Thursday, July 30, 2009

Haywire Screen Dumps

Haywire has a dump button. Whatever is in video screen window goes into a capture folder as a 640x480x32 bit BMP file. Whenever I see something strange, cool, or unusual, I push the button and eventually, go through the directory and preserve the most interesting stuff.

This dump shows an example (from several months ago) of what the GUI looked like then. (Its been improved since).

As a way of figuring out how Blogger feels about screen dumps, here are a few of them from my archive, that goes back 8 months or so.

This dump is from inside Firefox - which is home to lots of unusual imagery.

... and yes, you can see if somebody has visited a porn site - as long as they haven't powered the machine down or done something "anti-forensic".

Here is a shot of my development environment (VS-2005), taken on my birthday. It shows the 4 screen regions which are shown on the most complex interface screen. Left is the page map, Top is the main dump screen, Bottom is the exploratory dump screen, and between top and bottom is the spectrogram display.

The spectrogram display shows the auto correlation spectra of 8192 pixels starting at the cross-hair point (or 8-12 video lines). Stated more simply, I compare the image with itself, offset by one pixel, two pixels, three pixels, and so on. The computer calculates how close the resemblence is, and shows a peak on the graph, with the best matches standing taller.

The next two images show this effect. I am sniffing around in memory, looking at a DLL that Windows provides and has many icons in it.

The yellow tab at the top of the screen sets the horizontal size of the image decode for the bottom pane. I also have column-wrap turned on so you can see farther down in memory.
The position of the yellow tab is drawn as a dashed line in the spectrogram area.

By moving the yellow tab closer to the large peak slightly to the right, you can see why this is a useful tool:

Isn't comparing an image to itself 8192 times and scoring the results rather slow?

It can be, or you can do it much faster using the Fast Fourier Transform - which ranks high on my list of the most important inventions of the 20th Century. FFT Geeks should be able to follow this description: I convert 8192 32-bit pixels to 16384 complex numbers by padding with zeros. (This helps control distortion). I run a forward FFT, then square each value in the frequency domain, run an inverse FFT and then take the complex conjugate, scale and plot the result.

The FFT routine is very fast and very complicated. It was created by a system called SPIRAL, which is a genetic and heuristic algorithm for creating FFT programs (and related stuff like DCT, etc.) You go to their web page, describe the accuracy, number of samples, and so on, and it hands back a C program with lots of assignment statements which take values from various places in a large array and stuffs results into another array. They take into consideration stuff like memory cache architecture on the target machine. The code is ugly but its plenty fast.

Fast enough to be amazing to this old bird. Floating point used to be radically slower than integer math - that difference has disappeared.

No comments:

Post a Comment