
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
A fairly performant library intended to make DWARF (v4/v5) debugging information more accessible.
My focus so far has been on making the type information (specifically structs) present in DWARF info easier to work with, so functionality related to that is largely what is implemented at this point.
Current Features:
Though dwat
is primarily meant to be a library, a basic cli is included:
Usage: dwat <COMMAND>
Commands:
lookup Find and display a single struct
dump Find and display all structs
help Print this message or the help of the given subcommand(s)
Options:
-h, --help Print help
dwat
has python bindings! The documentation can be found here: https://zolutal.github.io/dwat/
There are several examples in the examples
directory that are worth checking out.
The first step of using the library is to load the file containing DWARF info into memory, then invoke Dwarf::load
:
let file = File::open(path)?;
let mmap = unsafe { Mmap::map(&file) }?;
let dwarf = Dwarf::load(&*mmap)?;
The dwarf object has a lookup_type
method that can be used to lookup any type implementing the Tagged
trait by name, in this case a struct will be searched for:
let found = dwarf.lookup_type::<dwat::Struct>(struct_name)?;
Struct members can then be retrieved by calling .members()
which returns a Vector of Member
structs.
let members = struc.members(&dwarf)?;
A struct object can be converted to a C-style definition String by invoking the to_string
function:
if let Some(found) = found {
println!("{}", found.to_string(&dwarf)?);
}
FAQs
Library for accessing DWARF debug information
We found that dwat demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.