On Tue, 3 May 2011, Alexander Hall wrote:
>On 05/02/11 23:50, Dave Anderson wrote:
>> Sorry to bother you all, but I'm failing miserably at searching for a
>> tool to help analyze the structure of arbitrary files (prefereably one
>> which runs on OpenBSD).
>>
>> I've got a device which exports data in a undocumented format and the
>> only program available to use that data doesn't do what I need, so I
>> need to figure out the file formats so I can communicate with the device
>> the way I need to.
>>
>> What I'm looking for is an interactive program which makes it easy to
>> look at selected parts of a file (individual items, sets of items
>> located at regular intervals, sets of items linked by pointers or
>> offsets, etc) in any of many formats (ascii, unicode, int, double float,
>> etc) and either endianness, store comments about items or sets of items
>> in an aux file, store names for various values in particular items and
>> display those items values using those names, search for patterns at
>> regular intervals or linked by pointers or offsets, etc, etc, etc; all
>> those things which make it easier to discover and keep track of the
>> structure of an unknown file.
>>
>> It's hard to believe that nobody has ever written such a program, but
>> I've been unable to find one. Any suggestions for effective searches or
>> for suitable programs would be appreciated.
>
>Without a terribly skilled mathematician and tons of luck I would expect
>such a program to be close to impossible to create, or at least require
>tons of CPU time and data to perform the observations on, to come up
>with a reasonably reliable result. However, since I am not a terribly
>skilled matematician myself, I may be totally wrong.
If the program is expected to do the analysis on its own, I'm sure
you're correct. What I'm looking for is one which automates a lot of
the tedious parts of a human-directed analysis; the intelligence (or
lack thereof) in what to look for, where to look for it, and what it
really means would come from the user.
>Meanwhile, file(1) comes to mind. :-)
>
>$ file /etc/pwd.db
>/etc/pwd.db: Berkeley DB 1.85 (Hash, version 2, native byte-order)
Unfortunately, that doesn't go nearly far enough. In particular
(judging from the man page) it doesn't do anything with structured
binary files unless they're one of the particular formats it recognizes
-- and the files I have won't be.
Thanks anyway,
Dave
--
Dave Anderson
<[email protected]>
