[*] Binary protection state of io_cgi
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of io_cgi
addiu sp, sp, -0x30
lw v0, 0x10(a0)
sw gp, 0x10(sp)
sw s0, 0x18(sp)
sw ra, 0x2c(sp)
move s0, a0
sw s4, 0x28(sp)
sw s3, 0x24(sp)
sw s2, 0x20(sp)
sw s1, 0x1c(sp)
bnez v0, 0x41e0
move a0, a3
beqz a1, 0x4130
lw s1, -0x7fd0(gp)
lw t9, -sym.imp.g_string_append(gp)
addiu a1, s1, -0x4b90
jalr t9
move s2, a2
lw v1, 0x14(s0)
lw gp, 0x10(sp)
bnez v1, 0x4238
move s4, v0
lw a3, -0x7fd0(gp)
addiu a3, a3, -0x4b9c
lw s3, -0x7fd0(gp)
lw t9, -sym.imp.g_string_append_printf(gp)
move a2, s2
addiu a1, s3, -0x4b60
jalr t9
move a0, s4
lw gp, 0x10(sp)
addiu a1, s1, -0x4b90
lw t9, -sym.imp.g_string_append(gp)
jalr t9
move a0, s4
lw v1, 0x18(s0)
bnez v1, 0x42ec
lw gp, 0x10(sp)
lw v1, 0x14(s0)
bnez v1, 0x42e4
lw a3, -0x7fd0(gp)
lw a3, -0x7fd0(gp)
addiu a3, a3, -0x4b94
lw ra, 0x2c(sp)
lw s4, 0x28(sp)
lw s1, 0x1c(sp)
lw s0, 0x18(sp)
move a2, s2
addiu a1, s3, -0x4b60
lw s2, 0x20(sp)
lw s3, 0x24(sp)
lw t9, -sym.imp.g_string_append_printf(gp)
move a0, v0
jr t9
addiu sp, sp, 0x30
lw t9, -sym.imp.g_string_append(gp)
jalr t9
addiu a1, s1, -0x4b90
lw v1, 0x18(s0)
lw gp, 0x10(sp)
bnez v1, 0x4244
move s2, v0
lw s3, 0x14(s0)
lw a2, (s0)
lw v1, 0xc(s0)
move v0, s3
beqz v1, 0x425c
addiu a2, a2, 1
bnez v0, 0x432c
lw a3, -0x7fd0(gp)
lw a3, -0x7fd0(gp)
addiu a3, a3, -0x4b9c
lw s4, -0x7fd0(gp)
lw t9, -sym.imp.g_string_append_printf(gp)
addiu a1, s4, -0x4b54
jalr t9
move a0, s2
lw gp, 0x10(sp)
addiu a1, s1, -0x4b90
lw t9, -sym.imp.g_string_append(gp)
jalr t9
move a0, s2
lw a2, (s0)
lw gp, 0x10(sp)
bnez s3, 0x4318
addiu a2, a2, 1
lw a3, -0x7fd0(gp)
lw t9, -sym.imp.g_string_append_printf(gp)
addiu a3, a3, -0x4b94
addiu a1, s4, -0x4b54
lw ra, 0x2c(sp)
lw s4, 0x28(sp)
lw s3, 0x24(sp)
lw s2, 0x20(sp)
lw s1, 0x1c(sp)
lw s0, 0x18(sp)
move a0, v0
jr t9
addiu sp, sp, 0x30
lw a1, -0x7fd0(gp)
lw t9, -sym.imp.g_string_append(gp)
jalr t9
addiu a1, a1, -0x4b90
lw v1, 0x14(s0)
lw gp, 0x10(sp)
bnez v1, 0x42d8
lw a2, (s0)
lw a3, -0x7fd0(gp)
addiu a3, a3, -0x4b9c
lw a1, -0x7fd0(gp)
lw ra, 0x2c(sp)
lw s4, 0x28(sp)
lw s3, 0x24(sp)
lw s2, 0x20(sp)
lw s1, 0x1c(sp)
lw s0, 0x18(sp)
lw t9, -sym.imp.g_string_append_printf(gp)
addiu a1, a1, -0x4b60
move a0, v0
jr t9
addiu sp, sp, 0x30
lw a3, -0x7fd0(gp)
b 0x40b4
addiu a3, a3, -0x4ba0
lw v0, 0x14(s0)
lw a2, (s0)
lw v1, 0xc(s0)
sltiu s3, v0, 1
bnez v1, 0x4164
addiu a2, a2, 1
bnez v0, 0x4310
lw a3, -0x7fd0(gp)
lw a3, -0x7fd0(gp)
addiu a3, a3, -0x4b9c
lw s4, -0x7fd0(gp)
lw t9, -sym.imp.g_string_append_printf(gp)
addiu a1, s4, -0x4b48
jalr t9
move a0, s2
lw gp, 0x10(sp)
addiu a1, s1, -0x4b90
lw t9, -sym.imp.g_string_append(gp)
jalr t9
move a0, s2
lw a2, (s0)
lw gp, 0x10(sp)
bnez s3, 0x42fc
addiu a2, a2, 1
lw a3, -0x7fd0(gp)
lw t9, -sym.imp.g_string_append_printf(gp)
addiu a3, a3, -0x4b94
addiu a1, s4, -0x4b48
lw ra, 0x2c(sp)
lw s4, 0x28(sp)
lw s3, 0x24(sp)
lw s2, 0x20(sp)
lw s1, 0x1c(sp)
lw s0, 0x18(sp)
move a0, v0
jr t9
addiu sp, sp, 0x30
lw a3, -0x7fd0(gp)
b 0x4208
addiu a3, a3, -0x4ba0
b 0x4100
addiu a3, a3, -0x4b98
lw v1, 0x14(s0)
sltiu v1, v1, 1
b 0x40f0
sw v1, 0x14(s0)
lw a3, -0x7fd0(gp)
lw t9, -sym.imp.g_string_append_printf(gp)
addiu a3, a3, -0x4b98
b 0x42b4
addiu a1, s4, -0x4b48
b 0x426c
addiu a3, a3, -0x4ba0
lw a3, -0x7fd0(gp)
lw t9, -sym.imp.g_string_append_printf(gp)
addiu a3, a3, -0x4b98
b 0x41bc
addiu a1, s4, -0x4b54
b 0x4174
addiu a3, a3, -0x4ba0
lui gp, 2
addiu gp, gp, 0xcdc
addu gp, gp, t9
lw v0, 0x14(a2)
beql v0, a1, 0x4354
lw t9, -sym.imp.g_mutex_lock(gp)
jr ra
nop
addiu sp, sp, -0x20
move a0, a2
sw ra, 0x1c(sp)
sw s0, 0x18(sp)
sw gp, 0x10(sp)
jalr t9
move s0, a2
--
beqz a0, 0x4814
lw gp, 0x10(sp)
beqz v0, 0x481c
nop
bnez s2, 0x4824
addiu s1, s1, 1
lw a1, 4(fp)
addu a1, s4, a1
bnel a1, s0, 0x4838
lw a2, (s3)
beqz v0, 0x4864
lw a1, 0x4c(sp)
lw v0, (s3)
beq a1, v0, 0x4b1c
addiu v0, zero, 1
sw v0, 0x18(sp)
lw v0, 0x84(sp)
bnez v0, 0x4b40
lw v0, 0x88(sp)
beqz v0, 0x4a6c
move a2, s0
bnez a0, 0x48e8
lw a3, 0x44(sp)
lw a3, 0x40(sp)
lw a1, -0x7fd0(gp)
lw t9, -sym.imp.g_string_append_printf(gp)
addiu a1, a1, -0x49f8
jalr t9
lw a0, 0x20(sp)
lw s7, 4(s7)
addiu v0, zero, 1
lw gp, 0x10(sp)
bnez s7, 0x4870
sw v0, 0x1c(sp)
lw v0, 0x18(sp)
beql v0, zero, 0x491c
sw zero, 0x1c(sp)
addiu s3, s3, 4
lw a0, (s3)
beqz a0, 0x493c
lw v0, 0x1c(sp)
lb v0, (a0)
bnez v0, 0x47d0
lw t9, -sym.imp.g_ascii_strtoll(gp)
lw v0, 0x1c(sp)
bnez v0, 0x4978
--
addiu v0, zero, 1
lw a2, 4(fp)
sw v0, 0x18(sp)
addu a2, s4, a2
lw v0, 0x90(sp)
beqz v0, 0x4ab0
addu v0, s6, s4
addu v0, s1, s4
bnel v0, s0, 0x4868
lw s7, 4(s7)
beql a0, zero, 0x4868
lw s7, 4(s7)
lw v0, 0x84(sp)
bnez v0, 0x4b98
lw v0, 0x88(sp)
bnel v0, zero, 0x48e8
lw a3, 0x44(sp)
lw v0, 0x14(fp)
bnez v0, 0x4b8c
lw a3, 8(fp)
sltu a3, zero, a3
beqz s2, 0x4b6c
lw v0, 0x2c(sp)
lw v0, 0x90(sp)
bnez v0, 0x4bb8
lw t9, -sym.imp.g_string_append_printf(gp)
lw a1, -0x7fd0(gp)
addu a2, s6, s4
b 0x48f4
addiu a1, a1, -0x49e0
bnel v1, zero, 0x4838
lw a2, (s3)
b 0x4a18
nop
bnel v0, s0, 0x4868
lw s7, 4(s7)
bnel a0, zero, 0x4868
lw s7, 4(s7)
lw v0, 0x84(sp)
beqz v0, 0x4c14
lw a1, -0x7fd0(gp)
lw t9, -sym.imp.g_string_append_printf(gp)
lw a0, 0x20(sp)
move a2, s0
jalr t9
addiu a1, a1, -0x4a10
lw gp, 0x10(sp)
lw v0, 8(fp)
bnel v0, zero, 0x4af8
lw a2, 0x38(sp)
lw a2, -0x7fd0(gp)
addiu a2, a2, -0x4ac0
lw a1, -0x7fd0(gp)
lw t9, -sym.imp.g_string_append_printf(gp)
lw a0, 0x20(sp)
jalr t9
addiu a1, a1, -0x49fc
addiu v0, zero, 1
lw gp, 0x10(sp)
b 0x4864
sw v0, 0x1c(sp)
addiu v0, zero, 1
b 0x4864
sw v0, 0x18(sp)
bnel s2, zero, 0x4a3c
lw v0, 0x90(sp)
b 0x48cc
lw v0, 0x84(sp)
b 0x491c
sw zero, 0x1c(sp)
lw v0, 0x24(sp)
lw t9, -sym.imp.g_string_append_printf(gp)
lw a0, 0x20(sp)
addiu a1, v0, -0x4a04
jalr t9
move a2, s0
lw v0, 8(fp)
beqz v0, 0x4af0
lw gp, 0x10(sp)
b 0x4af8
lw a2, 0x38(sp)
lw t9, -sym.imp.g_string_append_printf(gp)
addiu a1, v0, -0x49d0
lw a0, 0x20(sp)
addiu v0, zero, 1
jalr t9
sw v0, 0x1c(sp)
b 0x4864
lw gp, 0x10(sp)
sltiu a3, a3, 1
b 0x4a7c
sw a3, 8(fp)
lw a1, -0x7fd0(gp)
lw t9, -sym.imp.g_string_append_printf(gp)
lw a0, 0x20(sp)
move a2, s0
jalr t9
addiu a1, a1, -0x4a1c
b 0x4ae4
lw gp, 0x10(sp)
lw a1, -0x7fd0(gp)
addu a2, s1, s4
b 0x48f4
addiu a1, a1, -0x49ec
lw a3, -0x7fd0(gp)
lw a2, -0x7fd0(gp)
lw t9, -sym.imp.g_log(gp)
addiu a3, a3, -0x4b64
addiu a2, a2, -0x4aa4
addiu a1, zero, 0x10
jalr t9
move a0, zero
lw gp, 0x10(sp)
lw a0, 0x34(sp)
--
addiu a2, zero, 0xa
jalr t9
move a1, fp
lw gp, 0x10(sp)
lw a0, 0x18(s0)
move a1, s2
lw t9, -sym.imp.g_hash_table_lookup(gp)
jalr t9
move s1, v0
beqz v0, 0x5c10
lw gp, 0x10(sp)
addiu v0, zero, 1
lw a0, (s7)
lw v1, 0x34(sp)
beql a0, v1, 0x5acc
addiu s7, s7, 4
lw a2, 4(s0)
addiu a2, a2, 1
bne a2, s1, 0x5acc
addiu s7, s7, 4
beqz v0, 0x5acc
nop
lw a3, 8(s0)
lw a0, 0x20(sp)
lw v1, 0x24(sp)
lw t9, -sym.imp.g_string_append_printf(gp)
movn v1, a0, a3
lw a0, 0x1c(sp)
move a3, v1
move a1, s4
jalr t9
sw v0, 0x18(sp)
lw a0, (s7)
bnez a0, 0x5ad8
lw gp, 0x10(sp)
lw s3, 4(s3)
bnel s3, zero, 0x5aac
lw a0, (s6)
lw v0, 0x18(sp)
beqz v0, 0x5c30
lw a1, -0x7fd0(gp)
lw t9, -sym.imp.g_strfreev(gp)
jalr t9
move a0, s6
lw gp, 0x10(sp)
lw t9, -sym.imp.g_list_free_full(gp)
[*] Function printf used 17 times io_cgi
