GTK+ Forums

dell_boy · GTK+ Geek Joined: 07 Dec 2008 Posts: 56

Ok guys. I decided to show off my project that I've been working on since coming
across Micah Carrick's superb tutorial in late November 08. So it's about 7 weeks
old.

I would describe myself as a very inexperienced programmer. No knowledge of Gtk
and limited C experience. I don't really know what inspired this project to be
honest. I was experimenting with trying to learn assembly language and with
disassembly. I couldn't find a decent X window based disassembler, Lida being
the best I came across, which uses a Perl front end and C back end. I became
interested in the ELF executable file format and wanted to learn more about it.
There are a couple of terminal based applications (Binary Utils) that allow the
ELF format to be examined and disassembled. The binary code can be hex dumped
for examination but thats about it. Then there is a really good GtK based
hexadecimal editor called Bless (the opposite of Hex apparently). It is written
using C# based on the Novell Mono project. Something that it is TOO MS Windows
related in my opinion, a little like the .NET programming environment.

So here is my project. Maybe a little ambitious for a novice like myself. The
project proposes to develop an application that performs 3 functions.

1. It allows an executable, relocatable or shared object file to be easily
examined and dissected for content, in a nice Gtk windowed environment.
So it is a Binaryfile Inspector GUI (BIG).

2. The binary code is dissected and displayed in hexadecimal format in neat
sections that correspond to the file structure, that is shown in a treeview
format. The hecadecimal code can be edited.
So the application is also a Hexadecimal Editor (HE).

3. And the binary code can be Disassembled in a number of ways. Flow control
as in Lida and block control as in Objdump. The code is displayed in a nice
Source View that can be saved for further examination and editing.
So the application is a Hexadecimal Editor And Disassembler (HEAD).

And so we have the name of the application....tongue firmly in cheek.

BIGHEAD.

The project is coming on very well. Much of the binaryfile inspector is complete.
And the disassembler is functional. The hexadecimal code is available for viewing
but can't yet be edited. Just for good measure I have an embedded terminal which
is always useful for this type of application.

The application can be described as a Reverse Engineering Tool.

Micah Carrick · Posted: Tue Jan 27, 2009 12:51 pm Post subject:

That's coming along nicely. Looks like a fun project.

dell_boy · GTK+ Geek Joined: 07 Dec 2008 Posts: 56

The project has become very addictive for me Micah. Like a good book, once you pick it up and start reading you can't put it back down until you have read JUST a little more.

It's a huge learning process for me. Your TextEditor tutorial was the starting point and tadeboro's help has been invaluable.

Micah Carrick · Posted: Tue Jan 27, 2009 2:19 pm Post subject:

I know how it goes. I'm no stranger to choosing a project over sleep/food. Keep at it.

JohnC · Familiar Face Joined: 30 Sep 2008 Posts: 20

Wow this is awesome!

It's also very similar to something I'm doing. I'm writing a disassembler for x86 and the PE file format (I've tried to write it so that in future it will be easy to make it disassemble other binary file formats and architectures). The projects been going since summer last year when I learned c++ and found out about gtk (on and off because of uni).

I like the way BIGHEAD gives you the data in a beautifully simple intuitive gnome-like and powerful way - opposite to lida. I havent got anything that shows you the header or the hex dump, but the one thing I do have is really really cool. The only major thing I have got is an assembly flowchart a bit like the one in IDA pro. Theres a massive scrolled window showing that flowchart, and a scaled resizable minimap of it. Both of these I've mostly made into GtkWidgets You can add comments to any of the blocks on the flowchart, or the function they are in. There is a GtkTreeView navigator which is used to move about between asm functions and executable files.

My disassembler uses the libdisasm that comes with x86dis to do the disassembly and follows the jumps and (later) calls in the same way the processor would. It can grab any complete function given an entry point and right now I'm making it follow some of the easy calls. What does BIGHEAD use to do the actual disassembly? How are you formatting the asm? Finally, how on earth did you manage to learn and code all that in 8 weeks?!? Please can we exchange some disassember/executable file format reading wisdom?

John