Skip to main content

Notice

Please note that most of the software linked on this forum is likely to be safe to use. If you are unsure, feel free to ask in the relevant topics, or send a private message to an administrator or moderator. To help curb the problems of false positives, or in the event that you do find actual malware, you can contribute through the article linked here.
Topic: "Reading a Binary Header" for dummies (Read 3827 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

"Reading a Binary Header" for dummies

I've had enough programming experience to be able to find a hex value in a file, but I'm absolutely virginal when it comes to finding the 11 set bits in a file that signify a header.  Bit level programming is Greek to me.

I'm trying to plug away at some source code others have written, but as yet it just isn't clicking with me.

Help!

"Reading a Binary Header" for dummies

Reply #1
This is real programming  Just have to get practiced with the operators,
shifts >>, >>>, <<
and & or |, xor ^
A reference book comes in handy, plenty of googleables 'logical operators shift programming...etc'
To find 11 bits on? first find a full byte then see whats around it.

gl'
no conscience > no custom

"Reading a Binary Header" for dummies

Reply #2
Quote
To find 11 bits on? first find a full byte then see whats around it.

[a href="index.php?act=findpost&pid=337270"][{POST_SNAPBACK}][/a]



Does the first bit really have to be aligned on the beginning of a byte? Then I doubt he would have had to ask...


Edit: previous lookup table solution i suggested was faulty and removed now.

"Reading a Binary Header" for dummies

Reply #3
Quote
Quote

To find 11 bits on? first find a full byte then see whats around it.

Does the first bit really have to be aligned on the beginning of a byte? Then I doubt he would have had to ask...

you can look either side *

pseudocode:
loop pos{
if array[pos]=0xff
{ if (array[pos-1] has bit 3=0 and bits2,1,0=1 )
  {return pos*8-3;}
  if (array[pos-1] has bit 2=0 and bits 2,1=1 AND array[pos+1] has bit 8=1)
{return pos*8-2}
  if etc..
  }//end fullbytefound
}//end search

Quote
To find 11 consecutive set bits anywhere in a byte stream, I'd make a table of of possible byte combinations....

possible, whatever works does to get on with 

[span style='font-size:8pt;line-height:100%']Edit: *warning - Eric has pointed out the possibiity of sync word falling between two bytes showing this approach is incomplete[/span]
no conscience > no custom

"Reading a Binary Header" for dummies

Reply #4
Quote
I've had enough programming experience to be able to find a hex value in a file, but I'm absolutely virginal when it comes to finding the 11 set bits in a file that signify a header.  Bit level programming is Greek to me.


If you are talking about the MPEG Audio header, it is 12 bits set to "1". And the start is on a byte boundary.
So you only have to search for hex FFF

"Reading a Binary Header" for dummies

Reply #5
Quote
If you are talking about the MPEG Audio header, it is 12 bits set to "1".

But only 11 for mpeg 2.5 streams

"Reading a Binary Header" for dummies

Reply #6
Quote
...the start is on a byte boundary.
So you only have to search for hex FFF
[a href="index.php?act=findpost&pid=337321"][{POST_SNAPBACK}][/a]


Can someone confirm/refute this?  Does every header sync always start on a byte boundary?

"Reading a Binary Header" for dummies

Reply #7
yes, it always starts at a byte boundary

"Reading a Binary Header" for dummies

Reply #8
Good - that simplifies things considerably.  Thanks to everyone.