Skip to content

badboy/ebpf-disasm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
src
src
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

ebpf-disasm

A simple eBPF disassembler, based on rbpf.

It loads the compiled eBPF code from an ELF file and prints it out.

Installation

cargo install --git https://github.com/badboy/ebpf-disasm

Usage

If your code is in the section .classifier of your ELF file bpf.o:

ebpf-disasm --section .classifier bpf.o

Example output

$ ebpf-disasm -s .classifier bpf.o
mov64	r6,	r1
ldabsh	0x4
mov64	r7,	r0
ldabsw	0x0
lsh64	r0,	0x10
or64	r0,	r7
stxdw	[r10+0xfff8],	r0
mov64	r2,	r10
add64	r2,	0xfffffff8
lddw	r1,	0x0
call	0x1
jeq	r0,	0x0,	+0x5
ldxw	[r3+0x0],	r0
mov64	r1,	r6
lddw	r2,	0x0
call	0xc
mov64	r0,	0x0
exit

License

MIT. See LICENSE.

About

Simple ebpf disassembler in Rust

Resources

Readme

License

MIT license
Activity

Stars

35 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases 1

v0.3.0 Latest
May 2, 2017

Packages

No packages published

Languages