[*] Binary protection state of php-cgi
Full RELRO No Canary found NX enabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of php-cgi
416e24: a0430058 sb v1,88(v0)
416e28: 90430058 lbu v1,88(v0)
416e2c: 30640001 andi a0,v1,0x1
416e30: 14800071 bnez a0,416ff8 <php_error_docref2@@Base+0x2d0>
416e34: 24630001 addiu v1,v1,1
416e38: a0430058 sb v1,88(v0)
416e3c: 8f8288b8 lw v0,-30536(gp)
416e40: 8c540010 lw s4,16(v0)
416e44: 8c550008 lw s5,8(v0)
416e48: 92820000 lbu v0,0(s4)
416e4c: 14400015 bnez v0,416ea4 <php_error_docref2@@Base+0x17c>
416e50: 8f999d00 lw t9,-25344(gp)
416e54: 24020001 li v0,1
416e58: 16a20013 bne s5,v0,416ea8 <php_error_docref2@@Base+0x180>
416e5c: 02a03025 move a2,s5
416e60: 8f858040 lw a1,-32704(gp)
416e64: 8f99a0fc lw t9,-24324(gp)
416e68: 2406000d li a2,13
416e6c: 24a52480 addiu a1,a1,9344
416e70: 0320f809 jalr t9
416e74: 02602025 move a0,s3
416e78: 14400009 bnez v0,416ea0 <php_error_docref2@@Base+0x178>
416e7c: 8fbc0020 lw gp,32(sp)
416e80: 12400005 beqz s2,416e98 <php_error_docref2@@Base+0x170>
416e84: 8f858040 lw a1,-32704(gp)
416e88: 8f999e68 lw t9,strcpy
416e8c: 24a52490 addiu a1,a1,9360
416e90: 0320f809 jalr t9
--
416f1c: 10640057 beq v1,a0,41707c <php_error_docref2@@Base+0x354>
416f20: 00000000 nop
416f24: 1000fff6 b 416f00 <php_error_docref2@@Base+0x1d8>
416f28: 2631ffff addiu s1,s1,-1
416f2c: 00008825 move s1,zero
416f30: 16000024 bnez s0,416fc4 <php_error_docref2@@Base+0x29c>
416f34: 02148023 subu s0,s0,s4
416f38: 2eb0001f sltiu s0,s5,31
416f3c: 2403001e li v1,30
416f40: 02b0180b movn v1,s5,s0
416f44: 00608025 move s0,v1
416f48: 12400011 beqz s2,416f90 <php_error_docref2@@Base+0x268>
416f4c: 27b30028 addiu s3,sp,40
416f50: 12200020 beqz s1,416fd4 <php_error_docref2@@Base+0x2ac>
416f54: 8f999cac lw t9,-25428(gp)
416f58: 8f868040 lw a2,-32704(gp)
416f5c: afa20018 sw v0,24(sp)
416f60: afb10014 sw s1,20(sp)
416f64: afb40010 sw s4,16(sp)
416f68: 02003825 move a3,s0
416f6c: 24c6249c addiu a2,a2,9372
416f70: 24050078 li a1,120
416f74: 0320f809 jalr t9
416f78: 02602025 move a0,s3
416f7c: 8fbc0020 lw gp,32(sp)
416f80: 8f999e68 lw t9,strcpy
416f84: 02602825 move a1,s3
416f88: 0320f809 jalr t9
--
416ff0: 1000ffe3 b 416f80 <php_error_docref2@@Base+0x258>
416ff4: 8fbc0020 lw gp,32(sp)
416ff8: 16400009 bnez s2,417020 <php_error_docref2@@Base+0x2f8>
416ffc: 82700000 lb s0,0(s3)
417000: 8f999eac lw t9,strlen
417004: 0320f809 jalr t9
417008: 02602025 move a0,s3
41700c: 3a100022 xori s0,s0,0x22
417010: 24030002 li v1,2
417014: 0010180b movn v1,zero,s0
417018: 1000ffe1 b 416fa0 <php_error_docref2@@Base+0x278>
41701c: 00431023 subu v0,v0,v1
417020: 24020022 li v0,34
417024: 1602000b bne s0,v0,417054 <php_error_docref2@@Base+0x32c>
417028: 02401825 move v1,s2
41702c: 24050022 li a1,34
417030: 26730001 addiu s3,s3,1
417034: 82640000 lb a0,0(s3)
417038: 14850003 bne a0,a1,417048 <php_error_docref2@@Base+0x320>
41703c: 00721023 subu v0,v1,s2
417040: 1000ffd7 b 416fa0 <php_error_docref2@@Base+0x278>
417044: a0600000 sb zero,0(v1)
417048: a0640000 sb a0,0(v1)
41704c: 1000fff8 b 417030 <php_error_docref2@@Base+0x308>
417050: 24630001 addiu v1,v1,1
417054: 8f999e68 lw t9,strcpy
417058: 02602825 move a1,s3
41705c: 0320f809 jalr t9
--
51593c: 32220004 andi v0,s1,0x4
515940: 144000a0 bnez v0,515bc4 <php_url_scanner_reset_var@@Base+0x44dc>
515944: 32220008 andi v0,s1,0x8
515948: 8fc20004 lw v0,4(s8)
51594c: 1040009c beqz v0,515bc0 <php_url_scanner_reset_var@@Base+0x44d8>
515950: 8f999eac lw t9,strlen
515954: 0320f809 jalr t9
515958: 8fa40d34 lw a0,3380(sp)
51595c: 8fbc0028 lw gp,40(sp)
515960: 8f9980a0 lw t9,-32608(gp)
515964: 0320f809 jalr t9
515968: 24440001 addiu a0,v0,1
51596c: 8fbc0028 lw gp,40(sp)
515970: 8fd20004 lw s2,4(s8)
515974: 00409825 move s3,v0
515978: 8f999eac lw t9,strlen
51597c: 0320f809 jalr t9
515980: 02402025 move a0,s2
515984: 8fbc0028 lw gp,40(sp)
515988: 02402025 move a0,s2
51598c: 8f998e4c lw t9,-29108(gp)
515990: 0411bd79 bal 504f78 <php_url_decode@@Base>
515994: 00402825 move a1,v0
515998: 8fbc0028 lw gp,40(sp)
51599c: 8fc50004 lw a1,4(s8)
5159a0: 8f999e68 lw t9,strcpy
5159a4: 0320f809 jalr t9
5159a8: 02602025 move a0,s3
[*] Function strcpy used 4 times php-cgi
