def createFields(self):
yield String(self, "header", 2, "File header (MZ)", charset="ASCII")
yield UInt16(self, "size_mod_512", "File size in bytes modulo 512")
yield UInt16(self, "size_div_512", "File size in bytes divide by 512")
yield UInt16(self, "reloc_entries", "Number of relocation entries")
yield UInt16(self, "code_offset",
"Offset to the code in the file (divided by 16)")
yield UInt16(self, "needed_memory",
"Memory needed to run (divided by 16)")
yield UInt16(self, "max_memory",
"Maximum memory needed to run (divided by 16)")
yield textHandler(
UInt32(self, "init_ss_sp", "Initial value of SP:SS registers"),
hexadecimal)
yield UInt16(self, "checksum", "Checksum")
yield textHandler(
UInt32(self, "init_cs_ip", "Initial value of CS:IP registers"),
hexadecimal)
yield UInt16(self, "reloc_offset",
"Offset in file to relocation table")
yield UInt16(self, "overlay_number", "Overlay number")
yield PaddingBytes(self, "reserved[]", 8, "Reserved")
yield UInt16(self, "oem_id", "OEM id")
yield UInt16(self, "oem_info", "OEM info")
yield PaddingBytes(self, "reserved[]", 20, "Reserved")
yield UInt32(self, "next_offset", "Offset to next header (PE or NE)")
def createFields(self):
yield UInt8(self, "id", "PCX identifier (10)")
yield Enum(UInt8(self, "version", "PCX version"), self.version_name)
yield Enum(UInt8(self, "compression", "Compression method"),
self.compression_name)
yield UInt8(self, "bpp", "Bits / pixel")
yield UInt16(self, "xmin", "Minimum X")
yield UInt16(self, "ymin", "Minimum Y")
yield UInt16(self, "xmax", "Width minus one") # value + 1
yield UInt16(self, "ymax", "Height minus one") # value + 1
yield UInt16(self, "horiz_dpi", "Horizontal DPI")
yield UInt16(self, "vert_dpi", "Vertical DPI")
yield PaletteRGB(self, "palette_4bits", 16, "Palette (4 bits)")
yield PaddingBytes(self, "reserved[]", 1)
yield UInt8(self, "nb_color_plan", "Number of color plans")
yield UInt16(self, "bytes_per_line", "Bytes per line")
yield UInt16(self, "color_mode", "Color mode")
yield PaddingBytes(self, "reserved[]", 58)
if self._size is None: # TODO: is it possible to handle piped input?
raise NotImplementedError
nb_colors = 256
size = (self._size - self.current_size) // 8
has_palette = self["bpp"].value == 8
if has_palette:
size -= nb_colors * 3
yield RawBytes(self, "image_data", size, "Image data")
if has_palette:
yield PaletteRGB(self, "palette_8bits", nb_colors,
"Palette (8 bit)")
def createPaddingField(parent, nbits, name="padding[]", description=None):
if nbits <= 0:
raise FieldError("Unable to create padding of %s bits" % nbits)
if (nbits % 8) == 0:
return PaddingBytes(parent, name, nbits // 8, description)
else:
return PaddingBits(parent, name, nbits, description)
def createFields(self):
yield String(self, "signature", 2, "Header (\"BM\")", charset="ASCII")
yield UInt32(self, "file_size", "File size (bytes)")
yield PaddingBytes(self, "reserved", 4, "Reserved")
yield UInt32(self, "data_start", "Data start position")
yield BmpHeader(self, "header")
# Compute number of color
header = self["header"]
bpp = header["bpp"].value
if 0 < bpp <= 8:
if "used_colors" in header and header["used_colors"].value:
nb_color = header["used_colors"].value
else:
nb_color = (1 << bpp)
else:
nb_color = 0
# Color palette (if any)
if nb_color:
yield PaletteRGBA(self, "palette", nb_color)
# Seek to data start
field = self.seekByte(self["data_start"].value)
if field:
yield field
# Image pixels
size = min(self["file_size"].value - self["data_start"].value,
(self.size - self.current_size) // 8)
yield parseImageData(self, "pixels", size, header)
def createFields(self):
yield String(self, "name", 32, strip="\0")
yield PaddingBytes(self, "unknown[]", 32, pattern="\xCC")
yield UInt32(self, "flags")
yield UInt32(self, "id")
yield UInt32(self, "type")
yield Int32(self, "mesh_id")
yield UInt32(self, "depth")
yield Int32(self, "parent_offset")
yield UInt32(self, "nchildren")
yield UInt32(self, "first_child_offset")
yield UInt32(self, "next_sibling_offset")
yield Vertex(self, "pivot")
yield Vertex(self, "position")
yield Float32(self, "pitch")
yield Float32(self, "yaw")
yield Float32(self, "roll")
for index in range(4):
yield Vertex(self, "unknown_vertex[]")
if self["parent_offset"].value != 0:
yield UInt32(self, "parent_id")
if self["first_child_offset"].value != 0:
yield UInt32(self, "first_child_id")
if self["next_sibling_offset"].value != 0:
yield UInt32(self, "next_sibling_id")
def createFields(self):
# Header
yield NullBytes(self, "zero_vector", 16)
yield GUID(self, "fs_guid")
yield UInt64(self, "volume_len")
yield String(self, "signature", 4)
yield UInt32(self, "attributes")
yield UInt16(self, "header_len")
yield UInt16(self, "checksum")
yield UInt16(self, "ext_header_offset")
yield UInt8(self, "reserved")
yield UInt8(self, "revision")
while True:
bm = BlockMap(self, "block_map[]")
yield bm
if bm['num_blocks'].value == 0 and bm['len'].value == 0:
break
# TODO must handle extended header
# Content
while not self.eof:
padding = paddingSize(self.current_size // 8, 8)
if padding:
yield PaddingBytes(self, "padding[]", padding)
yield File(self, "file[]")
def createFields(self):
# Header
yield String(self, "magic", 4, "PMGL", charset="ASCII")
yield filesizeHandler(Int32(self, "free_space",
"Length of free space and/or quickref area at end of directory chunk"))
yield Int32(self, "unknown")
yield Int32(self, "previous", "Chunk number of previous listing chunk")
yield Int32(self, "next", "Chunk number of previous listing chunk")
# Entries
stop = self.size - self["free_space"].value * 8
entry_count = 0
while self.current_size < stop:
yield PMGL_Entry(self, "entry[]")
entry_count += 1
# Padding
quickref_frequency = 1 + (1 << self["/dir/itsp/density"].value)
num_quickref = (entry_count // quickref_frequency)
if entry_count % quickref_frequency == 0:
num_quickref -= 1
print(self.current_size // 8, quickref_frequency, num_quickref)
padding = (self["free_space"].value - (num_quickref * 2 + 2))
if padding:
yield PaddingBytes(self, "padding", padding)
for i in range(num_quickref * quickref_frequency, 0, -quickref_frequency):
yield UInt16(self, "quickref[%i]" % i)
yield UInt16(self, "entry_count")
def createFields(self):
yield UInt32(self, "root_block", "The block number of the root node of the B-tree")
yield UInt32(self, "tree_levels", "The number of levels of internal nodes (tree height minus one)")
yield UInt32(self, "num_records", "The number of records in the tree")
yield UInt32(self, "num_nodes", "The number of nodes in the tree (tree nodes, not including this header block)")
yield UInt32(self, "unknown", "Always 0x1000, probably the tree node page size")
if self.current_size < self.size:
yield PaddingBytes(self, "slack", (self.size - self.current_size) // 8, description="slack space")
def createFields(self):
for index in range(self.count):
yield Bit(self, "item[]",
"%s %s" % (self.itemdesc, self.start + index))
if self.size > self.count:
yield PaddingBytes(self,
"padding", (self.size - self.count) // 8,
pattern='\xff')
def createFields(self):
padding = 0
position = 0
streamlength = self["../length"].value
while position < streamlength * 8:
next = ord(self.parent.stream.readBytes(
self.absolute_address + self.current_size + position, 1))
if next == 0xff:
padding += 1
position += 8
elif padding:
yield PaddingBytes(self, "pad[]", padding)
padding = None
position = 0
elif 0x40 <= next <= 0x7f:
yield Bits(self, "scale_marker", 2) # 1
yield Bit(self, "scale")
scale = self['scale'].value
if scale:
scaleval = 1024
else:
scaleval = 128
yield textHandler(Bits(self, "size", 13), lambda field: str(field.value * scaleval))
elif 0x00 <= next <= 0x3f:
yield Bits(self, "ts_marker", 2) # 0
yield Bit(self, "has_pts")
yield Bit(self, "has_dts")
if self['has_pts'].value:
yield Timestamp(self, "pts")
if self['has_dts'].value:
yield PaddingBits(self, "pad[]", 4)
yield Timestamp(self, "dts")
if self.current_size % 8 == 4:
yield PaddingBits(self, "pad[]", 4)
break
elif 0x80 <= next <= 0xbf:
# MPEG-2 extension
yield PacketElement(self, "pkt")
break
else:
# 0xc0 - 0xfe: unknown
break
length = self["../length"].value - self.current_size // 8
if length:
tag = self['../tag'].value
group = self.root.streamgroups[tag]
parname = self.parent._name
if parname.startswith('audio'):
frag = CustomFragment(
self, "data", length * 8, MpegAudioFile, group=group)
elif parname.startswith('video'):
frag = CustomFragment(
self, "data", length * 8, VideoStream, group=group)
else:
frag = CustomFragment(
self, "data", length * 8, None, group=group)
self.root.streamgroups[tag] = frag.group
yield frag
def createFields(self):
if False:
yield UInt32(self, "width0")
yield UInt32(self, "height0")
yield PaddingBytes(self, "reserved[]", 7)
yield UInt32(self, "width")
yield UInt32(self, "height")
yield PaddingBytes(self, "reserved[]", 2)
yield UInt16(self, "depth")
yield Enum(String(self, "codec", 4, charset="ASCII"), video_fourcc_name)
yield NullBytes(self, "padding", 20)
else:
yield UInt32(self, "width")
yield UInt32(self, "height")
yield PaddingBytes(self, "reserved[]", 1)
yield UInt16(self, "format_data_size")
if self["format_data_size"].value < 40:
raise ParserError("Unknown format data size")
yield BitmapInfoHeader(self, "bmp_info", use_fourcc=True)
def createFields(self):
while self.current_size < self.size:
# seek forward by at most 1MB
pos = self.stream.searchBytes(
b'\0\0\1', self.current_size, self.current_size + 1024 * 1024 * 8)
if pos is not None:
padsize = pos - self.current_size
if padsize:
yield PaddingBytes(self, "pad[]", padsize // 8)
yield VideoChunk(self, "chunk[]")
def createFields(self):
yield String(self, "magic", 4, "PMGI", charset="ASCII")
yield filesizeHandler(UInt32(self, "free_space",
"Length of free space and/or quickref area at end of directory chunk"))
stop = self.size - self["free_space"].value * 8
while self.current_size < stop:
yield PMGI_Entry(self, "entry[]")
padding = (self.size - self.current_size) // 8
if padding:
yield PaddingBytes(self, "padding", padding)
def synchronize(self):
addr = self.absolute_address
start = addr + self.current_size
end = min(start + self.MAX_PADDING * 8, addr + self.size)
padding = findSynchronizeBits(self, start, end)
if padding is None:
raise ParserError(
"MPEG audio: Unable to find synchronization bits")
if padding:
return PaddingBytes(self, "padding[]", padding,
"Padding before synchronization")
else:
return None
def createFields(self):
yield Enum(UInt32(self, "cmd"), self.LOAD_COMMANDS_DISPLAY)
yield UInt32(self, "cmdsize")
self._size = self['cmdsize'].value * 8
desc, parser = self.LOAD_COMMANDS.get(self['cmd'].value, ("", None))
if parser:
yield parser(self, "data")
# data is word aligned
padding_length = self['cmdsize'].value - self.current_size // 8
if padding_length:
yield PaddingBytes(self, "padding", padding_length)
else:
yield RawBytes(self, "data",
self['cmdsize'].value - self.current_size // 8)
def createFields(self):
yield UInt32(self, "nblocks")
yield UInt32(self, "unknown", description="Always 0")
for i in range(self['nblocks'].value):
yield BlockAddress(self, "block[]")
padding = paddingSize(self['nblocks'].value, 256)
if padding:
yield NullBytes(self, "padding", padding * 4, description="padding to make the number of blocks a multiple of 256")
yield UInt32(self, "ndirs")
for i in range(self['ndirs'].value):
yield BudDirectory(self, "dir[]")
for i in range(32):
yield FreeList(self, "freelist[]")
if self.current_size < self.size:
yield PaddingBytes(self, "slack", (self.size - self.current_size) // 8, description="slack space")
def createFields(self):
yield displayHandler(UInt32(self, "res_space", "Reserved space"),
humanFilesize)
yield displayHandler(UInt32(self, "used_space", "Used space"),
humanFilesize)
yield Bits(self, "file_flags", 8, "(=4)")
yield textHandler(UInt16(self, "magic"), hexadecimal)
yield Bits(self, "flags", 16)
yield displayHandler(UInt16(self, "page_size", "Page size in bytes"),
humanFilesize)
yield String(self, "structure", 16, strip="\0", charset="ASCII")
yield NullBytes(self, "zero", 2)
yield UInt16(self, "nb_page_splits",
"Number of page splits B+ tree has suffered")
yield UInt16(self, "root_page", "Page number of B+ tree root page")
yield PaddingBytes(self, "one", 2, pattern="\xFF")
yield UInt16(self, "nb_page", "Number of B+ tree pages")
yield UInt16(self, "nb_level", "Number of levels of B+ tree")
yield UInt16(self, "nb_entry", "Number of entries in B+ tree")
size = (self.size - self.current_size) // 8
if size:
yield PaddingBytes(self, "reserved_space", size)
def createFields(self):
while self.current_size < self.size:
# seek forward by at most 1MB
pos = self.stream.searchBytes(
b'\0\0\1', self.current_size, self.current_size + 1024 * 1024 * 8)
if pos is not None:
padsize = pos - self.current_size
if padsize:
yield PaddingBytes(self, "pad[]", padsize // 8)
chunk = Chunk(self, "chunk[]")
try:
# force chunk to be processed, so that CustomFragments are
# complete
chunk['content/data']
except Exception:
pass
yield chunk
def yieldChunks(self, obj):
while len(self.chunks) > 0:
chunk = self.chunks.pop()
current_pos = obj.current_size // 8
# Check if padding needed
size = chunk.offset - current_pos
if size > 0:
obj.info("Padding of %u bytes needed: curr=%u offset=%u" %
(size, current_pos, chunk.offset))
yield PaddingBytes(obj, "padding[]", size)
current_pos = obj.current_size // 8
# Find resynch point if needed
count = 0
old_off = chunk.offset
while chunk.offset < current_pos:
count += 1
chunk = self.chunks.pop()
# Unfortunaly, we also pass the underlying chunks
if chunk is None:
obj.info("Couldn't resynch: %u object skipped to reach %u" %
(count, current_pos))
return
# Resynch
size = chunk.offset - current_pos
if size > 0:
obj.info("Skipped %u objects to resynch to %u; chunk offset: %u->%u" %
(count, current_pos, old_off, chunk.offset))
yield RawBytes(obj, "resynch[]", size)
# Yield
obj.info("Yielding element of size %u at offset %u" %
(chunk.size, chunk.offset))
field = chunk.cls(obj, chunk.name, chunk.size, *chunk.args)
yield field
if hasattr(field, "getSubChunks"):
for sub_chunk in field.getSubChunks():
obj.info("Adding sub chunk: position=%u size=%u name='%s'" %
(sub_chunk.offset, sub_chunk.size, sub_chunk.name))
self.addChunk(sub_chunk)
def createFields(self):
yield UInt32(self, "last_block")
yield UInt32(self, "count")
if self['last_block'].value != 0:
for i in range(self['count'].value):
block = UInt32(self, "child_block[]")
yield block
link = Link(self, "child_link[]")
link.createValue = self.linkValue(block)
yield link
yield DSRecord(self, "record[]")
link = Link(self, "child_link[]")
link.createValue = self.linkValue(self['last_block'])
yield link
else:
for i in range(self['count'].value):
yield DSRecord(self, "record[]")
if self.current_size < self.size:
yield PaddingBytes(self, "slack", (self.size - self.current_size) // 8, description="slack space")
def createFields(self):
if self.stream.readBits(self.absolute_address, 2, self.endian) == 1:
# MPEG version 2
yield Bits(self, "sync[]", 2)
yield SCRExt(self, "scr")
yield Bits(self, "mux_rate", 22)
yield Bits(self, "sync[]", 2)
yield PaddingBits(self, "reserved", 5, pattern=1)
yield Bits(self, "stuffing_length", 3)
count = self["stuffing_length"].value
if count:
yield PaddingBytes(self, "stuffing", count, pattern="\xff")
else:
# MPEG version 1
yield Bits(self, "sync[]", 4)
yield Timestamp(self, "scr")
yield Bit(self, "sync[]")
yield Bits(self, "mux_rate", 22)
yield Bit(self, "sync[]")
def getHeaderEndFields(self):
instr = self["num_instruments"].value
patterns = self["num_patterns"].value
# File pointers
if instr > 0:
yield GenericVector(self, "instr_pptr", instr, UInt16, "offset")
if patterns > 0:
yield GenericVector(self, "pattern_pptr", patterns, UInt16, "offset")
# S3M 3.20 extension
if self["creation_version_major"].value >= 3 \
and self["creation_version_minor"].value >= 0x20 \
and self["panning_info"].value == 252:
yield GenericVector(self, "channel_panning", 32, ChannelPanning, "channel")
# Padding required for 16B alignment
size = self._size - self.current_size
if size > 0:
yield PaddingBytes(self, "padding", size // 8)
def createFields(self):
yield String(self, "name", 8, charset="ASCII", strip="\0 ")
yield filesizeHandler(UInt32(self, "mem_size", "Size in memory"))
yield textHandler(UInt32(self, "rva", "RVA (location) in memory"), hexadecimal)
yield filesizeHandler(UInt32(self, "phys_size", "Physical size (on disk)"))
yield filesizeHandler(UInt32(self, "phys_off", "Physical location (on disk)"))
yield PaddingBytes(self, "reserved", 12)
# 0x0000000#
yield NullBits(self, "reserved[]", 4)
# 0x000000#0
yield NullBits(self, "reserved[]", 1)
yield Bit(self, "has_code", "Contains code")
yield Bit(self, "has_init_data", "Contains initialized data")
yield Bit(self, "has_uninit_data", "Contains uninitialized data")
# 0x00000#00
yield NullBits(self, "reserved[]", 1)
yield Bit(self, "has_comment", "Contains comments?")
yield NullBits(self, "reserved[]", 1)
yield Bit(self, "remove", "Contents will not become part of image")
# 0x0000#000
yield Bit(self, "has_comdata", "Contains comdat?")
yield NullBits(self, "reserved[]", 1)
yield Bit(self, "no_defer_spec_exc", "Reset speculative exceptions handling bits in the TLB entries")
yield Bit(self, "gp_rel", "Content can be accessed relative to GP")
# 0x000#0000
yield NullBits(self, "reserved[]", 4)
# 0x00#00000
yield NullBits(self, "reserved[]", 4)
# 0x0#000000
yield Bit(self, "ext_reloc", "Contains extended relocations?")
yield Bit(self, "discarded", "Can be discarded?")
yield Bit(self, "is_not_cached", "Is not cachable?")
yield Bit(self, "is_not_paged", "Is not pageable?")
# 0x#0000000
yield Bit(self, "is_shareable", "Is shareable?")
yield Bit(self, "is_executable", "Is executable?")
yield Bit(self, "is_readable", "Is readable?")
yield Bit(self, "is_writable", "Is writable?")
def createFields(self):
yield UInt32(self, "obj_count")
yield PaddingBytes(self, "reserved[]", 2)
for index in range(self["obj_count"].value):
yield Object(self, "object[]")
def createFields(self):
yield UInt32(self, "inodes_count", "Total inode count")
yield UInt32(self, "blocks_count", "Total block count")
yield UInt32(self, "r_blocks_count",
"Reserved (superuser-only) block count")
yield UInt32(self, "free_blocks_count", "Free block count")
yield UInt32(self, "free_inodes_count", "Free inode count")
yield UInt32(self, "first_data_block", "First data block")
yield UInt32(self, "log_block_size",
"Block size = 2**(10+log_block_size)")
yield UInt32(self, "log_frag_size", "Cluster size = 2**log_frag_size")
yield UInt32(self, "blocks_per_group", "Blocks per group")
yield UInt32(self, "frags_per_group", "Fragments per group")
yield UInt32(self, "inodes_per_group", "Inodes per group")
yield TimestampUnix32(self, "mtime", "Mount time")
yield TimestampUnix32(self, "wtime", "Write time")
yield UInt16(self, "mnt_count", "Mount count since the last fsck")
yield UInt16(self, "max_mnt_count",
"Max mount count before fsck is needed")
yield UInt16(self, "magic", "Magic number (0xEF53)")
yield Enum(UInt16(self, "state", "File system state"), self.state_desc)
yield Enum(UInt16(self, "errors", "Behaviour when detecting errors"),
self.error_handling_desc)
yield UInt16(self, "minor_rev_level", "Minor revision level")
yield TimestampUnix32(self, "last_check", "Time of last check")
yield textHandler(
UInt32(self, "check_interval", "Maximum time between checks"),
self.postMaxTime)
yield Enum(UInt32(self, "creator_os", "Creator OS"), self.os_name)
yield Enum(UInt32(self, "rev_level", "Revision level"),
self.revision_levels)
yield UInt16(self, "def_resuid", "Default uid for reserved blocks")
yield UInt16(self, "def_resgid", "Default gid for reserved blocks")
yield UInt32(self, "first_ino", "First non-reserved inode")
yield UInt16(self, "inode_size", "Size of inode structure")
yield UInt16(self, "block_group_nr",
"Block group # of this superblock")
yield FeatureCompatFlags(
self, "feature_compat",
"Compatible feature set (can mount even if these features are unsupported)"
)
yield FeatureIncompatFlags(
self, "feature_incompat",
"Incompatible feature set (must support all features to mount)")
yield FeatureROCompatFlags(
self, "feature_ro_compat",
"Read-only compatible feature set (can only mount r/o if a feature is unsupported)"
)
yield UUID(self, "uuid", "128-bit UUID for volume")
yield String(self, "volume_name", 16, "Volume name", strip="\0")
yield String(self,
"last_mounted",
64,
"Directory where last mounted",
strip="\0")
yield UInt32(self, "compression",
"For compression (algorithm usage bitmap)")
yield UInt8(self, "prealloc_blocks",
"Number of blocks to try to preallocate")
yield UInt8(self, "prealloc_dir_blocks",
"Number to preallocate for directories")
yield UInt16(self, "reserved_gdt_blocks",
"Number of reserved GDT entries for future expansion")
yield RawBytes(self, "journal_uuid", 16, "UUID of journal superblock")
yield UInt32(self, "journal_inum", "Inode number of journal file")
yield UInt32(
self, "journal_dev",
"Device number of journal file (if ext_journal feature is set)")
yield UInt32(self, "last_orphan",
"Start of list of orphaned inodes to delete")
# ext3 stuff
yield RawBytes(self, "hash_seed", 16,
"Seeds used for the directory indexing hash algorithm")
yield Enum(
UInt8(self, "def_hash_version",
"Default hash version for directory indexing"),
self.htree_hash_algo_desc)
yield UInt8(self, "jnl_backup_type",
"Does jnl_blocks contain a backup of i_block and i_size?")
yield UInt16(self, "desc_size",
"Size of group descriptors (if 64bit feature is set)")
yield DefaultMountOptionFlags(self, "default_mount_opts",
"Default mount options")
yield UInt32(
self, "first_meta_bg",
"First metablock block group (if meta_bg feature is set)")
yield TimestampUnix32(self, "mkfs_time",
"When the filesystem was created")
yield RawBytes(self, "jnl_blocks", 17 * 4,
"Backup of the journal inode's i_block and i_size")
yield PaddingBytes(self, "reserved[]",
(1024 << self['log_block_size'].value) -
self.current_size // 8)
def createFields(self):
yield UInt8(self, "frame")
yield UInt8(self, "second")
yield UInt8(self, "minute")
yield PaddingBytes(self, "notused", 1)
def createFields(self):
yield GUID(self, "file_id")
yield UInt64(self, "packet_count")
yield PaddingBytes(self, "reserved", 2)
size = (self.size - self.current_size) // 8
yield RawBytes(self, "data", size)
def createFields(self):
yield Bytes(self, "signature", 2, "New executable signature (NE)")
yield UInt8(self, "link_ver", "Linker version number")
yield UInt8(self, "link_rev", "Linker revision number")
yield UInt16(self, "entry_table_ofst", "Offset to the entry table")
yield UInt16(self, "entry_table_size",
"Length (in bytes) of the entry table")
yield PaddingBytes(self, "reserved[]", 4)
yield Bit(self, "is_dll", "Is a dynamic-link library (DLL)?")
yield Bit(self, "is_win_app", "Is a Windows application?")
yield PaddingBits(self, "reserved[]", 9)
yield Bit(self, "first_seg_code",
"First segment contains code that loads the application?")
yield NullBits(self, "reserved[]", 1)
yield Bit(self, "link_error", "Load even if linker detects errors?")
yield NullBits(self, "reserved[]", 1)
yield Bit(self, "is_lib", "Is a library module?")
yield UInt16(self, "auto_data_seg", "Automatic data segment number")
yield filesizeHandler(
UInt16(self, "local_heap_size",
"Initial size (in bytes) of the local heap"))
yield filesizeHandler(
UInt16(self, "stack_size", "Initial size (in bytes) of the stack"))
yield textHandler(UInt32(self, "cs_ip", "Value of CS:IP"), hexadecimal)
yield textHandler(UInt32(self, "ss_sp", "Value of SS:SP"), hexadecimal)
yield UInt16(self, "nb_entry_seg_tab",
"Number of entries in the segment table")
yield UInt16(self, "nb_entry_modref_tab",
"Number of entries in the module-reference table")
yield filesizeHandler(
UInt16(self, "size_nonres_name_tab",
"Number of bytes in the nonresident-name table"))
yield UInt16(self, "seg_tab_ofs", "Segment table offset")
yield UInt16(self, "rsrc_ofs", "Resource offset")
yield UInt16(self, "res_name_tab_ofs", "Resident-name table offset")
yield UInt16(self, "mod_ref_tab_ofs", "Module-reference table offset")
yield UInt16(self, "import_tab_ofs", "Imported-name table offset")
yield UInt32(self, "non_res_name_tab_ofs",
"Nonresident-name table offset")
yield UInt16(self, "nb_mov_ent_pt", "Number of movable entry points")
yield UInt16(self, "log2_sector_size",
"Log2 of the segment sector size")
yield UInt16(self, "nb_rsrc_seg", "Number of resource segments")
yield Bit(self, "unknown_os_format",
"Operating system format is unknown")
yield PaddingBits(self, "reserved[]", 1)
yield Bit(self, "os_windows", "Operating system is Microsoft Windows")
yield NullBits(self, "reserved[]", 6)
yield Bit(
self, "is_win20_prot",
"Is Windows 2.x application running in version 3.x protected mode")
yield Bit(self, "is_win20_font",
"Is Windows 2.x application supporting proportional fonts")
yield Bit(self, "fast_load", "Contains a fast-load area?")
yield NullBits(self, "reserved[]", 4)
yield UInt16(self, "fastload_ofs", "Fast-load area offset (in sector)")
yield UInt16(self, "fastload_size",
"Fast-load area length (in sector)")
yield NullBytes(self, "reserved[]", 2)
yield textHandler(
UInt16(self, "win_version", "Expected Windows version number"),
hexadecimal)
def createFields(self):
# Parse directories
depth = 0
subdir = Directory(self, "root")
yield subdir
subdirs = [subdir]
alldirs = [subdir]
while subdirs:
depth += 1
if MAX_DEPTH < depth:
self.error(
"EXE resource: depth too high (%s), stop parsing directories"
% depth)
break
newsubdirs = []
for index, subdir in enumerate(subdirs):
name = "directory[%u][%u][]" % (depth, index)
try:
for field in self.parseSub(subdir, name, depth):
if field.__class__ == Directory:
newsubdirs.append(field)
yield field
except Exception as err:
self.error("Unable to create directory %s: %s" %
(name, err))
subdirs = newsubdirs
alldirs.extend(subdirs)
# Create resource list
resources = []
for directory in alldirs:
for index in directory.array("index"):
if not index["is_subdir"].value:
resources.append(index)
# Parse entries
entries = []
for resource in resources:
offset = resource["offset"].value
if offset is None:
continue
self.seekByte(offset)
entry = Entry(self, "entry[]", inode=resource)
yield entry
entries.append(entry)
entries.sort(key=lambda entry: entry["rva"].value)
# Parse resource content
for entry in entries:
try:
offset = self.section.rva2file(entry["rva"].value)
padding = self.seekByte(offset, relative=False)
if padding:
yield padding
yield ResourceContent(self, "content[]", entry)
except Exception as err:
self.warning("Error when parsing entry %s: %s" %
(entry.path, err))
size = (self.size - self.current_size) // 8
if size:
yield PaddingBytes(self, "padding_end", size)
def createFields(self):
yield UInt8(self, "sndrot", "rotates to use A,X or Y for sound skip")
yield UInt8(self, "sndrot2", "rotates a random value for sound skip")
yield UInt8(self, "INTEnab", "enables NMI(7)/VIRQ(5)/HIRQ(4)/JOY(0)")
yield UInt8(self, "NMIEnab", "controlled in e65816 loop. Sets to 81h")
yield UInt16(self, "VIRQLoc", "VIRQ Y location")
yield UInt8(self, "vidbright", "screen brightness 0..15")
yield UInt8(self, "previdbr", "previous screen brightness")
yield UInt8(self, "forceblnk", "force blanking on/off ($80=on)")
yield UInt32(self, "objptr", "pointer to object data in VRAM")
yield UInt32(self, "objptrn", "pointer2 to object data in VRAM")
yield UInt8(self, "objsize1", "1=8dot, 4=16dot, 16=32dot, 64=64dot")
yield UInt8(self, "objsize2", "large object size")
yield UInt8(self, "objmovs1", "number of bytes to move/paragraph")
yield UInt16(self, "objadds1", "number of bytes to add/paragraph")
yield UInt8(self, "objmovs2", "number of bytes to move/paragraph")
yield UInt16(self, "objadds2", "number of bytes to add/paragraph")
yield UInt16(self, "oamaddrt", "oam address")
yield UInt16(self, "oamaddrs", "oam address at beginning of vblank")
yield UInt8(self, "objhipr", "highest priority object #")
yield UInt8(self, "bgmode", "graphics mode 0..7")
yield UInt8(self, "bg3highst", "is 1 if background 3 has the highest priority")
yield UInt8(self, "bgtilesz", "0=8x8, 1=16x16 bit0=bg1, bit1=bg2, etc.")
yield UInt8(self, "mosaicon", "mosaic on, bit 0=bg1, bit1=bg2, etc.")
yield UInt8(self, "mosaicsz", "mosaic size in pixels")
yield UInt16(self, "bg1ptr", "pointer to background1")
yield UInt16(self, "bg2ptr", "pointer to background2")
yield UInt16(self, "bg3ptr", "pointer to background3")
yield UInt16(self, "bg4ptr", "pointer to background4")
yield UInt16(self, "bg1ptrb", "pointer to background1")
yield UInt16(self, "bg2ptrb", "pointer to background2")
yield UInt16(self, "bg3ptrb", "pointer to background3")
yield UInt16(self, "bg4ptrb", "pointer to background4")
yield UInt16(self, "bg1ptrc", "pointer to background1")
yield UInt16(self, "bg2ptrc", "pointer to background2")
yield UInt16(self, "bg3ptrc", "pointer to background3")
yield UInt16(self, "bg4ptrc", "pointer to background4")
yield UInt16(self, "bg1ptrd", "pointer to background1")
yield UInt16(self, "bg2ptrd", "pointer to background2")
yield UInt16(self, "bg3ptrd", "pointer to background3")
yield UInt16(self, "bg4ptrd", "pointer to background4")
yield UInt8(self, "bg1scsize", "bg #1 screen size (0=1x1,1=1x2,2=2x1,3=2x2)")
yield UInt8(self, "bg2scsize", "bg #2 screen size (0=1x1,1=1x2,2=2x1,3=2x2)")
yield UInt8(self, "bg3scsize", "bg #3 screen size (0=1x1,1=1x2,2=2x1,3=2x2)")
yield UInt8(self, "bg4scsize", "bg #4 screen size (0=1x1,1=1x2,2=2x1,3=2x2)")
yield UInt16(self, "bg1objptr", "pointer to tiles in background1")
yield UInt16(self, "bg2objptr", "pointer to tiles in background2")
yield UInt16(self, "bg3objptr", "pointer to tiles in background3")
yield UInt16(self, "bg4objptr", "pointer to tiles in background4")
yield UInt16(self, "bg1scrolx", "background 1 x position")
yield UInt16(self, "bg2scrolx", "background 2 x position")
yield UInt16(self, "bg3scrolx", "background 3 x position")
yield UInt16(self, "bg4scrolx", "background 4 x position")
yield UInt16(self, "bg1sx", "Temporary Variable for Debugging purposes")
yield UInt16(self, "bg1scroly", "background 1 y position")
yield UInt16(self, "bg2scroly", "background 2 y position")
yield UInt16(self, "bg3scroly", "background 3 y position")
yield UInt16(self, "bg4scroly", "background 4 y position")
yield UInt16(self, "addrincr", "vram increment (2,64,128,256)")
yield UInt8(self, "vramincr", "0 = increment at 2118/2138, 1 = 2119,213A")
yield UInt8(self, "vramread", "0 = address set, 1 = already read once")
yield UInt32(self, "vramaddr", "vram address")
yield UInt16(self, "cgaddr", "cg (palette)")
yield UInt8(self, "cgmod", "if cgram is modified or not")
yield UInt16(self, "scrnon", "main & sub screen on")
yield UInt8(self, "scrndist", "which background is disabled")
yield UInt16(self, "resolutn", "screen resolution")
yield UInt8(self, "multa", "multiplier A")
yield UInt16(self, "diva", "divisor C")
yield UInt16(self, "divres", "quotent of divc/divb")
yield UInt16(self, "multres", "result of multa * multb/remainder of divc/divb")
yield UInt16(self, "latchx", "latched x value")
yield UInt16(self, "latchy", "latched y value")
yield UInt8(self, "latchxr", "low or high byte read for x value")
yield UInt8(self, "latchyr", "low or high byte read for y value")
yield UInt8(self, "frskipper", "used to control frame skipping")
yield UInt8(self, "winl1", "window 1 left position")
yield UInt8(self, "winr1", "window 1 right position")
yield UInt8(self, "winl2", "window 2 left position")
yield UInt8(self, "winr2", "window 2 right position")
yield UInt8(self, "winbg1en", "Win1 on (IN/OUT) or Win2 on (IN/OUT) on BG1")
yield UInt8(self, "winbg2en", "Win1 on (IN/OUT) or Win2 on (IN/OUT) on BG2")
yield UInt8(self, "winbg3en", "Win1 on (IN/OUT) or Win2 on (IN/OUT) on BG3")
yield UInt8(self, "winbg4en", "Win1 on (IN/OUT) or Win2 on (IN/OUT) on BG4")
yield UInt8(self, "winobjen", "Win1 on (IN/OUT) or Win2 on (IN/OUT) on sprites")
yield UInt8(self, "wincolen", "Win1 on (IN/OUT) or Win2 on (IN/OUT) on backarea")
yield UInt8(self, "winlogica", "Window logic type for BG1 to 4")
yield UInt8(self, "winlogicb", "Window logic type for Sprites and Backarea")
yield UInt8(self, "winenabm", "Window logic enable for main screen")
yield UInt8(self, "winenabs", "Window logic enable for sub sceen")
yield UInt8(self, "mode7set", "mode 7 settings")
yield UInt16(self, "mode7A", "A value for Mode 7")
yield UInt16(self, "mode7B", "B value for Mode 7")
yield UInt16(self, "mode7C", "C value for Mode 7")
yield UInt16(self, "mode7D", "D value for Mode 7")
yield UInt16(self, "mode7X0", "Center X for Mode 7")
yield UInt16(self, "mode7Y0", "Center Y for Mode 7")
yield UInt8(self, "JoyAPos", "Old-Style Joystick Read Position for Joy 1 & 3")
yield UInt8(self, "JoyBPos", "Old-Style Joystick Read Position for Joy 2 & 4")
yield UInt32(self, "compmult", "Complement Multiplication for Mode 7")
yield UInt8(self, "joyalt", "temporary joystick alternation")
yield UInt32(self, "wramrwadr", "continuous read/write to wram address")
yield RawBytes(self, "dmadata", 129, "dma data (written from ports 43xx)")
yield UInt8(self, "irqon", "if IRQ has been called (80h) or not (0)")
yield UInt8(self, "nexthdma", "HDMA data to execute once vblank ends")
yield UInt8(self, "curhdma", "Currently executed hdma")
yield RawBytes(self, "hdmadata", 152, "4 dword register addresses, # bytes to transfer/line, address increment (word)")
yield UInt8(self, "hdmatype", "if first time executing hdma or not")
yield UInt8(self, "coladdr", "red value of color to add")
yield UInt8(self, "coladdg", "green value of color to add")
yield UInt8(self, "coladdb", "blue value of color to add")
yield UInt8(self, "colnull", "keep this 0 (when accessing colors by dword)")
yield UInt8(self, "scaddset", "screen/fixed color addition settings")
yield UInt8(self, "scaddtype", "which screen to add/sub")
yield UInt8(self, "Voice0Disabl2", "Disable Voice 0")
yield UInt8(self, "Voice1Disabl2", "Disable Voice 1")
yield UInt8(self, "Voice2Disabl2", "Disable Voice 2")
yield UInt8(self, "Voice3Disabl2", "Disable Voice 3")
yield UInt8(self, "Voice4Disabl2", "Disable Voice 4")
yield UInt8(self, "Voice5Disabl2", "Disable Voice 5")
yield UInt8(self, "Voice6Disabl2", "Disable Voice 6")
yield UInt8(self, "Voice7Disabl2", "Disable Voice 7")
yield RawBytes(self, "oamram", 1024, "OAMRAM (544 bytes)")
yield RawBytes(self, "cgram", 512, "CGRAM")
yield RawBytes(self, "pcgram", 512, "Previous CGRAM")
yield UInt8(self, "vraminctype")
yield UInt8(self, "vramincby8on", "if increment by 8 is on")
yield UInt8(self, "vramincby8left", "how many left")
yield UInt8(self, "vramincby8totl", "how many in total (32,64,128)")
yield UInt8(self, "vramincby8rowl", "how many left in that row (start at 8)")
yield UInt16(self, "vramincby8ptri", "increment by how many when rowl = 0")
yield UInt8(self, "nexthprior")
yield UInt8(self, "doirqnext")
yield UInt16(self, "vramincby8var")
yield UInt8(self, "screstype")
yield UInt8(self, "extlatch")
yield UInt8(self, "cfield")
yield UInt8(self, "interlval")
yield UInt16(self, "HIRQLoc HIRQ X")
# NEWer ZST format
yield UInt8(self, "KeyOnStA")
yield UInt8(self, "KeyOnStB")
yield UInt8(self, "SDD1BankA")
yield UInt8(self, "SDD1BankB")
yield UInt8(self, "SDD1BankC")
yield UInt8(self, "SDD1BankD")
yield UInt8(self, "vramread2")
yield UInt8(self, "nosprincr")
yield UInt16(self, "poamaddrs")
yield UInt8(self, "ioportval")
yield UInt8(self, "iohvlatch")
yield UInt8(self, "ppustatus")
yield PaddingBytes(self, "tempdat", 477, "Reserved/Unused")