wader/fq
1
1
Fork 0
mirror of https://github.com/wader/fq.git synced 2024-12-26 15:02:28 +03:00
Code Issues Projects Releases Wiki Activity
1,285 Commits 36 Branches 23 Tags 62 MiB
c47c3866c4
Commit Graph

424 Commits

Author SHA1 Message Date
Mattias Wadman
12105d8c1d elf: Treat missing string tables as empty to be more robust 
Makes it possible to decode shellcode snippets etc:

$ fq -n '"f0VMRgIBAQAAAAAAAAAAAAIAPgABAAAAeABAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAEAAOAABAAAAAAAAAAEAAAAFAAAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAIAAAAAAAsDxmvwYADwU=" | frombase64 | elf | d'
    |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.{}: (elf)
    |                                               |                |  error: elf: BitBufRange: failed at position 0 (read size 4294967296 seek pos 0): outside buffer
    |                                               |                |  header{}:
    |                                               |                |    ident{}:
0x00|7f 45 4c 46                                    |.ELF            |      magic: raw bits (valid)
0x00|            02                                 |    .           |      class: 64 (2)
0x00|               01                              |     .          |      data: "little_endian" (1)
0x00|                  01                           |      .         |      version: 1
0x00|                     00                        |       .        |      os_abi: "sysv" (0)
0x00|                        00                     |        .       |      abi_version: 0
0x00|                           00 00 00 00 00 00 00|         .......|      pad: raw bits (all zero)
0x10|02 00                                          |..              |    type: "exec" (0x2)
0x10|      3e 00                                    |  >.            |    machine: "x86_64" (0x3e) (AMD x86-64)
0x10|            01 00 00 00                        |    ....        |    version: 1
0x10|                        78 00 40 00 00 00 00 00|        x.@.....|    entry: 4194424
0x20|40 00 00 00 00 00 00 00                        |@.......        |    phoff: 64
0x20|                        00 00 00 00 00 00 00 00|        ........|    shoff: 0
0x30|00 00 00 00                                    |....            |    flags: 0
0x30|            40 00                              |    @.          |    ehsize: 64
0x30|                  38 00                        |      8.        |    phentsize: 56
0x30|                        01 00                  |        ..      |    phnum: 1
0x30|                              00 00            |          ..    |    shentsize: 0
0x30|                                    00 00      |            ..  |    shnum: 0
0x30|                                          00 00|              ..|    shstrndx: 0
    |                                               |                |  program_headers[0:1]:
    |                                               |                |    [0]{}: program_header
0x40|01 00 00 00                                    |....            |      type: "load" (1) (Loadable segment)
    |                                               |                |      flags{}:
0x40|            05                                 |    .           |        unused0: 0
0x40|            05                                 |    .           |        r: true
0x40|            05                                 |    .           |        w: false
0x40|            05                                 |    .           |        x: true
0x40|               00 00 00                        |     ...        |        unused1: 0
0x40|                        00 00 00 00 00 00 00 00|        ........|      offset: 0x0
0x50|00 00 40 00 00 00 00 00                        |..@.....        |      vaddr: 0x400000
0x50|                        00 00 40 00 00 00 00 00|        ..@.....|      paddr: 0x400000
0x60|00 00 00 00 01 00 00 00                        |........        |      filesz: 4294967296
0x60|                        00 00 00 00 01 00 00 00|        ........|      memsz: 4294967296
0x70|00 00 20 00 00 00 00 00                        |.. .....        |      align: 2097152
0x70|                        b0 3c 66 bf 06 00 0f 05|        .<f.....|  unknown0: raw bits
$ fq -n '"f0VMRgIBAQAAAAAAAAAAAAIAPgABAAAAeABAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAEAAOAABAAAAAAAAAAEAAAAFAAAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAIAAAAAAAsDxmvwYADwU=" | frombase64 | . as $b | elf | $b[.header.entry-.program_headers[0].vaddr:]' | ndisasm -b 64 -
00000000  B03C              mov al,0x3c
00000002  66BF0600          mov di,0x6
00000006  0F05              syscall
 2022-09-06 11:31:48 +02:00
Mattias Wadman
8016352b3b html: Handle html with leading doctype etc 2022-09-01 22:58:48 +02:00
Mattias Wadman
226a9a3e08 generics: Use more from x/exp 2022-08-31 10:50:56 +02:00
Mattias Wadman
7d86534348 sortex: Package with type safe sort helpers 2022-08-30 11:02:57 +02:00
Mattias Wadman
e0bd489668
Merge pull request #404 from wader/matroska-lacing 
matroska: Add proper lacing support
 2022-08-28 21:13:50 +02:00
Mattias Wadman
7749e1b5b9 matroska: Add proper lacing support 2022-08-28 21:03:26 +02:00
Mattias Wadman
004406de65 bitcoin_blkdat,bitcoin_block: Make sure there is a header if blkdat 
Makes bitcoin_blkdat fails fast as it is part of probe group.
Speeds up reading a big JSON file etc.
 2022-08-26 12:07:53 +02:00
Mattias Wadman
095e1161b7 xml: Switch from "-" to "@" as attribute prefix and make it an option 
Seems to be more common.
 2022-08-25 17:15:23 +02:00
Mattias Wadman
716323cea1 xml: Even more namespace fixes 
fromXML*: Collect namespaces before resolving to not relay on attribute order.
toXML*: Sort attributes, prefer non-namescaped first.
 2022-08-25 15:45:09 +02:00
Mattias Wadman
d8792fd104 interp,dump: Correctly flush columns if data will be shown 
Before addrbar ended up in data and also redudant colunms was added
 2022-08-24 21:14:26 +02:00
Mattias Wadman
8fc43533a9 prores_frame: Add basic container and frame header decoder 2022-08-24 19:33:35 +02:00
@0xb17bea125
f73965d2a3
wasm: add wasm to probe list 2022-08-23 21:19:07 +09:00
@0xb17bea125
ae4529c491
wasm: run golangci-lint run --fix 2022-08-23 21:12:29 +09:00
@0xb17bea125
bcc0dfd9f0
wasm: fix comment format 2022-08-23 21:09:56 +09:00
@0xb17bea125
2eb1750574
wasm: update tests 2022-08-23 21:07:44 +09:00
@0xb17bea125
cd037c514d
wasm: add comment to clarify lazy initialization 2022-08-23 17:46:00 +09:00
@0xb17bea125
db8021c931
wasm: define and use constants for some insturctions 2022-08-23 08:42:34 +09:00
@0xb17bea125
e5cf1731e3
wasm: make the godoc formatter happy 2022-08-22 21:30:49 +09:00
@0xb17bea125
d5d9e738b6
wasm: use FieldULEB128() / FieldSLEB128() defined in the upstream 2022-08-22 21:09:26 +09:00
bitbears-dev
89cb0d8e91
Merge branch 'wader:master' into wasm-support 2022-08-22 21:01:19 +09:00
@0xb17bea125
289ddf59fb
wasm: fix lint issues 2022-08-22 21:00:54 +09:00
@0xb17bea125
00869b3701
wasm: avoid race condition 2022-08-22 21:00:02 +09:00
Mattias Wadman
f24d685a5b xml: Keep track of default namespace and skip it element names 
Refactor element name handling a bit, return it instead, feels nicer.
 2022-08-21 10:11:59 +02:00
Mattias Wadman
326dada7ca decode: Add LEB128 readers 2022-08-20 12:05:44 +02:00
Mattias Wadman
3290c8a46b
Merge pull request #386 from wader/gopacket-update-sll2 
gopacket: Switch/update to new fork, remove SLL2 hack
 2022-08-20 09:37:23 +02:00
@0xb17bea125
7401d141e8
wasm: use WRITE_ACTUAL=1 to generate .fqtest files 2022-08-20 16:11:33 +09:00
@0xb17bea125
e1691dec4f
wasm: remove unused function 2022-08-20 16:04:18 +09:00
@0xb17bea125
fead68de50
wasm: tidy up 2022-08-20 15:50:14 +09:00
@0xb17bea125
cbb5a8ed00
wasm: further simplification 2022-08-20 15:25:11 +09:00
@0xb17bea125
ae08bf70d4
wasm: use s.ActualU() instead of s.Actual.(uint64) 2022-08-20 15:02:52 +09:00
@0xb17bea125
3298d181fe
wasm: to be able to probe 2022-08-20 14:55:16 +09:00
Mattias Wadman
394717cae8 gopacket: Switch/update to new fork, remove SLL2 hack 
SLL2 support merged upstream https://github.com/gopacket/gopacket/pull/1

This also cuts down a bit on some indirect deps
 2022-08-20 01:25:03 +02:00
@0xb17bea125
b0f3fec855
wasm: remove nolint:unparam which is no longer needed 2022-08-19 18:49:19 +09:00
@0xb17bea125
2037b86abd
wasm: use map, not switch 2022-08-19 18:47:50 +09:00
@0xb17bea125
0ad5a8ec2f
wasm: use underscores for symbol values 2022-08-19 14:50:56 +09:00
@0xb17bea125
63f4a7267c
wasm: use scalar.UToSymStr for simplicity 2022-08-19 14:35:16 +09:00
@0xb17bea125
3fca7cc09a
wasm: fix lint issues 2022-08-19 09:05:46 +09:00
Mattias Wadman
71900c2a9d xml: Correctly sort if one #seq is found and allow negative seq numbers 2022-08-18 23:08:31 +02:00
Takashi Oguma
934ed9a809
wasm: initial version 2022-08-18 21:40:30 +09:00
Martijn van Beurden
fb583e2cc0 Add 32 bps FLAC to test 2022-08-18 14:27:43 +02:00
Martijn van Beurden
c1d5b2b1c3 Add sample size entry to list for 32bps flac streams 2022-08-18 14:16:55 +02:00
Mattias Wadman
74c7dc4eaf pcap: Add ns support and add header field 2022-08-18 14:09:42 +02:00
Mattias Wadman
da6b9413fd
Merge pull request #381 from wader/flac-fix-gen-script 
flac: Make gen script generate correct fqtest files
 2022-08-18 11:48:00 +02:00
Mattias Wadman
8a19978b2f flac: Make gen script generate correct fqtest files 2022-08-18 11:37:07 +02:00
Mattias Wadman
2bfbe9a94a flac_frame: Cleanup some dev lefterovers and todos 2022-08-18 11:13:45 +02:00
Mattias Wadman
b6c4c27688
Merge pull request #379 from ktmf01/fix-flac-raw-partition 
Fix decoding of FLAC raw entropy partition
 2022-08-18 11:04:00 +02:00
Martijn van Beurden
3f209c46ca Fix decoding of FLAC raw entropy partition 2022-08-18 10:11:57 +02:00
Mattias Wadman
cf15661e9c mp3_frame: Add LSF support and fix incorrect main data handling 
Some mpeg versions use LSF (low sampling frequency) when encoding
low sample rates which changes a bit how the side info is layed out.

Also skip trying to separate data and other_data as after reading up
a bit on how main data begin and bit reservoir works i think it was done
incorrectly. To know the real audio data length i think you need to decode
the huffman tables. Instead just have a "audio_data" field which are the
bits with audo data for current and possibly following frames.
 2022-08-17 21:36:39 +02:00
Mattias Wadman
701c67c136 jsonl: Add decoder, also tojsonl encoder 2022-08-15 19:43:59 +02:00
Mattias Wadman
3623eac365 yaml: Error on trailing yaml/json 
Turns our yaml is a superset of json
 2022-08-15 19:14:25 +02:00