是否有任何通用实用程序或库可将十六进制转储转换为人类可读的形式?

发布于 2024-07-07 19:37:41 字数 1410 浏览 5 评论 0原文

我经常与各种设备进行串行通信,因此我经常需要分析日志文件中的十六进制转储。 目前,我通过查看转储、查看协议规范并写下结果来手动执行此操作。 然而,这是乏味且容易出错的,特别是当消息包含数百个字节并且包含大端和小端数据、ASCII、Unicode、压缩、CRC 的混合时。 。 。 。

我编写了一些 Python 脚本来帮助解决更常见的情况。 但是有很多协议需要处理,并且花时间编写自定义脚本是没有意义的,除非我知道我将有很多转储需要分析。

我想要的是某种可以自动执行此活动的实用程序。 因此,例如,如果我有一个像这样的文本十六进制转储:

7e ff 00 7b  00 13 86 04
00 41 42 43  44 56 ef 7e

以及某种消息格式的描述,像这样:

# Field         Size        Byte Order  Output Format
Flag            1                       hex
Address         1                       hex
Control         1                       hex
DataType        1                       decimal
LineIndex       1                       decimal
PollAddress     2           msb         hex
DataSize        2           lsb         decimal
Data            (DataSize)              ascii
CRC             2           lsb         hex
Flag            1                       hex

我会得到这样的输出:

Flag            0x7e
Address         0xff
Control         0x00
DataType        123
LineIndex       0
PollAddress     0x1386
DataSize        4
Data            "ABCD"
CRC             0xef56
Flag            0x7e

基于硬件的协议分析器通常具有执行此类操作的奇特功能的事情,但我需要使用文本日志文件。

是否存在这样的实用程序或库?


自从我设置赏金以来,已经出现了一些好的答案。 我猜赏金有效!

Wireshark 和 HexEdit 看起来都很有前途; 我会看一下这些,并且可能会将赏金授予适合我需要的人。 但我仍然对其他想法持开放态度。

I work a lot with serial communications with a variety of devices, and so I often have to analyze hex dumps in log files. Currently, I do this manually by looking at the dumps, looking at the protocol spec, and writing down the results. However, this is tedious and error-prone, especially whem messages contain hundreds of bytes and contain mixtures of big-endian and little-endian data, ASCII, Unicode, compression, CRCs, . . . .

I have written a few Python scripts to assist with the more common cases. But there are lots of protocols to deal with, and it doesn't make sense to spend the time writing a custom script unless I know I'll have a lot of dumps to analyze.

What I'd like is some sort of utility that can automate this activity. So, for example, if I have a textual hex dump like this:

7e ff 00 7b  00 13 86 04
00 41 42 43  44 56 ef 7e

and some sort of description of the message format, like this:

# Field         Size        Byte Order  Output Format
Flag            1                       hex
Address         1                       hex
Control         1                       hex
DataType        1                       decimal
LineIndex       1                       decimal
PollAddress     2           msb         hex
DataSize        2           lsb         decimal
Data            (DataSize)              ascii
CRC             2           lsb         hex
Flag            1                       hex

I'd get output like this:

Flag            0x7e
Address         0xff
Control         0x00
DataType        123
LineIndex       0
PollAddress     0x1386
DataSize        4
Data            "ABCD"
CRC             0xef56
Flag            0x7e

Hardware-based protocol analyzers often have fancy features for doing this kind of thing, but I need to work with textual log files.

Does any such utility or library exist?


Some good answers have come up since I set up the bounty. I guess bounties work!

Wireshark and HexEdit both look promising; I'll take a look at those, and will proabably award the bounty to whichever one suits my needs. But I'm still open to other ideas.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(10

白首有我共你 2024-07-14 19:37:42

一个可能的起点是 libPDL,一个 C++ 库。

另一个选项可能是 NetPDL

One possible starting point would be libPDL, a C++ library.

Another option may be NetPDL.

迷途知返 2024-07-14 19:37:42

对于此类内容,您应该使用 Tcl 二进制 命令。 以下是上面示例的起点。 Tcl 确实很容易学习和编写脚本。如果您正在做串行通信的工作,您应该至少学习基础知识。

bash$ tclsh
% binary scan [binary format H* 7eff007b00138604004142434456ef7e] \
  H2H2H2ccH4sa4h4H2 \
  flag1 addr ctl datatype lineidx polladdr datasize data crc flag2
10
% puts "$flag1 $addr $ctl $datatype $lineidx \
  $polladdr $datasize $data $crc $flag2"
7e ff 00 123 0 1386 4 ABCD 65fe 7e

当您执行字节顺序操作时,您会切换字节而不是位,所以我不太确定您在那里寻找什么。 不管怎样,这会让你开始。

You should use the Tcl binary commands for stuff like this. What follows is the starting point for your example above. Tcl is really easy to learn and write scripts in. If you're doing serial comm stuff you owe it to yourself to learn at least the basics.

bash$ tclsh
% binary scan [binary format H* 7eff007b00138604004142434456ef7e] \
  H2H2H2ccH4sa4h4H2 \
  flag1 addr ctl datatype lineidx polladdr datasize data crc flag2
10
% puts "$flag1 $addr $ctl $datatype $lineidx \
  $polladdr $datasize $data $crc $flag2"
7e ff 00 123 0 1386 4 ABCD 65fe 7e

When you did your byte-order stuff you switched around the bytes but not the bits, so I'm not really sure what you were looking for there. Anyway, this will get you started.

旧街凉风 2024-07-14 19:37:42

看看 hexworkshop

我多年来一直使用它来分析十六进制转储。 它有一个结构查看器,可让您以 C/C++ 风格定义数据结构 a,然后以该格式显示数据。

Have a look at hexworkshop

I have been using it for years to analyze hex dumps. It has a structure Viewer that lets you define data structure a in C/C++ style and then displays the data in that format.

心房敞 2024-07-14 19:37:42

WinHex 支持显示/编辑用户定义的记录格式。 http://www.x-ways.net/winhex/templates/index.html

WinHex supports displaying/editing user-defined record formats. There are some examples at http://www.x-ways.net/winhex/templates/index.html

楠木可依 2024-07-14 19:37:42

我很确定我在 CPAN 上看到过类似的东西。 如果你愿意的话我可以说得更含糊一些。 :-)

更新:这不完全是你想要的,但看看解析::Binary::FixedFormat

I'm pretty sure I saw something like that on CPAN. I could be more vague if you like. :-)

Update: It's not exactly what you want, but have a look at Parse::Binary::FixedFormat

酒绊 2024-07-14 19:37:42

有一个名为 hexdump 的 BSD 命令行实用程序,它通过使用格式字符串(可以位于外部文件中)来完成此操作。 请参阅 https://www.suse.com/communities/blog/making- sense-hexdump/ 作为介绍,例如 https://www.freebsd.org/cgi/man.cgi?query=hexdump&sektion=1 手册页(特别注意 -e-f 选项和标题为格式的部分)。

There is a BSD command-line utility called hexdump that does this through the use of format strings (which can be in an external file). See https://www.suse.com/communities/blog/making-sense-hexdump/ for an intro, and e.g. https://www.freebsd.org/cgi/man.cgi?query=hexdump&sektion=1 for the manual page (with special attention to the -e and -f options and the section titled Formats).

太阳哥哥 2024-07-14 19:37:41

Wireshark 非常擅长开放网络协议。

Wireshark is quite good at opening network protocols.

友欢 2024-07-14 19:37:41

我想你需要一个好的十六进制编辑器。 看看hexedit。 我过去使用过免费版本,它很好,但我不知道它是否提供您正在寻找的东西。 基本上,您希望能够定义一个结构,然后能够根据它解码十六进制数据。 我想一个好的十六进制编辑器会支持这一点。 检查 HexEdit 的付费版本或 google 寻找其他编辑器; 有很多可用的。

I suppose you need a good hex editor. Have a look at hexedit. I have used the free version in the past and it is good, but I don't know if it offers what you are looking for. Basically you want to be able to define a struct and then be able to decode hex data against it. I suppose a good hex editor would support this. Check the paid version of HexEdit or google for another editor; there are many available.

弥枳 2024-07-14 19:37:41

通常,我使用 emacs hexl-mode 将二进制文件作为“文本转储”查看。 当我需要更具体的输出时,我就像你一样,用 C++ 编写一个解析器。

Typically, I use emacs hexl-mode to view binary files as a "text-dump". When I need more specific output, I just do as you and write a parser in C++.

巡山小妖精 2024-07-14 19:37:41

在我的工作中,我们正在设计网络和串行协议来控制嵌入式硬件。 我也厌倦了错误地读取转储以及为每个协议编写脚本,因此我编写了一个库来完全按照您所描述的方式进行操作。 你可以给它一个协议的文本文件描述,它有一个图形用户界面,支持用于设置单个位的复选框、用于在有效的位组合之间进行选择的单选按钮,以及当有很多选择时的下拉列表。 您可以编辑数据的十六进制视图、每个字段的二进制视图,甚至指向并单击字段,所有其他视图都会更新。 它节省了我们大量的时间。 它有点快和肮脏,但如果它不是我的雇主拥有的,我会发布它。 关键是,编写起来并不难,一旦我放弃了每个协议的脚本并转向一个可以理解协议描述的程序,事情就很棒了。 我们停止了与误读转储相关的错误,并且添加新协议变得微不足道。 另外,协议的文字描述直接进入开发规范,这样软件人员就知道如何处理硬件。 我鼓励你尝试一下。

In my job we were designing network and serial protocols to control embedded hardware. I also got tired of reading dumps wrong, and writing scripts for each protocol, so I wrote a library to do exactly what you describe. You could give it a text file description of the protocol, and it had a gui supporting check boxes for setting single bits, radio buttons for choosing between the valid combinations of bits, and drop-down lists when there were a lot of choices. You could edit the hex view of the data, the binary view of each field, or even point and click at the fields, and all the other views would update. It saved us a ton of time. It's a little quick and dirty, but I'd post it if it wasn't owned by my employer. The point is, it wasn't very hard to write, and once I went away from scripts for each protocol and to one program that could understand a description of the protocol, things were great. We stopped screw ups relating to misreading a dump, and adding new protocols became trivial. Plus the textual description of the protocol went straight into the development specs so the software guys would know what to do with the hardware. I encourage you to take a crack at it.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文