[*] Binary protection state of libmount.so.1.1.0
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of libmount.so.1.1.0
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/lib/libmount.so.1.1.0 @ 0x2adfc */
| #include <stdint.h>
|
; (fcn) fcn.0002adfc () | void fcn_0002adfc (int32_t arg1, int32_t arg2) {
| int32_t var_0h;
| int32_t var_4h;
| char * format;
| char * var_ch;
| char * var_10h;
| int32_t var_14h;
| wchar_t * pwc;
| int32_t var_20h;
| int32_t var_4h_2;
| int32_t var_2ch;
| r0 = arg1;
| r1 = arg2;
0x0002adfc push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x0002ae00 mov fp, r3 |
0x0002ae04 ldr r3, [pc, 0x230] | r3 = *(0x2b038);
0x0002ae08 sub sp, sp, 0x2c |
0x0002ae0c add r3, pc, r3 | r3 = pc + r3;
0x0002ae10 subs r5, r0, 0 | r5 = r0 - 0;
0x0002ae14 mov r6, r1 | r6 = r1;
0x0002ae18 mov r8, r2 | r8 = r2;
0x0002ae1c str r3, [sp, 4] | var_4h = r3;
0x0002ae20 mov r4, 0 | r4 = 0;
| if (r5 != r0) {
0x0002ae24 moveq r0, r5 | r0 = r5;
| }
| if (r5 != r0) {
0x0002ae28 beq 0x2ae30 |
0x0002ae2c bl 0x905c | strlen (r0);
| }
0x0002ae30 add r3, sp, 0x20 | r3 += var_20h;
0x0002ae34 cmp r0, 0 |
0x0002ae38 str r3, [sp] | *(sp) = r3;
0x0002ae3c str r4, [sp, 0x20] | var_20h = r4;
0x0002ae40 str r4, [r3, 4] | var_4h_2 = r4;
0x0002ae44 clz r3, r8 | r3 &= r8;
0x0002ae48 lsr r3, r3, 5 | r3 >>= 5;
| if (r0 != 0) {
0x0002ae4c moveq r3, 1 | r3 = 1;
| }
0x0002ae50 cmp r3, 0 |
| if (r3 == 0) {
0x0002ae54 movne r0, 0 | r0 = 0;
| }
| if (r3 != 0) {
0x0002ae58 bne 0x2aea8 | goto label_3;
| }
0x0002ae5c str r3, [r6] | *(r6) = r3;
0x0002ae60 ldr r3, [pc, 0x1d8] | r3 = *(0x2b03c);
0x0002ae64 mov r4, r8 | r4 = r8;
0x0002ae68 add r3, pc, r3 | r3 = pc + r3;
0x0002ae6c str r3, [sp, 8] | format = r3;
0x0002ae70 ldr r3, [pc, 0x1cc] | r3 = *(0x2b040);
0x0002ae74 add r3, pc, r3 | r3 = pc + r3;
0x0002ae78 str r3, [sp, 0xc] | var_ch = r3;
0x0002ae7c ldr r3, [pc, 0x1c4] | r3 = *(0x2b044);
0x0002ae80 add r3, pc, r3 | r3 = pc + r3;
0x0002ae84 str r3, [sp, 0x10] | var_10h = r3;
| do {
| label_0:
0x0002ae88 cmp r5, 0 |
| if (r5 != 0) {
0x0002ae8c beq 0x2ae9c |
0x0002ae90 ldrsb r7, [r5] | r7 = *(r5);
0x0002ae94 cmp r7, 0 |
| if (r7 != 0) {
0x0002ae98 bne 0x2aeb0 | goto label_4;
| }
| }
| label_1:
0x0002ae9c mov r3, 0 | r3 = 0;
0x0002aea0 mov r0, r8 | r0 = r8;
0x0002aea4 strb r3, [r4] | *(r4) = r3;
| label_3:
0x0002aea8 add sp, sp, 0x2c |
0x0002aeac pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_4:
0x0002aeb0 cmp fp, 0 |
| if (fp == 0) {
0x0002aeb4 beq 0x2aed8 | goto label_5;
| }
0x0002aeb8 mov r1, r7 | r1 = r7;
0x0002aebc mov r0, fp | r0 = fp;
0x0002aec0 bl 0x90a4 | r0 = strchr (r0, r1);
0x0002aec4 cmp r0, 0 |
| if (r0 == 0) {
0x0002aec8 strbne r7, [r4] | *(r4) = r7;
| }
| if (r0 == 0) {
0x0002aecc addne r5, r5, 1 | r5++;
| }
| if (r0 == 0) {
0x0002aed0 addne r4, r4, 1 | r4++;
| }
0x0002aed4 bne 0x2ae88 |
| } while (r0 != 0);
| label_5:
0x0002aed8 cmp r7, 0x5c |
0x0002aedc and r2, r7, 0xff | r2 = r7 & 0xff;
| if (r7 == 0x5c) {
0x0002aee0 bne 0x2aef0 |
0x0002aee4 ldrsb r3, [r5, 1] | r3 = *((r5 + 1));
0x0002aee8 cmp r3, 0x78 |
| if (r3 == 0x78) {
0x0002aeec beq 0x2af10 | goto label_6;
| }
| }
0x0002aef0 ldr r1, [pc, 0x154] | r1 = *(0x2b048);
0x0002aef4 ldr r0, [sp, 4] | r0 = var_4h;
0x0002aef8 lsl r3, r2, 1 | r3 = r2 << 1;
0x0002aefc ldr sb, [r0, r1] | sb = *((r0 + r1));
0x0002af00 ldr r1, [sb] | r1 = *(sb);
0x0002af04 ldrh r3, [r1, r3] | r3 = *((r1 + r3));
0x0002af08 tst r3, 0x200 |
| if ((r3 & 0x200) != 0) {
0x0002af0c beq 0x2af34 |
| label_6:
0x0002af10 mov r0, r4 | r0 = r4;
0x0002af14 ldr r1, [sp, 8] | r1 = format;
0x0002af18 bl 0x8d74 | sprintf (r0, r1, r2)
0x0002af1c ldr r3, [r6] | r3 = *(r6);
0x0002af20 add r4, r4, 4 | r4 += 4;
0x0002af24 add r3, r3, 4 | r3 += 4;
0x0002af28 str r3, [r6] | *(r6) = r3;
0x0002af2c add r5, r5, 1 | r5++;
0x0002af30 b 0x2ae88 | goto label_0;
| }
0x0002af34 bl 0x8834 | stdlib_mb_cur_max ();
0x0002af38 ldr r3, [sp] | r3 = *(sp);
0x0002af3c mov r1, r5 | r1 = r5;
0x0002af40 mov r2, r0 | r2 = r0;
0x0002af44 add r0, sp, 0x1c | r0 += pwc;
0x0002af48 bl 0x8348 | mbrtowc (r0, r1, r2, r3);
0x0002af4c subs r7, r0, 0 | r7 -= pwc;
| if (r7 == pwc) {
0x0002af50 beq 0x2ae9c | goto label_1;
| }
0x0002af54 cmn r7, 2 |
| if (r7 <= 2) {
0x0002af58 blo 0x2afb8 | goto label_7;
| }
0x0002af5c ldrb r2, [r5] | r2 = *(r5);
0x0002af60 ldr r1, [sb] | r1 = *(sb);
0x0002af64 lsl r3, r2, 1 | r3 = r2 << 1;
0x0002af68 ldrh r3, [r1, r3] | r3 = *((r1 + r3));
0x0002af6c tst r3, 0x40 |
| if ((r3 & 0x40) != 0) {
0x0002af70 bne 0x2af9c | goto label_8;
| }
0x0002af74 mov r0, r4 | r0 = r4;
0x0002af78 ldr r1, [sp, 0x10] | r1 = var_10h;
0x0002af7c bl 0x8d74 | sprintf (r0, r1, r2)
0x0002af80 ldr r3, [r6] | r3 = *(r6);
0x0002af84 add r4, r4, 4 | r4 += 4;
0x0002af88 add r3, r3, 4 | r3 += 4;
0x0002af8c str r3, [r6] | *(r6) = r3;
| do {
0x0002af90 mov r7, 1 | r7 = 1;
| label_2:
0x0002af94 add r5, r5, r7 | r5 += r7;
0x0002af98 b 0x2ae88 | goto label_0;
| label_8:
0x0002af9c ldr r3, [r6] | r3 = *(r6);
0x0002afa0 add r4, r4, 1 | r4++;
0x0002afa4 add r3, r3, 1 | r3++;
0x0002afa8 str r3, [r6] | *(r6) = r3;
0x0002afac ldrsb r3, [r5] | r3 = *(r5);
0x0002afb0 strb r3, [r4, -1] | *((r4 - 1)) = r3;
0x0002afb4 b 0x2af90 |
| } while (1);
| label_7:
0x0002afb8 ldr sb, [sp, 0x1c] | sb = pwc;
0x0002afbc mov r0, sb | r0 = sb;
0x0002afc0 bl 0x8678 | r0 = iswprint (r0);
0x0002afc4 cmp r0, 0 |
| if (r0 != 0) {
0x0002afc8 bne 0x2b010 | goto label_9;
| }
0x0002afcc mov sb, r5 | sb = r5;
0x0002afd0 add r3, r7, r5 | r3 = r7 + r5;
0x0002afd4 mov sl, r4 | sl = r4;
| do {
0x0002afd8 ldrb r2, [sb], 1 | r2 = *(sb);
| sb++;
0x0002afdc mov r0, sl | r0 = sl;
0x0002afe0 ldr r1, [sp, 0xc] | r1 = var_ch;
0x0002afe4 str r3, [sp, 0x14] | var_14h = r3;
0x0002afe8 bl 0x8d74 | sprintf (r0, r1, r2)
0x0002afec ldr r2, [r6] | r2 = *(r6);
0x0002aff0 ldr r3, [sp, 0x14] | r3 = var_14h;
0x0002aff4 add r2, r2, 4 | r2 += 4;
0x0002aff8 cmp sb, r3 |
0x0002affc add sl, sl, 4 | sl += 4;
0x0002b000 str r2, [r6] | *(r6) = r2;
0x0002b004 bne 0x2afd8 |
| } while (sb != r3);
0x0002b008 add r4, r4, r7, lsl 2 | r4 += (r7 << 2);
0x0002b00c b 0x2af94 | goto label_2;
| label_9:
0x0002b010 mov r2, r7 | r2 = r7;
0x0002b014 mov r1, r5 | r1 = r5;
0x0002b018 mov r0, r4 | r0 = r4;
0x0002b01c bl 0x82a0 | memcpy (r0, r1, r2);
0x0002b020 mov r0, sb | r0 = sb;
0x0002b024 bl 0x89c0 | wcwidth ();
0x0002b028 ldr r3, [r6] | r3 = *(r6);
0x0002b02c add r4, r4, r7 | r4 += r7;
0x0002b030 add r0, r3, r0 | r0 = r3 + r0;
0x0002b034 str r0, [r6] | *(r6) = r0;
0x0002b038 b 0x2af94 | goto label_2;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/lib/libmount.so.1.1.0 @ 0x2b050 */
| #include <stdint.h>
|
; (fcn) fcn.0002b050 () | void fcn_0002b050 (int32_t arg1, int32_t arg2) {
| wchar_t * pwc;
| char * format;
| int32_t var_ch;
| int32_t var_10h;
| int32_t var_4h_2;
| int32_t var_1ch;
| r0 = arg1;
| r1 = arg2;
0x0002b050 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x0002b054 ldr sb, [pc, 0x184] | sb = *(0x2b1dc);
0x0002b058 subs r5, r0, 0 | r5 = r0 - 0;
0x0002b05c add sb, pc, sb | sb = pc + sb;
0x0002b060 sub sp, sp, 0x1c |
0x0002b064 mov r6, r1 | r6 = r1;
0x0002b068 mov r7, r2 | r7 = r2;
0x0002b06c mov r4, 0 | r4 = 0;
| if (r5 != r0) {
0x0002b070 moveq r0, r5 | r0 = r5;
| }
| if (r5 != r0) {
0x0002b074 beq 0x2b07c |
0x0002b078 bl 0x905c | r0 = strlen (r0);
| }
0x0002b07c cmp r0, 0 |
0x0002b080 clz r3, r7 | r3 &= r7;
0x0002b084 lsr r3, r3, 5 | r3 >>= 5;
| if (r0 != 0) {
0x0002b088 moveq r3, 1 | r3 = 1;
| }
0x0002b08c add r8, sp, 0x10 | r8 += var_10h;
0x0002b090 cmp r3, 0 |
0x0002b094 str r4, [sp, 0x10] | var_10h = r4;
| if (r3 == 0) {
0x0002b098 movne r0, 0 | r0 = 0;
| }
0x0002b09c str r4, [r8, 4] | var_4h_2 = r4;
| if (r3 != 0) {
0x0002b0a0 bne 0x2b0e8 | goto label_2;
| }
0x0002b0a4 str r3, [r6] | *(r6) = r3;
0x0002b0a8 add r3, sp, 0xc | r3 += var_ch;
0x0002b0ac str r3, [sp] | *(sp) = r3;
0x0002b0b0 ldr fp, [pc, 0x12c] | fp = *(0x2b1e0);
0x0002b0b4 ldr r3, [pc, 0x12c] | r3 = *(0x2b1e4);
0x0002b0b8 mov r4, r7 | r4 = r7;
0x0002b0bc add r3, pc, r3 | r3 = pc + r3;
0x0002b0c0 add fp, pc, fp |
0x0002b0c4 str r3, [sp, 4] | format = r3;
| label_0:
0x0002b0c8 cmp r5, 0 |
| if (r5 == 0) {
0x0002b0cc beq 0x2b0dc | goto label_3;
| }
0x0002b0d0 ldrsb r3, [r5] | r3 = *(r5);
0x0002b0d4 cmp r3, 0 |
0x0002b0d8 bne 0x2b0f0 |
| while (sl == r0) {
| label_3:
0x0002b0dc mov r3, 0 | r3 = 0;
0x0002b0e0 mov r0, r7 | r0 = r7;
0x0002b0e4 strb r3, [r4] | *(r4) = r3;
| label_2:
0x0002b0e8 add sp, sp, 0x1c |
0x0002b0ec pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x0002b0f0 bl 0x8834 | stdlib_mb_cur_max ();
0x0002b0f4 mov r3, r8 | r3 = r8;
0x0002b0f8 mov r1, r5 | r1 = r5;
0x0002b0fc mov r2, r0 | r2 = r0;
0x0002b100 ldr r0, [sp] | r0 = *(sp);
0x0002b104 bl 0x8348 | r0 = mbrtowc (r0, r1, r2, r3);
0x0002b108 subs sl, r0, 0 | sl = r0 - 0;
0x0002b10c beq 0x2b0dc |
| }
0x0002b110 cmn sl, 2 |
0x0002b114 ldrsb r2, [r5] | r2 = *(r5);
| if (sl <= 2) {
0x0002b118 blo 0x2b180 | goto label_4;
| }
0x0002b11c ldr r1, [pc, 0xc8] |
0x0002b120 and r2, r2, 0xff | r2 &= 0xff;
0x0002b124 ldr r1, [sb, r1] | r1 = *((sb + r1));
0x0002b128 lsl r3, r2, 1 | r3 = r2 << 1;
0x0002b12c ldr r1, [r1] | r1 = *(0x2b1e8);
0x0002b130 ldrh r3, [r1, r3] | r3 = *((r1 + r3));
0x0002b134 tst r3, 0x40 |
| if ((r3 & 0x40) != 0) {
0x0002b138 bne 0x2b164 | goto label_5;
| }
0x0002b13c mov r0, r4 | r0 = r4;
0x0002b140 mov r1, fp | r1 = fp;
0x0002b144 bl 0x8d74 | sprintf (r0, r1, r2)
0x0002b148 ldr r3, [r6] | r3 = *(r6);
0x0002b14c add r4, r4, 4 | r4 += 4;
0x0002b150 add r3, r3, 4 | r3 += 4;
0x0002b154 str r3, [r6] | *(r6) = r3;
| do {
0x0002b158 mov sl, 1 | sl = 1;
| label_1:
0x0002b15c add r5, r5, sl | r5 += sl;
0x0002b160 b 0x2b0c8 | goto label_0;
| label_5:
0x0002b164 ldr r3, [r6] | r3 = *(r6);
0x0002b168 add r4, r4, 1 | r4++;
0x0002b16c add r3, r3, 1 | r3++;
0x0002b170 str r3, [r6] | *(r6) = r3;
0x0002b174 ldrsb r3, [r5] | r3 = *(r5);
0x0002b178 strb r3, [r4, -1] | *((r4 - 1)) = r3;
0x0002b17c b 0x2b158 |
| } while (1);
| label_4:
0x0002b180 cmp r2, 0x5c |
| if (r2 == 0x5c) {
0x0002b184 bne 0x2b1b4 |
0x0002b188 ldrsb r1, [r5, 1] | r1 = *((r5 + 1));
0x0002b18c cmp r1, 0x78 |
| if (r1 != 0x78) {
0x0002b190 bne 0x2b1b4 | goto label_6;
| }
0x0002b194 mov r0, r4 | r0 = r4;
0x0002b198 ldr r1, [sp, 4] | r1 = format;
0x0002b19c bl 0x8d74 | sprintf (r0, r1, r2)
0x0002b1a0 ldr r2, [r6] | r2 = *(r6);
0x0002b1a4 add r4, r4, 4 | r4 += 4;
0x0002b1a8 add r2, r2, 4 | r2 += 4;
0x0002b1ac str r2, [r6] | *(r6) = r2;
0x0002b1b0 b 0x2b15c | goto label_1;
| }
| label_6:
0x0002b1b4 mov r2, sl | r2 = sl;
0x0002b1b8 mov r1, r5 | r1 = r5;
0x0002b1bc mov r0, r4 | r0 = r4;
0x0002b1c0 bl 0x82a0 | memcpy (r0, r1, r2);
0x0002b1c4 ldr r0, [sp, 0xc] | r0 = var_ch;
0x0002b1c8 bl 0x89c0 | wcwidth ();
0x0002b1cc ldr r2, [r6] | r2 = *(r6);
0x0002b1d0 add r4, r4, sl | r4 += sl;
0x0002b1d4 add r0, r2, r0 | r0 = r2 + r0;
0x0002b1d8 str r0, [r6] | *(r6) = r0;
0x0002b1dc b 0x2b15c | goto label_1;
| }
[*] Function sprintf used 6 times libmount.so.1.1.0
