[*] Binary protection state of pidstat
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of pidstat
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/pidstat @ 0xd9ac */
| #include <stdint.h>
|
; (fcn) sym.get_persistent_names () | void get_persistent_names () {
| label_2:
0x0000d9ac lui gp, 2 |
0x0000d9b0 addiu gp, gp, -0x38fc |
0x0000d9b4 addu gp, gp, t9 | gp += t9;
0x0000d9b8 lw v0, -0x7cd8(gp) | v0 = *((gp - 7990));
0x0000d9bc addiu sp, sp, -0x58 |
0x0000d9c0 lw a0, -0x7e44(gp) | a0 = *(gp);
0x0000d9c4 sw v0, 0x20(sp) | *(var_20h) = v0;
0x0000d9c8 lw v0, (v0) | v0 = *(v0);
0x0000d9cc lw t9, -0x7e48(gp) | t9 = sym.get_persistent_type_dir;
0x0000d9d0 sw gp, 0x10(sp) | *(var_10h) = gp;
0x0000d9d4 sw ra, 0x54(sp) | *(var_54h) = ra;
0x0000d9d8 sw fp, 0x50(sp) | *(var_50h) = fp;
0x0000d9dc sw s7, 0x4c(sp) | *(var_4ch) = s7;
0x0000d9e0 sw s6, 0x48(sp) | *(var_48h) = s6;
0x0000d9e4 sw s5, 0x44(sp) | *(var_44h) = s5;
0x0000d9e8 sw s4, 0x40(sp) | *(var_40h) = s4;
0x0000d9ec sw s3, 0x3c(sp) | *(var_3ch) = s3;
0x0000d9f0 sw s2, 0x38(sp) | *(var_38h) = s2;
0x0000d9f4 sw s1, 0x34(sp) | *(var_34h) = s1;
0x0000d9f8 sw s0, 0x30(sp) | *(var_30h) = s0;
0x0000d9fc sw v0, 0x2c(sp) | *(var_2ch) = v0;
0x0000da00 bal 0xd870 | sym_get_persistent_type_dir ();
0x0000da04 nop |
0x0000da08 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x0000da0c beqz v0, 0xdba8 | goto label_4;
| }
0x0000da10 lw t9, -0x7d78(gp) | t9 = sym.imp.scandir;
0x0000da14 lw a3, -0x7dac(gp) | a3 = *((gp - 8043));
0x0000da18 move a2, zero | a2 = 0;
0x0000da1c addiu a1, sp, 0x28 | a1 = sp + 0x28;
0x0000da20 move a0, v0 | a0 = v0;
0x0000da24 jalr t9 | t9 ();
0x0000da28 move s1, v0 | s1 = v0;
0x0000da2c lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 < 0) {
0x0000da30 bltz v0, 0xdba8 | goto label_4;
| }
0x0000da34 slti v0, v0, 3 | v0 = (v0 < 3) ? 1 : 0;
0x0000da38 lw fp, 0x28(sp) | fp = *(var_28h_2);
| if (v0 == 0) {
0x0000da3c beqz v0, 0xdac4 | goto label_5;
| }
0x0000da40 move s3, zero | s3 = 0;
| if (s1 == 0) {
0x0000da44 beqz s1, 0xda70 | goto label_6;
| }
| label_0:
0x0000da48 move s0, zero | s0 = 0;
| do {
0x0000da4c sll a0, s0, 2 | a0 = s0 << 2;
0x0000da50 lw t9, -0x7cd0(gp) | t9 = sym.imp.free;
0x0000da54 lwx a0, a0(fp) | __asm ("lwx a0, a0(fp)");
0x0000da58 addiu s0, s0, 1 | s0++;
0x0000da5c jalr t9 | t9 ();
0x0000da60 slt v0, s0, s1 | v0 = (s0 < s1) ? 1 : 0;
0x0000da64 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000da68 lw fp, 0x28(sp) | fp = *(var_28h_2);
0x0000da6c bnez v0, 0xda4c |
| } while (v0 != 0);
| label_6:
0x0000da70 lw t9, -0x7cd0(gp) | t9 = sym.imp.free;
0x0000da74 move a0, fp | a0 = fp;
0x0000da78 jalr t9 | t9 ();
0x0000da7c lw gp, 0x10(sp) | gp = *(var_10h);
| label_1:
0x0000da80 lw v0, 0x20(sp) | v0 = *(var_20h);
0x0000da84 lw a0, 0x2c(sp) | a0 = *(var_2ch);
0x0000da88 lw v1, (v0) | v1 = *(v0);
0x0000da8c move v0, s3 | v0 = s3;
| if (a0 != v1) {
0x0000da90 bne a0, v1, 0xdbb0 | goto label_7;
| }
0x0000da94 lw ra, 0x54(sp) | ra = *(var_54h);
0x0000da98 lw fp, 0x50(sp) | fp = *(var_50h);
0x0000da9c lw s7, 0x4c(sp) | s7 = *(var_4ch);
0x0000daa0 lw s6, 0x48(sp) | s6 = *(var_48h);
0x0000daa4 lw s5, 0x44(sp) | s5 = *(var_44h);
0x0000daa8 lw s4, 0x40(sp) | s4 = *(var_40h);
0x0000daac lw s3, 0x3c(sp) | s3 = *(var_3ch);
0x0000dab0 lw s2, 0x38(sp) | s2 = *(var_38h);
0x0000dab4 lw s1, 0x34(sp) | s1 = *(var_34h);
0x0000dab8 lw s0, 0x30(sp) | s0 = *(var_30h);
0x0000dabc addiu sp, sp, 0x58 |
0x0000dac0 jr ra | return v0;
| label_5:
0x0000dac4 lw t9, -0x7de0(gp) | t9 = sym.imp.calloc;
0x0000dac8 addiu a1, zero, 4 | a1 = 4;
0x0000dacc addiu a0, s1, -1 | a0 = s1 + -1;
0x0000dad0 jalr t9 | t9 ();
0x0000dad4 move s3, v0 | s3 = v0;
0x0000dad8 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x0000dadc beqz v0, 0xda48 | goto label_0;
| }
0x0000dae0 lw v0, -0x7fd4(gp) | v0 = *(gp);
0x0000dae4 sll s5, s1, 2 | s5 = s1 << 2;
| /* esilref: '(' */
0x0000dae8 addiu v0, v0, 0x1814 | v0 += 0x1814;
0x0000daec sw v0, 0x1c(sp) | *(var_1ch_3) = v0;
0x0000daf0 lw v0, -0x7fd4(gp) | v0 = *(gp);
0x0000daf4 move s7, fp | s7 = fp;
| /* esilref: '..' */
0x0000daf8 addiu v0, v0, 0x1818 | v0 += 0x1818;
0x0000dafc addu s5, s5, fp | s5 += fp;
0x0000db00 move s6, zero | s6 = 0;
0x0000db04 sw v0, 0x24(sp) | *(var_24h_2) = v0;
0x0000db08 lw s0, (s7) | s0 = *(s7);
| do {
0x0000db0c lw t9, -0x7cac(gp) | t9 = sym.imp.strcmp;
0x0000db10 addiu s0, s0, 0xb | s0 += 0xb;
0x0000db14 lw a0, 0x1c(sp) | a0 = *(var_1ch_3);
0x0000db18 move a1, s0 | a1 = s0;
0x0000db1c jalr t9 | t9 ();
0x0000db20 sll s2, s6, 2 | s2 = s6 << 2;
0x0000db24 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000db28 addu s4, s3, s2 | s4 = s3 + s2;
| if (v0 != 0) {
0x0000db2c beqz v0, 0xdb94 |
0x0000db30 lw t9, -0x7cac(gp) | t9 = sym.imp.strcmp;
0x0000db34 lw a0, 0x24(sp) | a0 = *(var_24h_2);
0x0000db38 move a1, s0 | a1 = s0;
0x0000db3c jalr t9 | t9 ();
0x0000db40 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x0000db44 beqz v0, 0xdb94 | goto label_8;
| }
0x0000db48 lw t9, -0x7d54(gp) | t9 = sym.imp.strlen;
0x0000db4c move a0, s0 | a0 = s0;
0x0000db50 jalr t9 | t9 ();
0x0000db54 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000db58 addiu a1, zero, 1 | a1 = 1;
0x0000db5c lw t9, -0x7de0(gp) | t9 = sym.imp.calloc;
0x0000db60 addiu a0, v0, 1 | a0 = v0 + 1;
0x0000db64 jalr t9 | t9 ();
0x0000db68 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000db6c sw v0, (s4) | *(s4) = v0;
| if (v0 == 0) {
0x0000db70 beqz v0, 0xdb94 | goto label_8;
| }
0x0000db74 lw t9, -0x7d20(gp) | t9 = sym.imp.strcpy
0x0000db78 move a1, s0 | a1 = s0;
0x0000db7c move a0, v0 | a0 = v0;
0x0000db80 jalr t9 | t9 ();
0x0000db84 addiu s2, s2, 4 | s2 += 4;
0x0000db88 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000db8c addiu s6, s6, 1 | s6++;
0x0000db90 addu s4, s3, s2 | s4 = s3 + s2;
| }
| label_8:
0x0000db94 addiu s7, s7, 4 | s7 += 4;
0x0000db98 lw s0, (s7) | s0 = *(s7);
0x0000db9c bnel s5, s7, 0xdb0c |
| } while (s5 == s7);
0x0000dba0 sw zero, (s4) | *(s4) = 0;
0x0000dba4 b 0xda48 | goto label_0;
| label_4:
0x0000dba8 move s3, zero | s3 = 0;
0x0000dbac b 0xda80 | goto label_1;
| label_7:
0x0000dbb0 lw t9, -0x7cf0(gp) | t9 = sym.imp.__stack_chk_fail;
0x0000dbb4 jalr t9 | t9 ();
0x0000dbb8 nop |
0x0000dbbc lui gp, 2 |
0x0000dbc0 addiu gp, gp, -0x3b0c |
0x0000dbc4 addu gp, gp, t9 | gp += t9;
0x0000dbc8 addiu sp, sp, -0x1040 |
0x0000dbcc lw t9, -0x7e40(gp) | t9 = sym.get_persistent_names;
0x0000dbd0 sw s5, 0x1034(sp) | *(var_1034h) = s5;
0x0000dbd4 lw s5, -0x7cd8(gp) | s5 = *((gp - 7990));
0x0000dbd8 sw s2, 0x1028(sp) | *(var_1028h) = s2;
0x0000dbdc lw s2, -0x7fa8(gp) | s2 = *((gp - 8170));
0x0000dbe0 lw v0, (s5) | v0 = *(s5);
0x0000dbe4 sw gp, 0x10(sp) | *(var_10h_2) = gp;
0x0000dbe8 sw s4, 0x1030(sp) | *(var_1030h) = s4;
0x0000dbec sw ra, 0x103c(sp) | *(var_103ch) = ra;
0x0000dbf0 sw s6, 0x1038(sp) | *(var_1038h) = s6;
0x0000dbf4 sw s3, 0x102c(sp) | *(var_102ch) = s3;
0x0000dbf8 sw s1, 0x1024(sp) | *(var_1024h) = s1;
0x0000dbfc sw s0, 0x1020(sp) | *(var_1020h) = s0;
0x0000dc00 sw v0, 0x101c(sp) | *(var_101ch) = v0;
0x0000dc04 sb zero, 0x2cb0(s2) | *((s2 + 11440)) = 0;
0x0000dc08 move s4, a0 | s4 = a0;
0x0000dc0c bal 0xd9ac | sym_get_persistent_names ();
| goto label_2;
0x0000dc10 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x0000dc14 beqz v0, 0xdd30 | goto label_9;
| }
0x0000dc18 move s0, v0 | s0 = v0;
0x0000dc1c move s3, v0 | s3 = v0;
0x0000dc20 lw a0, (s0) | a0 = *(s0);
0x0000dc24 lw s1, -0x7e3c(gp) | s1 = sym.get_persistent_name_path;
0x0000dc28 addiu s6, sp, 0x1c | s6 = sp + 0x1c;
| if (a0 == 0) {
0x0000dc2c beqz a0, 0xdcbc | goto label_3;
| }
0x0000dc30 move t9, s1 | t9 = s1;
| do {
0x0000dc34 bal 0xd900 | sym_get_persistent_name_path ();
0x0000dc38 nop |
0x0000dc3c lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 != 0) {
0x0000dc40 beqz v0, 0xdcac |
0x0000dc44 lw t9, -0x7d00(gp) | t9 = sym.imp.readlink;
0x0000dc48 addiu a2, zero, 0x1000 | a2 = aav.0x00001000;
0x0000dc4c move a1, s6 | a1 = s6;
0x0000dc50 move a0, v0 | a0 = v0;
0x0000dc54 jalr t9 | t9 ();
0x0000dc58 addiu v1, v0, -1 | v1 = v0 + -1;
0x0000dc5c sltiu v1, v1, 0xfff | v1 = (v1 < 0xfff) ? 1 : 0;
0x0000dc60 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v1 == 0) {
0x0000dc64 beqz v1, 0xdcac | goto label_10;
| }
0x0000dc68 addiu v1, sp, 0x1020 | v1 = sp + 0x1020;
0x0000dc6c addu v0, v1, v0 | v0 = v1 + v0;
0x0000dc70 lw t9, -0x7d7c(gp) | t9 = sym.imp.__xpg_basename;
0x0000dc74 move a0, s6 | a0 = s6;
0x0000dc78 sb zero, -0x1004(v0) | *((v0 - 4100)) = 0;
0x0000dc7c jalr t9 | t9 ();
0x0000dc80 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x0000dc84 beqz v0, 0xdcac | goto label_10;
| }
0x0000dc88 lb v1, (v0) | v1 = *(v0);
0x0000dc8c lw t9, -0x7dbc(gp) | t9 = sym.imp.strncmp;
| if (v1 == 0) {
0x0000dc90 beqz v1, 0xdcac | goto label_10;
| }
0x0000dc94 addiu a2, zero, 0x1000 | a2 = aav.0x00001000;
0x0000dc98 move a1, s4 | a1 = s4;
0x0000dc9c move a0, v0 | a0 = v0;
0x0000dca0 jalr t9 | t9 ();
0x0000dca4 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x0000dca8 beqz v0, 0xdd38 | goto label_11;
| }
| }
| label_10:
0x0000dcac addiu s0, s0, 4 | s0 += 4;
0x0000dcb0 lw a0, (s0) | a0 = *(s0);
0x0000dcb4 move t9, s1 | t9 = s1;
0x0000dcb8 bnez a0, 0xdc34 |
| } while (a0 != 0);
| label_3:
0x0000dcbc lw a0, (s3) | a0 = *(s3);
0x0000dcc0 addiu s0, s3, 4 | s0 = s3 + 4;
| if (a0 == 0) {
0x0000dcc4 beqz a0, 0xdce0 | goto label_12;
| }
| do {
0x0000dcc8 lw t9, -0x7cd0(gp) | t9 = sym.imp.free;
0x0000dccc addiu s0, s0, 4 | s0 += 4;
0x0000dcd0 jalr t9 | t9 ();
0x0000dcd4 lw a0, -4(s0) | a0 = *((s0 - 1));
0x0000dcd8 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x0000dcdc bnez a0, 0xdcc8 |
| } while (a0 != 0);
| label_12:
0x0000dce0 lw t9, -0x7cd0(gp) | t9 = sym.imp.free;
0x0000dce4 move a0, s3 | a0 = s3;
0x0000dce8 jalr t9 | t9 ();
0x0000dcec lb v0, 0x2cb0(s2) | v0 = *((s2 + 11440));
0x0000dcf0 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x0000dcf4 beqz v0, 0xdd30 | goto label_9;
| }
0x0000dcf8 addiu v0, s2, 0x2cb0 | v0 = s2 + 0x2cb0;
| do {
0x0000dcfc lw a0, 0x101c(sp) | a0 = *(var_101ch);
0x0000dd00 lw v1, (s5) | v1 = *(s5);
0x0000dd04 lw ra, 0x103c(sp) | ra = *(var_103ch);
| if (a0 != v1) {
0x0000dd08 bne a0, v1, 0xdd5c | goto label_13;
| }
0x0000dd0c lw s6, 0x1038(sp) | s6 = *(var_1038h);
0x0000dd10 lw s5, 0x1034(sp) | s5 = *(var_1034h);
0x0000dd14 lw s4, 0x1030(sp) | s4 = *(var_1030h);
0x0000dd18 lw s3, 0x102c(sp) | s3 = *(var_102ch);
0x0000dd1c lw s2, 0x1028(sp) | s2 = *(var_1028h);
0x0000dd20 lw s1, 0x1024(sp) | s1 = *(var_1024h);
0x0000dd24 lw s0, 0x1020(sp) | s0 = *(var_1020h);
0x0000dd28 addiu sp, sp, 0x1040 |
0x0000dd2c jr ra | return v0;
| label_9:
0x0000dd30 move v0, zero | v0 = 0;
0x0000dd34 b 0xdcfc |
| } while (1);
| label_11:
0x0000dd38 lw t9, -0x7d70(gp) | t9 = sym.imp.strncpy;
0x0000dd3c lw a1, (s0) | a1 = *(s0);
0x0000dd40 addiu a2, zero, 0x1000 | a2 = aav.0x00001000;
0x0000dd44 addiu a0, s2, 0x2cb0 | a0 = s2 + 0x2cb0;
0x0000dd48 jalr t9 | t9 ();
0x0000dd4c addiu v0, s2, 0x2cb0 | v0 = s2 + 0x2cb0;
0x0000dd50 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x0000dd54 sb zero, 0xfff(v0) | *((v0 + 4095)) = 0;
0x0000dd58 b 0xdcbc | goto label_3;
| label_13:
0x0000dd5c lw t9, -0x7cf0(gp) | t9 = sym.imp.__stack_chk_fail;
0x0000dd60 jalr t9 | t9 ();
0x0000dd64 nop |
0x0000dd68 lui gp, 2 |
0x0000dd6c addiu gp, gp, -0x3cb8 |
0x0000dd70 addu gp, gp, t9 | gp += t9;
0x0000dd74 addiu sp, sp, -0x1030 |
0x0000dd78 lw t9, -0x7e3c(gp) | t9 = sym.get_persistent_name_path;
0x0000dd7c sw s0, 0x1024(sp) | *(var_1024h_2) = s0;
0x0000dd80 lw s0, -0x7cd8(gp) | s0 = *((gp - 7990));
0x0000dd84 sw gp, 0x10(sp) | *(var_10h_3) = gp;
0x0000dd88 sw ra, 0x102c(sp) | *(var_102ch_2) = ra;
0x0000dd8c lw v0, (s0) | v0 = *(s0);
0x0000dd90 sw s1, 0x1028(sp) | *(var_1028h_2) = s1;
0x0000dd94 sw v0, 0x101c(sp) | *(var_101ch_2) = v0;
0x0000dd98 bal 0xd900 | sym_get_persistent_name_path ();
0x0000dd9c nop |
0x0000dda0 lw gp, 0x10(sp) | gp = *(var_10h_3);
| if (v0 == 0) {
0x0000dda4 beqz v0, 0xde1c | goto label_14;
| }
0x0000dda8 lw t9, -0x7d00(gp) | t9 = sym.imp.readlink;
0x0000ddac addiu s1, sp, 0x1c | s1 = sp + 0x1c;
0x0000ddb0 addiu a2, zero, 0x1000 | a2 = aav.0x00001000;
0x0000ddb4 move a1, s1 | a1 = s1;
0x0000ddb8 move a0, v0 | a0 = v0;
0x0000ddbc jalr t9 | t9 ();
0x0000ddc0 addiu v1, v0, -1 | v1 = v0 + -1;
0x0000ddc4 sltiu v1, v1, 0xfff | v1 = (v1 < 0xfff) ? 1 : 0;
0x0000ddc8 lw gp, 0x10(sp) | gp = *(var_10h_3);
| if (v1 == 0) {
0x0000ddcc beqz v1, 0xde1c | goto label_14;
| }
0x0000ddd0 addiu v1, sp, 0x1020 | v1 = sp + 0x1020;
0x0000ddd4 addu v0, v1, v0 | v0 = v1 + v0;
0x0000ddd8 lw t9, -0x7d7c(gp) | t9 = sym.imp.__xpg_basename;
0x0000dddc move a0, s1 | a0 = s1;
0x0000dde0 sb zero, -0x1004(v0) | *((v0 - 4100)) = 0;
0x0000dde4 jalr t9 | t9 ();
0x0000dde8 lw gp, 0x10(sp) | gp = *(var_10h_3);
| if (v0 == 0) {
0x0000ddec beqz v0, 0xde1c | goto label_14;
| }
0x0000ddf0 lb v1, (v0) | v1 = *(v0);
| if (v1 == 0) {
0x0000ddf4 beql v1, zero, 0xddfc | goto label_15;
| }
0x0000ddf8 move v0, zero | v0 = 0;
| do {
| label_15:
0x0000ddfc lw a0, 0x101c(sp) | a0 = *(var_101ch_2);
0x0000de00 lw v1, (s0) | v1 = *(s0);
0x0000de04 lw ra, 0x102c(sp) | ra = *(var_102ch_2);
| if (a0 != v1) {
0x0000de08 bne a0, v1, 0xde24 | goto label_16;
| }
0x0000de0c lw s1, 0x1028(sp) | s1 = *(var_1028h_2);
0x0000de10 lw s0, 0x1024(sp) | s0 = *(var_1024h_2);
0x0000de14 addiu sp, sp, 0x1030 |
0x0000de18 jr ra | return v0;
| label_14:
0x0000de1c move v0, zero | v0 = 0;
0x0000de20 b 0xddfc |
| } while (1);
| label_16:
0x0000de24 lw t9, -0x7cf0(gp) | t9 = sym.imp.__stack_chk_fail;
0x0000de28 jalr t9 | t9 ();
0x0000de2c nop |
| }
[*] Function strcpy used 2 times pidstat
