This is a short introduction of the module filebytes. filebytes is a python module which can be used to read and write the following fileformats:
Executable and Linking Format (ELF),
Portable Executable (PE),
MachO and
OAT (Android Runtime).
Open files
For each filetype (elf, pe, mach_o, oat) exists a separate module which has to be imported. Each module has all types defined needed for parsing that filetype. To open a file you can use the class corresponding to the filetype you want to read (ELF, PE, MachO, OAT).
Data Access
When the file is opened the content is parsed and you can access the data via several properties. The files data is generally hold in containers which have several attributes. The count and the names of these attributes depend on the file header field. If you want to access the structure which was used to parse the data, you can use the attribute 'header'. All container types have at least this attribute.
If the header structure points to another region in the file, you can access this data via the 'bytes' attribute. This attribute holds a bytearray containing the bytes where the header structure points to.
All file types have the attributes 'imageBase' and 'entryPoint'.
ELF
To access the data the ELF class provides six properties:
For example how to access the .got section:
The following containers are used for those properties
PE
To access the data the PE class provides six properties:
The following containers are used for those properties
MachO
To access the data the MachO class provides two properties:
The following containers are used for those properties:
OAT
Since an OAT file is an ELF file you can use all the properties of ELF. Additionally the OAT class provides two OAT specific properties:
oatHeader
oatDexHeader
The following containers are used for those properties: