How to change constant value in linux dynamic library? - linux

There is a dynamic library for 64-bit linux, it contains many functions compiled from from C++ code. The code is not open source, but I have an idea how one of the functions shoul look like. It contains mathematical expression and I would like to change one of the constants in this expression.
I have some programming skills, but never looked into compiled objects and executable. The relevant part of assembly code obtained by objdump -RDC command is below. The constant of interest should be of type double and it seems it is used in multiplication command in line 7e1cc.
7e1b8: 00
7e1b9: f2 0f 59 74 24 78 mulsd 0x78(%rsp),%xmm6
7e1bf: f2 41 0f 59 f0 mulsd %xmm8,%xmm6
7e1c4: f2 0f 58 ce addsd %xmm6,%xmm1
7e1c8: f2 0f 58 ca addsd %xmm2,%xmm1
7e1cc: f2 0f 59 0d fc 0e 0c mulsd 0xc0efc(%rip),%xmm1 # 13f0d0 <typeinfo name for RestorableCreator<Model>+0x90>
7e1d3: 00
7e1d4: 48 81 c4 88 00 00 00 add $0x88,%rsp
7e1db: 66 0f 28 c1 movapd %xmm1,%xmm0
7e1df: c3 retq
I'd like to know how to find the position of this constant in the file, convert my constant to hex format and replace the value in the file to my hex value. Could anyone explain how to do this? Also suggestions about proper tools would be really valuable.

The constant is at address 0xc0efc(%rip) where %rip is the address of the next instruction, meaning 0x7e1d4. So the address is: 0xc0efc + 0x7e1d4 = 0x13F0D0 (objdump even prints that for you).
Now, examine the headers of your binary using objdump -h. That will list all the sections along with virtual addresses and file offsets. Find which section the address falls into, and calculate how far into the section it is, then add the file offset. Now use a hex editor to fetch the 8 bytes representing your double from that offset. Turn it into human-readable form by whatever means you want, for example by a trivial C program that just casts a byte array to double and prints it.

Related

When removing & readding an element loaded through serialbus in Nodejs array my system crashes

So im writing this piece of code to maintain modules on a bus in NodeJs to replace older Delphi 4 code.
The module sends information in blocks, these blocks contain the encoded information and look like this:
{
sender_module_group: { name: 'Sensor', number: 3, hex: 0x03 },
receiver: <Buffer 01 03>,
type: 0,
data_type: { name: 'DATA_BLOCK', number: 33029, hex: 0x8105},
length: <Buffer 16>,
message: <Buffer 00 d5 23 13 ac ff fe a2 ba 53 a6 1b e7 aa d2 51 05 00 00 00 00 00>,
}
During the initialization of the module there are in total around 50 blocks of data each stating what page of memory needs to be read next.
Each block is processed and slowly an object is filled with the data. The first time around on bootup, it works like a charm and all the data gets filled.
The issue arises when a module is dropped(a module can drop due bad connection, CRC checks failing in data transfer, etc).
Modules are dropped in the following way:
modules.splice(index, 1)
Where index is the index of the object in the array of objects modules
When I then try to re-add the module after the connection is reestablished it will start with the first few blocks, these are similar to the original. However, at an x number of blocks, the code will crash/stop running the next block
I narrowed it down to the array of objects, could there be a shadow copy and how can in cleanse that one"?

JPG huffman DECODE stucks

I'm trying to decode the JPG file, the entire header part is correctly read. During the reading of the photo body itself (SOS, 0xFFDA) at some point, the function for finding the correspondence in the Huffman table goes into an infinite loop. If you look at the file in the hex editor, you can find the following sequence of bytes at the error location:
7F FF 00 61
FF 00 => FF
7F FF 61
that in binary code
0111 1111 1111 1111 0110 0001
The first bit has already been used by the past MCU, now it's 15 'ones' in a row and then zero. In the corresponding Huffman table, the maximum code is 8 ones and one zero. I concluded that the byte 7F was just filled with ones until the end. But this is not the end of the file. How can I find out when I need to skip a byte, and when not?
Algorithm of decode AC coefficient was not very clear. I changed loop condition from (index != 63) to (index <= 63) because of EOB that hit the 64th element of MCU and everything began to work.
https://www.w3.org/Graphics/JPEG/itu-t81.pdf (page 106)

Why are these patterns in Huffman coding bitstreams in (Photoshop-produced?) JPG files?

This is a question, out of curiosity, about some patterns I see in JPG files when I look at them in a hex editor. I guess it is a question about the JPEG file format; why not this part is "random noise" like the rest, when it is supposed to be (Huffman coding and so on).
Here goes:
This 136-bit (17 bytes) pattern is showing up in some JPG files that are produced by Adobe Photoshop (I do not know if Photoshop is the only application that produces these):
F7 5E EB DE FD D7 BA F7 BF 75 EE BD EF DD 7B AF 7B
It is several places in one single file, sometimes it is just one iteration, other times it is repeated like 8 or 12 times, making up blocks of 1088 bits or 1632 bits blocks.
Or to be precise, it is actually a 68-bit pattern, repeated 2 or more times:
F7 5E EB DE FD D7 BA F7 B
11110111010111101110101111011110111111011101011110111010111101111011
AFAIK from reading a bit about the JPG file structure, and also verifying this in hex, that the beginning of JPG file structures are marked with FF xx. There are no such FF xx structure markers neither immediately before nor after those 68-bit patterns.
By using Breakpoint Hex Workshop, it is very easy to spot those patterns in the "Data Visualizer" window; while the rest of Huffman bitstream looks like "noise", there are suddenly blocks showing clear patterns.
Also.. I am not sure how relevant this is, but..:
Earlier, I noticed such a type of patterns also in CR2 files, that is Canon RAW files;
here the pattern was a much simpler 40-bit one, though:
73 9C E7 39 CE
0111 0011 1001 1100 1110 0111 0011 1001 1100 1110
If I adjust the spaces, it becomes this:
01110 01110 01110 01110 01110 01110 01110 01110
As you can see, this is actually a repeating 5-bit pattern,
and it was repeated like several hundred times for each place it appeared in the CR2 files.
The CR2 file format is also a compressed file, but lossless. Then again, the Huffman coding in JPG is also a kind of lossless "compression" if I have understood it correctly.
I find it very strange that in compressed streams, there are these patterns of (what to me seems to be) "wasted" bits..
I have uploaded one of the JPG files here http://i.imgur.com/t0mi7vo.jpg
- it's just a simple screenshot of some files in a folder.
The Huffman code bitstream goes from offset 0x0000027C to the end, and you may see one of the instances of the repeating pattern e.g. at offset 0x0001604A
Correct me if i'm wrong but i'm thinking this could be some 'blueprint' for checking if photoshop has been used. Maybe all of this is piracy related
User3344003, thank you very, very much for your answer, it is 99.9% correct..! :-)
These patterns are, as you wrote, related to large areas of color!
However, it is actually the color black (0,0,0) that creates this particular pattern:
F75EEBDEFDD7BAF7BF75EEBDEFDD7BAF7B
..or, when split in 2 x 68-bit parts;
F75EEBDEFDD7BAF7B
F75EEBDEFDD7BAF7B
To see it in action:
1) Create a 32 pixel x 32 pixel image filled with pure black (0,0,0) in Photoshop.
2) Choose File -> Save for Web & Devices
3) Select JPEG, with Maximum (Quality = 100), Blur = 0, and with all the Progressive / Optimized / Embed Color Profile / Convert to sRGB options = OFF, Metadata = None.
Now when you look at the image in a hex editor, it will show this Huffman Coding bitstream:
FFDA
000C03010002110311003F00F9FF00FB
F75EEBDEFDD7BAF7B
F75EEBDEFDD7BAF7B
F75EEBDEFDD7BAF7B
F75EEBDEFDD7BAF7B
F75EEBDEFDD7BAF7B
F75EEBDEFDD7BAF7B
F75EEBDEFDD7BAF7B
F75EEBDEFDD7BAF
FFD9
As you can see, it contains nearly 8 instances of the 68-bit pattern.
Similarly, if you instead create a 32 pixels x 32 pixels image filled with pure white (255,255,255) (and save it as a JPEG in the same way as above), you get this Huffman Coding bitstream:
FFDA
000C03010002110311003F00DFE3DFBA
F75EF7EEBDD7BDFBA
F75EF7EEBDD7BDFBA
F75EF7EEBDD7BDFBA
F75EF7EEBDD7BDFBA
F75EF7EEBDD7BDFBA
F75EF7EEBDD7BDFBA
F75EF7EEBDD7BDFBA
F75EF7EEBDD7 F
FFD9
I also tried to create a 64 pixels x 64 pixels image, divided in the middle, with the left 32 pixels x 64 pixels pure black (0,0,0), and the right 32 pixels x 64 pixels pure white (255,255,255). Then saved as JPEG with Quality = 100 etc. etc. I then got this Huffman Coding bitstream:
FFDA
000C03010002110311003F00F9FF00FB
F75EEBDEFDD7BAF 7B
F75EEBDEFDD7BAFBFC7B
F75EEBDEFDD7BAF 7B
F75EEBDEFDD7BAF803FB
F75EEBDEFDD7BAF 7B
F75EEBDEFDD7BAFBFC7B
F75EEBDEFDD7BAF 7B
F75EEBDEFDD7BAF803FB
F75EEBDEFDD7BAF 7B
F75EEBDEFDD7BAFBFC7B
F75EEBDEFDD7BAF 7B
F75EEBDEFDD7BAF803FB
F75EEBDEFDD7BAF 7B
F75EEBDEFDD7BAFBFC7B
F75EEBDEFDD7BAF 7B
F75EEBDEFDD7BAF803FB
F75EEBDEFDD7BAF 7B
F75EEBDEFDD7BAFBFC7B
F75EEBDEFDD7BAF 7B
F75EEBDEFDD7BAF803FB
F75EEBDEFDD7BAF 7B
F75EEBDEFDD7BAFBFC7B
F75EEBDEFDD7BAF 7B
F75EEBDEFDD7BAF803FB
F75EEBDEFDD7BAF 7B
F75EEBDEFDD7BAFBFC7B
F75EEBDEFDD7BAF 7B
F75EEBDEFDD7BAF803FB
F75EEBDEFDD7BAF 7B
F75EEBDEFDD7BAFBFC7B
F75EEBDEFDD7BAF 7B
F75EEBDEFDD7BA
FFD9
When I found out, I first thought: "But isn't that Huffman Coding supposed to be more efficient than.. this..!? 8 identical patterns in the 32 pixels x 32 pixels pure colored ones, and 16 + 8 + 8 identical ones in the 64 pixels x 64 pixels half black / half white one..? Why not just use one, and then use pointers, like, use this particular pattern here, here, there and ..there."
Then, I remembered the fact that these JPEG's are actually pretty unusual in that they are all made with Quality = 100.
So that Quality = 100 seems to be the other factor which is needed for seeing these F75E.. patterns.
To verify this, I then again made a 32 pixels x 32 pixels pure black (0,0,0), but now I saved instead with Quality = 0. Now this image got a much shorter Huffman Coding bitstream, which indeed also showed a certain kind of pattern, but very different one:
FFDA
000C03010002110311003F00F99
55540555501
55540555503F
FFD9

How can I convert Special Format String to Text?

How can I convert the string 00 00 EF 01 00 00 00 00 00 00 to text?
I googled and found a online tool which can convert binary to text only.
This values are in HEX - This tool
does hex as well, you can always transalte HEX to decimal and then take their ASCII value...
I created a tool few years ago that can convert/encode strings. Hope you'll find it useful.
I'm assuming here the text you've supplied is "as is", with spaces separating the hex digit pairs.
You can convert each hex value with, e.g.:
byte.Parse("EF", System.Globalization.NumberStyles.AllowHexSpecifier)
So you can convert the whole to a byte array:
var byteArray = "0A 0A 0A".Split(' ').Select(s => byte.Parse(s, System.Globalization.NumberStyles.AllowHexSpecifier)).ToArray();
However, you don't specify what character encoding your hex stream represents. Once you've got your byte array, you'll need to convert it as necessary.

COBOL alternative to BASIC's MID and how to concat strings?

I'm looking for the COBOL alternative of Visual Basic's MID Function. The thing I need to do is take from 8 strings the first 5 letters and concatenate them.
I'm using Fujitsu COBOL.
Many thanks,
Yvan
Paxdiablo has given a couple of valid ways to do it. Another way would be to use reference modification in addition to the STRING verb. Complete program example follows:
IDENTIFICATION DIVISION.
PROGRAM-ID. EXAMPLE9.
DATA DIVISION.
WORKING-STORAGE SECTION.
01 STRINGS.
05 STRING1 PIC X(10) VALUE 'AAAAAAAAAA'.
05 STRING2 PIC X(10) VALUE 'BBBBBBBBBB'.
05 STRING3 PIC X(10) VALUE 'CCCCCCCCCC'.
05 STRING4 PIC X(10) VALUE 'DDDDDDDDDD'.
05 STRING5 PIC X(10) VALUE 'EEEEEEEEEE'.
05 STRING6 PIC X(10) VALUE 'FFFFFFFFFF'.
05 STRING7 PIC X(10) VALUE 'GGGGGGGGGG'.
05 STRING8 PIC X(10) VALUE 'HHHHHHHHHH'.
05 STRING-OUT PIC X(40) VALUE SPACES.
PROCEDURE DIVISION.
STRING STRING1(1:5) STRING2(1:5) STRING3(1:5) STRING4(1:5)
STRING5(1:5) STRING6(1:5) STRING7(1:5) STRING8(1:5)
DELIMITED BY SIZE
INTO STRING-OUT
DISPLAY STRING-OUT
GOBACK.
This cuts down on the verbosity quite a bit and captures the concatenation in a single statement. Best advice is to read up on the STRING verb. There are a number of innovative ways it can be used.
COBOL does not provide an exact analogue to the BASIC MID statement. You can accomplish similar operations by using some combination of STRING, UNSTRING, INSPECT and reference modification. An example of a reference modification is: SOME-VARIABLE-NAME(1:5) - the 1:5 bit specifies a substring of SOME-VARIABLE-NAME starting with the first character for a length of 5 characters. The modifiers may themselves be numeric variables. The STRING and UNSTRING verbs provide a number of features that can be quite powerful.
In general though, COBOL is not particularly good at string manipulation (some might say its not particularly good at anything - but I would disagree with that statement).
I think it goes something like this:
WORKING STORAGE SECTION.
01 NORMAL-STRING-A PIC X(80)
01 NORMAL-STRING-B PIC X(80)
01 NORMAL-STRING-C PIC X(80)
01 NORMAL-STRING-D PIC X(80)
01 NORMAL-STRING-E PIC X(80)
01 SUB-STRING.
05 FIVE PIC X(5)
05 REST PIC X(75)
01 TWENTY-FIVE-A.
05 FIVE-A PIC X(5).
05 FIVE-B PIC X(5).
05 FIVE-C PIC X(5).
05 FIVE-D PIC X(5).
05 FIVE-E PIC X(5).
01 TWENTY-FIVE-B PIC X(25).
PROCEDURE DIVISION.
MOVE NORMAL-STRING-A TO SUB-STRING.
MOVE FIVE TO FIVE-A.
MOVE NORMAL-STRING-B TO SUB-STRING.
MOVE FIVE TO FIVE-B.
MOVE NORMAL-STRING-C TO SUB-STRING.
MOVE FIVE TO FIVE-C.
MOVE NORMAL-STRING-D TO SUB-STRING.
MOVE FIVE TO FIVE-D.
MOVE NORMAL-STRING-E TO SUB-STRING.
MOVE FIVE TO FIVE-E.
MOVE TWENTY-FIVE-A TO TWENTY-FIVE-B.
Then, your string is in TWENTY-FIVE-B.
You know, I can't imagine why people thought COBOL was verbose :-)
On a more serious note, I think you can do something along these lines to achieve the same result (you may have to fiddle with the start and length parameters, it's been a while since I did any serious COBOL):
WORKING STORAGE SECTION.
01 STRING-A PIC X(80)
01 STRING-B PIC X(80)
01 STRING-C PIC X(80)
01 STRING-D PIC X(80)
01 STRING-E PIC X(80)
01 TWENTY-FIVE PIC X(25).
PROCEDURE DIVISION.
MOVE STRING-A(1:5) TO TWENTY-FIVE( 1:5).
MOVE STRING-B(1:5) TO TWENTY-FIVE( 6:5).
MOVE STRING-C(1:5) TO TWENTY-FIVE(11:5).
MOVE STRING-D(1:5) TO TWENTY-FIVE(16:5).
MOVE STRING-E(1:5) TO TWENTY-FIVE(21:5).
This substring examples page shows a few variations. An example:
* Task3 suffix(xStr,Length)
* Extract the last Length number of chars from a string
* Solution - use reference modification with start of substring
* defined as the FullStringLength - SubStringLength + 1
* In this example we get the last 13 characters.
MOVE 13 TO StrLength
DISPLAY "Task3 = " xStr2((StrSize - StrLength) + 1:StrLength)
WORKING STORAGE SECTION.
01 NORMAL-STRING-A PIC X(80)
01 NORMAL-STRING-B PIC X(80)
01 NORMAL-STRING-C PIC X(80)
01 NORMAL-STRING-D PIC X(80)
01 NORMAL-STRING-E PIC X(80)
01 TWENTY-FIVE-A.
05 FIVE-A PIC X(5).
05 FIVE-B PIC X(5).
05 FIVE-C PIC X(5).
05 FIVE-D PIC X(5).
05 FIVE-E PIC X(5).
01 TWENTY-FIVE-B REDEFINES TWENTY-FIVE-A PIC X(25).
PROCEDURE DIVISION.
MOVE NORMAL-STRING-A TO FIVE-A
MOVE NORMAL-STRING-B TO FIVE-B
MOVE NORMAL-STRING-C TO FIVE-C
MOVE NORMAL-STRING-D TO FIVE-D
MOVE NORMAL-STRING-E TO FIVE-E

Resources