Comments on: Translate http://blog.didierstevens.com (blog 'DidierStevens) Wed, 07 Jan 2009 16:33:40 +0000 http://wordpress.org/?v=MU hourly 1 By: io http://blog.didierstevens.com/programs/translate/#comment-33104 io Fri, 11 Jul 2008 12:27:32 +0000 http://blog.didierstevens.com/programs/translate/#comment-33104 I think the posting process somehow managed to steal some of my text (especially since the first function is copy&pasted from your post), but yes, that's what I wanted to write. :) And _especially_ for didactic reasons I think the code should be as good as possible, since other people are learning from it. The folks who don't understand bit operations should probably stay away from decryption & malware analysis altogether... might do more harm than good. ;) As for the optimality of the rest of the code, I've only skimmed it I'm affraid. I was actually looking for an efficient way of doing ROL/ROR in .py, and that's how I stumbled over your code. I have plenty of experience with Python, and by accident I work in the malware anlysis industry myself. :) Getting back to the efficiency issue, I'm probably going to write a ROL/ROR module in C/asm to make it efficient enough. That code might even be worth including... Cheers! I think the posting process somehow managed to steal some of my text (especially since the first function is copy&pasted from your post), but yes, that’s what I wanted to write. :)

And _especially_ for didactic reasons I think the code should be as good as possible, since other people are learning from it. The folks who don’t understand bit operations should probably stay away from decryption & malware analysis altogether… might do more harm than good. ;)

As for the optimality of the rest of the code, I’ve only skimmed it I’m affraid. I was actually looking for an efficient way of doing ROL/ROR in .py, and that’s how I stumbled over your code. I have plenty of experience with Python, and by accident I work in the malware anlysis industry myself. :) Getting back to the efficiency issue, I’m probably going to write a ROL/ROR module in C/asm to make it efficient enough. That code might even be worth including…

Cheers!

]]> By: Didier Stevens http://blog.didierstevens.com/programs/translate/#comment-33101 Didier Stevens Thu, 10 Jul 2008 21:05:10 +0000 http://blog.didierstevens.com/programs/translate/#comment-33101 I believe you wanted to write this: def rol(byte, count): byte = (byte << count | byte >> (8 - count)) & 0xFF return byte You'll be surprised by the gain in performance: about 10% Translating a 3MB file with the original ROL (rolling 4 bits) takes 168 seconds, translating the same file with the faster ROL takes 155 seconds. There is a huge overhead in the translation of each byte by the eval function: outbyte = eval(command) For every byte, Python has to parse, compile and execute the command. Parsing and compiling takes much more time than the loop in the original ROL command. This is _very_ ineffecient, but _very_ flexible. You can provide your own Python expression without having to edit the translate program. I used a loop in the ROL and ROR commands for didactic reasons. Manipulating bits is very foreign for most people, even programmers. I believe my version is more readable and understandable, and thus extendable by other people. But you're right, removing inner loops adds to the performance. But in this specific case, most CPU cycles go to the eval function, and not to the loop. Anyways, thanks for your comment, I'll have to think about how to include your code. Maybe I can leave the original ROL and use your code for the ROR ;-) I believe you wanted to write this:

def rol(byte, count):
byte = (byte << count | byte >> (8 - count)) & 0xFF
return byte

You’ll be surprised by the gain in performance: about 10%
Translating a 3MB file with the original ROL (rolling 4 bits) takes 168 seconds, translating the same file with the faster ROL takes 155 seconds.

There is a huge overhead in the translation of each byte by the eval function:
outbyte = eval(command)

For every byte, Python has to parse, compile and execute the command. Parsing and compiling takes much more time than the loop in the original ROL command. This is _very_ ineffecient, but _very_ flexible. You can provide your own Python expression without having to edit the translate program.

I used a loop in the ROL and ROR commands for didactic reasons. Manipulating bits is very foreign for most people, even programmers. I believe my version is more readable and understandable, and thus extendable by other people.

But you’re right, removing inner loops adds to the performance. But in this specific case, most CPU cycles go to the eval function, and not to the loop.

Anyways, thanks for your comment, I’ll have to think about how to include your code. Maybe I can leave the original ROL and use your code for the ROR ;-)

]]> By: io http://blog.didierstevens.com/programs/translate/#comment-33091 io Thu, 10 Jul 2008 15:58:11 +0000 http://blog.didierstevens.com/programs/translate/#comment-33091 This is _very_ inefficient: def rol(byte, count): while count > 0: byte = (byte <> 7) & 0xFF count -= 1 return byte This should work faster: def rol(byte, count): byte = (byte <> (8 - count)) & 0xFF return byte This is _very_ inefficient:
def rol(byte, count):
while count > 0:
byte = (byte <> 7) & 0xFF
count -= 1
return byte

This should work faster:
def rol(byte, count):
byte = (byte <> (8 - count)) & 0xFF
return byte

]]>