def parseDeclareFunction(parent, size):
yield CString(parent, "name")
argCount = UInt16(parent, "arg_count")
yield argCount
for i in range(argCount.value):
yield CString(parent, "arg[]")
yield UInt16(parent, "function_length")
def createFields(self):
# Gzip header
yield Bytes(self, "signature", 2, r"GZip file signature (\x1F\x8B)")
yield Enum(UInt8(self, "compression", "Compression method"),
self.COMPRESSION_NAME)
# Flags
yield Bit(self, "is_text", "File content is probably ASCII text")
yield Bit(self, "has_crc16", "Header CRC16")
yield Bit(self, "has_extra", "Extra informations (variable size)")
yield Bit(self, "has_filename", "Contains filename?")
yield Bit(self, "has_comment", "Contains comment?")
yield NullBits(self, "reserved[]", 3)
yield TimestampUnix32(self, "mtime", "Modification time")
# Extra flags
yield NullBits(self, "reserved[]", 1)
yield Bit(self, "slowest",
"Compressor used maximum compression (slowest)")
yield Bit(self, "fastest", "Compressor used the fastest compression")
yield NullBits(self, "reserved[]", 5)
yield Enum(UInt8(self, "os", "Operating system"), self.os_name)
# Optional fields
if self["has_extra"].value:
yield UInt16(self, "extra_length", "Extra length")
yield RawBytes(self, "extra", self["extra_length"].value, "Extra")
if self["has_filename"].value:
yield CString(self, "filename", "Filename", charset="ISO-8859-1")
if self["has_comment"].value:
yield CString(self, "comment", "Comment")
if self["has_crc16"].value:
yield textHandler(UInt16(self, "hdr_crc16", "CRC16 of the header"),
hexadecimal)
if self._size is None: # TODO: is it possible to handle piped input?
raise NotImplementedError()
# Read file
size = (self._size - self.current_size) // 8 - 8 # -8: crc32+size
if 0 < size:
if self["has_filename"].value:
filename = self["filename"].value
else:
for tag, filename in self.stream.tags:
if tag == "filename" and filename.endswith(".gz"):
filename = filename[:-3]
break
else:
filename = None
yield Deflate(SubFile(self, "file", size, filename=filename))
# Footer
yield textHandler(
UInt32(self, "crc32", "Uncompressed data content CRC32"),
hexadecimal)
yield filesizeHandler(UInt32(self, "size", "Uncompressed size"))
def createFields(self):
yield Enum(UInt8(self, "charset"), ID3_StringCharset.charset_desc)
charset = getCharset(self["charset"])
yield CString(self, "mime", "MIME type", charset=charset)
yield Enum(UInt8(self, "pict_type"), ID3_Picture23.pict_type_name)
yield CString(self, "description", charset=charset)
size = (self._size - self._current_size) // 8
if size:
yield RawBytes(self, "img_data", size)
def createFields(self):
yield Enum(UInt8(self, "charset"), self.charset_desc)
charset = getCharset(self["charset"])
yield CString(self, "mime", "MIME type", charset=charset)
yield CString(self, "filename", "File name", charset=charset)
yield CString(self, "description", "Content description", charset=charset)
size = (self.size - self.current_size) // 8
if not size:
return
yield String(self, "text", size, "Text", charset=charset)
def createFields(self):
yield filesizeHandler(UInt32(self, "filesize", "Uncompressed file size"))
yield UInt32(self, "folder_offset", "File offset in uncompressed folder")
yield Enum(UInt16(self, "folder_index", "Containing folder ID (index)"), {
0xFFFD: "Folder continued from previous cabinet (real folder ID = 0)",
0xFFFE: "Folder continued to next cabinet (real folder ID = %i)" % (self["../nb_folder"].value - 1),
0xFFFF: "Folder spanning previous, current and next cabinets (real folder ID = 0)"})
yield DateTimeMSDOS32(self, "timestamp")
yield CabFileAttributes(self, "attributes")
if self["attributes/name_is_utf"].value:
yield CString(self, "filename", charset="UTF-8")
else:
yield CString(self, "filename", charset="ASCII")
def createFields(self):
yield UInt8(self, "size", "Total length of this FFN in bytes, minus 1")
self._size = self["size"].value * 8 + 8
yield Bits(self, "prq", 2, "Pitch request")
yield Bit(self, "fTrueType", "Is font a TrueType font?")
yield Bits(self, "reserved[]", 1)
yield Bits(self, "ff", 3, "Font Family ID")
yield Bits(self, "reserved[]", 1)
yield UInt16(self, "wWeight", "Base weight of font")
yield UInt8(self, "chs", "Character set identifier")
yield UInt8(self, "ixchSzAlt", "Index into name to the name of the alternate font")
yield RawBytes(self, "panose", 10)
yield RawBytes(self, "fs", 24, "Font Signature")
yield CString(self, "name", charset="UTF-16-LE")
if self["ixchSzAlt"].value != 0:
yield CString(self, "nameAlt", charset="UTF-16-LE")
def createFields(self):
yield UInt16(self, "size", "Node size (in bytes)")
yield UInt16(self, "data_size")
yield Enum(UInt16(self, "type"), self.TYPE_NAME)
yield CString(self, "name", charset="UTF-16-LE")
size = paddingSize(self.current_size // 8, 4)
if size:
yield NullBytes(self, "padding[]", size)
size = self["data_size"].value
if size:
if self["type"].value == self.TYPE_STRING:
if self.is_32bit:
size *= 2
yield String(self,
"value",
size,
charset="UTF-16-LE",
truncate="\0")
elif self["name"].value == "VS_VERSION_INFO":
yield VersionInfoBinary(self, "value", size=size * 8)
if self["value/file_flags_mask"].value == 0:
self.is_32bit = False
else:
yield RawBytes(self, "value", size)
while 12 <= (self.size - self.current_size) // 8:
yield VersionInfoNode(self, "node[]", self.is_32bit)
size = (self.size - self.current_size) // 8
if size:
yield NullBytes(self, "padding[]", size)
def createFields(self):
yield CString(self, "signature", "Photoshop version")
if self["signature"].value == "Photoshop 3.0":
while not self.eof:
yield Photoshop8BIM(self, "item[]")
else:
size = (self._size - self.current_size) // 8
yield RawBytes(self, "rawdata", size)
def createFields(self):
yield PropID(self, "id")
yield SZUInt64(self, "size")
yield UInt8(self, "is_external")
if self['is_external'].value:
yield SZUInt64(self, "folder_data_offset", "Offset to folder data within data stream")
else:
for index in range(self['../num_files'].value):
yield CString(self, "name[%d]" % index, charset="UTF-16-LE")
def createFields(self):
yield Enum(UInt8(self, "charset"), ID3_StringCharset.charset_desc)
charset = getCharset(self["charset"])
yield String(self, "img_fmt", 3, charset="ASCII")
yield Enum(UInt8(self, "pict_type"), self.pict_type_name)
yield CString(self, "text", "Text", charset=charset, strip=" \0")
size = (self._size - self._current_size) // 8
if size:
yield RawBytes(self, "img_data", size)
def createFields(self):
yield Enum(UInt8(self, "charset"), self.charset_desc)
yield String(self, "lang", 3, "Language", charset="ASCII")
charset = getCharset(self["charset"])
yield CString(self, "title", "Title", charset=charset, strip=self.STRIP)
size = (self.size - self.current_size) // 8
if not size:
return
yield String(self, "text", size, "Text", charset=charset, strip=self.STRIP)
def parseDeclareFunctionV7(parent, size):
yield CString(parent, "name")
argCount = UInt16(parent, "arg_count")
yield argCount
yield UInt8(parent, "reg_count")
yield Bits(parent, "reserved", 7)
yield Bit(parent, "preload_global")
yield Bit(parent, "preload_parent")
yield Bit(parent, "preload_root")
yield Bit(parent, "suppress_super")
yield Bit(parent, "preload_super")
yield Bit(parent, "suppress_arguments")
yield Bit(parent, "preload_arguments")
yield Bit(parent, "suppress_this")
yield Bit(parent, "preload_this")
for i in range(argCount.value):
yield UInt8(parent, "register[]")
yield CString(parent, "arg[]")
yield UInt16(parent, "function_length")
def createFields(self):
yield UInt32(self, "length", "Length of this structure")
yield UInt32(self, "unknown[]")
yield UInt32(self, "share_name_offset", "Offset to share name")
yield UInt32(self, "unknown[]")
yield UInt32(self, "unknown[]")
padding = self.seekByte(self["share_name_offset"].value)
if padding:
yield padding
yield CString(self, "share_name")
def createFields(self):
yield UInt32(self, "size")
yield UInt32(self, "index")
yield Bits(self, "flags", 8)
yield RawBytes(self, "unknown[]", 5)
yield UInt16(self, "unknown[]")
yield CString(self, "name", charset="UTF-16-LE")
if self.current_size // 8 != self['size'].value:
yield RawBytes(self, "padding",
self['size'].value - self.current_size // 8)
def createFields(self):
# Header
yield UInt24(self, "size")
yield Enum(UInt8(self, "type"), EFI_SECTION_TYPE)
section_type = self["type"].value
if section_type == EFI_SECTION_COMPRESSION:
yield UInt32(self, "uncomp_len")
yield Enum(UInt8(self, "comp_type"), self.COMPRESSION_TYPE)
elif section_type == EFI_SECTION_FREEFORM_SUBTYPE_GUID:
yield GUID(self, "sub_type_guid")
elif section_type == EFI_SECTION_GUID_DEFINED:
yield GUID(self, "section_definition_guid")
yield UInt16(self, "data_offset")
yield UInt16(self, "attributes")
elif section_type == EFI_SECTION_USER_INTERFACE:
yield CString(self, "file_name", charset="UTF-16-LE")
elif section_type == EFI_SECTION_VERSION:
yield UInt16(self, "build_number")
yield CString(self, "version", charset="UTF-16-LE")
# Content
content_size = (self.size - self.current_size) // 8
if content_size == 0:
return
if section_type == EFI_SECTION_COMPRESSION:
compression_type = self["comp_type"].value
if compression_type == 1:
while not self.eof:
yield RawBytes(self, "compressed_content", content_size)
else:
while not self.eof:
yield FileSection(self, "section[]")
elif section_type == EFI_SECTION_FIRMWARE_VOLUME_IMAGE:
yield FirmwareVolume(self, "firmware_volume")
else:
yield RawBytes(
self, "content", content_size,
EFI_SECTION_TYPE.get(self["type"].value,
"Unknown Section Type"))
def createFields(self):
yield UInt32(self, "length", "Length of this structure")
yield Enum(UInt32(self, "volume_type", "Volume Type"),
self.VOLUME_TYPE)
yield textHandler(
UInt32(self, "volume_serial", "Volume Serial Number"),
formatVolumeSerial)
yield UInt32(self, "label_offset", "Offset to volume label")
padding = self.seekByte(self["label_offset"].value)
if padding:
yield padding
yield CString(self, "drive")
def parseTry(parent, size):
yield Bits(parent, "reserved", 5)
catchInReg = Bit(parent, "catch_in_register")
yield catchInReg
yield Bit(parent, "finally")
yield Bit(parent, "catch")
yield UInt8(parent, "try_size")
yield UInt8(parent, "catch_size")
yield UInt8(parent, "finally_size")
if catchInReg.value:
yield CString(parent, "name")
else:
yield UInt8(parent, "register")
def createFields(self):
yield PropertiesFormat(self, "format")
yield UInt32(self, "nb_prop")
properties = []
for index in range(self["nb_prop"].value):
property = Property(self, "property[]")
yield property
properties.append(property)
padding = paddingSize(self.current_size // 8, 4)
if padding:
yield NullBytes(self, "padding", padding)
yield UInt32(self, "total_str_length")
properties.sort(key=lambda entry: entry["name_offset"].value)
offset0 = self.current_size // 8
for property in properties:
padding = self.seekByte(offset0 + property["name_offset"].value)
if padding:
yield padding
yield CString(self, "name[]", "Name of %s" % property.name)
if property["is_string"].value:
yield CString(self, "value[]", "Value of %s" % property.name)
padding = (self.size - self.current_size) // 8
if padding:
yield NullBytes(self, "end_padding", padding)
def createFields(self):
yield UInt16(self, "size", "Node size (in bytes)")
yield UInt16(self, "data_size")
yield CString(self, "name", charset="ISO-8859-1")
size = paddingSize(self.current_size // 8, 4)
if size:
yield NullBytes(self, "padding[]", size)
size = self["data_size"].value
if size:
if self["name"].value == "VS_VERSION_INFO":
yield VersionInfoBinary(self, "value", size=size * 8)
else:
yield String(self, "value", size, charset="ISO-8859-1")
while 12 <= (self.size - self.current_size) // 8:
yield NE_VersionInfoNode(self, "node[]")
size = (self.size - self.current_size) // 8
if size:
yield NullBytes(self, "padding[]", size)
def createFields(self):
yield PropertiesFormat(self, "format")
yield UInt32(self, "count")
offsets = []
for index in range(self["count"].value):
offset = UInt32(self, "offset[]")
yield offset
offsets.append(offset.value)
yield UInt32(self, "total_str_length")
offsets.sort()
offset0 = self.current_size // 8
for offset in offsets:
padding = self.seekByte(offset0 + offset)
if padding:
yield padding
yield CString(self, "name[]")
padding = (self.size - self.current_size) // 8
if padding:
yield NullBytes(self, "end_padding", padding)
def parseABC(parent, size):
code = parent["code"].value
if code == parent.TAG_DO_ABC_DEFINE:
yield UInt32(parent, "action_flags")
yield CString(parent, "action_name")
yield UInt16(parent, "minor_version")
yield UInt16(parent, "major_version")
parent.isABC = True
yield ABCConstantPool(parent, "int", FlashS32)
yield ABCConstantPool(parent, "uint", FlashU32)
yield ABCConstantPool(parent, "double", Float64)
yield ABCConstantPool(parent, "string", ABCConstantString)
yield ABCConstantPool(parent, "namespace", ABCConstantNamespace)
yield ABCConstantPool(parent, "namespace_set", ABCConstantNamespaceSet)
yield ABCConstantPool(parent, "multiname", ABCConstantMultiname)
yield ABCObjectArray(parent, "method", ABCMethodInfo)
yield ABCObjectArray(parent, "metadata", ABCMetadataInfo)
yield ABCClassArray(parent, "class")
yield ABCObjectArray(parent, "script", ABCScriptInfo)
yield ABCObjectArray(parent, "body", ABCMethodBody)
def textParse(parent):
yield CString(parent, "keyword", "Keyword", charset="ISO-8859-1")
length = parent["size"].value - parent["keyword"].size // 8
if length:
yield String(parent, "text", length, "Text", charset="ISO-8859-1")
def createFields(self):
yield UInt32(self, "offset")
yield UInt32(self, "timestamp")
yield UInt32(self, "current_version")
yield UInt32(self, "compatibility_version")
yield CString(self, "name")
def createFields(self):
yield UInt32(self, "offset")
yield CString(self, "name")
def parseGetURL(parent, size):
yield CString(parent, "url")
yield CString(parent, "target")
def createFields(self):
yield String(self, "magic", 4, "Magic (MSCF)", charset="ASCII")
yield textHandler(UInt32(self, "hdr_checksum", "Header checksum (0 if not used)"), hexadecimal)
yield filesizeHandler(UInt32(self, "filesize", "Cabinet file size"))
yield textHandler(UInt32(self, "fld_checksum", "Folders checksum (0 if not used)"), hexadecimal)
yield UInt32(self, "off_file", "Offset of first file")
yield textHandler(UInt32(self, "files_checksum", "Files checksum (0 if not used)"), hexadecimal)
yield UInt8(self, "minor_version", "Minor version (should be 3)")
yield UInt8(self, "major_version", "Major version (should be 1)")
yield UInt16(self, "nb_folder", "Number of folders")
yield UInt16(self, "nb_files", "Number of files")
yield Flags(self, "flags")
yield UInt16(self, "setid")
yield UInt16(self, "cabinet_serial", "Zero-based cabinet number")
if self["flags/has_reserved"].value:
yield UInt16(self, "reserved_header_size", "Size of per-cabinet reserved area")
yield UInt8(self, "reserved_folder_size", "Size of per-folder reserved area")
yield UInt8(self, "reserved_data_size", "Size of per-datablock reserved area")
if self["reserved_header_size"].value:
yield RawBytes(self, "reserved_header", self["reserved_header_size"].value, "Per-cabinet reserved area")
if self["flags/has_previous"].value:
yield CString(self, "previous_cabinet", "File name of previous cabinet", charset="ASCII")
yield CString(self, "previous_disk", "Description of disk/media on which previous cabinet resides", charset="ASCII")
if self["flags/has_next"].value:
yield CString(self, "next_cabinet", "File name of next cabinet", charset="ASCII")
yield CString(self, "next_disk", "Description of disk/media on which next cabinet resides", charset="ASCII")
folders = []
files = []
for index in range(self["nb_folder"].value):
folder = Folder(self, "folder[]")
yield folder
folders.append(folder)
for index in range(self["nb_files"].value):
file = File(self, "file[]")
yield file
files.append(file)
folders = sorted(enumerate(folders),
key=lambda x: x[1]["offset"].value)
for i in range(len(folders)):
index, folder = folders[i]
padding = self.seekByte(folder["offset"].value)
if padding:
yield padding
files = []
for file in files:
if file["folder_index"].value == index:
files.append(file)
if i + 1 == len(folders):
size = (self.size // 8) - folder["offset"].value
else:
size = (folders[i + 1][1]["offset"].value) - \
folder["offset"].value
yield FolderData(self, "folder_data[%i]" % index, folder, files, size=size * 8)
end = self.seekBit(self.size, "endraw")
if end:
yield end
def parseGotoLabel(parent, size):
yield CString(parent, "label")
def parseSymbolClass(parent, size):
yield UInt16(parent, "count")
for index in range(parent["count"].value):
yield UInt16(parent, "symbol_id[]")
yield CString(parent, "symbol_name[]")
def createFields(self):
yield UInt16(self, "object_id")
yield CString(self, "name")
def parseDeclareDictionary(parent, size):
count = UInt16(parent, "count")
yield count
for i in range(count.value):
yield CString(parent, "dictionnary[]")