Ejemplo n.º 1
0
    def createFields(self):
        yield Bits(self, "version", 4, "Version")
        yield Bits(self, "hdr_size", 4, "Header size divided by 5")

        # Type of service
        yield Enum(Bits(self, "precedence", 3, "Precedence"),
                   self.precedence_name)
        yield Bit(self, "low_delay", "If set, low delay, else normal delay")
        yield Bit(self, "high_throu",
                  "If set, high throughput, else normal throughput")
        yield Bit(self, "high_rel", "If set, high relibility, else normal")
        yield NullBits(self, "reserved[]", 2, "(reserved for future use)")

        yield UInt16(self, "length")
        yield UInt16(self, "id")

        yield NullBits(self, "reserved[]", 1)
        yield Bit(self, "df", "Don't fragment")
        yield Bit(self, "more_frag",
                  "There are more fragments? if not set, it's the last one")
        yield Bits(self, "frag_ofst_lo", 5)
        yield UInt8(self, "frag_ofst_hi")
        yield UInt8(self, "ttl", "Type to live")
        yield Enum(UInt8(self, "protocol"), self.PROTOCOL_NAME)
        yield textHandler(UInt16(self, "checksum"), hexadecimal)
        yield IPv4_Address(self, "src")
        yield IPv4_Address(self, "dst")

        size = (self.size - self.current_size) // 8
        if size:
            yield RawBytes(self, "options", size)
def parseAviHeader(self):
    yield UInt32(self, "microsec_per_frame", "Microsecond per frame")
    yield UInt32(self, "max_byte_per_sec", "Maximum byte per second")
    yield NullBytes(self, "reserved", 4)

    # Flags
    yield NullBits(self, "reserved[]", 4)
    yield Bit(self, "has_index")
    yield Bit(self, "must_use_index")
    yield NullBits(self, "reserved[]", 2)
    yield Bit(self, "is_interleaved")
    yield NullBits(self, "reserved[]", 2)
    yield Bit(self, "trust_cktype")
    yield NullBits(self, "reserved[]", 4)
    yield Bit(self, "was_capture_file")
    yield Bit(self, "is_copyrighted")
    yield NullBits(self, "reserved[]", 14)

    yield UInt32(self, "total_frame", "Total number of frames in the video")
    yield UInt32(self, "init_frame",
                 "Initial frame (used in interleaved video)")
    yield UInt32(self, "nb_stream", "Number of streams")
    yield UInt32(self, "sug_buf_size", "Suggested buffer size")
    yield UInt32(self, "width", "Width in pixel")
    yield UInt32(self, "height", "Height in pixel")
    yield UInt32(self, "scale")
    yield UInt32(self, "rate")
    yield UInt32(self, "start")
    yield UInt32(self, "length")
Ejemplo n.º 3
0
    def createFields(self):
        yield Unsigned(self, 'track')
        yield Int16(self, 'timecode')

        if self.parent._name == 'Block':
            yield NullBits(self, 'reserved[]', 4)
            yield Bit(self, 'invisible')
            yield self.lacing()
            yield NullBits(self, 'reserved[]', 1)
        elif self.parent._name == 'SimpleBlock[]':
            yield Bit(self, 'keyframe')
            yield NullBits(self, 'reserved', 3)
            yield Bit(self, 'invisible')
            yield self.lacing()
            yield Bit(self, 'discardable')
        else:
            yield NullBits(self, 'reserved', 8)
            return

        size = (self._size - self.current_size) / 8
        lacing = self['lacing'].value
        if lacing:
            yield textHandler(GenericInteger(self, 'n_frames', False, 8),
                              lambda chunk: str(chunk.value + 1))
            yield Lace(self, lacing - 1, size - 1)
        else:
            yield RawBytes(self, 'frame', size)
    def createFields(self):
        # Gzip header
        yield Bytes(self, "signature", 2, r"GZip file signature (\x1F\x8B)")
        yield Enum(UInt8(self, "compression", "Compression method"),
                   self.COMPRESSION_NAME)

        # Flags
        yield Bit(self, "is_text", "File content is probably ASCII text")
        yield Bit(self, "has_crc16", "Header CRC16")
        yield Bit(self, "has_extra", "Extra informations (variable size)")
        yield Bit(self, "has_filename", "Contains filename?")
        yield Bit(self, "has_comment", "Contains comment?")
        yield NullBits(self, "reserved[]", 3)
        yield TimestampUnix32(self, "mtime", "Modification time")

        # Extra flags
        yield NullBits(self, "reserved[]", 1)
        yield Bit(self, "slowest",
                  "Compressor used maximum compression (slowest)")
        yield Bit(self, "fastest", "Compressor used the fastest compression")
        yield NullBits(self, "reserved[]", 5)
        yield Enum(UInt8(self, "os", "Operating system"), self.os_name)

        # Optional fields
        if self["has_extra"].value:
            yield UInt16(self, "extra_length", "Extra length")
            yield RawBytes(self, "extra", self["extra_length"].value, "Extra")
        if self["has_filename"].value:
            yield CString(self, "filename", "Filename", charset="ISO-8859-1")
        if self["has_comment"].value:
            yield CString(self, "comment", "Comment")
        if self["has_crc16"].value:
            yield textHandler(UInt16(self, "hdr_crc16", "CRC16 of the header"),
                              hexadecimal)

        if self._size is None:  # TODO: is it possible to handle piped input?
            raise NotImplementedError()

        # Read file
        size = (self._size - self.current_size) // 8 - 8  # -8: crc32+size
        if 0 < size:
            if self["has_filename"].value:
                filename = self["filename"].value
            else:
                for tag, filename in self.stream.tags:
                    if tag == "filename" and filename.endswith(".gz"):
                        filename = filename[:-3]
                        break
                else:
                    filename = None
            yield Deflate(SubFile(self, "file", size, filename=filename))

        # Footer
        yield textHandler(
            UInt32(self, "crc32", "Uncompressed data content CRC32"),
            hexadecimal)
        yield filesizeHandler(UInt32(self, "size", "Uncompressed size"))
Ejemplo n.º 5
0
    def createFields(self):
        yield String(self, "signature", 3, "FLV format signature", charset="ASCII")
        yield UInt8(self, "version")

        yield NullBits(self, "reserved[]", 5)
        yield Bit(self, "type_flags_audio")
        yield NullBits(self, "reserved[]", 1)
        yield Bit(self, "type_flags_video")

        yield UInt32(self, "data_offset")
Ejemplo n.º 6
0
    def createFields(self):
        # Signature + version
        yield String(self, "header", 3, "Header (ID3)", charset="ASCII")
        yield UInt8(self, "ver_major", "Version (major)")
        yield UInt8(self, "ver_minor", "Version (minor)")

        # Check format
        if self["header"].value != "ID3":
            raise MatchError("Signature error, should be \"ID3\".")
        if self["ver_major"].value not in self.VALID_MAJOR_VERSIONS \
        or self["ver_minor"].value != 0:
            raise MatchError(
                "Unknown ID3 metadata version (2.%u.%u)" %
                (self["ver_major"].value, self["ver_minor"].value))

        # Flags
        yield Bit(self, "unsync", "Unsynchronisation is used?")
        yield Bit(self, "ext", "Extended header is used?")
        yield Bit(self, "exp", "Experimental indicator")
        yield NullBits(self, "padding[]", 5)

        # Size
        yield ID3_Size(self, "size")

        # All tags
        while self.current_size < self._size:
            field = ID3_Chunk(self, "field[]")
            yield field
            if field["size"].value == 0:
                break

        # Search first byte of the MPEG file
        padding = self.seekBit(self._size)
        if padding:
            yield padding
Ejemplo n.º 7
0
    def createFields(self):
        yield Enum(UInt16(self, "src"), self.port_name)
        yield Enum(UInt16(self, "dst"), self.port_name)
        yield UInt32(self, "seq_num")
        yield UInt32(self, "ack_num")

        yield Bits(self, "hdrlen", 6, "Header lenght")
        yield NullBits(self, "reserved", 2, "Reserved")

        yield Bit(self, "cgst", "Congestion Window Reduced")
        yield Bit(self, "ecn-echo", "ECN-echo")
        yield Bit(self, "urg", "Urgent")
        yield Bit(self, "ack", "Acknowledge")
        yield Bit(self, "psh", "Push mmode")
        yield Bit(self, "rst", "Reset connection")
        yield Bit(self, "syn", "Synchronize")
        yield Bit(self, "fin", "Stop the connection")

        yield UInt16(self, "winsize", "Windows size")
        yield textHandler(UInt16(self, "checksum"), hexadecimal)
        yield UInt16(self, "urgent")

        size = self["hdrlen"].value * 8 - self.current_size
        while 0 < size:
            option = TCP_Option(self, "option[]")
            yield option
            size -= option.size
Ejemplo n.º 8
0
    def createFields(self):
        yield textHandler(
            UInt32(self, "magic", "File information magic (0xFEEF04BD)"),
            hexadecimal)
        if self["magic"].value != 0xFEEF04BD:
            raise ParserError("EXE resource: invalid file info magic")
        yield Version(self, "struct_ver", "Structure version (1.0)")
        yield Version(self, "file_ver_ms", "File version MS")
        yield Version(self, "file_ver_ls", "File version LS")
        yield Version(self, "product_ver_ms", "Product version MS")
        yield Version(self, "product_ver_ls", "Product version LS")
        yield textHandler(UInt32(self, "file_flags_mask"), hexadecimal)

        yield Bit(self, "debug")
        yield Bit(self, "prerelease")
        yield Bit(self, "patched")
        yield Bit(self, "private_build")
        yield Bit(self, "info_inferred")
        yield Bit(self, "special_build")
        yield NullBits(self, "reserved", 26)

        yield Enum(textHandler(UInt16(self, "file_os_major"), hexadecimal),
                   MAJOR_OS_NAME)
        yield Enum(textHandler(UInt16(self, "file_os_minor"), hexadecimal),
                   MINOR_OS_NAME)
        yield Enum(textHandler(UInt32(self, "file_type"), hexadecimal),
                   FILETYPE_NAME)
        field = textHandler(UInt32(self, "file_subfile"), hexadecimal)
        if field.value == FILETYPE_DRIVER:
            field = Enum(field, DRIVER_SUBTYPE_NAME)
        elif field.value == FILETYPE_FONT:
            field = Enum(field, FONT_SUBTYPE_NAME)
        yield field
        yield TimestampUnix32(self, "date_ms")
        yield TimestampUnix32(self, "date_ls")
def createNullField(parent, nbits, name="padding[]", description=None):
    if nbits <= 0:
        raise FieldError("Unable to create null padding of %s bits" % nbits)
    if (nbits % 8) == 0:
        return NullBytes(parent, name, nbits / 8, description)
    else:
        return NullBits(parent, name, nbits, description)
Ejemplo n.º 10
0
 def createFields(self):
     self.osconfig = self.parent.osconfig
     if True:
         yield Enum(Bits(self, "type", 12), self.TYPE_NAME)
         yield Bit(self, "is_vector")
         yield NullBits(self, "padding", 32 - 12 - 1)
     else:
         yield Enum(Bits(self, "type", 32), self.TYPE_NAME)
     tag = self["type"].value
     kw = {}
     try:
         handler = self.TYPE_INFO[tag][1]
         if handler == PascalString32:
             osconfig = self.osconfig
             if tag == self.TYPE_LPSTR:
                 kw["charset"] = osconfig.charset
             else:
                 kw["charset"] = osconfig.utf16
         elif handler == TimestampWin64:
             if self.description == "TotalEditingTime":
                 handler = TimedeltaWin64
     except LookupError:
         handler = None
     if not handler:
         raise ParserError("OLE2: Unable to parse property of type %s" \
             % self["type"].display)
     if self["is_vector"].value:
         yield UInt32(self, "count")
         for index in xrange(self["count"].value):
             yield handler(self, "item[]", **kw)
     else:
         yield handler(self, "value", **kw)
         self.createValue = lambda: self["value"].value
Ejemplo n.º 11
0
    def createFields(self):
        yield Bytes(self, "header", 4, r"PE header signature (PE\0\0)")
        if self["header"].value != "PE\0\0":
            raise ParserError("Invalid PE header signature")
        yield Enum(UInt16(self, "cpu", "CPU type"), self.cpu_name)
        yield UInt16(self, "nb_section", "Number of sections")
        yield TimestampUnix32(self, "creation_date", "Creation date")
        yield UInt32(self, "ptr_to_sym", "Pointer to symbol table")
        yield UInt32(self, "nb_symbols", "Number of symbols")
        yield UInt16(self, "opt_hdr_size", "Optional header size")

        yield Bit(self, "reloc_stripped",
                  "If true, don't contain base relocations.")
        yield Bit(self, "exec_image", "Executable image?")
        yield Bit(self, "line_nb_stripped", "COFF line numbers stripped?")
        yield Bit(self, "local_sym_stripped",
                  "COFF symbol table entries stripped?")
        yield Bit(self, "aggr_ws", "Aggressively trim working set")
        yield Bit(self, "large_addr",
                  "Application can handle addresses greater than 2 GB")
        yield NullBits(self, "reserved", 1)
        yield Bit(self, "reverse_lo",
                  "Little endian: LSB precedes MSB in memory")
        yield Bit(self, "32bit", "Machine based on 32-bit-word architecture")
        yield Bit(self, "is_stripped", "Debugging information removed?")
        yield Bit(
            self, "swap",
            "If image is on removable media, copy and run from swap file")
        yield PaddingBits(self, "reserved2", 1)
        yield Bit(self, "is_system", "It's a system file")
        yield Bit(self, "is_dll", "It's a dynamic-link library (DLL)")
        yield Bit(self, "up", "File should be run only on a UP machine")
        yield Bit(self, "reverse_hi", "Big endian: MSB precedes LSB in memory")
Ejemplo n.º 12
0
 def createFields(self):
     yield Bit(self, "sync[]")  # =True
     yield Bits(self, "ext_length", 7)
     yield NullBits(self, "reserved[]", 8)
     size = self["ext_length"].value
     if size:
         yield RawBytes(self, "ext_bytes", size)
Ejemplo n.º 13
0
    def createFields(self):
        if 3 <= self["../ver_major"].value:
            # ID3 v2.3 and 2.4
            yield Enum(
                String(self, "tag", 4, "Tag", charset="ASCII", strip="\0"),
                ID3_Chunk.tag23_name)
            if 4 <= self["../ver_major"].value:
                yield ID3_Size(self, "size")  # ID3 v2.4
            else:
                yield UInt32(self, "size")  # ID3 v2.3

            yield Bit(self, "tag_alter", "Tag alter preservation")
            yield Bit(self, "file_alter", "Tag alter preservation")
            yield Bit(self, "rd_only", "Read only?")
            yield NullBits(self, "padding[]", 5)

            yield Bit(self, "compressed", "Frame is compressed?")
            yield Bit(self, "encrypted", "Frame is encrypted?")
            yield Bit(self, "group", "Grouping identity")
            yield NullBits(self, "padding[]", 5)
            size = self["size"].value
            is_compressed = self["compressed"].value
        else:
            # ID3 v2.2
            yield Enum(
                String(self, "tag", 3, "Tag", charset="ASCII", strip="\0"),
                ID3_Chunk.tag22_name)
            yield UInt24(self, "size")
            size = self["size"].value - self.current_size / 8 + 6
            is_compressed = False

        if size:
            cls = None
            if not (is_compressed):
                tag = self["tag"].value
                if tag in ID3_Chunk.handler:
                    cls = ID3_Chunk.handler[tag]
                elif tag[0] == "T":
                    cls = ID3_StringCharset
            if cls:
                yield cls(self, "content", "Content", size=size * 8)
            else:
                yield RawBytes(self, "content", size, "Raw data content")
Ejemplo n.º 14
0
def headerParse(parent):
    yield UInt32(parent, "width", "Width (pixels)")
    yield UInt32(parent, "height", "Height (pixels)")
    yield UInt8(parent, "bit_depth", "Bit depth")
    yield NullBits(parent, "reserved", 5)
    yield Bit(parent, "has_alpha", "Has alpha channel?")
    yield Bit(parent, "color", "Color used?")
    yield Bit(parent, "has_palette", "Has a color palette?")
    yield Enum(UInt8(parent, "compression", "Compression method"), COMPRESSION_NAME)
    yield UInt8(parent, "filter", "Filter method")
    yield UInt8(parent, "interlace", "Interlace method")
Ejemplo n.º 15
0
 def createFields(self):
     yield Bits(self, "nbits", 5)
     nbits = self["nbits"].value
     if not nbits:
         raise ParserError("SWF parser: Invalid RECT field size (0)")
     yield Bits(self, "xmin", nbits, "X minimum in twips")
     yield Bits(self, "xmax", nbits, "X maximum in twips")
     yield Bits(self, "ymin", nbits, "Y minimum in twips")
     yield Bits(self, "ymax", nbits, "Y maximum in twips")
     size = paddingSize(self.current_size, 8)
     if size:
         yield NullBits(self, "padding", size)
Ejemplo n.º 16
0
def parseGraphicControl(parent):
    yield UInt8(parent, "size", "Block size (4)")

    yield Bit(parent, "has_transp", "Has transparency")
    yield Bit(parent, "user_input", "User input")
    yield Enum(Bits(parent, "disposal_method", 3), DISPOSAL_METHOD)
    yield NullBits(parent, "reserved[]", 3)

    if parent["size"].value != 4:
        raise ParserError("Invalid graphic control size")
    yield displayHandler(UInt16(parent, "delay", "Delay time in millisecond"), humanDuration)
    yield UInt8(parent, "transp", "Transparent color index")
    yield NullBytes(parent, "terminator", 1, "Terminator (0)")
Ejemplo n.º 17
0
 def createFields(self):
     if self.stream.readBytes(self.absolute_address, 5) != "Adobe":
         yield RawBytes(self, "raw", self.size // 8, "Raw data")
         return
     yield String(self, "adobe", 5, "\"Adobe\" string", charset="ASCII")
     yield UInt16(self, "version", "DCT encoder version")
     yield Enum(Bit(self, "flag00"), {
         False: "Chop down or subsampling",
         True: "Blend"
     })
     yield NullBits(self, "flags0_reserved", 15)
     yield NullBytes(self, "flags1", 2)
     yield Enum(
         UInt8(self, "color_transform", "Colorspace transformation code"),
         self.COLORSPACE_TRANSFORMATION)
Ejemplo n.º 18
0
def parseSoundHeader(parent, size):
    yield Bit(parent, "playback_is_stereo")
    yield Bit(parent, "playback_is_16bit")
    yield textHandler(Bits(parent, "playback_rate", 2), bit2hertz)
    yield NullBits(parent, "reserved", 4)

    yield Bit(parent, "sound_is_stereo")
    yield Bit(parent, "sound_is_16bit")
    yield textHandler(Bits(parent, "sound_rate", 2), bit2hertz)
    yield Enum(Bits(parent, "codec", 4), SOUND_CODEC)

    yield UInt16(parent, "sample_count")

    if parent["codec"].value == 2:
        yield UInt16(parent, "latency_seek")
Ejemplo n.º 19
0
def parseAnimationHeader(self):
    yield UInt32(self, "hdr_size", "Size of header (36 bytes)")
    if self["hdr_size"].value != 36:
        self.warning("Animation header with unknown size (%s)" %
                     self["size"].value)
    yield UInt32(self, "nb_frame", "Number of unique Icons in this cursor")
    yield UInt32(self, "nb_step",
                 "Number of Blits before the animation cycles")
    yield UInt32(self, "cx")
    yield UInt32(self, "cy")
    yield UInt32(self, "bit_count")
    yield UInt32(self, "planes")
    yield UInt32(
        self, "jiffie_rate",
        "Default Jiffies (1/60th of a second) if rate chunk not present")
    yield Bit(self, "is_icon")
    yield NullBits(self, "padding", 31)
Ejemplo n.º 20
0
def parseStartSound(parent, size):
    yield UInt16(parent, "sound_id")
    yield Bit(parent, "has_in_point")
    yield Bit(parent, "has_out_point")
    yield Bit(parent, "has_loops")
    yield Bit(parent, "has_envelope")
    yield Bit(parent, "no_multiple")
    yield Bit(parent, "stop_playback")
    yield NullBits(parent, "reserved", 2)

    if parent["has_in_point"].value:
        yield UInt32(parent, "in_point")
    if parent["has_out_point"].value:
        yield UInt32(parent, "out_point")
    if parent["has_loops"].value:
        yield UInt16(parent, "loop_count")
    if parent["has_envelope"].value:
        yield SoundEnvelope(parent, "envelope")
Ejemplo n.º 21
0
 def createFields(self):
     yield String(self, "magic", len(self.MAGIC), 'Magic string (%r)' % self.MAGIC, charset="ASCII")
     yield UInt8(self, "major_version")
     yield UInt8(self, "minor_version")
     yield Enum(UInt8(self, "crypto"), self.CRYPTO_NAMES)
     yield Enum(UInt8(self, "hash"), self.HASH_NAMES)
     yield KeyringString(self, "keyring_name")
     yield TimestampUnix64(self, "mtime")
     yield TimestampUnix64(self, "ctime")
     yield Bit(self, "lock_on_idle")
     yield NullBits(self, "reserved[]", 31, "Reserved for future flags")
     yield UInt32(self, "lock_timeout")
     yield UInt32(self, "hash_iterations")
     yield RawBytes(self, "salt", 8)
     yield NullBytes(self, "reserved[]", 16)
     yield Items(self, "items")
     yield UInt32(self, "encrypted_size")
     yield Deflate(SubFile(self, "encrypted", self["encrypted_size"].value, "AES128 CBC", parser_class=EncryptedData))
Ejemplo n.º 22
0
    def createFields(self):
        yield String(self, "name", 8, charset="ASCII", strip="\0 ")
        yield filesizeHandler(UInt32(self, "mem_size", "Size in memory"))
        yield textHandler(UInt32(self, "rva", "RVA (location) in memory"),
                          hexadecimal)
        yield filesizeHandler(
            UInt32(self, "phys_size", "Physical size (on disk)"))
        yield filesizeHandler(
            UInt32(self, "phys_off", "Physical location (on disk)"))
        yield PaddingBytes(self, "reserved", 12)

        # 0x0000000#
        yield NullBits(self, "reserved[]", 4)
        # 0x000000#0
        yield NullBits(self, "reserved[]", 1)
        yield Bit(self, "has_code", "Contains code")
        yield Bit(self, "has_init_data", "Contains initialized data")
        yield Bit(self, "has_uninit_data", "Contains uninitialized data")
        # 0x00000#00
        yield NullBits(self, "reserved[]", 1)
        yield Bit(self, "has_comment", "Contains comments?")
        yield NullBits(self, "reserved[]", 1)
        yield Bit(self, "remove", "Contents will not become part of image")
        # 0x0000#000
        yield Bit(self, "has_comdata", "Contains comdat?")
        yield NullBits(self, "reserved[]", 1)
        yield Bit(
            self, "no_defer_spec_exc",
            "Reset speculative exceptions handling bits in the TLB entries")
        yield Bit(self, "gp_rel", "Content can be accessed relative to GP")
        # 0x000#0000
        yield NullBits(self, "reserved[]", 4)
        # 0x00#00000
        yield NullBits(self, "reserved[]", 4)
        # 0x0#000000
        yield Bit(self, "ext_reloc", "Contains extended relocations?")
        yield Bit(self, "discarded", "Can be discarded?")
        yield Bit(self, "is_not_cached", "Is not cachable?")
        yield Bit(self, "is_not_paged", "Is not pageable?")
        # 0x#0000000
        yield Bit(self, "is_shareable", "Is shareable?")
        yield Bit(self, "is_executable", "Is executable?")
        yield Bit(self, "is_readable", "Is readable?")
        yield Bit(self, "is_writable", "Is writable?")
Ejemplo n.º 23
0
 def createFields(self):
     yield String(self, 'capture_pattern', 4, charset="ASCII")
     if self['capture_pattern'].value != self.MAGIC:
         self.warning(
             'Invalid signature. An Ogg page must start with "%s".' %
             self.MAGIC)
     yield UInt8(self, 'stream_structure_version')
     yield Bit(self, 'continued_packet')
     yield Bit(self, 'first_page')
     yield Bit(self, 'last_page')
     yield NullBits(self, 'unused', 5)
     yield UInt64(self, 'abs_granule_pos')
     yield textHandler(UInt32(self, 'serial'), hexadecimal)
     yield UInt32(self, 'page')
     yield textHandler(UInt32(self, 'checksum'), hexadecimal)
     yield UInt8(self, 'lacing_size')
     if self.lacing_size:
         yield Lacing(self, "lacing", size=self.lacing_size * 8)
         yield Segments(self,
                        "segments",
                        size=self._size - self._current_size)
Ejemplo n.º 24
0
    def createFields(self):
        yield UInt16(self, "left", "Left")
        yield UInt16(self, "top", "Top")
        yield UInt16(self, "width", "Width")
        yield UInt16(self, "height", "Height")

        yield Bits(self, "bpp", 3, "Bits / pixel minus one")
        yield NullBits(self, "nul", 2)
        yield Bit(self, "sorted", "Sorted??")
        yield Bit(self, "interlaced", "Interlaced?")
        yield Bit(self, "has_local_map", "Use local color map?")

        if self["has_local_map"].value:
            nb_color = 1 << (1 + self["bpp"].value)
            yield PaletteRGB(self, "local_map", nb_color, "Local color map")

        yield UInt8(self, "code_size", "LZW Minimum Code Size")
        while True:
            blen = UInt8(self, "block_len[]", "Block Length")
            yield blen
            if blen.value != 0:
                yield RawBytes(self, "data[]", blen.value, "Image Data")
            else:
                break
Ejemplo n.º 25
0
 def createFields(self):
     yield Bit(self, "in_use")
     yield Bit(self, "is_directory")
     yield NullBits(self, "padding", 14)
    def createFields(self):
        yield Bytes(self, "signature", 2, "New executable signature (NE)")
        yield UInt8(self, "link_ver", "Linker version number")
        yield UInt8(self, "link_rev", "Linker revision number")
        yield UInt16(self, "entry_table_ofst", "Offset to the entry table")
        yield UInt16(self, "entry_table_size",
                     "Length (in bytes) of the entry table")
        yield PaddingBytes(self, "reserved[]", 4)

        yield Bit(self, "is_dll", "Is a dynamic-link library (DLL)?")
        yield Bit(self, "is_win_app", "Is a Windows application?")
        yield PaddingBits(self, "reserved[]", 9)
        yield Bit(self, "first_seg_code",
                  "First segment contains code that loads the application?")
        yield NullBits(self, "reserved[]", 1)
        yield Bit(self, "link_error", "Load even if linker detects errors?")
        yield NullBits(self, "reserved[]", 1)
        yield Bit(self, "is_lib", "Is a library module?")

        yield UInt16(self, "auto_data_seg", "Automatic data segment number")
        yield filesizeHandler(
            UInt16(self, "local_heap_size",
                   "Initial size (in bytes) of the local heap"))
        yield filesizeHandler(
            UInt16(self, "stack_size", "Initial size (in bytes) of the stack"))
        yield textHandler(UInt32(self, "cs_ip", "Value of CS:IP"), hexadecimal)
        yield textHandler(UInt32(self, "ss_sp", "Value of SS:SP"), hexadecimal)

        yield UInt16(self, "nb_entry_seg_tab",
                     "Number of entries in the segment table")
        yield UInt16(self, "nb_entry_modref_tab",
                     "Number of entries in the module-reference table")
        yield filesizeHandler(
            UInt16(self, "size_nonres_name_tab",
                   "Number of bytes in the nonresident-name table"))
        yield UInt16(self, "seg_tab_ofs", "Segment table offset")
        yield UInt16(self, "rsrc_ofs", "Resource offset")

        yield UInt16(self, "res_name_tab_ofs", "Resident-name table offset")
        yield UInt16(self, "mod_ref_tab_ofs", "Module-reference table offset")
        yield UInt16(self, "import_tab_ofs", "Imported-name table offset")

        yield UInt32(self, "non_res_name_tab_ofs",
                     "Nonresident-name table offset")
        yield UInt16(self, "nb_mov_ent_pt", "Number of movable entry points")
        yield UInt16(self, "log2_sector_size",
                     "Log2 of the segment sector size")
        yield UInt16(self, "nb_rsrc_seg", "Number of resource segments")

        yield Bit(self, "unknown_os_format",
                  "Operating system format is unknown")
        yield PaddingBits(self, "reserved[]", 1)
        yield Bit(self, "os_windows", "Operating system is Microsoft Windows")
        yield NullBits(self, "reserved[]", 6)
        yield Bit(
            self, "is_win20_prot",
            "Is Windows 2.x application running in version 3.x protected mode")
        yield Bit(self, "is_win20_font",
                  "Is Windows 2.x application supporting proportional fonts")
        yield Bit(self, "fast_load", "Contains a fast-load area?")
        yield NullBits(self, "reserved[]", 4)

        yield UInt16(self, "fastload_ofs", "Fast-load area offset (in sector)")
        yield UInt16(self, "fastload_size",
                     "Fast-load area length (in sector)")

        yield NullBytes(self, "reserved[]", 2)
        yield textHandler(
            UInt16(self, "win_version", "Expected Windows version number"),
            hexadecimal)
Ejemplo n.º 27
0
 def createFields(self):
     yield Enum(Bits(self, "ext_type", 4), self.EXT_TYPE)
     ext_type = self['ext_type'].value
     if ext_type == 1:
         # Sequence extension
         yield Bits(self, 'profile_and_level', 8)
         yield Bit(self, 'progressive_sequence')
         yield Bits(self, 'chroma_format', 2)
         yield Bits(self, 'horiz_size_ext', 2)
         yield Bits(self, 'vert_size_ext', 2)
         yield Bits(self, 'bit_rate_ext', 12)
         yield Bits(self, 'pad[]', 1)
         yield Bits(self, 'vbv_buffer_size_ext', 8)
         yield Bit(self, 'low_delay')
         yield Bits(self, 'frame_rate_ext_n', 2)
         yield Bits(self, 'frame_rate_ext_d', 5)
     elif ext_type == 2:
         # Sequence Display extension
         yield Bits(self, 'video_format', 3)
         yield Bit(self, 'color_desc_present')
         if self['color_desc_present'].value:
             yield UInt8(self, 'color_primaries')
             yield UInt8(self, 'transfer_characteristics')
             yield UInt8(self, 'matrix_coeffs')
         yield Bits(self, 'display_horiz_size', 14)
         yield Bits(self, 'pad[]', 1)
         yield Bits(self, 'display_vert_size', 14)
         yield NullBits(self, 'pad[]', 3)
     elif ext_type == 8:
         yield Bits(self,
                    'f_code[0][0]',
                    4,
                    description="forward horizontal")
         yield Bits(self, 'f_code[0][1]', 4, description="forward vertical")
         yield Bits(self,
                    'f_code[1][0]',
                    4,
                    description="backward horizontal")
         yield Bits(self,
                    'f_code[1][1]',
                    4,
                    description="backward vertical")
         yield Bits(self, 'intra_dc_precision', 2)
         yield Bits(self, 'picture_structure', 2)
         yield Bit(self, 'top_field_first')
         yield Bit(self, 'frame_pred_frame_dct')
         yield Bit(self, 'concealment_motion_vectors')
         yield Bit(self, 'q_scale_type')
         yield Bit(self, 'intra_vlc_format')
         yield Bit(self, 'alternate_scan')
         yield Bit(self, 'repeat_first_field')
         yield Bit(self, 'chroma_420_type')
         yield Bit(self, 'progressive_frame')
         yield Bit(self, 'composite_display')
         if self['composite_display'].value:
             yield Bit(self, 'v_axis')
             yield Bits(self, 'field_sequence', 3)
             yield Bit(self, 'sub_carrier')
             yield Bits(self, 'burst_amplitude', 7)
             yield Bits(self, 'sub_carrier_phase', 8)
             yield NullBits(self, 'pad[]', 2)
         else:
             yield NullBits(self, 'pad[]', 6)
     else:
         yield RawBits(self, "raw[]", 4)
Ejemplo n.º 28
0
 def createFields(self):
     yield Bit(self, "has_previous")
     yield Bit(self, "has_next")
     yield Bit(self, "has_reserved")
     yield NullBits(self, "padding", 13)