[*] Binary protection state of iostat
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of iostat
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/iostat @ 0x35d8 */
| #include <stdint.h>
|
; (fcn) sym.add_list_device () | void add_list_device () {
0x000035d8 lui gp, 2 |
0x000035dc addiu gp, gp, 0x5ad8 |
0x000035e0 addu gp, gp, t9 | gp += t9;
0x000035e4 addiu sp, sp, -0x30 |
0x000035e8 lw t9, -0x7dd8(gp) | t9 = sym.imp.strnlen;
0x000035ec sw s1, 0x1c(sp) | *(var_1ch) = s1;
0x000035f0 move s1, a1 | s1 = a1;
0x000035f4 sw gp, 0x10(sp) | *(var_10h) = gp;
0x000035f8 sw s4, 0x28(sp) | *(var_28h) = s4;
0x000035fc sw s2, 0x20(sp) | *(var_20h) = s2;
0x00003600 sw ra, 0x2c(sp) | *(var_2ch) = ra;
0x00003604 sw s3, 0x24(sp) | *(var_24h) = s3;
0x00003608 sw s0, 0x18(sp) | *(var_18h) = s0;
0x0000360c move s2, a0 | s2 = a0;
0x00003610 addiu a1, zero, 0x80 | a1 = 0x80;
0x00003614 move a0, s1 | a0 = s1;
0x00003618 move s4, a2 | s4 = a2;
0x0000361c jalr t9 | t9 ();
0x00003620 addiu v1, zero, 0x80 | v1 = 0x80;
0x00003624 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == v1) {
0x00003628 beq v0, v1, 0x3808 | goto label_4;
| }
0x0000362c lw s0, (s2) | s0 = *(s2);
0x00003630 lw v0, -0x7fd4(gp) | v0 = *(gp);
| if (s0 == 0) {
0x00003634 beqz s0, 0x36b8 | goto label_5;
| }
0x00003638 lw s3, (v0) | s3 = *(v0);
0x0000363c andi s3, s3, 0x810 | s3 &= 0x810;
0x00003640 b 0x3664 |
| while (v0 != 0) {
0x00003644 addiu s2, s0, 0x98 | s2 = s0 + 0x98;
| if (s3 != 0) {
0x00003648 bnel s3, zero, 0x3658 |
0x0000364c lw t9, -0x7d7c(gp) | t9 = sym.imp.malloc;
| if (v0 > 0) {
0x00003650 bgtz v0, 0x36bc | goto label_6;
| }
0x00003654 addiu s2, s0, 0x98 | s2 = s0 + 0x98;
| }
0x00003658 lw s0, 0x98(s0) | s0 = *((s0 + 38));
0x0000365c lw t9, -0x7d7c(gp) | t9 = sym.imp.malloc;
| if (s0 == 0) {
0x00003660 beqz s0, 0x36bc | goto label_6;
| }
0x00003664 lw t9, -0x7d18(gp) | t9 = sym.imp.strcmp;
0x00003668 move a1, s1 | a1 = s1;
0x0000366c move a0, s0 | a0 = s0;
0x00003670 jalr t9 | t9 ();
0x00003674 lw gp, 0x10(sp) | gp = *(var_10h);
0x00003678 bnez v0, 0x3644 |
| }
0x0000367c addiu v0, zero, 2 | v0 = 2;
| if (s4 == v0) {
0x00003680 beql s4, v0, 0x37f4 | goto label_7;
| }
0x00003684 lw v1, 0x80(s0) | v1 = *((s0 + 32));
0x00003688 addiu v0, zero, 1 | v0 = 1;
| label_1:
0x0000368c sw v0, 0x84(s0) | *((s0 + 33)) = v0;
| label_2:
0x00003690 move s2, s0 | s2 = s0;
| label_3:
0x00003694 lw ra, 0x2c(sp) | ra = *(var_2ch);
0x00003698 move v0, s2 | v0 = s2;
0x0000369c lw s4, 0x28(sp) | s4 = *(var_28h);
0x000036a0 lw s3, 0x24(sp) | s3 = *(var_24h);
0x000036a4 lw s2, 0x20(sp) | s2 = *(var_20h);
0x000036a8 lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x000036ac lw s0, 0x18(sp) | s0 = *(var_18h);
0x000036b0 addiu sp, sp, 0x30 |
0x000036b4 jr ra | return v0;
| label_5:
0x000036b8 lw t9, -0x7d7c(gp) | t9 = sym.imp.malloc;
| label_6:
0x000036bc addiu a0, zero, 0x9c | a0 = 0x9c;
0x000036c0 jalr t9 | t9 ();
0x000036c4 lw gp, 0x10(sp) | gp = *(var_10h);
0x000036c8 sw v0, (s2) | *(s2) = v0;
| if (v0 == 0) {
0x000036cc beqz v0, 0x3810 | goto label_8;
| }
0x000036d0 lw t9, -0x7dac(gp) | t9 = sym.imp.memset;
0x000036d4 addiu a2, zero, 0x9c | a2 = 0x9c;
0x000036d8 move a1, zero | a1 = 0;
0x000036dc move a0, v0 | a0 = v0;
0x000036e0 jalr t9 | t9 ();
0x000036e4 lw gp, 0x10(sp) | gp = *(var_10h);
0x000036e8 lw s2, (s2) | s2 = *(s2);
0x000036ec lw t9, -0x7d7c(gp) | t9 = sym.imp.malloc;
0x000036f0 addiu a0, zero, 0x40 | a0 = 0x40;
0x000036f4 jalr t9 | t9 ();
0x000036f8 lw gp, 0x10(sp) | gp = *(var_10h);
0x000036fc sw v0, 0x90(s2) | *((s2 + 36)) = v0;
| if (v0 == 0) {
0x00003700 beqz v0, 0x3810 | goto label_8;
| }
0x00003704 lw t9, -0x7dac(gp) | t9 = sym.imp.memset;
0x00003708 addiu a2, zero, 0x40 | a2 = 0x40;
0x0000370c move a1, zero | a1 = 0;
0x00003710 move a0, v0 | a0 = v0;
0x00003714 jalr t9 | t9 ();
0x00003718 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000371c lw t9, -0x7d7c(gp) | t9 = sym.imp.malloc;
0x00003720 addiu a0, zero, 0x40 | a0 = 0x40;
0x00003724 jalr t9 | t9 ();
0x00003728 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000372c sw v0, 0x94(s2) | *((s2 + 37)) = v0;
| if (v0 == 0) {
0x00003730 beqz v0, 0x3810 | goto label_8;
| }
0x00003734 lw t9, -0x7dac(gp) | t9 = sym.imp.memset;
0x00003738 addiu a2, zero, 0x40 | a2 = 0x40;
0x0000373c move a1, zero | a1 = 0;
0x00003740 move a0, v0 | a0 = v0;
0x00003744 jalr t9 | t9 ();
0x00003748 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000374c addiu a2, zero, 0x80 | a2 = 0x80;
0x00003750 move a1, s1 | a1 = s1;
0x00003754 lw t9, -0x7dd0(gp) | t9 = sym.imp.__strcpy_chk
0x00003758 move a0, s2 | a0 = s2;
0x0000375c jalr t9 | t9 ();
0x00003760 addiu v1, zero, 1 | v1 = 1;
0x00003764 addiu v0, zero, 3 | v0 = 3;
0x00003768 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000376c sw v1, 0x84(s2) | *((s2 + 33)) = v1;
0x00003770 sw s0, 0x98(s2) | *((s2 + 38)) = s0;
| if (s4 != v0) {
0x00003774 bne s4, v0, 0x37a0 | goto label_9;
| }
0x00003778 sw s4, 0x80(s2) | *((s2 + 32)) = s4;
| do {
| label_0:
0x0000377c lw ra, 0x2c(sp) | ra = *(var_2ch);
0x00003780 move v0, s2 | v0 = s2;
0x00003784 lw s4, 0x28(sp) | s4 = *(var_28h);
0x00003788 lw s3, 0x24(sp) | s3 = *(var_24h);
0x0000378c lw s2, 0x20(sp) | s2 = *(var_20h);
0x00003790 lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x00003794 lw s0, 0x18(sp) | s0 = *(var_18h);
0x00003798 addiu sp, sp, 0x30 |
0x0000379c jr ra | return v0;
| label_9:
0x000037a0 lw t9, -0x7fb0(gp) | t9 = sym.is_device;
0x000037a4 addiu a1, zero, 1 | a1 = 1;
0x000037a8 move a0, s1 | a0 = s1;
0x000037ac bal 0x99ac | sym_is_device ();
0x000037b0 lw ra, 0x2c(sp) | ra = *(var_2ch);
| if (v0 == 0) {
0x000037b4 beqz v0, 0x37d0 | goto label_10;
| }
0x000037b8 addiu v0, zero, 2 | v0 = 2;
0x000037bc beql s4, v0, 0x377c |
| } while (s4 == v0);
0x000037c0 sw s4, 0x80(s2) | *((s2 + 32)) = s4;
0x000037c4 addiu s4, zero, 1 | s4 = 1;
0x000037c8 sw s4, 0x80(s2) | *((s2 + 32)) = s4;
0x000037cc b 0x377c | goto label_0;
| label_10:
0x000037d0 sw zero, 0x80(s2) | *((s2 + 32)) = 0;
0x000037d4 move v0, s2 | v0 = s2;
0x000037d8 lw s4, 0x28(sp) | s4 = *(var_28h);
0x000037dc lw s3, 0x24(sp) | s3 = *(var_24h);
0x000037e0 lw s2, 0x20(sp) | s2 = *(var_20h);
0x000037e4 lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x000037e8 lw s0, 0x18(sp) | s0 = *(var_18h);
0x000037ec addiu sp, sp, 0x30 |
0x000037f0 jr ra | return v0;
| label_7:
0x000037f4 addiu v0, zero, 1 | v0 = 1;
| if (v1 == v0) {
0x000037f8 beql v1, v0, 0x368c | goto label_1;
| }
0x000037fc sw s4, 0x80(s0) | *((s0 + 32)) = s4;
0x00003800 sw v0, 0x84(s0) | *((s0 + 33)) = v0;
0x00003804 b 0x3690 | goto label_2;
| label_4:
0x00003808 move s2, zero | s2 = 0;
0x0000380c b 0x3694 | goto label_3;
| label_8:
0x00003810 lw a0, -0x7fcc(gp) | a0 = *(gp);
0x00003814 lw t9, -0x7d6c(gp) | t9 = sym.imp.perror;
0x00003818 addiu a0, a0, -0x674 | a0 += -0x674;
0x0000381c jalr t9 | t9 ();
0x00003820 lw gp, 0x10(sp) | gp = *(var_10h);
0x00003824 lw t9, -0x7d8c(gp) | t9 = sym.imp.exit;
0x00003828 addiu a0, zero, 4 | a0 = 4;
0x0000382c jalr t9 | return t9 ();
| }
[*] Function strcpy used 2 times iostat
