[*] Binary protection state of xmllint
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of xmllint
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/xmllint @ 0xb738 */
| #include <stdint.h>
|
; (fcn) fcn.0000b738 () | void fcn_0000b738 () {
0x0000b738 lui gp, 2 |
0x0000b73c addiu gp, gp, -0x3588 |
0x0000b740 addu gp, gp, t9 | gp += t9;
0x0000b744 addiu sp, sp, -0x50 |
0x0000b748 lw t9, -0x7e94(gp) | t9 = sym.imp.__xmlGenericError;
0x0000b74c sw ra, 0x4c(sp) | *(var_4ch) = ra;
0x0000b750 sw gp, 0x18(sp) | *(var_18h) = gp;
0x0000b754 sw a0, 0x24(sp) | *(var_24h) = a0;
0x0000b758 sw s5, 0x3c(sp) | *(var_3ch) = s5;
0x0000b75c sw s1, 0x2c(sp) | *(var_2ch) = s1;
0x0000b760 sw s0, 0x28(sp) | *(var_28h) = s0;
0x0000b764 sw fp, 0x48(sp) | *(var_48h) = fp;
0x0000b768 sw s7, 0x44(sp) | *(var_44h) = s7;
0x0000b76c sw s6, 0x40(sp) | *(var_40h) = s6;
0x0000b770 sw s4, 0x38(sp) | *(var_38h) = s4;
0x0000b774 sw s3, 0x34(sp) | *(var_34h) = s3;
0x0000b778 sw s2, 0x30(sp) | *(var_30h) = s2;
0x0000b77c move s1, a0 | s1 = a0;
0x0000b780 jalr t9 | t9 ();
0x0000b784 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000b788 lw t9, -0x7dcc(gp) | t9 = sym.imp.__xmlGenericErrorContext;
0x0000b78c lw s0, (v0) | s0 = *(v0);
0x0000b790 jalr t9 | t9 ();
0x0000b794 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000b798 lw a0, (v0) | a0 = *(v0);
0x0000b79c move t9, s0 | t9 = s0;
0x0000b7a0 lw a1, -0x7fd4(gp) | a1 = *((gp - 8181));
0x0000b7a4 addiu a1, a1, -0x1894 | a1 += -0x1894;
0x0000b7a8 jalr t9 | t9 ();
0x0000b7ac lw v0, 0x10(s1) | v0 = *((s1 + 4));
0x0000b7b0 lw s5, 0xc(s1) | s5 = *((s1 + 3));
0x0000b7b4 sltu v1, s5, v0 | v1 = (s5 < v0) ? 1 : 0;
0x0000b7b8 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v1 == 0) {
0x0000b7bc beqz v1, 0xba70 | goto label_8;
| }
0x0000b7c0 addiu a0, zero, 0xa | a0 = 0xa;
0x0000b7c4 addiu a1, zero, 0xd | a1 = 0xd;
| do {
0x0000b7c8 lbu s0, (v0) | s0 = *(v0);
0x0000b7cc addiu v1, v0, -1 | v1 = v0 + -1;
| if (s0 != a0) {
0x0000b7d0 beq s0, a0, 0xb7dc |
0x0000b7d4 sltu v1, s5, v0 | v1 = (s5 < v0) ? 1 : 0;
| if (s0 == a1) {
0x0000b7d8 bnel s0, a1, 0xb9f8 | goto label_9;
| }
| }
0x0000b7dc move v0, v1 | v0 = v1;
0x0000b7e0 bnel s5, v1, 0xb7c8 |
| } while (s5 == v1);
0x0000b7e4 lbu s0, -1(v0) | s0 = *((v0 - 1));
| label_2:
0x0000b7e8 addiu v0, zero, 0xa | v0 = 0xa;
| if (s0 == v0) {
0x0000b7ec beql s0, v0, 0xba38 | goto label_10;
| }
0x0000b7f0 move v1, s5 | v1 = s5;
| label_7:
0x0000b7f4 addiu v0, zero, 0xd | v0 = 0xd;
0x0000b7f8 move v1, s5 | v1 = s5;
| if (s0 == v0) {
0x0000b7fc beq s0, v0, 0xba38 | goto label_10;
| }
| if (s0 == 0) {
0x0000b800 beql s0, zero, 0xba5c | goto label_11;
| }
0x0000b804 lw v0, -0x7fdc(gp) | v0 = *(gp);
| label_4:
0x0000b808 lw v0, -0x7fdc(gp) | v0 = *(gp);
| label_5:
0x0000b80c lw s1, -0x7fd4(gp) | s1 = *((gp - 8181));
0x0000b810 addiu s2, v0, 0x534 | s2 = v0 + 0x534;
0x0000b814 sw v0, 0x20(sp) | *(var_20h) = v0;
0x0000b818 addiu fp, s5, 0x4f | fp = s5 + 0x4f;
0x0000b81c move s4, s5 | s4 = s5;
0x0000b820 addiu s1, s1, -0x188c | s1 += -0x188c;
0x0000b824 move s7, s2 | s7 = s2;
0x0000b828 ori s6, zero, 0xc350 | s6 = sym.imp.__fprintf_chk
0x0000b82c addiu s3, zero, 0x2401 | s3 = 0x2401;
0x0000b830 b 0xb83c |
| if (s4 == fp) {
| while (a0 == 0) {
| label_0:
0x0000b834 beql s4, fp, 0xb894 | goto label_12;
| }
0x0000b838 lw v0, 0x20(sp) | v0 = *(var_20h);
0x0000b83c lw t9, -0x7e34(gp) | t9 = sym.imp.strlen;
0x0000b840 move a0, s7 | a0 = s7;
0x0000b844 jalr t9 | t9 ();
0x0000b848 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000b84c addiu s4, s4, 1 | s4++;
0x0000b850 sw s0, 0x14(sp) | *(var_14h) = s0;
0x0000b854 lw t9, -0x7f44(gp) | t9 = sym.imp.__snprintf_chk
0x0000b858 addu a0, s2, v0 | a0 = s2 + v0;
0x0000b85c sw s1, 0x10(sp) | *(var_10h) = s1;
0x0000b860 addiu a3, zero, -1 | a3 = -1;
0x0000b864 addiu a2, zero, 1 | a2 = 1;
0x0000b868 subu a1, s6, v0 | __asm ("subu a1, s6, v0");
0x0000b86c jalr t9 | t9 ();
0x0000b870 lbu s0, (s4) | s0 = *(s4);
0x0000b874 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000b878 srlv v0, s3, s0 | v0 = s3 >> s0;
0x0000b87c sltiu a0, s0, 0xe | a0 = (s0 < 0xe) ? 1 : 0;
0x0000b880 ext v0, v0, 0, 1 | __asm ("ext v0, v0, 0, 1");
0x0000b884 beqz a0, 0xb834 |
| }
| if (v0 == 0) {
0x0000b888 beqz v0, 0xb834 | goto label_0;
| }
0x0000b88c nop |
| label_6:
0x0000b890 lw v0, 0x20(sp) | v0 = *(var_20h);
| label_12:
0x0000b894 lw t9, -0x7e34(gp) | t9 = sym.imp.strlen;
0x0000b898 addiu a0, v0, 0x534 | a0 = v0 + 0x534;
0x0000b89c jalr t9 | t9 ();
0x0000b8a0 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000b8a4 ori a1, zero, 0xc350 | a1 = sym.imp.__fprintf_chk
0x0000b8a8 subu a1, a1, v0 | __asm ("subu a1, a1, v0");
0x0000b8ac lw a2, -0x7fd4(gp) | a2 = *((gp - 8181));
0x0000b8b0 lw t9, -0x7f74(gp) | t9 = sym.imp.snprintf
0x0000b8b4 addu a0, s2, v0 | a0 = s2 + v0;
0x0000b8b8 addiu a2, a2, -0x1b34 | a2 += -0x1b34;
0x0000b8bc jalr t9 | t9 ();
0x0000b8c0 lw v0, 0x24(sp) | v0 = *(var_24h);
0x0000b8c4 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000b8c8 addiu a0, zero, 0xa | a0 = 0xa;
0x0000b8cc lw v0, 0x10(v0) | v0 = *((v0 + 4));
0x0000b8d0 addiu a1, zero, 0xd | a1 = 0xd;
| do {
| label_1:
0x0000b8d4 lbu v1, (v0) | v1 = *(v0);
0x0000b8d8 beql v1, a0, 0xb8d4 |
| } while (v1 == a0);
0x0000b8dc addiu v0, v0, -1 | v0 += -1;
| if (v1 == a1) {
0x0000b8e0 bne v1, a1, 0xb8f0 |
0x0000b8e4 nop |
0x0000b8e8 addiu v0, v0, -1 | v0 += -1;
0x0000b8ec b 0xb8d4 | goto label_1;
| }
0x0000b8f0 subu s1, v0, s5 | __asm ("subu s1, v0, s5");
| if (v0 == s5) {
0x0000b8f4 beq v0, s5, 0xb950 | goto label_13;
| }
0x0000b8f8 lw s3, -0x7fd4(gp) | s3 = *((gp - 8181));
0x0000b8fc lw v0, 0x20(sp) | v0 = *(var_20h);
0x0000b900 addiu s0, zero, 1 | s0 = 1;
0x0000b904 addiu s6, v0, 0x534 | s6 = v0 + 0x534;
0x0000b908 ori s5, zero, 0xc350 | s5 = sym.imp.__fprintf_chk
0x0000b90c addiu s3, s3, -0x1864 | s3 += -0x1864;
0x0000b910 addiu s7, zero, 0x51 | s7 = 0x51;
0x0000b914 b 0xb924 |
| while (s0 != s1) {
0x0000b918 addiu s0, s0, 1 | s0++;
0x0000b91c lw v0, 0x20(sp) | v0 = *(var_20h);
| if (s0 == s7) {
0x0000b920 beq s0, s7, 0xb954 | goto label_14;
| }
0x0000b924 lw t9, -0x7e34(gp) | t9 = sym.imp.strlen;
0x0000b928 move a0, s6 | a0 = s6;
0x0000b92c jalr t9 | t9 ();
0x0000b930 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000b934 move a2, s3 | a2 = s3;
0x0000b938 subu a1, s5, v0 | __asm ("subu a1, s5, v0");
0x0000b93c lw t9, -0x7f74(gp) | t9 = sym.imp.snprintf
0x0000b940 addu a0, s2, v0 | a0 = s2 + v0;
0x0000b944 jalr t9 | t9 ();
0x0000b948 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000b94c bne s0, s1, 0xb918 |
| }
| label_13:
0x0000b950 lw v0, 0x20(sp) | v0 = *(var_20h);
| label_14:
0x0000b954 lw t9, -0x7e34(gp) | t9 = sym.imp.strlen;
0x0000b958 addiu a0, v0, 0x534 | a0 = v0 + 0x534;
0x0000b95c jalr t9 | t9 ();
0x0000b960 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000b964 ori a1, zero, 0xc350 | a1 = sym.imp.__fprintf_chk
0x0000b968 addu a0, s2, v0 | a0 = s2 + v0;
0x0000b96c lw a2, -0x7fd4(gp) | a2 = *((gp - 8181));
0x0000b970 lw t9, -0x7f74(gp) | t9 = sym.imp.snprintf
0x0000b974 subu a1, a1, v0 | __asm ("subu a1, a1, v0");
0x0000b978 addiu a2, a2, -0x1888 | a2 += -0x1888;
0x0000b97c jalr t9 | t9 ();
0x0000b980 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000b984 lw t9, -0x7fd4(gp) | t9 = *((gp - 8181));
0x0000b988 addiu t9, t9, -0x7dbc | t9 += -0x7dbc;
0x0000b98c bal 0x8244 | fcn_00008244 ();
0x0000b990 nop |
0x0000b994 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000b998 lw t9, -0x7e94(gp) | t9 = sym.imp.__xmlGenericError;
0x0000b99c jalr t9 | t9 ();
0x0000b9a0 nop |
0x0000b9a4 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000b9a8 lw t9, -0x7dcc(gp) | t9 = sym.imp.__xmlGenericErrorContext;
0x0000b9ac lw s0, (v0) | s0 = *(v0);
0x0000b9b0 jalr t9 | t9 ();
0x0000b9b4 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000b9b8 lw ra, 0x4c(sp) | ra = *(var_4ch);
0x0000b9bc lw fp, 0x48(sp) | fp = *(var_48h);
0x0000b9c0 lw a1, -0x7fd4(gp) | a1 = *((gp - 8181));
0x0000b9c4 lw s7, 0x44(sp) | s7 = *(var_44h);
0x0000b9c8 lw s6, 0x40(sp) | s6 = *(var_40h);
0x0000b9cc lw s5, 0x3c(sp) | s5 = *(var_3ch);
0x0000b9d0 lw s4, 0x38(sp) | s4 = *(var_38h);
0x0000b9d4 lw s3, 0x34(sp) | s3 = *(var_34h);
0x0000b9d8 lw s2, 0x30(sp) | s2 = *(var_30h);
0x0000b9dc lw s1, 0x2c(sp) | s1 = *(var_2ch);
0x0000b9e0 lw a0, (v0) | a0 = *(v0);
0x0000b9e4 move t9, s0 | t9 = s0;
0x0000b9e8 lw s0, 0x28(sp) | s0 = *(var_28h);
0x0000b9ec addiu a1, a1, -0x1884 | a1 += -0x1884;
0x0000b9f0 addiu sp, sp, 0x50 |
0x0000b9f4 jr t9 | t9 ();
| label_9:
0x0000b9f8 addiu v1, v0, -1 | v1 = v0 + -1;
| if (v1 == 0) {
0x0000b9fc beqz v1, 0xba7c | goto label_15;
| }
0x0000ba00 addiu a1, zero, 0xa | a1 = 0xa;
0x0000ba04 addiu v0, v0, -0x50 | v0 += -0x50;
0x0000ba08 addiu a2, zero, 0xd | a2 = 0xd;
0x0000ba0c b 0xba24 | goto label_16;
| if (s0 == a2) {
| label_3:
0x0000ba10 beql s0, a2, 0xba3c | goto label_17;
| }
0x0000ba14 lbu s0, 1(v1) | s0 = *((v1 + 1));
| if (a0 == v0) {
0x0000ba18 beql a0, v0, 0xba68 | goto label_18;
| }
0x0000ba1c lbu s0, -1(v1) | s0 = *((v1 - 1));
0x0000ba20 move v1, a0 | v1 = a0;
| label_16:
0x0000ba24 addiu a0, v1, -1 | a0 = v1 + -1;
0x0000ba28 lbu s0, (v1) | s0 = *(v1);
| if (s5 == v1) {
0x0000ba2c beq s5, v1, 0xb7e8 | goto label_2;
| }
| if (s0 != a1) {
0x0000ba30 bne s0, a1, 0xba10 | goto label_3;
| }
0x0000ba34 nop |
| label_10:
0x0000ba38 lbu s0, 1(v1) | s0 = *((v1 + 1));
| label_17:
0x0000ba3c sltiu v0, s0, 0xe | v0 = (s0 < 0xe) ? 1 : 0;
0x0000ba40 addiu s5, v1, 1 | s5 = v1 + 1;
| if (v0 == 0) {
0x0000ba44 beqz v0, 0xb808 | goto label_4;
| }
0x0000ba48 addiu v0, zero, 0x2401 | v0 = 0x2401;
0x0000ba4c srlv v0, v0, s0 | v0 >>= s0;
0x0000ba50 ext v0, v0, 0, 1 | __asm ("ext v0, v0, 0, 1");
0x0000ba54 lw v0, -0x7fdc(gp) | v0 = *(gp);
| if (v0 == 0) {
0x0000ba58 beqz v0, 0xb80c | goto label_5;
| }
| label_11:
0x0000ba5c sw v0, 0x20(sp) | *(var_20h) = v0;
0x0000ba60 addiu s2, v0, 0x534 | s2 = v0 + 0x534;
0x0000ba64 b 0xb890 | goto label_6;
| label_18:
0x0000ba68 move s5, v0 | s5 = v0;
0x0000ba6c b 0xb7e8 | goto label_2;
| label_8:
0x0000ba70 lbu s0, (v0) | s0 = *(v0);
0x0000ba74 move s5, v0 | s5 = v0;
0x0000ba78 b 0xb7e8 | goto label_2;
| label_15:
0x0000ba7c move s5, v0 | s5 = v0;
0x0000ba80 b 0xb7f4 | goto label_7;
| }
[*] Function printf used 9 times xmllint
