a grammar for binary file formats
|with a growing number of binary formats that are being used, there is a
need for specifying these formats in a well-defined way. context free grammars have been
used to specify the syntax of programming langauges. to use a grammar for binary file
formats seems to be a logical choice.
in this page such a grammar, named bff, is described. it has several construct that are not traditionally found in context free grammars for programming language. due to the nature of binary file formats, it is important to be able to reference information that has been read before. for example, a string of characters might be preceded by a number that indicates the lengt of the string.
the terminal symbols of the grammar consist of a number of bytes, representing one of the basic data types, such as: char, short int, long int, float and double. differences in byte ordering for integers, and the different formats for floating point numbers should be taken into account.
due to the nature of binary formats, it is not too restrictive to use only recursive descent grammars, e.i., grammars that can be parsed top-down, and belong to the ll(1) class.
the bff is tested for the dwg file format. as we start with this file format, bff will naturally first focus on the requirements based on this format, and because of this it will be slightly biased.
to specify the grammar of bff we will use a form of extended bnf.
tool support for bff
the first tool i am thinking about is a program that can read the grammar and apply this to a given binary file, resulting in an annotated output.
with this tool should also support the reverse engineering of binary file formats.
in a later state, a tool could be made that generates a parser and the needed data structures for reading a binary file into memory according to the grammar. as it is not always required (nor possible) to read the whole file into memory, it should be possible to generate procedures to read the file interactively.
the form of the bff grammar
a grammar that describes a binary file format consists of the specification of the elementary units of data, and the rules by which these should be grouped together.
the elementary units
we assume that a binary file can be viewed as a stream of bytes (as this is the most commonly used unit of data). usually a number of bytes are grouped together to form data values that cannot be represented by a single byte. to specify a word value consisting of two bytes, for example, we propose the following defintion style:
type word :=
byte : first,
byte : second
return ((word)first | ((word)second << 8)).
a word representation where the lower order byte comes before the higher order is usually used by small endian processors. the expression used on will be based on c. we assume that the following types have been defined on top of the default types of c:
typedef unsigned char byte;
typedef unsigned short int word;
typedef unsigned long int longword;
this leeds us to the definition of the basic types that will be supported:
"char" | "byte" |
"short" | "word" |
"long" | "longword" |
"float" | "double" .
(we assume for the moment that float and double represent floating numbers of 4, respectively 10 bytes.) the grammar of the rule used for defining types is:
"typedef" c_data_type basic_type_name ":="
("byte" ":" byte_name) list
"return" expr "." .
here expr stands for c-like expression using the byte_names as they are used in the rule. the basic_type_names should not be confused with the c_type_names. it is possible that the same name is both used as a basic_type_name and a c_type_name.
the grammar that specifies in which order elementary units are taken from a binary file, makes use of non-terminal symbols and rules for each non-terminal symbol. there will be one non-terminal symbol that will parse the whole binary file, which will be called the root non-terminal symbol. for each non-terminal symbol there has to be a rule describing the elements it consists of, where each element is either an elementary elements or a non-terminal symbols. the rule of the root non-terminal symbol comes as the first rule, and is preceded with the word `root'. the whole bff grammar follows the following grammar:
each rule has a non-terminal symbol on the left-hand side, and a list of elements on the right-hand side. each element is either a elementary element, a non-terminal symbol, or a grouping of elements. because bff assumes a top-down parsing method, it is possible to give each non-terminal symbol a number of parameters. this leads to the following grammar for the rules:
non_term_name ( "(" param list ")" )opt
":=" elem list ".".
each element consist of the following parts:
* an (optional) range, which specifies the range of the file that element may read.
* a data type, which can either be a elementary unit, a non-terminal symbol, or a list of elements enclosed by brackets.
* an (optional) times expression, to indicate that the element can be repeated, either for a given number of times or for an unknown number of times.
* an (optional) identifying name, which can be used later to reference the value found.
* an (optional) equivalence expression, which can be used for checking.
the following grammar describes an element:
elem := range opt
( "[" expr "]"
| "*" )
( ":" elem_name )opt
( "=" c_expr )opt.
range := "[" file_pos (":" file_pos)opt "]".
file_pos := "begin" | "end" | "cur" | expr.
data_type := "(" elem list ")"
| non_term_name ( "(" expr list ")" )opt.