Skip to content

Latest commit

 

History

History
37 lines (33 loc) · 3.91 KB

File metadata and controls

37 lines (33 loc) · 3.91 KB

<- .file-formats ->

Everything Is Structured. You Just Don't Know It Yet

  • There are perhaps thousands of different file formats in the wild — file formats for images (e.g. JPEG, PNG, GIF), file formats for sounds (e.g. WAV, MP3, OPUS), or proprietary file formats for specific software products. As a reverse engineer, you are mostly only interested in executable file formats such as ELF and PE, but at times you might also want to understand what information is stored in a proprietary file format. Despite the sheer numbers of different file formats, all of them have one thing in common: they tell us where specific information is stored so a corresponding software will know where to parse for the relevant data. For example, image viewing software like Windows Photo Viewer will need to understand PNG file format so it knows where to retrieve the encoded image.

section overview



further readings


  • Corkami Pics: visualization of how various binary file formats are laid out
  • Corkami's PE Wiki: in-depth analysis of every field in the PE file format
  • Kaitai Struct: a declarative language for visualizing binary file formats. Once you describes a file format in Kaitai Struct you can compile it into one of the supported languages. The compiled module will expose a straightforward API to access fields in that file format
  • Visual Reverse Engineering: with binary visualization, it doesn't need to know how to parse the file format to provide useful information about the file that it's analyzing. Binary visualization not only can tells apart different file formats, it can also uncovers peculiarities within the same file format (e.g. packed vs not packed PE executable). VELES and binvis are examples of popular free-to-use binary visualization tools
  • Even when the file format is known, file parsing is hard

.languages <- RERM -> .anti-analysis