// // binsieve.c // // Copyright 2007, Anthony Dunk // // This program is a file reverse engineering tool whose purpose is to // automatically detect values in the header section of a file, and to // report values which fall within the chosen range of acceptible values. // This is a quick first step to understanding a new file format. Further // work to analyse the format should then be undertaken using a tool // such as HexToolkit (http://adunk.ozehosting.com/software/HexView.html) // // HISTORY: // 30 July 2007 - Initial version, Anthony Dunk. // #include #include void Swap4(void *p) { unsigned char *data = (unsigned char *)p; unsigned char tmp = data[0]; data[0] = data[3]; data[3] = tmp; tmp = data[1]; data[1] = data[2]; data[2] = tmp; } void Swap8(void *p) { unsigned char *data = (unsigned char *)p; unsigned char tmp = data[0]; data[0] = data[7]; data[7] = tmp; tmp = data[1]; data[1] = data[6]; data[6] = tmp; tmp = data[2]; data[2] = data[5]; data[5] = tmp; tmp = data[3]; data[3] = data[4]; data[4] = tmp; } int main (int argc, char *argv[]) { FILE *fin; int i; unsigned char *buf; char *string; char *pFilename; int nArg = 1; int SEARCH_NUMBER_ALIGN = 1; int SEARCH_NUMBER_SWAP = 0; int BLOCKSIZE = 1024; int SEARCH_MIN_NUMBER = -10000000; int SEARCH_MAX_NUMBER = 10000000; double SEARCH_SMALL_FLOAT = 0.00000001; int SEARCH_MIN_STRING_LEN = 3; int DO_INT = 0; int DO_FLOAT = 0; int DO_DOUBLE = 0; int DO_STRING = 0; if (argc<2) { printf("This program searchs for numbers and strings in a binary file.\n\n"); printf("USAGE: binsieve [-all] [-int] [-float] [-double] [-string]\n" " [-swap] [-align n] [-length m] [-min a] [-max b]\n" " [-smallfloat s] [-minstrlen c] \n\n"); printf("-int Search for 4-byte integer values\n"); printf("-float Search for 4-byte float values\n"); printf("-double Search for 8-byte double values\n"); printf("-string Search for strings\n"); printf("-all All of the above (Default)\n"); printf("-swap Byte-swap numeric values\n"); printf("-align Only look for numeric values on n-byte boundaries (default=1)\n"); printf("-length Look at first m bytes of file only (default=1024)\n"); printf("-min Only report numeric values greater than this value (Default=-10^7)\n"); printf("-max Only report numeric values less than this value (Default = 10^7)\n"); printf("-smallfloat Don't report float/double values smaller than +/- s (Default=10^-8)\n"); printf("-minstrlen Don't report strings less than c characters long (Default=3)\n"); return 1; } while (nArgSEARCH_MIN_NUMBER && valSEARCH_SMALL_FLOAT || val<-SEARCH_SMALL_FLOAT) && val>(float)SEARCH_MIN_NUMBER && val<(float)SEARCH_MAX_NUMBER) { printf("%04x: %f\n",i,val); } } } if (DO_DOUBLE) { // Search for valid doubles printf("\nDOUBLE (8 bytes):\n"); for (i=0; iSEARCH_SMALL_FLOAT || val<-SEARCH_SMALL_FLOAT) && val>(double)SEARCH_MIN_NUMBER && val<(double)SEARCH_MAX_NUMBER) { printf("%04x: %f\n",i,val); } } } if (DO_STRING) { // Search for strings printf("\nSTRINGS:\n"); { int nStringStart = -1; int nStringSize = 0; for (i=0; i=0x20 && c<0x7f) { if (nStringStart==-1) nStringStart=i; string[nStringSize++]=c; } else { if (nStringSize>=SEARCH_MIN_STRING_LEN) { string[nStringSize]=0; printf("%04x: %s\n",nStringStart,string); } nStringStart=-1; nStringSize = 0; } } } } free(buf); free(string); return 0; }