CTF header I.

Now that we have the CTF data at our disposal, we need to parse it and get meaningful information out of it. As usual, every format contains a header that consists of data-wide preferences and stuff like version or a starting magic number.

Indeed, the CTF starts exactly with a 16-bit magic number 0xCFF1. I suspect this should be some kind of pun, trying to recreate the name of the format. 0xCC1F would serve as much better number, since “CTF” actually stands for Compact C Type Format.

Next byte is representing the version of the format. Currently, versions 1 and 2 exist. Every one of my kernel objects (FreeBSD 11) that I checked has the version 2, therefore for the libctf I would prefer to start with the version 2 and maybe discard the version 1 as it is old and unused in the project.

Fourth byte is treated as place for 8 flags, even though I was able to find only one – the compress flag. This means, that the actual CTF data are zipped to save some space. One of these bits could be used to signal the endianess of the data – this feature was requested more than once by the community as a lacking feature in the current library.

The thing I noticed looking at the current implementation is that it is using types like short, char and so on. Maybe I am overcautious or not knowledgable enough, but these variables do not have a fixed size. OK, maybe the char is obviously always a byte, but it is not guaranteed for the short to be 2 bytes wide. I understand the reasons behind this weird C types, but sometimes it is really needed to be able to rely on this. As a consequence to this problem, a POSIX of some kind was issued to create a files inttypes.h and stdint.h that would contain types like uint8_t or int32_t (in fact, many others). I believe it is only a header file that is generated during some compiler initialisation to contain the correct typedefs. The realisation of the types aside, I would like to use them in my libctf implementation to assure the proper sizes in all situations.

Transforming this to a code will look something like this:

struct ctf_header_preface
  uint16_t magic;
  uint8_t version;
  uint8_t flags;

Also, we need to define constants representing the expected input:

#define CTF_MAGIC 0xCFF1
#define CTF_VERSION 2

/* flags */

To be continued.

This entry was posted in Uncategorized and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s