1.8 Basic file format concepts

Much of the rest of this guide revolves around being able to pull part file formats and it will be covered and related back a bit to the underlying hardware and the concepts the area is based on but there are things to look for when pulling apart a file.

Identifiers

also known as magic stamps these are small lengths of usually ASCII text or hexadecimal that are “unique” to the start of a given file format, section thereof or command.

Lengths

most times the lengths of a file or the files contained within an archive format are very important to have. It need not be present if you can calculate the lengths otherwise.

Pointers

as well as lengths the locations of the files are useful to have as are the sub sections of a complex file format and these will tend to have values that state the location of them (point if you will).

Header

the start (or sometimes end) of a file that often houses information on the rest of the file.

It gets a lot more complex, area specific and there are various methods and pitfalls some of which have already been mentioned (things like word alignment) but if you can find one or more of the above and document those you will usually be well on your way to reverse engineering a file format.

Also for an example on why your hex editor will want to be able to change the size of the window (preferably when maximised and with a simple click and drag of the mouse)

Just having opened the file and then after quick resize and a tiny delete

PIC

PIC