I regularly copy bytes from my command-line tool over to 010 Editor to have this data represented by the Inspector using different formats, like this:
format-bytes.py is a new tool with which I try to achieve a similar result:
Using option -f, it is essentially a wrapper for the struct module. In the following example, we parse the beginning of the PE header of 2 Windows executables:
This shows us that both files have 6 sections and that notepad is from 2016 and regedit from 2017.
-f IHHI uses the struct module’s formatting to specify how to parse the bytes, and “#c#[‘PE’]:” is a cut-expression to carve the PE header out of the executables.
format-bytes_V0_0_3.zip (https)
MD5: CFE426B605DEDA6E388C1F62D2655A31
SHA256: 227C3911A0D2B9D8E524B44D5B4F80EBAABD34810A11A9189B09ADFA5D2FB67A


Article Link: https://blog.didierstevens.com/2017/12/19/new-tool-format-bytes-py/