Library to read and edit files in the following formats: Executable and Linking Format (ELF), Portable Executable (PE), MachO and OAT (Android Runtime)
Python
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
filebytes version changed Jun 11, 2018
samples parse PE loadconfig directory Jun 1, 2016
test-binaries parse PE loadconfig directory Jun 1, 2016
.gitignore __pycache__ added Feb 23, 2016
AUTHORS added contributer Feb 24, 2018
COPYING License added Feb 25, 2016
README.md Links changed Apr 26, 2016
setup.py removed newline Aug 15, 2018

README.md

FileBytes

Classes/Types to read and edit the following file formats:

  • Executable and Linking Format (ELF),
  • Portable Executable (PE) and
  • MachO
  • OAT (Android Runtime)

Install

Install FileBytes

$ python setup.py install

Or install with PyPi

$ pip install filebytes

Samples

Parsing ELF file

from filebytes.elf import *
elf_file = ELF('test-binaries/ls-x86')

elf_header = elf_file.elfHeader
sections = elf_file.sections
segments = elf_file.segments # elf_file.programHeaders does the same

Parsing PE file

from filebytes.pe import *
pe_file = PE('test-binaries/cmd-x86.exe')

image_dos_header = pe_file.imageDosHeader
image_nt_headers = pe_file.imageNtHeaders
sections = pe_file.sections
data_directory = pe_file.dataDirectory

import_directory = data_directory[ImageDirectoryEntry.IMPORT]
export_directory = data_directory[ImageDirectoryEntry.EXPORT]

Parsing MachO file

from filebytes.mach_o import *
macho_file = MachO('test-binaries/ls-macho-x86_64')

mach_header = macho_file.machHeader
load_commands = macho_file.loadCommands

Parsing OAT file, read DEX files and save them

from filebytes.oat import *

oat = OAT('test-binaries/boot.oat')

for odh in oat.oatDexHeader:
    name = odh.name.split('/')[-1]
    with open(name, 'wb') as dex:
        dex.write(odh.dexBytes)

For further samples look at the sample folder.

Contributions

If you would like contribute, here some ideas:

  • Implementation of parsing of missing LoadCommand types for MachO files
  • Implementation of parsing of the missing section types for ELF files
  • Implementation of parsing of the missing data directory fields for PE files

But any kind of contribution is welcome. :)

Project page & Examples