[*] Binary protection state of inet_diag.ko
No RELRO No Canary found NX disabled REL No RPATH No RUNPATH Symbols
[*] Function sprintf tear down of inet_diag.ko
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis9/kernel/net/ipv4/inet_diag.ko @ 0x8000cc8 */
| #include <stdint.h>
|
; (fcn) sym.__inet_diag_dump_start () | void inet_diag_dump_start (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x08000cc8 push {r3, r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x08000ccc stmdaeq r0, {r0, r2, r5, r7, sb, sl, lr} | __asm ("stmdaeq r0, {r0, r2, r5, r7, sb, sl, lr}");
0x08000cd0 stmdaeq r0, {r0, r2, r5, r7, sb, sl, lr} | __asm ("stmdaeq r0, {r0, r2, r5, r7, sb, sl, lr}");
0x08000cd4 mov r5, r0 | r5 = r0;
0x08000cd8 mov r6, r1 | r6 = r1;
0x08000cdc mov r1, 0xdc0 | r1 = 0xdc0;
0x08000ce0 ldr r0, [r3, 0x18] | r0 = *((r3 + 0x18));
0x08000ce4 ldr r7, [r5, 4] | r7 = *((r5 + 4));
0x08000ce8 ldr r8, [r5] | r8 = *(r5);
0x08000cec stmdaeq r0, {r0, r3, r5, r7, sb, sl, lr} | __asm ("stmdaeq r0, {r0, r3, r5, r7, sb, sl, lr}");
0x08000cf0 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 == r0) {
0x08000cf4 beq 0x8000f28 | goto label_1;
| }
0x08000cf8 mov r1, r6 | r1 = r6;
0x08000cfc mov r0, r7 | r0 = r7;
0x08000d00 mov r2, r4 | r2 = r4;
0x08000d04 bl 0x8000070 | r0 = inet_diag_parse_attrs ();
0x08000d08 subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 != r0) {
0x08000d0c bne 0x8000e68 | goto label_2;
| }
0x08000d10 ldr r7, [r4, 4] | r7 = *((r4 + 4));
0x08000d14 cmp r7, 0 |
| if (r7 != 0) {
0x08000d18 beq 0x8000dfc |
0x08000d1c mov r0, r8 | r0 = r8;
0x08000d20 mov r1, 0xc | r1 = 0xc;
0x08000d24 stmdaeq r0, {r0, r2, r3, r5, r7, sb, sl, lr} | __asm ("stmdaeq r0, {r0, r2, r3, r5, r7, sb, sl, lr}");
0x08000d28 ldrh r8, [r7] | r8 = *(r7);
0x08000d2c sub r8, r8, 4 | r8 -= 4;
0x08000d30 cmp r8, 3 |
| if (r8 < 3) {
0x08000d34 bls 0x8000e64 | goto label_3;
| }
0x08000d38 add r7, r7, 4 | r7 += 4;
0x08000d3c cmp r8, 0 |
| if (r8 <= 0) {
0x08000d40 ble 0x8000e64 | goto label_3;
| }
0x08000d44 mov r2, r8 | r2 = r8;
0x08000d48 mov ip, r7 |
0x08000d4c ldrb r3, [ip] | r3 = *(ip);
0x08000d50 cmp r3, 0xd |
| if (r3 > 0xd) {
| /* switch table (14 cases) at 0x8000d5c */
0x08000d54 ldrls pc, [pc, r3, lsl 2] | offset_0 = r3 << 2;
| pc = *((pc + offset_0));
| }
0x08000d58 b 0x8000e64 | goto label_3;
| }
0x08000dfc ldr r0, [r4, 8] | r0 = *((r4 + 8));
0x08000e00 cmp r0, 0 |
| if (r0 != 0) {
0x08000e04 beq 0x8000e1c |
0x08000e08 stmdaeq r0, {r0, r4, r5, r7, sb, sl, lr} | __asm ("stmdaeq r0, {r0, r4, r5, r7, sb, sl, lr}");
0x08000e0c cmn r0, 0x1000 |
0x08000e10 mov r3, r0 | r3 = r0;
| if (r0 > 0x1000) {
0x08000e14 strls r0, [r4, 0x10] | *((r4 + 0x10)) = r0;
| }
| if (r0 > 0x1000) {
0x08000e18 bhi 0x8000eec | goto label_4;
| }
| }
0x08000e1c str r4, [r5, 0x10] | *((r5 + 0x10)) = r4;
| do {
| label_0:
0x08000e20 mov r0, r6 | r0 = r6;
0x08000e24 pop {r3, r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_3:
0x08000e64 mvn r6, 0x15 | r6 = ~0x15;
| label_2:
0x08000e68 mov r0, r4 | r0 = r4;
0x08000e6c stmdaeq r0, {r0, r4, r7, sb, sl, lr} | __asm ("stmdaeq r0, {r0, r4, r7, sb, sl, lr}");
0x08000e70 mov r0, r6 | r0 = r6;
0x08000e74 pop {r3, r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_4:
0x08000eec mov r0, r4 | r0 = r4;
0x08000ef0 mov r6, r3 | r6 = r3;
0x08000ef4 stmdaeq r0, {r0, r4, r7, sb, sl, lr} | __asm ("stmdaeq r0, {r0, r4, r7, sb, sl, lr}");
0x08000ef8 b 0x8000e20 |
| } while (1);
| label_1:
0x08000f28 mvn r6, 0xb | r6 = ~0xb;
0x08000f2c b 0x8000e20 | goto label_0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis9/kernel/net/ipv4/inet_diag.ko @ 0x8000a04 */
| #include <stdint.h>
|
; (fcn) sym.inet_diag_cmd_exact () | void inet_diag_cmd_exact (int32_t arg_90h, int32_t arg1, int32_t arg2) {
| int32_t var_4h;
| int32_t var_8h;
| int32_t var_ch;
| int32_t var_10h;
| int32_t var_14h;
| int32_t var_18h;
| int32_t var_1ch;
| int32_t var_20h;
| int32_t var_28h;
| int32_t var_7ch;
| r0 = arg1;
| r1 = arg2;
0x08000a04 push {r4, r5, r6, r7, lr} |
0x08000a08 mov r5, r2 | r5 = r2;
0x08000a0c mov r7, r1 | r7 = r1;
0x08000a10 sub sp, sp, 0x7c |
0x08000a14 mov r1, r3 | r1 = r3;
0x08000a18 mov r6, r0 | r6 = r0;
0x08000a1c add r2, sp, 4 | r2 += var_4h;
0x08000a20 mov r0, r5 | r0 = r5;
0x08000a24 mov r3, 0 | r3 = 0;
0x08000a28 str r3, [sp, 4] | var_4h = r3;
0x08000a2c str r3, [sp, 8] | var_8h = r3;
0x08000a30 str r3, [sp, 0xc] | var_ch = r3;
0x08000a34 str r3, [sp, 0x10] | var_10h = r3;
0x08000a38 str r3, [sp, 0x14] | var_14h = r3;
0x08000a3c bl 0x8000070 | r0 = inet_diag_parse_attrs ();
0x08000a40 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 != r0) {
0x08000a44 bne 0x8000a8c | goto label_2;
| }
0x08000a48 ldr r3, [sp, 0x10] | r3 = var_10h;
0x08000a4c cmp r3, 0 |
| if (r3 != 0) {
0x08000a50 ldreq r3, [sp, 0x90] | r3 = *(arg_90h);
| }
| if (r3 == 0) {
0x08000a54 ldrne r0, [r3, 4] | r0 = *((r3 + 4));
| }
| if (r3 != 0) {
0x08000a58 ldrbeq r0, [r3, 1] | r0 = *((r3 + 1));
| }
0x08000a5c bl 0x8000854 | r0 = inet_diag_lock_handler ();
0x08000a60 mov r4, r0 | r4 = r0;
0x08000a64 cmn r0, 0x1000 |
| if (r0 <= 0x1000) {
0x08000a68 bhi 0x8000a80 |
0x08000a6c cmp r6, 0x14 |
| if (r6 == 0x14) {
0x08000a70 beq 0x8000a98 | goto label_3;
| }
0x08000a74 cmp r6, 0x15 |
| if (r6 == 0x15) {
0x08000a78 beq 0x8000adc | goto label_4;
| }
| label_0:
0x08000a7c mvn r4, 0x5e | r4 = ~0x5e;
| }
| label_1:
0x08000a80 stmdaeq r0, {r4, r5, r6, r8, sl, sp} | __asm ("stmdaeq r0, {r4, r5, r6, r8, sl, sp}");
0x08000a84 stmdaeq r0, {r4, r5, r6, r8, sl, sp} | __asm ("stmdaeq r0, {r4, r5, r6, r8, sl, sp}");
0x08000a88 stmdaeq r0, {r0, r3, r7, sb, sl, lr} | __asm ("stmdaeq r0, {r0, r3, r7, sb, sl, lr}");
| do {
| label_2:
0x08000a8c mov r0, r4 | r0 = r4;
0x08000a90 add sp, sp, 0x7c |
0x08000a94 pop {r4, r5, r6, r7, pc} |
| label_3:
0x08000a98 mov r2, 0x58 | r2 = 0x58;
0x08000a9c mov r1, 0 | r1 = 0;
0x08000aa0 add r0, sp, 0x20 | r0 += var_20h;
0x08000aa4 stmdaeq r0, {r0, r2, r3, r4, r7, sb, sl, lr} | __asm ("stmdaeq r0, {r0, r2, r3, r4, r7, sb, sl, lr}");
0x08000aa8 add r3, sp, 4 | r3 += var_4h;
0x08000aac str r5, [sp, 0x1c] | var_1ch = r5;
0x08000ab0 add r0, sp, 0x18 | r0 += var_18h;
0x08000ab4 str r3, [sp, 0x28] | var_28h = r3;
0x08000ab8 ldr r1, [sp, 0x90] | r1 = *(arg_90h);
0x08000abc ldr r3, [r4, 4] | r3 = *((r4 + 4));
0x08000ac0 str r7, [sp, 0x18] | var_18h = r7;
0x08000ac4 blx r3 | r0 = uint32_t (*r3)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x08000ac8 mov r4, r0 | r4 = r0;
0x08000acc stmdaeq r0, {r4, r5, r6, r8, sl, sp} | __asm ("stmdaeq r0, {r4, r5, r6, r8, sl, sp}");
0x08000ad0 stmdaeq r0, {r4, r5, r6, r8, sl, sp} | __asm ("stmdaeq r0, {r4, r5, r6, r8, sl, sp}");
0x08000ad4 stmdaeq r0, {r0, r3, r7, sb, sl, lr} | __asm ("stmdaeq r0, {r0, r3, r7, sb, sl, lr}");
0x08000ad8 b 0x8000a8c |
| } while (1);
| label_4:
0x08000adc ldr r3, [r0, 0x14] | r3 = *((r0 + 0x14));
0x08000ae0 cmp r3, 0 |
| if (r3 == 0) {
0x08000ae4 beq 0x8000a7c | goto label_0;
| }
0x08000ae8 ldr r1, [sp, 0x90] | r1 = *(arg_90h);
0x08000aec mov r0, r7 | r0 = r7;
0x08000af0 blx r3 | r0 = uint32_t (*r3)(uint32_t, uint32_t) (r0, r1);
0x08000af4 mov r4, r0 | r4 = r0;
0x08000af8 b 0x8000a80 | goto label_1;
| }
[*] Function sprintf used 1 times inet_diag.ko