Synalysis logo

Synalyze It! - Hex Editor for Mac

Reverse Engineering and Binary File Analysis made easy

Scripting

Here you find useful scripts for
Synalyze It! Pro
. Install them by clicking on the links provided the Pro version is installed already.
If you created own scripts that may be of use for others you're welcome to share them - just send an
email
to me with the .script file!

Scripts working on Grammars

Export grammar to C structures
:
ExportToC.script
(tkInter currently works only on OS X — if you use the script with Hexinator on Linux or Windows, please use a fixed output file name)

Scripts working on Files

Import Intel iHex
:
ImportiHex.script
(To make this script work, download the excellent
IntelHex package
from
Alexander Belchenko
and adjust the path in the script to where you installed it.)

Scripts for Custom Data Types

DOSDateTime.script
decodes and encodes a
DOS Date/Time
structure
HexStringLength.script
decodes and encodes a
hex string followed by line feed
(0x0A) as a number to be used as length for other elements. This script will work with Synalyze It! Pro 1.4 (some methods were added for this script to work).
PythonTimestamp.script
decodes and encodes a
time stamp in pychex
files.
EvenPascal.script
parses a
Pascal string
that always consumes an even number of bytes.
FILETIME.script
decodes and encodes a
Windows FILETIME
structure.

Scripts for Script Elements

Scripted elements allow to extend grammars beyond what’s possible with standard means.
This small Python script exposes the current parsing position so that you can reference it in another element, typically an offset element as additional value:
results = currentMapper.getCurrentResults()
currentPos = currentMapper.getCurrentOffset()
posValue = NumberValue()
posValue.setUnsigned(currentPos)
currentElement = currentMapper.getCurrentElement()
results.addElement(currentElement, 0, 0, posValue)
An extended version of the previous script inserts a binary element when the current parsing position is not a multiple of 4 (padding to 4 bytes alignment:
currentPos = currentMapper.getCurrentOffset()
paddingBytes = 4 - (currentPos % 4)
if paddingBytes < 4:
posValue = NumberValue()
posValue.setUnsigned(currentPos)
currentGrammar = currentMapper.getCurrentGrammar()
paddingStructure = currentGrammar.getStructureByName("Padding")
paddingElement = paddingStructure.getElementByName("PaddingElement")
currentMapper.mapElementWithSize(paddingElement, paddingBytes)
The following Python script parses a string at the current position that uses the previously parsed number as length if it doesn’t exceed the remaining space:
# get collection with results so far
results = currentMapper.getCurrentResults()
# get latest added result
lastResult = results.getLastResult()
# access the parsed value
value = lastResult.getValue()
# get the number
stringLength = value.getUnsignedNumber()
currentPos = currentMapper.getCurrentOffset()
remainingBytes = currentMapper.getCurrentRemainingSize()
actualSize = min(stringLength, remainingBytes)
byteView = currentMapper.getCurrentByteView()
string = byteView.readString(currentPos, actualSize, "ISO-8859-1")
stringValue = Value()
stringValue.setString(string)
currentElement = currentMapper.getCurrentElement()
results.addElement(currentElement, actualSize, 0, stringValue)

Examples for scripting usage in Grammars

Kelvin created a small grammar that shows how to represent an
offset to an array of structures
using a Lua script:
Array_Offset_Grammar.grammar