{"id":16835463,"url":"https://github.com/defuse/elfplayer","last_synced_at":"2025-04-11T04:50:25.048Z","repository":{"id":25145312,"uuid":"28567648","full_name":"defuse/elfplayer","owner":"defuse","description":"Visualize an ELF's execution","archived":false,"fork":false,"pushed_at":"2014-12-28T18:02:43.000Z","size":228,"stargazers_count":10,"open_issues_count":5,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-25T02:51:18.923Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/defuse.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-12-28T17:43:03.000Z","updated_at":"2024-07-21T12:23:30.000Z","dependencies_parsed_at":"2022-08-23T21:21:15.382Z","dependency_job_id":null,"html_url":"https://github.com/defuse/elfplayer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/defuse%2Felfplayer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/defuse%2Felfplayer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/defuse%2Felfplayer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/defuse%2Felfplayer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/defuse","download_url":"https://codeload.github.com/defuse/elfplayer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248345289,"owners_count":21088243,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-13T12:10:23.350Z","updated_at":"2025-04-11T04:50:25.028Z","avatar_url":"https://github.com/defuse.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"ELFPlayer\n============\n\nELFPlayer is a tool for visualizing the execution of 32-bit x86 ELFs (with\nsymbols). This can be useful for getting a better understanding of what your\ncode is doing, crafting exploits, or side-channel analysis.\n\n**Currently, ELFPlayer is prototype quality. This is a beta release.**\n\n![ElfPlayer Screenshot](https://defuse.ca/files2/github-elfplayer-ss.png)\n\nELFPlayer is made up of three components: The tracer, encoder, and player.\n\nTracer\n--------\n\nThe tracer is a C program that uses ptrace to save all of the EIP values as your\nprogram executes. To use it, pass the output file on the command line followed\nby the command to execute under ptrace (just like `strace`).\n\nFor exaple, if you've built the `hello` sample in the `samples` directory (by\n`gcc -m32 hello.c -o hello`), here's how you trace it (with an unnecessary\ncommand-line argument for demonstration):\n\n```\n$ ./tracer/tracer ./output ./samples/hello --an-argument-to-hello\n```\n\nThis will save all of the EIP values to `./output.`. To visualize it, you first\nhave to encode it into a JSON file that the player supports. Use the encoder\ntool to do that.\n\nEncoder\n--------\n\nThe encoder (Ruby script) transforms the tracer's output into an easy-to-parse\nJSON file for the player to play. Supposing we ran the tracer on\n`./samples/hello` and its output is saved in `./output`, the command to encode\nis:\n\n```\n$ ruby encoder/encode.rb -b ./samples/hello -o ./player/out.json ./output\n```\n\nThis will write the encoded JSON into `./player/out.json`, the location the\nplayer expects its input to be.\n\nPlayer\n--------\n\nThe player is an HTML5 Canvas web page that fetches the JSON file and displays\na visualization of the execution. It currently supports only very primitive\nscrolling by using the mousewheel or by clicking the scrollbars on the left or\nthe top. To open it, run:\n\n```\n$ firefox ./player/ptrace.html\n```\n\nFor now, it will probably only work with firefox. I haven't tested it with\nanything else.\n\nRed columns represent continuous sequences of EIP values which were not in\nregions known to the encoder. For example, if execution jumps into glibc for 100\ninstructions, those 100 instructions are displayed as a single red column. Blue\ndots on the top or bottom mean there is an instruction above or below the view,\nrespectively. Use the (shitty) left scrollbar to bring them into view.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdefuse%2Felfplayer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdefuse%2Felfplayer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdefuse%2Felfplayer/lists"}