Technical Articles

Stefan Schnell

October 10, 2012 2 minute read

How to store a binary file as function module

Many information is stored in different files with different formats. This information is often important for the customer and there is the question, how to transport this to a customer. For this case I code a program, called BinFile2ABAP, which offers this possibility. With BinFile2ABAP you can store each file in an ABAP function module.

It converts the file to an ABAP source code as a function module, form or report. With the call the file is saved on the presentation server and executed. BinFile2ABAP can also create base64 encoded JSON and PowerShell files from any file too. You can use this JSON file in the context of your SAPUI5 development, e.g. to simulate backend databinding, via OData and the SAP Gateway, as local databinding.

With this kind of information you can extend your possibilities. You can integrate each type of file you want in your ABAP program, e.g. Adobe Flash and Portable Document Format (PDF), Compiled HTML Help (CHM), all image, sound and video formats etc.

BinFile2ABAP is free and you can download it from here.

The process to generate ABAP code is very easy. Choose the binary file you want, press the button Create Code and save the file to disc. Transfer the code in your ABAP editor via clipboard or upload – that’s all.

You can choose the line width, 16, 32, 64 or 125 bytes, this means, 32, 64, 128 or 250 characters in a line. It is dependence from the file size, because the ABAP interpreter allows max. 65535 lines to concatenate. With 125 bytes and 65535 lines you get a file size limit from 8’191’875 bytes. It is possible to create an ABAP source with more lines, but you can not compile it.

The process to generate JSON code is also very easy. Choose the binary file you want, press the button Create Code and save the file to clipboard or disc – that’s all. You can find an example how to use it here.

2018/04/02: Update is available

Change variable arrangements in the ABAP sources.
Add the possibility to create PowerShell file.
Update to a new compiler version

2016/11/20: Update is available

Change variable names in the ABAP sources to another prefix.
Update to a new compiler version.

2016/04/01: Update is available

Add now a few information as comment in the source about the file, like name, size, last modification date and time and MD5 hash
Add now Authority-Check stub in the ABAP sources

2015/11/22: Update is available

Now two versions are available, x86 and x64.
Checked with Windows 10 x64.

2015/02/15: Update is available

Add the possibility to create JSON file with base64 encoded content.
Add the possibility to create function modules with an export interface.
Add the possibility to create function modules in ABAP in Eclipse (AiE) style.
New GUI design with tabs.
Delete the possibility to create ABAP code with more than 65535 lines, because it has no practical significance.

19 Comments

You must be Logged on to comment or reply to a post.

solen dogan

July 17, 2013 at 5:57 am

Hi Stefan

İt seems quite interesting, so this converts everything into a function module

And then loads it into SAP for use, is that the way it works?

So basically makes an ABAP version of the library

And also is this for Microsoft only or for all types of libraries

e.g image, video, etc..

Stefan Schnell

Blog Post Author

July 17, 2013 at 6:08 am

Hello Solen,

thanks for your reply.

...this converts everything into a function module and then loads it into SAP for use, is that the way it works? Yes, but it loads the stored file on the presentation server.
...is this for Microsoft only or for all types of libraries e.g image, video, etc.? It is for all types.

Cheers

Stefan

Former Member

September 13, 2013 at 11:13 am

Hi Stefan,

Very informative and useful document.

Regards,

Ankita

Stefan Schnell

Blog Post Author

September 13, 2013 at 12:41 pm

Hello Ankita,

thanks for the reply.

You find an additional document below, which describes the using of BinFile2ABAP on a practical example. The document is outdated, but it is a good example.

Cheers

Stefan

Sander Boers

January 15, 2014 at 11:39 pm

Hi, the URL is broken.

Stefan Schnell

Blog Post Author

January 16, 2014 at 7:06 pm

Hello Sander,

thanks for your reply and your hint. You find the PDF document now inside the post.

Cheers

Stefan

Syambabu Allu

September 13, 2013 at 12:46 pm

Very interesting Stefen.

Thanks,

Syam

Sander Boers

January 15, 2014 at 11:39 pm

Hi Stefan,

when should you use this, instead of uploading a file to the sap file server? Or load it as Mime object into SAP?

Best,

Sander

Stefan Schnell

Blog Post Author

January 16, 2014 at 11:19 am

Hello Sander,

thanks for your reply.

BinFile2ABAP use another way, it stores the binary file direct as ABAP code.

It is just a different way than the MIME-Repository.E.g. you could use it, if you want to deliver only ABAP code and no other transport objects. It has in comparsion to the MIME-Repository no other important advantages - it is an alternative.

Cheers

Stefan

Jan Penninkhof

April 13, 2016 at 10:44 am

Taking an arbitrary file and storing it in an area where it's executable sounds quite dodgy to me. I would advise against this at all time as it may lead to security issues.

Please use the mime repository or BDS instead for the use cases mentioned.

Stefan Schnell

Blog Post Author

April 13, 2016 at 6:15 pm

Hello Jan,

thank you for your reply.

I don't understand your security reasons, because you can store a binary file in the MIME repository or in a function module but what is the difference for the content of the binary file? I think nothing. The container of the binary file is from the perspective of security no difference.

Cheers

Stefan

Jan Penninkhof

April 15, 2016 at 12:36 pm

Hi Stefan,

The difference between Mime repo and a function module is that the first is that Mime space is not-executable, while a function module is. Because you are injecting something that should not be executable into executable space, it might eventually be used as an attack vector.

Hope this clarifies?

Cheers,

Jan

Stefan Schnell

Blog Post Author

April 15, 2016 at 7:02 pm

Hello Jan,

thank you for your reply.

I must confess that I still not understand your arguments.

You can execute the content of the MIME repository also easily, here an example:

Function Test.
*"----------------------------------------------------------------------
*"*"Local Interface:
*"----------------------------------------------------------------------

  "-Variables-----------------------------------------------------------
    Data l_File Type XString.
    Data l_rif_MR_API Type Ref To if_mr_api.
    Data l_url Type String Value '/sap/public/components/test.exe'.
    Data l_WorkDir Type String.
    Data l_FileName Type String Value 'Test.exe'.
    Data l_FilePath Type String.
    Data l_dTab Type Table Of x255.
    Data l_len Type i.

  "-Binary File---------------------------------------------------------
    If l_rif_MR_API Is Initial.
      l_rif_MR_API = cl_mime_repository_api=>if_mr_api~get_api( ).
    EndIf.

    Call Method l_rif_MR_API->get
      Exporting i_url = l_url
      Importing e_content = l_File
      Exceptions Others = 1.

  "-Get path of SAP work directory--------------------------------------
    Call Method cl_gui_frontend_services=>get_sapgui_workdir
      Changing
        SAPWORKDIR = l_WorkDir
      Exceptions
        Others = 1.

  Concatenate l_WorkDir '\' l_FileName Into l_FilePath.

  "-Store file----------------------------------------------------------
    Call Function 'SCMS_XSTRING_TO_BINARY'
      Exporting
        BUFFER = l_File
      Importing
        OUTPUT_LENGTH = l_len
      Tables
        BINARY_TAB = l_dTab.

    Call Function 'GUI_DOWNLOAD'
      Exporting
        BIN_FILESIZE = l_len
        FILENAME = l_FilePath
        FILETYPE = 'BIN'
      Tables
        DATA_TAB = l_dTab
      Exceptions
        Others = 1.

  "-Execute file--------------------------------------------------------
    Call Method cl_gui_frontend_services=>execute
      Exporting
        DOCUMENT = l_FilePath
      Exceptions
        Others = 1.

EndFunction.

Let us determine, it is no difference where the content is stored. As I show in my example above, you can use the same method with the MIME repositoy.

I think it is a question of the use case to decide if an "injection" of something should be execute on the frontend server or not. You can't say generally that should not be executable.

So last but not least in my eyes your argument is that an eventually attacker can use his chance with the command cl_gui_frontend_services=>execute, indenpendently where the content is stored. But this risk is always present, it is no special problem of this method.

Let us look to one of my use cases:

I embed a PDF in a function module and if the user press a button on the screen the file is downloaded and executed with the local installed Acrobat viewer.

In this function module is my user name, the creation date and the date of the last modification date stored. If something is suspicious with the content of the file the local security system of the frontend server will detect and prevent this activities. The chance to attack a frontend server on this way is considered optimistic near by null, also the backend server - and why should I attack a backend server where my function module is executed, it is going easier.

Therefore, it is all SAP standard, no tricks and I don't understand your security reason arguments furthermore.

Cheers

Stefan

Jan Penninkhof

April 15, 2016 at 8:44 pm

Thank you for your very elaborate reply Stefan.

It's just that pushing data into a location where it's directly executable is simply not a practice I could recommend. So I'm afraid we're going to have to agree to disagree on the topic

Have a great weekend!

Stefan Schnell

Blog Post Author

April 17, 2016 at 6:35 am

Hello Jan,

thank you for your reply.

This argument I can understand well, but it was important for me to emphasize that the container of the binary data does not matter.

Cheers

Stefan

Juwin Pallipat Thomas

April 15, 2016 at 8:48 pm

Few concerns:

A developer will always have to depend on this tool, whenever a new version of the file has to be updated, whereas, MIME repository doesn't require any special tools.
In the example code given, there isn't enough documentation on how the function module was generated. Hence, the developer wouldn't have a clue on where to go to get the tool. Even if you provide a URL link in a comment, links on the internet always breaks after a few years - links on SCN itself are examples, many of the links on SCN blogs are broken and don't work anymore.
Does this method provide a value addition or time savings, over MIME repository?
Especially with compiler limitations as you mentioned in the post, isn't this method more complicated than using MIME repository?
When the file size increases, isn't that putting more load on the compiler - a whole lot of code, doing nothing....?

Please don't be offended, but, I feel that this mechanism is an overkill, when there is a standard and straightforward solution available.

Thanks,

Juwin

Stefan Schnell

Blog Post Author

April 17, 2016 at 4:26 pm

Hello Juwin,

thank your for your reply.

To your concerns:

I my eyes is an additional tool not a disadvantage, e.g. look at the AiE - what is an Eclipse installation without Add-Ins?
This tool transforms a file in an ABAP binary string. You can easily check the correct and suspicion free functionality on your sandbox system if you compare the MD5 hash values of the file before transforming and after the call of the function module.
Broken links are no disadvantage, every provider decides by itself whether he wants to offer software or not.

To your questions:

With this method you save the access to the MIME repository, in my eyes an advantage.
I think the methods are from the programming perspective alomost identically.
With large files you get a problem, you reach with 8 MByte code the line limit of 65535 of the ABAP compiler.
You execute this code in the context of your ABAP code, e.g. to view a PDF, so it is not doing nothing resp. it lies in your hand.

I am not offended about your arguments and your opinion, you have a different perspective and environment. This forum is a platform to exchange these thoughts, it is important for me to present my ideas and it is important for you and each other here to say, hey, good idea but...

Last but not least I want to say, BinFile2ABAP creates standard code and it uses no tricks. However I must confess that the method is really not mainstream.

Cheers

Stefan

Tomas Buryanek

April 18, 2016 at 1:49 pm

I am not sure if I understand what this program does. Can you please explain?

It takes any file and generate ABAP source code (of function module) with hardcoded binary data of that file? What next? Source code is to be manualy copied to SAP?

And why hardcode binary data to source code? Why not use database (Z* table with binary data column)?

Stefan Schnell

Blog Post Author

April 19, 2016 at 3:40 am

Hello Tomas,

thank you for your reply.

The program does exactly what you describe. It takes any file and generates an ABAP source code with the binary data of the file. The generated code must be manually copied to SAP, via clipboard or import. With this way you have only one access to ABAP to get the data, no access to the database or anything else.

Cheers

Stefan

Technical Articles

How to store a binary file as function module

Assigned Tags