帮助对二进制文件格式进行逆向工程的工具 [英] Tools to help reverse engineer binary file formats

问题描述

有哪些工具可以帮助解码未知的二进制数据格式?

我知道 Hex Workshop 和 010 Editor 都支持结构.对于已知的固定格式，这些在有限的范围内是可以的，但对于更复杂的东西很难使用，尤其是对于未知格式.我想我正在寻找脚本语言的模块或可编写脚本的 GUI 工具.

I know Hex Workshop and 010 Editor both support structures. These are okay to a limited extent for a known fixed format but get difficult to use with anything more complicated, especially for unknown formats. I guess I'm looking at a module for a scripting language or a scriptable GUI tool.

例如，我希望能够从有限的已知信息(也许是一个幻数)中找到一个数据块中的结构.一旦我找到了一个结构，然后按照已知的长度和偏移量词来找到其他结构.然后在有意义的地方递归和迭代地重复此操作.

For example, I'd like to be able to find a structure within a block of data from limited known information, perhaps a magic number. Once I've found a structure, then follow known length and offset words to find other structures. Then repeat this recursively and iteratively where it makes sense.

在我的梦想中，甚至可能会根据我已经告诉系统的内容自动识别可能的偏移和长度！

In my dreams, perhaps even automatically identify possible offsets and lengths based on what I've already told the system!

推荐答案

我想到了一些提示:

根据我的经验，交互式脚本语言(我使用 Python)可以提供很大帮助.你可以编写一个简单的框架来处理二进制流和一些简单的算法.然后你可以编写脚本来获取你的二进制文件并检查各种事情.例如:

From my experience, interactive scripting languages (I use Python) can be a great help. You can write a simple framework to deal with binary streams and some simple algorithms. Then you can write scripts that will take your binary and check various things. For example:

对各个部分做一些统计分析.例如，随机数据会告诉您这部分可能已被压缩/加密.零可能意味着部件之间的填充.零散的零可能意味着整数值或 Unicode 字符串等等.尝试发现各种偏移.尝试将部分二进制文件转换为 2 或 4 字节整数或浮点数，打印它们并查看它们是否有意义.编写一些函数来搜索数据中重复或非常相似的部分，这样您就可以轻松找到标题.

Do some statistical analysis on various parts. Random data, for example, will tell you that this part is probably compressed/encrypted. Zeros may mean padding between parts. Scattered zeros may mean integer values or Unicode strings and so on. Try to spot various offsets. Try to convert parts of the binary into 2 or 4 byte integers or into floats, print them and see if they make sence. Write some functions that will search for repeating or very similar parts in the data, this way you can easily spot headers.

尝试找到尽可能多的字符串，尝试不同的编码(c 字符串、pascal 字符串、utf8/16 等).有一些很好的工具(我认为 Hex Workshop 有这样的工具).字符串可以告诉你很多.

Try to find as many strings as possible, try different encodings (c strings, pascal strings, utf8/16, etc.). There are some good tools for that (I think that Hex Workshop has such a tool). Strings can tell you a lot.

祝你好运！

这篇关于帮助对二进制文件格式进行逆向工程的工具的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！