[*] Binary protection state of getshuttergain.cgi
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function mmap tear down of getshuttergain.cgi
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/html/axis-cgi/getshuttergain.cgi @ 0x1b5c */
| #include <stdint.h>
|
; (fcn) fcn.00001b5c () | void fcn_00001b5c () {
0x00001b5c lui gp, 2 |
0x00001b60 addiu gp, gp, 0x4f4 |
0x00001b64 addu gp, gp, t9 | gp += t9;
0x00001b68 addiu sp, sp, -0x30 |
0x00001b6c lw t9, -0x7f20(gp) | t9 = sym.imp.shm_open;
0x00001b70 addiu a2, zero, 0x180 | a2 = aav.0x00000180;
0x00001b74 sw gp, 0x18(sp) | *(var_18h) = gp;
0x00001b78 sw s1, 0x28(sp) | *(var_28h) = s1;
0x00001b7c sw ra, 0x2c(sp) | *(var_2ch) = ra;
0x00001b80 sw s0, 0x24(sp) | *(var_24h) = s0;
0x00001b84 move s1, a1 | s1 = a1;
0x00001b88 move a1, zero | a1 = 0;
0x00001b8c jalr t9 | t9 ();
0x00001b90 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x00001b94 bltz v0, 0x1bf4 | goto label_0;
| }
0x00001b98 lw t9, -0x7e24(gp) | t9 = sym.imp.mmap
0x00001b9c addiu a3, zero, 1 | a3 = 1;
0x00001ba0 addiu a2, zero, 1 | a2 = 1;
0x00001ba4 move a1, s1 | a1 = s1;
0x00001ba8 move a0, zero | a0 = 0;
0x00001bac sw zero, 0x14(sp) | *(var_14h) = 0;
0x00001bb0 sw v0, 0x10(sp) | *(var_10h) = v0;
0x00001bb4 move s0, v0 | s0 = v0;
0x00001bb8 jalr t9 | t9 ();
0x00001bbc lw gp, 0x18(sp) | gp = *(var_18h);
0x00001bc0 move a0, s0 | a0 = s0;
0x00001bc4 lw t9, -0x7ed0(gp) | t9 = sym.imp.close;
0x00001bc8 move s0, v0 | s0 = v0;
0x00001bcc jalr t9 | t9 ();
0x00001bd0 addiu v0, zero, -1 | v0 = -1;
0x00001bd4 lw gp, 0x18(sp) | gp = *(var_18h);
| if (s0 == v0) {
0x00001bd8 beq s0, v0, 0x1c48 | goto label_1;
| }
0x00001bdc lw ra, 0x2c(sp) | ra = *(var_2ch);
| do {
0x00001be0 move v0, s0 | v0 = s0;
0x00001be4 lw s1, 0x28(sp) | s1 = *(var_28h);
0x00001be8 lw s0, 0x24(sp) | s0 = *(var_24h);
0x00001bec addiu sp, sp, 0x30 |
0x00001bf0 jr ra | return v0;
| label_0:
0x00001bf4 lw t9, -0x7e1c(gp) | t9 = sym.imp.__errno_location;
0x00001bf8 move s0, zero | s0 = 0;
0x00001bfc jalr t9 | t9 ();
0x00001c00 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001c04 lw t9, -0x7e28(gp) | t9 = sym.imp.strerror;
0x00001c08 lw a0, (v0) | a0 = *(v0);
0x00001c0c jalr t9 | t9 ();
0x00001c10 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001c14 move a3, v0 | a3 = v0;
0x00001c18 addiu a1, zero, 1 | a1 = 1;
0x00001c1c lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00001c20 lw t9, -0x7ecc(gp) | t9 = sym.imp.__syslog_chk;
0x00001c24 addiu a2, a2, -0x6ee8 | a2 += -0x6ee8;
0x00001c28 addiu a0, zero, 3 | a0 = 3;
0x00001c2c jalr t9 | t9 ();
0x00001c30 lw ra, 0x2c(sp) | ra = *(var_2ch);
0x00001c34 move v0, s0 | v0 = s0;
0x00001c38 lw s1, 0x28(sp) | s1 = *(var_28h);
0x00001c3c lw s0, 0x24(sp) | s0 = *(var_24h);
0x00001c40 addiu sp, sp, 0x30 |
0x00001c44 jr ra | return v0;
| label_1:
0x00001c48 lw t9, -0x7e1c(gp) | t9 = sym.imp.__errno_location;
0x00001c4c move s0, zero | s0 = 0;
0x00001c50 jalr t9 | t9 ();
0x00001c54 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001c58 lw t9, -0x7e28(gp) | t9 = sym.imp.strerror;
0x00001c5c lw a0, (v0) | a0 = *(v0);
0x00001c60 jalr t9 | t9 ();
0x00001c64 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001c68 move a3, v0 | a3 = v0;
0x00001c6c addiu a1, zero, 1 | a1 = 1;
0x00001c70 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00001c74 lw t9, -0x7ecc(gp) | t9 = sym.imp.__syslog_chk;
0x00001c78 addiu a2, a2, -0x6ebc | a2 += -0x6ebc;
0x00001c7c addiu a0, zero, 3 | a0 = 3;
0x00001c80 jalr t9 | t9 ();
0x00001c84 lw ra, 0x2c(sp) | ra = *(var_2ch);
0x00001c88 b 0x1be0 |
| } while (1);
| }
[*] Function mmap used 2 times getshuttergain.cgi
