wader/fq
1
1
Fork 0
mirror of https://github.com/wader/fq.git synced 2024-12-25 22:34:14 +03:00
Code Issues Projects Releases Wiki Activity
c47c3866c4
fq/format
History
Mattias Wadman 12105d8c1d elf: Treat missing string tables as empty to be more robust 
Makes it possible to decode shellcode snippets etc:

$ fq -n '"f0VMRgIBAQAAAAAAAAAAAAIAPgABAAAAeABAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAEAAOAABAAAAAAAAAAEAAAAFAAAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAIAAAAAAAsDxmvwYADwU=" | frombase64 | elf | d'
    |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.{}: (elf)
    |                                               |                |  error: elf: BitBufRange: failed at position 0 (read size 4294967296 seek pos 0): outside buffer
    |                                               |                |  header{}:
    |                                               |                |    ident{}:
0x00|7f 45 4c 46                                    |.ELF            |      magic: raw bits (valid)
0x00|            02                                 |    .           |      class: 64 (2)
0x00|               01                              |     .          |      data: "little_endian" (1)
0x00|                  01                           |      .         |      version: 1
0x00|                     00                        |       .        |      os_abi: "sysv" (0)
0x00|                        00                     |        .       |      abi_version: 0
0x00|                           00 00 00 00 00 00 00|         .......|      pad: raw bits (all zero)
0x10|02 00                                          |..              |    type: "exec" (0x2)
0x10|      3e 00                                    |  >.            |    machine: "x86_64" (0x3e) (AMD x86-64)
0x10|            01 00 00 00                        |    ....        |    version: 1
0x10|                        78 00 40 00 00 00 00 00|        x.@.....|    entry: 4194424
0x20|40 00 00 00 00 00 00 00                        |@.......        |    phoff: 64
0x20|                        00 00 00 00 00 00 00 00|        ........|    shoff: 0
0x30|00 00 00 00                                    |....            |    flags: 0
0x30|            40 00                              |    @.          |    ehsize: 64
0x30|                  38 00                        |      8.        |    phentsize: 56
0x30|                        01 00                  |        ..      |    phnum: 1
0x30|                              00 00            |          ..    |    shentsize: 0
0x30|                                    00 00      |            ..  |    shnum: 0
0x30|                                          00 00|              ..|    shstrndx: 0
    |                                               |                |  program_headers[0:1]:
    |                                               |                |    [0]{}: program_header
0x40|01 00 00 00                                    |....            |      type: "load" (1) (Loadable segment)
    |                                               |                |      flags{}:
0x40|            05                                 |    .           |        unused0: 0
0x40|            05                                 |    .           |        r: true
0x40|            05                                 |    .           |        w: false
0x40|            05                                 |    .           |        x: true
0x40|               00 00 00                        |     ...        |        unused1: 0
0x40|                        00 00 00 00 00 00 00 00|        ........|      offset: 0x0
0x50|00 00 40 00 00 00 00 00                        |..@.....        |      vaddr: 0x400000
0x50|                        00 00 40 00 00 00 00 00|        ..@.....|      paddr: 0x400000
0x60|00 00 00 00 01 00 00 00                        |........        |      filesz: 4294967296
0x60|                        00 00 00 00 01 00 00 00|        ........|      memsz: 4294967296
0x70|00 00 20 00 00 00 00 00                        |.. .....        |      align: 2097152
0x70|                        b0 3c 66 bf 06 00 0f 05|        .<f.....|  unknown0: raw bits
$ fq -n '"f0VMRgIBAQAAAAAAAAAAAAIAPgABAAAAeABAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAEAAOAABAAAAAAAAAAEAAAAFAAAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAIAAAAAAAsDxmvwYADwU=" | frombase64 | . as $b | elf | $b[.header.entry-.program_headers[0].vaddr:]' | ndisasm -b 64 -
00000000  B03C              mov al,0x3c
00000002  66BF0600          mov di,0x6
00000006  0F05              syscall
2022-09-06 11:31:48 +02:00
..
all bitcoin_blkdat,bitcoin_block: Make sure there is a header if blkdat 2022-08-26 12:07:53 +02:00
ape dev: Cleanup linters and fix some unused args 2022-07-19 18:33:50 +02:00
ar dev: Cleanup linters and fix some unused args 2022-07-19 18:33:50 +02:00
asn1 interp,dump: Correctly flush columns if data will be shown 2022-08-24 21:14:26 +02:00
av1 decode: Add LEB128 readers 2022-08-20 12:05:44 +02:00
avro xml: Allow trailing <?procinstr?> 2022-08-11 23:48:29 +02:00
bencode xml: Allow trailing <?procinstr?> 2022-08-11 23:48:29 +02:00
bitcoin bitcoin_blkdat,bitcoin_block: Make sure there is a header if blkdat 2022-08-26 12:07:53 +02:00
bson interp: Use RegisterFS instead of format files 2022-07-27 13:22:59 +02:00
bzip2 interp,dump: Show address bar for root, nested roots and on format change 2022-08-09 18:09:41 +02:00
cbor *extra: Rename <pkg>extra to just <pkg>ex and refactor to use generics 2022-08-12 16:29:47 +02:00
crypto format,intepr: Refactor json, yaml, etc into formats also move out related functions 2022-07-23 21:48:45 +02:00
csv yaml: Error on trailing yaml/json 2022-08-15 19:14:25 +02:00
dns dns: Rename isTCP to hasLengthHeader 2022-08-10 13:35:01 +02:00
elf elf: Treat missing string tables as empty to be more robust 2022-09-06 11:31:48 +02:00
fairplay dev: Cleanup linters and fix some unused args 2022-07-19 18:33:50 +02:00
flac generics: Use more from x/exp 2022-08-31 10:50:56 +02:00
flv dev: Cleanup linters and fix some unused args 2022-07-19 18:33:50 +02:00
gif dev: Cleanup linters and fix some unused args 2022-07-19 18:33:50 +02:00
gzip interp,dump: Show address bar for root, nested roots and on format change 2022-08-09 18:09:41 +02:00
icc *extra: Rename <pkg>extra to just <pkg>ex and refactor to use generics 2022-08-12 16:29:47 +02:00
id3 interp,dump: Show address bar for root, nested roots and on format change 2022-08-09 18:09:41 +02:00
inet gopacket: Switch/update to new fork, remove SLL2 hack 2022-08-20 01:25:03 +02:00
jpeg dev: Cleanup linters and fix some unused args 2022-07-19 18:33:50 +02:00
json jsonl: Add decoder, also tojsonl encoder 2022-08-15 19:43:59 +02:00
macho interp,dump: Show address bar for root, nested roots and on format change 2022-08-09 18:09:41 +02:00
math format,intepr: Refactor json, yaml, etc into formats also move out related functions 2022-07-23 21:48:45 +02:00
matroska matroska: Add proper lacing support 2022-08-28 21:03:26 +02:00
mp3 mp3_frame: Add LSF support and fix incorrect main data handling 2022-08-17 21:36:39 +02:00
mp4 generics: Use more from x/exp 2022-08-31 10:50:56 +02:00
mpeg generics: Use more from x/exp 2022-08-31 10:50:56 +02:00
msgpack interp: Use RegisterFS instead of format files 2022-07-27 13:22:59 +02:00
ogg matroska: Add proper lacing support 2022-08-28 21:03:26 +02:00
opus interp,dump: Show address bar for root, nested roots and on format change 2022-08-09 18:09:41 +02:00
pcap interp,dump: Correctly flush columns if data will be shown 2022-08-24 21:14:26 +02:00
png interp,dump: Show address bar for root, nested roots and on format change 2022-08-09 18:09:41 +02:00
prores prores_frame: Add basic container and frame header decoder 2022-08-24 19:33:35 +02:00
protobuf generics: Use more from x/exp 2022-08-31 10:50:56 +02:00
raw dev: Cleanup linters and fix some unused args 2022-07-19 18:33:50 +02:00
rtmp xml: Allow trailing <?procinstr?> 2022-08-11 23:48:29 +02:00
tar tar: Some number fields can be empty 2022-08-15 14:57:16 +02:00
text *extra: Rename <pkg>extra to just <pkg>ex and refactor to use generics 2022-08-12 16:29:47 +02:00
tiff xml: Allow trailing <?procinstr?> 2022-08-11 23:48:29 +02:00
toml yaml: Error on trailing yaml/json 2022-08-15 19:14:25 +02:00
vorbis matroska: Add proper lacing support 2022-08-28 21:03:26 +02:00
vpx dev: Cleanup linters and fix some unused args 2022-07-19 18:33:50 +02:00
wasm wasm: run golangci-lint run --fix 2022-08-23 21:12:29 +09:00
wav format,intepr: Refactor json, yaml, etc into formats also move out related functions 2022-07-23 21:48:45 +02:00
webp dev: Cleanup some code to fix a bunch of new linter warnings 2022-07-19 18:56:09 +02:00
xml html: Handle html with leading doctype etc 2022-09-01 22:58:48 +02:00
yaml yaml: Error on trailing yaml/json 2022-08-15 19:14:25 +02:00
zip interp,dump: Show address bar for root, nested roots and on format change 2022-08-09 18:09:41 +02:00
format.go bitcoin_blkdat,bitcoin_block: Make sure there is a header if blkdat 2022-08-26 12:07:53 +02:00
fqtest_test.go interp: Cleanup and clarify some format naming 2022-07-16 22:04:21 +02:00
fuzz_test.go lint: Fix ioutil deprecation, reformat for new doc standard 2022-08-05 00:22:32 +02:00
inet.go lint: Fix ioutil deprecation, reformat for new doc standard 2022-08-05 00:22:32 +02:00
media.go lint: Fix ioutil deprecation, reformat for new doc standard 2022-08-05 00:22:32 +02:00
shared.go decode: Refactor scalar usage 2021-12-02 17:39:26 +01:00