Library to read and edit files in the following formats: Executable and Linking Format (ELF), Portable Executable (PE), MachO and OAT (Android Runtime)
Python
Latest commit 0cc6264 Jun 16, 2016 @sashs version changed
Permalink
Failed to load latest commit information.
filebytes version changed Jun 16, 2016
samples parse PE loadconfig directory Jun 1, 2016
test-binaries parse PE loadconfig directory Jun 1, 2016
.gitignore __pycache__ added Feb 23, 2016
AUTHORS AUTHORS file added Jun 11, 2016
COPYING License added Feb 25, 2016
README.md Links changed Apr 26, 2016
setup.py Version changed Apr 4, 2016

README.md

FileBytes

Classes/Types to read and edit the following file formats:

  • Executable and Linking Format (ELF),
  • Portable Executable (PE) and
  • MachO
  • OAT (Android Runtime)

Install

Install FileBytes

$ python setup.py install

Or install with PyPi

$ pip install filebytes

Samples

Parsing ELF file

from filebytes.elf import *
elf_file = ELF('test-binaries/ls-x86')

elf_header = elf_file.elfHeader
sections = elf_file.sections
segments = elf_file.segments # elf_file.programHeaders does the same

Parsing PE file

from filebytes.pe import *
pe_file = PE('test-binaries/cmd-x86.exe')

image_dos_header = pe_file.imageDosHeader
image_nt_headers = pe_file.imageNtHeaders
sections = pe_file.sections
data_directory = pe_file.dataDirectory

import_directory = data_directory[ImageDirectoryEntry.IMPORT]
export_directory = data_directory[ImageDirectoryEntry.EXPORT]

Parsing MachO file

from filebytes.mach_o import *
macho_file = MachO('test-binaries/ls-macho-x86_64')

mach_header = macho_file.machHeader
load_commands = macho_file.loadCommands

Parsing OAT file, read DEX files and save them

from filebytes.oat import *

oat = OAT('test-binaries/boot.oat')

for odh in oat.oatDexHeader:
    name = odh.name.split('/')[-1]
    with open(name, 'wb') as dex:
        dex.write(odh.dexBytes)

For further samples look at the sample folder.

Contributions

If you would like contribute, here some ideas:

  • Implementation of parsing of missing LoadCommand types for MachO files
  • Implementation of parsing of the missing section types for ELF files
  • Implementation of parsing of the missing data directory fields for PE files

But any kind of contribution is welcome. :)

Project page & Examples