def __init__(self, stream, offset, max_size, parent, name, color_type, \
bit_depth, palette_entries):
import C;
Structure.__init__(self, stream, offset, max_size, parent, name);
if color_type == 0:
self._grey = self.Member(C.WORD, 'grey', little_endian = False);
CheckBits(self._grey, bit_depth);
elif color_type == 2:
self._red = self.Member(C.WORD, 'red', little_endian = False);
CheckBits(self._red, bit_depth);
self._green = self.Member(C.WORD, 'green', little_endian = False);
CheckBits(self._green, bit_depth);
self._blue = self.Member(C.WORD, 'blue', little_endian = False);
CheckBits(self._blue, bit_depth);
elif color_type == 3:
self._alpha_values = self.Member( \
C.ARRAY, 'alpha_values', max_size, C.BYTE);
if palette_entries is not None and palette_entries < max_size:
self._alpha_values.warnings.append(
'expected 0x%X|%d entries' % (palette_entries, palette_entries));
elif color_type == None:
self.warnings.append(
'chunk has no function when the color type is unknown');
else:
self.warnings.append(
'chunk has no function for color type %d' % color_type);
self.Unused();
def __init__(self, stream, offset, max_size, parent, name):
import C
from GIF_BLOCK import GIF_BLOCK
from GIF_COLORTABLE import GIF_COLORTABLE
from GIF_IMAGE_DESCRIPTOR import GIF_IMAGE_DESCRIPTOR
from LZW_compressed_data import LZW_compressed_data
Structure.__init__(self, stream, offset, max_size, parent, name)
self._descriptor = self.Member(GIF_IMAGE_DESCRIPTOR, "descriptor")
flags = self._descriptor._Flags
self._has_local_color_table = flags._LocalColorTable.value == 1
if self._has_local_color_table:
self._local_color_table_entries = 2 ** (flags._SizeLocalColorTable.value + 1)
self._local_color_table_sorted = flags._Sort.value == 1
self._local_color_table = self.Member(
GIF_COLORTABLE, "local_color_table", self._local_color_table_entries, self._local_color_table_sorted
)
else:
self._local_color_table = None
self._lzw_minimum_code_size = self.Member(C.BYTE, "LZW_minimum_code_size")
if self._lzw_minimum_code_size.value == 0:
self._lzw_minimum_code_size.warnings.append("expected value > 0")
self._compressed_pixel_data_container = self.Member(GIF_BLOCK, "pixel_data")
self._pixel_data_container = self._compressed_pixel_data_container.ContainMember(
LZW_compressed_data, "pixel_data", self._lzw_minimum_code_size.value
)
self._pixel_data = self._pixel_data_container.ContainMember(
C.STRING, "pixel_data", self._descriptor._Width.value * self._descriptor._Height.value
)
def __init__(self, stream, offset, max_size, parent, name, \
height_div_2 = False):
import C;
from struct_BITMAPINFOHEADER import struct_BITMAPINFOHEADER;
from struct_RGBQUAD import struct_RGBQUAD;
Structure.__init__(self, stream, offset, max_size, parent, name);
self._header = self.Member(struct_BITMAPINFOHEADER, \
'header', height_div_2);
self.format_details = self._header.format_details;
bit_count = self._header._BitCount.value;
compression = self._header._Compression.value;
number_of_colors = 2 ** bit_count;
used_colors = self._header._ClrUsed.value;
# http://msdn.microsoft.com/en-us/library/aa930622.aspx
if used_colors:
number_of_rgb_quads = used_colors;
else:
number_of_rgb_quads = 2 ** bit_count;
if bit_count in [16, 24, 32]:
number_of_rgb_quads = 0;
if compression == 3: # bitfields:
number_of_rgb_quads = 3;
if number_of_rgb_quads > 0:
self._color_table = self.Member(C.ARRAY, 'color_table', \
number_of_rgb_quads, struct_RGBQUAD);
self._color_table.dump_simplified = True;
else:
self._color_table = None;
def __init__(self, stream, offset, max_size, parent, name):
import math;
import C;
from ZLIB_BLOCK import ZLIB_BLOCK;
from struct_RGBAQUAD import struct_RGBAQUAD;
Structure.__init__(self, stream, offset, max_size, parent, name);
null_seperator_index = self.GetMaxStream().find('\0');
if null_seperator_index == -1:
self._keyword = None;
self._null_seperator = None;
self.warnings.append('no null found to seperate profile name from text, ' \
'assuming text only');
else:
self._profile_name = self.Member(C.STRING, 'profile_name', \
null_seperator_index);
CheckName(self._profile_name);
self._null_seperator = self.Member(C.BYTE, 'null_seperator');
self._compression_method = self.Member(C.BYTE, 'compression_method');
if self._compression_method.value == 0:
self._compression_method.notes.append('zlib deflate');
else:
self._compression_method.warnings.append( \
'unknown methods, zlib deflate assumed');
self._compressed_profile = self.Member(ZLIB_BLOCK, 'data');
self._profile = self._compressed_profile.ContainMember( \
C.STRING, 'profile', \
self._compressed_profile.current_contained_max_size);
# TODO (SkyLined): handle profile correctly (I'm assuming it's not a string)
self.Unused();
def __init__(self, *args, **kw):
Structure.__init__(self, *args, **kw)
if kw.has_key('size'):
self.size = kw['size']
else:
self.size = 1
def __init__(self):
Structure.__init__(self)
self.RVA = None
self.Size = None
self.majorAttributes = ['RVA', 'Size']
self.section = None
self.info = None
def __init__(self, stream, offset, max_size, parent, name):
import C;
Structure.__init__(self, stream, offset, max_size, parent, name);
self._gamma = self.Member(C.DWORD, 'gamma', little_endian = False);
gamma = 100000.0 / self._gamma.value;
self._gamma.notes.append('= 1/%f;' % gamma);
self.Unused();
def __init__(self, stream, offset, max_size, parent, name):
import C;
from PNG_CheckText import PNG_CheckText;
Structure.__init__(self, stream, offset, max_size, parent, name);
null_seperator_index = self.GetMaxStream().find('\0');
if null_seperator_index == -1:
self._keyword = None;
self._null_seperator = None;
self.warnings.append('no null found to seperate keyword from text, ' \
'assuming text only');
else:
self._keyword = self.Member(C.STRING, 'keyword', null_seperator_index);
PNG_CheckText(self._keyword, can_be_empty = False, max_size = 79, \
no_extra_spaces = True, utf_8 = False, newlines = False, \
is_keyword = True);
self._null_seperator = self.Member(C.BYTE, 'null_seperator');
self._text = self.Member(C.STRING, 'keyword', self.current_max_size);
PNG_CheckText(self._text, can_be_empty = True, max_size = None, \
no_extra_spaces = False, utf_8 = False, newlines = True, \
is_keyword = False);
self.Unused();
def __init__(self, stream, offset, max_size, parent, name, \
color_type, bit_depth, palette_entries):
import C;
Structure.__init__(self, stream, offset, max_size, parent, name);
if color_type in [0, 4]:
self._grey = self.Member(C.WORD, 'grey', little_endian = False);
CheckBits(self._grey, bit_depth);
elif color_type in [2, 6]:
self._red = self.Member(C.WORD, 'red', little_endian = False);
CheckBits(self._red, bit_depth);
self._green = self.Member(C.WORD, 'green', little_endian = False);
CheckBits(self._green, bit_depth);
self._blue = self.Member(C.WORD, 'blue', little_endian = False);
CheckBits(self._blue, bit_depth);
elif color_type == 3:
self._palette_index = self.Member(C.BYTE, 'palette index');
if palette_entries is not None \
and self._palette_index.value >= palette_entries:
self._alpha_values.warnings.append(
'expected value to be at most 0x%X|%d' % \
(palette_entries, palette_entries));
elif color_type == None:
self.warnings.append(
'chunk has no function when the color type is unknown');
else:
self.warnings.append(
'chunk has no function for color type %d' % color_type);
self.Unused();
def __init__(self, stream, offset, max_size, parent, name):
import C;
Structure.__init__(self, stream, offset, max_size, parent, name);
# UINT CommonNetworkRelativeLinkSize
self._CommonNetworkRelativeLinkSize = self.Member(C.UINT, \
'CommonNetworkRelativeLinkSize');
if self._CommonNetworkRelativeLinkSize.value < 0x14:
self._CommonNetworkRelativeLinkSize.warnings.append(
'Expected value to be larger than or equal to 0x14|20');
# 32 BITS CommonNetworkRelativeLinkFlags
self._CommonNetworkRelativeLinkFlags = self.Member(C.BITFIELD, \
'CommonNetworkRelativeLinkFlags',
('Unused', 30),
('ValidNetType', 1),
('ValidDevice', 1)
);
# UINT NetNameOffset
self._NetNameOffset = self.Member(C.UINT, 'NetNameOffset');
# UINT DeviceNameOffset
self._DeviceNameOffset = self.Member(C.UINT, 'DeviceNameOffset');
if self._CommonNetworkRelativeLinkFlags._ValidDevice.value == 0 \
and self._DeviceNameOffset.value != 0:
self._DeviceNameOffset.warnings.append('Expected value to be 0');
# UINT NetworkProviderType
self._NetworkProviderType = self.Member(C.UINT, 'NetworkProviderType');
if self._CommonNetworkRelativeLinkFlags._ValidNetType.value == 0 \
and self._NetworkProviderType.value != 0:
self._NetworkProviderType.warnings.append('Expected value to be 0');
def __init__(self, *args, **kw):
Structure.__init__(self, *args, **kw)
if kw.has_key('size'):
self.size = kw['size']
else:
self.size = 1
def __init__(self, stream, offset, max_size, parent, name):
import C;
from GIF_BLOCK import GIF_BLOCK;
from GIF_EXTENSION_APPLICATION import GIF_EXTENSION_APPLICATION;
from GIF_EXTENSION_COMMENT import GIF_EXTENSION_COMMENT;
from GIF_EXTENSION_GRAPHICS_CONTROL import GIF_EXTENSION_GRAPHICS_CONTROL;
from GIF_EXTENSION_PLAIN_TEXT import GIF_EXTENSION_PLAIN_TEXT;
Structure.__init__(self, stream, offset, max_size, parent, name);
self._label = self.Member(C.BYTE, 'label');
if self._label.value == 0x01:
self._label.notes.append('plain text extension');
self._data = self.Member( \
GIF_EXTENSION_PLAIN_TEXT, 'plain_text_extension');
elif self._label.value == 0xF9:
self._label.notes.append('graphice control extension');
self._data = self.Member( \
GIF_EXTENSION_GRAPHICS_CONTROL, 'graphice_control_extension');
elif self._label.value == 0xFE:
self._label.notes.append('comment extension');
self._data = self.Member( \
GIF_EXTENSION_COMMENT, 'comment_extension');
elif self._label.value == 0xFF:
self._label.notes.append('application extension');
self._data = self.Member( \
GIF_EXTENSION_APPLICATION, 'application_extension');
else:
self._label.warnings.append('unknown extension');
self._data = self.Member(GIF_BLOCK, 'data');
self._data.ContainUnused();
def __init__(self, stream, offset, max_size, parent, name):
import math, time;
import C;
Structure.__init__(self, stream, offset, max_size, parent, name);
self._year = self.Member(C.WORD, 'year', little_endian = False);
if self._year.value > time.gmtime()[0] or self._year.value < 1900:
self._year.notes.append('unlikely value');
self._month = self.Member(C.BYTE, 'month');
if self._month.value > 12 or self._month.value < 1:
self._month.warnings.append('illegal value');
self._day = self.Member(C.BYTE, 'day');
if self._day.value > 31 or self._day.value < 1:
self._day.warnings.append('illegal value');
self._hour = self.Member(C.BYTE, 'hour');
if self._hour.value > 23 or self._hour.value < 0:
self._hour.warnings.append('illegal value');
self._minute = self.Member(C.BYTE, 'minute');
if self._minute.value > 59 or self._minute.value < 0:
self._minute.warnings.append('illegal value');
self._second = self.Member(C.BYTE, 'second');
if self._second.value > 60 or self._second.value < 0: # Leap second = 60 :)
self._second.warnings.append('illegal value');
self.Unused();
def __init__(self, stream, offset, max_size, parent, name, \
bit_offset, bit_size, value):
Structure.__init__(self, stream, offset, max_size, parent, name);
self.dump_simplified = True;
self.value = value;
self.bit_offset = bit_offset;
self.bit_size = bit_size;
def __init__(self, stream, offset, max_size, parent, name, type_name, \
structure_class):
self.type_name = type_name;
Structure.__init__(self, stream, offset, max_size, parent, name);
self._contents = self.Member(structure_class, 'used');
if hasattr(self._contents, 'format_details'):
self.format_details = self._contents.format_details;
self.Unused();
def __init__(self, stream, offset, max_size, parent, name):
import C;
Structure.__init__(self, stream, offset, max_size, parent, name);
self._SampleLength = self.Member(C.DWORD, 'SampleLength');
self.format_details = 'fact';
self.Unused();
def __init__(self, stream, offset, max_size, parent, name):
import C;
Structure.__init__(self, stream, offset, max_size, parent, name);
self._compressed_pixel_data = self.Member( \
C.STRING, 'compressed_pixel_data', max_size);
self.Unused();
def __init__(self, stream, offset, max_size, parent, name):
from ICON import ICON;
Structure.__init__(self, stream, offset, max_size, parent, name);
self._icon = self.Member(ICON, 'icon_data');
self.format_details = self._icon.format_details;
self.Unused();
def __init__(self, stream, offset, max_size, parent, name):
import C;
from BITMAP import BITMAP;
Structure.__init__(self, stream, offset, max_size, parent, name);
self._Type = self.Member(C.DWORD, 'Type');
CLIPBOARD_FORMATS = {
0x0001: ('TEXT', None),
0x0002: ('BITMAP', None),
0x0003: ('METAFILEPICT', None),
0x0004: ('SYLK', 'Symbolic link'),
0x0005: ('DIF', 'Data Interchange Format'),
0x0006: ('TIFF', None),
0x0007: ('OEMTEXT', None),
0x0008: ('DIB', None),
0x0009: ('PALETTE', None),
0x000A: ('PENDATA', None),
0x000B: ('RIFF(audio)', None),
0x000C: ('WAVE', None),
0x000D: ('UNICODETEXT', None),
0x000E: ('ENHMETAFILE', None),
0x000F: ('HDROP', 'list of file handles'),
0x0010: ('LOCALE', None),
0x0011: ('DIBV5', 'struct BITMAPV5HEADER'),
0x0080: ('OWNERDISPLAY', None),
0x0081: ('DSPTEXT', 'private'),
0x0082: ('DSPBITMAP', 'private'),
0x0083: ('DSPMETAFILEPICT', 'private'),
0x008E: ('DSPENHMETAFILE', 'private'),
0xBF00: ('Link', None),
};
t = self._Type.value;
if t in CLIPBOARD_FORMATS:
format, details = CLIPBOARD_FORMATS[t];
self.format_details = 'DISP(%s)' % format;
if details != None:
self._Type.notes.append('%s(%s)' % (format, details));
else:
self._Type.notes.append(format);
elif t >= 0x200 and t <= 0x2FF:
t &= 0xFF;
self.format_details = 'DISP(private %d|0x%02X)' % (t, t);
self._Type.notes.append('private format %d|%08X' % (t, t));
elif t >= 0x300 and t <= 0x3FF:
t &= 0xFF;
self.format_details = 'DISP(private GDI %d|0x%02X)' % (t, t);
self._Type.notes.append('private GDI object format %d|%08X' % (t, t));
else:
self.format_details = 'DISP(unknown %d|0x%08X)' % (t, t);
self._Type.warnings.append('unknown type');
if t == 8:
self._bitmapinfo = self.Member(BITMAP, 'bitmapinfo');
else:
self._data = self.Member(C.STRING, 'data', self.current_max_size);
self.Unused();
def __init__(self, stream, offset, max_size, parent, name):
import C;
Structure.__init__(self, stream, offset, max_size, parent, name);
self._CuePointName = self.Member(C.STRING, 'CuePointName', 4);
self._Text = self.Member(C.STRING, 'Text', self.current_max_size);
self.format_details = 'note';
self.Unused();
def __init__(self, stream, offset, max_size, parent, name):
import C
Structure.__init__(self, stream, offset, max_size, parent, name)
self._CuePointName = self.Member(C.DWORD, 'CuePointName')
self._Text = self.Member(C.STRING, 'Text')
self.format_details = 'labl'
self.Unused()
def __init__(self, *args, **kw):
Structure.__init__(self, *args, **kw)
if kw.has_key('size'):
size = kw['size']
else:
size = 64
if not size in self.sizes.keys():
raise ValueError("Only supported sizes are %r not %i" % (self.sizes.keys(),size))
self.size = size
def __init__(self, stream, offset, max_size, parent, name):
import C;
from GIF_BLOCK import GIF_BLOCK;
Structure.__init__(self, stream, offset, max_size, parent, name);
self._data = self.Member(GIF_BLOCK, 'data');
self._comment = self._data.ContainMember(C.STRING, \
'comment', self._data.contained_current_max_size);
self._data.ContainUnused(); # Should always be 0.
def __init__(self, stream, offset, max_size, parent, name):
import math;
import C;
Structure.__init__(self, stream, offset, max_size, parent, name);
self.dump_simplified = True;
number_of_sequences = int(math.floor(max_size / 4.0));
self._sequences = self.Member(C.ARRAY, 'sequences', number_of_sequences, C.DWORD);
self.format_details = 'seq(%d)' % number_of_sequences;
self.Unused();
def __init__(self, stream, offset, max_size, parent, name):
import math;
import C;
from struct_RGBAQUAD import struct_RGBAQUAD;
Structure.__init__(self, stream, offset, max_size, parent, name);
null_seperator_index = self.GetMaxStream().find('\0');
if null_seperator_index == -1:
self._palette_name = None;
self._null_seperator = None;
self.warnings.append('no null found to seperate palette name from ' \
'data, assuming data only');
else:
self._palette_name = self.Member(C.STRING, 'palette_name', \
null_seperator_index);
CheckName(self._palette_name);
self._null_seperator = self.Member(C.BYTE, 'null_seperator');
self._sample_depth = self.Member(C.BYTE, 'sample_depth');
if self._sample_depth.value < 16:
struct_size = 6;
struct_definition = (
('Red', C.BYTE),
('Green', C.BYTE),
('Blue', C.BYTE),
('Alpha', C.BYTE),
('Frequency', C.WORD),
);
self._sample_depth.notes.append('color/alpha info size = 1 byte');
else:
struct_size = 10;
struct_definition = (
('Red', C.WORD),
('Green', C.WORD),
('Blue', C.WORD),
('Alpha', C.WORD),
('Frequency', C.WORD),
);
self._sample_depth.notes.append('color/alpha info size = 2 bytes');
self._number_of_palette_suggestions = \
math.floor(self.current_max_size / struct_size);
self._palette_suggestions = self.Member(C.ARRAY, 'palette_suggestions', \
self._number_of_palette_suggestions, C.STRUCT, 'PALETTE_SUGGESTION',
*struct_definition);
if self.current_max_size % struct_size != 0:
self._palette_suggestions.warnings.append(
'pallete size should be divisible by %d' % struct_size);
self._palette_suggestions.dump_simplified = True;
self.Unused();
def __init__(self, stream, offset, max_size, parent, name):
import C;
Structure.__init__(self, stream, offset, max_size, parent, name);
self._PlaylistName = self.Member(C.STRING, 'PlaylistName', 4);
self._Length = self.Member(C.DWORD, 'Length');
self._Loops = self.Member(C.DWORD, 'Loops');
self.format_details = 'plst';
if self._Length.value == 0:
self._Length.warnings.append('expected value to be at least 1');
self.Unused();
def __init__(self, stream, offset, max_size, parent, name):
from struct_BMPHEADER import struct_BMPHEADER;
from BITMAP import BITMAP;
Structure.__init__(self, stream, offset, max_size, parent, name);
self._header = self.Member(struct_BMPHEADER, 'header');
if self._header._FileSize.value != max_size:
self._header._FileSize.warnings.append( \
'actual size = 0x%X|%d' % (max_size, max_size));
self._bitmap = self.Member(BITMAP, 'bitmap', self._header._Offset.value);
def __init__(self, stream, offset, max_size, parent, name, count, ordered):
import C;
from struct_RGBTRIPPLE import struct_RGBTRIPPLE;
Structure.__init__(self, stream, offset, max_size, parent, name);
if ordered:
self.notes.append('ordered by decreasing importance');
else:
self.notes.append('not ordered');
self._rgb_tripples = self.Member(C.ARRAY, 'rgb_tripples', \
count, struct_RGBTRIPPLE);
self._rgb_tripples.dump_simplified = True;
def __init__(self, stream, offset, max_size, parent, name):
import C;
Structure.__init__(self, stream, offset, max_size, parent, name);
self._size = self.Member(C.BYTE, 'size');
if self._size.value == 0:
self._is_terminator = True;
self.notes.append('block terminator');
self.ContainStream('data', None, '', 0);
else:
self._is_terminator = False;
self._data = self.Member(C.STRING, 'data', self._size.value);
self.ContainStream('data', 'data', self._data.value, self._data.size);
def __init__(self, stream, offset, max_size, parent, name):
import math
import C
from struct_RGBTRIPPLE import struct_RGBTRIPPLE
Structure.__init__(self, stream, offset, max_size, parent, name)
if max_size % 3 != 0:
self.warnings.append("pallete size should be divisible by 3")
self._number_of_rgb_tripples = math.floor(max_size / 3.0)
self._rgb_tripples = self.Member(C.ARRAY, "rgb_tripples", self._number_of_rgb_tripples, struct_RGBTRIPPLE)
self._rgb_tripples.dump_simplified = True
self.Unused()
def __init__(self):
Structure.__init__(self)
self.ImportLookupTableRVA = None
self.TimeStamp = None
self.ForwardChain = None
self.NameRVA = None
self.ImportAddressTableRVA = None
self.majorAttributes = [
'ImportLookupTableRVA', 'TimeStamp', 'ForwardChain', 'NameRVA',
'ImportAddressTableRVA'
]
self.importLookupTable = []
self.importAddressTable = []
self.name = None
def __init__(self, *args, **kw):
if kw.has_key('structures'):
structures = kw['structures']
else:
structures = []
if not isinstance(structures, (TupleType, ListType)):
raise ValueError("Argument must be a list or tuple")
for structure in structures:
if not isinstance(structure, Structure):
raise ValueError("All values in the list must be structures!")
self.structures = structures
Structure.__init__(self, *args, **kw)
def __init__(self, stream, offset, max_size, parent, name):
import C
from struct_SHELL_LINK_HEADER import struct_SHELL_LINK_HEADER
from struct_ITEMIDLIST import struct_ITEMIDLIST
from struct_LINK_INFO import struct_LINK_INFO
Structure.__init__(self, stream, offset, max_size, parent, name)
self._ShellLinkHeader = self.Member(struct_SHELL_LINK_HEADER, "Header")
if self._ShellLinkHeader._LinkFlags._HasLinkTargetIDList.value == 0:
self._ShellItemIdList = None
else:
self._ShellItemIdList = self.Member(struct_ITEMIDLIST, "ShellItemIdList")
self._LinkInfo = self.Member(struct_LINK_INFO, "LinkInfo")
def __init__(self, *args, **kw):
if kw.has_key('structures'):
structures = kw['structures']
else:
structures = []
if not isinstance(structures, (TupleType, ListType)):
raise ValueError("Argument must be a list or tuple")
for structure in structures:
if not isinstance(structure, Structure):
raise ValueError("All values in the list must be structures!")
self.structures = structures
Structure.__init__(self, *args, **kw)
def __init__(self, *args, **kw):
Structure.__init__(self, *args, **kw)
if kw.has_key('size'):
size = kw['size']
else:
size = 32
if kw.has_key('type'):
type = kw['type']
else:
type = 'signed'
if not size in self.sizes.keys():
raise ValueError("Only supported sizes are %r not %i" %
(self.sizes.keys(), size))
self.size = size
if not type in ("signed", "unsigned", "semisigned"):
raise ValueError("Type can only be signed, unsigned or semisigned")
self.type = type
def __init__(self):
Structure.__init__(self)
self.Name = None
self.VirtualSize = None
self.VirtualAddress = None
self.SizeOfRawData = None
self.PointerToRawData = None
self.PointerToRelocations = None
self.PointerToLinenumbers = None
self.NumberOfRelocations = None
self.NumberOfLinenumbers = None
self.Characteristics = None
self.SectionData = None
self.majorAttributes = [
'Name', 'VirtualSize', 'VirtualAddress', 'SizeOfRawData',
'PointerToRawData', 'PointerToRelocations', 'PointerToLinenumbers',
'NumberOfRelocations', 'NumberOfLinenumbers', 'Characteristics'
]
self.dataDirectories = None
self.loaderIrrelvantRange = None
def __init__(self):
Structure.__init__(self)
self.entry = None
self.info = None
def __init__(self):
Structure.__init__(self)
self.Hint = None
self.Name = None
self.Pad = None
self.majorAttributes = ['Hint', 'Name', 'Pad']
def __init__(self, data_directory):
Structure.__init__(self)
self.entrys = []
self.data_directory = data_directory
def __init__(self, filename):
Structure.__init__(self)
# COFF File Header
self.Machine = None
self.NumberOfSections = None
self.TimeDateStamp = None
self.PointerToSymbolTable = None
self.NumberOfSymbols = None
self.SizeOfOptionalHeader = None
self.Characteristics = None
# Optional Header
self.Magic = None
self.MajorLinkerVersion = None
self.MinorLinkerVersion = None
self.SizeOfCode = None
self.SizeOfInitializedData = None
self.SizeOfUninitializedData = None
self.AddressOfEntryPoint = None
self.BaseOfCode = None
self.BaseOfData = None
self.ImageBase = None
self.SectionAlignment = None
self.FileAlignment = None
self.MajorOperatingSystemVersion = None
self.MinorOperatingSystemVersion = None
self.MajorImageVersion = None
self.MinorImageVersion = None
self.MajorSubsystemVersion = None
self.MinorSubsystemVersion = None
self.Reserved = None
self.SizeOfImage = None
self.SizeOfHeaders = None
self.CheckSum = None
self.Subsystem = None
self.DLLCharacteristics = None
self.SizeOfStackReserve = None
self.SizeOfStackCommit = None
self.SizeOfHeapReserve = None
self.SizeOfHeapCommit = None
self.LoaderFlags = None
self.NumberOfRvaAndSizes = None
self.majorAttributes = [
'Machine', 'NumberOfSections', 'TimeDateStamp',
'PointerToSymbolTable', 'NumberOfSymbols', 'SizeOfOptionalHeader',
'Characteristics', 'Magic', 'MajorLinkerVersion',
'MinorLinkerVersion', 'SizeOfCode', 'SizeOfInitializedData',
'SizeOfUninitializedData', 'AddressOfEntryPoint', 'BaseOfCode',
'BaseOfData', 'ImageBase', 'SectionAlignment', 'FileAlignment',
'MajorOperatingSystemVersion', 'MinorOperatingSystemVersion',
'MajorImageVersion', 'MinorImageVersion', 'MajorSubsystemVersion',
'MinorSubsystemVersion', 'Reserved', 'SizeOfImage',
'SizeOfHeaders', 'CheckSum', 'Subsystem', 'DLLCharacteristics',
'SizeOfStackReserve', 'SizeOfStackCommit', 'SizeOfHeapReserve',
'SizeOfHeapCommit', 'LoaderFlags', 'NumberOfRvaAndSizes'
]
# Data Directories
self.DataDirectories = []
# SectionHeaders
self.SectionHeaders = []
self.data = None
self.fileName = filename
self.fileno = None
self.size = None
self.parseMsgs = []
self.serializeMsgs = []
self.__load__(self.fileName)
self.parse()
def __init__(self):
Structure.__init__(self)
self.PageRVA = None
self.BlockSize = None
self.majorAttributes = ['PageRVA', 'BlockSize']
self.items = None
