{"id":16703455,"url":"https://github.com/mtardy/mahebpf","last_synced_at":"2025-04-10T05:00:34.859Z","repository":{"id":203842827,"uuid":"704657243","full_name":"mtardy/mahebpf","owner":"mtardy","description":"(For now 😼) an educational eBPF disassembler","archived":false,"fork":false,"pushed_at":"2023-11-06T00:07:50.000Z","size":15,"stargazers_count":5,"open_issues_count":1,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-24T06:11:49.162Z","etag":null,"topics":["disassembler","ebpf","junk"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mtardy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-13T18:44:28.000Z","updated_at":"2024-09-23T19:01:34.000Z","dependencies_parsed_at":null,"dependency_job_id":"c0875aaf-2b9e-4523-971f-d2711139d811","html_url":"https://github.com/mtardy/mahebpf","commit_stats":null,"previous_names":["mtardy/mahebpf"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mtardy%2Fmahebpf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mtardy%2Fmahebpf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mtardy%2Fmahebpf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mtardy%2Fmahebpf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mtardy","download_url":"https://codeload.github.com/mtardy/mahebpf/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248161267,"owners_count":21057554,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["disassembler","ebpf","junk"],"created_at":"2024-10-12T19:08:23.264Z","updated_at":"2025-04-10T05:00:34.809Z","avatar_url":"https://github.com/mtardy.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# maheBPF\n\nmaheBPF™ for my asinine holistic enterprise BPF pseudocode fragmentor.\n\n## Installation\n\nInstall it with a Golang install, the project is nice enough to not have\nexternal dependencies (for now).\n\n```shell-session\ngo install github.com/mtardy/mahebpf@latest\n```\n\n## Usage\n\n### 🧝🏻‍♀️ ELF 🧝🏻‍♂️\n\nLet's say you have a BPF program in an ELF at the section kprobe/pizza\n(little-endian only club 😎 thanks) and you want to disassemble it with a\nmilitary-grade™ dissasembler:\n\n```shell-session\nmahebpf prog.o kprobe/pizza\n```\n\nFor my very useful little program, the output looks like this:\n\n```text\n 0: b701000000000000 r1 = 0\n 1: 631afcff00000000 *(u32 *)(r10 - 4) = r1\n 2: 850000000e000000 call 14\n 3: bf06000000000000 r6 = r0\n 4: 636af8ff00000000 *(u32 *)(r10 - 8) = r6\n 5: bfa2000000000000 r2 = r10\n 6: 07020000fcffffff r2 += -4\n 7: 1801000000000000 0000000000000000 r1 = 0 ll\n 9: 8500000001000000 call 1\n10: 5500090000000000 if r0 != 0 goto +9\n11: bfa2000000000000 r2 = r10\n12: 07020000fcffffff r2 += -4\n13: bfa3000000000000 r3 = r10\n14: 07030000f8ffffff r3 += -8\n15: 1801000000000000 0000000000000000 r1 = 0 ll\n17: b704000000000000 r4 = 0\n18: 8500000002000000 call 2\n19: 0500010000000000 goto +1\n20: 6360000000000000 *(u32 *)(r0 + 0) = r6\n21: b700000000000000 r0 = 0\n22: 9500000000000000 exit\n```\n\nCool no? A bit like `llvm-objdump -S prog.o` but in bad.\n\n### 🇺🇸 ASCII 🦅 \n\nIf you like to store your eBPF bytecode in ASCII in a text format like a person\nof taste, I got you covered. Let's say you have a program in a `prog.txt` that\nlooks like this:\n\n```text\nb7 01 00 00 00 00 00 00\n63 1a fc ff 00 00 00 00\n85 00 00 00 0e 00 00 00\nbf 06 00 00 00 00 00 00\n63 6a f8 ff 00 00 00 00\nbf a2 00 00 00 00 00 00\n07 02 00 00 fc ff ff ff\n18 01 00 00 00 00 00 00\n00 00 00 00 00 00 00 00\n85 00 00 00 01 00 00 00\n55 00 09 00 00 00 00 00\nbf a2 00 00 00 00 00 00\n07 02 00 00 fc ff ff ff\nbf a3 00 00 00 00 00 00\n07 03 00 00 f8 ff ff ff\n18 01 00 00 00 00 00 00\n00 00 00 00 00 00 00 00\nb7 04 00 00 00 00 00 00\n85 00 00 00 02 00 00 00\n05 00 01 00 00 00 00 00\n```\n\nTo disassemble this hexabeauty:\n\n```shell-session\nmahebpf --type ascii prog.txt\n```\n\nBoom 💥🤯, same output as before!\n\n## Contribute\n\nDon't.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmtardy%2Fmahebpf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmtardy%2Fmahebpf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmtardy%2Fmahebpf/lists"}