[*] Binary protection state of video-service
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of video-service
b 0xa510
addiu s4, s4, -0x6550
lw v0, 0x4c(sp)
lw v1, 0x3c(sp)
lw t9, -sym.imp.g_log(gp)
lw v0, 8(v0)
move a3, s1
addiu a2, v1, -0x5d0
sw v0, 0x10(sp)
addiu a1, zero, 0x20
jalr t9
move a0, zero
lw gp, 0x20(sp)
lw t9, -sym.imp.g_free(gp)
jalr t9
move a0, s1
lw v0, 0x2c(sp)
lw s0, 0x50(sp)
addiu v0, v0, 4
sw v0, 0x2c(sp)
lw v0, 4(s0)
sltu v0, s3, v0
beqz v0, 0xa618
lw gp, 0x20(sp)
lw v0, 0x38(sp)
lw t9, -sym.imp.g_strdup_printf(gp)
addiu s3, s3, 1
move a1, s3
jalr t9
addiu a0, v0, -0x5ec
move s1, v0
lw v0, 0x50(sp)
lw gp, 0x20(sp)
lw s0, (v0)
lw v0, 0x2c(sp)
lw t9, -sym.video_service_dbus_video1_channel_interface_info(gp)
bal sym.video_service_dbus_video1_channel_interface_info
lwx s0, v0(s0)
lw gp, 0x20(sp)
lw v1, 0x30(sp)
sw zero, 0x14(sp)
sw v1, 0x18(sp)
lw v1, 0x34(sp)
lw t9, -sym.imp.g_dbus_connection_register_object(gp)
sw s0, 0x10(sp)
addiu a3, v1, 0xfd4
--
sw ra, 0x1c(sp)
beqz a0, 0xaa84
lw t9, -0x7c44(gp)
jalr t9
nop
lw gp, 0x10(sp)
lw v0, -0x7fdc(gp)
lw ra, 0x1c(sp)
lw t9, -sym.imp.g_thread_pool_free(gp)
lw a0, 0x14c0(v0)
addiu a2, zero, 1
addiu a1, zero, 1
jr t9
addiu sp, sp, 0x20
nop
nop
nop
lui gp, 2
addiu gp, gp, -0x1a90
addu gp, gp, t9
addiu sp, sp, -0x60
move a1, a0
sw s3, 0x48(sp)
lw s3, -0x7d98(gp)
lw a0, -0x7fd8(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
lw v0, (s3)
sw gp, 0x20(sp)
sw ra, 0x5c(sp)
sw s5, 0x50(sp)
sw s4, 0x4c(sp)
sw s2, 0x44(sp)
sw s0, 0x3c(sp)
addiu a0, a0, -0x4d0
sw s7, 0x58(sp)
sw s6, 0x54(sp)
sw s1, 0x40(sp)
sw v0, 0x34(sp)
lw s5, -0x7fd8(gp)
jalr t9
nop
lw gp, 0x20(sp)
addiu a2, s5, -0x4b0
move s4, v0
lw s0, -0x7fd8(gp)
lw a0, -0x7fd8(gp)
--
lw s6, -0x7fd8(gp)
lw s5, -0x7fd8(gp)
lw s3, -0x7fd8(gp)
lw fp, -0x7fd8(gp)
move s2, zero
addiu s6, s6, -0x1cc
b 0xb194
addiu s5, s5, -0x1c4
lw t9, -sym.imp.g_free(gp)
jalr t9
move a0, s0
lw gp, 0x20(sp)
addiu s2, s2, 1
lw t9, -sym.imp.g_dir_read_name(gp)
jalr t9
move a0, s1
move s0, v0
beqz v0, 0xb368
lw gp, 0x20(sp)
lw t9, -sym.imp.g_str_has_suffix(gp)
addiu a1, s3, -0x1d0
jalr t9
move a0, s0
beqz v0, 0xb17c
lw gp, 0x20(sp)
lw t9, -sym.imp.g_strdup_printf(gp)
move a2, s0
move a1, s7
jalr t9
move a0, s6
lw gp, 0x20(sp)
move a3, v0
move a2, s5
lw t9, -sym.imp.g_log(gp)
addiu a1, zero, 0x20
move a0, zero
jalr t9
move s0, v0
lw gp, 0x20(sp)
addiu a1, zero, 2
lw t9, -sym.imp.g_module_open(gp)
jalr t9
move a0, s0
beqz v0, 0xb2c4
lw gp, 0x20(sp)
lw t9, -sym.imp.g_module_make_resident(gp)
--
addiu v0, zero, 4
bne s0, v0, 0xca0c
lw t9, -sym.imp.g_value_get_string(gp)
jalr t9
move a0, s5
move s0, v0
lw gp, 0x28(sp)
beqz v0, 0xc9a8
sw zero, 0x34(sp)
lw t9, -sym.imp.libs_resolution_is_resolution_available(gp)
lw a0, 0xc(s3)
jalr t9
move a1, v0
beqz v0, 0xcbb0
lw gp, 0x28(sp)
lw t9, -sym.imp.check_resolution(gp)
lw a3, 0xc(s3)
addiu a2, zero, -1
move a1, s0
jalr t9
addiu a0, sp, 0x38
lw gp, 0x28(sp)
lw a1, 0xc(s3)
addiu s6, sp, 0x34
lw a0, -0x7fd8(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
jalr t9
addiu a0, a0, 0xc8
lw gp, 0x28(sp)
move a3, s6
move a2, s0
lw a1, -0x7fd8(gp)
lw t9, -sym.settings_set_string(gp)
addiu a1, a1, -0xbd0
move a0, v0
bal sym.settings_set_string
move s5, v0
beqz v0, 0xcbd4
lw gp, 0x28(sp)
lw t9, -sym.imp.g_free(gp)
jalr t9
lw a0, 0x18(s3)
lw gp, 0x28(sp)
lw t9, -sym.imp.g_strdup(gp)
jalr t9
move a0, s0
--
sw s4, 0x20(sp)
lw v0, -0x7fd8(gp)
lw a3, -0x7fd8(gp)
lw a2, -0x7fd8(gp)
addiu v0, v0, 0x1c8
lw t9, -sym.imp.g_log(gp)
sw v0, 0x14(sp)
addiu v0, zero, 0xb0
sw s3, 0x1c(sp)
sw s0, 0x18(sp)
sw v0, 0x10(sp)
addiu a3, a3, segment.INTERP
addiu a2, a2, 0x190
addiu a1, zero, 0x10
jalr t9
move a0, zero
b 0xc9a8
lw gp, 0x28(sp)
lw t9, -sym.imp.g_value_get_boolean(gp)
jalr t9
move a0, s5
lw gp, 0x28(sp)
lw a1, 0xc(s3)
sw zero, 0x38(sp)
lw a0, -0x7fd8(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
addiu a0, a0, 0xc8
jalr t9
move s4, v0
lw gp, 0x28(sp)
addiu s5, sp, 0x38
move a3, s5
lw a1, -0x7fd8(gp)
lw t9, -sym.settings_set_boolean(gp)
move a2, s4
addiu a1, a1, -0xbd8
move a0, v0
bal sym.settings_set_boolean
move s0, v0
beqz v0, 0xcb98
lw gp, 0x28(sp)
b 0xcb4c
sw s4, 0x14(s3)
lw t9, -sym.imp.g_value_get_int(gp)
jalr t9
move a0, s5
lw gp, 0x28(sp)
lw a1, 0xc(s3)
sw zero, 0x38(sp)
lw a0, -0x7fd8(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
addiu a0, a0, 0xc8
jalr t9
move s4, v0
lw gp, 0x28(sp)
addiu s5, sp, 0x38
move a3, s5
lw a1, -0x7fd8(gp)
lw t9, -sym.settings_set_int(gp)
move a2, s4
addiu a1, a1, -0xbe4
move a0, v0
bal sym.settings_set_int
move s0, v0
beqz v0, 0xcb60
lw gp, 0x28(sp)
sw s4, 0x10(s3)
lw t9, -sym.imp.g_free(gp)
jalr t9
move a0, s0
b 0xc9a8
--
jalr t9
addiu a1, zero, 0x10
lw gp, 0x28(sp)
lw ra, 0x4c(sp)
lw s5, 0x48(sp)
lw s4, 0x44(sp)
lw s3, 0x40(sp)
lw s2, 0x3c(sp)
lw s1, 0x38(sp)
addiu a0, s0, 0x1504
lw t9, -sym.imp.g_mutex_unlock(gp)
lw s0, 0x34(sp)
jr t9
addiu sp, sp, 0x50
lui gp, 2
addiu gp, gp, -0x3e88
addu gp, gp, t9
addiu sp, sp, -0x58
move a1, a0
sw s2, 0x40(sp)
lw s2, -0x7d98(gp)
sw s3, 0x44(sp)
move s3, a0
lw v0, (s2)
lw a0, -0x7fd8(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
sw gp, 0x28(sp)
sw ra, 0x54(sp)
sw s1, 0x3c(sp)
sw s0, 0x38(sp)
addiu a0, a0, 0xc8
sw s6, 0x50(sp)
sw s5, 0x4c(sp)
sw s4, 0x48(sp)
sw v0, 0x34(sp)
sw zero, 0x30(sp)
jalr t9
addiu s1, sp, 0x30
lw gp, 0x28(sp)
move a2, s1
lw a1, -0x7fd8(gp)
lw t9, -sym.video_service_dbus_video1_channel_proxy_new(gp)
addiu a1, a1, -0xbe4
move a0, v0
bal sym.settings_get_int
move s0, v0
--
lw v0, (s1)
bne v1, v0, 0xd598
lw gp, 0x28(sp)
lw ra, 0x54(sp)
lw s6, 0x50(sp)
lw s5, 0x4c(sp)
lw s4, 0x48(sp)
lw s3, 0x44(sp)
lw s2, 0x40(sp)
lw s1, 0x3c(sp)
lw s0, 0x38(sp)
jr ra
addiu sp, sp, 0x58
lw t9, -sym.imp.g_value_get_uint(gp)
jalr t9
move a0, s5
lw gp, 0x28(sp)
b 0xd494
sw v0, 0xc(s6)
jalr t9
move a0, s5
lw gp, 0x28(sp)
lw a1, 0xc(s6)
sw zero, 0x30(sp)
lw a0, -0x7fd8(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
addiu a0, a0, 0x29c
jalr t9
move s3, v0
lw gp, 0x28(sp)
addiu s4, sp, 0x30
move a3, s4
lw a1, -0x7fd8(gp)
lw t9, -sym.settings_set_int(gp)
move a2, s3
addiu a1, a1, 0x274
move a0, v0
bal sym.settings_set_int
move s0, v0
beqz v0, 0xd560
lw gp, 0x28(sp)
sw s3, 0x10(s6)
lw t9, -sym.imp.g_free(gp)
jalr t9
move a0, s0
b 0xd494
--
jalr t9
move a0, s4
lw gp, 0x28(sp)
lw ra, 0x4c(sp)
lw s5, 0x48(sp)
lw s4, 0x44(sp)
lw s3, 0x40(sp)
lw s2, 0x3c(sp)
lw s0, 0x34(sp)
addiu a0, s1, 0x1524
lw t9, -sym.imp.g_mutex_unlock(gp)
lw s1, 0x38(sp)
jr t9
addiu sp, sp, 0x50
lui gp, 2
addiu gp, gp, -0x4730
addu gp, gp, t9
addiu sp, sp, -0x48
move a1, a0
sw s0, 0x30(sp)
lw s0, -0x7d98(gp)
sw s3, 0x3c(sp)
move s3, a0
lw v0, (s0)
lw a0, -0x7fd8(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
sw gp, 0x18(sp)
sw ra, 0x44(sp)
sw s2, 0x38(sp)
sw s1, 0x34(sp)
addiu a0, a0, 0x29c
sw s4, 0x40(sp)
sw v0, 0x2c(sp)
sw zero, 0x28(sp)
jalr t9
addiu s2, sp, 0x28
lw gp, 0x18(sp)
move a2, s2
lw a1, -0x7fd8(gp)
lw t9, -sym.video_service_dbus_video1_channel_proxy_new(gp)
addiu a1, a1, 0x274
move a0, v0
bal sym.settings_get_int
move s1, v0
lw v1, 0x28(sp)
beqz v1, 0xd88c
[*] Function printf used 9 times video-service
