[*] Binary protection state of mod_cgi.so

  
  	Partial RELRO  No Canary found   NX disabled  DSO          No RPATH     No RUNPATH   No Symbols


[*] Function strcat tear down of mod_cgi.so

    ; assembly                       | /* r2dec pseudo code output */
                                     | /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/lighttpd/mod_cgi.so @ 0x1350 */
                                     | #include <stdint.h>
                                     |  
    ; (fcn) entry.fini0 ()           | void entry_fini0 () {
    0x00001350 ldr r3, [pc, 0x68]    |     r3 = *(0x13bc);
    0x00001354 push {r4, lr}         |     
    0x00001358 ldr r4, [pc, 0x64]    |     r4 = *(0x13c0);
    0x0000135c add r3, pc, r3        |     r3 = pc + r3;
    0x00001360 ldrb r3, [r3]         |     r3 = *(r3);
    0x00001364 add r4, pc, r4        |     r4 = pc + r4;
    0x00001368 cmp r3, 0             |     
    0x0000136c popne {r4, pc}        |     
    0x00001370 ldr r3, [pc, 0x50]    |     r3 = *(0x13c4);
    0x00001374 ldr r3, [r4, r3]      |     r3 = *(0x13c0);
    0x00001378 cmp r3, 0             |     
                                     |     if (r3 != 0) {
    0x0000137c beq 0x138c            |         
    0x00001380 ldr r3, [pc, 0x44]    |         r3 = "_";
    0x00001384 ldr r0, [pc, r3]      |         r0 = *(0x0000138c);
    0x00001388 bl 0x103c             |         cxa_finalize ();
                                     |     }
    0x0000138c bl 0x1294             |     entry0 ();
    0x00001390 ldr r3, [pc, 0x38]    |     r3 = *(0x13cc);
    0x00001394 ldr r3, [r4, r3]      |     r3 = *((r4 + r3));
    0x00001398 cmp r3, 0             |     
                                     |     if (r3 != 0) {
    0x0000139c beq 0x13ac            |         
    0x000013a0 ldr r0, [pc, 0x2c]    |         r0 = *(0x13d0);
    0x000013a4 add r0, pc, r0        |         r0 = pc + r0;
    0x000013a8 bl 0x10e4             |         loc_imp_deregister_frame_info ();
                                     |     }
    0x000013ac ldr r3, [pc, 0x24]    |     r3 = *(0x13d4);
    0x000013b0 mov r2, 1             |     r2 = 1;
    0x000013b4 add r3, pc, r3        |     r3 = pc + r3;
    0x000013b8 strb r2, [r3]         |     *(r3) = r2;
    0x000013bc pop {r4, pc}          |     
                                     | }
    ; assembly                                   | /* r2dec pseudo code output */
                                                 | /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/lighttpd/mod_cgi.so @ 0x23cc */
                                                 | #include <stdint.h>
                                                 |  
    ; (fcn) fcn.000023cc ()                      | void fcn_000023cc (int32_t arg1, int32_t arg2) {
                                                 |     r0 = arg1;
                                                 |     r1 = arg2;
    0x000023cc ldr r2, [r1, 4]                   |     r2 = *((r1 + 4));
    0x000023d0 push {r4, r5, r6, r7, r8, lr}     |     
    0x000023d4 ldr r6, [r1, 0x18]                |     r6 = *((r1 + 0x18));
    0x000023d8 cmn r2, 1                         |     
    0x000023dc mov r5, r0                        |     r5 = r0;
    0x000023e0 mov r4, r1                        |     r4 = r1;
    0x000023e4 ldr r7, [r1, 0x14]                |     r7 = *((r1 + 0x14));
                                                 |     if (r2 != 1) {
    0x000023e8 beq 0x2408                        |         
    0x000023ec add r1, r1, 0xc                   |         r1 += 0xc;
    0x000023f0 ldr r0, [r0, 0x18]                |         r0 = *((r0 + 0x18));
    0x000023f4 bl 0x10d8                         |         loc_imp_fdevent_event_del ();
    0x000023f8 mov r2, 0                         |         r2 = 0;
    0x000023fc ldr r1, [r4, 4]                   |         r1 = *((r4 + 4));
    0x00002400 ldr r0, [r5, 0x18]                |         r0 = *((r5 + 0x18));
    0x00002404 bl 0x11c8                         |         loc_imp_fdevent_sched_close ();
                                                 |     }
    0x00002408 ldr r3, [r4, 8]                   |     r3 = *((r4 + 8));
    0x0000240c cmn r3, 1                         |     
                                                 |     if (r3 != 1) {
    0x00002410 beq 0x2420                        |         
    0x00002414 mov r1, r4                        |         r1 = r4;
    0x00002418 add r0, r5, 0x18                  |         r0 = r5 + 0x18;
    0x0000241c bl 0x1b64                         |         fcn_00001b64 (r0, r1);
                                                 |     }
    0x00002420 ldr r0, [r4]                      |     r0 = *(r4);
    0x00002424 cmp r0, 0                         |     
                                                 |     if (r0 <= 0) {
    0x00002428 ldrgt r1, [r6, 0x1c]              |         r1 = *((r6 + 0x1c));
                                                 |     }
                                                 |     if (r0 <= 0) {
    0x0000242c movgt r3, 0                       |         r3 = 0;
                                                 |     }
    0x00002430 bgt 0x2478                        |     
                                                 |     while (r3 == r1) {
                                                 | label_1:
    0x00002434 ldr r2, [r6]                      |         r2 = *(r6);
    0x00002438 ldr r3, [r7, 0x190]               |         r3 = *((r7 + 0x190));
    0x0000243c mov r1, 0                         |         r1 = 0;
    0x00002440 str r1, [r3, r2, lsl 2]           |         offset_0 = r2 << 2;
                                                 |         *((r3 + offset_0)) = r1;
    0x00002444 ldr r0, [r4, 0x1c]                |         r0 = *((r4 + 0x1c));
    0x00002448 bl 0xfe8                          |         loc_imp_chunk_buffer_release ();
    0x0000244c mov r0, r4                        |         r0 = r4;
    0x00002450 bl 0x1288                         |         free (r0);
    0x00002454 ldr r2, [r7, 0x188]               |         r2 = *((r7 + 0x188));
    0x00002458 ldr r3, [r6]                      |         r3 = *(r6);
    0x0000245c cmp r2, r3                        |         
    0x00002460 popne {r4, r5, r6, r7, r8, pc}    |         
    0x00002464 mov r1, r7                        |         r1 = r7;
    0x00002468 mov r0, r5                        |         r0 = r5;
    0x0000246c pop {r4, r5, r6, r7, r8, lr}      |         
    0x00002470 b 0x11b0                          |         void (*0x11b0)() ();
                                                 | label_0:
    0x00002474 add r3, r3, 1                     |         r3++;
    0x00002478 cmp r3, r1                        |         
    0x0000247c beq 0x2434                        |         
                                                 |     }
    0x00002480 ldr r2, [r6, 0x18]                |     r2 = *((r6 + 0x18));
    0x00002484 add ip, r2, r3, lsl 3             |     
    0x00002488 ldr r2, [r2, r3, lsl 3]           |     offset_1 = r3 << 3;
                                                 |     r2 = *((r2 + offset_1));
    0x0000248c cmp r0, r2                        |     
                                                 |     if (r0 != r2) {
    0x00002490 bne 0x2474                        |         goto label_0;
                                                 |     }
    0x00002494 mov r3, 0                         |     r3 = 0;
    0x00002498 str r3, [ip, 4]                   |     *((ip + 4)) = r3;
    0x0000249c mov r1, 0xf                       |     r1 = 0xf;
    0x000024a0 bl 0x10cc                         |     kill (r0, r1);
    0x000024a4 b 0x2434                          |     goto label_1;
                                                 | }

[*] Function strcat used 1 times mod_cgi.so