Classes/Types to read and edit the following file formats:
- Executable and Linking Format (ELF),
- Portable Executable (PE) and
- MachO
- OAT (Android Runtime)
Install FileBytes
$ python setup.py install Or install with PyPi
$ pip install filebytes Parsing ELF file
from filebytes.elf import * elf_file = ELF('test-binaries/ls-x86') elf_header = elf_file.elfHeader sections = elf_file.sections segments = elf_file.segments # elf_file.programHeaders does the sameParsing PE file
from filebytes.pe import * pe_file = PE('test-binaries/cmd-x86.exe') image_dos_header = pe_file.imageDosHeader image_nt_headers = pe_file.imageNtHeaders sections = pe_file.sections data_directory = pe_file.dataDirectory import_directory = data_directory[ImageDirectoryEntry.IMPORT] export_directory = data_directory[ImageDirectoryEntry.EXPORT]Parsing MachO file
from filebytes.mach_o import * macho_file = MachO('test-binaries/ls-macho-x86_64') mach_header = macho_file.machHeader load_commands = macho_file.loadCommandsParsing OAT file, read DEX files and save them
from filebytes.oat import * oat = OAT('test-binaries/boot.oat') for odh in oat.oatDexHeader: name = odh.name.split('/')[-1] with open(name, 'wb') as dex: dex.write(odh.dexBytes)For further samples look at the sample folder.
If you would like contribute, here some ideas:
- Implementation of parsing of missing LoadCommand types for MachO files
- Implementation of parsing of the missing section types for ELF files
- Implementation of parsing of the missing data directory fields for PE files
But any kind of contribution is welcome. :)