Created
September 26, 2015 11:08
-
-
Save ariscop/ed2e4300c446f5264036 to your computer and use it in GitHub Desktop.
Notes from my attempts to RE myobs file format
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Header, 0x80/0x800 long? | |
| first record starts at 0x800 | |
| NOT alligned (some things are 2 byte aligned) | |
| From the upgrade guide: | |
| 0 - no record header | |
| 10 - variable length record header | |
| 18 - superfile record header | |
| 22 - resource record header | |
| 0xFAFA 'Active Data Record' | |
| 0xFDFD 'Deleted Data Record' | |
| 0xFEFE 'Resource Record' | |
| """ | |
| NON_SUPER (0) - not a superfile | |
| HST_SUPER (1) - superfile host | |
| MBR_SUPER (2) - superfile member | |
| IDX_SUPER (6) - superfile directory member | |
| DATA_FILE (0)- data file | |
| INDX_FILE (1)- index file | |
| VDAT_FILE (2)- variable length data file | |
| """ | |
| file size allocated record start? | |
| 00000000 FFFFE614 00000000 0998E614 00080000 ................ | |
| 00000010 61000000 64000000 00000000 00000000 a...d........... | |
| 00000020 00000000 00000000 81000008 00000080 ................ | |
| 00000030 07020402 E007EE07 00000102 00020204 ................ | |
| 00000040 02000C00 00000000 00000000 00000000 ................ | |
| 00000050 00000000 30090000 00000000 01000002 ....0........... | |
| 00000060 FF000000 2F000000 00000000 098F0100 ..../........... | |
| 00000070 00000000 00000000 00000000 00000000 ................ | |
| 0x10: 0x61 tables | |
| 0x14: 0x64 rows+resources in table 0x0 | |
| 0x38: Not a pointer | |
| 0x54: Points to the first table definition, which is for table 0 | |
| 0x 800 Resource 0xfefe 0x1f 0x9 0x0 0x9b0 | |
| 0x 9b0 Resource 0xfefe 0x800 0x7ea 0x0 0x87800 | |
| 0x87800 Resource 0xfefe 0x3f 0x29 0x0 0x800 (loop?) ("VER_INFO", "MYOPDATA") | |
| Flags always set to 0x0 in 0xfcfc and 0xfdfd | |
| There appear to be 3 records involved with table definition | |
| for example, the shcut table | |
| 0x84000 ? (references 0x847E8?) | |
| 0x847E8 FC!DEF | |
| 0x85000 ? (contains/references .dat and .idx) | |
| FAFA Record | |
| FCFC changed? seems to contain old data (0x9000, conntains "FC!DEF") | |
| FDFD Deleted | |
| FEFE Resource | |
| FBFB does not appear to exist, cannot locate F\dF\d within noise | |
| row fmt has different namspace/meaning for resources? | |
| too many row fmts? 98 seperate values | |
| 3 0xfefe 0x0 | |
| 97 0xfafa 0x0 | |
| 47965 0xfdfd 0x0 | |
| 97 seperate `table`.dat rows for 98 row formats | |
| 0x81f type 0x1 table definition? | |
| using mydatacli as a reference | |
| fmt record fmt all | |
| Table, row_fmt, entries, entries, entries | |
| ctrans 0xe 176014 176013 176019 | |
| iline 0x20 128891 128882 128886 | |
| alpha 0x4 120917 120859 120864 | |
| memo 0x6 26486 26358 26361 | |
| ctreedn.pdf: 3.12 Multi-Record Virtual Tables | |
| >>>> Multiple row types per table <<<< | |
| offset depth? Reserved Record_ID Type Changes Parent Parent_Type String | |
| F4F2E [ record header, shared by everything? ] 6208 6 1 58849 7 P a y m e n t ; F R E E D O M T O O W O O M B A | |
| start len used table prev/parent? | |
| FAFA 53000000 40000000 06000000 DB4E0F00 0000000000000000 40180000 0600 0100 E1E50000 0700 5061796D656E743B2046524545444F4D20544F4F574F4F4D424100000000000000000000 00000000000000 | |
| FAFA 53000000 37000000 06000000 884E0F00 0000000000000000 3F180000 0600 0100 D5E50000 0700 53616C653B2046524545444F4D2C20333100000000000000000000000000000000 00000000000000000000 | |
| 5800 alpha table schema? alpha.idx "F C ! D E F" (FC == faircom, this is a resource name, table definition?) | |
| FEFE 00080000 EA070000 04000000 00600000 CB490000 00000000 01000000 464321444546 [lots of data] | |
| 6000 Row data | |
| FEFE 3A000000 24000000 04000000 CB490000 005800007211010000000000416C7068615265635A20200022B90200000000000000000000000000 | |
| .dat FAFA 91010000 7F010000 00000000 00000000 6D656D6F2E6461742020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020000000FFFFFFFFCB610000C593E614DD880000000000001288D30300000000000000008100EE071600000087000400C807DC07000001020002020402000C000000000012186000060000004B61000000000000000000000200FB01FF0000002F0000000000000029CD000000000000000000000000000000000000 | |
| FEFE 1F000000 09000000 06000000 00700000 00780000000000000 | |
| .idx FAFA 91010000 7F010000 00000000 00000000 6D656D6F2E696478 [index(?) omitted] | |
| 7800 | |
| FEFE 3A000000 24000000 06000000 CB610000 0070000073110100000000004D656D6F5265635A20202000AD850000000000000000000000000000 | |
| .dat FAFA 91010000 7F010000 00000000 00000000 63686163632E646174202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020FFFFFFFF6AC37D08FFFFFFFFCB790000FA1B5C14DF000000D0000000000000000000000000000000810000004002000083000000C807DC070000010200020204000000000000000000000000080000004B79000000000000000000000200FB01FF0000002F000000000000006401000000000000000000000000000000000000 | |
| FEFE 1F000000 09000000 08000000 3EC40000 56B50000000000000 | |
| .idx FAFA 11080000 FF070000 00000000 00000000 63686163632E696478 [index(?) omitted] | |
| Resource format | |
| (double linked list) | |
| 0x2000 FEFE 1F000000 09000000 02000000 00380000 00400000 00000000 00 | |
| "F C ! D E F" padding | |
| 0x3800 FEFE 00080000 EA070000 02000000 3A400000 00200000 00000000 01000000 46432144454600 00 F0040000 FAF9E14C18010000600360037804000030003000A804000048004500000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |
| "F C ! C I D X" Conditional Index "T y p e = = 5 2" | |
| 0x403a FEFE 00080000 EA070000 02000000 00400000 00380000 00000000 05000000 4643214349445800 01000000 0200 0B00 00000000 54797065203D3D20353200 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |
| "M i s c R e c Z " | |
| 0x4000 FEFE 3A000000 24000000 02000000 00200000 3A400000 71110100 00000000 4D6973635265635A20202000 4A000000 0000000000000000 | |
| 0x4 = alpha table | |
| 0x49cb FEFE 1F000000 09000000 04000000 00580000 00600000 00000000 00000000 00 | |
| "F C ! D E F" padding | |
| 0x5800 FEFE 00080000 EA070000 04000000 00600000 CB490000 00000000 01000000 46432144454600 00 D8030000 FAF9E14C18010000F800F1001002000090009000A0020000380134010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |
| "A l p h a R e c Z " | |
| 0x6000 FEFE 3A000000 24000000 04000000 CB490000 00580000 72110100 00000000 416C7068615265635A202000 22B90200000000000000000000000000 | |
| mark length used table prev next type? number? name data | |
| Referenced by .dat and .idx records in table 0 | |
| api guide, 3.7 Working with Resource | |
| "It can be advantageous at times to attach auxiliary information to a particular table that does not | |
| conform to the record structure of that table." | |
| row fmt matches maybe? | |
| type/number/name | |
| FC!DEF Format | |
| table name lenghts include the legth byte and null | |
| (type, len) = '<HH' | |
| name = len + name + 0x00 | |
| where len = sizeof(len) /*1*/ + sizeof(name) + sizeof((char)0x00) | |
| 0x7226, number of field types followed by number of field names? | |
| 0x00 Null? | |
| 0x3B int? | |
| 0x29 int? | |
| 0x92 CT_? (string) | |
| FC!CIDX Format: | |
| Index format: | |
| Header: | |
| prev? next? keys len unknown unknown | |
| left? right? | |
| system.idx | |
| 00000000 00000000 6000 3704 00000000 0001 | |
| iline.idx | |
| @46B012 | |
| 12785800 00000000 0000 0000 00000000 0001 | |
| @587812 | |
| 12B85700 12B04600 0000 0000 00000000 0001 | |
| @57B812 | |
| 12185700 12785800 0000 0000 00000000 0001 | |
| @886812 | |
| 12F08A00 12B08500 6500 2803 00000000 0001 | |
| len is the number of bytes following the header | |
| string keys are 'compressed', prefixed by a signed byte which is the | |
| negation of the number of bytes, and the byte before that is an offset | |
| within some buffer | |
| Date and time format | |
| I don't even | |
| little big endian date | |
| 0xC5782500 0x002578C5 2011-07-06 | |
| 0xBF782500 0x002578BF 2011-06-30 | |
| 0x497D2500 0x00257D49 2014-09-04 | |
| 0x477D2500 0x00257D47 2014-09-02 | |
| 0b1001010111100 0110 00101 | |
| 0b1001010111100 0101 11111 | |
| 0b1001010111110 1010 01001 | |
| 0b1001010111110 1010 00111 | |
| 0b1001010111100011000101 | |
| 0b1001010111100010111111 | |
| 0b1001010111110101001001 | |
| 0b1001010111110101000111 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment