def parse_methode_call_record(data, start):
record = {}
r_type = ord(data[start])
if r_type == 1: # ClassWithId
return parse_record_classwithid(data, start)
elif r_type == 3: # ClassWithMembers
return parse_record_classwithmembers(data, start)
elif r_type == 4: # SystemClassWithMembersAndTypes
return parse_record_systemclasswithmembersandtypes(data, start)
elif r_type == 5: # ClassWithMembersAndTypes
return parse_record_classwithmembersandtypes(data, start)
elif r_type == 6: # BinaryObjectString
return parse_record_binaryobjectstring(data, start)
elif r_type == 7: # BinaryArray
return parse_record_binaryarray(data, start)
elif r_type == 8: # MemberPrimitiveType
return parse_record_memberprimitivetype(data, start)
elif r_type == 9: # MemberReference
return parse_record_memberreference(data, start)
elif r_type == 10: # ObjectNull
return parse_record_objectnull(data, start)
# 11 == messageend
elif r_type == 12: # BinaryLibrary
return parse_record_binarylibrary(data, start)
# 13 == ObjectNullMultible256
# 14 == ObjectNullMultible
elif r_type == 15: # ArraySinglePrimitive
return parse_record_arraysingleprimitive(data, start)
elif r_type == 16: # ArraySingleObject
return parse_record_arraysingleobject(data, start)
Log.error("Unkown Record Type: %d" % r_type)
Log.print_hex(data[start:])
return None, start + 1
def parse_record_memberprimitivetype(data, start):
record = {}
record["Type"] = "MemberPrimitiveType"
record["PrimitiveType"] = get_type_enum(ord(data[start+1]))
pos = start + 2
if record["PrimitiveType"] in ["Boolean"]:
record["Value"] = ord(data[pos:pos+1])
pos += 1
else:
error(" Type=%s" % record["PrimitiveType"])
Log.print_hex(data[start:start+16])
record["Value"] = None
pos += 1
return record, pos
def parse_record_classwithmembers(data, start):
record = {}
record["Type"] = "ClassWithMembers"
x = 59
record["Data"] = data[start:start+x]
Log.print_hex(data[start+x:start+x+64])
return record, start+x
record["ObjectId"] = get_number(data[start+1:start+5])
record["ObjectName"], pos = get_string(data[start+5:])
pos += start + 5
record["MemberCount"] = get_number(data[pos:pos+4])
pos += 4
i = 0
record["MemberNames"] = []
while i < record["MemberCount"]:
name, t = get_string(data[pos:])
record["MemberNames"].append(name)
i += 1
pos += t
record["LibraryId"] = get_number(data[pos:pos+4])
Log.error(record)
return record, pos + 4
def parse_methode_call_array(c, data):
Log.info(" MethodeCallArray:")
carray = []
type_list = []
pos = 0
while len(data) > pos:
if len(type_list) > 0:
item = type_list.pop()
Log.debug(" # Item %s" % item)
#print_hex(data[pos:pos+16])
extra = 0
if item == "Array":
item = type_list.pop()
if item == "Int64":
extra += 7
elif item == "Byte":
extra += 4
else:
error("Unkown Size of Array Prefix.")
exit(1)
Log.debug(" # ArrayType: %s" % item)
if item == "Byte":
record, pos = parse_record_memberprimitiveuntyped(data, pos, 1 + extra)
elif item == "Int32":
record, pos = parse_record_memberprimitiveuntyped(data, pos, 4 + extra)
elif item == "Int64":
record, pos = parse_record_memberprimitiveuntyped(data, pos, 8 + extra)
elif item == "Boolean":
#print_hex(data[pos:pos+16])
record, pos = parse_record_memberprimitiveuntyped(data, pos, 1 + extra)
elif item == "DateTime":
Log.print_hex(data[pos:pos+8])
record, pos = parse_record_memberprimitiveuntyped(data, pos, 8 + extra)
elif item == "TimeSpan":
Log.print_hex(data[pos:pos+8])
record, pos = parse_record_memberprimitiveuntyped(data, pos, 8 + extra)
#elif type(item) == dict: # class
# record, pos = parse_record_memberprimitiveuntyped(data, pos, 19 + extra)
else:
record, pos = parse_methode_call_record(data,pos)
else:
record, pos = parse_methode_call_record(data,pos)
if record == None:
return False
carray.append(record)
if record["Type"] == "BinaryObjectString":
Log.info(" BinaryObjectString(%d): %s" % (record["ObjectId"], record["Value"]))
elif record["Type"] == "ClassWithId":
Log.info(" ClassWithId(%d) => %d" % (record["ObjectId"], record["MetadataId"]))
elif record["Type"] == "MemberReference":
Log.info(" MemberReference(%d)" % record["IdRef"])
elif record["Type"] == "BinaryLibrary":
Log.info(" BinaryLibrary(%d) - %s" % (record["LibraryId"], record["LibraryName"]))
elif record["Type"] in ["SystemClassWithMembersAndTypes", "ClassWithMembersAndTypes"]:
Log.info(" %s(%d) %s" % (record["Type"], record["ObjectId"], record["MemberNames"]))
Log.debug(record)
elif record["Type"] == "MemberPrimitiveUnTyped":
Log.info(" %s" % record["Type"])
Log.print_hex(record["Value"])
elif record["Type"] in ["ArraySinglePrimitive", "ArraySingleObject", "BinaryArray"]:
Log.info(" %s(%d) - %d" % (record["Type"], record["ObjectId"], record["Length"]))
if record["Type"] == "ArraySinglePrimitive":
Log.print_hex(record["Value"], 32)
else:
Log.info(" %s" % record["Type"])
if record["Type"] in ["ClassWithMembersAndTypes", "SystemClassWithMembersAndTypes"]:
t = get_definition_list(record)
if len(type_list) > 0 and len(t) > 0:
skip = 19
#Log.error("conflict: list %s and %s" % (type_list, t))
#error("skip %d bytes and add them to record and empty list" % skip)
Log.print_hex(data[pos:pos+skip])
#record["skip3"] = data[pos:pos+skip]
#pos += skip
#type_list = []
type_list += t
else:
type_list = t
c["CallArray"] = carray
return True
def parse_record_systemclasswithmembersandtypes(data, start):
record = {}
record["Type"] = "SystemClassWithMembersAndTypes"
record["ObjectId"] = get_number(data[start+1:start+5])
Log.print_hex(data[start:start+32])
# stupid workaround
if record["ObjectId"] > 0x01000000:
Log.error(" Skip 9 Bytes in SystemClassWithMembersAndTypes parser")
record["skip1"] = data[start+5:start+14]
start += 9
record["ObjectName"], pos = get_string(data[start+5:])
Log.dbg(" # Systemobjectname=%s" % record["ObjectName"])
pos += start + 5
record["MemberCount"] = get_number(data[pos:pos+4])
pos += 4
i = 0
record["MemberNames"] = []
while i < record["MemberCount"]:
name, t = get_string(data[pos:])
record["MemberNames"].append(name)
i += 1
pos += t
# stupid bugfix
record["MemberTypeInfo"] = []
i = 0
additional = []
while i < record["MemberCount"]:
t = get_binary_type_enum(ord(data[pos]))
if t == None:
return None, 0
if t in ["Primitive", "SystemClass", "Class", "PrimitiveArray", "System.Object"]:
additional.append(t)
record["MemberTypeInfo"].append(t)
i += 1
pos += 1
for i in additional:
if i in ["Primitive", "PrimitiveArray"]:
t = get_type_enum(ord(data[pos]))
if t == None:
return None, 0
record["MemberTypeInfo"].append(t)
pos += 1
if i in ["Class", "SystemClass"]:
name, t = get_string(data[pos:])
pos += t
c = {}
if i == "Class":
c["Type"] = "Class"
c["TypeName"] = name
c["LibraryId"] = get_number(data[pos:pos+4])
pos += 4
else:
c["Type"] = "SystemClass"
c["TypeName"] = name
record["MemberTypeInfo"].append(c)
if get_number(data[pos:pos+4]) == 7:
Log.error(" Found Library - fix 4 bytes - this is not in the specs")
record["skip2"] = data[pos:pos+4]
pos += 4
return record, pos
