[*] Binary protection state of image2d
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcat tear down of image2d
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/image2d @ 0xb98d0 */
| #include <stdint.h>
|
; (fcn) sym.af_streamer_gen03_run () | void af_streamer_gen03_run () {
0x000b98d0 lui gp, 0x19 |
0x000b98d4 addiu gp, gp, 0x5a00 |
0x000b98d8 addu gp, gp, t9 | gp += t9;
0x000b98dc addiu sp, sp, -0x290 |
0x000b98e0 lw v0, 0x334(a0) | v0 = *(a0);
0x000b98e4 sw s4, 0x280(sp) | *(var_280h) = s4;
0x000b98e8 lw s4, -0x5f08(gp) | s4 = *((gp - 6082));
0x000b98ec sw s5, 0x284(sp) | *(var_284h) = s5;
0x000b98f0 move s5, a0 | s5 = a0;
0x000b98f4 lw a0, 0x20(v0) | a0 = *((v0 + 8));
0x000b98f8 lw v1, (s4) | v1 = *(s4);
0x000b98fc sw s1, 0x274(sp) | *(var_274h) = s1;
0x000b9900 sw s0, 0x270(sp) | *(var_270h) = s0;
0x000b9904 lw s1, 8(v0) | s1 = *((v0 + 2));
0x000b9908 lw s0, 0x54(v0) | s0 = *((v0 + 21));
0x000b990c sw a0, 0x18(sp) | *(var_18h) = a0;
0x000b9910 lw a0, 0x18(v0) | a0 = *((v0 + 6));
0x000b9914 lw a3, -0x7da8(gp) | a3 = *(gp);
0x000b9918 sw a0, 0x14(sp) | *(var_14h) = a0;
0x000b991c lw v0, 4(v0) | v0 = *((v0 + 1));
0x000b9920 lw t9, -0x60ec(gp) | t9 = sym.imp.__sprintf_chk;
0x000b9924 sw s3, 0x27c(sp) | *(var_27ch) = s3;
0x000b9928 addiu s3, sp, 0x6c | s3 = sp + 0x6c;
0x000b992c sw gp, 0x20(sp) | *(var_20h) = gp;
0x000b9930 sw ra, 0x28c(sp) | *(var_28ch) = ra;
0x000b9934 sw s6, 0x288(sp) | *(var_288h) = s6;
0x000b9938 sw s2, 0x278(sp) | *(var_278h) = s2;
0x000b993c sw v0, 0x10(sp) | *(var_10h) = v0;
| /* str._d___d___d */
0x000b9940 addiu a3, a3, -0x6d8 | a3 += -aav.0x000006d8;
0x000b9944 addiu a2, zero, 0x200 | a2 = aav.0x00000200;
0x000b9948 addiu a1, zero, 1 | a1 = 1;
0x000b994c move a0, s3 | a0 = s3;
0x000b9950 sw v1, 0x26c(sp) | *(var_26ch) = v1;
0x000b9954 jalr t9 | t9 ();
0x000b9958 nop |
0x000b995c lw gp, 0x20(sp) | gp = *(var_20h);
| if (s1 == 0) {
0x000b9960 beqz s1, 0xb99c4 | goto label_0;
| }
0x000b9964 sll s2, s1, 3 | s2 = s1 << 3;
0x000b9968 addu s2, s2, s1 | s2 += s1;
0x000b996c lw s6, -0x7da8(gp) | s6 = *(gp);
0x000b9970 sll s2, s2, 2 | s2 <<= 2;
0x000b9974 addu s2, s0, s2 | s2 = s0 + s2;
0x000b9978 addiu s1, sp, 0x2c | s1 = sp + 0x2c;
| /* str.___d */
0x000b997c addiu s6, s6, -0x6cc | s6 += -aav.0x000006cc;
| do {
0x000b9980 lw v0, (s0) | v0 = *(s0);
0x000b9984 lw t9, -0x60ec(gp) | t9 = sym.imp.__sprintf_chk;
0x000b9988 move a3, s6 | a3 = s6;
0x000b998c addiu a2, zero, 0x40 | a2 = 0x40;
0x000b9990 addiu a1, zero, 1 | a1 = 1;
0x000b9994 move a0, s1 | a0 = s1;
0x000b9998 sw v0, 0x10(sp) | *(var_10h) = v0;
0x000b999c jalr t9 | t9 ();
0x000b99a0 lw gp, 0x20(sp) | gp = *(var_20h);
0x000b99a4 addiu a2, zero, 0x200 | a2 = aav.0x00000200;
0x000b99a8 move a1, s1 | a1 = s1;
0x000b99ac lw t9, -0x5d64(gp) | t9 = sym.imp.__strcat_chk
0x000b99b0 move a0, s3 | a0 = s3;
0x000b99b4 addiu s0, s0, 0x24 | s0 += 0x24;
0x000b99b8 jalr t9 | t9 ();
0x000b99bc lw gp, 0x20(sp) | gp = *(var_20h);
0x000b99c0 bne s0, s2, 0xb9980 |
| } while (s0 != s2);
| label_0:
0x000b99c4 lw a1, -0x7e54(gp) | a1 = *(gp);
0x000b99c8 lw t9, -0x5d64(gp) | t9 = sym.imp.__strcat_chk
0x000b99cc addiu a1, a1, 0x1910 | a1 += 0x1910;
0x000b99d0 addiu a2, zero, 0x200 | a2 = aav.0x00000200;
0x000b99d4 move a0, s3 | a0 = s3;
0x000b99d8 jalr t9 | t9 ();
0x000b99dc lw a1, 0x2e8(s5) | a1 = *(s5);
0x000b99e0 lw gp, 0x20(sp) | gp = *(var_20h);
| if (a1 != 0) {
0x000b99e4 beqz a1, 0xb99f8 |
0x000b99e8 lw t9, -0x5b8c(gp) | t9 = sym.imp.fputs;
0x000b99ec move a0, s3 | a0 = s3;
0x000b99f0 jalr t9 | t9 ();
0x000b99f4 lw gp, 0x20(sp) | gp = *(var_20h);
| }
0x000b99f8 lw a0, 0x26c(sp) | a0 = *(var_26ch);
0x000b99fc lw v1, (s4) | v1 = *(s4);
0x000b9a00 move v0, zero | v0 = 0;
| if (a0 == v1) {
0x000b9a04 bne a0, v1, 0xb9a30 |
0x000b9a08 lw ra, 0x28c(sp) | ra = *(var_28ch);
0x000b9a0c lw s6, 0x288(sp) | s6 = *(var_288h);
0x000b9a10 lw s5, 0x284(sp) | s5 = *(var_284h);
0x000b9a14 lw s4, 0x280(sp) | s4 = *(var_280h);
0x000b9a18 lw s3, 0x27c(sp) | s3 = *(var_27ch);
0x000b9a1c lw s2, 0x278(sp) | s2 = *(var_278h);
0x000b9a20 lw s1, 0x274(sp) | s1 = *(var_274h);
0x000b9a24 lw s0, 0x270(sp) | s0 = *(var_270h);
0x000b9a28 addiu sp, sp, 0x290 |
0x000b9a2c jr ra | return v0;
| }
0x000b9a30 lw t9, -0x5fc0(gp) | t9 = sym.imp.__stack_chk_fail;
0x000b9a34 jalr t9 | t9 ();
0x000b9a38 nop |
0x000b9a3c nop |
| }
[*] Function strcat used 3 times image2d
