GTK+ Forums

Discussion forum for GTK+ and Programming. Ask questions, troubleshoot problems, view and post example code, or express your opinions.
It is currently Wed Oct 22, 2014 10:26 pm

All times are UTC




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: BigHead
PostPosted: Tue Jan 27, 2009 12:00 am 
Offline
GTK+ Geek

Joined: Sun Dec 07, 2008 4:46 pm
Posts: 56
Ok guys. I decided to show off my project that I've been working on since coming
across Micah Carrick's superb tutorial in late November 08. So it's about 7 weeks
old.

I would describe myself as a very inexperienced programmer. No knowledge of Gtk
and limited C experience. I don't really know what inspired this project to be
honest. I was experimenting with trying to learn assembly language and with
disassembly. I couldn't find a decent X window based disassembler, Lida being
the best I came across, which uses a Perl front end and C back end. I became
interested in the ELF executable file format and wanted to learn more about it.
There are a couple of terminal based applications (Binary Utils) that allow the
ELF format to be examined and disassembled. The binary code can be hex dumped
for examination but thats about it. Then there is a really good GtK based
hexadecimal editor called Bless (the opposite of Hex apparently). It is written
using C# based on the Novell Mono project. Something that it is TOO MS Windows
related in my opinion, a little like the .NET programming environment.

So here is my project. Maybe a little ambitious for a novice like myself. The
project proposes to develop an application that performs 3 functions.

1. It allows an executable, relocatable or shared object file to be easily
examined and dissected for content, in a nice Gtk windowed environment.
So it is a Binaryfile Inspector GUI (BIG).

2. The binary code is dissected and displayed in hexadecimal format in neat
sections that correspond to the file structure, that is shown in a treeview
format. The hecadecimal code can be edited.
So the application is also a Hexadecimal Editor (HE).

3. And the binary code can be Disassembled in a number of ways. Flow control
as in Lida and block control as in Objdump. The code is displayed in a nice
Source View that can be saved for further examination and editing.
So the application is a Hexadecimal Editor And Disassembler (HEAD).

And so we have the name of the application....tongue firmly in cheek.

BIGHEAD.

The project is coming on very well. Much of the binaryfile inspector is complete.
And the disassembler is functional. The hexadecimal code is available for viewing
but can't yet be edited. Just for good measure I have an embedded terminal which
is always useful for this type of application.

The application can be described as a Reverse Engineering Tool.

Image


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jan 27, 2009 12:51 pm 
Offline
Never Seen the Sunlight

Joined: Wed Sep 21, 2005 12:07 am
Posts: 563
Location: Portland, OR USA
That's coming along nicely. Looks like a fun project.

_________________
Micah Carrick - Forum Administrator
http://www.micahcarrick.com


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jan 27, 2009 1:15 pm 
Offline
GTK+ Geek

Joined: Sun Dec 07, 2008 4:46 pm
Posts: 56
The project has become very addictive for me Micah. Like a good book, once you pick it up and start reading you can't put it back down until you have read JUST a little more.

It's a huge learning process for me. Your TextEditor tutorial was the starting point and tadeboro's help has been invaluable.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jan 27, 2009 2:19 pm 
Offline
Never Seen the Sunlight

Joined: Wed Sep 21, 2005 12:07 am
Posts: 563
Location: Portland, OR USA
I know how it goes. I'm no stranger to choosing a project over sleep/food. Keep at it.

_________________
Micah Carrick - Forum Administrator
http://www.micahcarrick.com


Top
 Profile  
 
 Post subject: A windows PE disassembler
PostPosted: Sun Apr 12, 2009 8:56 pm 
Offline
Familiar Face

Joined: Tue Sep 30, 2008 2:32 pm
Posts: 20
Wow this is awesome!

It's also very similar to something I'm doing. I'm writing a disassembler for x86 and the PE file format (I've tried to write it so that in future it will be easy to make it disassemble other binary file formats and architectures). The projects been going since summer last year when I learned c++ and found out about gtk (on and off because of uni).

I like the way BIGHEAD gives you the data in a beautifully simple intuitive gnome-like and powerful way - opposite to lida. I havent got anything that shows you the header or the hex dump, but the one thing I do have is really really cool. The only major thing I have got is an assembly flowchart a bit like the one in IDA pro. Theres a massive scrolled window showing that flowchart, and a scaled resizable minimap of it. Both of these I've mostly made into GtkWidgets You can add comments to any of the blocks on the flowchart, or the function they are in. There is a GtkTreeView navigator which is used to move about between asm functions and executable files.

My disassembler uses the libdisasm that comes with x86dis to do the disassembly and follows the jumps and (later) calls in the same way the processor would. It can grab any complete function given an entry point and right now I'm making it follow some of the easy calls. What does BIGHEAD use to do the actual disassembly? How are you formatting the asm? Finally, how on earth did you manage to learn and code all that in 8 weeks?!? Please can we exchange some disassember/executable file format reading wisdom?

John


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group