This is a description of the Binary class. This class is used when no other class matches. **qint64 getSize()** Get the size of the file ``` ``` **bool compare(QString sSignature, qint64 nOffset=0)** Compares bytes with a hexadecimal string signature. The signature may contain both lowercase and uppercase hexadecimal digits. Spaces are skipped, **AA BB** = **AABB** Text may be matched by using single quotes. For example **"01'Test'01"**. There are additional symbols: * '#' for absolute jump (e.g. "68########55") * '$' for relative jump (e.g. "E8$$$$$$$$55") | Parameter | Description | |-----------|--------------------------------------------------| | .. | Represent any byte | | ?? | Represent any byte | | ** | Not null | | %% | ANSI | | !% | Not ANSI | | _% | Not ANSI and not null | ``` if (Binary.compare("'7z'BCAF271C")) { // compare file header (nOffset=0) sVersion = Binary.readByte(6)+"."+Binary.readByte(7); bDetected = true; } if (Binary.compare("'WAVEfmt '", 8)) { // compare file from offset 8 bDetected = true; } ``` **bool compareEP(QString sSignature ,qint64 nOffset=0)** Compare bytes at the Entry Point. * sSignature - The signature. * nOffset - The offset from the entry point. ``` if (PE.compareEP("2C81", 8)) { sVersion = "1.98"; } if (PE.compareEP("EB016860E8000000008B1C2483C312812BE8B10600FE4BFD822C24")) { bDetected = true; } ``` **quint8 readByte(qint64 nOffset)** Read a byte value from the file. ``` ``` **qint8 readSByte(qint64 nOffset)** Read a signed byte value from the file. ``` ``` **quint16 readWord(qint64 nOffset)** Read a word from the file. ``` ``` **qint16 readSWord(qint64 nOffset)** Read a signed word from the file. ``` ``` **quint32 readDword(qint64 nOffset)** Read a qword value from the file. ``` ``` **qint32 readSDword(qint64 nOffset)** Read a signed qword value from the file. ``` ``` **quint64 readQword(qint64 nOffset)** Read a qword value from the file. ``` ``` **qint64 readSQword(qint64 nOffset)** Read a signed qword value from the file. ``` ``` **QString getString(qint64 nOffset, qint64 nMaxSize=50)** Get a text string from the file. A string is read up to the first unreadable character or up to the maximum length. * nOffset - The offset in the file. * nMaxSize - The maximum size of the string, in bytes. ``` var sString = Binary.getString(0x100, 32), // read a string from offset 0x100, maximum length 32 bytes sString = Binary.getString(60); // read a string from offset 60, maximum length 50 bytes (default value) ``` **qint64 findSignature(qint64 nOffset, qint64 nSize, QString sSignature)** Search for a signature in the file. * Returns Offset in the file if the value is found; **-1** otherwise. ``` ``` **qint64 findString(qint64 nOffset, qint64 nSize, QString sString)** Search for a string in the file. * Returns Offset in the file if the value is found; **-1** otherwise. ``` ``` **qint64 findByte(qint64 nOffset, qint64 nSize, quint8 nValue)** Search for a byte in the file. * Returns Offset in the file if the value is found; **-1** otherwise. ``` ``` **qint64 findWord(qint64 nOffset, qint64 nSize, quint16 nValue)** Search for a word in the file. * Returns Offset in the file if the value is found; **-1** otherwise. ``` ``` **qint64 findDword(qint64 nOffset, qint64 nSize, quint32 nValue)** Search for a dword in the file. * Returns Offset in the file if the value is found; **-1** otherwise. ``` ``` **qint64 getEntryPointOffset()** ``` ``` **qint64 getOverlayOffset()** ``` ``` **qint64 getOverlaySize()** ``` ``` **qint64 getAddressOfEntryPoint()** ``` ``` **bool isOverlayPresent()** ``` ``` **bool compareOverlay(QString sSignature ,qint64 nOffset=0)** ``` ``` **bool isSignaturePresent(qint64 nOffset, qint64 nSize, QString sSignature)** Check if a signature (see {@link Binary.compare compare}) exists in a region of the file. ``` ``` **quint32 swapBytes(quint32 nValue)** Swap the four bytes of a dword. For example **0x11223344** becomes **0x44332211**. ``` ``` **qint64 RVAToOffset(qint64 nRVA)** ``` ``` **qint64 VAToOffset(qint64 nVA)** ``` ``` **qint64 OffsetToVA(qint64 nOffset)** ``` ``` **qint64 OffsetToRVA(qint64 nOffset)** ``` ``` **QString getFileDirectory()** Get the directory of the file. ``` ``` **QString getFileBaseName()** Get the base name of the file. ``` ``` **QString getFileCompleteSuffix()** Get the complete suffix of the file. ``` ``` **QString getFileSuffix()** Get the suffix of the file. ``` ``` **QString getSignature(qint64 nOffset, qint64 nSize)** Get a signature string from the file. ``` if (Binary.getSignature(0,4) == "AA5411DD") { bDetected = true; } ``` **QString calculateCRC32(qint64 nOffset, qint64 nSize)** Calculate the CRC32 hash of a region of the file. ``` ``` **double calculateEntropy(qint64 nOffset, qint64 nSize)** Calculate the entropy of a region of the file. * Result in the form of quantity of bits per byte. Since there are 8 bits in a byte, the maximum entropy will be 8.0. ``` ``` **QString calculateMD5(qint64 nOffset, qint64 nSize)** Calculate the MD5 hash of a region of the file. ``` ``` **quint16 crc16(qint64 nOffset, qint64 nSize, quint16 nInit = 0)** ``` ``` **quint32 crc32(qint64 nOffset, qint64 nSize, quint32 nInit = 0)** ``` ``` **quint32 adler32(qint64 nOffset, qint64 nSize)** ``` ``` **bool isSignatureInSectionPresent(quint32 nNumber, QString sSignature)** ``` ``` **qint64 getImageBase()** ``` ``` **QString upperCase(QString sString)** ``` ``` **QString lowerCase(QString sString)** ``` ``` **bool isPlainText()** ``` ``` **bool isUTF8Text()** ``` ``` **bool isUnicodeText()** ``` ``` **bool isText()** ``` ``` **QString getHeaderString()** ``` ``` **qint32 getDisasmLength(qint64 nAddress)** ``` ``` **QString getDisasmString(qint64 nAddress)** ``` ``` **qint64 getDisasmNextAddress(qint64 nAddress)** ``` ``` **bool is16()** ``` ``` **bool is32()** ``` ``` **bool is64()** ``` ``` **bool isDeepScan()** ``` ``` **bool isHeuristicScan()** ``` ``` **bool isAggressiveScan()** ``` ``` **bool isVerbose()** ``` ``` **bool isProfiling()** ``` ``` **quint8 read_uint8(qint64 nOffset)** ``` ``` **qint8 read_int8(qint64 nOffset)** ``` ``` **quint16 read_uint16(qint64 nOffset, bool bIsBigEndian=false)** ``` ``` **qint16 read_int16(qint64 nOffset, bool bIsBigEndian=false)** ``` ``` **quint32 read_uint32(qint64 nOffset, bool bIsBigEndian=false)** ``` ``` **qint32 read_int32(qint64 nOffset, bool bIsBigEndian=false)** ``` ``` **quint64 read_uint64(qint64 nOffset, bool bIsBigEndian=false)** ``` ``` **qint64 read_int64(qint64 nOffset, bool bIsBigEndian=false)** ``` ``` **QString read_ansiString(qint64 nOffset, qint64 nMaxSize=50)** ``` ``` **QString read_unicodeString(qint64 nOffset, qint64 nMaxSize=50)** ``` ``` **QString read_utf8String(qint64 nOffset, qint64 nMaxSize=50)** ``` ``` **QString read_ucsdString(qint64 nOffset)** ``` ``` **QString bytesCountToString(quint64 nValue,quint32 nBase=1024)** ``` ``` **qint64 find_ansiString(qint64 nOffset, qint64 nSize, QString sString)** ``` ``` **qint64 find_unicodeString(qint64 nOffset, qint64 nSize, QString sString)** ``` ``` **qint64 find_utf8String(qint64 nOffset, qint64 nSize, QString sString)** ``` ``` **QString read_UUID_bytes(qint64 nOffset)** ``` ``` **QString read_UUID(qint64 nOffset, bool bIsBigEndian=false)** ``` ``` **float read_float(qint64 nOffset, bool bIsBigEndian=false)** ``` ``` **double read_double(qint64 nOffset, bool bIsBigEndian=false)** ``` ``` **float read_float16(qint64 nOffset, bool bIsBigEndian=false)** ``` ``` **float read_float32(qint64 nOffset, bool bIsBigEndian=false)** ``` ``` **float read_float64(qint64 nOffset, bool bIsBigEndian=false)** ``` ``` **quint32 read_uint24(qint64 nOffset, bool bIsBigEndian=false)** ``` ``` **qint32 read_int24(qint64 nOffset, bool bIsBigEndian=false)** ``` ``` **QString read_codePageString(qint64 nOffset, qint64 nMaxByteSize=256,QString sCodePage="System")** ``` System ISO-8859-1 ISO-8859-2 ISO-8859-3 ISO-8859-4 ISO-8859-5 ISO-8859-7 ISO-8859-9 ISO-8859-10 Shift_JIS EUC-JP EUC-KR ISO-2022-JP ISO-8859-6 ISO-8859-8 UTF-8 ISO-8859-13 ISO-8859-14 ISO-8859-15 ISO-8859-16 GBK GB18030 WINSAMI2 IBM874 windows-949 UTF-16BE UTF-16LE UTF-16 UTF-32 UTF-32BE UTF-32LE hp-roman8 IBM850 GB2312 Big5 macintosh KOI8-R IBM866 KOI8-U Big5-HKSCS TSCII windows-1250 windows-1251 windows-1252 windows-1253 windows-1254 windows-1255 windows-1256 windows-1257 windows-1258 TIS-620 iscii-dev iscii-bng iscii-pnj iscii-gjr iscii-ori iscii-tml iscii-tlg iscii-knd iscii-mlm ``` **quint8 read_bcd_uint8(qint64 nOffset)** ``` ``` **quint16 read_bcd_uint16(qint64 nOffset, bool bIsBigEndian = false)** ``` ``` **quint16 read_bcd_uint32(qint64 nOffset, bool bIsBigEndian = false)** ``` ``` **quint16 read_bcd_uint64(qint64 nOffset, bool bIsBigEndian = false)** ``` ``` **bool isJpeg()** ``` ``` **QString getJpegComment()** ``` ``` **QString getJpegDqtMD5()** ``` ``` **bool isJpegChunkPresent(qint32 nID)** ``` ``` **isJpegExifPresent()** ``` ``` **getJpegExifCameraName()** ``` ``` **QString getOperationSystemName()** ``` ``` **QString getOperationSystemVersion()** ``` ``` **QString getOperationSystemOptions()** ``` ``` **QString getFileFormatName()** ``` ``` **QString getFileFormatVersion()** ``` ``` **QString getFileFormatOptions()** ``` ``` **bool isSigned()** ``` ``` **QString cleanString(QString sString)** ``` ``` **qint64 startTiming()** **qint64 endTiming(qint64 nHandle, const QString &sInfo)** ``` // Profiling flag should be set var nProfiling = Binary.startTiming(); // slow code var nTime = PE.endTiming(nProfiling, "PROFILING"); ``` **qint64 detectZLIB(qint64 nOffset, qint64 nSize)** ``` ``` **qint64 detectGZIP(qint64 nOffset, qint64 nSize)** ``` ``` **qint64 detectZIP(qint64 nOffset, qint64 nSize)** ``` ``` **bool isOverlay()** ``` ``` **bool isResource()** ``` ``` **bool isDebugData()** ``` ``` **bool isFilePart()** ``` ``` **List readBytes(qint64 nOffset, qint64 nSize, bool bReplaceZeroWithSpace = false)** ``` ``` **bool isReleaseBuild()** ``` ``` **bool isDebugBuild()** ``` ``` **QList getFormatMessages()** ``` ``` **bool isChecksumCorrect()** ``` ``` **bool isEntryPointCorrect()** ``` ``` **bool isSectionAlignmentCorrect()** ``` ``` **bool isFileAlignmentCorrect()** ``` ``` **bool isHeaderCorrect()** ``` ``` **bool isRelocsTableCorrect()** ``` ``` **bool isImportTableCorrect()** ``` ``` **bool isExportTableCorrect()** ``` ``` **bool isResourcesTableCorrect()** ``` ``` **bool isSectionsTableCorrect()** ### Shorthands `X.U8(a)` = `File.read_uint8(a)`\ `X.I8(a)` = `File.read_int8(a)` `X.U16(a, b)` = `File.read_uint16(a, b)`\ `X.I16(a, b)` = `File.read_int16(a, b)`\ `X.F16(a, b)` = `File.read_float16(a, b)` `X.U24(a, b)` = `File.read_uint24(a, b)`\ `X.I24(a, b)` = `File.read_int24(a, b)` `X.U32(a, b)` = `File.read_uint32(a, b)`\ `X.I32(a, b)` = `File.read_int32(a, b)`\ `X.F32(a, b)` = `File.read_float32(a, b)` `X.U64(a, b)` = `File.read_uint64(a, b)`\ `X.I64(a, b)` = `File.read_int64(a, b)`\ `X.F64(a, b)` = `File.read_float64(a, b)` `X.SA(a, b)` = `File.read_ansiString(a, b)`\ `X.SC(a, b, c)` = `File.read_codePageString(a, b, c)`\ `X.UСSD(a, b)` = `File.read_ucsdString(a, b)`\ `X.SU8(a, b, c)` = `File.read_utf8String(a, b, c)`\ `X.SU16(a, b, c)` = `File.read_unicodeString(a, b, c)` `X.Sz()` = `File.getSize()`\ `X.fSig(a, b, c)` = `File.findSignature(a, b, c)`\ `X.fStr(a, b, c)` = `File.findString(a, b, c)`\ `X.c(a, b)` = `File.compare(a, b)` `X.BA(a, b, c)` = `File.readBytes(a, b, c)`