Function
| Arg | Description | Type |
|---|---|---|
| filename | Binary file to open. | OSPath (required) |
| accessor | The accessor to use | string |
| profile | Profile to use (see https://github.com/Velocidex/vtypes) . | string |
| struct | Name of the struct in the profile to instantiate. | string (required) |
| offset | Start parsing from this offset | int64 |
Parse a binary file into a data structure using a profile.
This plugin extract binary data from strings. It works by applying a profile to the binary string and generating an object from that. Profiles are a json structure describing the binary format. For example a profile might be:
[
["StructName", 10, [
["field1", 2, "unsigned int"],
["field2", 6, "unsigned long long"],
]]]
]
The profile is compiled and overlaid on top of the offset specified, then the object is emitted with its required fields.
Please refer to Binary Parsing for a background in parsing binary data for forensic purposes and for instructions on how to construct profiles like the example above.
More detailed information about profiles and their implementation can be found in the vfilter module documentation.