Thursday, October 28, 2010

New Version of HayWire Now Available


After many months of distraction, I have finally pulled together a new version of Haywire that you can download from the Seductive Logic web site.

This version adds a tabbed view selection area to the top-left of center area that lets users select several sub-views of interest. These include:


  • An "always available" subset of the "Page" overview display called RADAR.

  • Picture-in-picture size and area selector.

  • FFT location and height

  • Image warping control for the 3-D "fly-over" screen.

  • Histogram.

  • Timing diagram.

  • ...more to follow...

Other improvements have been made, correcting some errors, and improving performance. The video capture feature has also been restored, although it is for highly-advanced users only.


Monday, August 10, 2009

Upside - Down or Downside - Up?

One major design issue for Haywire has to do with how memory is depicted vertically. Is address zero at the top of the screen, at the bottom, or somewhere else?

Zero at the bottom makes metaphorical sense - down = less, up = more. It is how my high-school math teachers explained trigonometry and Descartes' coordinates. Its seen in many manuals with memory layout diagrams in them too.

On the other hand, most computer frame buffers put zero at the top, as do their graphics APIs. (Its an easy matter to convert between these two schemes by scaling Y by -1). Microsoft does this too, with the added twist of having the topmost line of the image begin at the highest memory address, using what is called a "bottom-up stride".

This means that the program as it is now shows many images upside-down. So I added a flip button, which does not flip everything.

Just what and how I flip has all kinds of implications. The menu is at the top, and mouse motion should be economical, so we want to not have to move the controls. We also want the spectrogram spikes to point up rather than down, and the vertical control to flip.

If I want to, I can have several "skins" built with dialog templates and can move controls around, etc. A related nagging issue has to do with "when I set the controls to an address, how does the screen line-up with that choice? Its like map navigation, you want to jump from one resolution to another and not get lost, which is easiest if you work from the centers of things. Right now the program keeps track of the upper-left-hand-corner location, and an X and Y offset from that, which is where the setting matches. The math for this is shown in the upper left hand corner, with the three major components laid-out as line-items: page Table, Page number, and page Offset ( T.P.O.) These represent the course, normal, and fine parts of the address, which roughly correspond to the frame, horizontal line, and pixel. The pageTable slider is on the left, the Page number on the right, and the Offset is along the top. Page number and Offset can be dragged by touching any part of the strip, and they increase/decrease continuously, by "tugging" and nudging". All three controls allow access to the full ranage of the system, although your hand will get tired if you attempt to climb up 4 Gb of address space 200 bytes at a time.

Version 0.3 of HayWire Is Available


...over at www.seductivelogic.com. The GUI has been changed a bit, hopefully for the better. In particular, it now has rotor-style scroll bars (gray with white tick-marks, shaded) for X and Y position indication. In the above screenshot, I have zoomed in on a color-bar test image I put in the program to help test the 24-bit RGB support. Its location in memory is a few pages down from Calico Katie.

Friday, July 31, 2009

Grabs From The Gallery

Here are some grabs from HayWire. Clicking on an image will enlarge it for you to the full 640x480.

While Haywire has a lot of options for how to project memory contents onto the screen, they typically involve things like pixel format, columns per page, column width, starting address. The only post-production I do is to run them through JPEG compression so they are smaller and don't get me in trouble for software piracy or leak my darkest secrets.

This image comes from the WinLogon part of Windows, which is the program that asks for you name and password. I also found this image there. (I usually run a pretty bare system and don't use background screens, screen savers, etc. It keeps the debugging tractable).





The program has an option that dumps arbitrary files on the hard drive as well as memory resident stuff. You can use that feature to view crashdumps, program and data files, and in the above case, a huge AVI file that was stored months earlier, uncompressed.




One of the most useful features is perspective rendering. It lets me quadruple the amount of info on the screen. I just call a warp subroutine and don't use DirectX-3D, which makes the program slower but less configuration-dependent.

This image came from Firefox. I think the graphic was on the FrameWave web page describing a high-performance multimedia processing library. The graphic didn't look anything like it does here when I saw it on the web at some earlier time.




What happens when you fly over the memory that the system uses to generate the video display? It makes video feedback! The system dumps video memory to the video memory, creating an infinite mirror effect. (This slows everything down by a factor of 4). The way-cool animated effects are worth it.




The perspective display mode lets you adjust the vanishing points and orientation much the way an elaborate view camera does. Here is the flyover screen turned into a video wall effect. Heck - it may even turn into a flight simulator program with video game enemys made out of the resident icons.



Another "stairway to heaven" type effect. There are many ways to work with video feedback, most of them really deserve to be presented as animations. I already have the code in there for that, I just need to fix a few things and voila! my hard disk is full again!





This last one comes from the Windows Explorer (not Internet Explorer, but the program that MacHeads call the Finder) which draws windows, icons, trash cans, etc. It has this rocket blastoff image in there too, and I have no idea why.

Thursday, July 30, 2009

Haywire Screen Dumps

Haywire has a dump button. Whatever is in video screen window goes into a capture folder as a 640x480x32 bit BMP file. Whenever I see something strange, cool, or unusual, I push the button and eventually, go through the directory and preserve the most interesting stuff.

This dump shows an example (from several months ago) of what the GUI looked like then. (Its been improved since).


As a way of figuring out how Blogger feels about screen dumps, here are a few of them from my archive, that goes back 8 months or so.


This dump is from inside Firefox - which is home to lots of unusual imagery.

... and yes, you can see if somebody has visited a porn site - as long as they haven't powered the machine down or done something "anti-forensic".

Here is a shot of my development environment (VS-2005), taken on my birthday. It shows the 4 screen regions which are shown on the most complex interface screen. Left is the page map, Top is the main dump screen, Bottom is the exploratory dump screen, and between top and bottom is the spectrogram display.

The spectrogram display shows the auto correlation spectra of 8192 pixels starting at the cross-hair point (or 8-12 video lines). Stated more simply, I compare the image with itself, offset by one pixel, two pixels, three pixels, and so on. The computer calculates how close the resemblence is, and shows a peak on the graph, with the best matches standing taller.

The next two images show this effect. I am sniffing around in memory, looking at a DLL that Windows provides and has many icons in it.


The yellow tab at the top of the screen sets the horizontal size of the image decode for the bottom pane. I also have column-wrap turned on so you can see farther down in memory.
The position of the yellow tab is drawn as a dashed line in the spectrogram area.

By moving the yellow tab closer to the large peak slightly to the right, you can see why this is a useful tool:



Isn't comparing an image to itself 8192 times and scoring the results rather slow?

It can be, or you can do it much faster using the Fast Fourier Transform - which ranks high on my list of the most important inventions of the 20th Century. FFT Geeks should be able to follow this description: I convert 8192 32-bit pixels to 16384 complex numbers by padding with zeros. (This helps control distortion). I run a forward FFT, then square each value in the frequency domain, run an inverse FFT and then take the complex conjugate, scale and plot the result.

The FFT routine is very fast and very complicated. It was created by a system called SPIRAL, which is a genetic and heuristic algorithm for creating FFT programs (and related stuff like DCT, etc.) You go to their web page, describe the accuracy, number of samples, and so on, and it hands back a C program with lots of assignment statements which take values from various places in a large array and stuffs results into another array. They take into consideration stuff like memory cache architecture on the target machine. The code is ugly but its plenty fast.

Fast enough to be amazing to this old bird. Floating point used to be radically slower than integer math - that difference has disappeared.

HayWire, Haystack, and Barnburner

... are the names of 3 parts of my latest software release.

There is a lot more about them on the Seductive Logic home page, where one can download this stuff and play along at home.

For those who want to stay put, HayWire is a program for viewing your computer's memory contents on a video screen in real time. You dial in a hexidecimal address somewhere inside a program running on your machine and you see the bits mutate before your very eyes.

The program started out as a 4 hour hack to evaluate a plug-in framework for the Freeframe open-source video effects plug-in standard. Rather than just doing something simple like contrast and brightness, I thought I would copy memory into the buffer from a user-selected address. It worked, and then it got way out of hand...

One impitus for this was Dmitry Vostokov, whom I discovered while looking for debugging tools. He has a program that turns crash-dumps into fascinating pictures, among a wide-variety of diverse excursions around the crash-dump analysis discipline that has to be seen to be believed.

I sent him a copy of the video plug-in and a host program, and he had a look at it, then he grabbed the SourceForge version and played with that too. He wrote back and suggested doing a book project - which will get underway in earnest soon. (I am finishing the program now).

Anyway, the plug-in is still in there, with much more capability. The host program bloomed from a property page into a full-blown rich-multimedia-application framework.

A few minutes before starting this blog I discovered something amazing playing with the program. I will write about it soon, after I get a better idea of what the limits of this blog program are.

http://www.dumpanalysis.org/blog/index.php/about/