Didier Stevens

Tuesday 19 December 2017

New Tool: format-bytes.py

Filed under: My Software — Didier Stevens @ 0:00

I regularly copy bytes from my command-line tool over to 010 Editor to have this data represented by the Inspector using different formats, like this:

format-bytes.py is a new tool with which I try to achieve a similar result:

Using option -f, it is essentially a wrapper for the struct module. In the following example, we parse the beginning of the PE header of 2 Windows executables:

This shows us that both files have 6 sections and that notepad is from 2016 and regedit from 2017.

-f IHHI uses the struct module’s formatting to specify how to parse the bytes, and “#c#[‘PE’]:” is a cut-expression to carve the PE header out of the executables.

format-bytes_V0_0_3.zip (https)
MD5: CFE426B605DEDA6E388C1F62D2655A31
SHA256: 227C3911A0D2B9D8E524B44D5B4F80EBAABD34810A11A9189B09ADFA5D2FB67A

2 Comments »

  1. […] New Tool: format-bytes.py […]

    Pingback by Overview of Content Published In December | Didier Stevens — Tuesday 2 January 2018 @ 0:01

  2. […] new version of format-bytes.py display extra information when unpacking strings: string length, first 10 bytes of the string […]

    Pingback by Update: format-bytes.py Version 0.0.4 | Didier Stevens — Friday 19 January 2018 @ 21:48


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.