Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • wip
  • measurements
  • rudi-comments
4 results

byteview

  • Clone with SSH
  • Clone with HTTPS
    • Name Last commit Last update
    cmd/byteview
    dissector
    gui
    pkg/byteview
    .gitignore
    LICENSE
    Makefile
    README.md
    README.md

    ByteView

    ByteView is a framework to extract structures from binary files.

    Compiling and Installing ByteView

    The library inside pkg has to be installed in the $GOPATH. Then, the whole project ca be compiled using make.

    The resulting binaries are located inside the build folder.

    Using ByteView

    The main byteview executable and all dissectors have to be located inside the systems PATH. Dissector executables have to be named byteview-format (e.g. byteview-elf).

    A binary file can then be dissected by executing byteview <file>

    Interface for Dissectors

    Dissection request

    {
  "mode": "dissect",
  "data": "base64 encoded binary data",
  "args": {
    "argument1": "value1",
    "argument2": "value2"
  }
}

    A dissector receives a dissection request on stdin. The input is a single JSON object with three arguments.

    • mode tells the dissector, if it shall dissect the binary data, or only detect the format of it. Two values are possible: dissect and detect.
    • data contains the base64 encoded binary.
    • args contains additional arguments a dissector may receive. This field is optional, its structure is defined by the dissector.

    Dissector's result

    {
  "name": "item name",
  "value": "human-readable value",
  "offset": 0,
  "length": 40,
  "childs": [
    {
      "name": "item 1 name",
      "offset": 0,
      "length": 8,
    },
    {
      "name": "item 2 name",
      "value": "human-readable value",
      "offset": 8,
      "length": 16
      "references": 59451,
    }
  ]
}

    If the dissector successfully has decoded the input binary, the resulting description tree is output on stdout. The result has to be in the following format:

    • The output has to be a JSON tree consisting of only JSON objects in the specified format
    • The root element of the output has to be a single JSON object
    • Every JSON object describes a single byte range of the input binary
    • The offset and length parameters specifiy the position and length of the byte range and are mandatory
    • The name parameter describes the purpose of the byte range. While it is not mandatory, it is still recommended to include this in every object
    • The value parameter contains the human-readable value the byte range represents. This is not mandatory and often only necessary for leaf objects.
    • The references parameter can contain the address of another related byte range. This can be used to reference a different part inside the file, which is used by the object. It is typically used to reference to the actual byte range of null-terminated strings.