[*] Binary protection state of lttng-crash
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of lttng-crash
ldrb r6, [r2, 0xa]
movs r1, r0
ldr r2, [0x00008e38]
ldr r3, [0x00008e3c]
push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr}
sub sp, 0x12c
add r2, pc
ldr r6, [0x00008e40]
ldr r3, [r2, r3]
add r6, pc
ldr r3, [r3]
str r3, [sp, 0x124]
mov.w r3, 0
cmp r0, 0
beq.w 0x8e10
add.w r8, sp, 0x20
mov r4, r0
movs r2, 0x20
movs r1, 0
mov r0, r8
blx sym.imp.__printf_chk
mov.w r2, 0x1b0
movs r1, 0x41
--
ldr r3, [0x0000a6a0]
ldr.w r3, [r8, r3]
ldr r3, [r3]
cbnz r3, 0xa5f4
ldr r3, [0x0000a6a4]
movs r1, 1
ldr.w r2, [r8, r3]
ldr r3, [0x0000a6a8]
ldr r0, [r2]
ldr r2, [0x0000a6ac]
add r3, pc
add r2, pc
blx sym.imp.fclose
ldr r5, [0x0000a6b0]
add r5, pc
cbz r4, 0xa622
ldr r1, [0x0000a6b4]
mov r2, r4
movs r0, 1
add r1, pc
blx sym.imp.__fprintf_chk
movs r0, 0
ldr r2, [0x0000a6b8]
--
mov.w r3, 0
blx 0x2080
subs r5, r0, 0
mov.w r0, 1
ite lt
movlt r1, 0x4000
mov r1, r5
add sl, pc
it lt
movlt r5, r1
blx 0x1ec8
mov r4, r0
cbz r0, 0xaa96
add.w r8, sp, 0x1c
add r7, sp, 0x18
mov r3, r5
mov r2, r4
mov r1, r8
mov r0, r6
str r7, [sp]
blx sym.imp.__sprintf_chk
cmp r0, 4
beq 0xaa6a
--
movs r1, r0
bics r0, r4, 0x800000
str r2, [r1, 0x74]
movs r1, r0
str r2, [r4, 0x64]
movs r1, r0
push {r4, lr}
sub sp, 0x28
ldr.w lr, [0x0000c5f0]
mov r3, sp
mov r4, r0
movs r1, 0
ldr.w ip, [0x0000c5f4]
mov r0, r3
add lr, pc
movs r2, 0x20
ldr.w ip, [lr, ip]
ldr.w ip, [ip]
str.w ip, [sp, 0x24]
mov.w ip, 0
blx sym.imp.__printf_chk
mvn r2, 0x63
mov r1, r0
--
mov r5, r1
ldr r3, [r0, 4]
mov r4, r0
cmp r3, r1
beq 0xcd3a
ldr r2, [r0, 8]
cmp r2, r1
blo 0xcd3e
cmp r3, r1
blo 0xcd56
str r5, [r4, 4]
movs r0, 0
pop {r3, r4, r5, pc}
bl 0xcc00
cmp r0, 0
bne 0xcd3c
ldrd r3, r2, [r4]
mov r1, r0
adds r0, r3, r2
subs r2, r5, r2
blx sym.imp.__printf_chk
b 0xcd38
ldr r0, [r0]
subs r2, r1, r3
movs r1, 0
add r0, r3
blx sym.imp.__printf_chk
b 0xcd38
movs r0, 0
--
cmp r3, r4
beq 0xe57a
mov r0, r4
blx 0x24a4
adds r4, 1
movs r0, 4
blx 0x2080
cmp r0, r4
bgt 0xe56c
ldr.w r6, [fp, 0xc]
mov.w r3, -1
ldr r4, [0x0000e92c]
str.w r3, [fp, 4]
mov r0, r6
blx 0x2264
mov r5, r0
add r4, pc
mov r2, r5
movs r1, 0
mov r0, r6
blx sym.imp.__printf_chk
mov r2, r5
mov r1, r4
--
mov r0, r5
movs r1, 1
cmp r2, 0
it eq
moveq r2, r4
str r2, [sp]
ldr r2, [0x0000e940]
add r2, pc
add.w r2, r2, 0x290
str r2, [sp, 4]
ldr r2, [0x0000e944]
add r2, pc
blx sym.imp.fclose
add r3, sp, 0x158
movs r2, 5
str r3, [sp, 0x24]
add r3, sp, 0x54
mov r0, r3
movt r2, 1
movs r1, 0
blx sym.imp.__printf_chk
movs r2, 5
mov r1, r0
--
ldr.w r0, [fp, 8]
bl 0x125b0
movs r3, 4
movt r3, 1
cmp r0, r3
bls.w 0xf258
mov.w ip, 0xc
mov.w lr, 5
add.w r3, sp, 0x20000
movt ip, 1
movt lr, 1
add.w r3, r3, 0x158
str r3, [sp, 0x18]
strd ip, lr, [sp, 0x30]
ldr r3, [sp, 0x18]
movs r1, 0
ldr r4, [sp, 0x30]
sub.w r6, r3, 0xf4
mov r2, r4
mov r0, r6
blx sym.imp.__printf_chk
ldr r3, [sp, 0x28]
movs r1, 0
ldr r2, [sp, 0x34]
sub.w r0, r3, 0xfc
blx sym.imp.__printf_chk
ldr.w r0, [fp, 8]
mov r2, r4
--
ldr r2, [0x000106a4]
mov sb, r3
sub.w sp, sp, 0x20000
mov r6, r1
ldr r3, [0x000106a8]
sub sp, 0x6c
add r2, pc
add.w r1, sp, 0x20000
add.w r4, sp, 0x10000
adds r1, 0x64
ldr r3, [r2, r3]
adds r4, 0x68
movs r2, 0xc
mov r5, r0
movt r2, 1
sub.w r0, r4, 0x2c
ldr r3, [r3]
str r3, [r1]
mov.w r3, 0
movs r1, 0
blx sym.imp.__printf_chk
add.w sl, sp, 0x68
movs r2, 5
ldr r7, [0x000106ac]
movt r2, 1
movs r1, 0
sub.w r0, sl, 0x34
blx sym.imp.__printf_chk
ldr r3, [0x000106b0]
add r7, pc
--
ldr r2, [0x000108f8]
mov sb, r3
sub.w sp, sp, 0x20000
mov r6, r1
ldr r3, [0x000108fc]
sub sp, 0x6c
add r2, pc
add.w r1, sp, 0x20000
add.w r4, sp, 0x10000
adds r1, 0x64
ldr r3, [r2, r3]
adds r4, 0x68
movs r2, 0xc
mov r5, r0
movt r2, 1
sub.w r0, r4, 0x2c
ldr r3, [r3]
str r3, [r1]
mov.w r3, 0
movs r1, 0
blx sym.imp.__printf_chk
add.w sl, sp, 0x68
movs r2, 5
ldr r7, [0x00010900]
movt r2, 1
movs r1, 0
sub.w r0, sl, 0x34
blx sym.imp.__printf_chk
ldr r3, [0x00010904]
add r7, pc
--
ldr r2, [0x00010b64]
mov sb, r3
sub.w sp, sp, 0x20000
mov r6, r1
ldr r3, [0x00010b68]
sub sp, 0x74
add r2, pc
add.w r1, sp, 0x20000
add.w r4, sp, 0x10000
adds r1, 0x6c
ldr r3, [r2, r3]
adds r4, 0x70
movs r2, 0xc
mov r5, r0
movt r2, 1
sub.w r0, r4, 0x2c
ldr r3, [r3]
str r3, [r1]
mov.w r3, 0
movs r1, 0
blx sym.imp.__printf_chk
add.w sl, sp, 0x70
movs r2, 5
ldr r7, [0x00010b6c]
movt r2, 1
movs r1, 0
sub.w r0, sl, 0x34
blx sym.imp.__printf_chk
ldr r3, [0x00010b70]
add r7, pc
--
ldr r2, str.DBG1____s___s_:_Extract_crash_trace__s_into__s__in__s___at__usr_src_debug_lttng_tools_2.13.9_r0_src_bin_lttng_crash_lttng_crash.c:950__n
mov r8, r3
sub.w sp, sp, 0x20000
mov r5, r1
ldr r3, [0x00010d58]
sub sp, 0x6c
add r2, pc
add.w r1, sp, 0x20000
add.w r6, sp, 0x10000
adds r1, 0x64
ldr r3, [r2, r3]
adds r6, 0x68
movs r2, 0xc
mov r4, r0
movt r2, 1
sub.w r0, r6, 0x2c
ldr r3, [r3]
str r3, [r1]
mov.w r3, 0
movs r1, 0
blx sym.imp.__printf_chk
add.w sl, sp, 0x68
movs r2, 5
ldr r7, [0x00010d5c]
movt r2, 1
movs r1, 0
sub.w r0, sl, 0x34
blx sym.imp.__printf_chk
ldr r3, [0x00010d60]
add r7, pc
--
ldr r2, [0x00010f30]
mov r8, r3
sub.w sp, sp, 0x20000
mov r5, r1
ldr r3, [0x00010f34]
sub sp, 0x6c
add r2, pc
add.w r1, sp, 0x20000
add.w r6, sp, 0x10000
adds r1, 0x64
ldr r3, [r2, r3]
adds r6, 0x68
movs r2, 0xc
mov r4, r0
movt r2, 1
sub.w r0, r6, 0x2c
ldr r3, [r3]
str r3, [r1]
mov.w r3, 0
movs r1, 0
blx sym.imp.__printf_chk
add.w sl, sp, 0x68
movs r2, 5
ldr r7, [0x00010f38]
movt r2, 1
movs r1, 0
sub.w r0, sl, 0x34
blx sym.imp.__printf_chk
ldr r3, [0x00010f3c]
add r7, pc
--
ldr r2, [0x00011118]
mov r8, r3
sub.w sp, sp, 0x20000
mov r6, r1
ldr r3, [0x0001111c]
sub sp, 0x6c
add r2, pc
add.w r1, sp, 0x20000
add.w r4, sp, 0x10000
adds r1, 0x64
ldr r3, [r2, r3]
adds r4, 0x68
movs r2, 0xc
mov r5, r0
movt r2, 1
sub.w r0, r4, 0x2c
ldr r3, [r3]
str r3, [r1]
mov.w r3, 0
movs r1, 0
blx sym.imp.__printf_chk
add.w sl, sp, 0x68
movs r2, 5
ldr r7, [0x00011120]
movt r2, 1
movs r1, 0
sub.w r0, sl, 0x34
blx sym.imp.__printf_chk
ldr r3, [0x00011124]
add r7, pc
--
ldr r2, [0x00011370]
mov r7, r3
sub.w sp, sp, 0x20000
mov r5, r1
ldr r3, [0x00011374]
sub sp, 0x74
add r2, pc
add.w r1, sp, 0x20000
add.w r4, sp, 0x10000
adds r1, 0x6c
ldr r3, [r2, r3]
adds r4, 0x70
movs r2, 0xc
mov r6, r0
movt r2, 1
sub.w r0, r4, 0x2c
ldr r3, [r3]
str r3, [r1]
mov.w r3, 0
movs r1, 0
blx sym.imp.__printf_chk
add.w sl, sp, 0x70
movs r2, 5
ldr.w r8, [0x00011378]
movt r2, 1
movs r1, 0
sub.w r0, sl, 0x34
blx sym.imp.__printf_chk
ldr r3, [0x0001137c]
add r8, pc
--
ldr r3, [0x0001156c]
add.w r4, sp, 0x20000
add r2, pc
adds r4, 0x88
ldr.w fp, [r4]
mov r5, r1
ldr r3, [r2, r3]
add.w r1, sp, 0x20000
add.w r4, sp, 0x10000
movs r2, 0xc
adds r4, 0x60
adds r1, 0x5c
ldr r3, [r3]
str r3, [r1]
mov.w r3, 0
movt r2, 1
movs r1, 0
mov r7, r0
sub.w r0, r4, 0x2c
add.w sl, sp, 0x60
blx sym.imp.__printf_chk
movs r2, 5
ldr r6, [0x00011570]
movt r2, 1
movs r1, 0
sub.w r0, sl, 0x34
blx sym.imp.__printf_chk
ldr r3, [0x00011574]
add r6, pc
--
ldr r3, [0x00011780]
add.w r1, sp, 0x20000
add r2, pc
adds r1, 0x6c
str r4, [sp, 0x28]
add.w r4, sp, 0x10000
ldr r3, [r2, r3]
adds r4, 0x70
movs r2, 0xc
mov r8, r0
movt r2, 1
sub.w r0, r4, 0x2c
ldr r3, [r3]
str r3, [r1]
mov.w r3, 0
add.w r3, sp, 0x20000
movs r1, 0
adds r3, 0xa0
ldr.w fp, [r3]
add.w sl, sp, 0x70
blx sym.imp.__printf_chk
movs r2, 5
ldr r7, [0x00011784]
movt r2, 1
movs r1, 0
sub.w r0, sl, 0x34
blx sym.imp.__printf_chk
ldr r3, [0x00011788]
add r7, pc
--
ldr r1, [0x00011954]
sub.w sp, sp, 0x20000
sub sp, 0x64
mov r4, r0
ldr r3, [0x00011958]
add.w r0, sp, 0x20000
add r1, pc
add.w r8, sp, 0x10000
adds r0, 0x5c
mov sb, r2
ldr r3, [r1, r3]
add.w r8, r8, 0x60
movs r2, 0xc
movs r1, 0
movt r2, 1
add.w sl, sp, 0x60
ldr r3, [r3]
str r3, [r0]
mov.w r3, 0
sub.w r0, r8, 0x2c
blx sym.imp.__printf_chk
movs r2, 5
movs r1, 0
movt r2, 1
sub.w r0, sl, 0x34
blx sym.imp.__printf_chk
mov r0, r7
ldr r5, [0x0001195c]
--
add.w r3, sl, 0x13
bic r3, r3, 7
strb.w r1, [fp]
sub.w sp, sp, r3
cmp r0, 0
beq.w 0x12c2a
cmp.w sb, 0
beq.w 0x12c12
cmp r4, 0
beq.w 0x12c42
add r3, sp, 0x10
mov r2, sl
adds r5, r7, 4
adds r2, 0xc
mov r6, r0
mov r0, r3
strd r1, r1, [r7, 0x14]
str r1, [r7, 0x1c]
strd r1, r1, [r5]
strd r1, r1, [r5, 8]
blx sym.imp.__printf_chk
cmp r4, 0xfd
bhi 0x12c0c
--
add.w r3, sl, 0x13
bic r3, r3, 7
strb.w r1, [fp]
sub.w sp, sp, r3
cmp r0, 0
beq.w 0x12edc
cmp.w sb, 0
beq.w 0x12ec4
cmp.w r8, 0
beq.w 0x12ef4
add r3, sp, 0x10
mov r2, sl
adds r4, r7, 4
adds r2, 0xc
mov r5, r0
mov r0, r3
strd r1, r1, [r7, 0x14]
str r1, [r7, 0x1c]
strd r1, r1, [r4]
strd r1, r1, [r4, 8]
blx sym.imp.__printf_chk
cmp.w r8, 0xfd
bhi.w 0x12e32
--
add.w r4, r5, 8
strd r2, r2, [r5, 0x20]
stm.w r5, {r0, r1}
ldm.w ip!, {r0, r1, r2, r3}
stm r4!, {r0, r1, r2, r3}
ldm.w ip, {r0, r1}
stm.w r4, {r0, r1}
ldr r2, [0x00019850]
ldr r3, [0x0001984c]
add r2, pc
ldr r3, [r2, r3]
ldr r2, [r3]
ldr r3, [sp, 0xc]
eors r2, r3
mov.w r3, 0
bne 0x19844
mov r0, r5
add sp, 0x10
pop {r4, r5, r6, pc}
movs r2, 0x28
blx sym.imp.__printf_chk
b 0x19822
blx 0x2068
--
str r3, [r5, 0x24]
add.w r4, r5, 8
stm.w r5, {r0, r1}
ldm.w ip!, {r0, r1, r2, r3}
stm r4!, {r0, r1, r2, r3}
ldm.w ip, {r0, r1}
stm.w r4, {r0, r1}
ldr r2, [0x000198d4]
ldr r3, [0x000198d0]
add r2, pc
ldr r3, [r2, r3]
ldr r2, [r3]
ldr r3, [sp, 0xc]
eors r2, r3
mov.w r3, 0
bne 0x198c6
mov r0, r5
add sp, 0x10
pop {r4, r5, r6, pc}
movs r2, 0x28
blx sym.imp.__printf_chk
b 0x1989e
add.w r3, r4, 0x24
--
movs r0, r0
add lr, sp, lr
movs r1, r0
push {r4, r5, lr}
sub sp, 0x14
ldr r5, [0x00019934]
ldr r4, [0x00019938]
add r5, pc
ldr r4, [r5, r4]
ldr r4, [r4]
str r4, [sp, 0xc]
mov.w r4, 0
mov r4, r0
cbz r1, 0x19926
add r5, sp, 4
mov r0, r5
bl 0x1a24c
movs r1, 0
movs r2, 0x20
add.w r0, r4, 8
blx sym.imp.__printf_chk
ldm.w r5, {r0, r1}
stm.w r4, {r0, r1}
ldr r2, [0x0001993c]
ldr r3, [0x00019938]
add r2, pc
ldr r3, [r2, r3]
ldr r2, [r3]
ldr r3, [sp, 0xc]
eors r2, r3
mov.w r3, 0
bne 0x1992e
mov r0, r4
add sp, 0x14
pop {r4, r5, pc}
movs r2, 0x28
blx sym.imp.__printf_chk
b 0x1990c
blx 0x2068
--
movs r0, r0
add r8, r0
movs r1, r0
push {r4, r5, lr}
sub sp, 0x14
ldr r5, [0x0001999c]
ldr r4, [0x000199a0]
add r5, pc
ldr r4, [r5, r4]
ldr r4, [r4]
str r4, [sp, 0xc]
mov.w r4, 0
mov r4, r0
cbz r1, 0x1998e
add r5, sp, 4
mov r0, r5
bl 0x1a17c
movs r1, 0
movs r2, 0x20
add.w r0, r4, 8
blx sym.imp.__printf_chk
ldm.w r5, {r0, r1}
stm.w r4, {r0, r1}
ldr r2, [0x000199a4]
ldr r3, [0x000199a0]
add r2, pc
ldr r3, [r2, r3]
ldr r2, [r3]
ldr r3, [sp, 0xc]
eors r2, r3
mov.w r3, 0
bne 0x19996
mov r0, r4
add sp, 0x14
pop {r4, r5, pc}
movs r2, 0x28
blx sym.imp.__printf_chk
b 0x19974
blx 0x2068
--
lsls r0, r5, 8
movs r0, r0
add r0, r3
movs r1, r0
push {r4, r5, lr}
mov r4, r0
ldr r5, [0x000199f8]
sub sp, 0x14
ldr r0, [0x000199fc]
add r5, pc
ldr r0, [r5, r0]
add r5, sp, 4
ldr r0, [r0]
str r0, [sp, 0xc]
mov.w r0, 0
mov r0, r5
bl 0x1a160
movs r1, 0
movs r2, 0x20
add.w r0, r4, 8
blx sym.imp.__printf_chk
ldr r2, [0x00019a00]
ldm.w r5, {r0, r1}
--
movs r1, 0x12
subs r1, 1
adds r3, 0x33
movs r7, 1
tst r3, r2
lsl.w r3, r8, 1
it eq
addeq r1, r1, -1
lsls r7, r1
cmp r7, r3
it lo
movlo r7, r3
mov r1, r7
blx 0x20a8
cmp r0, 0
beq 0x1a434
sub.w r2, r7, r8
str r0, [r6]
movs r1, 0
add r0, r8
blx sym.imp.__printf_chk
ldr r3, [r6]
str r7, [r3]
--
mov r2, r5
mov r1, r7
str r3, [r4, 0x14]
bl 0x1a7c0
mov r0, r4
pop {r3, r4, r5, r6, r7, pc}
ldr r0, [0x0001a900]
add r0, pc
bl 0x1a740
ldrsb.w r0, [lr, r0]
push {r4, lr}
cbz r0, 0x1a95a
mov r4, r0
movs r1, 0
movs r0, 0x60
bl 0x1a8c0
str r0, [r4]
cbz r0, 0x1a94e
movs r2, 0x60
movs r1, 0
blx sym.imp.__printf_chk
ldr r3, [r4]
movs r2, 0
--
sub sp, 0x68
add r2, pc
mov r4, r1
add r6, sp, 4
mov r5, r0
ldr r3, [r2, r3]
mov r1, r6
ldr r3, [r3]
str r3, [sp, 0x64]
mov.w r3, 0
bl 0x1a864
cmp r4, 0
beq 0x1a9f6
mov r1, r6
movs r0, 0x60
bl 0x1a8c0
str r0, [r4]
cbz r0, 0x1a9ea
movs r2, 0x60
movs r1, 0
blx sym.imp.__printf_chk
ldr r1, [r4]
mov r0, r5
--
push {r4, r5, r6, lr}
mov r4, r0
ldr r6, [r0, 0x14]
cbz r6, 0x1aa4a
ldrd r1, r5, [r0, 0xc]
subs r2, r5, 1
cmp r1, r2
bhs 0x1aa28
pop {r4, r5, r6, pc}
adds r5, 8
mov r2, r0
lsls r1, r5, 2
mov r0, r6
bl 0x1aa10
str r0, [r4, 0x14]
cbz r0, 0x1aa64
ldr r3, [r4, 0x10]
movs r2, 0x20
movs r1, 0
add.w r0, r0, r3, lsl 2
blx sym.imp.__printf_chk
str r5, [r4, 0x10]
pop {r4, r5, r6, pc}
[*] Function printf used 43 times lttng-crash
