[*] Binary protection state of mod_cgi.so
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of mod_cgi.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/lighttpd/mod_cgi.so @ 0x1350 */
| #include <stdint.h>
|
; (fcn) entry.fini0 () | void entry_fini0 () {
0x00001350 ldr r3, [pc, 0x68] | r3 = *(0x13bc);
0x00001354 push {r4, lr} |
0x00001358 ldr r4, [pc, 0x64] | r4 = *(0x13c0);
0x0000135c add r3, pc, r3 | r3 = pc + r3;
0x00001360 ldrb r3, [r3] | r3 = *(r3);
0x00001364 add r4, pc, r4 | r4 = pc + r4;
0x00001368 cmp r3, 0 |
0x0000136c popne {r4, pc} |
0x00001370 ldr r3, [pc, 0x50] | r3 = *(0x13c4);
0x00001374 ldr r3, [r4, r3] | r3 = *(0x13c0);
0x00001378 cmp r3, 0 |
| if (r3 != 0) {
0x0000137c beq 0x138c |
0x00001380 ldr r3, [pc, 0x44] | r3 = "_";
0x00001384 ldr r0, [pc, r3] | r0 = *(0x0000138c);
0x00001388 bl 0x103c | cxa_finalize ();
| }
0x0000138c bl 0x1294 | entry0 ();
0x00001390 ldr r3, [pc, 0x38] | r3 = *(0x13cc);
0x00001394 ldr r3, [r4, r3] | r3 = *((r4 + r3));
0x00001398 cmp r3, 0 |
| if (r3 != 0) {
0x0000139c beq 0x13ac |
0x000013a0 ldr r0, [pc, 0x2c] | r0 = *(0x13d0);
0x000013a4 add r0, pc, r0 | r0 = pc + r0;
0x000013a8 bl 0x10e4 | loc_imp_deregister_frame_info ();
| }
0x000013ac ldr r3, [pc, 0x24] | r3 = *(0x13d4);
0x000013b0 mov r2, 1 | r2 = 1;
0x000013b4 add r3, pc, r3 | r3 = pc + r3;
0x000013b8 strb r2, [r3] | *(r3) = r2;
0x000013bc pop {r4, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/lighttpd/mod_cgi.so @ 0x23cc */
| #include <stdint.h>
|
; (fcn) fcn.000023cc () | void fcn_000023cc (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x000023cc ldr r2, [r1, 4] | r2 = *((r1 + 4));
0x000023d0 push {r4, r5, r6, r7, r8, lr} |
0x000023d4 ldr r6, [r1, 0x18] | r6 = *((r1 + 0x18));
0x000023d8 cmn r2, 1 |
0x000023dc mov r5, r0 | r5 = r0;
0x000023e0 mov r4, r1 | r4 = r1;
0x000023e4 ldr r7, [r1, 0x14] | r7 = *((r1 + 0x14));
| if (r2 != 1) {
0x000023e8 beq 0x2408 |
0x000023ec add r1, r1, 0xc | r1 += 0xc;
0x000023f0 ldr r0, [r0, 0x18] | r0 = *((r0 + 0x18));
0x000023f4 bl 0x10d8 | loc_imp_fdevent_event_del ();
0x000023f8 mov r2, 0 | r2 = 0;
0x000023fc ldr r1, [r4, 4] | r1 = *((r4 + 4));
0x00002400 ldr r0, [r5, 0x18] | r0 = *((r5 + 0x18));
0x00002404 bl 0x11c8 | loc_imp_fdevent_sched_close ();
| }
0x00002408 ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x0000240c cmn r3, 1 |
| if (r3 != 1) {
0x00002410 beq 0x2420 |
0x00002414 mov r1, r4 | r1 = r4;
0x00002418 add r0, r5, 0x18 | r0 = r5 + 0x18;
0x0000241c bl 0x1b64 | fcn_00001b64 (r0, r1);
| }
0x00002420 ldr r0, [r4] | r0 = *(r4);
0x00002424 cmp r0, 0 |
| if (r0 <= 0) {
0x00002428 ldrgt r1, [r6, 0x1c] | r1 = *((r6 + 0x1c));
| }
| if (r0 <= 0) {
0x0000242c movgt r3, 0 | r3 = 0;
| }
0x00002430 bgt 0x2478 |
| while (r3 == r1) {
| label_1:
0x00002434 ldr r2, [r6] | r2 = *(r6);
0x00002438 ldr r3, [r7, 0x190] | r3 = *((r7 + 0x190));
0x0000243c mov r1, 0 | r1 = 0;
0x00002440 str r1, [r3, r2, lsl 2] | offset_0 = r2 << 2;
| *((r3 + offset_0)) = r1;
0x00002444 ldr r0, [r4, 0x1c] | r0 = *((r4 + 0x1c));
0x00002448 bl 0xfe8 | loc_imp_chunk_buffer_release ();
0x0000244c mov r0, r4 | r0 = r4;
0x00002450 bl 0x1288 | free (r0);
0x00002454 ldr r2, [r7, 0x188] | r2 = *((r7 + 0x188));
0x00002458 ldr r3, [r6] | r3 = *(r6);
0x0000245c cmp r2, r3 |
0x00002460 popne {r4, r5, r6, r7, r8, pc} |
0x00002464 mov r1, r7 | r1 = r7;
0x00002468 mov r0, r5 | r0 = r5;
0x0000246c pop {r4, r5, r6, r7, r8, lr} |
0x00002470 b 0x11b0 | void (*0x11b0)() ();
| label_0:
0x00002474 add r3, r3, 1 | r3++;
0x00002478 cmp r3, r1 |
0x0000247c beq 0x2434 |
| }
0x00002480 ldr r2, [r6, 0x18] | r2 = *((r6 + 0x18));
0x00002484 add ip, r2, r3, lsl 3 |
0x00002488 ldr r2, [r2, r3, lsl 3] | offset_1 = r3 << 3;
| r2 = *((r2 + offset_1));
0x0000248c cmp r0, r2 |
| if (r0 != r2) {
0x00002490 bne 0x2474 | goto label_0;
| }
0x00002494 mov r3, 0 | r3 = 0;
0x00002498 str r3, [ip, 4] | *((ip + 4)) = r3;
0x0000249c mov r1, 0xf | r1 = 0xf;
0x000024a0 bl 0x10cc | kill (r0, r1);
0x000024a4 b 0x2434 | goto label_1;
| }
[*] Function sprintf used 1 times mod_cgi.so
