IBEX - Interactive Binary Examiner

Ibex is a program for easy examination, parsing or tagging and printing binary files.
Hopefully it's useful for getting a better understanding of unknown file formats.

Concepts

The application holds one or more instances of Datafile, that represent files that
are analyzed. Each datafile has opened and mmaped the original file and possibly has
also some overlays. Overlays are parts of the file where the original data are
replaced with a new content - e.g. decrypted or unpacked blocks.

The Datafile also holds instances of Span, either in database or in memory. Spans create
a hierarchical structure (tree), and represent file's nested data structures from the
topmost one down to basic data types.

Each Span contains its ID, information about its parent, Overlay it belongs to, an offset
within the Overlay and a size in bytes. It can also have numerous tags, the most
important being name and type.

Example:

0x0000 .. .. PICT....
0x0010

+---------------------------------------------------------------------- ...
|1 p:0 o:0 s:2567
+----------+------------------------------------------------------+---- .
|2 p:1 o:0 s:12 n:header |3 p:1 o:12 s:... n:data |
+------------------+-----------------------------------+
|3 p:2 o:0x1c s:4 |4 p:2 o:0x20 s:12 |
+------------------+--------+--------+-----------------+
|5 p:4 o:0x20 s:4 |6 p:4 o:0x24 s:4 | |6 |7 |
+-----------------+- ----+----+

Tags

color - color used for drawing a span, e.g. 'red'