[*] Binary protection state of tapestat
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of tapestat
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/tapestat @ 0x4ab0 */
| #include <stdint.h>
|
; (fcn) sym.get_proc_cpu_nr () | void get_proc_cpu_nr () {
0x00004ab0 lui gp, 2 |
0x00004ab4 addiu gp, gp, -0x2a00 |
0x00004ab8 addu gp, gp, t9 | gp += t9;
0x00004abc addiu sp, sp, -0x58 |
0x00004ac0 lw a1, -0x7fd4(gp) | a1 = *((gp - 8181));
0x00004ac4 sw s5, 0x4c(sp) | *(var_4ch) = s5;
0x00004ac8 lw s5, -0x7dc4(gp) | s5 = *((gp - 8049));
0x00004acc sw s0, 0x38(sp) | *(var_38h) = s0;
0x00004ad0 lw s0, -0x7fd4(gp) | s0 = *((gp - 8181));
0x00004ad4 lw v0, (s5) | v0 = *(s5);
0x00004ad8 lw t9, -0x7db8(gp) | t9 = sym.imp.fopen;
0x00004adc sw gp, 0x18(sp) | *(var_18h) = gp;
0x00004ae0 sw ra, 0x54(sp) | *(var_54h) = ra;
0x00004ae4 sw s6, 0x50(sp) | *(var_50h) = s6;
0x00004ae8 sw s4, 0x48(sp) | *(var_48h) = s4;
0x00004aec sw s3, 0x44(sp) | *(var_44h) = s3;
0x00004af0 sw s2, 0x40(sp) | *(var_40h) = s2;
0x00004af4 sw s1, 0x3c(sp) | *(var_3ch) = s1;
0x00004af8 addiu a1, a1, -0x653c | a1 += -0x653c;
0x00004afc addiu a0, s0, -0x669c | a0 = s0 + -0x669c;
0x00004b00 sw v0, 0x34(sp) | *(var_34h) = v0;
0x00004b04 jalr t9 | t9 ();
0x00004b08 nop |
0x00004b0c lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x00004b10 beqz v0, 0x4c10 | goto label_2;
| }
0x00004b14 lw s2, -0x7fd4(gp) | s2 = *((gp - 8181));
0x00004b18 lw s3, -0x7fd4(gp) | s3 = *((gp - 8181));
0x00004b1c lw s6, -0x7fd4(gp) | s6 = *((gp - 8181));
0x00004b20 move s1, v0 | s1 = v0;
0x00004b24 addiu s4, zero, -1 | s4 = -1;
0x00004b28 addiu s0, sp, 0x24 | s0 = sp + 0x24;
0x00004b2c addiu s2, s2, -0x667c | s2 += -0x667c;
0x00004b30 addiu s3, s3, -0x66ac | s3 += -0x66ac;
| do {
| label_0:
0x00004b34 lw t9, -0x7dc8(gp) | t9 = sym.imp.fgets;
0x00004b38 move a2, s1 | a2 = s1;
0x00004b3c addiu a1, zero, 0x10 | a1 = 0x10;
0x00004b40 move a0, s0 | a0 = s0;
0x00004b44 jalr t9 | t9 ();
0x00004b48 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x00004b4c beqz v0, 0x4bc8 | goto label_3;
| }
| label_1:
0x00004b50 lw t9, -0x7e90(gp) | t9 = sym.imp.strncmp;
0x00004b54 addiu a2, zero, 4 | a2 = 4;
0x00004b58 move a1, s2 | a1 = s2;
0x00004b5c move a0, s0 | a0 = s0;
0x00004b60 jalr t9 | t9 ();
0x00004b64 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004b68 beqz v0, 0x4b34 |
| } while (v0 == 0);
0x00004b6c lw t9, -0x7e90(gp) | t9 = sym.imp.strncmp;
0x00004b70 addiu a2, zero, 3 | a2 = 3;
0x00004b74 move a1, s3 | a1 = s3;
0x00004b78 move a0, s0 | a0 = s0;
0x00004b7c jalr t9 | t9 ();
0x00004b80 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != 0) {
0x00004b84 bnez v0, 0x4b34 | goto label_0;
| }
0x00004b88 lw t9, -0x7e3c(gp) | t9 = sym.imp.__isoc99_sscanf;
0x00004b8c addiu a2, sp, 0x20 | a2 = sp + 0x20;
0x00004b90 addiu a1, s6, -0x66a0 | a1 = s6 + -0x66a0;
0x00004b94 addiu a0, sp, 0x27 | a0 = sp + 0x27;
0x00004b98 jalr t9 | t9 ();
0x00004b9c lw gp, 0x18(sp) | gp = *(var_18h);
0x00004ba0 lw v0, 0x20(sp) | v0 = *(var_20h_2);
0x00004ba4 move a2, s1 | a2 = s1;
0x00004ba8 lw t9, -0x7dc8(gp) | t9 = sym.imp.fgets;
0x00004bac slt v1, s4, v0 | v1 = (s4 < v0) ? 1 : 0;
0x00004bb0 addiu a1, zero, 0x10 | a1 = 0x10;
0x00004bb4 move a0, s0 | a0 = s0;
| if (v1 == 0) {
0x00004bb8 movn s4, v0, v1 | s4 = v0;
| }
0x00004bbc jalr t9 | t9 ();
0x00004bc0 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != 0) {
0x00004bc4 bnez v0, 0x4b50 | goto label_1;
| }
| label_3:
0x00004bc8 lw t9, -0x7e7c(gp) | t9 = sym.imp.fclose;
0x00004bcc move a0, s1 | a0 = s1;
0x00004bd0 jalr t9 | t9 ();
0x00004bd4 lw a0, 0x34(sp) | a0 = *(var_34h);
0x00004bd8 lw v1, (s5) | v1 = *(s5);
0x00004bdc lw gp, 0x18(sp) | gp = *(var_18h);
0x00004be0 addiu v0, s4, 1 | v0 = s4 + 1;
| if (a0 == v1) {
0x00004be4 bne a0, v1, 0x4c64 |
0x00004be8 lw ra, 0x54(sp) | ra = *(var_54h);
0x00004bec lw s6, 0x50(sp) | s6 = *(var_50h);
0x00004bf0 lw s5, 0x4c(sp) | s5 = *(var_4ch);
0x00004bf4 lw s4, 0x48(sp) | s4 = *(var_48h);
0x00004bf8 lw s3, 0x44(sp) | s3 = *(var_44h);
0x00004bfc lw s2, 0x40(sp) | s2 = *(var_40h);
0x00004c00 lw s1, 0x3c(sp) | s1 = *(var_3ch);
0x00004c04 lw s0, 0x38(sp) | s0 = *(var_38h);
0x00004c08 addiu sp, sp, 0x58 |
0x00004c0c jr ra | return v0;
| label_2:
0x00004c10 lw v0, -0x7dbc(gp) | v0 = *((gp - 8047));
0x00004c14 lw t9, -0x7e48(gp) | t9 = sym.imp.__errno_location;
0x00004c18 lw s1, (v0) | s1 = *(v0);
0x00004c1c jalr t9 | t9 ();
0x00004c20 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004c24 lw t9, -0x7e18(gp) | t9 = sym.imp.strerror;
0x00004c28 lw a0, (v0) | a0 = *(v0);
0x00004c2c jalr t9 | t9 ();
0x00004c30 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004c34 move a0, s1 | a0 = s1;
0x00004c38 sw v0, 0x10(sp) | *(var_10h) = v0;
0x00004c3c lw a2, -0x7fd4(gp) | a2 = *((gp - 8181));
0x00004c40 lw t9, -0x7e84(gp) | t9 = sym.imp.__fprintf_chk
0x00004c44 addiu a3, s0, -0x669c | a3 = s0 + -0x669c;
0x00004c48 addiu a2, a2, -0x6690 | a2 += -0x6690;
0x00004c4c addiu a1, zero, 1 | a1 = 1;
0x00004c50 jalr t9 | t9 ();
0x00004c54 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004c58 lw t9, -0x7e20(gp) | t9 = sym.imp.exit;
0x00004c5c addiu a0, zero, 1 | a0 = 1;
0x00004c60 jalr t9 | t9 ();
| }
0x00004c64 lw t9, -0x7ddc(gp) | t9 = sym.imp.__stack_chk_fail;
0x00004c68 jalr t9 | t9 ();
0x00004c6c nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/tapestat @ 0x2650 */
| #include <stdint.h>
|
; (fcn) sym.usage () | void usage () {
0x00002650 lui gp, 2 |
0x00002654 addiu gp, gp, -0x5a0 |
0x00002658 addu gp, gp, t9 | gp += t9;
0x0000265c addiu sp, sp, -0x20 |
0x00002660 lw a2, -0x7fd4(gp) | a2 = *((gp - 8181));
0x00002664 sw s0, 0x18(sp) | *(var_20h_2) = s0;
0x00002668 lw s0, -0x7dbc(gp) | s0 = *((gp - 8047));
0x0000266c lw t9, -0x7e84(gp) | t9 = sym.imp.__fprintf_chk
0x00002670 move a3, a0 | a3 = a0;
0x00002674 lw a0, (s0) | a0 = *(s0);
0x00002678 sw gp, 0x10(sp) | *(var_18h) = gp;
0x0000267c sw ra, 0x1c(sp) | *(var_24h_2) = ra;
0x00002680 addiu a2, a2, -0x6918 | a2 += -0x6918;
0x00002684 addiu a1, zero, 1 | a1 = 1;
0x00002688 jalr t9 | t9 ();
0x0000268c lw gp, 0x10(sp) | gp = *(var_18h);
0x00002690 lw a3, (s0) | a3 = *(s0);
0x00002694 addiu a2, zero, 0x41 | a2 = 0x41;
0x00002698 lw a0, -0x7fd4(gp) | a0 = *((gp - 8181));
0x0000269c lw t9, -0x7dfc(gp) | t9 = sym.imp.fwrite;
0x000026a0 addiu a0, a0, -0x68e4 | a0 += -0x68e4;
0x000026a4 addiu a1, zero, 1 | a1 = 1;
0x000026a8 jalr t9 | t9 ();
0x000026ac lw gp, 0x10(sp) | gp = *(var_18h);
0x000026b0 lw t9, -0x7e20(gp) | t9 = sym.imp.exit;
0x000026b4 addiu a0, zero, 1 | a0 = 1;
0x000026b8 jalr t9 | return t9 ();
| }
[*] Function fprintf used 3 times tapestat
