a0, s7
lw gp, 0x20(sp)
lw a1, 0x2c(s2)
lw t9, -sym.imp.g_strdup_printf(gp)
jalr t9
addiu a0, s6, 0x213c
lw gp, 0x20(sp)
lw a0, (s0)
move a2, v0
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.configuration_event_append_escaped_pair_to_change_string(gp)
addiu a1, a1, 0x113c
jalr t9
move s2, v0
lw gp, 0x20(sp)
lw t9, -0x7bb0(gp)
jalr t9
move a0, s2
lw gp, 0x20(sp)
lw a0, (s0)
b 0x99f0
move v1, zero
lw a0, -0x7fd8(gp)
lw t9, -sym.imp.g_variant_builder_new(gp)
--
lw t9, -sym.imp.g_hash_table_iter_init(gp)
sw v0, 0x3c(sp)
move a0, v0
move a1, s1
sw zero, 0x5c(sp)
jalr t9
sw zero, 0x60(sp)
lw gp, 0x20(sp)
addiu s7, sp, 0x60
addiu s6, sp, 0x5c
lw v0, -0x7fd8(gp)
sw v0, 0x44(sp)
lw v0, -0x7fd8(gp)
addiu v0, v0, 0x1f40
sw v0, 0x48(sp)
lw v0, -0x7fd8(gp)
b 0x9fa0
sw v0, 0x4c(sp)
lw t9, -sym.imp.g_variant_get_boolean(gp)
jalr t9
move a0, s2
lw gp, 0x20(sp)
lw a1, 0x38(sp)
lw v1, 0x34(sp)
lw a0, -0x7fd8(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
movn a1, v1, v0
jalr t9
addiu a0, a0, 0x1dec
lw gp, 0x20(sp)
move s2, v0
lw t9, -sym.imp.configuration_event_append_escaped_pair_to_change_string(gp)
lw a1, 0x5c(sp)
lw a0, (s0)
jalr t9
move a2, s2
lw gp, 0x20(sp)
lw a2, 0x5c(sp)
move a3, s2
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.g_string_append_printf(gp)
addiu a1, a1, 0x1f70
jalr t9
move a0, s5
lw gp, 0x20(sp)
lw t9, -0x7bb0(gp)
jalr t9
move a0, s2
lw gp, 0x20(sp)
lw t9, -sym.imp.g_hash_table_iter_next(gp)
lw a0, 0x3c(sp)
move a2, s7
jalr t9
move a1, s6
beqz v0, 0xa14c
lw gp, 0x20(sp)
lw s2, 0x60(sp)
beqz s2, 0xa03c
lw t9, -sym.imp.g_variant_get_type(gp)
jalr t9
move a0, s2
lw gp, 0x20(sp)
lw v1, 0x44(sp)
sw v0, 0x30(sp)
lw t9, -sym.imp.g_variant_type_equal(gp)
addiu a1, v1, 0x1f3c
jalr t9
move a0, v0
bnez v0, 0x9f24
lw gp, 0x20(sp)
lw t9, -sym.imp.g_variant_type_equal(gp)
lw a1, 0x48(sp)
jalr t9
lw a0, 0x30(sp)
beqz v0, 0xa068
lw gp, 0x20(sp)
lw t9, -sym.imp.g_variant_get_int32(gp)
jalr t9
move a0, s2
lw gp, 0x20(sp)
move a1, v0
lw a0, -0x7fd8(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
jalr t9
addiu a0, a0, 0x213c
move s2, v0
b 0x9f58
lw gp, 0x20(sp)
lw v0, -0x7fd8(gp)
lw a3, -0x7fd8(gp)
lw a1, -0x7fd8(gp)
addiu v0, v0, 0x1f2c
lw t9, -sym.imp.g_assertion_message_expr(gp)
sw v0, 0x10(sp)
addiu a3, a3, 0x2590
addiu a2, zero, 0xf
addiu a1, a1, 0x1d0c
jalr t9
move a0, zero
lw v0, 0x4c(sp)
lw t9, -sym.imp.g_variant_type_equal(gp)
lw a0, 0x30(sp)
jalr t9
--
lw a0, 0x30(sp)
jalr t9
addiu a1, a1, 0xf94
beqz v0, 0xa160
lw gp, 0x20(sp)
lw t9, -sym.imp.g_variant_dup_string(gp)
move a0, s2
jalr t9
move a1, zero
move s2, v0
b 0x9f58
lw gp, 0x20(sp)
lw t9, -sym.imp.g_hash_table_destroy(gp)
jalr t9
move a0, s1
move s1, zero
b 0x9a68
lw gp, 0x20(sp)
lw t9, -sym.imp.g_variant_get_int64(gp)
jalr t9
move a0, s2
lw gp, 0x20(sp)
move a2, v0
move a3, v1
lw a0, -0x7fd8(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
jalr t9
addiu a0, a0, 0x1f44
move s2, v0
b 0x9f58
lw gp, 0x20(sp)
lw v0, 0x54(sp)
lw a3, -0x7fd8(gp)
lw a2, -0x7fd8(gp)
lw v0, 8(v0)
lw t9, -sym.imp.g_log(gp)
addiu a3, a3, 0x14f4
addiu a2, a2, 0x1ff0
addiu a1, zero, 0x10
move a0, zero
jalr t9
sw v0, 0x10(sp)
lw gp, 0x20(sp)
lw t9, -sym.imp.g_error_free(gp)
jalr t9
lw a0, 0x54(sp)
--
move a0, s2
lw v1, 0x40(sp)
lw gp, 0x18(sp)
bnez v1, 0xbdb4
sw v0, 0x14(s0)
lw v0, 4(s0)
blez v0, 0xc098
lw v0, -0x7fd8(gp)
sw v0, 0x24(sp)
lw v0, -0x7fd8(gp)
sw v0, 0x28(sp)
lw v0, -0x7fd8(gp)
addiu v0, v0, 0x1d24
sw v0, 0x2c(sp)
lw v0, -0x7fd8(gp)
sw v0, 0x30(sp)
lw v0, -0x7fd8(gp)
addiu v0, v0, 0x1d38
sw v0, 0x34(sp)
lw v0, -0x7fd8(gp)
sw v0, 0x38(sp)
lw v0, -0x7fd8(gp)
addiu v0, v0, -0x6c50
sw v0, 0x3c(sp)
lw v0, 0x24(sp)
lw t9, -sym.imp.g_strdup_printf(gp)
move a1, s6
jalr t9
addiu a0, v0, 0x213c
lw gp, 0x18(sp)
addiu a0, zero, 0x30
lw t9, -sym.imp.g_malloc0(gp)
jalr t9
move s4, v0
lw gp, 0x18(sp)
lw v1, 0x28(sp)
move a3, s1
lw t9, -sym.imp.g_key_file_get_string(gp)
addiu a2, v1, 0x1d1c
move a1, s4
move a0, s2
jalr t9
move s7, v0
lw v1, 0x40(sp)
lw gp, 0x18(sp)
bnez v1, 0xbe18
[*] Function printf used 15 times motion
