File-BSED
view release on metacpan or search on metacpan
man/man3/libgbsed.3 view on Meta::CPAN
\& typedef struct fgbsed_arguments fGBSEDargs;
\&
\& int
\& gbsed_fbinary_search_replace(struct fgbsed_arguments *);
\&
\& // Error handling
\&
\& extern int
\& gbsed_errno;
\&
\& const char*
\& gbsed_errtostr(int);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This is <libgbsed>, a binary stream editor.
.PP
\&\f(CW\*(C`gbsed\*(C'\fR lets you search and replace binary data in binary files by using hex
values in text strings as search patterns. You can also use wildcard matches
with \f(CW\*(C`??\*(C'\fR, which will match any wide byte.
.PP
These are all valid search strings:
.PP
.Vb 3
\& search = "0xffc300193ab2f63a";
\& search = "0xff??00??3ab2f??a";
\& search = "FF??00??3AB2F??A";
.Ve
.PP
while these are not:
.PP
.Vb 3
\& search = "the quick brown fox"; // only hex, no text. you would have to
\& // convert the text to hex first.
\& search = "0xff?c33ab3?accc"; // no nybbles only wide bytes. (?? not ?).
.Ve
.SH "FUNCTIONS"
.IX Header "FUNCTIONS"
.ie n .Sh """gbsed_binary_search_replace(struct gbsed_arguments *)"""
.el .Sh "\f(CWgbsed_binary_search_replace(struct gbsed_arguments *)\fP"
.IX Subsection "gbsed_binary_search_replace(struct gbsed_arguments *)"
\fI\s-1ARGUMENTS\s0\fR
.IX Subsection "ARGUMENTS"
.PP
\&\f(CW\*(C`gbsed_binary_search_replace\*(C'\fR uses a struct for it's arguments.
The members of the argument struct is as follows:
.ie n .IP """char *search""" 4
.el .IP "\f(CWchar *search\fR" 4
.IX Item "char *search"
What to search for. This must be a string with hex values or the wildcard
character sequence \f(CW\*(C`??\*(C'\fR, which will match any byte. The string
can start with \f(CW\*(C`0x\*(C'\fR, but this is optional.
.ie n .IP """char *replace""" 4
.el .IP "\f(CWchar *replace\fR" 4
.IX Item "char *replace"
What to replace with. Must also be a string with hex values,
but no wildcards allowed. It must also be of the same length
as the search string (This is by intention, as binary data is always
in structured form. If you add extra information to a binary executable
it will be rendered useless as address offsets will be shifted and
relocation tables and internal address references will point to the
wrong place).
.ie n .IP """char *infilename""" 4
.el .IP "\f(CWchar *infilename\fR" 4
.IX Item "char *infilename"
The file name of the file to search in.
.ie n .IP """char *outfilename""" 4
.el .IP "\f(CWchar *outfilename\fR" 4
.IX Item "char *outfilename"
The file name to save the modified binary as.
.ie n .IP """int minmatch""" 4
.el .IP "\f(CWint minmatch\fR" 4
.IX Item "int minmatch"
Need at least \f(CW\*(C`minmatch\*(C'\fR matches before any work.
.ie n .IP """int maxmatch""" 4
.el .IP "\f(CWint maxmatch\fR" 4
.IX Item "int maxmatch"
Stop after \f(CW\*(C`maxmatch\*(C'\fR matches. A value of \f(CW\*(C`\-1\*(C'\fR means no limit.
.PP
\fI\s-1EXAMPLE\s0 \s-1USAGE\s0\fR
.IX Subsection "EXAMPLE USAGE"
.PP
.Vb 3
\& #include <stdlib.h>
\& #include <stdio.h>
\& #include <libgbsed.h>
\&
\& extern int gbsed_errno;
\&
\& int main(int argc, char **argv) {
\&
\& int gbsed_ret;
\& int sysret;
\& const char *errmessage;
\& GBSEDargs *bargs;
\&
\& sysret = EXIT_SUCCESS;
\& bargs = (GBSEDargs *)malloc(sizeof(GBSEDargs));
\& if (bargs == NULL) {
\& fprintf(stderr, "Out of memory!\en");
\& exit(1);
\& }
\&
\& bargs\->search = "0xff";
\& bargs\->replace = "0x00";
\& bargs\->infilename = "/bin/ls";
\& bargs\->outfilename = "bsed.out";
\& bargs\->minmatch = 1; // atleast one match.
\& bargs\->maxmatch = GBSED_MAXMATCH_NO_LIMIT; // no limit.
\&
\& if (argc > 1)
\& bargs\->infilename = argv[1];
\&
\& gbsed_ret = gbsed_binary_search_replace(bargs);
\&
\& switch (gbsed_ret) {
\&
\& case GBSED_ERROR:
\& errmessage = gbsed_errtostr(gbsed_errno);
\& fprintf(stderr, "ERROR: %s\en", errmessage);
\& sysret = EXIT_FAILURE;
( run in 1.015 second using v1.01-cache-2.11-cpan-71847e10f99 )