mrcrowbar.utils module¶
General utility functions useful for reverse engineering.
-
mrcrowbar.utils.basic_diff(source1, source2, start=None, end=None)[source]¶ Perform a basic diff between two equal-sized binary strings and return a list of (offset, size) tuples denoting the differences.
- source1
- The first byte string source.
- source2
- The second byte string source.
- start
- Start offset to read from (default: start)
- end
- End offset to stop reading at (default: end)
-
mrcrowbar.utils.diff(source1, source2, prefix='source', depth=None)[source]¶ Find differences between two objects.
- source1
- The first source.
- source2
- The second source.
- prefix
- The name of the base element to display.
- depth
- Maximum number of levels to traverse.
-
mrcrowbar.utils.diff_iter(source1, source2, prefix='source', depth=None)[source]¶ Return an iterator that finds differences between two objects.
- source1
- The first source.
- source2
- The second source.
- prefix
- The name of the base element to display.
- depth
- Maximum number of levels to traverse.
-
mrcrowbar.utils.diffdump(source1, source2, prefix='source', depth=None)[source]¶ Print a list of differences between two objects.
- source1
- First source object
- source2
- Second source object
- prefix
- The name of the base element to display.
- depth
- Maximum number of levels to traverse.
-
mrcrowbar.utils.diffdump_iter(source1, source2, prefix='source', depth=None)[source]¶ Return an iterator that renders a list of differences between two objects.
- source1
- First source object
- source2
- Second source object
- prefix
- The name of the base element to display.
- depth
- Maximum number of levels to traverse.
-
mrcrowbar.utils.enable_logging(level='WARNING')[source]¶ Enable sending logs to stderr. Useful for shell sessions.
- level
- Logging threshold, as defined in the logging module of the Python standard library. Defaults to ‘WARNING’.
-
mrcrowbar.utils.find_all(source, substring, start=None, end=None, length=None, overlap=False, ignore_case=False)[source]¶ Find every location of a substring in a source byte string.
- source
- Source byte string to search.
- substring
- Pattern to match, as a Python byte string
- start
- Start offset to read from (default: start)
- end
- End offset to stop reading at (default: end)
- length
- Length to read in (optional replacement for end)
- overlap
- Whether to return overlapping matches (default: false)
- ignore_case
- Perform a case-insensitive search
-
mrcrowbar.utils.find_all_iter(source, substring, start=None, end=None, length=None, overlap=False, ignore_case=False)[source]¶ Return an iterator that finds every location of a substring in a source byte string.
- source
- Source byte string to search.
- substring
- Pattern to match, as a Python byte string
- start
- Start offset to read from (default: start)
- end
- End offset to stop reading at (default: end)
- length
- Length to read in (optional replacement for end)
- overlap
- Whether to return overlapping matches (default: false)
- ignore_case
- Perform a case-insensitive search
-
mrcrowbar.utils.grep(pattern, source, encoding='utf8', fixed_string=False, hex_format=False, ignore_case=False)[source]¶ Find the contents of a byte string that match a pattern.
- pattern
- Pattern to match, as a Python string
- source
- Source byte string to search
- encoding
- Convert strings in the pattern to a specific Python encoding (default: utf8)
- fixed_string
- Interpret the pattern as a fixed string (disable regular expressions)
- hex_format
- Interpret the pattern as raw hexidecimal (default: false)
- ignore_case
- Perform a case-insensitive search
-
mrcrowbar.utils.grep_iter(pattern, source, encoding='utf8', fixed_string=False, hex_format=False, ignore_case=False)[source]¶ Return an iterator that finds the contents of a byte string that match a pattern.
- pattern
- Pattern to match, as a Python string
- source
- Byte string to inspect
- encoding
- Convert strings in the pattern to a specific Python encoding (default: utf8)
- fixed_string
- Interpret the pattern as a fixed string (disable regular expressions)
- hex_format
- Interpret the pattern as raw hexidecimal (default: false)
- ignore_case
- Perform a case-insensitive search
-
mrcrowbar.utils.hexdump(source, start=None, end=None, length=None, major_len=8, minor_len=4, colour=True, address_base=None)[source]¶ Print a byte string in tabular hexadecimal/ASCII format.
- source
- Source byte string to print
- start
- Start offset to read from (default: start)
- end
- End offset to stop reading at (default: end)
- length
- Length to read in (optional replacement for end)
- major_len
- Number of hexadecimal groups per line
- minor_len
- Number of bytes per hexadecimal group
- colour
- Add ANSI colour formatting to output (default: true)
- address_base
- Base address to use for labels (default: start)
Raises ValueError if both end and length are defined.
-
mrcrowbar.utils.hexdump_diff(source1, source2, start=None, end=None, length=None, major_len=8, minor_len=4, colour=True, before=2, after=2, address_base=None)[source]¶ Print the differences between two byte strings in tabular hexadecimal/ASCII format.
- source1
- First byte string source
- source2
- Second byte string source
- start
- Start offset to read from (default: start)
- end
- End offset to stop reading at (default: end)
- length
- Length to read in (optional replacement for end)
- major_len
- Number of hexadecimal groups per line
- minor_len
- Number of bytes per hexadecimal group
- colour
- Add ANSI colour formatting to output (default: true)
- before
- Number of lines of context preceeding a match to show
- after
- Number of lines of context following a match to show
- address_base
- Base address to use for labels (default: start)
Raises ValueError if both end and length are defined.
-
mrcrowbar.utils.hexdump_diff_iter(source1, source2, start=None, end=None, length=None, major_len=8, minor_len=4, colour=True, before=2, after=2, address_base=None)[source]¶ Return an iterator that renders the differences between two byte strings and renders the result in tabular hexadecimal/ASCII format.
- source1
- First byte string source
- source2
- Second byte string source
- start
- Start offset to read from (default: start)
- end
- End offset to stop reading at (default: end)
- length
- Length to read in (optional replacement for end)
- major_len
- Number of hexadecimal groups per line
- minor_len
- Number of bytes per hexadecimal group
- colour
- Add ANSI colour formatting to output (default: true)
- before
- Number of lines of context preceeding a match to show
- after
- Number of lines of context following a match to show
- address_base
- Base address to use for labels (default: start)
Raises ValueError if both end and length are defined.
-
mrcrowbar.utils.hexdump_grep(pattern, source, start=None, end=None, length=None, encoding='utf8', fixed_string=False, hex_format=False, ignore_case=False, major_len=8, minor_len=4, colour=True, address_base=None, before=2, after=2, title=None)[source]¶ Search a byte string for a pattern and print the result in tabular hexadecimal/ASCII format.
- pattern
- Pattern to match, as a Python string
- source
- The byte string to print.
- start
- Start offset to read from (default: start)
- end
- End offset to stop reading at (default: end)
- length
- Length to read in (optional replacement for end)
- encoding
- Convert strings in the pattern to a specific Python encoding (default: utf8)
- fixed_string
- Interpret the pattern as a fixed string (disable regular expressions)
- hex_format
- Interpret the pattern as raw hexidecimal (default: false)
- ignore_case
- Perform a case-insensitive search
- major_len
- Number of hexadecimal groups per line
- minor_len
- Number of bytes per hexadecimal group
- colour
- Add ANSI colour formatting to output (default: true)
- address_base
- Base address to use for labels (default: start)
- before
- Number of lines of context preceeding a match to show
- after
- Number of lines of context following a match to show
- title
- Name to print as a heading if there’s a match. Useful for file names.
Raises ValueError if both end and length are defined.
-
mrcrowbar.utils.hexdump_grep_iter(pattern, source, start=None, end=None, length=None, encoding='utf8', fixed_string=False, hex_format=False, ignore_case=False, major_len=8, minor_len=4, colour=True, address_base=None, before=2, after=2, title=None)[source]¶ Return an iterator that searches a byte string for a pattern and renders the result in tabular hexadecimal/ASCII format.
- pattern
- Pattern to match, as a Python string
- source
- The byte string to print.
- start
- Start offset to read from (default: start)
- end
- End offset to stop reading at (default: end)
- length
- Length to read in (optional replacement for end)
- encoding
- Convert strings in the pattern to a specific Python encoding (default: utf8)
- fixed_string
- Interpret the pattern as a fixed string (disable regular expressions)
- hex_format
- Interpret the pattern as raw hexidecimal (default: false)
- ignore_case
- Perform a case-insensitive search
- major_len
- Number of hexadecimal groups per line
- minor_len
- Number of bytes per hexadecimal group
- colour
- Add ANSI colour formatting to output (default: true)
- address_base
- Base address to use for labels (default: start)
- before
- Number of lines of context preceeding a match to show
- after
- Number of lines of context following a match to show
- title
- Name to print as a heading if there’s a match. Useful for file names.
Raises ValueError if both end and length are defined.
-
mrcrowbar.utils.hexdump_iter(source, start=None, end=None, length=None, major_len=8, minor_len=4, colour=True, address_base=None)[source]¶ Return an iterator that renders a byte string in tabular hexadecimal/ASCII format.
- source
- Source byte string to render
- start
- Start offset to read from (default: start)
- end
- End offset to stop reading at (default: end)
- length
- Length to read in (optional replacement for end)
- major_len
- Number of hexadecimal groups per line
- minor_len
- Number of bytes per hexadecimal group
- colour
- Add ANSI colour formatting to output (default: true)
- address_base
- Base address to use for labels (default: start)
Raises ValueError if both end and length are defined.
-
mrcrowbar.utils.histdump(source, start=None, end=None, length=None, samples=65536, width=64, address_base=None)[source]¶ Print a histogram of a byte string.
- source
- Source byte string to measure
- start
- Start offset to read from (default: start)
- end
- End offset to stop reading at (default: end)
- length
- Length to read in (optional replacement for end)
- samples
- Number of samples per histogram slice (default: 0x10000)
- width
- Width of rendered histogram (default: 64)
- address_base
- Base address to use for labelling (default: start)
-
mrcrowbar.utils.histdump_iter(source, start=None, end=None, length=None, samples=65536, width=64, address_base=None)[source]¶ Return an iterator that renders a histogram of a byte string.
- source
- Source byte string to measure
- start
- Start offset to read from (default: start)
- end
- End offset to stop reading at (default: end)
- length
- Length to read in (optional replacement for end)
- samples
- Number of samples per histogram slice (default: 0x10000)
- width
- Width of rendered histogram (default: 64)
- address_base
- Base address to use for labelling (default: start)
-
mrcrowbar.utils.listdump_grep(pattern, source, start=None, end=None, length=None, encoding='utf8', fixed_string=False, hex_format=False, ignore_case=False, address_base=None, title=None)[source]¶ Search a byte string for a pattern and print the result in list format.
- pattern
- Pattern to match, as a Python string
- source
- The byte string to print.
- start
- Start offset to read from (default: start)
- end
- End offset to stop reading at (default: end)
- length
- Length to read in (optional replacement for end)
- encoding
- Convert strings in the pattern to a specific Python encoding (default: utf8)
- fixed_string
- Interpret the pattern as a fixed string (disable regular expressions)
- hex_format
- Interpret the pattern as raw hexidecimal (default: false)
- ignore_case
- Perform a case-insensitive search
- major_len
- Number of hexadecimal groups per line
- minor_len
- Number of bytes per hexadecimal group
- colour
- Add ANSI colour formatting to output (default: true)
- address_base
- Base address to use for labels (default: start)
- before
- Number of lines of context preceeding a match to show
- after
- Number of lines of context following a match to show
- title
- Name to print as a heading if there’s a match. Useful for file names.
Raises ValueError if both end and length are defined.
-
mrcrowbar.utils.listdump_grep_iter(pattern, source, start=None, end=None, length=None, encoding='utf8', fixed_string=False, hex_format=False, ignore_case=False, address_base=None, title=None)[source]¶ Return an iterator that searches a byte string for a pattern and renders the result in list format.
- pattern
- Pattern to match, as a Python string
- source
- The byte string to print.
- start
- Start offset to read from (default: start)
- end
- End offset to stop reading at (default: end)
- length
- Length to read in (optional replacement for end)
- encoding
- Convert strings in the pattern to a specific Python encoding (default: utf8)
- fixed_string
- Interpret the pattern as a fixed string (disable regular expressions)
- hex_format
- Interpret the pattern as raw hexidecimal (default: false)
- ignore_case
- Perform a case-insensitive search
- major_len
- Number of hexadecimal groups per line
- minor_len
- Number of bytes per hexadecimal group
- colour
- Add ANSI colour formatting to output (default: true)
- address_base
- Base address to use for labels (default: start)
- before
- Number of lines of context preceeding a match to show
- after
- Number of lines of context following a match to show
- title
- Name to print as a heading if there’s a match. Useful for file names.
Raises ValueError if both end and length are defined.
-
mrcrowbar.utils.pixdump(source, start=None, end=None, length=None, width=64, height=None, palette=None)[source]¶ Print the contents of a byte string as a 256 colour image.
- source
- Source byte string to print
- start
- Start offset to read from (default: start)
- end
- End offset to stop reading at (default: end)
- length
- Length to read in (optional replacement for end)
- width
- Width of image to render in pixels (default: 64)
- height
- Height of image to render in pixels (default: auto)
- palette
- List of Colours to use (default: test palette)
-
mrcrowbar.utils.pixdump_iter(source, start=None, end=None, length=None, width=64, height=None, palette=None)[source]¶ Return an iterator which renders the contents of a byte string as a 256 colour image.
- source
- Source byte string to render
- start
- Start offset to read from (default: start)
- end
- End offset to stop reading at (default: end)
- length
- Length to read in (optional replacement for end)
- width
- Width of image to render in pixels (default: 64)
- height
- Height of image to render in pixels (default: auto)
- palette
- List of Colours to use (default: test palette)
-
mrcrowbar.utils.pixdump_sweep(source, range=(64, ), delay=None, start=None, end=None, length=None, height=None, palette=None)[source]¶ Test printing the contents of a byte string as a 256 colour image for a range of widths.
- source
- The byte string to print.
- range
- List of widths to render (default: [64])
- delay
- Number of seconds to wait between each print (default: 0)
- start
- Start offset to read from (default: start)
- end
- End offset to stop reading at (default: end)
- length
- Length to read in (optional replacement for end)
- height
- Height of image to render in pixels (default: auto)
- palette
- List of Colours to use (default: test palette)
-
mrcrowbar.utils.search(pattern, source, prefix='source', depth=None, encoding='utf8', fixed_string=False, hex_format=False, ignore_case=False)[source]¶ Find the Fields inside a Block that match a byte pattern.
- pattern
- Pattern to match, as a Python string
- source
- Block object to inspect
- encoding
- Convert strings in the pattern to a specific Python encoding (default: utf8)
- fixed_string
- Interpret the pattern as a fixed string (disable regular expressions)
- hex_format
- Interpret the pattern as raw hexidecimal (default: false)
- ignore_case
- Perform a case-insensitive search
-
mrcrowbar.utils.search_iter(pattern, source, prefix='source', depth=None, encoding='utf8', fixed_string=False, hex_format=False, ignore_case=False)[source]¶ Return an iterator that finds the Fields inside a Block that match a pattern.
- pattern
- Pattern to match, as a Python string
- source
- Block object to inspect
- encoding
- Convert strings in the pattern to a specific Python encoding (default: utf8)
- fixed_string
- Interpret the pattern as a fixed string (disable regular expressions)
- hex_format
- Interpret the pattern as raw hexidecimal (default: false)
- ignore_case
- Perform a case-insensitive search
-
mrcrowbar.utils.stats(source, start=None, end=None, length=None, width=64, height=12)[source]¶ Print histogram graph for a byte string.
- source
- Source byte string to render
- start
- Start offset to read from (default: start)
- end
- End offset to stop reading at (default: end)
- width
- Width of graph to render in pixels (default: 64)
- height
- Height of graph to render in pixels (default: auto)