[*] Binary protection state of libc-2.27.so
Partial RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function mmap tear down of libc-2.27.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/lib/libc-2.27.so @ 0xdb120 */
| #include <stdint.h>
|
; (fcn) fcn.000db120 () | void fcn_000db120 () {
0x000db120 lui gp, 0xb |
0x000db124 addiu gp, gp, 0x6d00 |
0x000db128 addu gp, gp, t9 | gp += t9;
0x000db12c addiu sp, sp, -0x2c0 |
0x000db130 sw s3, 0x2a4(sp) | *(var_2a4h) = s3;
0x000db134 lw s3, 0x2d0(sp) | s3 = *(arg_2d0h);
0x000db138 sw s6, 0x2b0(sp) | *(var_2b0h) = s6;
0x000db13c sw s5, 0x2ac(sp) | *(var_2ach) = s5;
0x000db140 sw s4, 0x2a8(sp) | *(var_2a8h) = s4;
0x000db144 sw s2, 0x2a0(sp) | *(var_2a0h) = s2;
0x000db148 sw s0, 0x298(sp) | *(var_298h) = s0;
0x000db14c sw gp, 0x18(sp) | *(var_18h) = gp;
0x000db150 sw ra, 0x2bc(sp) | *(var_2bch) = ra;
0x000db154 sw fp, 0x2b8(sp) | *(var_2b8h) = fp;
0x000db158 sw s7, 0x2b4(sp) | *(var_2b4h) = s7;
0x000db15c sw s1, 0x29c(sp) | *(var_29ch) = s1;
0x000db160 move s6, a0 | s6 = a0;
0x000db164 move s5, a1 | s5 = a1;
0x000db168 move s4, a2 | s4 = a2;
0x000db16c move s2, a3 | s2 = a3;
0x000db170 move v0, s3 | v0 = s3;
0x000db174 move s0, zero | s0 = 0;
| do {
0x000db178 addiu v0, v0, 4 | v0 += 4;
0x000db17c lw v1, -4(v0) | v1 = *((v0 - 1));
0x000db180 addiu s0, s0, 1 | s0++;
0x000db184 bnez v1, 0xdb178 |
| } while (v1 != 0);
0x000db188 lw v0, -0x6b5c(gp) | v0 = *(gp);
0x000db18c lw v1, -0x6b1c(gp) | v1 = *((gp - 6855));
0x000db190 addiu s1, s0, 0x80 | s1 = s0 + 0x80;
0x000db194 lw v0, 0x10(v0) | v0 = *((v0 + 4));
0x000db198 lw a2, 0x8dc(v1) | a2 = *(v1);
0x000db19c sll s1, s1, 2 | s1 <<= 2;
0x000db1a0 addiu v1, v0, 0x7fff | v1 = v0 + 0x7fff;
0x000db1a4 addu s1, s1, v1 | s1 += v1;
0x000db1a8 negu v0, v0 | __asm ("negu v0, v0");
0x000db1ac sll a2, a2, 2 | a2 <<= 2;
0x000db1b0 and s1, s1, v0 | s1 &= v0;
0x000db1b4 lw t9, -0x7ebc(gp) | t9 = *((gp - 8111));
0x000db1b8 andi a2, a2, 4 | a2 &= 4;
0x000db1bc addiu fp, zero, -1 | fp = -1;
0x000db1c0 lui a3, 4 | a3 = 0x40000;
0x000db1c4 sw zero, 0x14(sp) | *(var_14h) = 0;
0x000db1c8 sw fp, 0x10(sp) | *(var_10h) = fp;
| /* esilref: 'ouplist' */
0x000db1cc addiu a3, a3, 0x802 | a3 += 0x802;
0x000db1d0 ori a2, a2, 3 | a2 |= 3;
0x000db1d4 move a1, s1 | a1 = s1;
0x000db1d8 move a0, zero | a0 = 0;
0x000db1dc bal 0xedb70 | sym_mmap ()
0x000db1e0 move s7, v0 | s7 = v0;
0x000db1e4 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == fp) {
0x000db1e8 beq v0, fp, 0xdb3b0 | goto label_2;
| }
0x000db1ec lw fp, -0x7f20(gp) | fp = *((gp - 8136));
0x000db1f0 lw v0, (fp) | v0 = *(fp);
0x000db1f4 lw v0, -0x7fb0(gp) | v0 = *((gp - 8172));
| if (v0 != 0) {
0x000db1f8 beqz v0, 0xdb210 |
0x000db1fc addiu a1, sp, 0x294 | a1 = sp + aav.0x00000294;
0x000db200 lw t9, 0x8c(v0) | t9 = *((v0 + 35));
0x000db204 addiu a0, zero, 1 | a0 = 1;
0x000db208 jalr t9 | t9 ();
0x000db20c lw gp, 0x18(sp) | gp = *(var_18h);
| }
0x000db210 lw v0, 0x2dc(sp) | v0 = *(arg_2dch);
0x000db214 sw zero, 0x210(sp) | *(var_210h) = 0;
0x000db218 sw s5, 0x1f0(sp) | *(var_1f0h) = s5;
0x000db21c sw v0, 0x1f4(sp) | *(var_1f4h) = v0;
0x000db220 sw s4, 0x1f8(sp) | *(var_1f8h) = s4;
| if (s2 == 0) {
0x000db224 beqz s2, 0xdb364 | goto label_3;
| }
| label_0:
0x000db228 lw v1, 0x2d4(sp) | v1 = *(arg_2d4h);
0x000db22c lw v0, -0x7fdc(gp) | v0 = *(gp);
0x000db230 sw v1, 0x208(sp) | *(var_208h) = v1;
0x000db234 lw v1, 0x2d8(sp) | v1 = *(arg_2d8h);
0x000db238 addiu v0, v0, -0x1460 | v0 += -0x1460;
0x000db23c sw v1, 0x20c(sp) | *(var_20ch) = v1;
0x000db240 sw s2, 0x1fc(sp) | *(var_1fch) = s2;
0x000db244 sw s3, 0x200(sp) | *(var_200h) = s3;
0x000db248 sw s0, 0x204(sp) | *(var_204h) = s0;
0x000db24c addiu a0, zero, 1 | a0 = 1;
0x000db250 addiu v1, sp, 0x214 | v1 = sp + aav.0x00000214;
0x000db254 addiu a1, v0, 0x80 | a1 = v0 + 0x80;
| do {
0x000db258 lw t1, (v0) | t1 = *(v0);
0x000db25c lw t0, 4(v0) | t0 = *((v0 + 1));
0x000db260 lw a3, 8(v0) | a3 = *((v0 + 2));
0x000db264 lw a2, 0xc(v0) | a2 = *((v0 + 3));
0x000db268 addiu v0, v0, 0x10 | v0 += 0x10;
0x000db26c sw t1, (v1) | *(v1) = t1;
0x000db270 sw t0, 4(v1) | *(var_4h) = t0;
0x000db274 sw a3, 8(v1) | *(var_8h) = a3;
0x000db278 sw a2, 0xc(v1) | *(var_ch) = a2;
0x000db27c addiu v1, v1, 0x10 | v1 += 0x10;
0x000db280 bne v0, a1, 0xdb258 |
| } while (v0 != a1);
0x000db284 addiu s2, sp, 0x170 | s2 = sp + aav.0x00000170;
0x000db288 addiu a1, sp, 0x214 | a1 = sp + aav.0x00000214;
0x000db28c move a2, s2 | a2 = s2;
0x000db290 addiu a3, zero, 0x10 | a3 = 0x10;
0x000db294 addiu v0, zero, 0x1063 | v0 = 0x1063;
0x000db298 syscall | __asm ("syscall");
0x000db29c lw a0, -0x7418(gp) | a0 = *((gp - 7430));
0x000db2a0 lw t9, -0x741c(gp) | t9 = *(gp);
0x000db2a4 move a3, s2 | a3 = s2;
0x000db2a8 addiu a2, zero, 0x4112 | a2 = 0x4112;
0x000db2ac addu a1, s7, s1 | a1 = s7 + s1;
0x000db2b0 addiu a0, a0, -0x4c0c | a0 += -0x4c0c;
0x000db2b4 bal 0xf2630 | sym_clone ();
0x000db2b8 move s3, v0 | s3 = v0;
0x000db2bc lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 <= 0) {
0x000db2c0 blez v0, 0xdb35c | goto label_4;
| }
0x000db2c4 lw s0, 0x210(sp) | s0 = *(var_210h);
0x000db2c8 lw t9, -0x7bd8(gp) | t9 = *((gp - 7926));
| if (s0 > 0) {
0x000db2cc bgtz s0, 0xdb384 | goto label_5;
| }
| do {
0x000db2d0 lw t9, -0x7eb4(gp) | t9 = *((gp - 8109));
0x000db2d4 move a1, s1 | a1 = s1;
0x000db2d8 move a0, s7 | a0 = s7;
0x000db2dc bal 0xedcd0 | sym_munmap ();
0x000db2e0 lw gp, 0x18(sp) | gp = *(var_18h);
| if (s0 == 0) {
0x000db2e4 bnez s0, 0xdb2f4 |
0x000db2e8 addiu a0, zero, 3 | a0 = 3;
| if (s6 == 0) {
0x000db2ec beqz s6, 0xdb2f8 | goto label_6;
| }
0x000db2f0 sw s3, (s6) | *(s6) = s3;
| }
| label_1:
0x000db2f4 addiu a0, zero, 3 | a0 = 3;
| label_6:
0x000db2f8 move a1, s2 | a1 = s2;
0x000db2fc move a2, zero | a2 = 0;
0x000db300 addiu a3, zero, 0x10 | a3 = 0x10;
0x000db304 addiu v0, zero, 0x1063 | v0 = 0x1063;
0x000db308 syscall | __asm ("syscall");
0x000db30c lw v0, (fp) | v0 = *(fp);
0x000db310 lw v0, -0x7fb0(gp) | v0 = *((gp - 8172));
| if (v0 != 0) {
0x000db314 beqz v0, 0xdb328 |
0x000db318 lw a0, 0x294(sp) | a0 = *(var_294h);
0x000db31c lw t9, 0x8c(v0) | t9 = *((v0 + 35));
0x000db320 move a1, zero | a1 = 0;
0x000db324 jalr t9 | t9 ();
| }
0x000db328 lw ra, 0x2bc(sp) | ra = *(var_2bch);
0x000db32c move v0, s0 | v0 = s0;
0x000db330 lw fp, 0x2b8(sp) | fp = *(var_2b8h);
0x000db334 lw s7, 0x2b4(sp) | s7 = *(var_2b4h);
0x000db338 lw s6, 0x2b0(sp) | s6 = *(var_2b0h);
0x000db33c lw s5, 0x2ac(sp) | s5 = *(var_2ach);
0x000db340 lw s4, 0x2a8(sp) | s4 = *(var_2a8h);
0x000db344 lw s3, 0x2a4(sp) | s3 = *(var_2a4h);
0x000db348 lw s2, 0x2a0(sp) | s2 = *(var_2a0h);
0x000db34c lw s1, 0x29c(sp) | s1 = *(var_29ch);
0x000db350 lw s0, 0x298(sp) | s0 = *(var_298h);
0x000db354 addiu sp, sp, 0x2c0 |
0x000db358 jr ra | return v0;
| label_4:
0x000db35c negu s0, v0 | __asm ("negu s0, v0");
0x000db360 b 0xdb2d0 |
| } while (1);
| label_3:
0x000db364 lw t9, -0x7f60(gp) | t9 = *(gp);
0x000db368 addiu s2, sp, 0x20 | s2 = sp + 0x20;
0x000db36c addiu a2, zero, 0x150 | a2 = aav.0x00000150;
0x000db370 move a1, zero | a1 = 0;
0x000db374 move a0, s2 | a0 = s2;
0x000db378 jalr t9 | t9 ();
0x000db37c lw gp, 0x18(sp) | gp = *(var_18h);
0x000db380 b 0xdb228 | goto label_0;
| label_5:
0x000db384 move a0, v0 | a0 = v0;
0x000db388 move a2, zero | a2 = 0;
0x000db38c move a1, zero | a1 = 0;
0x000db390 jalr t9 | t9 ();
0x000db394 lw gp, 0x18(sp) | gp = *(var_18h);
0x000db398 move a1, s1 | a1 = s1;
0x000db39c lw t9, -0x7eb4(gp) | t9 = *((gp - 8109));
0x000db3a0 move a0, s7 | a0 = s7;
0x000db3a4 bal 0xedcd0 | sym_munmap ();
0x000db3a8 lw gp, 0x18(sp) | gp = *(var_18h);
0x000db3ac b 0xdb2f4 | goto label_1;
| label_2:
0x000db3b0 lw v0, -0x6ad4(gp) | v0 = *((gp - 6837));
0x000db3b4 rdhwr v1, 29 | __asm ("rdhwr v1, 29");
0x000db3b8 addu v0, v0, v1 | v0 += v1;
0x000db3bc lw ra, 0x2bc(sp) | ra = *(var_2bch);
0x000db3c0 lw s0, (v0) | s0 = *(v0);
0x000db3c4 lw fp, 0x2b8(sp) | fp = *(var_2b8h);
0x000db3c8 move v0, s0 | v0 = s0;
0x000db3cc lw s7, 0x2b4(sp) | s7 = *(var_2b4h);
0x000db3d0 lw s6, 0x2b0(sp) | s6 = *(var_2b0h);
0x000db3d4 lw s5, 0x2ac(sp) | s5 = *(var_2ach);
0x000db3d8 lw s4, 0x2a8(sp) | s4 = *(var_2a8h);
0x000db3dc lw s3, 0x2a4(sp) | s3 = *(var_2a4h);
0x000db3e0 lw s2, 0x2a0(sp) | s2 = *(var_2a0h);
0x000db3e4 lw s1, 0x29c(sp) | s1 = *(var_29ch);
0x000db3e8 lw s0, 0x298(sp) | s0 = *(var_298h);
0x000db3ec addiu sp, sp, 0x2c0 |
0x000db3f0 jr ra | return v0;
| }
[*] Function mmap used 2 times libc-2.27.so
