[*] Binary protection state of snmpd
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of snmpd
jalr t9
sw fp, 0x40(sp)
lw gp, 0x30(sp)
addiu a1, zero, 0x3ff
move a0, fp
lw a2, -0x7fdc(gp)
lw t9, -sym.imp.g_strstr_len(gp)
jalr t9
addiu a2, a2, 0x75c8
beqz v0, 0x2d790
lw gp, 0x30(sp)
sb zero, (v0)
addiu v0, sp, 0x5c
sw v0, 0x48(sp)
lw v0, -0x7fdc(gp)
sw zero, 0x38(sp)
addiu v0, v0, 0x71d0
sw zero, 0x50(sp)
addiu fp, sp, 0x464
b 0x2d4cc
sw v0, 0x44(sp)
lw v0, 0x38(sp)
addiu v0, v0, 1
sw v0, 0x38(sp)
lw v0, 0x38(sp)
lw t9, -sym.imp.g_snprintf(gp)
lw a3, 0x40(sp)
lw a2, 0x44(sp)
addiu a1, zero, 0x3ff
move a0, fp
jalr t9
sw v0, 0x10(sp)
lw gp, 0x30(sp)
addiu a1, zero, 0x10
lw t9, -sym.imp.g_file_test(gp)
jalr t9
move a0, fp
beqz v0, 0x2d568
lw gp, 0x30(sp)
lw t9, -sym.imp.g_file_get_contents(gp)
lw a1, 0x48(sp)
move a3, zero
move a2, zero
jalr t9
move a0, fp
beqz v0, 0x2d4c0
lw gp, 0x30(sp)
lw t9, -sym.imp.property_state_deserialize_xml(gp)
jalr t9
lw a0, 0x5c(sp)
beqz v0, 0x2d710
lw gp, 0x30(sp)
lw t9, -sym.imp.g_list_append(gp)
lw a0, 0x50(sp)
jalr t9
move a1, v0
lw gp, 0x30(sp)
lw a0, 0x5c(sp)
lw t9, -0x7930(gp)
jalr t9
sw v0, 0x50(sp)
b 0x2d4c0
lw gp, 0x30(sp)
lw v0, -0x7fdc(gp)
lw a2, -0x7fdc(gp)
lw t9, -sym.imp.g_snprintf(gp)
addiu fp, sp, 0x64
lw a3, 0x40(sp)
addiu v0, v0, 0x721c
addiu a2, a2, 0x35c4
addiu a1, zero, 0x3ff
move a0, fp
sw fp, 0x38(sp)
jalr t9
sw v0, 0x10(sp)
lw gp, 0x30(sp)
lw a1, 0x48(sp)
move a3, zero
lw t9, -sym.imp.g_file_get_contents(gp)
move a2, zero
jalr t9
move a0, fp
beqz v0, 0x2d708
lw gp, 0x30(sp)
lw t9, -sym.imp.subscribe_expression_deserialize_xml(gp)
jalr t9
--
sw s0, 0x450(sp)
sw v1, 0x38(sp)
sw v0, 0x44c(sp)
beqz s6, 0x2de54
lw v0, -0x7fdc(gp)
lw s2, -0x7fdc(gp)
sw v0, 0x24(sp)
lw v0, -0x7fdc(gp)
lw s5, -0x7fdc(gp)
addiu v0, v0, -0x2e98
sw v0, 0x28(sp)
lw s4, -0x7fdc(gp)
lw v0, -0x7fdc(gp)
addiu fp, sp, 0x4c
lw s3, -0x7fdc(gp)
lw s1, -0x7fdc(gp)
addiu s7, sp, 0x44
addiu s2, s2, -0x33dc
addiu s5, s5, -0x25b8
sw v0, 0x2c(sp)
b 0x2dbd4
addiu s4, s4, -0x27a8
beqz s6, 0x2dc90
lw v0, -0x7fd8(gp)
lw s0, (s6)
lw t9, -sym.imp.g_snprintf(gp)
lw s6, 4(s6)
addiu a3, s3, 0x72e0
addiu a2, s1, 0x7310
addiu a1, zero, 0x3ff
move a0, fp
jalr t9
sw s0, 0x10(sp)
move a1, s7
move t9, s2
bal 0x2cc24
move a0, fp
beqz v0, 0x2dbcc
lw gp, 0x18(sp)
lw a0, 0x44(sp)
move t9, s5
bal 0x2da48
move a1, zero
lw gp, 0x18(sp)
lw v0, 0x24(sp)
addiu a2, s1, 0x7310
lw t9, -sym.imp.g_snprintf(gp)
addiu a3, v0, 0x7318
addiu a1, zero, 0x3ff
move a0, fp
jalr t9
sw s0, 0x10(sp)
lw a1, 0x44(sp)
lw t9, 0x28(sp)
addiu a2, sp, 0x48
jalr t9
move a0, fp
beqz v0, 0x2de00
lw gp, 0x18(sp)
lw a0, 0x48(sp)
move t9, s5
bal 0x2da48
addiu a1, zero, 1
addiu a2, zero, 1
move a1, zero
move t9, s4
bal 0x2d858
--
b 0x2dcf0
sw v0, 0x30(sp)
lw t9, -sym.imp.g_strfreev(gp)
jalr t9
move a0, s7
beqz s0, 0x2ddac
lw gp, 0x18(sp)
lw s2, (s0)
lw t9, -sym.imp.g_strsplit(gp)
addiu a2, zero, 2
move a1, s3
move a0, s2
jalr t9
lw s0, 4(s0)
lw gp, 0x18(sp)
lw a0, 4(v0)
addiu a2, zero, 0xa
lw t9, -sym.imp.g_ascii_strtoll(gp)
move a1, zero
lw s5, (v0)
jalr t9
move s7, v0
lw gp, 0x18(sp)
move s4, v0
lw v0, 0x24(sp)
lw t9, -sym.imp.g_snprintf(gp)
addiu a3, v0, 0x7318
addiu a2, s1, 0x7310
addiu a1, zero, 0x3ff
move a0, fp
jalr t9
sw s5, 0x10(sp)
lw t9, 0x28(sp)
move a2, s6
move a1, s4
jalr t9
move a0, fp
beqz v0, 0x2dcdc
lw gp, 0x18(sp)
lw a0, 0x48(sp)
lw t9, 0x2c(sp)
jalr t9
addiu a1, zero, 1
lw t9, 0x30(sp)
addiu a2, zero, 1
addiu a1, zero, 1
--
move a0, s7
bnez s0, 0x2dcf0
lw gp, 0x18(sp)
lw v0, 0x38(sp)
lw v0, -0x21bc(v0)
beqz v0, 0x2de40
lw v0, 0x3c(sp)
move v0, zero
lw v1, 0x34(sp)
lw a0, 0x44c(sp)
lw v1, (v1)
bne a0, v1, 0x2de88
lw ra, 0x474(sp)
lw fp, 0x470(sp)
lw s7, 0x46c(sp)
lw s6, 0x468(sp)
lw s5, 0x464(sp)
lw s4, 0x460(sp)
lw s3, 0x45c(sp)
lw s2, 0x458(sp)
lw s1, 0x454(sp)
lw s0, 0x450(sp)
jr ra
addiu sp, sp, 0x478
lw v0, 0x2c(sp)
lw t9, -sym.imp.g_snprintf(gp)
addiu a2, v0, 0x7340
lw v0, 0x44(sp)
move a3, s0
addiu a1, zero, 0x3ff
move a0, fp
jalr t9
sw v0, 0x10(sp)
move a2, zero
addiu a1, zero, 1
move t9, s4
bal 0x2d858
move a0, fp
b 0x2dc74
addiu a2, zero, 1
lw v0, -0x21b8(v0)
bnel v0, zero, 0x2ddc0
move v0, zero
b 0x2ddc0
addiu v0, zero, 1
lw v0, -0x7fd8(gp)
--
sw zero, 0x30(sp)
jalr t9
nop
beqz v0, 0x2e25c
lw gp, 0x20(sp)
lw s0, -0x7fd8(gp)
move s2, v0
lw v0, -0x6a90(s0)
bnez v0, 0x2e1dc
lw v0, -0x7fdc(gp)
lw v0, -0x7fdc(gp)
lw s6, -0x7fdc(gp)
lw s7, -0x7fdc(gp)
addiu v0, v0, -0x33dc
lw s4, -0x7fdc(gp)
lw s5, -0x7fdc(gp)
addiu s6, s6, -0x27a8
addiu s7, s7, -0x261c
sw v0, 0x28(sp)
lw t9, -sym.imp.g_dir_read_name(gp)
jalr t9
move a0, s2
move s0, v0
beqz v0, 0x2e0a4
lw gp, 0x20(sp)
lw t9, -sym.imp.g_snprintf(gp)
addiu s1, sp, 0x3c
addiu a3, s3, 0x72e0
addiu a2, s4, 0x7310
addiu a1, zero, 0x3ff
move a0, s1
jalr t9
sw s0, 0x10(sp)
lw gp, 0x20(sp)
addiu a1, s5, 0x73c8
lw t9, -sym.imp.g_str_has_suffix(gp)
jalr t9
move a0, s0
beqz v0, 0x2e000
lw gp, 0x20(sp)
lw v0, -0x7fd8(gp)
lw v0, -0x21c0(v0)
beqz v0, 0x2e074
move t9, s7
bal 0x2d9e4
nop
--
lw s7, 0x85c(sp)
lw s6, 0x858(sp)
lw s5, 0x854(sp)
lw s4, 0x850(sp)
lw s3, 0x84c(sp)
lw s2, 0x848(sp)
lw s1, 0x844(sp)
lw s0, 0x840(sp)
jr ra
addiu sp, sp, 0x868
addiu a1, sp, 0x34
jalr t9
move a0, s1
beqz v0, 0x2e074
lw gp, 0x20(sp)
lw v0, -0x7fdc(gp)
lw a0, 0x34(sp)
addiu t9, v0, -0x25b8
move a1, zero
bal 0x2da48
sw t9, 0x2c(sp)
lw gp, 0x20(sp)
addiu a2, s4, 0x7310
addiu a1, zero, 0x3ff
lw a3, -0x7fdc(gp)
lw t9, -sym.imp.g_snprintf(gp)
addiu a3, a3, 0x7318
move a0, s1
jalr t9
sw s0, 0x10(sp)
lw gp, 0x20(sp)
lw a1, 0x34(sp)
addiu a2, sp, 0x38
lw t9, -0x7fdc(gp)
addiu t9, t9, -0x2e98
bal 0x2d168
move a0, s1
beqz v0, 0x2e218
lw gp, 0x20(sp)
lw a0, 0x38(sp)
lw t9, 0x2c(sp)
jalr t9
addiu a1, zero, 1
b 0x2e000
lw gp, 0x20(sp)
lw v0, -0x21b8(v0)
b 0x2e108
sltiu v0, v0, 1
lw a3, -0x7fdc(gp)
lw a1, -0x7fdc(gp)
lw t9, -sym.imp.g_bus_watch_name(gp)
addiu v0, v0, -0x3460
sw zero, 0x18(sp)
sw zero, 0x14(sp)
sw v0, 0x10(sp)
addiu a3, a3, -0x20c8
move a2, zero
addiu a1, a1, 0x73a4
jalr t9
addiu a0, zero, 1
lw gp, 0x20(sp)
b 0x2dfdc
sw zero, -0x6a90(s0)
lw a2, -0x7fdc(gp)
lw v0, 0x34(sp)
lw t9, -sym.imp.g_snprintf(gp)
move a3, s0
addiu s0, sp, 0x43c
addiu a2, a2, 0x7340
addiu a1, zero, 0x3ff
move a0, s0
jalr t9
sw v0, 0x10(sp)
move a2, zero
addiu a1, zero, 1
move t9, s6
bal 0x2d858
move a0, s0
b 0x2e000
lw gp, 0x20(sp)
lw v0, 0x30(sp)
lw a3, -0x7fdc(gp)
lw a2, -0x7fdc(gp)
lw v0, 8(v0)
lw t9, -sym.imp.g_log(gp)
addiu a3, a3, 0x448c
[*] Function printf used 9 times snmpd
