Extract¶

Platform:	Unix
Class Authors:	Authors: Logan Rickert, Cole Loewer, David Sutherin
Standard:	Flake8

The main purpose of this class is to extract some basic information from the raw data stored within the file.

Requirements:

class FoRREST.plugins.extract.Extract.Extract(forrest)¶

get_architecture()¶

get_compiler()¶

Description:: Returns the name of the compiler used to compile the file if present.
Example:: file = random.out returns “GCC: (Ubuntu 4.8.4-2ubuntu1~14.0.4.3) 4.8.4.”
Returns:: str - Compiler used

get_elf_header(item=None)¶

Description:

Gets the data from the elf header and returns it.

Args:

item - Only get entry in the elf header.

Example:

}

Returns:

dict([[str, str], ...]) - A dictionary of the elf header.

get_filetype(mime=True)¶

Description:: Returns the type of file for the current file based on a sequence of bits at the start of the file. This is considered the mime type.
Args:: mime (bool): Return the mime type or the full mime.
Example:: #!/bin/bash Returns: text/x-bash;
Returns:: str - The mime type

get_section_ascii(section)¶

Description:: Returns the given section in ascii.
Args:: section (str) - The section of the file.
Example:: section = ”.comment” returns “GCC: (Ubuntu 4.8.4-2ubuntu1~14.0.4.3) 4.8.4.”
Returns:: [str, str, ...] - The section in ascii.

get_section_hex(section)¶

get_sections()¶

Description:

Returns a list of section headers for a file.

Example:

file = random.out returns [

‘.interp’, ‘.note.ABI-tag’, ‘.note.gnu.build-id’, ‘.gnu.hash’, etc

]

Returns:

[str, str, ...] - A list of the sections.

get_version()¶