Module: SeccompTools::Disasm

Defined in:

lib/seccomp-tools/disasm/disasm.rb,
lib/seccomp-tools/disasm/context.rb

Overview

Disassembler of seccomp bpf.

Defined Under Namespace

Classes: Context

Class Method Summary

• .disasm(raw, arch: nil) ⇒ Object

  Disassemble bpf codes.

• .to_bpf(raw, arch) ⇒ Array<BPF>

  Convert raw bpf string to array of BPF.

Class Method Details

.disasm(raw, arch: nil) ⇒ Object

Disassemble bpf codes.

# File 'lib/seccomp-tools/disasm/disasm.rb', line 19

def disasm(raw, arch: nil)
  codes = to_bpf(raw, arch)
  contexts = Array.new(codes.size) { Set.new }
  contexts[0].add(Context.new)
  # all we care is if A is exactly one of data[*]
  dis = codes.zip(contexts).map do |code, ctxs|
    ctxs.each do |ctx|
      code.branch(ctx) do |pc, c|
        contexts[pc].add(c) unless pc >= contexts.size
      end
    end
    code.contexts = ctxs
    code.disasm
  end.join("\n")
  <<-EOS
 line  CODE  JT   JF      K
=================================
#{dis}
  EOS
end

.to_bpf(raw, arch) ⇒ Array<BPF>

Convert raw bpf string to array of BPF.

# File 'lib/seccomp-tools/disasm/disasm.rb', line 44

def to_bpf(raw, arch)
  arch ||= Util.system_arch
  raw.scan(/.{8}/m).map.with_index { |b, i| BPF.new(b, arch, i) }
end