..u$ 0ADB:0170 A A C9 75 1D 0A-C B 0E E3.$...u...t...!.. -R AX=0000 BX=0000 CX=004C DX=0000 SP=FFEE BP=0000 SI=0000 DI=0000 DS=0ADB ES=0ADB SS=0ADB CS=0ADB IP=0100 NV UP EI PL NZ NA PO NC 0ADB: PUSH SP">

Presentation is loading. Please wait.

Presentation is loading. Please wait.

DAT2343 File Dump Analysis © Alan T. Pinck / Algonquin College; 2003.

Similar presentations


Presentation on theme: "DAT2343 File Dump Analysis © Alan T. Pinck / Algonquin College; 2003."— Presentation transcript:

1 DAT2343 File Dump Analysis © Alan T. Pinck / Algonquin College; 2003

2 ASCII Text File Example C:\03F\dat2219d\projects>DEBUG -Nascii.txt -L -D 0ADB: F 72 6C E The world ended 0ADB: D F E 20 at 10 am today. 0ADB: F D 0A 6A You are..just d 0ADB: D 69 6E E E 67 reaming anything 0ADB: E 08 FE after that....c 0ADB: C0 EB C4 D0 E8 0A A ".....%.. 0ADB: D0 E0 D0 E0 A2 1E E >..u$ 0ADB:0170 A A C9 75 1D 0A-C B 0E E3.$...u...t...!.. - Variable length lines terminated with 0D 0A (carriage return and line feed) Translation supplied in right-hand column area Only possible problem is in determining where the file ends.

3 Determining File Size C:\03F\dat2219d\projects>DEBUG -Nascii.txt -L -D 0ADB: F 72 6C E The world ended 0ADB: D F E 20 at 10 am today. 0ADB: F D 0A 6A You are..just d 0ADB: D 69 6E E E 67 reaming anything 0ADB: E 08 FE after that....c 0ADB: C0 EB C4 D0 E8 0A A ".....%.. 0ADB: D0 E0 D0 E0 A2 1E E >..u$ 0ADB:0170 A A C9 75 1D 0A-C B 0E E3.$...u...t...!.. -R AX=0000 BX=0000 CX=004C DX=0000 SP=FFEE BP=0000 SI=0000 DI=0000 DS=0ADB ES=0ADB SS=0ADB CS=0ADB IP=0100 NV UP EI PL NZ NA PO NC 0ADB: PUSH SP

4 Fixed Record Structure Files Considerations Word size Big endian / Little endian Slack bytes Record structure

5 Sample Fixed Structure File 32-bit word Little endian Slack bytes required int – char[2] - float 0ADB: A C2 4B F6 FF FF 0ADB: C D

6 Field Value Analysis Because this file was identified as little endian, int and float byte sequences need to be reversed. 0ADB: A C2 4B F6 FF FF 0ADB: C D int fieldchar[2] fieldfloat field Record A 41C (1 decoded) +2374JA-72.5 Record 2 FF FF F6 4B (2 decoded) -2484FE+48.0

7 EBCDIC-based File Characteristics Field types: EBCDIC characters, 2s complement, float, zoned decimal, and packed decimal Always big endian Fixed length records (no terminating CR & LF) Slack bytes (if needed) before int and float fields to force int and float to even address

8 Sample EBCDIC Analysis Record format: int – char[4] – packed[3] – zoned[5] int : 2s complement; char : EBCDIC 24A1: C3 40 A D F1 F0 F0 F0 C0 FF 00 24A1: E8 F2 C C F0 F0 F2 F1 D0 03 C1 C1 82 intchar[4]packedzoned Record C3 40 A DF1 F0 F0 F0 C0 (1 decoded) +513C te Record 2 FF 0099 E8 F2 C CF0 F0 F2 F1 D0 (2 decoded) -256rY2G

9 End of Lecture


Download ppt "DAT2343 File Dump Analysis © Alan T. Pinck / Algonquin College; 2003."

Similar presentations


Ads by Google