[*] Binary protection state of avahi-browse
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function printf tear down of avahi-browse
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/bin/avahi-browse @ 0x11d30 */
| #include <stdint.h>
|
; (fcn) fcn.00011d30 () | void fcn_00011d30 (int32_t arg_440h, int32_t arg_44ch, uint32_t arg1, int32_t arg2) {
| int32_t var_0h;
| int32_t var_4h;
| int32_t var_8h;
| int32_t var_ch;
| int32_t var_10h;
| int32_t var_14h;
| int32_t var_18h;
| int32_t var_28h;
| int32_t var_0h_2;
| int32_t var_420h;
| int32_t var_4h_2;
| r0 = arg1;
| r1 = arg2;
0x00011d30 push {r4, r5, r6, r7, r8, sb, lr} |
0x00011d34 sub sp, sp, 0x420 |
0x00011d38 sub sp, sp, 4 |
0x00011d3c add r4, sp, 0x440 | r4 += arg_440h;
0x00011d40 cmp r0, 0 |
0x00011d44 mov r5, r1 | r5 = r1;
0x00011d48 mov r8, r3 | r8 = r3;
0x00011d4c ldm r4, {r4, r6, r7} | r4 = *(r4);
| r6 = *((r4 + 4));
| r7 = *((r4 + 8));
0x00011d50 add sb, sp, 0x28 | sb += var_28h;
| if (arg_440h != ) {
0x00011d54 bne 0x11dd8 | goto label_0;
| }
0x00011d58 ldr r3, [pc, 0x13c] | r3 = *(0x11e98);
0x00011d5c sub r4, r4, 1 | r4--;
0x00011d60 ldr ip, [r3] | ip = *(0x11e98);
0x00011d64 mov r3, sb | r3 = sb;
| do {
0x00011d68 ldrb r1, [r4, 1]! | r1 = *((r4 += 1));
0x00011d6c cmp r1, 0 |
| if (r1 == 0) {
0x00011d70 bne 0x11e7c |
0x00011d74 cmn r2, 1 |
0x00011d78 strb r1, [r3] | *(r3) = r1;
| if (r2 != 1) {
0x00011d7c ldreq r4, [pc, 0x11c] | r4 = *((pc + 0x11c));
| }
| if (r2 != 1) {
0x00011d80 beq 0x11d94 |
0x00011d84 add r1, sp, 0x18 | r1 += var_18h;
0x00011d88 mov r0, r2 | r0 = r2;
0x00011d8c bl 0x10f88 | r0 = if_indextoname ();
0x00011d90 mov r4, r0 | r4 = r0;
| }
0x00011d94 cmn r8, 1 |
| if (r8 != 1) {
0x00011d98 ldreq r3, [pc, 0x100] | r3 = *((pc + 0x100));
| }
| if (r8 != 1) {
0x00011d9c beq 0x11dac |
0x00011da0 mov r0, r8 | r0 = r8;
0x00011da4 bl 0x10fdc | r0 = avahi_proto_to_string ();
0x00011da8 mov r3, r0 | r3 = r0;
| }
0x00011dac ldr r2, [pc, 0xf0] | r2 = *(0x11ea0);
0x00011db0 str r7, [sp, 0xc] | var_ch = r7;
0x00011db4 str r6, [sp, 8] | var_8h = r6;
0x00011db8 str sb, [sp, 4] | var_4h = sb;
0x00011dbc ldr r1, [r2] | r1 = *(0x11ea0);
0x00011dc0 ldr r0, [pc, 0xe0] | r0 = *(0x11ea4);
0x00011dc4 sub r1, r1, 0x23 | r1 -= 0x23;
0x00011dc8 str r1, [sp] | *(sp) = r1;
0x00011dcc mov r2, r4 | r2 = r4;
0x00011dd0 mov r1, r5 | r1 = r5;
0x00011dd4 b 0x11e60 | goto label_1;
| label_0:
0x00011dd8 ldr r3, [pc, 0xcc] | r3 = "%c %6s %4s %-*s %-20s %s\n";
0x00011ddc cmn r2, 1 |
0x00011de0 str sb, [sp, 0x10] | var_10h = sb;
0x00011de4 str r3, [sp, 0x14] | var_14h = r3;
| if (r2 != 1) {
0x00011de8 ldreq sb, [pc, 0xb0] | sb = *((pc + 0xb0));
| }
| if (r2 != 1) {
0x00011dec beq 0x11e00 |
0x00011df0 add r1, sp, 0x18 | r1 += var_18h;
0x00011df4 mov r0, r2 | r0 = r2;
0x00011df8 bl 0x10f88 | r0 = if_indextoname ();
0x00011dfc mov sb, r0 | sb = r0;
| }
0x00011e00 cmn r8, 1 |
| if (r8 != 1) {
0x00011e04 ldreq r8, [pc, 0x94] | r8 = *((pc + 0x94));
| }
| if (r8 != 1) {
0x00011e08 beq 0x11e18 |
0x00011e0c mov r0, r8 | r0 = r8;
0x00011e10 bl 0x10fdc | r0 = avahi_proto_to_string ();
0x00011e14 mov r8, r0 | r8 = r0;
| }
0x00011e18 mov r0, r4 | r0 = r4;
0x00011e1c bl 0x11144 | strlen (r0);
0x00011e20 add r3, sp, 0x14 | r3 += var_14h;
0x00011e24 add r2, sp, 0x10 | r2 += var_10h;
0x00011e28 mov r1, r0 | r1 = r0;
0x00011e2c mov r0, r4 | r0 = r4;
0x00011e30 bl 0x1100c | avahi_escape_label ();
0x00011e34 ldr r1, [sp, 0x44c] | r1 = *(arg_44ch);
0x00011e38 ldr r2, [pc, 0x70] | r2 = *(0x11eac);
0x00011e3c ldr r3, [pc, 0x70] | r3 = *(0x11eb0);
0x00011e40 cmp r1, 0 |
| if (r1 == 0) {
0x00011e44 movne r3, r2 | r3 = r2;
| }
0x00011e48 str r3, [sp, 0xc] | var_ch = r3;
0x00011e4c mov r2, sb | r2 = sb;
0x00011e50 mov r3, r8 | r3 = r8;
0x00011e54 mov r1, r5 | r1 = r5;
0x00011e58 stm sp, {r0, r6, r7} | *(sp) = r0;
| *((sp + 4)) = r6;
| *((sp + 8)) = r7;
0x00011e5c ldr r0, [pc, 0x54] | r0 = *(0x11eb4);
| label_1:
0x00011e60 bl 0x10fe8 | printf (r0, r1, r2, r3)
0x00011e64 ldr r3, [pc, 0x50] | r3 = "%c;%s;%s;%s;%s;%s%s";
0x00011e68 ldr r0, [r3] | r0 = "%c;%s;%s;%s;%s;%s%s";
0x00011e6c bl 0x10f64 | fflush ("%c;%s;%s;%s;%s;%s%s");
0x00011e70 add sp, sp, 0x420 |
0x00011e74 add sp, sp, 4 |
0x00011e78 pop {r4, r5, r6, r7, r8, sb, pc} |
| }
0x00011e7c lsl r0, r1, 0x10 | r0 = r1 << 0x10;
0x00011e80 asr r0, r0, 0x10 | r0 >>= 0x10;
0x00011e84 lsl r0, r0, 1 | r0 <<= 1;
0x00011e88 ldrh r0, [ip, r0] | r0 = *((ip + r0));
0x00011e8c tst r0, 0x40 |
| if ((r0 & 0x40) != 0) {
0x00011e90 moveq r1, 0x5f | r1 = 0x5f;
| }
0x00011e94 strb r1, [r3], 1 | *(r3) = r1;
| r3++;
0x00011e98 b 0x11d68 |
| } while (1);
| }
[*] Function printf used 2 times avahi-browse
