Difference between revisions of "Hachoir"

From ForensicsWiki
Jump to: navigation, search
m (adding mention of python egg files , which can be used to install under windows.)
 
(11 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = PyFlag |
+
   name = Hachoir |
   maintainer = [[Michael Cohen]], [[David Collett]] |
+
   maintainer = Victor Stinner |
   os = {{Linux}}, {{Web-based}} |
+
   os = {{Cross-platform}} |
 
   genre = {{Analysis}} |
 
   genre = {{Analysis}} |
 
   license = {{GPL}} |
 
   license = {{GPL}} |
   website = [http://www.pyflag.net/ pyflag.net] |
+
   website = [http://bitbucket.org/haypo/hachoir/wiki/Home] |
 
}}
 
}}
  
'''Hachoir''' is a generic framework for binary file manipulation.
+
'''Hachoir''' is a generic framework for binary file manipulation. Written in Python, it's operating system independent and has many text/graphic user interfaces (ncurses, wxWidget, Gtk+). Although it contains a few functions to modify files, it is generally intended for examining existing files. Hachoir currently supports more than sixty file formats. File format recognition is based on the headers and footers in a disk image of file. It has a fault tolerant parser designed to handle truncated or buggy files. The framework also automatically adjusts for endian or character set issues.  The framework can be scripted and extended.
  
Hachoir supports many file formats (more than 60 formats) and have many features:
+
The package includes several sample programs based on the core framework and parser:
* Fault tolerant parser (truncated/buggy file or buggy parser)
+
* Smart syntax: you don't have to care about endian or charset, and you can mix byte and bit fields
+
* Few functions to modify files
+
* File recognition using header/footer in a disk image (in any file) with few false positive (each file is checked using the parser)
+
* Written in Python: OS independant and easy to script/extend
+
* curses, wxWidgets and Gtk interfaces
+
* Many programs based on hachoir-core and hachoir-parser:
+
** hachoir-strip: remove metadata and other "useless" informations
+
** hachoir-grep: find substring in a binary file (using hachoir parsers: so search is Unicode aware)
+
** hachoir-subfile: find all subfiles in a file
+
** etc.
+
  
== Links ==
+
* hachoir-metadata: extract metadata
 +
* hachoir-strip: remove metadata and other "useless" informations
 +
* hachoir-grep: find substring in a binary file (using hachoir parsers: so search is Unicode aware)
 +
* hachoir-subfile: find all subfiles in a file
  
* [http://hachoir.org/ hachoir.org]: Hachoir website
+
The current version of hachoir-core is 1.3.4 and was released in February 2010. Precompiled packages are available for the Debian, Gentoo, Mandriva, and Arch [[Linux]] distributions along with FreeBSD'''.
 +
There are Python egg files which can be used to install it in Windows.
 +
 
 +
== External Links ==
 +
 
 +
* [http://bitbucket.org/haypo/hachoir/wiki/Home/ Official website]
 +
Python egg files :
 +
* [http://pypi.python.org/pypi/hachoir-core hachoir-core]
 +
* [http://pypi.python.org/pypi/hachoir-parser hachoir-parser]
 +
* [http://pypi.python.org/pypi/hachoir-metadata hachoir-metadata]
 +
* [http://pypi.python.org/pypi/hachoir-urwid hachoir-urwid]
 +
* [http://pypi.python.org/pypi/hachoir-wx hachoir-wx]
 +
 
 +
[[Category:Metadata]]
 +
[[Category:Windows]]
 +
[[Category:Linux]]
 +
[[Category:FreeBSD]]

Latest revision as of 22:56, 4 April 2012

Hachoir
Maintainer: Victor Stinner
OS: Cross-platform
Genre: Analysis
License: GPL
Website: [1]

Hachoir is a generic framework for binary file manipulation. Written in Python, it's operating system independent and has many text/graphic user interfaces (ncurses, wxWidget, Gtk+). Although it contains a few functions to modify files, it is generally intended for examining existing files. Hachoir currently supports more than sixty file formats. File format recognition is based on the headers and footers in a disk image of file. It has a fault tolerant parser designed to handle truncated or buggy files. The framework also automatically adjusts for endian or character set issues. The framework can be scripted and extended.

The package includes several sample programs based on the core framework and parser:

  • hachoir-metadata: extract metadata
  • hachoir-strip: remove metadata and other "useless" informations
  • hachoir-grep: find substring in a binary file (using hachoir parsers: so search is Unicode aware)
  • hachoir-subfile: find all subfiles in a file

The current version of hachoir-core is 1.3.4 and was released in February 2010. Precompiled packages are available for the Debian, Gentoo, Mandriva, and Arch Linux distributions along with FreeBSD. There are Python egg files which can be used to install it in Windows.

External Links

Python egg files :