eBPF

eBPD disassembler and assembler written in python

Seccomp filter disassembly example

0x0000:   20 00 00 00 00 00 00 00      ldabsw    r0,       r0,  #0
0x0001:   15 00 00 01 00 00 00 00      jeq       r0,       #0,  T:+0, F:+1
0x0002:   06 00 00 00 00 00 ff 7f      ret       SECCOMP_RET_ALLOW     
0x0003:   15 00 00 01 01 00 00 00      jeq       r0,       #1,  T:+0, F:+1
0x0004:   06 00 00 00 00 00 ff 7f      ret       SECCOMP_RET_ALLOW     
0x0005:   15 00 00 01 03 00 00 00      jeq       r0,       #3,  T:+0, F:+1
0x0006:   06 00 00 00 00 00 ff 7f      ret       SECCOMP_RET_ALLOW     
0x0007:   15 00 00 01 04 00 00 00      jeq       r0,       #4,  T:+0, F:+1
0x0008:   06 00 00 00 00 00 ff 7f      ret       SECCOMP_RET_ALLOW     
0x0009:   15 00 00 01 05 00 00 00      jeq       r0,       #5,  T:+0, F:+1
0x000a:   06 00 00 00 00 00 ff 7f      ret       SECCOMP_RET_ALLOW     
0x000b:   15 00 00 01 06 00 00 00      jeq       r0,       #6,  T:+0, F:+1
0x000c:   06 00 00 00 00 00 ff 7f      ret       SECCOMP_RET_ALLOW     
0x000d:   15 00 00 01 09 00 00 00      jeq       r0,       #9,  T:+0, F:+1
0x000e:   06 00 00 00 00 00 ff 7f      ret       SECCOMP_RET_ALLOW     
0x000f:   15 00 00 01 0b 00 00 00      jeq       r0,       #11, T:+0, F:+1
0x0010:   06 00 00 00 00 00 ff 7f      ret       SECCOMP_RET_ALLOW     
0x0011:   15 00 00 01 0f 00 00 00      jeq       r0,       #15, T:+0, F:+1
0x0012:   06 00 00 00 00 00 ff 7f      ret       SECCOMP_RET_ALLOW     
0x0013:   15 00 00 01 23 00 00 00      jeq       r0,       #35, T:+0, F:+1
0x0014:   06 00 00 00 00 00 ff 7f      ret       SECCOMP_RET_ALLOW     
0x0015:   15 00 00 01 3c 00 00 00      jeq       r0,       #60, T:+0, F:+1
0x0016:   06 00 00 00 00 00 ff 7f      ret       SECCOMP_RET_ALLOW     
0x0017:   06 00 00 00 00 00 00 00      ret       SECCOMP_RET_KILL

Disassembler example

$ hexdump example/program.bin

0000000 b4 09 00 00 ff ff ff ff 55 09 02 00 ff ff ff ff
0000010 b7 00 00 00 00 00 00 00 95 00 00 00 00 00 00 00
0000020 18 19 00 00 03 00 00 00 00 00 00 00 00 00 00 00
0000030 bf 91 00 00 00 00 00 00 bf a2 00 00 00 00 00 00
0000040 07 02 00 00 fc ff ff ff 62 0a fc ff 00 00 00 00
0000050 85 00 00 00 01 00 00 00 55 00 01 00 00 00 00 00
0000060 95 00 00 00 00 00 00 00 79 06 00 00 00 00 00 00
0000070 bf 91 00 00 00 00 00 00 bf a2 00 00 00 00 00 00
0000080 07 02 00 00 fc ff ff ff 62 0a fc ff 01 00 00 00
0000090 85 00 00 00 01 00 00 00 55 00 01 00 00 00 00 00
00000a0 95 00 00 00 00 00 00 00 79 07 00 00 00 00 00 00
00000b0 bf 91 00 00 00 00 00 00 bf a2 00 00 00 00 00 00
00000c0 07 02 00 00 fc ff ff ff 62 0a fc ff 02 00 00 00
00000d0 85 00 00 00 01 00 00 00 55 00 01 00 00 00 00 00
00000e0 95 00 00 00 00 00 00 00 79 08 00 00 00 00 00 00
00000f0 bf 02 00 00 00 00 00 00 b7 00 00 00 00 00 00 00
0000100 55 06 03 00 00 00 00 00 79 73 00 00 00 00 00 00
0000110 7b 32 00 00 00 00 00 00 95 00 00 00 00 00 00 00
0000120 55 06 02 00 01 00 00 00 7b a2 00 00 00 00 00 00
0000130 95 00 00 00 00 00 00 00 7b 87 00 00 00 00 00 00
0000140 95 00 00 00 00 00 00 00

Output

$ python disassembler.py example/program.bin

0x0000:   b4 09 00 00 ff ff ff ff      mov32     r9,       #-1
0x0001:   55 09 02 00 ff ff ff ff      jne       r9,       #-1, +2
0x0002:   b7 00 00 00 00 00 00 00      mov       r0,       #0
0x0003:   95 00 00 00 00 00 00 00      exit
0x0004:   18 19 00 00 03 00 00 00      lddw      r1,       r9,  #3
0x0005:   00 00 00 00 00 00 00 00      ldw       r0,       r0,  #0
0x0006:   bf 91 00 00 00 00 00 00      mov       r1,       r9
0x0007:   bf a2 00 00 00 00 00 00      mov       r2,       r10
0x0008:   07 02 00 00 fc ff ff ff      add       r2,       #-4
0x0009:   62 0a fc ff 00 00 00 00      stw       [r10-4],  #0
0x000a:   85 00 00 00 01 00 00 00      call      #1
0x000b:   55 00 01 00 00 00 00 00      jne       r0,       #0,  +1
0x000c:   95 00 00 00 00 00 00 00      exit
0x000d:   79 06 00 00 00 00 00 00      ldxdw     r6,       [r0]
0x000e:   bf 91 00 00 00 00 00 00      mov       r1,       r9
0x000f:   bf a2 00 00 00 00 00 00      mov       r2,       r10
0x0010:   07 02 00 00 fc ff ff ff      add       r2,       #-4
0x0011:   62 0a fc ff 01 00 00 00      stw       [r10-4],  #1
0x0012:   85 00 00 00 01 00 00 00      call      #1
0x0013:   55 00 01 00 00 00 00 00      jne       r0,       #0,  +1
0x0014:   95 00 00 00 00 00 00 00      exit
0x0015:   79 07 00 00 00 00 00 00      ldxdw     r7,       [r0]
0x0016:   bf 91 00 00 00 00 00 00      mov       r1,       r9
0x0017:   bf a2 00 00 00 00 00 00      mov       r2,       r10
0x0018:   07 02 00 00 fc ff ff ff      add       r2,       #-4
0x0019:   62 0a fc ff 02 00 00 00      stw       [r10-4],  #2
0x001a:   85 00 00 00 01 00 00 00      call      #1
0x001b:   55 00 01 00 00 00 00 00      jne       r0,       #0,  +1
0x001c:   95 00 00 00 00 00 00 00      exit
0x001d:   79 08 00 00 00 00 00 00      ldxdw     r8,       [r0]
0x001e:   bf 02 00 00 00 00 00 00      mov       r2,       r0
0x001f:   b7 00 00 00 00 00 00 00      mov       r0,       #0
0x0020:   55 06 03 00 00 00 00 00      jne       r6,       #0,  +3
0x0021:   79 73 00 00 00 00 00 00      ldxdw     r3,       [r7]
0x0022:   7b 32 00 00 00 00 00 00      stxdw     [r2],     r3
0x0023:   95 00 00 00 00 00 00 00      exit
0x0024:   55 06 02 00 01 00 00 00      jne       r6,       #1,  +2
0x0025:   7b a2 00 00 00 00 00 00      stxdw     [r2],     r10
0x0026:   95 00 00 00 00 00 00 00      exit
0x0027:   7b 87 00 00 00 00 00 00      stxdw     [r7],     r8
0x0028:   95 00 00 00 00 00 00 00      exit

Assembler example

$ cat example/program.asm

mov32     r9,       #-1
jne       r9,       #-1, +2
mov       r0,       #0
exit
lddw      r1,       r9,  #3
ldw       r0,       r0,  #0
mov       r1,       r9
mov       r2,       r10
add       r2,       #-4
stw       [r10-4],  #0
call      #1
jne       r0,       #0,  +1
exit
ldxdw     r6,       [r0]
mov       r1,       r9
mov       r2,       r10
add       r2,       #-4
stw       [r10-4],  #1
call      #1
jne       r0,       #0,  +1
exit
ldxdw     r7,       [r0]
mov       r1,       r9
mov       r2,       r10
add       r2,       #-4
stw       [r10-4],  #2
call      #1
jne       r0,       #0,  +1
exit
ldxdw     r8,       [r0]
mov       r2,       r0
mov       r0,       #0
jne       r6,       #0,  +3
ldxdw     r3,       [r7]
stxdw     [r2],     r3
exit
jne       r6,       #1,  +2
stxdw     [r2],     r10
exit
stxdw     [r7],     r8
exit

$ python assembler.py example/program.asm | hexdump

0000000 b4 09 00 00 ff ff ff ff 55 09 02 00 ff ff ff ff
0000010 b7 00 00 00 00 00 00 00 95 00 00 00 00 00 00 00
0000020 18 19 00 00 03 00 00 00 00 00 00 00 00 00 00 00
0000030 bf 91 00 00 00 00 00 00 bf a2 00 00 00 00 00 00
0000040 07 02 00 00 fc ff ff ff 62 0a fc ff 00 00 00 00
0000050 85 00 00 00 01 00 00 00 55 00 01 00 00 00 00 00
0000060 95 00 00 00 00 00 00 00 79 06 00 00 00 00 00 00
0000070 bf 91 00 00 00 00 00 00 bf a2 00 00 00 00 00 00
0000080 07 02 00 00 fc ff ff ff 62 0a fc ff 01 00 00 00
0000090 85 00 00 00 01 00 00 00 55 00 01 00 00 00 00 00
00000a0 95 00 00 00 00 00 00 00 79 07 00 00 00 00 00 00
00000b0 bf 91 00 00 00 00 00 00 bf a2 00 00 00 00 00 00
00000c0 07 02 00 00 fc ff ff ff 62 0a fc ff 02 00 00 00
00000d0 85 00 00 00 01 00 00 00 55 00 01 00 00 00 00 00
00000e0 95 00 00 00 00 00 00 00 79 08 00 00 00 00 00 00
00000f0 bf 02 00 00 00 00 00 00 b7 00 00 00 00 00 00 00
0000100 55 06 03 00 00 00 00 00 79 73 00 00 00 00 00 00
0000110 7b 32 00 00 00 00 00 00 95 00 00 00 00 00 00 00
0000120 55 06 02 00 01 00 00 00 7b a2 00 00 00 00 00 00
0000130 95 00 00 00 00 00 00 00 7b 87 00 00 00 00 00 00
0000140 95 00 00 00 00 00 00 00

Name		Name	Last commit message	Last commit date
Latest commit History 16 Commits
example		example
README.md		README.md
assembler.py		assembler.py
disassembler.py		disassembler.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

eBPF

Seccomp filter disassembly example

Disassembler example

Assembler example

About

Releases

Packages

Languages

fr0zn/ebpf-diss-asm

Folders and files

Latest commit

History

Repository files navigation

eBPF

Seccomp filter disassembly example

Disassembler example

Assembler example

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages