010 getting started with script writing

 

010 getting started with script writing

After learning C/C ++, you will find that the file parsing script (that is, the 010 script) of 010 Editor looks similar to the struct definition of C/C ++. However, the file parsing script is not a struct, but a top-down execution program, so it can use if, for, while and other statements.

 

In the 010 script, each declared variable corresponds to the corresponding bytes of the file. For example, the following statement:

Char header [4];

Int numRecords;

This means that the first 4 bytes of the file will be mapped to the character array header, and the next 4 bytes will be mapped to the integer variable numRecords and will be displayed in the parsing result.

However, when writing a 010 script, you may encounter this situation: some variables need to be defined, but these variables do not correspond to any bytes in the file, but are only required for running the program, you can use the local keyword to define variables. For example, the following statement:

Local int I, total = 0;

Int recordCounts [5];

For (I = 0; I <5; I ++)

Total + = recordCounts [I];

Double records [total];

In this way, I and total will not be mapped to the file or displayed in the parsing result.

In addition, some additional attributes such as format, color, and comment can be added to the data definition. The additional attributes are enclosed by Angle brackets. Common attributes include the following:

<Format = hex | decimal | octal | binary, fgcolor = <color>, bgcolor = <color>, comment = "<string>", open = true | false | suppress, hidden = true | false,

Read = <function_name>, write = <function_name>

The following is a simple example. Suppose there is a file format 17.3.2, we can see that it consists of a Header and several Record data blocks. In the Header, numRecords indicates the number of records. in the Record, the data type varies according to the version value in the Header.

 

Based on the file format, we can write the following script:

Struct FILE {

Struct HEADER {

Char type [4];

Int version;

Int numRecords;

} Header;

 

Struct RECORD {

Int len;

Char name [20];

If (file. header. version = 1)

Char data [len];

If (file. header. version = 2)

Byte data [len];

} Record [file. header. numRecords];

} File;

This article is excerpted from "0-day security: software vulnerability analysis technology (version 2nd.