[*] Binary protection state of dynamicoverlay.cgi
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of dynamicoverlay.cgi
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/html/axis-cgi/dynamicoverlay.cgi @ 0x15d0 */
| #include <stdint.h>
|
; (fcn) fcn.000015d0 () | void fcn_000015d0 () {
0x000015d0 lui gp, 2 |
0x000015d4 addiu gp, gp, -0x75b0 |
0x000015d8 addu gp, gp, t9 | gp += t9;
0x000015dc addiu sp, sp, -0x30 |
0x000015e0 sw s1, 0x24(sp) | *(var_24h) = s1;
0x000015e4 lw s1, -0x7f58(gp) | s1 = *((gp - 8150));
0x000015e8 sw s0, 0x20(sp) | *(var_20h) = s0;
0x000015ec lw s0, -0x7fdc(gp) | s0 = *((gp - 8183));
0x000015f0 lw v1, (s1) | v1 = *(s1);
0x000015f4 sw gp, 0x10(sp) | *(var_10h) = gp;
0x000015f8 lw v0, 0x2100(s0) | v0 = *((s0 + 2112));
0x000015fc sw v1, 0x1c(sp) | *(var_1ch) = v1;
0x00001600 addiu v1, sp, 0x34 | v1 = sp + 0x34;
0x00001604 sw s2, 0x28(sp) | *(var_28h) = s2;
0x00001608 sw ra, 0x2c(sp) | *(var_2ch) = ra;
0x0000160c move s2, a0 | s2 = a0;
0x00001610 sw a1, 0x34(sp) | *(arg_34h) = a1;
0x00001614 sw a2, 0x38(sp) | *(arg_38h) = a2;
0x00001618 sw a3, 0x3c(sp) | *(arg_3ch) = a3;
0x0000161c sw v1, 0x18(sp) | *(var_18h) = v1;
0x00001620 beqz v0, 0x168c |
| while (1) {
0x00001624 lw s0, -0x7f88(gp) | s0 = *((gp - 8162));
0x00001628 lw t9, -0x7f44(gp) | t9 = sym.imp.__vfprintf_chk
0x0000162c lw a3, 0x18(sp) | a3 = *(var_18h);
0x00001630 lw a0, (s0) | a0 = *(s0);
0x00001634 move a2, s2 | a2 = s2;
0x00001638 addiu a1, zero, 1 | a1 = 1;
0x0000163c jalr t9 | t9 ();
0x00001640 lw gp, 0x10(sp) | gp = *(var_10h);
0x00001644 lw a1, (s0) | a1 = *(s0);
0x00001648 lw t9, -0x7f90(gp) | t9 = sym.imp.fputc;
0x0000164c addiu a0, zero, 0xa | a0 = 0xa;
0x00001650 jalr t9 | t9 ();
0x00001654 lw gp, 0x10(sp) | gp = *(var_10h);
0x00001658 lw t9, -0x7f50(gp) | t9 = sym.imp.fflush;
0x0000165c lw a0, (s0) | a0 = *(s0);
0x00001660 jalr t9 | t9 ();
0x00001664 lw v1, 0x1c(sp) | v1 = *(var_1ch);
0x00001668 lw v0, (s1) | v0 = *(s1);
0x0000166c lw gp, 0x10(sp) | gp = *(var_10h);
| if (v1 != v0) {
0x00001670 bne v1, v0, 0x16ac | goto label_0;
| }
0x00001674 lw ra, 0x2c(sp) | ra = *(var_2ch);
0x00001678 lw s2, 0x28(sp) | s2 = *(var_28h);
0x0000167c lw s1, 0x24(sp) | s1 = *(var_24h);
0x00001680 lw s0, 0x20(sp) | s0 = *(var_20h);
0x00001684 addiu sp, sp, 0x30 |
0x00001688 jr ra | return v0;
0x0000168c lw a0, -0x7fd8(gp) | a0 = *((gp - 8182));
0x00001690 lw t9, -0x7fa0(gp) | t9 = sym.imp.CGI_plain_setup_RFC;
0x00001694 addiu a0, a0, 0x1ce0 | a0 += 0x1ce0;
0x00001698 jalr t9 | t9 ();
0x0000169c addiu v0, zero, 1 | v0 = 1;
0x000016a0 lw gp, 0x10(sp) | gp = *(var_10h);
0x000016a4 sw v0, 0x2100(s0) | *((s0 + 2112)) = v0;
0x000016a8 b 0x1624 |
| }
| label_0:
0x000016ac lw t9, -0x7f64(gp) | t9 = sym.imp.__stack_chk_fail;
0x000016b0 jalr t9 | t9 ();
0x000016b4 nop |
| }
[*] Function fprintf used 2 times dynamicoverlay.cgi
