Oninit Logo
The Down System Specialists
+1-913-732-8892
+44-2081-337529
Introduction Health Check Standby Admin Remote Admin Remote Monitoring Backup and Restore Custom Support Down Systems
Introduction BenchIt Toolkit Business Logic Extractor Forensic Tools Grafana Data Sources Logwalker Nexus QueryLens Snooper
Unix SQL Advanced SQL 4GL Applications Advanced 4GL IDS Admin Migrating to V14 IDS Performance Managing & Optimising SPL and Triggers IDS V14 Upgrading Very Old Versions Custom Training
Onstat Guide Error Code Guide Reference Datablades The Dumb DBA Sysmaster Fault Finder Firewall Protocols OpenSSH on Solaris
Unix & Web Services Co-Location Web Hosting Managed Servers Web Development
BenchMark Tookkit RegExp Datablade
Partnerships
Overview Terms of Service Privacy Policy Acceptable Use DMCA Policy Security Overview Data Processing Addendum AI Services Contact
Contact
Overview Worked Examples
Try / Get
Try Demo Download
Solution Overview
Summary For DBAs For Architects For Management
Reference
Glossary

Oninit® BLT — printers (mode policy)

BLT has three extraction modes. The choice is the operator’s: use Strict when symbols are mandatory and a clean abort is preferable; use Recovery when partial output is more useful than no output at all.

ModeBehaviour on a stripped binary
Strict Requires symbols. Aborts the pipeline before emitting any findings if the binary is stripped; exits with a non-zero status and a one-line reason.
Recovery (default) Tolerates a stripped binary. Reports the reduced fidelity in the review log under "Binary diagnostics" and continues — strings, sections, and any names that survive in the dynamic symbol table still come through.
Forensic Same warn-and-continue policy as Recovery. Reserves the door for deeper analysis when configured.

Preparing a stripped fixture

$ strip --strip-all -o Printers_stripped.4ge examples/Printers.4ge
$ file Printers_stripped.4ge
Printers_stripped.4ge: ELF 64-bit LSB executable, x86-64, dynamically linked, stripped

Note that an Informix4GL binary still exports its 4GL function names through the dynamic symbol table even after a strip, so the function names main_code, add_det, … survive the operation. BLT’s "stripped" detection keys on the static symbol table being absent, not on a virtual-address heuristic, so a Strict / Recovery decision lands correctly on Informix4GL output.

Strict — the abort path

mode: strict
inputs:
  binary:
    paths: [Printers_stripped.4ge]
  schema_ddl:
    paths: [examples/printers.sql]
output:
  directory: ./report/

Under Strict, BLT refuses to proceed on a stripped binary. The pipeline aborts before any findings are written; no spec is emitted; the operator gets a clear reason on stderr.

Recovery — warn and continue

mode: recovery
inputs:
  binary:
    paths: [Printers_stripped.4ge]
  schema_ddl:
    paths: [examples/printers.sql]
output:
  directory: ./report/

The same input under Recovery runs to completion. A binary diagnostic is recorded and surfaced in review.md under a dedicated "Binary diagnostics" section, so any reviewer sees the run was on a stripped input and can weigh the rest of the output accordingly. The diagnostic is the audit trail.

Trade-off

Strict is the right choice when the operator wants a deterministic fail-fast: the absence of symbols is a hard precondition violation. Recovery is the right choice when partial output is more useful than no output at all — for instance, a stripped binary with an intact dynamic symbol table still yields useful symbol and string evidence. The diagnostic preserves the audit story regardless.

To discuss how Oninit ® can assist please call on +1-913-732-8892 or alternatively just send an email specifying your requirements.


You get all this for free.. think about what you get if you pay us