Main Page | Alphabetical List | Data Structures | Directories | File List | Data Fields | Globals | Related Pages

FRET and libfret - helping understand file formats



What exactly is FRET?

FRET is a command line tool which can analyse a single or multiple files in order to identify structures within these files. It is designed to be a developerīs tool which can be used to analyse files when the developer does not know the internal structure of the files. It complements currently available tools such as hex editors and binary diff tools.

and libfret?

The programīs functionality is based around a library called libfret. libfret has a clear API and is designed to be easily integrated with other tools. libfret can analyse any buffer(s) containing data.

How are structres identified?

There is no magic here. Each file or buffer is firstly scanned using a heuristic algorithm which attempts to identify the data structures within the buffer. If it does identify a structure, it also assigns a risk to this structure - the risk is a statistical measure of how probable it is that the structure is not genuine and just a random occurance within the file. When all the buffers have been scanned individually, they are also compared to each other with the aim of identifying structures common to more than one buffer. Finally, all of the detected structures are analysed and rationalised and a list of detected structures is output. FRET and libfret are not designed to be fast - they should perform a slow, methodical analysis of the target files. The most important design goal was to create an architecture which allows the painless integration of new functionality.

FRETīs Terminology

The libfret API uses a specific terminology. The most important terms are;

The 6 Phases?

The analysis of a buffer or buffers is divided into 6 Phases. The libfret API allows single or multiple buffers to be analysed. If only a single Buffer is analysed then only Scans from Phases that do not require multiple Buffers can be used. Improved results can be obtained by analysing a larger number of Buffers.

More Information

If more information is required, please see the FRET project website.

See also:

Thanks to.....

Damian Ivereigh for his excellent Red-Black Tree implementation called libredblack. Multiple Red-Black Trees are used for internal Gram storage.
See also:
Landon Curt Noll for making the FNV (Fowler-Noll-Vo) hash source code available in the Public Domain.
See also:


The project source code is released under the GNU General Public License. For more information see the file COPYING that is distributed with the source code.

See also: for more licence information.


Michael McCarthy is a professional Software Engineer. He can be contacted at <>
Generated on Thu Jan 19 18:59:19 2006 for FRET by  doxygen 1.4.4