获取二进制文件的格式方面的介绍性文字
来源:互联网 发布:阿里云销售做什么 编辑:程序博客网 时间:2024/06/04 17:49
http://stackoverflow.com/questions/1026066/how-to-analyze-binary-file
Reverse engineering a binary file when you have some idea of what it represents is a very time consuming process. If you have no idea what it is then it will be even harder.
It is possible though, but you have to have a pretty good reason for doing so.
The first step would be to open it up in a hex editor of your choice and see if you can find any English text to point you in the direction of what the file is even supposed to represent. From there, Google "Reverse Engineering binary files", there are much more knowledgeable people than me that have written guides about it.
The "strings" program from GNU binutils is very useful. It will print the strings of printable characters in a file, quite often giving a clue to what a file contains or a program does.
For my hobby project I had to reverse engineer some old game files. My approaches were:
- Have a good hex editor.
- Look for readable words in the binary file. Note how their distribution is. If the distance between them is constant you know it is a listing.
- Look for 2-3 consequent zeros. Might indicate an int32 value.
- Some dwords might be pointers into the file.
- Try to identify reoccurring patterns in the file.
- Seeing lots of C0-CF might indicate RLE compressed data.
If the data represents serialized Delphi objects, you should start reading about the Delphi serialization process. If that's the case, I think your best bet would be to load it using Delphi and continue your analysis from the IDE. Some informations about Delphi serialization can be found here.
EDIT: if the file does contain serialized delphi objects, then you should write a small delphi program that loads it, and "convert" the data yourself to something neutral, like xml. If you manage to do this, you should check and see if delphi supports serializing to xml. Then, you could access those objects from any language.
If you have access to the application that creates the file, you can apply changes to the application, then save the file and see the effects (Keep in mind that numbers are probably stored in little endian):
- First create the file repeatedly. If the files are not binary equal, the current date/time is probably stored in the area where hte differences occur.
- Maybe you want to repeat that with the software running under different environments, to see if OS version etc are stored, but this is rather unusual.
- Next you can try to change single variables and create several files that only differ in the value of this variable. This helps you identify where this variable is stored.
- That way you can also exclude variables that are not stored in the file: If you change them, but the files created are identical, they are not stored.
In order to test the hypotheses you worked out with the steps above, edit one of the files and have the application read it.
If you don't have access to the application itself, I suggest that you forget about it and find another way to solve your problem. There is a very high probability that it will be faster...
Try these:
- Deserialize data: analyze how it's compiled your exe (try File Analyzer). Try to deserialize the binary data with the language discovered. Then serialize it in a xml format (language-indipendent) that every programming language can understand
- Analyze the binary data: try to save various versions of the file with little variation and use a diff program to analyze the meaning of every bit with an hex editor. Use it in conjunction with binary hacking techniques (like How to crack a Binary File Format by Frans Faase)
- Reverse Engineer the application: try getting code using reverse engineering tools for the programming language used for build the app (found with File Analyzer). Otherwise use disassembler analysis tool like IDA Pro Disassembler
show 3 more comments
- 获取二进制文件的格式方面的介绍性文字
- dbf文件的二进制文件格式
- 文字著作方面的协议
- 文字输入方面的一些经验
- CSS3.0文字方面的属性
- 计算机专业方面的期刊介绍
- 计算机专业方面的期刊介绍
- 计算机专业方面的期刊介绍
- 计算机专业方面的期刊介绍
- 计算机专业方面的期刊介绍
- 计算机专业方面的期刊介绍
- 常见的文字编码格式
- 关于文字编码方面的知识点的一些整理
- 如何读取以BIFF格式存储的 Excel 二进制文件
- 使用nasm和gcc生成无格式的二进制文件
- C语言编写的文本文件/二进制文件格式互换
- 使用nasm和gcc生成无格式的二进制文件
- [转]关于Oracle许可方面的介绍
- WPF 中的样式(Style)
- 鼠标放上去小图显示大图
- EVC中透明控件的实现
- Ubuntu 10.04 安装配置指南
- 网络营销专家分析SNS社区一般推广方式及要点
- 获取二进制文件的格式方面的介绍性文字
- delete[] 报错问题
- 一篇感言,about one's life
- 老美开始用人工合成的方法创造生命了...
- PHP中基于MVC模式的小型项目总结
- Matlab的Floor, Ceil, Fix, Round
- XBYTE的用法
- Debian5.0下BOOTSPLASH配置过程
- flex 事件之理解