[*] Binary protection state of ptzcoordcalc.cgi
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of ptzcoordcalc.cgi
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/html/axis-cgi/ptzcoordcalc.cgi @ 0x27c0 */
| #include <stdint.h>
|
; (fcn) sym.get_cur_ptz_pos () | void get_cur_ptz_pos () {
0x000027c0 lui gp, 2 |
0x000027c4 addiu gp, gp, -0x37b0 |
0x000027c8 addu gp, gp, t9 | gp += t9;
0x000027cc addiu sp, sp, -0xe8 |
0x000027d0 lw v1, -0x7fdc(gp) | v1 = *((gp - 8183));
0x000027d4 sw s0, 0xc0(sp) | *(var_c0h) = s0;
0x000027d8 lw s0, -0x7f04(gp) | s0 = *((gp - 8129));
0x000027dc addiu v0, v1, 0x627c | v0 = v1 + str.PTZ_POSITION_ISXX;
0x000027e0 lw t0, 0x104(sp) | t0 = *(arg_104h);
0x000027e4 lw t5, 0x627c(v1) | t5 = *(v1);
0x000027e8 lw t4, 4(v0) | t4 = *((v0 + 1));
0x000027ec lhu v1, 0x10(v0) | v1 = *((v0 + 8));
0x000027f0 lw t6, (s0) | t6 = *(s0);
0x000027f4 lw t3, 8(v0) | t3 = *((v0 + 2));
0x000027f8 sw gp, 0x18(sp) | *(var_18h) = gp;
0x000027fc sw t0, 0x24(sp) | *(var_24h) = t0;
0x00002800 move t0, zero | t0 = 0;
0x00002804 lw t2, 0xc(v0) | t2 = *((v0 + 3));
0x00002808 sw s7, 0xdc(sp) | *(var_dch) = s7;
0x0000280c sw s5, 0xd4(sp) | *(var_d4h) = s5;
0x00002810 sw s4, 0xd0(sp) | *(var_d0h) = s4;
0x00002814 sw s3, 0xcc(sp) | *(var_cch) = s3;
0x00002818 sw ra, 0xe4(sp) | *(var_e4h) = ra;
0x0000281c sw fp, 0xe0(sp) | *(var_e0h) = fp;
0x00002820 sw s6, 0xd8(sp) | *(var_d8h) = s6;
0x00002824 sw s2, 0xc8(sp) | *(var_c8h) = s2;
0x00002828 sw s1, 0xc4(sp) | *(var_c4h) = s1;
0x0000282c lw s5, 0xf8(sp) | s5 = *(arg_f8h);
0x00002830 lw s4, 0xfc(sp) | s4 = *(arg_fch);
0x00002834 lbu s3, 0x100(sp) | s3 = *(arg_100h);
0x00002838 sw t6, 0xbc(sp) | *(var_bch) = t6;
0x0000283c sw t0, 0x28(sp) | *(var_28h) = t0;
0x00002840 sw t0, 0x2c(sp) | *(var_2ch) = t0;
0x00002844 sw t0, 0x30(sp) | *(var_30h) = t0;
0x00002848 sw t0, 0x34(sp) | *(var_34h) = t0;
0x0000284c sw t0, 0x38(sp) | *(var_38h) = t0;
0x00002850 sw t5, 0xa8(sp) | *(var_a8h) = t5;
0x00002854 sw t4, 0xac(sp) | *(var_ach) = t4;
0x00002858 sw t3, 0xb0(sp) | *(var_b0h) = t3;
0x0000285c sh v1, 0xb8(sp) | *(var_b8h) = v1;
0x00002860 lw v1, -0x7fdc(gp) | v1 = *((gp - 8183));
0x00002864 addiu v0, zero, 4 | v0 = 4;
0x00002868 addiu v1, v1, 0x618c | v1 += 0x618c;
0x0000286c sw v1, 0x40(sp) | *(var_40h) = v1;
0x00002870 addiu v1, sp, 0x28 | v1 = sp + 0x28;
0x00002874 sw v1, 0x48(sp) | *(var_48h) = v1;
0x00002878 lw v1, -0x7fdc(gp) | v1 = *((gp - 8183));
0x0000287c sw v0, 0x44(sp) | *(var_44h) = v0;
0x00002880 addiu v1, v1, 0x6194 | v1 += str.TILT_DEG;
0x00002884 sw v1, 0x50(sp) | *(var_50h) = v1;
0x00002888 addiu v1, sp, 0x2c | v1 = sp + 0x2c;
0x0000288c sw v1, 0x58(sp) | *(var_58h) = v1;
0x00002890 lw v1, -0x7fdc(gp) | v1 = *((gp - 8183));
0x00002894 sw v0, 0x54(sp) | *(var_54h) = v0;
0x00002898 addiu v1, v1, 0x61a0 | v1 += str.ZOOM_MAG;
0x0000289c sw v1, 0x60(sp) | *(var_60h) = v1;
0x000028a0 addiu v1, sp, 0x30 | v1 = sp + 0x30;
0x000028a4 sw v1, 0x68(sp) | *(var_68h) = v1;
0x000028a8 lw v1, -0x7fdc(gp) | v1 = *((gp - 8183));
0x000028ac sw v0, 0x64(sp) | *(var_64h) = v0;
0x000028b0 sw v0, 0x74(sp) | *(var_74h) = v0;
0x000028b4 sw v0, 0x84(sp) | *(var_84h) = v0;
0x000028b8 addiu v0, sp, 0x38 | v0 = sp + 0x38;
0x000028bc addiu v1, v1, 0x61ac | v1 += str.ZOOM_HFOV;
0x000028c0 sw v0, 0x88(sp) | *(var_88h) = v0;
0x000028c4 addiu v0, sp, 0x40 | v0 = sp + 0x40;
0x000028c8 sw v1, 0x70(sp) | *(var_70h) = v1;
0x000028cc sw v0, 0x90(sp) | *(var_90h) = v0;
0x000028d0 addiu v1, sp, 0x34 | v1 = sp + 0x34;
0x000028d4 addiu v0, sp, 0x50 | v0 = sp + 0x50;
0x000028d8 sw v1, 0x78(sp) | *(var_78h) = v1;
0x000028dc sw v0, 0x94(sp) | *(var_94h) = v0;
0x000028e0 lw v1, -0x7fdc(gp) | v1 = *((gp - 8183));
0x000028e4 addiu v0, sp, 0x70 | v0 = sp + 0x70;
0x000028e8 move s7, a0 | s7 = a0;
0x000028ec sw v0, 0x98(sp) | *(var_98h) = v0;
0x000028f0 addiu a0, a0, -1 | a0 += -1;
0x000028f4 addiu v0, sp, 0x80 | v0 = sp + 0x80;
0x000028f8 addiu v1, v1, 0x61b8 | v1 += str.ZOOM_VFOV;
0x000028fc sw v0, 0x9c(sp) | *(var_9ch) = v0;
0x00002900 sltiu t1, a0, 0x63 | t1 = (a0 < 0x63) ? 1 : 0;
0x00002904 addiu v0, sp, 0x60 | v0 = sp + 0x60;
0x00002908 sw t2, 0xb4(sp) | *(var_b4h) = t2;
0x0000290c sw zero, 0x4c(sp) | *(var_4ch) = 0;
0x00002910 sw zero, 0x5c(sp) | *(var_5ch) = 0;
0x00002914 sw zero, 0x6c(sp) | *(var_6ch) = 0;
0x00002918 sw zero, 0x7c(sp) | *(var_7ch) = 0;
0x0000291c sw zero, 0x8c(sp) | *(var_8ch) = 0;
0x00002920 sw v1, 0x80(sp) | *(var_80h) = v1;
0x00002924 sw v0, 0xa0(sp) | *(var_a0h) = v0;
0x00002928 sw zero, 0xa4(sp) | *(var_a4h) = 0;
| if (t1 == 0) {
0x0000292c beqz t1, 0x2b98 | goto label_4;
| }
0x00002930 move s2, a1 | s2 = a1;
0x00002934 lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00002938 lw t9, -0x7f34(gp) | t9 = sym.imp.ptz_parhand_get_bool;
0x0000293c move s1, a2 | s1 = a2;
0x00002940 addiu a1, a1, 0x61dc | a1 += str.root.Properties.PTZ.DigitalPTZ;
0x00002944 move a2, a0 | a2 = a0;
0x00002948 sw zero, 0x3c(sp) | *(var_3ch) = 0;
0x0000294c addiu a0, sp, 0x3c | a0 = sp + 0x3c;
0x00002950 move s6, a3 | s6 = a3;
0x00002954 jalr t9 | t9 ();
0x00002958 lw v0, 0x3c(sp) | v0 = *(var_3ch);
0x0000295c lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != 0) {
0x00002960 bnez v0, 0x2a64 | goto label_5;
| }
0x00002964 move fp, zero | fp = 0;
| do {
0x00002968 lw a3, -0x7fdc(gp) | a3 = *((gp - 8183));
0x0000296c lw t9, -0x7f54(gp) | t9 = sym.imp.__sprintf_chk
0x00002970 addiu a3, a3, 0x5f68 | a3 += 0x5f68;
0x00002974 addiu a2, zero, 3 | a2 = 3;
0x00002978 addiu a1, zero, 1 | a1 = 1;
0x0000297c addiu a0, sp, 0xb7 | a0 = sp + 0xb7;
0x00002980 sw s7, 0x10(sp) | *(var_10h_2) = s7;
0x00002984 jalr t9 | t9 ();
0x00002988 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000298c move a2, zero | a2 = 0;
0x00002990 addiu a1, sp, 0x90 | a1 = sp + 0x90;
0x00002994 lw t9, -0x7f64(gp) | t9 = sym.imp.sc_get_group;
0x00002998 addiu a0, sp, 0xa8 | a0 = sp + 0xa8;
0x0000299c jalr t9 | t9 ();
0x000029a0 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x000029a4 bltz v0, 0x2be8 | goto label_6;
| }
0x000029a8 lw a0, 0x64(sp) | a0 = *(var_64h);
| if (s3 == 0) {
0x000029ac beqz s3, 0x2a84 | goto label_7;
| }
0x000029b0 lw a0, 0x44(sp) | a0 = *(var_44h);
0x000029b4 addiu v1, zero, -1 | v1 = -1;
0x000029b8 addiu v0, v0, -1 | v0 += -1;
| if (a0 != v1) {
0x000029bc bnel a0, v1, 0x29c0 |
| }
0x000029c0 lw a0, 0x54(sp) | a0 = *(var_54h);
0x000029c4 addiu v1, zero, -1 | v1 = -1;
0x000029c8 addiu v0, v0, -1 | v0 += -1;
| if (a0 != v1) {
0x000029cc bnel a0, v1, 0x29d0 |
| }
0x000029d0 addiu v1, zero, 1 | v1 = 1;
0x000029d4 addiu v1, zero, 3 | v1 = 3;
| if (v0 == v1) {
0x000029d8 beq v0, v1, 0x2b00 | goto label_8;
| }
0x000029dc lw v1, 0x74(sp) | v1 = *(var_74h);
| if (v0 != v1) {
0x000029e0 bne v0, v1, 0x2bc0 | goto label_9;
| }
0x000029e4 addiu v0, zero, -1 | v0 = -1;
0x000029e8 lw v1, 0x84(sp) | v1 = *(var_84h);
| if (v1 == v0) {
0x000029ec beq v1, v0, 0x2b70 | goto label_10;
| }
0x000029f0 lw v1, 0x64(sp) | v1 = *(var_64h);
| if (v1 == v0) {
0x000029f4 beq v1, v0, 0x2b70 | goto label_10;
| }
0x000029f8 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
| if (v1 == v0) {
0x000029fc beq v1, v0, 0x2b74 | goto label_11;
| }
0x00002a00 lw v0, 0x34(sp) | v0 = *(var_34h);
0x00002a04 sw v0, (s6) | *(s6) = v0;
0x00002a08 lw v0, 0x38(sp) | v0 = *(var_38h);
0x00002a0c sw v0, (s5) | *(s5) = v0;
0x00002a10 lw v0, 0x30(sp) | v0 = *(var_30h);
0x00002a14 sw v0, (s4) | *(s4) = v0;
| label_2:
0x00002a18 move v1, zero | v1 = 0;
| label_0:
0x00002a1c sw v1, (s2) | *(s2) = v1;
0x00002a20 move v0, zero | v0 = 0;
0x00002a24 sw v1, (s1) | *(s1) = v1;
| label_1:
0x00002a28 lw a0, 0xbc(sp) | a0 = *(var_bch);
0x00002a2c lw v1, (s0) | v1 = *(s0);
0x00002a30 lw ra, 0xe4(sp) | ra = *(var_e4h);
| if (a0 != v1) {
0x00002a34 bne a0, v1, 0x2c10 | goto label_12;
| }
0x00002a38 lw fp, 0xe0(sp) | fp = *(var_e0h);
0x00002a3c lw s7, 0xdc(sp) | s7 = *(var_dch);
0x00002a40 lw s6, 0xd8(sp) | s6 = *(var_d8h);
0x00002a44 lw s5, 0xd4(sp) | s5 = *(var_d4h);
0x00002a48 lw s4, 0xd0(sp) | s4 = *(var_d0h);
0x00002a4c lw s3, 0xcc(sp) | s3 = *(var_cch);
0x00002a50 lw s2, 0xc8(sp) | s2 = *(var_c8h);
0x00002a54 lw s1, 0xc4(sp) | s1 = *(var_c4h);
0x00002a58 lw s0, 0xc0(sp) | s0 = *(var_c0h);
0x00002a5c addiu sp, sp, 0xe8 |
0x00002a60 jr ra | return v0;
| label_5:
0x00002a64 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00002a68 addiu fp, zero, 1 | fp = 1;
0x00002a6c addiu v0, v0, 0x61fc | v0 += str.ZOOM_MASK_HFOV;
0x00002a70 sw v0, 0x70(sp) | *(var_70h) = v0;
0x00002a74 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00002a78 addiu v0, v0, 0x620c | v0 += str.ZOOM_MASK_VFOV;
0x00002a7c sw v0, 0x80(sp) | *(var_80h) = v0;
0x00002a80 b 0x2968 |
| } while (1);
| label_7:
0x00002a84 addiu v1, zero, -1 | v1 = -1;
0x00002a88 addiu v0, v0, -1 | v0 += -1;
| if (a0 != v1) {
0x00002a8c bnel a0, v1, 0x2a90 |
| }
0x00002a90 addiu v1, zero, 3 | v1 = 3;
0x00002a94 addiu v1, zero, 4 | v1 = 4;
| if (v0 == v1) {
0x00002a98 beq v0, v1, 0x2b28 | goto label_13;
| }
0x00002a9c lw v1, 0x44(sp) | v1 = *(var_44h);
| if (v0 != v1) {
0x00002aa0 bne v0, v1, 0x2bc0 | goto label_9;
| }
0x00002aa4 addiu v0, zero, -1 | v0 = -1;
0x00002aa8 lw v1, 0x54(sp) | v1 = *(var_54h);
| if (v1 == v0) {
0x00002aac beq v1, v0, 0x2b70 | goto label_10;
| }
0x00002ab0 lw v1, 0x74(sp) | v1 = *(var_74h);
| if (v1 == v0) {
0x00002ab4 beq v1, v0, 0x2b70 | goto label_10;
| }
0x00002ab8 lw v1, 0x84(sp) | v1 = *(var_84h);
| if (v1 == v0) {
0x00002abc beq v1, v0, 0x2b70 | goto label_10;
| }
0x00002ac0 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
| if (v1 == v0) {
0x00002ac4 beq v1, v0, 0x2b74 | goto label_11;
| }
0x00002ac8 lw v0, 0x28(sp) | v0 = *(var_28h);
0x00002acc sw v0, (s2) | *(s2) = v0;
0x00002ad0 lw v0, 0x2c(sp) | v0 = *(var_2ch);
0x00002ad4 sw v0, (s1) | *(s1) = v0;
0x00002ad8 lw v0, 0x34(sp) | v0 = *(var_34h);
0x00002adc sw v0, (s6) | *(s6) = v0;
0x00002ae0 lw v0, 0x38(sp) | v0 = *(var_38h);
0x00002ae4 sw v0, (s5) | *(s5) = v0;
0x00002ae8 move v0, zero | v0 = 0;
0x00002aec sw v0, (s4) | *(s4) = v0;
| label_3:
0x00002af0 move v1, zero | v1 = 0;
| if (fp != 0) {
0x00002af4 bnez fp, 0x2a1c | goto label_0;
| }
0x00002af8 move v0, zero | v0 = 0;
0x00002afc b 0x2a28 | goto label_1;
| label_8:
0x00002b00 lw v1, 0x74(sp) | v1 = *(var_74h);
0x00002b04 addiu v0, zero, -1 | v0 = -1;
0x00002b08 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
| if (v1 != v0) {
0x00002b0c beq v1, v0, 0x2b74 |
0x00002b10 lw v0, 0x34(sp) | v0 = *(var_34h);
0x00002b14 sw v0, (s6) | *(s6) = v0;
0x00002b18 move v0, zero | v0 = 0;
0x00002b1c sw v0, (s5) | *(s5) = v0;
0x00002b20 sw v0, (s4) | *(s4) = v0;
0x00002b24 b 0x2a18 | goto label_2;
| label_13:
0x00002b28 lw v1, 0x44(sp) | v1 = *(var_44h);
0x00002b2c addiu v0, zero, -1 | v0 = -1;
0x00002b30 lw v1, 0x54(sp) | v1 = *(var_54h);
| if (v1 != v0) {
0x00002b34 beq v1, v0, 0x2b70 |
0x00002b38 lw v1, 0x74(sp) | v1 = *(var_74h);
| if (v1 == v0) {
0x00002b3c beq v1, v0, 0x2b70 | goto label_10;
| }
0x00002b40 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
| if (v1 == v0) {
0x00002b44 beq v1, v0, 0x2b74 | goto label_11;
| }
0x00002b48 lw v0, 0x28(sp) | v0 = *(var_28h);
0x00002b4c sw v0, (s2) | *(s2) = v0;
0x00002b50 lw v0, 0x2c(sp) | v0 = *(var_2ch);
0x00002b54 sw v0, (s1) | *(s1) = v0;
0x00002b58 lw v0, 0x34(sp) | v0 = *(var_34h);
0x00002b5c sw v0, (s6) | *(s6) = v0;
0x00002b60 move v0, zero | v0 = 0;
0x00002b64 sw v0, (s5) | *(s5) = v0;
0x00002b68 sw v0, (s4) | *(s4) = v0;
0x00002b6c b 0x2af0 | goto label_3;
| }
| label_10:
0x00002b70 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
| }
| label_11:
0x00002b74 lw t9, -0x7f10(gp) | t9 = sym.imp.fwrite;
0x00002b78 lw a3, 0x24(sp) | a3 = *(var_24h);
0x00002b7c addiu a2, zero, 0x20 | a2 = 0x20;
0x00002b80 addiu a1, zero, 1 | a1 = 1;
0x00002b84 addiu a0, a0, 0x6234 | a0 += str.Error_getting_data_from_cache._r_n;
0x00002b88 jalr t9 | t9 ();
0x00002b8c lw gp, 0x18(sp) | gp = *(var_18h);
0x00002b90 addiu v0, zero, -1 | v0 = -1;
0x00002b94 b 0x2a28 | goto label_1;
| label_4:
0x00002b98 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00002b9c lw t9, -0x7e9c(gp) | t9 = sym.imp.__fprintf_chk;
0x00002ba0 lw a0, 0x24(sp) | a0 = *(var_24h);
0x00002ba4 move a3, s7 | a3 = s7;
0x00002ba8 addiu a2, a2, 0x61c4 | a2 += str.Invalid_camera__d._r_n;
0x00002bac addiu a1, zero, 1 | a1 = 1;
0x00002bb0 jalr t9 | t9 ();
0x00002bb4 lw gp, 0x18(sp) | gp = *(var_18h);
0x00002bb8 addiu v0, zero, -1 | v0 = -1;
0x00002bbc b 0x2a28 | goto label_1;
| label_9:
0x00002bc0 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00002bc4 lw t9, -0x7f10(gp) | t9 = sym.imp.fwrite;
0x00002bc8 lw a3, 0x24(sp) | a3 = *(var_24h);
0x00002bcc addiu a2, zero, 0x22 | a2 = 0x22;
0x00002bd0 addiu a1, zero, 1 | a1 = 1;
0x00002bd4 addiu a0, a0, 0x6258 | a0 += str.Wrong_amount_of_data_from_cache._r_n;
0x00002bd8 jalr t9 | t9 ();
0x00002bdc lw gp, 0x18(sp) | gp = *(var_18h);
0x00002be0 addiu v0, zero, -1 | v0 = -1;
0x00002be4 b 0x2a28 | goto label_1;
| label_6:
0x00002be8 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00002bec lw t9, -0x7f10(gp) | t9 = sym.imp.fwrite;
0x00002bf0 lw a3, 0x24(sp) | a3 = *(var_24h);
0x00002bf4 addiu a2, zero, 0x15 | a2 = 0x15;
0x00002bf8 addiu a1, zero, 1 | a1 = 1;
0x00002bfc addiu a0, a0, 0x621c | a0 += str.No_data_from_cache._r_n;
0x00002c00 jalr t9 | t9 ();
0x00002c04 lw gp, 0x18(sp) | gp = *(var_18h);
0x00002c08 addiu v0, zero, -1 | v0 = -1;
0x00002c0c b 0x2a28 | goto label_1;
| label_12:
0x00002c10 lw t9, -0x7f24(gp) | t9 = sym.imp.__stack_chk_fail;
0x00002c14 jalr t9 | t9 ();
0x00002c18 nop |
| }
[*] Function sprintf used 2 times ptzcoordcalc.cgi
