[*] Binary protection state of libxmlnode.so.0.1.7
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function printf tear down of libxmlnode.so.0.1.7
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libxmlnode.so.0.1.7 @ 0x1578 */
| #include <stdint.h>
|
; (fcn) fcn.00001578 () | void fcn_00001578 (int16_t arg1) {
| int16_t var_0h;
| int16_t var_8h;
| int16_t var_18h;
| int16_t var_38h;
| int16_t var_74h;
| r0 = arg1;
0x00001578 invalid |
0x0000157c ldr r3, [pc, 0xd4] |
0x0000157e push {r4, r5, r6, lr} |
0x00001580 sub sp, 0x78 |
0x00001582 add r2, pc | r2 += pc;
0x00001584 mov r5, r0 | r5 = r0;
0x00001586 ldr r3, [r2, r3] | r3 = *((r2 + r3));
0x00001588 ldr r3, [r3] | r3 = *(0x1654);
0x0000158a str r3, [sp, 0x74] | var_74h = r3;
0x0000158c mov.w r3, 0 | r3 = 0;
0x00001590 blx 0x1170 | r0 = confutils_set_file_contents_with_sync ();
0x00001594 adds r3, r0, 1 | r3 = r0 + 1;
| if (r3 == r0) {
0x00001596 beq 0x1610 | goto label_2;
| }
0x00001598 add r1, sp, 8 | r1 += var_8h;
0x0000159a mov r4, r0 | r4 = r0;
0x0000159c blx 0x114c | fcn_0000114c ();
0x000015a0 adds r0, 1 | r0++;
| if (r0 == 1) {
0x000015a2 beq 0x1626 | goto label_3;
| }
0x000015a4 ldr r3, [sp, 0x18] | r3 = var_18h;
0x000015a6 and r3, r3, 0xf000 | r3 &= 0xf000;
0x000015aa cmp.w r3, 0x8000 |
| if (r3 != 0x8000) {
0x000015ae bne 0x15f2 | goto label_4;
| }
0x000015b0 ldr r6, [sp, 0x38] | r6 = var_38h;
0x000015b2 adds r0, r6, 1 | r0 = r6 + 1;
0x000015b4 blx 0x10c8 | r0 = g_markup_printf_escaped ()
0x000015b8 mov r5, r0 | r5 = r0;
0x000015ba cmp r0, 0 |
| if (r0 == 0) {
0x000015bc beq 0x163e | goto label_5;
| }
0x000015be mov r1, r0 | r1 = r0;
0x000015c0 mov r2, r6 | r2 = r6;
0x000015c2 mov r0, r4 | r0 = r4;
0x000015c4 blx 0x1104 | r0 = g_list_length ();
0x000015c8 cmp r6, r0 |
0x000015ca itt eq |
| if (r6 != r0) {
0x000015cc moveq r3, 0 | r3 = 0;
| }
| if (r6 != r0) {
0x000015ce strbeq r3, [r5, r6] | *((r5 + r6)) = r3;
| }
| if (r6 != r0) {
0x000015d0 bne 0x1608 | goto label_6;
| }
| do {
0x000015d2 mov r0, r4 | r0 = r4;
0x000015d4 blx 0x11a0 | fcn_000011a0 ();
| label_1:
0x000015d8 ldr r2, [pc, 0x7c] |
0x000015da ldr r3, [pc, 0x78] | r3 = *(0x1656);
0x000015dc add r2, pc | r2 = 0x2c38;
0x000015de ldr r3, [r2, r3] | r3 = *(0x2c38);
0x000015e0 ldr r2, [r3] | r2 = *(0x2c38);
0x000015e2 ldr r3, [sp, 0x74] | r3 = var_74h;
0x000015e4 eors r2, r3 | r2 ^= r3;
0x000015e6 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x000015ea bne 0x163a | goto label_7;
| }
0x000015ec mov r0, r5 | r0 = r5;
0x000015ee add sp, 0x78 |
0x000015f0 pop {r4, r5, r6, pc} |
| label_4:
0x000015f2 ldr r3, [pc, 0x68] |
0x000015f4 movs r1, 0x80 | r1 = 0x80;
0x000015f6 ldr r2, [pc, 0x68] |
0x000015f8 movs r0, 0 | r0 = 0;
0x000015fa str r5, [sp] | *(sp) = r5;
0x000015fc add r3, pc | r3 = 0x2c5e;
0x000015fe add r2, pc | r2 = 0x2c64;
0x00001600 blx 0x1260 | g_str_equal ();
| label_0:
0x00001604 movs r5, 0 | r5 = 0;
0x00001606 b 0x15d2 |
| } while (1);
| label_6:
0x00001608 mov r0, r5 | r0 = r5;
0x0000160a blx 0x100c | fcn_0000100c ();
0x0000160e b 0x1604 | goto label_0;
| label_2:
0x00001610 ldr r3, [pc, 0x50] |
0x00001612 movs r1, 0x80 | r1 = 0x80;
0x00001614 ldr r2, [pc, 0x50] |
0x00001616 movs r0, 0 | r0 = 0;
0x00001618 str r5, [sp] | *(sp) = r5;
0x0000161a movs r5, 0 | r5 = 0;
0x0000161c add r3, pc | r3 = 0x2c84;
0x0000161e add r2, pc | r2 = 0x2c8a;
0x00001620 blx 0x1260 | g_str_equal ();
0x00001624 b 0x15d8 | goto label_1;
| label_3:
0x00001626 ldr r3, [pc, 0x44] |
0x00001628 movs r1, 0x80 | r1 = 0x80;
0x0000162a ldr r2, [pc, 0x44] |
0x0000162c movs r0, 0 | r0 = 0;
0x0000162e str r5, [sp] | *(sp) = r5;
0x00001630 add r3, pc | r3 = 0x2ca2;
0x00001632 add r2, pc | r2 = 0x2ca8;
0x00001634 blx 0x1260 | g_str_equal ();
0x00001638 b 0x1604 | goto label_0;
| label_7:
0x0000163a blx 0x11d0 | XML_SetReturnNSTriplet ();
| label_5:
0x0000163e ldr r3, [pc, 0x34] |
0x00001640 movs r1, 0x80 | r1 = 0x80;
0x00001642 ldr r2, [pc, 0x34] |
0x00001644 str r6, [sp] | *(sp) = r6;
0x00001646 add r3, pc | r3 = 0x2cc0;
0x00001648 add r2, pc | r2 = 0x2cc6;
0x0000164a blx 0x1260 | g_str_equal ();
0x0000164e b 0x1604 | goto label_0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libxmlnode.so.0.1.7 @ 0x21e0 */
| #include <stdint.h>
|
; (fcn) sym.xmlnode_add_attribute () | void xmlnode_add_attribute (uint32_t arg1, uint32_t arg2, uint32_t arg3) {
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x000021e0 cmp r2, 0 |
0x000021e2 it ne |
| if (r2 != 0) {
0x000021e4 cmpne r1, 0 | __asm ("cmpne r1, 0");
| }
0x000021e6 push {r3, r4, r5, r6, r7, lr} |
0x000021e8 ite eq |
| if (r2 != 0) {
0x000021ea moveq r7, 1 | r7 = 1;
| }
| if (r2 == 0) {
0x000021ec movne r7, 0 | r7 = 0;
| }
0x000021ee cmp r0, 0 |
0x000021f0 it eq |
| if (r0 != 0) {
0x000021f2 orreq r7, r7, 1 | r7 |= 1;
| }
| if (r7 != 0) {
0x000021f6 cbz r7, 0x21fa |
0x000021f8 pop {r3, r4, r5, r6, r7, pc} |
| }
0x000021fa mov r5, r2 | r5 = r2;
0x000021fc mov r6, r1 | r6 = r1;
0x000021fe mov r4, r0 | r4 = r0;
0x00002200 blx 0x1188 | g_list_append ();
0x00002204 movs r0, 8 | r0 = 8;
0x00002206 blx 0x10c8 | r0 = g_markup_printf_escaped ()
0x0000220a mov r1, r0 | r1 = r0;
0x0000220c mov r0, r6 | r0 = r6;
0x0000220e mov r6, r1 | r6 = r1;
0x00002210 blx 0x1054 | r0 = fcn_00001054 ();
0x00002214 mov r3, r0 | r3 = r0;
0x00002216 mov r0, r5 | r0 = r5;
0x00002218 str r3, [r6] | *(r6) = r3;
0x0000221a blx 0x1054 | r0 = fcn_00001054 ();
0x0000221e mov r3, r0 | r3 = r0;
0x00002220 mov r1, r6 | r1 = r6;
0x00002222 ldr r0, [r4, 0xc] | r0 = *((r4 + 0xc));
0x00002224 str r3, [r6, 4] | *((r6 + 4)) = r3;
0x00002226 blx 0x1194 | close (r0);
0x0000222a str r0, [r4, 0xc] | *((r4 + 0xc)) = r0;
0x0000222c pop {r3, r4, r5, r6, r7, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libxmlnode.so.0.1.7 @ 0x1ec0 */
| #include <stdint.h>
|
; (fcn) sym.xmlnode_create_node () | void xmlnode_create_node () {
0x00001ec0 andshs fp, ip, r8, lsl 10 | __asm ("andshs fp, ip, r8, lsl 10");
0x00001ec4 blx 0x10c8 | r0 = g_markup_printf_escaped ()
0x00001ec8 mov r2, r0 | r2 = r0;
0x00001eca movs r1, 0 | r1 = 0;
0x00001ecc vmov.i32 q9, 0 | __asm ("vmov.i32 q9, 0");
0x00001ed0 vmov.i32 d16, 0 | __asm ("vmov.i32 d16, 0");
0x00001ed4 vst1.32 {d18, d19}, [r2]! | __asm ("vst1.32 {d18, d19}, [r2]!");
0x00001ed8 vst1.32 {d16}, [r2] | __asm ("vst1.32 {d16}, [r2]");
0x00001edc str r1, [r0, 0x18] | *((r0 + 0x18)) = r1;
0x00001ede pop {r3, pc} |
| }
[*] Function printf used 4 times libxmlnode.so.0.1.7
