Beispiel #1
0
    def createFields(self):
        yield UInt32(self, "signature", "Shortcut signature (0x0000004C)")
        yield GUID(self, "guid", "Shortcut GUID (00021401-0000-0000-C000-000000000046)")

        yield Bit(self, "has_shell_id", "Is the Item ID List present?")
        yield Bit(self, "target_is_file", "Is a file or a directory?")
        yield Bit(self, "has_description", "Is the Description field present?")
        yield Bit(self, "has_rel_path", "Is the relative path to the target available?")
        yield Bit(self, "has_working_dir", "Is there a working directory?")
        yield Bit(self, "has_cmd_line_args", "Are there any command line arguments?")
        yield Bit(self, "has_custom_icon", "Is there a custom icon?")
        yield Bit(self, "has_unicode_names", "Are Unicode names used?")
        yield Bit(self, "force_no_linkinfo")
        yield Bit(self, "has_exp_sz")
        yield Bit(self, "run_in_separate")
        yield Bit(self, "has_logo3id", "Is LOGO3 ID info present?")
        yield Bit(self, "has_darwinid", "Is the DarwinID info present?")
        yield Bit(self, "runas_user", "Is the target run as another user?")
        yield Bit(self, "has_exp_icon_sz", "Is custom icon information available?")
        yield Bit(self, "no_pidl_alias")
        yield Bit(self, "force_unc_name")
        yield Bit(self, "run_with_shim_layer")
        yield PaddingBits(self, "reserved[]", 14, "Flag bits reserved for future use")

        yield MSDOSFileAttr32(self, "target_attr")

        yield TimestampWin64(self, "creation_time")
        yield TimestampWin64(self, "modification_time")
        yield TimestampWin64(self, "last_access_time")
        yield filesizeHandler(UInt32(self, "target_filesize"))
        yield UInt32(self, "icon_number")
        yield Enum(UInt32(self, "show_window"), self.SHOW_WINDOW_STATE)
        yield textHandler(UInt8(self, "hot_key", "Hot key used for quick access"),text_hot_key)
        yield Bit(self, "hot_key_shift", "Hot key: is Shift used?")
        yield Bit(self, "hot_key_ctrl", "Hot key: is Ctrl used?")
        yield Bit(self, "hot_key_alt", "Hot key: is Alt used?")
        yield PaddingBits(self, "hot_key_reserved", 21, "Hot key: (reserved)")
        yield NullBytes(self, "reserved[]", 8)

        if self["has_shell_id"].value:
            yield ItemIdList(self, "item_idlist", "Item ID List")
        if self["target_is_file"].value:
            yield FileLocationInfo(self, "file_location_info", "File Location Info")
        if self["has_description"].value:
            yield LnkString(self, "description")
        if self["has_rel_path"].value:
            yield LnkString(self, "relative_path", "Relative path to target")
        if self["has_working_dir"].value:
            yield LnkString(self, "working_dir", "Working directory (dir to start target in)")
        if self["has_cmd_line_args"].value:
            yield LnkString(self, "cmd_line_args", "Command Line Arguments")
        if self["has_custom_icon"].value:
            yield LnkString(self, "custom_icon", "Custom Icon Path")

        while not self.eof:
            yield ExtraInfo(self, "extra_info[]")
Beispiel #2
0
 def createFields(self):
     yield Bit(self, "drop_frame")
     yield Bits(self, "time_hh", 5)
     yield Bits(self, "time_mm", 6)
     yield PaddingBits(self, "time_pad[]", 1)
     yield Bits(self, "time_ss", 6)
     yield Bits(self, "time_ff", 6)
     yield Bit(self, "closed_group")
     yield Bit(self, "broken_group")
     yield PaddingBits(self, "pad[]", 5)
def parseFontHeader(self):
    yield UInt16(self, "maj_ver", "Major version")
    yield UInt16(self, "min_ver", "Minor version")
    yield UInt16(self, "font_maj_ver", "Font major version")
    yield UInt16(self, "font_min_ver", "Font minor version")
    yield textHandler(UInt32(self, "checksum"), hexadecimal)
    yield Bytes(self, "magic", 4, r"Magic string (\x5F\x0F\x3C\xF5)")
    if self["magic"].value != "\x5F\x0F\x3C\xF5":
        raise ParserError("TTF: invalid magic of font header")

    # Flags
    yield Bit(self, "y0", "Baseline at y=0")
    yield Bit(self, "x0", "Left sidebearing point at x=0")
    yield Bit(self, "instr_point", "Instructions may depend on point size")
    yield Bit(self, "ppem", "Force PPEM to integer values for all")
    yield Bit(self, "instr_width", "Instructions may alter advance width")
    yield Bit(self, "vertical", "e laid out vertically?")
    yield PaddingBits(self, "reserved[]", 1)
    yield Bit(self, "linguistic", "Requires layout for correct linguistic rendering?")
    yield Bit(self, "gx", "Metamorphosis effects?")
    yield Bit(self, "strong", "Contains strong right-to-left glyphs?")
    yield Bit(self, "indic", "contains Indic-style rearrangement effects?")
    yield Bit(self, "lossless", "Data is lossless (Agfa MicroType compression)")
    yield Bit(self, "converted", "Font converted (produce compatible metrics)")
    yield Bit(self, "cleartype", "Optimised for ClearType")
    yield Bits(self, "adobe", 2, "(used by Adobe)")

    yield UInt16(self, "unit_per_em", "Units per em")
    if not(16 <= self["unit_per_em"].value <= 16384):
        raise ParserError("TTF: Invalid unit/em value")
    yield UInt32(self, "created_high")
    yield TimestampMac32(self, "created")
    yield UInt32(self, "modified_high")
    yield TimestampMac32(self, "modified")
    yield UInt16(self, "xmin")
    yield UInt16(self, "ymin")
    yield UInt16(self, "xmax")
    yield UInt16(self, "ymax")

    # Mac style
    yield Bit(self, "bold")
    yield Bit(self, "italic")
    yield Bit(self, "underline")
    yield Bit(self, "outline")
    yield Bit(self, "shadow")
    yield Bit(self, "condensed", "(narrow)")
    yield Bit(self, "expanded")
    yield PaddingBits(self, "reserved[]", 9)

    yield UInt16(self, "lowest", "Smallest readable size in pixels")
    yield Enum(UInt16(self, "font_dir", "Font direction hint"), DIRECTION_NAME)
    yield Enum(UInt16(self, "ofst_format"), {0: "short offsets", 1: "long"})
    yield UInt16(self, "glyph_format", "(=0)")
Beispiel #4
0
    def createFields(self):
        # Header
        yield PaddingBits(self,
                          "sync",
                          11,
                          "Synchronize bits (set to 1)",
                          pattern=1)
        yield Enum(Bits(self, "version", 2, "MPEG audio version"),
                   self.VERSION_NAME)
        yield Enum(Bits(self, "layer", 2, "MPEG audio layer"), self.LAYER_NAME)
        yield Bit(self, "crc16", "No CRC16 protection?")

        # Rates and padding
        yield Bits(self, "bit_rate", 4, "Bit rate")
        yield Bits(self, "sampling_rate", 2, "Sampling rate")
        yield Bit(self, "use_padding", "Stream field use padding?")
        yield Bit(self, "extension", "Extension")

        # Channel mode, mode extension, copyright, ...
        yield Enum(Bits(self, "channel_mode", 2, "Channel mode"),
                   self.CHANNEL_MODE_NAME)
        yield Bits(self, "mode_ext", 2, "Mode extension")
        yield Bit(self, "copyright", "Is copyrighted?")
        yield Bit(self, "original", "Is original?")
        yield Enum(Bits(self, "emphasis", 2, "Emphasis"), self.EMPHASIS_NAME)

        size = (self.size - self.current_size) / 8
        if size:
            yield RawBytes(self, "data", size)
Beispiel #5
0
 def createFields(self):
     if self.stream.readBits(self.absolute_address, 2, self.endian) == 1:
         # MPEG version 2
         yield Bits(self, "sync[]", 2)
         yield SCR(self, "scr")
         yield Bit(self, "sync[]")
         yield Bits(self, "scr_ext", 9)
         yield Bit(self, "sync[]")
         yield Bits(self, "mux_rate", 22)
         yield Bits(self, "sync[]", 2)
         yield PaddingBits(self, "reserved", 5, pattern=1)
         yield Bits(self, "stuffing_length", 3)
         count = self["stuffing_length"].value
         if count:
             yield PaddingBytes(self, "stuffing", count, pattern="\xff")
     else:
         # MPEG version 1
         yield Bits(self, "sync[]", 4)
         yield Bits(self, "scr_a", 3)
         yield Bit(self, "sync[]")
         yield Bits(self, "scr_b", 15)
         yield Bit(self, "sync[]")
         yield Bits(self, "scr_c", 15)
         yield Bits(self, "sync[]", 2)
         yield Bits(self, "mux_rate", 22)
         yield Bit(self, "sync[]")
def createPaddingField(parent, nbits, name="padding[]", description=None):
    if nbits <= 0:
        raise FieldError("Unable to create padding of %s bits" % nbits)
    if (nbits % 8) == 0:
        return PaddingBytes(parent, name, nbits / 8, description)
    else:
        return PaddingBits(parent, name, nbits, description)
Beispiel #7
0
    def createFields(self):
        yield Bytes(self, "header", 4, r"PE header signature (PE\0\0)")
        if self["header"].value != "PE\0\0":
            raise ParserError("Invalid PE header signature")
        yield Enum(UInt16(self, "cpu", "CPU type"), self.cpu_name)
        yield UInt16(self, "nb_section", "Number of sections")
        yield TimestampUnix32(self, "creation_date", "Creation date")
        yield UInt32(self, "ptr_to_sym", "Pointer to symbol table")
        yield UInt32(self, "nb_symbols", "Number of symbols")
        yield UInt16(self, "opt_hdr_size", "Optional header size")

        yield Bit(self, "reloc_stripped",
                  "If true, don't contain base relocations.")
        yield Bit(self, "exec_image", "Executable image?")
        yield Bit(self, "line_nb_stripped", "COFF line numbers stripped?")
        yield Bit(self, "local_sym_stripped",
                  "COFF symbol table entries stripped?")
        yield Bit(self, "aggr_ws", "Aggressively trim working set")
        yield Bit(self, "large_addr",
                  "Application can handle addresses greater than 2 GB")
        yield NullBits(self, "reserved", 1)
        yield Bit(self, "reverse_lo",
                  "Little endian: LSB precedes MSB in memory")
        yield Bit(self, "32bit", "Machine based on 32-bit-word architecture")
        yield Bit(self, "is_stripped", "Debugging information removed?")
        yield Bit(
            self, "swap",
            "If image is on removable media, copy and run from swap file")
        yield PaddingBits(self, "reserved2", 1)
        yield Bit(self, "is_system", "It's a system file")
        yield Bit(self, "is_dll", "It's a dynamic-link library (DLL)")
        yield Bit(self, "up", "File should be run only on a UP machine")
        yield Bit(self, "reverse_hi", "Big endian: MSB precedes LSB in memory")
Beispiel #8
0
    def createFields(self):
        yield UInt32(self, "length", "Length of this structure")
        if not self["length"].value:
            return

        yield UInt32(self, "first_offset_pos", "Position of first offset")
        has_unicode_paths = (self["first_offset_pos"].value == 0x24)
        yield Bit(self, "on_local_volume")
        yield Bit(self, "on_network_volume")
        yield PaddingBits(self, "reserved[]", 30)
        yield UInt32(self, "local_info_offset", "Offset to local volume table; only meaningful if on_local_volume = 1")
        yield UInt32(self, "local_pathname_offset", "Offset to local base pathname; only meaningful if on_local_volume = 1")
        yield UInt32(self, "remote_info_offset", "Offset to network volume table; only meaningful if on_network_volume = 1")
        yield UInt32(self, "pathname_offset", "Offset of remaining pathname")
        if has_unicode_paths:
            yield UInt32(self, "local_pathname_unicode_offset", "Offset to Unicode version of local base pathname; only meaningful if on_local_volume = 1")
            yield UInt32(self, "pathname_unicode_offset", "Offset to Unicode version of remaining pathname")
        if self["on_local_volume"].value:
            padding = self.seekByte(self["local_info_offset"].value)
            if padding:
                yield padding
            yield LocalVolumeTable(self, "local_volume_table", "Local Volume Table")

            padding = self.seekByte(self["local_pathname_offset"].value)
            if padding:
                yield padding
            yield CString(self, "local_base_pathname", "Local Base Pathname")
            if has_unicode_paths:
                padding = self.seekByte(self["local_pathname_unicode_offset"].value)
                if padding:
                    yield padding
                yield CString(self, "local_base_pathname_unicode", "Local Base Pathname in Unicode", charset="UTF-16-LE")

        if self["on_network_volume"].value:
            padding = self.seekByte(self["remote_info_offset"].value)
            if padding:
                yield padding
            yield NetworkVolumeTable(self, "network_volume_table")

        padding = self.seekByte(self["pathname_offset"].value)
        if padding:
            yield padding
        yield CString(self, "final_pathname", "Final component of the pathname")

        if has_unicode_paths:
            padding = self.seekByte(self["pathname_unicode_offset"].value)
            if padding:
                yield padding
            yield CString(self, "final_pathname_unicode", "Final component of the pathname in Unicode", charset="UTF-16-LE")

        padding=self.seekByte(self["length"].value)
        if padding:
            yield padding
 def createFields(self):
     yield GUID(self, "guid")
     yield filesizeHandler(UInt64(self, "file_size"))
     yield TimestampWin64(self, "creation_date")
     yield UInt64(self, "pckt_count")
     yield TimedeltaWin64(self, "play_duration")
     yield TimedeltaWin64(self, "send_duration")
     yield UInt64(self, "preroll")
     yield Bit(self, "broadcast", "Is broadcast?")
     yield Bit(self, "seekable", "Seekable stream?")
     yield PaddingBits(self, "reserved[]", 30)
     yield filesizeHandler(UInt32(self, "min_pckt_size"))
     yield filesizeHandler(UInt32(self, "max_pckt_size"))
     yield displayHandler(UInt32(self, "max_bitrate"), humanBitRate)
Beispiel #10
0
 def createFields(self):
     yield Bits(self, "reserved[]", 2)
     yield Bit(self, "byte_big_endian")
     yield Bit(self, "bit_big_endian")
     yield Bits(self, "scan_unit", 2)
     yield textHandler(PaddingBits(self, "reserved[]", 26), hexadecimal)
 def createFields(self):
     yield Bits(self, "stream_index", 7)
     yield PaddingBits(self, "reserved", 9)
     yield displayHandler(UInt32(self, "avg_bitrate"), humanBitRate)
Beispiel #12
0
 def createFields(self):
     yield UInt32(self, "off_data", "Offset of data")
     yield UInt16(self, "cf_data")
     yield Enum(Bits(self, "compr_method", 4, "Compression method"), COMPRESSION_NAME)
     yield Bits(self, "compr_level", 5, "Compression level")
     yield PaddingBits(self, "padding", 7)
Beispiel #13
0
 def createFields(self):
     padding = 0
     position = 0
     while True:
         next = ord(
             self.parent.stream.readBytes(
                 self.absolute_address + self.current_size + position, 1))
         if next == 0xff:
             padding += 1
             position += 8
         elif padding:
             yield PaddingBytes(self, "pad[]", padding)
             padding = None
             position = 0
         elif 0x40 <= next <= 0x7f:
             yield Bits(self, "scale_marker", 2)  # 1
             yield Bit(self, "scale")
             scale = self['scale'].value
             if scale:
                 scaleval = 1024
             else:
                 scaleval = 128
             yield textHandler(Bits(self, "size", 13),
                               lambda field: str(field.value * scaleval))
         elif 0x00 <= next <= 0x3f:
             yield Bits(self, "ts_marker", 2)  # 0
             yield Bit(self, "has_pts")
             yield Bit(self, "has_dts")
             if self['has_pts'].value:
                 yield Timestamp(self, "pts")
             if self['has_dts'].value:
                 yield PaddingBits(self, "pad[]", 4)
                 yield Timestamp(self, "dts")
             if self.current_size % 8 == 4:
                 yield PaddingBits(self, "pad[]", 4)
             break
         elif 0x80 <= next <= 0xbf:
             # MPEG-2 extension
             yield PacketElement(self, "pkt")
             break
         else:
             # 0xc0 - 0xfe: unknown
             break
     length = self["../length"].value - self.current_size // 8
     if length:
         tag = self['../tag'].value
         group = self.root.streamgroups[tag]
         parname = self.parent._name
         if parname.startswith('audio'):
             frag = CustomFragment(self,
                                   "data",
                                   length * 8,
                                   MpegAudioFile,
                                   group=group)
         elif parname.startswith('video'):
             frag = CustomFragment(self,
                                   "data",
                                   length * 8,
                                   VideoStream,
                                   group=group)
         else:
             frag = CustomFragment(self,
                                   "data",
                                   length * 8,
                                   None,
                                   group=group)
         self.root.streamgroups[tag] = frag.group
         yield frag
    def createFields(self):
        yield Bytes(self, "signature", 2, "New executable signature (NE)")
        yield UInt8(self, "link_ver", "Linker version number")
        yield UInt8(self, "link_rev", "Linker revision number")
        yield UInt16(self, "entry_table_ofst", "Offset to the entry table")
        yield UInt16(self, "entry_table_size",
                     "Length (in bytes) of the entry table")
        yield PaddingBytes(self, "reserved[]", 4)

        yield Bit(self, "is_dll", "Is a dynamic-link library (DLL)?")
        yield Bit(self, "is_win_app", "Is a Windows application?")
        yield PaddingBits(self, "reserved[]", 9)
        yield Bit(self, "first_seg_code",
                  "First segment contains code that loads the application?")
        yield NullBits(self, "reserved[]", 1)
        yield Bit(self, "link_error", "Load even if linker detects errors?")
        yield NullBits(self, "reserved[]", 1)
        yield Bit(self, "is_lib", "Is a library module?")

        yield UInt16(self, "auto_data_seg", "Automatic data segment number")
        yield filesizeHandler(
            UInt16(self, "local_heap_size",
                   "Initial size (in bytes) of the local heap"))
        yield filesizeHandler(
            UInt16(self, "stack_size", "Initial size (in bytes) of the stack"))
        yield textHandler(UInt32(self, "cs_ip", "Value of CS:IP"), hexadecimal)
        yield textHandler(UInt32(self, "ss_sp", "Value of SS:SP"), hexadecimal)

        yield UInt16(self, "nb_entry_seg_tab",
                     "Number of entries in the segment table")
        yield UInt16(self, "nb_entry_modref_tab",
                     "Number of entries in the module-reference table")
        yield filesizeHandler(
            UInt16(self, "size_nonres_name_tab",
                   "Number of bytes in the nonresident-name table"))
        yield UInt16(self, "seg_tab_ofs", "Segment table offset")
        yield UInt16(self, "rsrc_ofs", "Resource offset")

        yield UInt16(self, "res_name_tab_ofs", "Resident-name table offset")
        yield UInt16(self, "mod_ref_tab_ofs", "Module-reference table offset")
        yield UInt16(self, "import_tab_ofs", "Imported-name table offset")

        yield UInt32(self, "non_res_name_tab_ofs",
                     "Nonresident-name table offset")
        yield UInt16(self, "nb_mov_ent_pt", "Number of movable entry points")
        yield UInt16(self, "log2_sector_size",
                     "Log2 of the segment sector size")
        yield UInt16(self, "nb_rsrc_seg", "Number of resource segments")

        yield Bit(self, "unknown_os_format",
                  "Operating system format is unknown")
        yield PaddingBits(self, "reserved[]", 1)
        yield Bit(self, "os_windows", "Operating system is Microsoft Windows")
        yield NullBits(self, "reserved[]", 6)
        yield Bit(
            self, "is_win20_prot",
            "Is Windows 2.x application running in version 3.x protected mode")
        yield Bit(self, "is_win20_font",
                  "Is Windows 2.x application supporting proportional fonts")
        yield Bit(self, "fast_load", "Contains a fast-load area?")
        yield NullBits(self, "reserved[]", 4)

        yield UInt16(self, "fastload_ofs", "Fast-load area offset (in sector)")
        yield UInt16(self, "fastload_size",
                     "Fast-load area length (in sector)")

        yield NullBytes(self, "reserved[]", 2)
        yield textHandler(
            UInt16(self, "win_version", "Expected Windows version number"),
            hexadecimal)