Doubts, help and support about QuickBMS and other game research tools
crushedice2000
Posts: 32Joined: Sun Nov 08, 2015 8:37 pm
Post
by crushedice2000 Mon Nov 09, 2015 8:38 pm
Hi! I have a raw binary file from a closed source program and I want to parse it. Is QuickBMS the right tool for this?
Example of file (hexdump):
Code: Select all
0000000: 5244 4649 4c45 5645 5231 2e30 7c37 aaaa RDFILEVER1.0|7..Example of output:
Code: Select all
TYPE (String): RD FILEReally I don't want the output as that silly example. Only to export it as json or preprocess it directly in the bms program.
aluigi
Site Admin
Posts: 12984Joined: Wed Jul 30, 2014 9:32 pm
Post
by aluigi Mon Nov 09, 2015 9:11 pm
Regarding the script, quickbms supports the C structs so you don't have to write it in bms language (at least not all), for example:
Code: Select all
unsigned char header[10];is the same of
Code: Select all
getdstring header 10Instead regarding the visualization of the collected information, you can use the -V option but the output is just the one of quickbms so can't be reused in other applications (that maybe support xml, json or others).
Example of -V obtained from the first script running on itself:
Code: Select all
. 00000000 getdstr header "unsigned c" 10
crushedice2000
Posts: 32Joined: Sun Nov 08, 2015 8:37 pm
Post
by crushedice2000 Tue Nov 10, 2015 10:26 am
Thanks! Now I'm trying this code:
Code: Select all
getdstring header 12How can I get a unsigned long?
I'm getting -1431655881 instead of 2863311415.
Also, can I do something like this?
Code: Select all
if files == 1234567:
aluigi
Site Admin
Posts: 12984Joined: Wed Jul 30, 2014 9:32 pm
Post
by aluigi Tue Nov 10, 2015 10:45 am
The Print command supports only the signed and hexadecimal output by adding a |x after the name of the variable:
print "\n%header%\n%files|x%\n"
Regarding the other request, try something like:
Code: Select all
if files == 1234567You can even use a '=' instead of 'string' or just omitting it at all.