ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Mon Apr 23, 2018 9:51 am

All times are UTC




Post new topic  Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Mon Nov 09, 2015 8:38 pm 

Joined: Sun Nov 08, 2015 8:37 pm
Posts: 32
Hi! I have a raw binary file from a closed source program and I want to parse it. Is QuickBMS the right tool for this?

Example of file (hexdump):

Code:
0000000: 5244 4649 4c45 5645 5231 2e30 7c37 aaaa  RDFILEVER1.0|7..
0000010: aaff aaff ccdd eeff 00                   .........


Example of output:

Code:
TYPE (String): RD FILE
VERSION (String): 1.0
FILL (String): |
BIG NUMBER (Unsigned 32Bit Integer): 2863311415


Really I don't want the output as that silly example. Only to export it as json or preprocess it directly in the bms program.


Top
   
PostPosted: Mon Nov 09, 2015 9:11 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 7914
Regarding the script, quickbms supports the C structs so you don't have to write it in bms language (at least not all), for example:
Code:
unsigned char header[10];
int files;
int dummy[3]
is the same of
Code:
getdstring header 10
get files long
getdstring dummy 12


Instead regarding the visualization of the collected information, you can use the -V option but the output is just the one of quickbms so can't be reused in other applications (that maybe support xml, json or others).

Example of -V obtained from the first script running on itself:
Code:
. 00000000 getdstr header     "unsigned c" 10
    75 6e 73 69 67 6e 65 64 20 63                     unsigned c
. 0000000a get     files      0x20726168 4
. 0000000e getdstr dummy      "" 12
    68 65 61 64 65 72 5b 31 30 5d 3b 0d               header[10];.


Top
   
PostPosted: Tue Nov 10, 2015 10:26 am 

Joined: Sun Nov 08, 2015 8:37 pm
Posts: 32
Thanks! Now I'm trying this code:

Code:
getdstring header 12
getdstring splitter 1
get files long

print "\n%header%\n%files%\n"


How can I get a unsigned long?

I'm getting -1431655881 instead of 2863311415.

Also, can I do something like this?

Code:
if files == 1234567:
    files = "COMMAND1"
else if files == 12345678:
    files = "COMMAND2"
else:
    files = "COMMAND3"


Top
   
PostPosted: Tue Nov 10, 2015 10:45 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 7914
The Print command supports only the signed and hexadecimal output by adding a |x after the name of the variable:
print "\n%header%\n%files|x%\n"

Regarding the other request, try something like:
Code:
if files == 1234567
    set files string "COMMAND1"
else if files == 12345678
    set files string "COMMAND2"
else:
    set files string "COMMAND3"
You can even use a '=' instead of 'string' or just omitting it at all.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 4 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited