mrcrowbar.utils module¶

General utility functions useful for reverse engineering.

mrcrowbar.utils.basic_diff(source1, source2, start=None, end=None)[source]¶

Perform a basic diff between two equal-sized binary strings and return a list of (offset, size) tuples denoting the differences.

source1: The first byte string source.
source2: The second byte string source.
start: Start offset to read from (default: start)
end: End offset to stop reading at (default: end)

mrcrowbar.utils.diff(source1, source2, prefix='source', depth=None)[source]¶

Find differences between two objects.

source1: The first source.
source2: The second source.
prefix: The name of the base element to display.
depth: Maximum number of levels to traverse.

mrcrowbar.utils.diff_iter(source1, source2, prefix='source', depth=None)[source]¶

Return an iterator that finds differences between two objects.

source1: The first source.
source2: The second source.
prefix: The name of the base element to display.
depth: Maximum number of levels to traverse.

mrcrowbar.utils.diffdump(source1, source2, prefix='source', depth=None)[source]¶

Print a list of differences between two objects.

source1: First source object
source2: Second source object
prefix: The name of the base element to display.
depth: Maximum number of levels to traverse.

mrcrowbar.utils.diffdump_iter(source1, source2, prefix='source', depth=None)[source]¶

Return an iterator that renders a list of differences between two objects.

source1: First source object
source2: Second source object
prefix: The name of the base element to display.
depth: Maximum number of levels to traverse.

mrcrowbar.utils.enable_logging(level='WARNING')[source]¶

Enable sending logs to stderr. Useful for shell sessions.

level: Logging threshold, as defined in the logging module of the Python standard library. Defaults to ‘WARNING’.

mrcrowbar.utils.find_all(source, substring, start=None, end=None, length=None, overlap=False, ignore_case=False)[source]¶

Find every location of a substring in a source byte string.

source: Source byte string to search.
substring: Pattern to match, as a Python byte string
start: Start offset to read from (default: start)
end: End offset to stop reading at (default: end)
length: Length to read in (optional replacement for end)
overlap: Whether to return overlapping matches (default: false)
ignore_case: Perform a case-insensitive search

mrcrowbar.utils.find_all_iter(source, substring, start=None, end=None, length=None, overlap=False, ignore_case=False)[source]¶

Return an iterator that finds every location of a substring in a source byte string.

source: Source byte string to search.
substring: Pattern to match, as a Python byte string
start: Start offset to read from (default: start)
end: End offset to stop reading at (default: end)
length: Length to read in (optional replacement for end)
overlap: Whether to return overlapping matches (default: false)
ignore_case: Perform a case-insensitive search

mrcrowbar.utils.grep(pattern, source, start=None, end=None, length=None, encoding='utf8', fixed_string=False, hex_format=False, ignore_case=False)[source]¶

Find the contents of a byte string that match a pattern.

pattern: Pattern to match, as a Python string
source: Source byte string to search
encoding: Convert strings in the pattern to a specific Python encoding (default: utf8)
fixed_string: Interpret the pattern as a fixed string (disable regular expressions)
hex_format: Interpret the pattern as raw hexidecimal (default: false)
ignore_case: Perform a case-insensitive search

mrcrowbar.utils.grep_iter(pattern, source, encoding='utf8', fixed_string=False, hex_format=False, ignore_case=False)[source]¶

Return an iterator that finds the contents of a byte string that match a pattern.

pattern: Pattern to match, as a Python string
source: Byte string to inspect
encoding: Convert strings in the pattern to a specific Python encoding (default: utf8)
fixed_string: Interpret the pattern as a fixed string (disable regular expressions)
hex_format: Interpret the pattern as raw hexidecimal (default: false)
ignore_case: Perform a case-insensitive search

mrcrowbar.utils.hexdump(source, start=None, end=None, length=None, major_len=8, minor_len=4, colour=True, address_base=None)[source]¶

Print a byte string in tabular hexadecimal/ASCII format.

source: Source byte string to print
start: Start offset to read from (default: start)
end: End offset to stop reading at (default: end)
length: Length to read in (optional replacement for end)
major_len: Number of hexadecimal groups per line
minor_len: Number of bytes per hexadecimal group
colour: Add ANSI colour formatting to output (default: true)
address_base: Base address to use for labels (default: start)

Raises ValueError if both end and length are defined.

mrcrowbar.utils.hexdump_diff(source1, source2, start=None, end=None, length=None, major_len=8, minor_len=4, colour=True, before=2, after=2, address_base=None)[source]¶

Print the differences between two byte strings in tabular hexadecimal/ASCII format.

source1: First byte string source
source2: Second byte string source
start: Start offset to read from (default: start)
end: End offset to stop reading at (default: end)
length: Length to read in (optional replacement for end)
major_len: Number of hexadecimal groups per line
minor_len: Number of bytes per hexadecimal group
colour: Add ANSI colour formatting to output (default: true)
before: Number of lines of context preceeding a match to show
after: Number of lines of context following a match to show
address_base: Base address to use for labels (default: start)

Raises ValueError if both end and length are defined.

mrcrowbar.utils.hexdump_diff_iter(source1, source2, start=None, end=None, length=None, major_len=8, minor_len=4, colour=True, before=2, after=2, address_base=None)[source]¶

Return an iterator that renders the differences between two byte strings and renders the result in tabular hexadecimal/ASCII format.

source1: First byte string source
source2: Second byte string source
start: Start offset to read from (default: start)
end: End offset to stop reading at (default: end)
length: Length to read in (optional replacement for end)
major_len: Number of hexadecimal groups per line
minor_len: Number of bytes per hexadecimal group
colour: Add ANSI colour formatting to output (default: true)
before: Number of lines of context preceeding a match to show
after: Number of lines of context following a match to show
address_base: Base address to use for labels (default: start)

Raises ValueError if both end and length are defined.

mrcrowbar.utils.hexdump_grep(pattern, source, start=None, end=None, length=None, encoding='utf8', fixed_string=False, hex_format=False, ignore_case=False, major_len=8, minor_len=4, colour=True, address_base=None, before=2, after=2, title=None)[source]¶

Search a byte string for a pattern and print the result in tabular hexadecimal/ASCII format.

pattern: Pattern to match, as a Python string
source: The byte string to print.
start: Start offset to read from (default: start)
end: End offset to stop reading at (default: end)
length: Length to read in (optional replacement for end)
encoding: Convert strings in the pattern to a specific Python encoding (default: utf8)
fixed_string: Interpret the pattern as a fixed string (disable regular expressions)
hex_format: Interpret the pattern as raw hexidecimal (default: false)
ignore_case: Perform a case-insensitive search
major_len: Number of hexadecimal groups per line
minor_len: Number of bytes per hexadecimal group
colour: Add ANSI colour formatting to output (default: true)
address_base: Base address to use for labels (default: start)
before: Number of lines of context preceeding a match to show
after: Number of lines of context following a match to show
title: Name to print as a heading if there’s a match. Useful for file names.

Raises ValueError if both end and length are defined.

mrcrowbar.utils.hexdump_grep_iter(pattern, source, start=None, end=None, length=None, encoding='utf8', fixed_string=False, hex_format=False, ignore_case=False, major_len=8, minor_len=4, colour=True, address_base=None, before=2, after=2, title=None)[source]¶

Return an iterator that searches a byte string for a pattern and renders the result in tabular hexadecimal/ASCII format.

pattern: Pattern to match, as a Python string
source: The byte string to print.
start: Start offset to read from (default: start)
end: End offset to stop reading at (default: end)
length: Length to read in (optional replacement for end)
encoding: Convert strings in the pattern to a specific Python encoding (default: utf8)
fixed_string: Interpret the pattern as a fixed string (disable regular expressions)
hex_format: Interpret the pattern as raw hexidecimal (default: false)
ignore_case: Perform a case-insensitive search
major_len: Number of hexadecimal groups per line
minor_len: Number of bytes per hexadecimal group
colour: Add ANSI colour formatting to output (default: true)
address_base: Base address to use for labels (default: start)
before: Number of lines of context preceeding a match to show
after: Number of lines of context following a match to show
title: Name to print as a heading if there’s a match. Useful for file names.

Raises ValueError if both end and length are defined.

mrcrowbar.utils.hexdump_iter(source, start=None, end=None, length=None, major_len=8, minor_len=4, colour=True, address_base=None)[source]¶

Return an iterator that renders a byte string in tabular hexadecimal/ASCII format.

source: Source byte string to render
start: Start offset to read from (default: start)
end: End offset to stop reading at (default: end)
length: Length to read in (optional replacement for end)
major_len: Number of hexadecimal groups per line
minor_len: Number of bytes per hexadecimal group
colour: Add ANSI colour formatting to output (default: true)
address_base: Base address to use for labels (default: start)

Raises ValueError if both end and length are defined.

mrcrowbar.utils.histdump(source, start=None, end=None, length=None, samples=65536, width=64, address_base=None)[source]¶

Print a histogram of a byte string.

source: Source byte string to measure
start: Start offset to read from (default: start)
end: End offset to stop reading at (default: end)
length: Length to read in (optional replacement for end)
samples: Number of samples per histogram slice (default: 0x10000)
width: Width of rendered histogram (default: 64)
address_base: Base address to use for labelling (default: start)

mrcrowbar.utils.histdump_iter(source, start=None, end=None, length=None, samples=65536, width=64, address_base=None)[source]¶

Return an iterator that renders a histogram of a byte string.

source: Source byte string to measure
start: Start offset to read from (default: start)
end: End offset to stop reading at (default: end)
length: Length to read in (optional replacement for end)
samples: Number of samples per histogram slice (default: 0x10000)
width: Width of rendered histogram (default: 64)
address_base: Base address to use for labelling (default: start)

mrcrowbar.utils.listdump_grep(pattern, source, start=None, end=None, length=None, encoding='utf8', fixed_string=False, hex_format=False, ignore_case=False, address_base=None, title=None)[source]¶

Search a byte string for a pattern and print the result in list format.

pattern: Pattern to match, as a Python string
source: The byte string to print.
start: Start offset to read from (default: start)
end: End offset to stop reading at (default: end)
length: Length to read in (optional replacement for end)
encoding: Convert strings in the pattern to a specific Python encoding (default: utf8)
fixed_string: Interpret the pattern as a fixed string (disable regular expressions)
hex_format: Interpret the pattern as raw hexidecimal (default: false)
ignore_case: Perform a case-insensitive search
major_len: Number of hexadecimal groups per line
minor_len: Number of bytes per hexadecimal group
colour: Add ANSI colour formatting to output (default: true)
address_base: Base address to use for labels (default: start)
before: Number of lines of context preceeding a match to show
after: Number of lines of context following a match to show
title: Name to print as a heading if there’s a match. Useful for file names.

Raises ValueError if both end and length are defined.

mrcrowbar.utils.listdump_grep_iter(pattern, source, start=None, end=None, length=None, encoding='utf8', fixed_string=False, hex_format=False, ignore_case=False, address_base=None, title=None)[source]¶

Return an iterator that searches a byte string for a pattern and renders the result in list format.

pattern: Pattern to match, as a Python string
source: The byte string to print.
start: Start offset to read from (default: start)
end: End offset to stop reading at (default: end)
length: Length to read in (optional replacement for end)
encoding: Convert strings in the pattern to a specific Python encoding (default: utf8)
fixed_string: Interpret the pattern as a fixed string (disable regular expressions)
hex_format: Interpret the pattern as raw hexidecimal (default: false)
ignore_case: Perform a case-insensitive search
major_len: Number of hexadecimal groups per line
minor_len: Number of bytes per hexadecimal group
colour: Add ANSI colour formatting to output (default: true)
address_base: Base address to use for labels (default: start)
before: Number of lines of context preceeding a match to show
after: Number of lines of context following a match to show
title: Name to print as a heading if there’s a match. Useful for file names.

Raises ValueError if both end and length are defined.

mrcrowbar.utils.pixdump(source, start=None, end=None, length=None, width=64, height=None, palette=None)[source]¶

Print the contents of a byte string as a 256 colour image.

source: Source byte string to print
start: Start offset to read from (default: start)
end: End offset to stop reading at (default: end)
length: Length to read in (optional replacement for end)
width: Width of image to render in pixels (default: 64)
height: Height of image to render in pixels (default: auto)
palette: List of Colours to use (default: test palette)

mrcrowbar.utils.pixdump_iter(source, start=None, end=None, length=None, width=64, height=None, palette=None)[source]¶

Return an iterator which renders the contents of a byte string as a 256 colour image.

source: Source byte string to render
start: Start offset to read from (default: start)
end: End offset to stop reading at (default: end)
length: Length to read in (optional replacement for end)
width: Width of image to render in pixels (default: 64)
height: Height of image to render in pixels (default: auto)
palette: List of Colours to use (default: test palette)

mrcrowbar.utils.pixdump_sweep(source, range=(64, ), delay=None, start=None, end=None, length=None, height=None, palette=None)[source]¶

Test printing the contents of a byte string as a 256 colour image for a range of widths.

source: The byte string to print.
range: List of widths to render (default: [64])
delay: Number of seconds to wait between each print (default: 0)
start: Start offset to read from (default: start)
end: End offset to stop reading at (default: end)
length: Length to read in (optional replacement for end)
height: Height of image to render in pixels (default: auto)
palette: List of Colours to use (default: test palette)

mrcrowbar.utils.search(pattern, source, prefix='source', depth=None, encoding='utf8', fixed_string=False, hex_format=False, ignore_case=False)[source]¶

Find the Fields inside a Block that match a byte pattern.

pattern: Pattern to match, as a Python string
source: Block object to inspect
encoding: Convert strings in the pattern to a specific Python encoding (default: utf8)
fixed_string: Interpret the pattern as a fixed string (disable regular expressions)
hex_format: Interpret the pattern as raw hexidecimal (default: false)
ignore_case: Perform a case-insensitive search

mrcrowbar.utils.search_iter(pattern, source, prefix='source', depth=None, encoding='utf8', fixed_string=False, hex_format=False, ignore_case=False)[source]¶

Return an iterator that finds the Fields inside a Block that match a pattern.

pattern: Pattern to match, as a Python string
source: Block object to inspect
encoding: Convert strings in the pattern to a specific Python encoding (default: utf8)
fixed_string: Interpret the pattern as a fixed string (disable regular expressions)
hex_format: Interpret the pattern as raw hexidecimal (default: false)
ignore_case: Perform a case-insensitive search

mrcrowbar.utils.stats(source, start=None, end=None, length=None, width=64, height=12)[source]¶: Print histogram statistics