{"id":23508794,"url":"https://github.com/lovasko/ctfquery","last_synced_at":"2025-05-13T15:34:50.694Z","repository":{"id":18351156,"uuid":"21531060","full_name":"lovasko/ctfquery","owner":"lovasko","description":"CTF data querying command-line tool","archived":false,"fork":false,"pushed_at":"2015-07-29T21:31:55.000Z","size":192,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-16T19:48:25.170Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lovasko.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-07-06T01:02:30.000Z","updated_at":"2019-11-11T18:17:58.000Z","dependencies_parsed_at":"2022-08-25T11:52:10.322Z","dependency_job_id":null,"html_url":"https://github.com/lovasko/ctfquery","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lovasko%2Fctfquery","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lovasko%2Fctfquery/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lovasko%2Fctfquery/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lovasko%2Fctfquery/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lovasko","download_url":"https://codeload.github.com/lovasko/ctfquery/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253970675,"owners_count":21992544,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-25T11:32:10.822Z","updated_at":"2025-05-13T15:34:50.639Z","avatar_url":"https://github.com/lovasko.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ctfquery\nQuery the CTF for specific information.\n\n## Usage\n`ctfquery [ -s SYM | -t TYPE_ID | -c TYPE_ID | -l LABEL | -v | -h ] \u003cfile\u003e`\n * `-s SYM` search for a symbol named `SYM`\n * `-S TYPE_ID` search for all symbols that are of type `TYPE_ID`\n * `-t TYPE_ID` search for a type identified with `TYPE_ID`\n * `-c TYPE_ID` solve a `typedef` chain with the head identified with `TYPE_ID`\n * `-l LABEL` search for a label with name `LABEL`\n * `-v` print CTF version of the file\n * `-h` print help message\n\n## Build\n```\n$ ninja\n```\n\n## Dependencies\n * [`libctf`](https://github.com/lovasko/libctf)\n * [`m_list`](https://github.com/lovasko/m_list)\n\n## Example\n### ... or the tale of the maximal process ID \nGrab my hand, we are going for a trip! Say we are, for some reason, totally\ninto finding out about the kernel symbol `pid_max` which denotes the maximal\nPID on a system. One way is to look into the source, sure, but what if it is\nnot available and we are stuck with some random black box crash dump?\n`ctfquery` to the rescue!\n\nWe will start by gently poking the beast:\n\n```\n$ ctfquery -s pid_max /boot/kernel/kernel\n776\n```\n\nThe first bit of knowledge! The symbol inspection (`-s`) told us that the\ntype ID of the type associated with the symbol is 776. Only if we could\ndescribe a type!\n\n```\n$ ctfquery -t 776 /boot/kernel/kernel\n    Kind: typedef\n  Ref ID: 775\nNew name: pid_t\n```\n\nAnd we could. A type with ID 775 disguised as the `pid_t` using the `typedef`\nsorcery. Sneaky. Let's dive even further!\n\n```\n$ ctfquery -t 775 /boot/kernel/kernel\n    Kind: typedef\n  Ref ID: 17 \nNew name: __pid_t\n```\n\nOh man! This is a serious `typedef` hell! For how long will we have to follow\nthese links? Luckily, we can solve typedef chains with the `-c` option for free:\n\n```\n$ ctfquery -c 776 /boot/kernel/kernel\npid_t (776) -\u003e __pid_t (775) -\u003e __int32_t (17) -\u003e int (16)\n```\n\nFinally, some solid info right there, it all seems to boil down to the type with\nID 16. You guessed correctly, we're gonna inspect the hell out of it!\n\n```\n$ ctfquery -t 16 /boot/kernel/kernel\n   Kind: int\n   Name: int\n   Size: 32\n Offset: 0\n Signed: yes\nContent: number\n```\n\nQED! The symbol `pid_max` is a 32-bit signed integer. Now go solve the\nimportant stuff.\n\n## License\n2-clause BSD, for more information please see the [license](LICENSE.md).\n\n## Author\nDaniel Lovasko lovasko@freebsd.org\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flovasko%2Fctfquery","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flovasko%2Fctfquery","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flovasko%2Fctfquery/lists"}