SlideShare a Scribd company logo

The extensible editor for structured binary data

Anne Nicolas
Anne Nicolas

GNU poke is a new interactive editor for binary data. Not limited to editing basic ntities such as bits and bytes, it provides a full-fledged procedural, interactive programming language designed to describe data structures and to operate on them. Once a user has defined a structure for binary data (usually matching some file format) she can search, inspect, create, shuffle and modify abstract entities such as ELF relocations, MP3 tags, DWARF expressions, partition table entries, and so on, with primitives resembling simple editing of bits and bytes. The program comes with a library of already written descriptions (or “pickles” in poke parlance) for many binary formats. GNU poke is useful in many domains. It is very well suited to aid in the development of programs that operate on binary files, such as assemblers and linkers. This was in fact the primary inspiration that brought me to write it: easily injecting flaws into ELF files in order to reproduce toolchain bugs. Also, due to its flexibility, poke is also very useful for reverse engineering, where the real structure of the data being edited is discovered by experiment, interactively. It is also good for the fast development of prototypes for programs like linkers, compressors or filters, and it provides a convenient foundation to write other utilities such as diff and patch tools for binary files. This talk (unlike Gaul) is divided into four parts. First I will introduce the program and show what it does: from simple bits/bytes editing to user-defined structures. Then I will show some of the internals, and how poke is implemented. The third block will cover the way of using Poke to describe user data, which is to say the art of writing “pickles”. The presentation ends with a status of the project, a call for hackers, and a hint at future works. Jose E. Marchesi

Software
1 of 44
Download to read offline
_____ ---' _________ ______) GNU(*) poke __) __) ---._______) The extensible editor for structured binary data Jose E. Marchesi Kernel Recipes 2019 (*) approval pending
Disclaimer This is fun in progress
Contents 1 Motivation and purpose 2 Poke overview and demo 3 The Poke language 4 How poke works 5 Extending poke 6 Current status and roadmap
Motivation # Figure out the file offset of the text # section in the object file. text_off =0x$(objdump -j .text -h $objfile | grep .text | $TR -s ' ' | $CUT -d' ' -f 7) ... func_off=$(printf %s $fun | $CUT -d: -f1) base=$($EXPR $func_off + 0) probe_off=$(( text_off + base + offset )) ... byte=$(dd if=$objfile count=1 ibs=1 bs=1 skip=$probe_off 2> /dev/null)
Motivation • Need to edit object les, among others. • Scripts break easily, and are a PITA to maintain. • Format-specic tools are... too specic. • Decided to hack a general-purpose binary editor in 2017. • ... poke happened after 2 years of work.
Developing the idea • Took a while. • From C structs plus something to a full-edged programming language. • Nice but unsatisfactory existing work: Datascript by Godmar Back. • Unacceptable and simplistic existing work: 010 Editor. • After many design failures and blind alleys... nally got it right... or so I hope! :D
Overview _____ ---' _________ ______) GNU poke 0.1-beta __) __) ---._______) Copyright (C) 2019 Jose E. Marchesi. License GPLv3 +: GNU GPL version 3 or later http ://gnu.org/licenses/gpl.html . This is free software: you are free to change and redistribute it. There is NO WARRANTY , to the extent permitted by law. Powered by Jitter 0.9.0.556 - d1e5. Perpetrated by Jose E. Marchesi. For help , type .help. Type .exit to leave the program. (poke) dump 76543210 0011 2233 4455 6677 8899 aabb ccdd eeff 00000000: 7f45 4c46 0201 0100 0000 0000 0000 0000 00000010: 0100 3e00 0100 0000 0000 0000 0000 0000 00000020: 0000 0000 0000 0000 0802 0000 0000 0000 00000030: 0000 0000 4000 0000 0000 4000 0b00 0a00 00000040: 5548 89e5 b800 0000 005d c300 4743 433a 00000050: 2028 4465 6269 616e 2036 2e33 2e30 2d31 00000060: 382b 6465 6239 7531 2920 362e 332e 3020 00000070: 3230 3137 3035 3136 0000 0000 0000 0000 (poke)
Demo! Poking a relocation in an ELF le
Demo!
The language - Values • Integers: 10, 0xff , 8UB, 0b1100 , 0o777 • Strings: foonbar • Arrays: [1,2,3] [[1 ,2] ,[3 ,4]] [[1 ,2 ,3] ,[4]] • Structs: struct { name = Donald Knuth, age = 100 } struct {}
The language - Oset values • The oset problem. • bytes? bits? both? • Solution: united values.
The language - Oset values • Named units: 8#b 23#B 2#Kb • Numeric units: 8#8 2#3 • Even better: deftype Packet = struct { int i; long j; } 23# Packet • Operations: OFF +- OFF - OFF OFF * INT - OFF OFF / OFF - INT OFF % OFF - OFF
The language - Oset values Osets avoid explicit unit conversions deftype Elf64_Shdr = struct { ... offset Elf64_Xword ,B sh_size; ... }; ... shdr.sh_size = 10# Elf64_Rela;
The language - Simple Types • Integral types: int N uint N • Oset types: offset INT_TYPE ,UNIT • String type: string
The language - Array Types • Unbounded: int[] int [][] • Bounded by number of elements: int [2] int[foo+bar] • Bounded by size: int [8#B]
The language - Struct Types • Simple struct: deftype Packet = struct { byte magic; uint 32 data_length; byte[data_length] data; } • Struct with arguments: deftype elf_group = struct (elf_off num_idxs) { elf_group_flags flags; elf32_word[num_idxs] shidx; };
The language - Struct Types • Field labels: deftype Packet = struct { byte magic; uint 32 data_length; offset int ,B data_offset; byte[data_length] data @ data_offset; } • Pinned structs: pinned struct { uint32 st_info; struct { elf_sym_binding uint 28 st_bind; elf_st_type uint 4 (mach) st_type; }; }
The language - Struct Types • Constraints: struct { byte [4] ei_mag : ei_mag [0] == 0x7fUB ei_mag [1] == 'E' ei_mag [2] == 'L' ei_mag [3] == 'F'; byte ei_class; byte ei_data; byte ei_version; byte ei_osabi; byte ei_abiversion; byte [6] ei_pad; offset byte ,B ei_nident; } e_ident;
The language - Union Types deftype Id3v2_Frame = struct { char id[4] : id[0] != 0; uint32 size; ... union { /* Frame contains text related data. */ union { struct { char id_asciiz_str = 0; char[size - 1] frame_data; } : size 1; char[size] frame_data; } : id[0] == 'T'; /* Frame contains other data. */ char[size] frame_data; }; };
The language - Polymorphic types • any, any[] • Poor man's type polymorphism: • everything coerces to any. • any coerces to nothing. • Eventually will transition into gradual typing, in a backwards-compatible way: defun efficient_signed = (int 32 a, int 32 b) int 32: { ... } defun efficient_unsigned = (int 32 a, int 32 b) int 32: { ... } defun flexible = (int 32 a, int 32 b) xint 32: {...} defun more_flexible = (int * a, int * b) xint *: {...} defun inefficient = (any a, any b) any: {...}
The language - Variables Block oriented. Lexically scoped. defvar a = 10 defvar b = [1,2,3] defvar c = { foo = 10, bar = 20L }
The language - Mapping A central concept in poke: • Poke variables are in memory. • The IO space is the data being edited (le, memory, ...) • Both can be manipulated in the same way. • ... or that's the idea.
The language - Mapping TYPE @ OFFSET - MAPPED_VALUE • Simple types (poke) defvar a = 10 (poke) defvar b = int @ 0#B • Arrays (poke) defvar a = [1,2,3] (poke) defvar b = int[3] @ 0#B • Structs (poke) defvar a = Packet { i = 10, j = 20 } (poke) defvar b = Packet @ 0#B
The language - Functions defun ctf_section = (Elf64_Ehdr ehdr) Elf64_Shdr: { for (s in Elf64_Shdr[ehdr.e_shnum] @ ehdr.e_shoff) if (elf_string (ehdr , s.sh_name) == .ctf) return s; raise E_generic; }
The language - Functions Optional arguments defun elf_string = (Elf64_Ehdr ehdr , offset Elf_Word ,B offset , Elf_Half strtab = ehdr.e_shstrndx) string: { defvar shdr = Elf64_Shdr[ehdr.e_shnum] @ ehdr.e_shoff; return string @ (shdr[strtab ]. sh_offset + offset ); }
The language - Functions Variable length argument list. Last argument is an array of anys. defun format = (string fmt , args ...) string: { ... if (fmt[fi + 1] == 'x') res = res + tohex (args[narg] as uint 64 ); ... }
The language - Functions Algol68ism: parameterless functions are homoiconic to variables (poke) defun beast = int: { return 666; } (poke) beast() + 1 667 (poke) beast + 1 667
Architecture +----------+ | compiler | +----------+ +------+ | | | v | | +----------+ | | | PVM | ---| IO | +----------+ | | ^ | | | | | v +------+ +----------+ | command | +----------+
The PKL compiler /-------- | source | ---+----/ | v +-----------------+ | Parser | +-----------------+ | analysis and | | transformation | | phases | +-----------------+ | code generation | | phase | +-----------------+ | Macro assembler | +-----------------+ | v /--------- | program | ---------/ (poke) defvar foo = 3 (poke) .vm dis e foo + 10 note #begin prologue canary push 0#b popr %r0 push 0 pushe $L15 note #end prologue pushvar 0x0, 0x1a push 10 addi nip2 note #begin epilogue pope push 0 exit $L15: pushvar 0x0, 0xd call $L17: push 1 exit note #end epilogue exitvm
The PKL compiler - Passes and phases [ p a r s e r ] −−− F r o n t −end p a s s t r a n s 1 T r a n s f o r m a t i o n p h a s e 1 . a n a l 1 A n a l y s i s p h a s e 1 . t y p i f y 1 Type a n a l y s i s and t r a n s f o r m a t i o n 1 . promo Operand p r o m o t i o n p h a s e . t r a n s 2 T r a n s f o r m a t i o n p h a s e 2 . ∗ f o l d C o n s t a n t f o l d i n g . t y p i f y 2 Type a n a l y s i s and t r a n s f o r m a t i o n 2 . t r a n s 3 T r a n s f o r m a t i o n p h a s e 3 . a n a l 2 A n a l y s i s p h a s e 2 . −−− Middle −end p a s s t r a n s 4 T r a n s f o r m a t i o n p h a s e 4 . −−− Back−end p a s s a n a l f A n a l y s i s f i n a l p h a s e . gen Code g e n e r a t i o n .
The PKL compiler - The macro assembler • Used by the PKL code generator. • Supports macro-instructions. jitter_label label1 = pkl_asm_fresh_label (pasm); jitter_label label2 = pkl_asm_fresh_label (pasm); pkl_asm_insn (pasm , PKL_INSN_OVER ); pkl_asm_insn (pasm , PKL_INSN_OVER ); pkl_asm_label (pasm , label1 ); pkl_asm_insn (pasm , PKL_INSN_BZ , label2 ); pkl_asm_insn (pasm , PKL_INSN_MOD , ast_type ); pkl_asm_insn (pasm , PKL_INSN_ROT ); pkl_asm_insn (pasm , PKL_INSN_DROP ); pkl_asm_insn (pasm , PKL_INSN_BA , label1 ); pkl_asm_label (pasm , label2 ); pkl_asm_insn (pasm , PKL_INSN_DROP );
The PKL compiler - RAS Allows to write PVM assembly in a sane(r) way.. .macro gcd @type ;; Iterative Euclid 's Algorithm. over ; A B A over ; A B A B .loop: bz @type , .endloop ; ... A B mod @type ; ... A B A%B rot ; ... B A%B A drop ; ... B A%B ba .loop .endloop: drop ; A B GCD .end
The Poke Virtual Machine • Stack machine. • Uses Luca's jitter (http://ageinghacker.net/jitter) • Instruction set: see src/pkl-insn.def
The IO Subsystem IO spaces IO devices Space of IO objects ======= Space of bytes +------+ +-----| File | +-------+ | +------+ | IO | | | space |-----+ +---------+ | | +-----| Process | +-------+ | +---------+ : : | +-------------+ +-----| File system | +-------------+ Cache, Transactions, IO update callbacks, ...
Hacking poke - Commands • Dialectic: DSL vs. command language. • Need for the later avoided, using a syntax trick: defun foo = (int a, int b = 30, int c) void: { ... } ... foo (10, 20, 40); ... foo :c 10 :a 20 ...
Hacking poke - Commands defun dump = (off64 from = pk_dump_offset , off64 size = pk_dump_size , off64 group_by = pk_dump_group_by , int ruler = pk_dump_ruler , int ascii = pk_dump_ascii) void: { ... } (poke) dump :from 0xff#B :size 28#B
Hacking poke - pickles • Collections of related types, variables, functions. • File formats: ELF, DWARF, id3v2, ... • Domains: searching, disassemblers, network packages, ...
Hacking poke - elf.pk deftype Elf_Half = uint 16; deftype Elf_Word = uint 32; deftype Elf64_Xword = uint 64; ... defvar SHT_STRTAB = 3; defvar SHT_RELA = 4; ... deftype Elf64_Rela = struct { offset Elf64_Addr ,B r_offset; Elf64_Xword r_info; Elf64_Sxword r_addend; }; ... defun elf_string = (Elf64_Ehdr ehdr , offset Elf_Word ,B offset , Elf_Half strtab = ehdr.e_shstrndx) string: { defvar shdr = Elf64_Shdr[ehdr.e_shnum] @ ehdr.e_shoff; return string @ (shdr[strtab ]. sh_offset + offset ); }
Testing $ make check ... Running testsuite/poke.cmd/cmd.exp ... Running testsuite/poke.map/map.exp ... Running testsuite/poke.pkl/pkl.exp ... Running testsuite/poke.std/std.exp ... exit === poke Summary === # of expected passes 1147
What works • Basic language: variables, closures, types, etc. • Mapping. • Arrays. • Structs. • Only one kind of IO device: les. • dump command.
Work in progress Before rst release... • Struct constructors • More control sentences. • Pattern matching • Commands: search, shue, etc. • Support for unions. • Support for sets (enums, bitmasks). • Finish the IO space implementation. • More IO devices: process, etc.
Future work ... after rst release. • Gradual typing. • Support for sets (enums, bitmasks). • Organize pickles better: module system, namespaces. • Wide strings: Lfoo • Other language improvements.
Project Resources • Homepage: http://www.jemarch.net/poke.html • Savannah: http://savannah.nongnu.org/p/poke • Mailing list: poke-devel@nongnu.org • IRC channel: #poke in irc.freenode.net Will change to www.gnu.org soon.
Hack with me! See le HACKING in the source tree.

Recommended

Kernel Recipes 2019 - Faster IO through io_uring
Kernel Recipes 2019 - Faster IO through io_uringKernel Recipes 2019 - Faster IO through io_uring
Kernel Recipes 2019 - Faster IO through io_uringAnne Nicolas
 
Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCKernel TLV
 
Interpreter, Compiler, JIT from scratch
Interpreter, Compiler, JIT from scratchInterpreter, Compiler, JIT from scratch
Interpreter, Compiler, JIT from scratchNational Cheng Kung University
 
Segmentation Faults, Page Faults, Processes, Threads, and Tasks
Segmentation Faults, Page Faults, Processes, Threads, and TasksSegmentation Faults, Page Faults, Processes, Threads, and Tasks
Segmentation Faults, Page Faults, Processes, Threads, and TasksDavid Evans
 
Network sockets
Network socketsNetwork sockets
Network socketsDenys Haryachyy
 
eBPF Workshop
eBPF WorkshopeBPF Workshop
eBPF WorkshopMichael Kehoe
 
Code gpu with cuda - CUDA introduction
Code gpu with cuda - CUDA introductionCode gpu with cuda - CUDA introduction
Code gpu with cuda - CUDA introductionMarina Kolpakova
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commandsHanan Nmr
 

Recommended

Kernel Recipes 2019 - Faster IO through io_uring
Kernel Recipes 2019 - Faster IO through io_uringKernel Recipes 2019 - Faster IO through io_uring
Kernel Recipes 2019 - Faster IO through io_uringAnne Nicolas
 
Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCKernel TLV
 
Interpreter, Compiler, JIT from scratch
Interpreter, Compiler, JIT from scratchInterpreter, Compiler, JIT from scratch
Interpreter, Compiler, JIT from scratchNational Cheng Kung University
 
Segmentation Faults, Page Faults, Processes, Threads, and Tasks
Segmentation Faults, Page Faults, Processes, Threads, and TasksSegmentation Faults, Page Faults, Processes, Threads, and Tasks
Segmentation Faults, Page Faults, Processes, Threads, and TasksDavid Evans
 
Network sockets
Network socketsNetwork sockets
Network socketsDenys Haryachyy
 
eBPF Workshop
eBPF WorkshopeBPF Workshop
eBPF WorkshopMichael Kehoe
 
Code gpu with cuda - CUDA introduction
Code gpu with cuda - CUDA introductionCode gpu with cuda - CUDA introduction
Code gpu with cuda - CUDA introductionMarina Kolpakova
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commandsHanan Nmr
 
eBPF Perf Tools 2019
eBPF Perf Tools 2019eBPF Perf Tools 2019
eBPF Perf Tools 2019Brendan Gregg
 
Profiling your Applications using the Linux Perf Tools
Profiling your Applications using the Linux Perf ToolsProfiling your Applications using the Linux Perf Tools
Profiling your Applications using the Linux Perf ToolsemBO_Conference
 
The TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelThe TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelDivye Kapoor
 
Range reader/writer locking for the Linux kernel
Range reader/writer locking for the Linux kernelRange reader/writer locking for the Linux kernel
Range reader/writer locking for the Linux kernelDavidlohr Bueso
 
Performance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux KernelPerformance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux Kernellcplcp1
 
Code GPU with CUDA - Identifying performance limiters
Code GPU with CUDA - Identifying performance limitersCode GPU with CUDA - Identifying performance limiters
Code GPU with CUDA - Identifying performance limitersMarina Kolpakova
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDPlcplcp1
 
System Calls
System CallsSystem Calls
System CallsDavid Evans
 
The Internals of "Hello World" Program
The Internals of "Hello World" ProgramThe Internals of "Hello World" Program
The Internals of "Hello World" ProgramNational Cheng Kung University
 
Operating System Assignment Help
Operating System Assignment HelpOperating System Assignment Help
Operating System Assignment HelpProgramming Homework Help
 
Unix Programming with Perl 2
Unix Programming with Perl 2Unix Programming with Perl 2
Unix Programming with Perl 2Kazuho Oku
 
Linux Device Tree
Linux Device TreeLinux Device Tree
Linux Device Tree艾鍗科技
 
Unix Programming with Perl
Unix Programming with PerlUnix Programming with Perl
Unix Programming with PerlKazuho Oku
 
Anchoring Trust: Rewriting DNS for the Semantic Network with Ruby and Rails
Anchoring Trust: Rewriting DNS for the Semantic Network with Ruby and RailsAnchoring Trust: Rewriting DNS for the Semantic Network with Ruby and Rails
Anchoring Trust: Rewriting DNS for the Semantic Network with Ruby and RailsEleanor McHugh
 
Streams for the Web
Streams for the WebStreams for the Web
Streams for the WebDomenic Denicola
 
Linux Kernel 개발참여방법과 문화 (Contribution)
Linux Kernel 개발참여방법과 문화 (Contribution)Linux Kernel 개발참여방법과 문화 (Contribution)
Linux Kernel 개발참여방법과 문화 (Contribution)Ubuntu Korea Community
 
Using the Power to Prove
Using the Power to ProveUsing the Power to Prove
Using the Power to ProveKazuho Oku
 
Computer Science Homework Help
Computer Science Homework HelpComputer Science Homework Help
Computer Science Homework HelpProgramming Homework Help
 
Roll your own toy unix clone os
Roll your own toy unix clone osRoll your own toy unix clone os
Roll your own toy unix clone oseramax
 
Specializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackSpecializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackKernel TLV
 
Briefly Rust
Briefly RustBriefly Rust
Briefly RustDaniele Esposti
 
C to perl binding
C to perl bindingC to perl binding
C to perl bindingShmuel Fomberg
 

More Related Content

What's hot

eBPF Perf Tools 2019
eBPF Perf Tools 2019eBPF Perf Tools 2019
eBPF Perf Tools 2019Brendan Gregg
 
Profiling your Applications using the Linux Perf Tools
Profiling your Applications using the Linux Perf ToolsProfiling your Applications using the Linux Perf Tools
Profiling your Applications using the Linux Perf ToolsemBO_Conference
 
The TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelThe TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelDivye Kapoor
 
Range reader/writer locking for the Linux kernel
Range reader/writer locking for the Linux kernelRange reader/writer locking for the Linux kernel
Range reader/writer locking for the Linux kernelDavidlohr Bueso
 
Performance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux KernelPerformance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux Kernellcplcp1
 
Code GPU with CUDA - Identifying performance limiters
Code GPU with CUDA - Identifying performance limitersCode GPU with CUDA - Identifying performance limiters
Code GPU with CUDA - Identifying performance limitersMarina Kolpakova
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDPlcplcp1
 
Unix Programming with Perl 2
Unix Programming with Perl 2Unix Programming with Perl 2
Unix Programming with Perl 2Kazuho Oku
 
Unix Programming with Perl
Unix Programming with PerlUnix Programming with Perl
Unix Programming with PerlKazuho Oku
 
Anchoring Trust: Rewriting DNS for the Semantic Network with Ruby and Rails
Anchoring Trust: Rewriting DNS for the Semantic Network with Ruby and RailsAnchoring Trust: Rewriting DNS for the Semantic Network with Ruby and Rails
Anchoring Trust: Rewriting DNS for the Semantic Network with Ruby and RailsEleanor McHugh
 
Linux Kernel 개발참여방법과 문화 (Contribution)
Linux Kernel 개발참여방법과 문화 (Contribution)Linux Kernel 개발참여방법과 문화 (Contribution)
Linux Kernel 개발참여방법과 문화 (Contribution)Ubuntu Korea Community
 
Using the Power to Prove
Using the Power to ProveUsing the Power to Prove
Using the Power to ProveKazuho Oku
 
Roll your own toy unix clone os
Roll your own toy unix clone osRoll your own toy unix clone os
Roll your own toy unix clone oseramax
 
Specializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackSpecializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackKernel TLV
 

What's hot (20)

eBPF Perf Tools 2019
eBPF Perf Tools 2019eBPF Perf Tools 2019
eBPF Perf Tools 2019
 
Profiling your Applications using the Linux Perf Tools
Profiling your Applications using the Linux Perf ToolsProfiling your Applications using the Linux Perf Tools
Profiling your Applications using the Linux Perf Tools
 
The TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelThe TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux Kernel
 
Range reader/writer locking for the Linux kernel
Range reader/writer locking for the Linux kernelRange reader/writer locking for the Linux kernel
Range reader/writer locking for the Linux kernel
 
Performance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux KernelPerformance Analysis Tools for Linux Kernel
Performance Analysis Tools for Linux Kernel
 
Code GPU with CUDA - Identifying performance limiters
Code GPU with CUDA - Identifying performance limitersCode GPU with CUDA - Identifying performance limiters
Code GPU with CUDA - Identifying performance limiters
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDP
 
System Calls
System CallsSystem Calls
System Calls
 
The Internals of "Hello World" Program
The Internals of "Hello World" ProgramThe Internals of "Hello World" Program
The Internals of "Hello World" Program
 
Operating System Assignment Help
Operating System Assignment HelpOperating System Assignment Help
Operating System Assignment Help
 
Unix Programming with Perl 2
Unix Programming with Perl 2Unix Programming with Perl 2
Unix Programming with Perl 2
 
Linux Device Tree
Linux Device TreeLinux Device Tree
Linux Device Tree
 
Unix Programming with Perl
Unix Programming with PerlUnix Programming with Perl
Unix Programming with Perl
 
Anchoring Trust: Rewriting DNS for the Semantic Network with Ruby and Rails
Anchoring Trust: Rewriting DNS for the Semantic Network with Ruby and RailsAnchoring Trust: Rewriting DNS for the Semantic Network with Ruby and Rails
Anchoring Trust: Rewriting DNS for the Semantic Network with Ruby and Rails
 
Streams for the Web
Streams for the WebStreams for the Web
Streams for the Web
 
Linux Kernel 개발참여방법과 문화 (Contribution)
Linux Kernel 개발참여방법과 문화 (Contribution)Linux Kernel 개발참여방법과 문화 (Contribution)
Linux Kernel 개발참여방법과 문화 (Contribution)
 
Using the Power to Prove
Using the Power to ProveUsing the Power to Prove
Using the Power to Prove
 
Computer Science Homework Help
Computer Science Homework HelpComputer Science Homework Help
Computer Science Homework Help
 
Roll your own toy unix clone os
Roll your own toy unix clone osRoll your own toy unix clone os
Roll your own toy unix clone os
 
Specializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackSpecializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network Stack
 

Similar to The extensible editor for structured binary data

C cheat sheet for varsity (extreme edition)
C cheat sheet for varsity (extreme edition)C cheat sheet for varsity (extreme edition)
C cheat sheet for varsity (extreme edition)Saifur Rahman
 
Go Native : Squeeze the juice out of your 64-bit processor using C++
Go Native : Squeeze the juice out of your 64-bit processor using C++Go Native : Squeeze the juice out of your 64-bit processor using C++
Go Native : Squeeze the juice out of your 64-bit processor using C++Fernando Moreira
 
Introduction to c
Introduction to cIntroduction to c
Introduction to camol_chavan
 
C programming language tutorial
C programming language tutorial C programming language tutorial
C programming language tutorial javaTpoint s
 
Is Haskell an acceptable Perl?
Is Haskell an acceptable Perl?Is Haskell an acceptable Perl?
Is Haskell an acceptable Perl?osfameron
 
Explorando el Diseño de la Memoria en Rust
Explorando el Diseño de la Memoria en RustExplorando el Diseño de la Memoria en Rust
Explorando el Diseño de la Memoria en RustGermán Küber
 
Quick tour of PHP from inside
Quick tour of PHP from insideQuick tour of PHP from inside
Quick tour of PHP from insidejulien pauli
 
Common mistakes in C programming
Common mistakes in C programmingCommon mistakes in C programming
Common mistakes in C programmingLarion
 
Python language data types
Python language data typesPython language data types
Python language data typesHarry Potter
 
Python language data types
Python language data typesPython language data types
Python language data typesHoang Nguyen
 
Python language data types
Python language data typesPython language data types
Python language data typesLuis Goldster
 

Similar to The extensible editor for structured binary data (20)

Briefly Rust
Briefly RustBriefly Rust
Briefly Rust
 
C to perl binding
C to perl bindingC to perl binding
C to perl binding
 
Apache pig
Apache pigApache pig
Apache pig
 
Interm codegen
Interm codegenInterm codegen
Interm codegen
 
C cheat sheet for varsity (extreme edition)
C cheat sheet for varsity (extreme edition)C cheat sheet for varsity (extreme edition)
C cheat sheet for varsity (extreme edition)
 
Full Stack Clojure
Full Stack ClojureFull Stack Clojure
Full Stack Clojure
 
Go Native : Squeeze the juice out of your 64-bit processor using C++
Go Native : Squeeze the juice out of your 64-bit processor using C++Go Native : Squeeze the juice out of your 64-bit processor using C++
Go Native : Squeeze the juice out of your 64-bit processor using C++
 
Introduction to c
Introduction to cIntroduction to c
Introduction to c
 
C programming language tutorial
C programming language tutorial C programming language tutorial
C programming language tutorial
 
Is Haskell an acceptable Perl?
Is Haskell an acceptable Perl?Is Haskell an acceptable Perl?
Is Haskell an acceptable Perl?
 
Data type2 c
Data type2 cData type2 c
Data type2 c
 
Fuzzing - Part 1
Fuzzing - Part 1Fuzzing - Part 1
Fuzzing - Part 1
 
Cbasic
CbasicCbasic
Cbasic
 
Cbasic
CbasicCbasic
Cbasic
 
Explorando el Diseño de la Memoria en Rust
Explorando el Diseño de la Memoria en RustExplorando el Diseño de la Memoria en Rust
Explorando el Diseño de la Memoria en Rust
 
Quick tour of PHP from inside
Quick tour of PHP from insideQuick tour of PHP from inside
Quick tour of PHP from inside
 
Common mistakes in C programming
Common mistakes in C programmingCommon mistakes in C programming
Common mistakes in C programming
 
Python language data types
Python language data typesPython language data types
Python language data types
 
Python language data types
Python language data typesPython language data types
Python language data types
 
Python language data types
Python language data typesPython language data types
Python language data types
 

More from Anne Nicolas

Kernel Recipes 2019 - Driving the industry toward upstream first
Kernel Recipes 2019 - Driving the industry toward upstream firstKernel Recipes 2019 - Driving the industry toward upstream first
Kernel Recipes 2019 - Driving the industry toward upstream firstAnne Nicolas
 
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIKernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIAnne Nicolas
 
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernelKernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernelAnne Nicolas
 
Kernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyKernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyAnne Nicolas
 
Kernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and futureKernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and futureAnne Nicolas
 
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...Anne Nicolas
 
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Anne Nicolas
 
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and Barebox
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and BareboxEmbedded Recipes 2019 - Remote update adventures with RAUC, Yocto and Barebox
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and BareboxAnne Nicolas
 
Embedded Recipes 2019 - Making embedded graphics less special
Embedded Recipes 2019 - Making embedded graphics less specialEmbedded Recipes 2019 - Making embedded graphics less special
Embedded Recipes 2019 - Making embedded graphics less specialAnne Nicolas
 
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre SiliconEmbedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre SiliconAnne Nicolas
 
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) picture
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) pictureEmbedded Recipes 2019 - From maintaining I2C to the big (embedded) picture
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) pictureAnne Nicolas
 
Embedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops wayEmbedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops wayAnne Nicolas
 
Embedded Recipes 2019 - Herd your socs become a matchmaker
Embedded Recipes 2019 - Herd your socs become a matchmakerEmbedded Recipes 2019 - Herd your socs become a matchmaker
Embedded Recipes 2019 - Herd your socs become a matchmakerAnne Nicolas
 
Embedded Recipes 2019 - LLVM / Clang integration
Embedded Recipes 2019 - LLVM / Clang integrationEmbedded Recipes 2019 - LLVM / Clang integration
Embedded Recipes 2019 - LLVM / Clang integrationAnne Nicolas
 
Embedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debuggingEmbedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debuggingAnne Nicolas
 
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimedia
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimediaEmbedded Recipes 2019 - Pipewire a new foundation for embedded multimedia
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimediaAnne Nicolas
 
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedKernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedAnne Nicolas
 
Kernel Recipes 2019 - Suricata and XDP
Kernel Recipes 2019 - Suricata and XDPKernel Recipes 2019 - Suricata and XDP
Kernel Recipes 2019 - Suricata and XDPAnne Nicolas
 
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)Anne Nicolas
 
Kernel Recipes 2019 - Formal modeling made easy
Kernel Recipes 2019 - Formal modeling made easyKernel Recipes 2019 - Formal modeling made easy
Kernel Recipes 2019 - Formal modeling made easyAnne Nicolas
 

More from Anne Nicolas (20)

Kernel Recipes 2019 - Driving the industry toward upstream first
Kernel Recipes 2019 - Driving the industry toward upstream firstKernel Recipes 2019 - Driving the industry toward upstream first
Kernel Recipes 2019 - Driving the industry toward upstream first
 
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIKernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
 
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernelKernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
 
Kernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyKernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are money
 
Kernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and futureKernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and future
 
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
 
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
 
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and Barebox
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and BareboxEmbedded Recipes 2019 - Remote update adventures with RAUC, Yocto and Barebox
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and Barebox
 
Embedded Recipes 2019 - Making embedded graphics less special
Embedded Recipes 2019 - Making embedded graphics less specialEmbedded Recipes 2019 - Making embedded graphics less special
Embedded Recipes 2019 - Making embedded graphics less special
 
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre SiliconEmbedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
 
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) picture
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) pictureEmbedded Recipes 2019 - From maintaining I2C to the big (embedded) picture
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) picture
 
Embedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops wayEmbedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops way
 
Embedded Recipes 2019 - Herd your socs become a matchmaker
Embedded Recipes 2019 - Herd your socs become a matchmakerEmbedded Recipes 2019 - Herd your socs become a matchmaker
Embedded Recipes 2019 - Herd your socs become a matchmaker
 
Embedded Recipes 2019 - LLVM / Clang integration
Embedded Recipes 2019 - LLVM / Clang integrationEmbedded Recipes 2019 - LLVM / Clang integration
Embedded Recipes 2019 - LLVM / Clang integration
 
Embedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debuggingEmbedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debugging
 
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimedia
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimediaEmbedded Recipes 2019 - Pipewire a new foundation for embedded multimedia
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimedia
 
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedKernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
 
Kernel Recipes 2019 - Suricata and XDP
Kernel Recipes 2019 - Suricata and XDPKernel Recipes 2019 - Suricata and XDP
Kernel Recipes 2019 - Suricata and XDP
 
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
 
Kernel Recipes 2019 - Formal modeling made easy
Kernel Recipes 2019 - Formal modeling made easyKernel Recipes 2019 - Formal modeling made easy
Kernel Recipes 2019 - Formal modeling made easy
 

Recently uploaded

TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 

Recently uploaded (20)

TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 

The extensible editor for structured binary data

  • 1. _____ ---' _________ ______) GNU(*) poke __) __) ---._______) The extensible editor for structured binary data Jose E. Marchesi Kernel Recipes 2019 (*) approval pending
  • 3. Contents 1 Motivation and purpose 2 Poke overview and demo 3 The Poke language 4 How poke works 5 Extending poke 6 Current status and roadmap
  • 4. Motivation # Figure out the file offset of the text # section in the object file. text_off =0x$(objdump -j .text -h $objfile | grep .text | $TR -s ' ' | $CUT -d' ' -f 7) ... func_off=$(printf %s $fun | $CUT -d: -f1) base=$($EXPR $func_off + 0) probe_off=$(( text_off + base + offset )) ... byte=$(dd if=$objfile count=1 ibs=1 bs=1 skip=$probe_off 2> /dev/null)
  • 5. Motivation • Need to edit object les, among others. • Scripts break easily, and are a PITA to maintain. • Format-specic tools are... too specic. • Decided to hack a general-purpose binary editor in 2017. • ... poke happened after 2 years of work.
  • 6. Developing the idea • Took a while. • From C structs plus something to a full-edged programming language. • Nice but unsatisfactory existing work: Datascript by Godmar Back. • Unacceptable and simplistic existing work: 010 Editor. • After many design failures and blind alleys... nally got it right... or so I hope! :D
  • 7. Overview _____ ---' _________ ______) GNU poke 0.1-beta __) __) ---._______) Copyright (C) 2019 Jose E. Marchesi. License GPLv3 +: GNU GPL version 3 or later http ://gnu.org/licenses/gpl.html . This is free software: you are free to change and redistribute it. There is NO WARRANTY , to the extent permitted by law. Powered by Jitter 0.9.0.556 - d1e5. Perpetrated by Jose E. Marchesi. For help , type .help. Type .exit to leave the program. (poke) dump 76543210 0011 2233 4455 6677 8899 aabb ccdd eeff 00000000: 7f45 4c46 0201 0100 0000 0000 0000 0000 00000010: 0100 3e00 0100 0000 0000 0000 0000 0000 00000020: 0000 0000 0000 0000 0802 0000 0000 0000 00000030: 0000 0000 4000 0000 0000 4000 0b00 0a00 00000040: 5548 89e5 b800 0000 005d c300 4743 433a 00000050: 2028 4465 6269 616e 2036 2e33 2e30 2d31 00000060: 382b 6465 6239 7531 2920 362e 332e 3020 00000070: 3230 3137 3035 3136 0000 0000 0000 0000 (poke)
  • 10. The language - Values • Integers: 10, 0xff , 8UB, 0b1100 , 0o777 • Strings: foonbar • Arrays: [1,2,3] [[1 ,2] ,[3 ,4]] [[1 ,2 ,3] ,[4]] • Structs: struct { name = Donald Knuth, age = 100 } struct {}
  • 11. The language - Oset values • The oset problem. • bytes? bits? both? • Solution: united values.
  • 12. The language - Oset values • Named units: 8#b 23#B 2#Kb • Numeric units: 8#8 2#3 • Even better: deftype Packet = struct { int i; long j; } 23# Packet • Operations: OFF +- OFF - OFF OFF * INT - OFF OFF / OFF - INT OFF % OFF - OFF
  • 13. The language - Oset values Osets avoid explicit unit conversions deftype Elf64_Shdr = struct { ... offset Elf64_Xword ,B sh_size; ... }; ... shdr.sh_size = 10# Elf64_Rela;
  • 14. The language - Simple Types • Integral types: int N uint N • Oset types: offset INT_TYPE ,UNIT • String type: string
  • 15. The language - Array Types • Unbounded: int[] int [][] • Bounded by number of elements: int [2] int[foo+bar] • Bounded by size: int [8#B]
  • 16. The language - Struct Types • Simple struct: deftype Packet = struct { byte magic; uint 32 data_length; byte[data_length] data; } • Struct with arguments: deftype elf_group = struct (elf_off num_idxs) { elf_group_flags flags; elf32_word[num_idxs] shidx; };
  • 17. The language - Struct Types • Field labels: deftype Packet = struct { byte magic; uint 32 data_length; offset int ,B data_offset; byte[data_length] data @ data_offset; } • Pinned structs: pinned struct { uint32 st_info; struct { elf_sym_binding uint 28 st_bind; elf_st_type uint 4 (mach) st_type; }; }
  • 18. The language - Struct Types • Constraints: struct { byte [4] ei_mag : ei_mag [0] == 0x7fUB ei_mag [1] == 'E' ei_mag [2] == 'L' ei_mag [3] == 'F'; byte ei_class; byte ei_data; byte ei_version; byte ei_osabi; byte ei_abiversion; byte [6] ei_pad; offset byte ,B ei_nident; } e_ident;
  • 19. The language - Union Types deftype Id3v2_Frame = struct { char id[4] : id[0] != 0; uint32 size; ... union { /* Frame contains text related data. */ union { struct { char id_asciiz_str = 0; char[size - 1] frame_data; } : size 1; char[size] frame_data; } : id[0] == 'T'; /* Frame contains other data. */ char[size] frame_data; }; };
  • 20. The language - Polymorphic types • any, any[] • Poor man's type polymorphism: • everything coerces to any. • any coerces to nothing. • Eventually will transition into gradual typing, in a backwards-compatible way: defun efficient_signed = (int 32 a, int 32 b) int 32: { ... } defun efficient_unsigned = (int 32 a, int 32 b) int 32: { ... } defun flexible = (int 32 a, int 32 b) xint 32: {...} defun more_flexible = (int * a, int * b) xint *: {...} defun inefficient = (any a, any b) any: {...}
  • 21. The language - Variables Block oriented. Lexically scoped. defvar a = 10 defvar b = [1,2,3] defvar c = { foo = 10, bar = 20L }
  • 22. The language - Mapping A central concept in poke: • Poke variables are in memory. • The IO space is the data being edited (le, memory, ...) • Both can be manipulated in the same way. • ... or that's the idea.
  • 23. The language - Mapping TYPE @ OFFSET - MAPPED_VALUE • Simple types (poke) defvar a = 10 (poke) defvar b = int @ 0#B • Arrays (poke) defvar a = [1,2,3] (poke) defvar b = int[3] @ 0#B • Structs (poke) defvar a = Packet { i = 10, j = 20 } (poke) defvar b = Packet @ 0#B
  • 24. The language - Functions defun ctf_section = (Elf64_Ehdr ehdr) Elf64_Shdr: { for (s in Elf64_Shdr[ehdr.e_shnum] @ ehdr.e_shoff) if (elf_string (ehdr , s.sh_name) == .ctf) return s; raise E_generic; }
  • 25. The language - Functions Optional arguments defun elf_string = (Elf64_Ehdr ehdr , offset Elf_Word ,B offset , Elf_Half strtab = ehdr.e_shstrndx) string: { defvar shdr = Elf64_Shdr[ehdr.e_shnum] @ ehdr.e_shoff; return string @ (shdr[strtab ]. sh_offset + offset ); }
  • 26. The language - Functions Variable length argument list. Last argument is an array of anys. defun format = (string fmt , args ...) string: { ... if (fmt[fi + 1] == 'x') res = res + tohex (args[narg] as uint 64 ); ... }
  • 27. The language - Functions Algol68ism: parameterless functions are homoiconic to variables (poke) defun beast = int: { return 666; } (poke) beast() + 1 667 (poke) beast + 1 667
  • 28. Architecture +----------+ | compiler | +----------+ +------+ | | | v | | +----------+ | | | PVM | ---| IO | +----------+ | | ^ | | | | | v +------+ +----------+ | command | +----------+
  • 29. The PKL compiler /-------- | source | ---+----/ | v +-----------------+ | Parser | +-----------------+ | analysis and | | transformation | | phases | +-----------------+ | code generation | | phase | +-----------------+ | Macro assembler | +-----------------+ | v /--------- | program | ---------/ (poke) defvar foo = 3 (poke) .vm dis e foo + 10 note #begin prologue canary push 0#b popr %r0 push 0 pushe $L15 note #end prologue pushvar 0x0, 0x1a push 10 addi nip2 note #begin epilogue pope push 0 exit $L15: pushvar 0x0, 0xd call $L17: push 1 exit note #end epilogue exitvm
  • 30. The PKL compiler - Passes and phases [ p a r s e r ] −−− F r o n t −end p a s s t r a n s 1 T r a n s f o r m a t i o n p h a s e 1 . a n a l 1 A n a l y s i s p h a s e 1 . t y p i f y 1 Type a n a l y s i s and t r a n s f o r m a t i o n 1 . promo Operand p r o m o t i o n p h a s e . t r a n s 2 T r a n s f o r m a t i o n p h a s e 2 . ∗ f o l d C o n s t a n t f o l d i n g . t y p i f y 2 Type a n a l y s i s and t r a n s f o r m a t i o n 2 . t r a n s 3 T r a n s f o r m a t i o n p h a s e 3 . a n a l 2 A n a l y s i s p h a s e 2 . −−− Middle −end p a s s t r a n s 4 T r a n s f o r m a t i o n p h a s e 4 . −−− Back−end p a s s a n a l f A n a l y s i s f i n a l p h a s e . gen Code g e n e r a t i o n .
  • 31. The PKL compiler - The macro assembler • Used by the PKL code generator. • Supports macro-instructions. jitter_label label1 = pkl_asm_fresh_label (pasm); jitter_label label2 = pkl_asm_fresh_label (pasm); pkl_asm_insn (pasm , PKL_INSN_OVER ); pkl_asm_insn (pasm , PKL_INSN_OVER ); pkl_asm_label (pasm , label1 ); pkl_asm_insn (pasm , PKL_INSN_BZ , label2 ); pkl_asm_insn (pasm , PKL_INSN_MOD , ast_type ); pkl_asm_insn (pasm , PKL_INSN_ROT ); pkl_asm_insn (pasm , PKL_INSN_DROP ); pkl_asm_insn (pasm , PKL_INSN_BA , label1 ); pkl_asm_label (pasm , label2 ); pkl_asm_insn (pasm , PKL_INSN_DROP );
  • 32. The PKL compiler - RAS Allows to write PVM assembly in a sane(r) way.. .macro gcd @type ;; Iterative Euclid 's Algorithm. over ; A B A over ; A B A B .loop: bz @type , .endloop ; ... A B mod @type ; ... A B A%B rot ; ... B A%B A drop ; ... B A%B ba .loop .endloop: drop ; A B GCD .end
  • 33. The Poke Virtual Machine • Stack machine. • Uses Luca's jitter (http://ageinghacker.net/jitter) • Instruction set: see src/pkl-insn.def
  • 34. The IO Subsystem IO spaces IO devices Space of IO objects ======= Space of bytes +------+ +-----| File | +-------+ | +------+ | IO | | | space |-----+ +---------+ | | +-----| Process | +-------+ | +---------+ : : | +-------------+ +-----| File system | +-------------+ Cache, Transactions, IO update callbacks, ...
  • 35. Hacking poke - Commands • Dialectic: DSL vs. command language. • Need for the later avoided, using a syntax trick: defun foo = (int a, int b = 30, int c) void: { ... } ... foo (10, 20, 40); ... foo :c 10 :a 20 ...
  • 36. Hacking poke - Commands defun dump = (off64 from = pk_dump_offset , off64 size = pk_dump_size , off64 group_by = pk_dump_group_by , int ruler = pk_dump_ruler , int ascii = pk_dump_ascii) void: { ... } (poke) dump :from 0xff#B :size 28#B
  • 37. Hacking poke - pickles • Collections of related types, variables, functions. • File formats: ELF, DWARF, id3v2, ... • Domains: searching, disassemblers, network packages, ...
  • 38. Hacking poke - elf.pk deftype Elf_Half = uint 16; deftype Elf_Word = uint 32; deftype Elf64_Xword = uint 64; ... defvar SHT_STRTAB = 3; defvar SHT_RELA = 4; ... deftype Elf64_Rela = struct { offset Elf64_Addr ,B r_offset; Elf64_Xword r_info; Elf64_Sxword r_addend; }; ... defun elf_string = (Elf64_Ehdr ehdr , offset Elf_Word ,B offset , Elf_Half strtab = ehdr.e_shstrndx) string: { defvar shdr = Elf64_Shdr[ehdr.e_shnum] @ ehdr.e_shoff; return string @ (shdr[strtab ]. sh_offset + offset ); }
  • 39. Testing $ make check ... Running testsuite/poke.cmd/cmd.exp ... Running testsuite/poke.map/map.exp ... Running testsuite/poke.pkl/pkl.exp ... Running testsuite/poke.std/std.exp ... exit === poke Summary === # of expected passes 1147
  • 40. What works • Basic language: variables, closures, types, etc. • Mapping. • Arrays. • Structs. • Only one kind of IO device: les. • dump command.
  • 41. Work in progress Before rst release... • Struct constructors • More control sentences. • Pattern matching • Commands: search, shue, etc. • Support for unions. • Support for sets (enums, bitmasks). • Finish the IO space implementation. • More IO devices: process, etc.
  • 42. Future work ... after rst release. • Gradual typing. • Support for sets (enums, bitmasks). • Organize pickles better: module system, namespaces. • Wide strings: Lfoo • Other language improvements.
  • 43. Project Resources • Homepage: http://www.jemarch.net/poke.html • Savannah: http://savannah.nongnu.org/p/poke • Mailing list: poke-devel@nongnu.org • IRC channel: #poke in irc.freenode.net Will change to www.gnu.org soon.
  • 44. Hack with me! See le HACKING in the source tree.