[*] Binary protection state of createsession.cgi
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of createsession.cgi
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/html/axis-cgi/createsession.cgi @ 0xdd0 */
| #include <stdint.h>
|
; (fcn) sym.purge_old_sessions () | void purge_old_sessions () {
0x00000dd0 lui gp, 2 |
0x00000dd4 addiu gp, gp, -0x6dc0 |
0x00000dd8 addu gp, gp, t9 | gp += t9;
0x00000ddc addiu sp, sp, -0x2b8 |
0x00000de0 sw ra, 0x2b4(sp) | *(var_2b4h) = ra;
0x00000de4 sw fp, 0x2b0(sp) | *(var_2b0h) = fp;
0x00000de8 sw s7, 0x2ac(sp) | *(var_2ach) = s7;
0x00000dec sw s6, 0x2a8(sp) | *(var_2a8h) = s6;
0x00000df0 sw s5, 0x2a4(sp) | *(var_2a4h) = s5;
0x00000df4 sw s4, 0x2a0(sp) | *(var_2a0h) = s4;
0x00000df8 sw s3, 0x29c(sp) | *(var_29ch) = s3;
0x00000dfc sw s2, 0x298(sp) | *(var_298h) = s2;
0x00000e00 sw s1, 0x294(sp) | *(var_294h) = s1;
0x00000e04 sw s0, 0x290(sp) | *(var_290h) = s0;
0x00000e08 move fp, sp | fp = sp;
0x00000e0c sw gp, 0x10(sp) | *(var_10h) = gp;
0x00000e10 lw v0, -0x7f4c(gp) | v0 = *((gp - 8147));
0x00000e14 lw v0, (v0) | v0 = *(v0);
0x00000e18 sw v0, 0x28c(fp) | *(arg_28ch) = v0;
0x00000e1c lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000e20 addiu a0, v0, 0x1de0 | a0 = v0 + 0x1de0;
0x00000e24 lw v0, -0x7f5c(gp) | v0 = sym.imp.getenv;
0x00000e28 move t9, v0 | t9 = v0;
0x00000e2c jalr t9 | t9 ();
0x00000e30 nop |
0x00000e34 lw gp, 0x10(fp) | gp = *(arg_10h);
| if (v0 != 0) {
0x00000e38 beqz v0, 0xe64 |
0x00000e3c nop |
0x00000e40 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000e44 addiu a0, v0, 0x1de0 | a0 = v0 + 0x1de0;
0x00000e48 lw v0, -0x7f5c(gp) | v0 = sym.imp.getenv;
0x00000e4c move t9, v0 | t9 = v0;
0x00000e50 jalr t9 | t9 ();
0x00000e54 nop |
0x00000e58 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00000e5c b 0xe6c | goto label_1;
0x00000e60 nop |
| }
0x00000e64 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000e68 addiu v0, v0, 0x1dec | v0 += 0x1dec;
| label_1:
0x00000e6c move a0, v0 | a0 = v0;
0x00000e70 lw v0, -0x7fa0(gp) | v0 = sym.imp.opendir;
0x00000e74 move t9, v0 | t9 = v0;
0x00000e78 jalr t9 | t9 ();
0x00000e7c nop |
0x00000e80 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00000e84 sw v0, 0x28(fp) | *(arg_28h) = v0;
0x00000e88 lw v0, 0x28(fp) | v0 = *(arg_28h);
| if (v0 == 0) {
0x00000e8c beqz v0, 0x121c | goto label_2;
| }
0x00000e90 nop |
0x00000e94 move v0, sp | v0 = sp;
0x00000e98 sw v0, 0x1c(fp) | *(arg_1ch) = v0;
0x00000e9c lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000ea0 addiu a0, v0, 0x1de0 | a0 = v0 + 0x1de0;
0x00000ea4 lw v0, -0x7f5c(gp) | v0 = sym.imp.getenv;
0x00000ea8 move t9, v0 | t9 = v0;
0x00000eac jalr t9 | t9 ();
0x00000eb0 nop |
0x00000eb4 lw gp, 0x10(fp) | gp = *(arg_10h);
| if (v0 != 0) {
0x00000eb8 beqz v0, 0xee4 |
0x00000ebc nop |
0x00000ec0 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000ec4 addiu a0, v0, 0x1de0 | a0 = v0 + 0x1de0;
0x00000ec8 lw v0, -0x7f5c(gp) | v0 = sym.imp.getenv;
0x00000ecc move t9, v0 | t9 = v0;
0x00000ed0 jalr t9 | t9 ();
0x00000ed4 nop |
0x00000ed8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00000edc b 0xeec | goto label_3;
0x00000ee0 nop |
| }
0x00000ee4 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000ee8 addiu v0, v0, 0x1dec | v0 += 0x1dec;
| label_3:
0x00000eec move a0, v0 | a0 = v0;
0x00000ef0 lw v0, -0x7f74(gp) | v0 = sym.imp.strlen;
0x00000ef4 move t9, v0 | t9 = v0;
0x00000ef8 jalr t9 | t9 ();
0x00000efc nop |
0x00000f00 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00000f04 addiu v0, v0, 0x41 | v0 += 0x41;
0x00000f08 move v1, v0 | v1 = v0;
0x00000f0c addiu v1, v1, -1 | v1 += -1;
0x00000f10 sw v1, 0x2c(fp) | *(arg_2ch) = v1;
0x00000f14 move s6, v0 | s6 = v0;
0x00000f18 move s7, zero | s7 = 0;
0x00000f1c srl v1, s6, 0x1d | v1 = s6 >> 0x1d;
0x00000f20 sll s3, s7, 3 | s3 = s7 << 3;
0x00000f24 or s3, v1, s3 | s3 = v1 | s3;
0x00000f28 sll s2, s6, 3 | s2 = s6 << 3;
0x00000f2c move s4, v0 | s4 = v0;
0x00000f30 move s5, zero | s5 = 0;
0x00000f34 srl v1, s4, 0x1d | v1 = s4 >> 0x1d;
0x00000f38 sll s1, s5, 3 | s1 = s5 << 3;
0x00000f3c or s1, v1, s1 | s1 = v1 | s1;
0x00000f40 sll s0, s4, 3 | s0 = s4 << 3;
0x00000f44 addiu v0, v0, 7 | v0 += 7;
0x00000f48 srl v0, v0, 3 | v0 >>= 3;
0x00000f4c sll v0, v0, 3 | v0 <<= 3;
0x00000f50 subu sp, sp, v0 |
0x00000f54 addiu v0, sp, 0x10 | v0 = sp + 0x10;
0x00000f58 addiu v0, v0, 0 | v0 += 0;
0x00000f5c sw v0, 0x30(fp) | *(arg_30h) = v0;
0x00000f60 addiu v0, fp, 0x48 | v0 = fp + 0x48;
0x00000f64 move a0, v0 | a0 = v0;
0x00000f68 lw v0, -0x7f64(gp) | v0 = sym.imp.sysinfo;
0x00000f6c move t9, v0 | t9 = v0;
0x00000f70 jalr t9 | t9 ();
0x00000f74 nop |
0x00000f78 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00000f7c b 0x11d8 | goto label_4;
0x00000f80 nop |
| label_0:
0x00000f84 lw v0, 0x34(fp) | v0 = *(arg_34h);
0x00000f88 lb v1, 0xb(v0) | v1 = *((v0 + 11));
0x00000f8c addiu v0, zero, 0x2e | v0 = 0x2e;
| if (v1 == v0) {
0x00000f90 bne v1, v0, 0xfa0 |
0x00000f94 nop |
0x00000f98 b 0x11d8 | goto label_4;
0x00000f9c nop |
| }
0x00000fa0 lw s0, 0x30(fp) | s0 = *(arg_30h);
0x00000fa4 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000fa8 addiu a0, v0, 0x1de0 | a0 = v0 + 0x1de0;
0x00000fac lw v0, -0x7f5c(gp) | v0 = sym.imp.getenv;
0x00000fb0 move t9, v0 | t9 = v0;
0x00000fb4 jalr t9 | t9 ();
0x00000fb8 nop |
0x00000fbc lw gp, 0x10(fp) | gp = *(arg_10h);
| if (v0 != 0) {
0x00000fc0 beqz v0, 0xff0 |
0x00000fc4 nop |
0x00000fc8 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000fcc addiu a0, v0, 0x1de0 | a0 = v0 + 0x1de0;
0x00000fd0 lw v0, -0x7f5c(gp) | v0 = sym.imp.getenv;
0x00000fd4 move t9, v0 | t9 = v0;
0x00000fd8 jalr t9 | t9 ();
0x00000fdc nop |
0x00000fe0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00000fe4 move v1, v0 | v1 = v0;
0x00000fe8 b 0xff8 | goto label_5;
0x00000fec nop |
| }
0x00000ff0 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000ff4 addiu v1, v0, 0x1dec | v1 = v0 + 0x1dec;
| label_5:
0x00000ff8 lw v0, 0x34(fp) | v0 = *(arg_34h);
0x00000ffc addiu v0, v0, 0xb | v0 += 0xb;
0x00001000 move a3, v0 | a3 = v0;
0x00001004 move a2, v1 | a2 = v1;
0x00001008 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x0000100c addiu a1, v0, 0x1e00 | a1 = v0 + 0x1e00;
0x00001010 move a0, s0 | a0 = s0;
0x00001014 lw v0, -0x7f90(gp) | v0 = sym.imp.sprintf
0x00001018 move t9, v0 | t9 = v0;
0x0000101c jalr t9 | t9 ();
0x00001020 nop |
0x00001024 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00001028 lw v0, 0x30(fp) | v0 = *(arg_30h);
0x0000102c move a1, zero | a1 = 0;
0x00001030 move a0, v0 | a0 = v0;
0x00001034 lw v0, -0x7f6c(gp) | v0 = sym.imp.open;
0x00001038 move t9, v0 | t9 = v0;
0x0000103c jalr t9 | t9 ();
0x00001040 nop |
0x00001044 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00001048 sw v0, 0x38(fp) | *(arg_38h) = v0;
0x0000104c lw v0, 0x38(fp) | v0 = *(arg_38h);
| if (v0 == 0) {
0x00001050 beqz v0, 0x11d8 | goto label_4;
| }
0x00001054 nop |
0x00001058 addiu v0, fp, 0x88 | v0 = fp + 0x88;
0x0000105c addiu a2, zero, 0x200 | a2 = 0x200;
0x00001060 move a1, v0 | a1 = v0;
0x00001064 lw a0, 0x38(fp) | a0 = *(arg_38h);
0x00001068 lw v0, -0x7f40(gp) | v0 = sym.imp.read;
0x0000106c move t9, v0 | t9 = v0;
0x00001070 jalr t9 | t9 ();
0x00001074 nop |
0x00001078 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0000107c sw v0, 0x3c(fp) | *(arg_3ch) = v0;
0x00001080 lw a0, 0x38(fp) | a0 = *(arg_38h);
0x00001084 lw v0, -0x7f98(gp) | v0 = sym.imp.close;
0x00001088 move t9, v0 | t9 = v0;
0x0000108c jalr t9 | t9 ();
0x00001090 nop |
0x00001094 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00001098 lw v1, 0x3c(fp) | v1 = *(arg_3ch);
0x0000109c addiu v0, zero, -1 | v0 = -1;
| if (v1 == v0) {
0x000010a0 beq v1, v0, 0x11d8 | goto label_4;
| }
0x000010a4 nop |
0x000010a8 addiu v0, fp, 0x88 | v0 = fp + 0x88;
0x000010ac sw v0, 0x24(fp) | *(arg_24h) = v0;
0x000010b0 addiu v0, fp, 0x88 | v0 = fp + 0x88;
0x000010b4 sw v0, 0x20(fp) | *(arg_20h) = v0;
0x000010b8 lw v0, 0x3c(fp) | v0 = *(arg_3ch);
0x000010bc addiu v1, fp, 0x290 | v1 = fp + 0x290;
0x000010c0 addu v0, v1, v0 | v0 = v1 + v0;
0x000010c4 sb zero, -0x208(v0) | *((v0 - 520)) = 0;
0x000010c8 b 0x11b0 | goto label_6;
0x000010cc nop |
| do {
0x000010d0 addiu a1, zero, 0xa | a1 = 0xa;
0x000010d4 lw a0, 0x24(fp) | a0 = *(arg_24h);
0x000010d8 lw v0, -0x7f70(gp) | v0 = sym.imp.strchr;
0x000010dc move t9, v0 | t9 = v0;
0x000010e0 jalr t9 | t9 ();
0x000010e4 nop |
0x000010e8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x000010ec sw v0, 0x40(fp) | *(arg_40h) = v0;
0x000010f0 lw v0, 0x40(fp) | v0 = *(arg_40h);
| if (v0 != 0) {
0x000010f4 beqz v0, 0x1110 |
0x000010f8 nop |
0x000010fc lw v0, 0x40(fp) | v0 = *(arg_40h);
0x00001100 sb zero, (v0) | *(v0) = 0;
0x00001104 lw v0, 0x40(fp) | v0 = *(arg_40h);
0x00001108 addiu v0, v0, 1 | v0++;
0x0000110c sw v0, 0x20(fp) | *(arg_20h) = v0;
| }
0x00001110 addiu a2, zero, 8 | a2 = 8;
0x00001114 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00001118 addiu a1, v0, 0x1e08 | a1 = v0 + str.VALIDTO;
0x0000111c lw a0, 0x24(fp) | a0 = *(arg_24h);
0x00001120 lw v0, -0x7f50(gp) | v0 = sym.imp.memcmp;
0x00001124 move t9, v0 | t9 = v0;
0x00001128 jalr t9 | t9 ();
0x0000112c nop |
0x00001130 lw gp, 0x10(fp) | gp = *(arg_10h);
| if (v0 == 0) {
0x00001134 bnez v0, 0x11a8 |
0x00001138 nop |
0x0000113c lw v0, 0x24(fp) | v0 = *(arg_24h);
0x00001140 addiu v0, v0, 8 | v0 += 8;
0x00001144 move a0, v0 | a0 = v0;
0x00001148 lw v0, -0x7f80(gp) | v0 = sym.imp.atol;
0x0000114c move t9, v0 | t9 = v0;
0x00001150 jalr t9 | t9 ();
0x00001154 nop |
0x00001158 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0000115c sw v0, 0x44(fp) | *(arg_44h) = v0;
0x00001160 lw v0, 0x44(fp) | v0 = *(arg_44h);
| if (v0 == 0) {
0x00001164 beqz v0, 0x11d4 | goto label_7;
| }
0x00001168 nop |
0x0000116c lw v0, 0x48(fp) | v0 = *(arg_48h);
0x00001170 move v1, v0 | v1 = v0;
0x00001174 lw v0, 0x44(fp) | v0 = *(arg_44h);
0x00001178 sltu v0, v0, v1 | v0 = (v0 < v1) ? 1 : 0;
| if (v0 == 0) {
0x0000117c beqz v0, 0x11d4 | goto label_7;
| }
0x00001180 nop |
0x00001184 lw v0, 0x30(fp) | v0 = *(arg_30h);
0x00001188 move a0, v0 | a0 = v0;
0x0000118c lw v0, -0x7f58(gp) | v0 = sym.imp.unlink;
0x00001190 move t9, v0 | t9 = v0;
0x00001194 jalr t9 | t9 ();
0x00001198 nop |
0x0000119c lw gp, 0x10(fp) | gp = *(arg_10h);
0x000011a0 b 0x11d4 | goto label_7;
0x000011a4 nop |
| }
0x000011a8 lw v0, 0x20(fp) | v0 = *(arg_20h);
0x000011ac sw v0, 0x24(fp) | *(arg_24h) = v0;
| label_6:
0x000011b0 lw v0, 0x24(fp) | v0 = *(arg_24h);
0x000011b4 lb v0, (v0) | v0 = *(v0);
| if (v0 == 0) {
0x000011b8 beqz v0, 0x11d8 | goto label_4;
| }
0x000011bc nop |
0x000011c0 lw v0, 0x20(fp) | v0 = *(arg_20h);
0x000011c4 bnez v0, 0x10d0 |
| } while (v0 != 0);
0x000011c8 nop |
0x000011cc b 0x11d8 | goto label_4;
0x000011d0 nop |
| label_7:
0x000011d4 nop |
| label_4:
0x000011d8 lw a0, 0x28(fp) | a0 = *(arg_28h);
0x000011dc lw v0, -0x7f88(gp) | v0 = sym.imp.readdir;
0x000011e0 move t9, v0 | t9 = v0;
0x000011e4 jalr t9 | t9 ();
0x000011e8 nop |
0x000011ec lw gp, 0x10(fp) | gp = *(arg_10h);
0x000011f0 sw v0, 0x34(fp) | *(arg_34h) = v0;
0x000011f4 lw v0, 0x34(fp) | v0 = *(arg_34h);
| if (v0 != 0) {
0x000011f8 bnez v0, 0xf84 | goto label_0;
| }
0x000011fc nop |
0x00001200 lw a0, 0x28(fp) | a0 = *(arg_28h);
0x00001204 lw v0, -0x7f9c(gp) | v0 = sym.imp.closedir;
0x00001208 move t9, v0 | t9 = v0;
0x0000120c jalr t9 | t9 ();
0x00001210 nop |
0x00001214 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00001218 lw sp, 0x1c(fp) |
| label_2:
0x0000121c nop |
0x00001220 lw v0, -0x7f4c(gp) | v0 = *((gp - 8147));
0x00001224 lw v1, 0x28c(fp) | v1 = *(arg_28ch);
0x00001228 lw v0, (v0) | v0 = *(v0);
| if (v1 != v0) {
0x0000122c beq v1, v0, 0x1244 |
0x00001230 nop |
0x00001234 lw v0, -0x7f54(gp) | v0 = sym.imp.__stack_chk_fail;
0x00001238 move t9, v0 | t9 = v0;
0x0000123c jalr t9 | t9 ();
0x00001240 nop |
| }
0x00001244 move sp, fp |
0x00001248 lw ra, 0x2b4(sp) | ra = *(var_2b4h);
0x0000124c lw fp, 0x2b0(sp) | fp = *(var_2b0h);
0x00001250 lw s7, 0x2ac(sp) | s7 = *(var_2ach);
0x00001254 lw s6, 0x2a8(sp) | s6 = *(var_2a8h);
0x00001258 lw s5, 0x2a4(sp) | s5 = *(var_2a4h);
0x0000125c lw s4, 0x2a0(sp) | s4 = *(var_2a0h);
0x00001260 lw s3, 0x29c(sp) | s3 = *(var_29ch);
0x00001264 lw s2, 0x298(sp) | s2 = *(var_298h);
0x00001268 lw s1, 0x294(sp) | s1 = *(var_294h);
0x0000126c lw s0, 0x290(sp) | s0 = *(var_290h);
0x00001270 addiu sp, sp, 0x2b8 |
0x00001274 jr ra | return v0;
0x00001278 nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/html/axis-cgi/createsession.cgi @ 0x1820 */
| #include <stdint.h>
|
; (fcn) sym.write_session_file () | void write_session_file () {
0x00001820 lui gp, 2 |
0x00001824 addiu gp, gp, -0x7810 |
0x00001828 addu gp, gp, t9 | gp += t9;
0x0000182c addiu sp, sp, -0x2c8 |
0x00001830 sw ra, 0x2c4(sp) | *(var_2c4h) = ra;
0x00001834 sw fp, 0x2c0(sp) | *(var_2c0h) = fp;
0x00001838 sw s7, 0x2bc(sp) | *(var_2bch) = s7;
0x0000183c sw s6, 0x2b8(sp) | *(var_2b8h) = s6;
0x00001840 sw s5, 0x2b4(sp) | *(var_2b4h) = s5;
0x00001844 sw s4, 0x2b0(sp) | *(var_2b0h) = s4;
0x00001848 sw s3, 0x2ac(sp) | *(var_2ach) = s3;
0x0000184c sw s2, 0x2a8(sp) | *(var_2a8h) = s2;
0x00001850 sw s1, 0x2a4(sp) | *(var_2a4h) = s1;
0x00001854 sw s0, 0x2a0(sp) | *(var_2a0h) = s0;
0x00001858 move fp, sp | fp = sp;
0x0000185c sw gp, 0x28(sp) | *(var_28h) = gp;
0x00001860 sw a0, 0x3c(fp) | *(arg_3ch) = a0;
0x00001864 sw a1, 0x38(fp) | *(arg_38h) = a1;
0x00001868 sw a2, 0x2d0(fp) | *(arg_2d0h) = a2;
0x0000186c sw a3, 0x2d4(fp) | *(arg_2d4h) = a3;
0x00001870 lw v0, 0x2dc(fp) | v0 = *(arg_2dch);
0x00001874 sw v0, 0x34(fp) | *(arg_34h) = v0;
0x00001878 lw v0, -0x7f4c(gp) | v0 = *((gp - 8147));
0x0000187c lw v0, (v0) | v0 = *(v0);
0x00001880 sw v0, 0x29c(fp) | *(arg_29ch) = v0;
0x00001884 move v0, sp | v0 = sp;
0x00001888 sw v0, 0x30(fp) | *(arg_30h) = v0;
0x0000188c lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00001890 addiu a0, v0, 0x1ed0 | a0 = v0 + str.SESSION_DIR;
0x00001894 lw v0, -0x7f5c(gp) | v0 = sym.imp.getenv;
0x00001898 move t9, v0 | t9 = v0;
0x0000189c jalr t9 | t9 ();
0x000018a0 nop |
0x000018a4 lw gp, 0x28(fp) | gp = *(arg_28h);
| if (v0 != 0) {
0x000018a8 beqz v0, 0x18d4 |
0x000018ac nop |
0x000018b0 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x000018b4 addiu a0, v0, 0x1ed0 | a0 = v0 + str.SESSION_DIR;
0x000018b8 lw v0, -0x7f5c(gp) | v0 = sym.imp.getenv;
0x000018bc move t9, v0 | t9 = v0;
0x000018c0 jalr t9 | t9 ();
0x000018c4 nop |
0x000018c8 lw gp, 0x28(fp) | gp = *(arg_28h);
0x000018cc b 0x18dc | goto label_0;
0x000018d0 nop |
| }
0x000018d4 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x000018d8 addiu v0, v0, 0x1edc | v0 += str._var_run_session_;
| label_0:
0x000018dc move a0, v0 | a0 = v0;
0x000018e0 lw v0, -0x7f74(gp) | v0 = sym.imp.strlen;
0x000018e4 move t9, v0 | t9 = v0;
0x000018e8 jalr t9 | t9 ();
0x000018ec nop |
0x000018f0 lw gp, 0x28(fp) | gp = *(arg_28h);
0x000018f4 addiu v0, v0, 0x41 | v0 += 0x41;
0x000018f8 move v1, v0 | v1 = v0;
0x000018fc addiu v1, v1, -1 | v1 += -1;
0x00001900 sw v1, 0x44(fp) | *(arg_44h) = v1;
0x00001904 move s6, v0 | s6 = v0;
0x00001908 move s7, zero | s7 = 0;
0x0000190c srl v1, s6, 0x1d | v1 = s6 >> 0x1d;
0x00001910 sll s3, s7, 3 | s3 = s7 << 3;
0x00001914 or s3, v1, s3 | s3 = v1 | s3;
0x00001918 sll s2, s6, 3 | s2 = s6 << 3;
0x0000191c move s4, v0 | s4 = v0;
0x00001920 move s5, zero | s5 = 0;
0x00001924 srl v1, s4, 0x1d | v1 = s4 >> 0x1d;
0x00001928 sll s1, s5, 3 | s1 = s5 << 3;
0x0000192c or s1, v1, s1 | s1 = v1 | s1;
0x00001930 sll s0, s4, 3 | s0 = s4 << 3;
0x00001934 addiu v0, v0, 7 | v0 += 7;
0x00001938 srl v0, v0, 3 | v0 >>= 3;
0x0000193c sll v0, v0, 3 | v0 <<= 3;
0x00001940 subu sp, sp, v0 |
0x00001944 addiu v0, sp, 0x28 | v0 = sp + 0x28;
0x00001948 addiu v0, v0, 0 | v0 += 0;
0x0000194c sw v0, 0x48(fp) | *(arg_48h) = v0;
0x00001950 sw zero, 0x40(fp) | *(arg_40h) = 0;
0x00001954 lw s0, 0x48(fp) | s0 = *(arg_48h);
0x00001958 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x0000195c addiu a0, v0, 0x1ed0 | a0 = v0 + str.SESSION_DIR;
0x00001960 lw v0, -0x7f5c(gp) | v0 = sym.imp.getenv;
0x00001964 move t9, v0 | t9 = v0;
0x00001968 jalr t9 | t9 ();
0x0000196c nop |
0x00001970 lw gp, 0x28(fp) | gp = *(arg_28h);
| if (v0 != 0) {
0x00001974 beqz v0, 0x19a0 |
0x00001978 nop |
0x0000197c lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00001980 addiu a0, v0, 0x1ed0 | a0 = v0 + str.SESSION_DIR;
0x00001984 lw v0, -0x7f5c(gp) | v0 = sym.imp.getenv;
0x00001988 move t9, v0 | t9 = v0;
0x0000198c jalr t9 | t9 ();
0x00001990 nop |
0x00001994 lw gp, 0x28(fp) | gp = *(arg_28h);
0x00001998 b 0x19a8 | goto label_1;
0x0000199c nop |
| }
0x000019a0 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x000019a4 addiu v0, v0, 0x1edc | v0 += str._var_run_session_;
| label_1:
0x000019a8 lw a3, 0x3c(fp) | a3 = *(arg_3ch);
0x000019ac move a2, v0 | a2 = v0;
0x000019b0 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x000019b4 addiu a1, v0, 0x1ef0 | a1 = v0 + str._s_s;
0x000019b8 move a0, s0 | a0 = s0;
0x000019bc lw v0, -0x7f90(gp) | v0 = sym.imp.sprintf
0x000019c0 move t9, v0 | t9 = v0;
0x000019c4 jalr t9 | t9 ();
0x000019c8 nop |
0x000019cc lw gp, 0x28(fp) | gp = *(arg_28h);
0x000019d0 lw v0, 0x48(fp) | v0 = *(arg_48h);
0x000019d4 addiu a2, zero, 0x180 | a2 = 0x180;
0x000019d8 addiu a1, zero, 0x301 | a1 = 0x301;
0x000019dc move a0, v0 | a0 = v0;
0x000019e0 lw v0, -0x7f6c(gp) | v0 = sym.imp.open;
0x000019e4 move t9, v0 | t9 = v0;
0x000019e8 jalr t9 | t9 ();
0x000019ec nop |
0x000019f0 lw gp, 0x28(fp) | gp = *(arg_28h);
0x000019f4 sw v0, 0x4c(fp) | *(arg_4ch) = v0;
0x000019f8 lw v1, 0x4c(fp) | v1 = *(arg_4ch);
0x000019fc addiu v0, zero, -1 | v0 = -1;
| if (v1 != v0) {
0x00001a00 beq v1, v0, 0x1b0c |
0x00001a04 nop |
0x00001a08 lw v0, 0x2d0(fp) | v0 = *(arg_2d0h);
| if (v0 == 0) {
0x00001a0c bnez v0, 0x1a1c |
0x00001a10 nop |
0x00001a14 addiu v0, zero, 0x1e | v0 = 0x1e;
0x00001a18 sw v0, 0x2d0(fp) | *(arg_2d0h) = v0;
| }
0x00001a1c addiu v0, fp, 0x58 | v0 = fp + 0x58;
0x00001a20 move a0, v0 | a0 = v0;
0x00001a24 lw v0, -0x7f64(gp) | v0 = sym.imp.sysinfo;
0x00001a28 move t9, v0 | t9 = v0;
0x00001a2c jalr t9 | t9 ();
0x00001a30 nop |
0x00001a34 lw gp, 0x28(fp) | gp = *(arg_28h);
0x00001a38 lw v0, 0x58(fp) | v0 = *(arg_58h);
0x00001a3c move v1, v0 | v1 = v0;
0x00001a40 lw v0, 0x2d0(fp) | v0 = *(arg_2d0h);
0x00001a44 addu v0, v0, v1 | v0 += v1;
0x00001a48 sw v0, 0x50(fp) | *(arg_50h) = v0;
0x00001a4c lw v0, 0x58(fp) | v0 = *(arg_58h);
0x00001a50 addiu a0, fp, 0x98 | a0 = fp + 0x98;
0x00001a54 lw v1, 0x34(fp) | v1 = *(arg_34h);
0x00001a58 sw v1, 0x24(sp) | *(var_24h) = v1;
0x00001a5c lw v1, 0x2d8(fp) | v1 = *(arg_2d8h);
0x00001a60 sw v1, 0x20(sp) | *(var_20h) = v1;
0x00001a64 lw v1, 0x2d4(fp) | v1 = *(arg_2d4h);
0x00001a68 sw v1, 0x1c(sp) | *(var_1ch) = v1;
0x00001a6c lw v1, 0x50(fp) | v1 = *(arg_50h);
0x00001a70 sw v1, 0x18(sp) | *(var_18h) = v1;
0x00001a74 lw v1, 0x2d0(fp) | v1 = *(arg_2d0h);
0x00001a78 sw v1, 0x14(sp) | *(var_14h) = v1;
0x00001a7c sw v0, 0x10(sp) | *(var_10h) = v0;
0x00001a80 lw a3, 0x38(fp) | a3 = *(arg_38h);
0x00001a84 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00001a88 addiu a2, v0, 0x1ef8 | a2 = v0 + str.URL_s_nCREATED_lu_nVALIDTIME_lu_nVALIDTO_lu_nDURATION_lu_nREFRESH_lu_nPARAMETERS_s_n;
0x00001a8c addiu a1, zero, 0x200 | a1 = 0x200;
0x00001a90 lw v0, -0x7f84(gp) | v0 = sym.imp.snprintf;
0x00001a94 move t9, v0 | t9 = v0;
0x00001a98 jalr t9 | t9 ();
0x00001a9c nop |
0x00001aa0 lw gp, 0x28(fp) | gp = *(arg_28h);
0x00001aa4 sw v0, 0x54(fp) | *(arg_54h) = v0;
0x00001aa8 lw v0, 0x54(fp) | v0 = *(arg_54h);
0x00001aac addiu v1, fp, 0x98 | v1 = fp + 0x98;
0x00001ab0 move a2, v0 | a2 = v0;
0x00001ab4 move a1, v1 | a1 = v1;
0x00001ab8 lw a0, 0x4c(fp) | a0 = *(arg_4ch);
0x00001abc lw v0, -0x7f7c(gp) | v0 = sym.imp.write;
0x00001ac0 move t9, v0 | t9 = v0;
0x00001ac4 jalr t9 | t9 ();
0x00001ac8 nop |
0x00001acc lw gp, 0x28(fp) | gp = *(arg_28h);
0x00001ad0 move v1, v0 | v1 = v0;
0x00001ad4 lw v0, 0x54(fp) | v0 = *(arg_54h);
| if (v0 != v1) {
0x00001ad8 beq v0, v1, 0x1aec |
0x00001adc nop |
0x00001ae0 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00001ae4 addiu v0, v0, 0x1f54 | v0 += str.ERROR:_Failed_to_write_sessioninfo;
0x00001ae8 sw v0, 0x40(fp) | *(arg_40h) = v0;
| }
0x00001aec lw a0, 0x4c(fp) | a0 = *(arg_4ch);
0x00001af0 lw v0, -0x7f98(gp) | v0 = sym.imp.close;
0x00001af4 move t9, v0 | t9 = v0;
0x00001af8 jalr t9 | t9 ();
0x00001afc nop |
0x00001b00 lw gp, 0x28(fp) | gp = *(arg_28h);
0x00001b04 b 0x1b18 | goto label_2;
0x00001b08 nop |
| }
0x00001b0c lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00001b10 addiu v0, v0, 0x1f78 | v0 += str.ERROR:_Failed_to_create_session;
0x00001b14 sw v0, 0x40(fp) | *(arg_40h) = v0;
| label_2:
0x00001b18 lw v0, 0x40(fp) | v0 = *(arg_40h);
0x00001b1c lw sp, 0x30(fp) |
0x00001b20 lw v1, -0x7f4c(gp) | v1 = *((gp - 8147));
0x00001b24 lw a0, 0x29c(fp) | a0 = *(arg_29ch);
0x00001b28 lw v1, (v1) | v1 = *(v1);
| if (a0 != v1) {
0x00001b2c beq a0, v1, 0x1b44 |
0x00001b30 nop |
0x00001b34 lw v0, -0x7f54(gp) | v0 = sym.imp.__stack_chk_fail;
0x00001b38 move t9, v0 | t9 = v0;
0x00001b3c jalr t9 | t9 ();
0x00001b40 nop |
| }
0x00001b44 move sp, fp |
0x00001b48 lw ra, 0x2c4(sp) | ra = *(var_2c4h);
0x00001b4c lw fp, 0x2c0(sp) | fp = *(var_2c0h);
0x00001b50 lw s7, 0x2bc(sp) | s7 = *(var_2bch);
0x00001b54 lw s6, 0x2b8(sp) | s6 = *(var_2b8h);
0x00001b58 lw s5, 0x2b4(sp) | s5 = *(var_2b4h);
0x00001b5c lw s4, 0x2b0(sp) | s4 = *(var_2b0h);
0x00001b60 lw s3, 0x2ac(sp) | s3 = *(var_2ach);
0x00001b64 lw s2, 0x2a8(sp) | s2 = *(var_2a8h);
0x00001b68 lw s1, 0x2a4(sp) | s1 = *(var_2a4h);
0x00001b6c lw s0, 0x2a0(sp) | s0 = *(var_2a0h);
0x00001b70 addiu sp, sp, 0x2c8 |
0x00001b74 jr ra | return v0;
0x00001b78 nop |
| }
[*] Function sprintf used 3 times createsession.cgi
