def createFields(self):
yield String(self, "name", 32, strip="\0")
yield PaddingBytes(self, "unknown[]", 32, pattern="\xCC")
yield UInt32(self, "flags")
yield UInt32(self, "id")
yield UInt32(self, "type")
yield Int32(self, "mesh_id")
yield UInt32(self, "depth")
yield Int32(self, "parent_offset")
yield UInt32(self, "nchildren")
yield UInt32(self, "first_child_offset")
yield UInt32(self, "next_sibling_offset")
yield Vertex(self, "pivot")
yield Vertex(self, "position")
yield Float32(self, "pitch")
yield Float32(self, "yaw")
yield Float32(self, "roll")
for index in xrange(4):
yield Vertex(self, "unknown_vertex[]")
if self["parent_offset"].value != 0:
yield UInt32(self, "parent_id")
if self["first_child_offset"].value != 0:
yield UInt32(self, "first_child_id")
if self["next_sibling_offset"].value != 0:
yield UInt32(self, "next_sibling_id")
def createFields(self):
yield Bytes(self, "id", 4, "Tcpdump identifier")
yield UInt16(self, "maj_ver", "Major version")
yield UInt16(self, "min_ver", "Minor version")
yield Int32(self, "this_zone", "GMT to local time zone correction")
yield Int32(self, "sigfigs", "accuracy of timestamps")
yield UInt32(self, "snap_len", "max length saved portion of each pkt")
yield Enum(UInt32(self, "link_type", "data link type"),
self.LINK_TYPE_DESC)
link = self["link_type"].value
if link not in self.LINK_TYPE:
raise ParserError("Unknown link type: %s" % link)
name, parser = self.LINK_TYPE[link]
while self.current_size < self.size:
yield Packet(self, "packet[]", parser, name)
def parseTuple(parent):
yield Int32(parent, "count", "Item count")
count = parent["count"].value
if count < 0:
raise ParserError("Invalid tuple/list count")
for index in xrange(count):
yield Object(parent, "item[]")
def createFields(self):
# Header
yield UInt16(self, "version", "Version (=1)")
yield textHandler(
UInt16(self, "endian", "Endian (0xFF 0xFE for Intel)"),
hexadecimal)
yield UInt8(self, "os_version")
yield UInt8(self, "os_revision")
yield Enum(UInt16(self, "os_type"), OS_NAME)
yield Int32(self, "unused", "(=-1)")
yield GUID(self, "clsid")
# User type
yield PascalString32(self, "user_type", strip="\0")
# Clipboard format
if self["os_type"].value == OS_MAC:
yield Int32(self, "unused[]", "(=-2)")
yield String(self, "clipboard_format", 4)
else:
yield PascalString32(self, "clipboard_format", strip="\0")
if self.current_size == self.size:
return
#-- OLE 2.01 ---
# Program ID
yield PascalString32(self, "prog_id", strip="\0")
if self["os_type"].value != OS_MAC:
# Magic number
yield textHandler(
UInt32(self, "magic", "Magic number (0x71B239F4)"),
hexadecimal)
# Unicode version
yield PascalStringWin32(self, "user_type_unicode", strip="\0")
yield PascalStringWin32(self,
"clipboard_format_unicode",
strip="\0")
yield PascalStringWin32(self, "prog_id_unicode", strip="\0")
size = (self.size - self.current_size) // 8
if size:
yield NullBytes(self, "end_padding", size)
def createFields(self):
# Header
yield String(self, "magic", 4, "PMGL", charset="ASCII")
yield filesizeHandler(Int32(self, "free_space",
"Length of free space and/or quickref area at end of directory chunk"))
yield Int32(self, "unknown")
yield Int32(self, "previous", "Chunk number of previous listing chunk")
yield Int32(self, "next", "Chunk number of previous listing chunk")
# Entries
stop = self.size - self["free_space"].value * 8
while self.current_size < stop:
yield PMGL_Entry(self, "entry[]")
# Padding
padding = (self.size - self.current_size) // 8
if padding:
yield PaddingBytes(self, "padding", padding)
def createFields(self):
yield String(self, "magic", 4, "ITSP", charset="ASCII")
yield UInt32(self, "version", "Version (=1)")
yield filesizeHandler(UInt32(self, "size", "Length (in bytes) of the directory header (84)"))
yield UInt32(self, "unknown[]", "(=10)")
yield filesizeHandler(UInt32(self, "block_size", "Directory block size"))
yield UInt32(self, "density", "Density of quickref section, usually 2")
yield UInt32(self, "index_depth", "Depth of the index tree")
yield Int32(self, "nb_dir", "Chunk number of root index chunk")
yield UInt32(self, "first_pmgl", "Chunk number of first PMGL (listing) chunk")
yield UInt32(self, "last_pmgl", "Chunk number of last PMGL (listing) chunk")
yield Int32(self, "unknown[]", "-1")
yield UInt32(self, "nb_dir_chunk", "Number of directory chunks (total)")
yield Enum(UInt32(self, "lang_id", "Windows language ID"), LANGUAGE_ID)
yield GUID(self, "system_uuid", "{5D02926A-212E-11D0-9DF9-00A0C922E6EC}")
yield filesizeHandler(UInt32(self, "size2", "Same value than size"))
yield Int32(self, "unknown[]", "-1")
yield Int32(self, "unknown[]", "-1")
yield Int32(self, "unknown[]", "-1")
def createFields(self):
yield textHandler(UInt32(self, "magic"), hexadecimal)
yield UInt32(self, "dir_start", "Directory start")
yield Int32(self, "first_free_block", "First free block")
yield UInt32(self, "filesize", "File size in bytes")
yield self.seekByte(self["dir_start"].value)
yield FileEntry(self, "file[]")
size = (self.size - self.current_size) // 8
if size:
yield RawBytes(self, "end", size)
def createFields(self):
yield filesizeHandler(UInt32(self, "size"))
yield Enum(Int32(self, "format"), self.FORMAT_NAME)
if self["format"].value == self.FORMAT_CLIPBOARD:
yield Enum(UInt32(self, "dib_format"), self.DIB_FORMAT)
if self["dib_format"].value == self.DIB_BMP:
yield BmpHeader(self, "bmp_header")
size = (self.size - self.current_size) // 8
yield parseImageData(self, "pixels", size, self["bmp_header"])
return
size = (self.size - self.current_size) // 8
if size:
yield RawBytes(self, "data", size)
def parseLong(parent):
yield Int32(parent, "digit_count")
for index in xrange( abs(parent["digit_count"].value) ):
yield UInt16(parent, "digit[]")
def parseInt32(parent):
yield Int32(parent, "value")
def parseBrushIndirect(parser):
yield UInt32(parser, "ihBrush")
yield UInt32(parser, "style")
yield RGBA(parser, "color")
yield Int32(parser, "hatch")
def parseXY32(parser):
yield Int32(parser, "x")
yield Int32(parser, "y")
def parseEmfMappingMode(parser):
yield Enum(Int32(parser, "mapping_mode"), EMF_MAPPING_MODE)
def createFields(self):
yield UInt16(self, "wIdent", 2)
yield UInt16(self, "nFib")
yield UInt16(self, "nProduct")
yield UInt16(self, "lid")
yield Int16(self, "pnNext")
yield Bit(self, "fDot")
yield Bit(self, "fGlsy")
yield Bit(self, "fComplex")
yield Bit(self, "fHasPic")
yield Bits(self, "cQuickSaves", 4)
yield Bit(self, "fEncrypted")
yield Bit(self, "fWhichTblStm")
yield Bit(self, "fReadOnlyRecommanded")
yield Bit(self, "fWriteReservation")
yield Bit(self, "fExtChar")
yield Bit(self, "fLoadOverride")
yield Bit(self, "fFarEeast")
yield Bit(self, "fCrypto")
yield UInt16(self, "nFibBack")
yield UInt32(self, "lKey")
yield UInt8(self, "envr")
yield Bit(self, "fMac")
yield Bit(self, "fEmptySpecial")
yield Bit(self, "fLoadOverridePage")
yield Bit(self, "fFutureSavedUndo")
yield Bit(self, "fWord97Save")
yield Bits(self, "fSpare0", 3)
yield UInt16(self, "chse")
yield UInt16(self, "chsTables")
yield UInt32(self, "fcMin")
yield UInt32(self, "fcMac")
yield PascalString16(self, "file_creator", strip="\0")
yield NullBytes(self, "reserved[]", 12)
yield Int16(self, "lidFE")
yield UInt16(self, "clw")
yield Int32(self, "cbMac")
yield UInt32(self, "lProductCreated")
yield TIMESTAMP(self, "lProductRevised")
yield UInt32(self, "ccpText")
yield Int32(self, "ccpFtn")
yield Int32(self, "ccpHdr")
yield Int32(self, "ccpMcr")
yield Int32(self, "ccpAtn")
yield Int32(self, "ccpEdn")
yield Int32(self, "ccpTxbx")
yield Int32(self, "ccpHdrTxbx")
yield Int32(self, "pnFbpChpFirst")
yield Int32(self, "pnChpFirst")
yield Int32(self, "cpnBteChp")
yield Int32(self, "pnFbpPapFirst")
yield Int32(self, "pnPapFirst")
yield Int32(self, "cpnBtePap")
yield Int32(self, "pnFbpLvcFirst")
yield Int32(self, "pnLvcFirst")
yield Int32(self, "cpnBteLvc")
yield Int32(self, "fcIslandFirst")
yield Int32(self, "fcIslandLim")
yield UInt16(self, "cfclcb")
yield Int32(self, "fcStshfOrig")
yield UInt32(self, "lcbStshfOrig")
yield Int32(self, "fcStshf")
yield UInt32(self, "lcbStshf")
yield Int32(self, "fcPlcffndRef")
yield UInt32(self, "lcbPlcffndRef")
yield Int32(self, "fcPlcffndTxt")
yield UInt32(self, "lcbPlcffndTxt")
yield Int32(self, "fcPlcfandRef")
yield UInt32(self, "lcbPlcfandRef")
yield Int32(self, "fcPlcfandTxt")
yield UInt32(self, "lcbPlcfandTxt")
yield Int32(self, "fcPlcfsed")
yield UInt32(self, "lcbPlcfsed")
yield Int32(self, "fcPlcpad")
yield UInt32(self, "lcbPlcpad")
yield Int32(self, "fcPlcfphe")
yield UInt32(self, "lcbPlcfphe")
yield Int32(self, "fcSttbfglsy")
yield UInt32(self, "lcbSttbfglsy")
yield Int32(self, "fcPlcfglsy")
yield UInt32(self, "lcbPlcfglsy")
yield Int32(self, "fcPlcfhdd")
yield UInt32(self, "lcbPlcfhdd")
yield Int32(self, "fcPlcfbteChpx")
yield UInt32(self, "lcbPlcfbteChpx")
yield Int32(self, "fcPlcfbtePapx")
yield UInt32(self, "lcbPlcfbtePapx")
yield Int32(self, "fcPlcfsea")
yield UInt32(self, "lcbPlcfsea")
yield Int32(self, "fcSttbfffn")
yield UInt32(self, "lcbSttbfffn")
yield Int32(self, "fcPlcffldMom")
yield UInt32(self, "lcbPlcffldMom")
yield Int32(self, "fcPlcffldHdr")
yield UInt32(self, "lcbPlcffldHdr")
yield Int32(self, "fcPlcffldFtn")
yield UInt32(self, "lcbPlcffldFtn")
yield Int32(self, "fcPlcffldAtn")
yield UInt32(self, "lcbPlcffldAtn")
yield Int32(self, "fcPlcffldMcr")
yield UInt32(self, "lcbPlcffldMcr")
yield Int32(self, "fcSttbfbkmk")
yield UInt32(self, "lcbSttbfbkmk")
yield Int32(self, "fcPlcfbkf")
yield UInt32(self, "lcbPlcfbkf")
yield Int32(self, "fcPlcfbkl")
yield UInt32(self, "lcbPlcfbkl")
yield Int32(self, "fcCmds")
yield UInt32(self, "lcbCmds")
yield Int32(self, "fcPlcmcr")
yield UInt32(self, "lcbPlcmcr")
yield Int32(self, "fcSttbfmcr")
yield UInt32(self, "lcbSttbfmcr")
yield Int32(self, "fcPrDrvr")
yield UInt32(self, "lcbPrDrvr")
yield Int32(self, "fcPrEnvPort")
yield UInt32(self, "lcbPrEnvPort")
yield Int32(self, "fcPrEnvLand")
yield UInt32(self, "lcbPrEnvLand")
yield Int32(self, "fcWss")
yield UInt32(self, "lcbWss")
yield Int32(self, "fcDop")
yield UInt32(self, "lcbDop")
yield Int32(self, "fcSttbfAssoc")
yield UInt32(self, "lcbSttbfAssoc")
yield Int32(self, "fcClx")
yield UInt32(self, "lcbClx")
yield Int32(self, "fcPlcfpgdFtn")
yield UInt32(self, "lcbPlcfpgdFtn")
yield Int32(self, "fcAutosaveSource")
yield UInt32(self, "lcbAutosaveSource")
yield Int32(self, "fcGrpXstAtnOwners")
yield UInt32(self, "lcbGrpXstAtnOwners")
yield Int32(self, "fcSttbfAtnbkmk")
yield UInt32(self, "lcbSttbfAtnbkmk")
yield Int32(self, "fcPlcdoaMom")
yield UInt32(self, "lcbPlcdoaMom")
yield Int32(self, "fcPlcdoaHdr")
yield UInt32(self, "lcbPlcdoaHdr")
yield Int32(self, "fcPlcspaMom")
yield UInt32(self, "lcbPlcspaMom")
yield Int32(self, "fcPlcspaHdr")
yield UInt32(self, "lcbPlcspaHdr")
yield Int32(self, "fcPlcfAtnbkf")
yield UInt32(self, "lcbPlcfAtnbkf")
yield Int32(self, "fcPlcfAtnbkl")
yield UInt32(self, "lcbPlcfAtnbkl")
yield Int32(self, "fcPms")
yield UInt32(self, "lcbPms")
yield Int32(self, "fcFormFldSttbs")
yield UInt32(self, "lcbFormFldSttbs")
yield Int32(self, "fcPlcfendRef")
yield UInt32(self, "lcbPlcfendRef")
yield Int32(self, "fcPlcfendTxt")
yield UInt32(self, "lcbPlcfendTxt")
yield Int32(self, "fcPlcffldEdn")
yield UInt32(self, "lcbPlcffldEdn")
yield Int32(self, "fcPlcfpgdEdn")
yield UInt32(self, "lcbPlcfpgdEdn")
yield Int32(self, "fcDggInfo")
yield UInt32(self, "lcbDggInfo")
yield Int32(self, "fcSttbfRMark")
yield UInt32(self, "lcbSttbfRMark")
yield Int32(self, "fcSttbCaption")
yield UInt32(self, "lcbSttbCaption")
yield Int32(self, "fcSttbAutoCaption")
yield UInt32(self, "lcbSttbAutoCaption")
yield Int32(self, "fcPlcfwkb")
yield UInt32(self, "lcbPlcfwkb")
yield Int32(self, "fcPlcfspl")
yield UInt32(self, "lcbPlcfspl")
yield Int32(self, "fcPlcftxbxTxt")
yield UInt32(self, "lcbPlcftxbxTxt")
yield Int32(self, "fcPlcffldTxbx")
yield UInt32(self, "lcbPlcffldTxbx")
yield Int32(self, "fcPlcfhdrtxbxTxt")
yield UInt32(self, "lcbPlcfhdrtxbxTxt")
yield Int32(self, "fcPlcffldHdrTxbx")
yield UInt32(self, "lcbPlcffldHdrTxbx")
yield Int32(self, "fcStwUser")
yield UInt32(self, "lcbStwUser")
yield Int32(self, "fcSttbttmbd")
yield UInt32(self, "cbSttbttmbd")
yield Int32(self, "fcUnused")
yield UInt32(self, "lcbUnused")
yield Int32(self, "fcPgdMother")
yield UInt32(self, "lcbPgdMother")
yield Int32(self, "fcBkdMother")
yield UInt32(self, "lcbBkdMother")
yield Int32(self, "fcPgdFtn")
yield UInt32(self, "lcbPgdFtn")
yield Int32(self, "fcBkdFtn")
yield UInt32(self, "lcbBkdFtn")
yield Int32(self, "fcPgdEdn")
yield UInt32(self, "lcbPgdEdn")
yield Int32(self, "fcBkdEdn")
yield UInt32(self, "lcbBkdEdn")
yield Int32(self, "fcSttbfIntlFld")
yield UInt32(self, "lcbSttbfIntlFld")
yield Int32(self, "fcRouteSlip")
yield UInt32(self, "lcbRouteSlip")
yield Int32(self, "fcSttbSavedBy")
yield UInt32(self, "lcbSttbSavedBy")
yield Int32(self, "fcSttbFnm")
yield UInt32(self, "lcbSttbFnm")
yield Int32(self, "fcPlcfLst")
yield UInt32(self, "lcbPlcfLst")
yield Int32(self, "fcPlfLfo")
yield UInt32(self, "lcbPlfLfo")
yield Int32(self, "fcPlcftxbxBkd")
yield UInt32(self, "lcbPlcftxbxBkd")
yield Int32(self, "fcPlcftxbxHdrBkd")
yield UInt32(self, "lcbPlcftxbxHdrBkd")
yield Int32(self, "fcDocUndo")
yield UInt32(self, "lcbDocUndo")
yield Int32(self, "fcRgbuse")
yield UInt32(self, "lcbRgbuse")
yield Int32(self, "fcUsp")
yield UInt32(self, "lcbUsp")
yield Int32(self, "fcUskf")
yield UInt32(self, "lcbUskf")
yield Int32(self, "fcPlcupcRgbuse")
yield UInt32(self, "lcbPlcupcRgbuse")
yield Int32(self, "fcPlcupcUsp")
yield UInt32(self, "lcbPlcupcUsp")
yield Int32(self, "fcSttbGlsyStyle")
yield UInt32(self, "lcbSttbGlsyStyle")
yield Int32(self, "fcPlgosl")
yield UInt32(self, "lcbPlgosl")
yield Int32(self, "fcPlcocx")
yield UInt32(self, "lcbPlcocx")
yield Int32(self, "fcPlcfbteLvc")
yield UInt32(self, "lcbPlcfbteLvc")
yield TIMESTAMP(self, "ftModified")
yield Int32(self, "fcPlcflvc")
yield UInt32(self, "lcbPlcflvc")
yield Int32(self, "fcPlcasumy")
yield UInt32(self, "lcbPlcasumy")
yield Int32(self, "fcPlcfgram")
yield UInt32(self, "lcbPlcfgram")
yield Int32(self, "fcSttbListNames")
yield UInt32(self, "lcbSttbListNames")
yield Int32(self, "fcSttbfUssr")
yield UInt32(self, "lcbSttbfUssr")
tail = (self.size - self.current_size) // 8
if tail:
yield RawBytes(self, "tail", tail)