{"id":13755010,"url":"https://github.com/bnbdr/ida-bpf-processor","last_synced_at":"2026-01-12T00:41:56.830Z","repository":{"id":216845806,"uuid":"88667459","full_name":"bnbdr/ida-bpf-processor","owner":"bnbdr","description":"BPF Processor for IDA Python ","archived":false,"fork":false,"pushed_at":"2018-08-27T19:41:55.000Z","size":38,"stargazers_count":50,"open_issues_count":1,"forks_count":7,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-11-16T09:33:55.739Z","etag":null,"topics":["bpf","disasm","disassembler","ida","idapython-plugin","processor","seccomp"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bnbdr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2017-04-18T20:25:53.000Z","updated_at":"2024-05-31T10:41:19.000Z","dependencies_parsed_at":null,"dependency_job_id":"de227d2b-388c-4aab-b0ce-9a5fc88247cc","html_url":"https://github.com/bnbdr/ida-bpf-processor","commit_stats":null,"previous_names":["bnbdr/ida-bpf-processor"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bnbdr%2Fida-bpf-processor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bnbdr%2Fida-bpf-processor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bnbdr%2Fida-bpf-processor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bnbdr%2Fida-bpf-processor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bnbdr","download_url":"https://codeload.github.com/bnbdr/ida-bpf-processor/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253346468,"owners_count":21894264,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bpf","disasm","disassembler","ida","idapython-plugin","processor","seccomp"],"created_at":"2024-08-03T10:00:39.141Z","updated_at":"2026-01-12T00:41:56.825Z","avatar_url":"https://github.com/bnbdr.png","language":"Python","readme":"# BPF Bytecode Processor for IDA (python)\n\n![](example.png)\n\n## Processor\nSupports the old BPF bytecode only (no eBPF). \n\nThe processor will display conditional branches with a 0 value true-offset as their opposite logical counterpart, e.g. `JEQ 0xFF, 0, 1` as `JNE 0xFF, 1, 0`.\n\n## Loader\nThe loader accepts files that have a custom bpf header and sets up several symbolic constants for seccomp:\n```c\nSECCOMP_RET_KILL = 0x00000000\nSECCOMP_RET_TRAP = 0x00030000\nSECCOMP_RET_ERRNO = 0x00050000\nSECCOMP_RET_TRACE = 0x7ff00000\nSECCOMP_RET_ALLOW = 0x7fff0000\n// --------------\nAUDIT_ARCH_I386 = 0x40000003\nAUDIT_ARCH_X86_64 = 0xC000003E\n```\n### File Format\nThe loader accepts files in the following format (see [010template](bpf.bt)):\n```c\nint magic;\nint reserved;\nstruct sock_filter bpf_c[0];\n```\nwhere `magic` must be `\"bpf\\0\"` and `reserved` must be 0. \n\n## Installation \nput the processor plugin `bpf.py` in:\n```xml\n\u003cIDA_INSTALL_DIR\u003e\\procs\\\n```\nput the file loader `bpf_loader.py` in:\n```xml\n\u003cIDA_INSTALL_DIR\u003e\\loaders\\\n```\n\n## Supported Versions\n- IDA 7.x (tested on 7.0).\n- For older IDA versions use [this](https://github.com/bnbdr/ida-bpf-processor/releases/tag/v1.0.0).\n\n\n## License\n[MIT](https://opensource.org/licenses/MIT) 2018 [@bnbdr](https://github.com/bnbdr/)\n\n## Relevant References\n- https://www.hex-rays.com/products/ida/support/idapython_docs/\n- https://www.hex-rays.com/products/ida/support/sdkdoc/\n- http://www.tcpdump.org/papers/bpf-usenix93.pdf\n- https://www.kernel.org/doc/Documentation/networking/filter.txt\n- http://man7.org/linux/man-pages/man2/seccomp.2.html\n- https://github.com/seccomp/libseccomp/blob/master/tools/scmp_bpf_disasm.c\n- https://github.com/ghTemp123/wiresharkplugin/blob/master/Scripts/Libnids-119_With_managedLibnids/Libnids-1.19/WIN32-Includes/NET/Bpf.h\n","funding_links":[],"categories":["\u003ca id=\"004c199e1dbf71769fbafcd8e58d1ead\"\u003e\u003c/a\u003e针对特定分析目标"],"sub_categories":["\u003ca id=\"cb59d84840e41330a7b5e275c0b81725\"\u003e\u003c/a\u003eLoader\u0026Processor"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbnbdr%2Fida-bpf-processor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbnbdr%2Fida-bpf-processor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbnbdr%2Fida-bpf-processor/lists"}