[*] Binary protection state of ntpd
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of ntpd
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/ntpd @ 0xcb4c */
| #include <stdint.h>
|
; (fcn) sym.yyerror () | void yyerror () {
0x0000cb4c lui gp, 2 |
0x0000cb50 addiu gp, gp, 0x5554 |
0x0000cb54 addu gp, gp, t9 | gp += t9;
0x0000cb58 lw v0, -0x7fa8(gp) | v0 = *((gp - 8170));
0x0000cb5c addiu sp, sp, -0x38 |
0x0000cb60 lw t9, -0x7be0(gp) | t9 = sym.imp.__vasprintf_chk
0x0000cb64 sw s0, 0x2c(sp) | *(var_2ch) = s0;
0x0000cb68 lw s0, -0x3948(v0) | s0 = *((v0 - 3666));
0x0000cb6c sw s1, 0x30(sp) | *(var_30h) = s1;
0x0000cb70 lw s1, -0x7b04(gp) | s1 = *((gp - 7873));
0x0000cb74 sw gp, 0x10(sp) | *(var_10h) = gp;
0x0000cb78 sw a1, 0x3c(sp) | *(arg_3ch) = a1;
0x0000cb7c sw a2, 0x40(sp) | *(arg_40h) = a2;
0x0000cb80 sw a3, 0x44(sp) | *(arg_44h) = a3;
0x0000cb84 sw ra, 0x34(sp) | *(var_34h) = ra;
0x0000cb88 lw v0, 0x14(s0) | v0 = *((s0 + 5));
0x0000cb8c lw v1, (s1) | v1 = *(s1);
0x0000cb90 addiu a3, sp, 0x3c | a3 = sp + 0x3c;
0x0000cb94 addiu v0, v0, 1 | v0++;
0x0000cb98 move a2, a0 | a2 = a0;
0x0000cb9c sw v1, 0x24(sp) | *(var_24h) = v1;
0x0000cba0 sw v0, 0x14(s0) | *((s0 + 5)) = v0;
0x0000cba4 sw a3, 0x1c(sp) | *(var_1ch) = a3;
0x0000cba8 addiu a1, zero, 1 | a1 = 1;
0x0000cbac addiu a0, sp, 0x20 | a0 = sp + 0x20;
0x0000cbb0 jalr t9 | t9 ();
0x0000cbb4 addiu v1, zero, -1 | v1 = -1;
0x0000cbb8 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 != v1) {
0x0000cbbc beq v0, v1, 0xcc18 |
0x0000cbc0 lw v0, -0x7d7c(gp) | v0 = *(gp);
0x0000cbc4 lw a0, -0x7fcc(gp) | a0 = *((gp - 8179));
0x0000cbc8 lw t9, -0x7f98(gp) | t9 = sym.log_warnx;
0x0000cbcc lw a2, 0x18(v0) | a2 = *((v0 + 6));
0x0000cbd0 lw a3, 0x20(sp) | a3 = *(var_20h);
0x0000cbd4 lw a1, 0xc(s0) | a1 = *((s0 + 3));
| /* str._s:_d:__s */
0x0000cbd8 addiu a0, a0, -0x6aac | a0 += -0x6aac;
0x0000cbdc bal 0x7b84 | sym_log_warnx ();
0x0000cbe0 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000cbe4 lw t9, -0x7af4(gp) | t9 = sym.imp.free;
0x0000cbe8 lw a0, 0x20(sp) | a0 = *(var_20h);
0x0000cbec jalr t9 | t9 ();
0x0000cbf0 lw a0, 0x24(sp) | a0 = *(var_24h);
0x0000cbf4 lw v1, (s1) | v1 = *(s1);
0x0000cbf8 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000cbfc move v0, zero | v0 = 0;
| if (a0 != v1) {
0x0000cc00 bne a0, v1, 0xcc28 | goto label_0;
| }
0x0000cc04 lw ra, 0x34(sp) | ra = *(var_34h);
0x0000cc08 lw s1, 0x30(sp) | s1 = *(var_30h);
0x0000cc0c lw s0, 0x2c(sp) | s0 = *(var_2ch);
0x0000cc10 addiu sp, sp, 0x38 |
0x0000cc14 jr ra | return v0;
| }
0x0000cc18 lw a0, -0x7fcc(gp) | a0 = *((gp - 8179));
0x0000cc1c lw t9, -0x7f44(gp) | t9 = sym.fatalx;
| /* esilref: 'yyerror vasprintf' */
0x0000cc20 addiu a0, a0, -0x6ac0 | a0 += -0x6ac0;
0x0000cc24 bal 0x7d80 | sym_fatalx ();
| label_0:
0x0000cc28 lw t9, -0x7b2c(gp) | t9 = sym.imp.__stack_chk_fail;
0x0000cc2c jalr t9 | t9 ();
0x0000cc30 nop |
0x0000cc34 lui gp, 2 |
0x0000cc38 addiu gp, gp, 0x546c |
0x0000cc3c addu gp, gp, t9 | gp += t9;
0x0000cc40 lw t9, -0x7ac4(gp) | t9 = sym.imp.strcmp;
0x0000cc44 lw a1, (a1) | a1 = *(a1);
0x0000cc48 jr t9 | return t9 ();
| }
[*] Function sprintf used 3 times ntpd
