Manual Reference Pages  - datasniffer (1)

NAME

datasniffer - dump data from a binary file

CONTENTS

Synopsis
Description
Options
Examples
See Also
License
Copyright
Authors

SYNOPSIS

datasniffer [options...]

DESCRIPTION

datasniffer is intended for use in reverse engineering binary data files whose contents are known (more or less) but whose internal organization is not known. datasniffer reads data from a specified input one byte at a time and dumps the indicated data types to a specified output after formatting each data type as requested. Each input byte results in an output line containing all of the requested formats of all of the requested data types. By examining this output a user may find the expected values and from that may be able to determine the file’s internal structure.

datasniffer is part of the drm_tools package which may be obtained from: http://sourceforge.net/projects/drmtools/

OPTIONS

-in <input_file>
  Read input from the specified file. Use - to read from stdin. Default is to read from stdin.

-out <output_file>
  Write output to the specified file. Use - to write to stdout. Default is to write to stdout.

-o <offset>
  Emit data starting at <offset> bytes from the beginning of the file. Default is 0.

-l <multiple>
  The number of bytes to dump. Default is 0 = all.

-c <columns>
  Emit formatted data for <columns> bytes for each output line. The first "column" in a line will show all combinations of data types, formats, and byte orders for the data starting on that byte. The second column will do the same for the next byte, and so forth. Consequently the resulting data dump is most legible when only a single data type, format and byte order are displayed. Default is 1.

-n <number>
  Specify line numbering options by including one or more of the characters from the list below. Default is a0xd. Note that when any specification of number options must include at least one of x, d, or o. 

n no numbering 

a absolute position  (number from start of file) 

r relative  position (number from offset) 

0 number from 0 

1 number from 1 

x print position in hexadecimal 

d print position in decimal 

o print position in octal

-d <data_type>
  Specify the types of data to display by including characters from the list below. Default is CSL. 

c signed char 

s signed short int 

l signed (long) int 

g signed long long (not available on all platforms) 

f signed float 

d signed double 

C unsigned char 

S unsigned short int 

L unsigned (long) int 

G unsigned long long (not available on all platforms)

-b <byte_order>
  Specify the order of bytes in the data by including characters from the list below. Default is f. 

f forward (as read from data) 

r reverse (invert order for each data size)

-r <N> Header line control. The default value is INT_MAX which results in a single header line at the start of the output. 

0 no headers 

N one header at start of output and then every N output lines after that

-p Emit a page break before every header except the first. If printed as text most printers will respect the page break and start a new page before each header line.

-ds Emit data sizes and exit.

-h -help --help -? --??
  Print the help message and exit.

-i Emit version, copyright, license and contact information and exit.

Format options which may be specified for the -f* parameters:
  c char, d decimal, x hexadecimal, o octal, f float, e exp.

-fc [cdxo]
  Emit the c and C data types with the formats specified. If the character isn’t printable c format emits an "NP". Default is cx.

-fs [dxo]
  Emit the s and S data types with the formats specified. Default is dx.

-fl [dxo]
  Emit the l and L data types with the formats specified. Default is dx.

-fg [dxo]
  Emit the g and G data types with the formats specified. Default is dx.

-ff [fe]
  Emit the f data type with the formats specified. Note that format f may exceed the field width, in which case the data is shown as a "*". Use format e to see the full range of the data. Default is f.

-fd [fe]
  Emit the d data type with the formats specified. Note that format f may exceed the field width, in which case the data is shown as a "*". Use format e to see the full range of the data. Default is f.

EXAMPLES

% datasniffer -h
  List the the command line options.

% echo ABCD | datasniffer -d cs -n d -fc c -fs x -b fr
  
 P0AbsDec  c(+,%c)  c(-,%c)  s(+,%x)  s(-,%x)
        0        A        A       41     4100
        1        B        B     4142     4241
        2        C        C     4243     4342
        3        D        D     4344     4443
        4       NP       NP     440a      a44
Dump for each byte of the input data types c and x. Use format c with data type c and format x with data type s. Also show the data for both directions, forward and reversed.

% echo ABCD | datasniffer -d c -n d
  
 P0AbsDec  c(+,%c)  c(+,%x)
        0        A       41
        1        B       42
        2        C       43
        3        D       44
        4       NP        a

Emit a single header line followed by one data line each for the four ascii characters ABCD and the trailing newline. Each such line shows the absolute position of that byte (numbered from zero), the character it corresponds to, and the hexadecimal value of the byte

% echo ABCDEFGHIJKLMNOPQRSTUVWXYZ \
  | datasniffer -d s -fs x -c 5 -n d 
 P0RelDec  s(+,%x)  s(+,%x)  s(+,%x)  s(+,%x)  s(+,%x)
        0       41     4142     4243     4344     4445
        5     4546     4647     4748     4849     494a
       10     4a4b     4b4c     4c4d     4d4e     4e4f
       15     4f50     5051     5152     5253     5354
       20     5455     5556     5657     5758     5859
       25     595a     5a0a
Emit multiple columns of data on each line.

SEE ALSO

od(1), mdump(1)

LICENSE

GNU General Public License 2

COPYRIGHT

Copyright (C) 2008 David Mathog and Caltech.

AUTHORS

David Mathog, Biology Division, Caltech <mathog@caltech.edu>

drm_tools datasniffer (1) 1.0.3 DEC 17 2008
Generated by manServer 1.07 from /usr/common/man/man1/datasniffer.1 using man macros.