BPF: Tyring to map out memory to sock_filter struct


I have a binary file which runs a bpf server. The BPF is "loosely" defined as follows:

struct bpf{ 
length = 0x64
code = &c

A snippet of the code portion is: 0x00000028 0x00000004 0x61000015 0x00000028 I am looking at this through GDB. How can I look at the above memory addresses and determine which parts go into the sock_filter struct?

How would I determine which hexidecimal value maps to which specific BPF instruction?

asked on Stack Overflow Jun 22, 2017 by John Conrad Geenty • edited Jun 22, 2017 by John Conrad Geenty

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0