def __init__(self, stream, offset, max_size, parent, name, color_type, \ bit_depth, palette_entries): import C; Structure.__init__(self, stream, offset, max_size, parent, name); if color_type == 0: self._grey = self.Member(C.WORD, 'grey', little_endian = False); CheckBits(self._grey, bit_depth); elif color_type == 2: self._red = self.Member(C.WORD, 'red', little_endian = False); CheckBits(self._red, bit_depth); self._green = self.Member(C.WORD, 'green', little_endian = False); CheckBits(self._green, bit_depth); self._blue = self.Member(C.WORD, 'blue', little_endian = False); CheckBits(self._blue, bit_depth); elif color_type == 3: self._alpha_values = self.Member( \ C.ARRAY, 'alpha_values', max_size, C.BYTE); if palette_entries is not None and palette_entries < max_size: self._alpha_values.warnings.append( 'expected 0x%X|%d entries' % (palette_entries, palette_entries)); elif color_type == None: self.warnings.append( 'chunk has no function when the color type is unknown'); else: self.warnings.append( 'chunk has no function for color type %d' % color_type); self.Unused();
def __init__(self, stream, offset, max_size, parent, name): import C from GIF_BLOCK import GIF_BLOCK from GIF_COLORTABLE import GIF_COLORTABLE from GIF_IMAGE_DESCRIPTOR import GIF_IMAGE_DESCRIPTOR from LZW_compressed_data import LZW_compressed_data Structure.__init__(self, stream, offset, max_size, parent, name) self._descriptor = self.Member(GIF_IMAGE_DESCRIPTOR, "descriptor") flags = self._descriptor._Flags self._has_local_color_table = flags._LocalColorTable.value == 1 if self._has_local_color_table: self._local_color_table_entries = 2 ** (flags._SizeLocalColorTable.value + 1) self._local_color_table_sorted = flags._Sort.value == 1 self._local_color_table = self.Member( GIF_COLORTABLE, "local_color_table", self._local_color_table_entries, self._local_color_table_sorted ) else: self._local_color_table = None self._lzw_minimum_code_size = self.Member(C.BYTE, "LZW_minimum_code_size") if self._lzw_minimum_code_size.value == 0: self._lzw_minimum_code_size.warnings.append("expected value > 0") self._compressed_pixel_data_container = self.Member(GIF_BLOCK, "pixel_data") self._pixel_data_container = self._compressed_pixel_data_container.ContainMember( LZW_compressed_data, "pixel_data", self._lzw_minimum_code_size.value ) self._pixel_data = self._pixel_data_container.ContainMember( C.STRING, "pixel_data", self._descriptor._Width.value * self._descriptor._Height.value )
def __init__(self, stream, offset, max_size, parent, name, \ height_div_2 = False): import C; from struct_BITMAPINFOHEADER import struct_BITMAPINFOHEADER; from struct_RGBQUAD import struct_RGBQUAD; Structure.__init__(self, stream, offset, max_size, parent, name); self._header = self.Member(struct_BITMAPINFOHEADER, \ 'header', height_div_2); self.format_details = self._header.format_details; bit_count = self._header._BitCount.value; compression = self._header._Compression.value; number_of_colors = 2 ** bit_count; used_colors = self._header._ClrUsed.value; # http://msdn.microsoft.com/en-us/library/aa930622.aspx if used_colors: number_of_rgb_quads = used_colors; else: number_of_rgb_quads = 2 ** bit_count; if bit_count in [16, 24, 32]: number_of_rgb_quads = 0; if compression == 3: # bitfields: number_of_rgb_quads = 3; if number_of_rgb_quads > 0: self._color_table = self.Member(C.ARRAY, 'color_table', \ number_of_rgb_quads, struct_RGBQUAD); self._color_table.dump_simplified = True; else: self._color_table = None;
def __init__(self, stream, offset, max_size, parent, name): import math; import C; from ZLIB_BLOCK import ZLIB_BLOCK; from struct_RGBAQUAD import struct_RGBAQUAD; Structure.__init__(self, stream, offset, max_size, parent, name); null_seperator_index = self.GetMaxStream().find('\0'); if null_seperator_index == -1: self._keyword = None; self._null_seperator = None; self.warnings.append('no null found to seperate profile name from text, ' \ 'assuming text only'); else: self._profile_name = self.Member(C.STRING, 'profile_name', \ null_seperator_index); CheckName(self._profile_name); self._null_seperator = self.Member(C.BYTE, 'null_seperator'); self._compression_method = self.Member(C.BYTE, 'compression_method'); if self._compression_method.value == 0: self._compression_method.notes.append('zlib deflate'); else: self._compression_method.warnings.append( \ 'unknown methods, zlib deflate assumed'); self._compressed_profile = self.Member(ZLIB_BLOCK, 'data'); self._profile = self._compressed_profile.ContainMember( \ C.STRING, 'profile', \ self._compressed_profile.current_contained_max_size); # TODO (SkyLined): handle profile correctly (I'm assuming it's not a string) self.Unused();
def __init__(self, *args, **kw): Structure.__init__(self, *args, **kw) if kw.has_key('size'): self.size = kw['size'] else: self.size = 1
def __init__(self): Structure.__init__(self) self.RVA = None self.Size = None self.majorAttributes = ['RVA', 'Size'] self.section = None self.info = None
def __init__(self, stream, offset, max_size, parent, name): import C; Structure.__init__(self, stream, offset, max_size, parent, name); self._gamma = self.Member(C.DWORD, 'gamma', little_endian = False); gamma = 100000.0 / self._gamma.value; self._gamma.notes.append('= 1/%f;' % gamma); self.Unused();
def __init__(self, stream, offset, max_size, parent, name): import C; from PNG_CheckText import PNG_CheckText; Structure.__init__(self, stream, offset, max_size, parent, name); null_seperator_index = self.GetMaxStream().find('\0'); if null_seperator_index == -1: self._keyword = None; self._null_seperator = None; self.warnings.append('no null found to seperate keyword from text, ' \ 'assuming text only'); else: self._keyword = self.Member(C.STRING, 'keyword', null_seperator_index); PNG_CheckText(self._keyword, can_be_empty = False, max_size = 79, \ no_extra_spaces = True, utf_8 = False, newlines = False, \ is_keyword = True); self._null_seperator = self.Member(C.BYTE, 'null_seperator'); self._text = self.Member(C.STRING, 'keyword', self.current_max_size); PNG_CheckText(self._text, can_be_empty = True, max_size = None, \ no_extra_spaces = False, utf_8 = False, newlines = True, \ is_keyword = False); self.Unused();
def __init__(self, stream, offset, max_size, parent, name, \ color_type, bit_depth, palette_entries): import C; Structure.__init__(self, stream, offset, max_size, parent, name); if color_type in [0, 4]: self._grey = self.Member(C.WORD, 'grey', little_endian = False); CheckBits(self._grey, bit_depth); elif color_type in [2, 6]: self._red = self.Member(C.WORD, 'red', little_endian = False); CheckBits(self._red, bit_depth); self._green = self.Member(C.WORD, 'green', little_endian = False); CheckBits(self._green, bit_depth); self._blue = self.Member(C.WORD, 'blue', little_endian = False); CheckBits(self._blue, bit_depth); elif color_type == 3: self._palette_index = self.Member(C.BYTE, 'palette index'); if palette_entries is not None \ and self._palette_index.value >= palette_entries: self._alpha_values.warnings.append( 'expected value to be at most 0x%X|%d' % \ (palette_entries, palette_entries)); elif color_type == None: self.warnings.append( 'chunk has no function when the color type is unknown'); else: self.warnings.append( 'chunk has no function for color type %d' % color_type); self.Unused();
def __init__(self, stream, offset, max_size, parent, name): import C; Structure.__init__(self, stream, offset, max_size, parent, name); # UINT CommonNetworkRelativeLinkSize self._CommonNetworkRelativeLinkSize = self.Member(C.UINT, \ 'CommonNetworkRelativeLinkSize'); if self._CommonNetworkRelativeLinkSize.value < 0x14: self._CommonNetworkRelativeLinkSize.warnings.append( 'Expected value to be larger than or equal to 0x14|20'); # 32 BITS CommonNetworkRelativeLinkFlags self._CommonNetworkRelativeLinkFlags = self.Member(C.BITFIELD, \ 'CommonNetworkRelativeLinkFlags', ('Unused', 30), ('ValidNetType', 1), ('ValidDevice', 1) ); # UINT NetNameOffset self._NetNameOffset = self.Member(C.UINT, 'NetNameOffset'); # UINT DeviceNameOffset self._DeviceNameOffset = self.Member(C.UINT, 'DeviceNameOffset'); if self._CommonNetworkRelativeLinkFlags._ValidDevice.value == 0 \ and self._DeviceNameOffset.value != 0: self._DeviceNameOffset.warnings.append('Expected value to be 0'); # UINT NetworkProviderType self._NetworkProviderType = self.Member(C.UINT, 'NetworkProviderType'); if self._CommonNetworkRelativeLinkFlags._ValidNetType.value == 0 \ and self._NetworkProviderType.value != 0: self._NetworkProviderType.warnings.append('Expected value to be 0');
def __init__(self, stream, offset, max_size, parent, name): import C; from GIF_BLOCK import GIF_BLOCK; from GIF_EXTENSION_APPLICATION import GIF_EXTENSION_APPLICATION; from GIF_EXTENSION_COMMENT import GIF_EXTENSION_COMMENT; from GIF_EXTENSION_GRAPHICS_CONTROL import GIF_EXTENSION_GRAPHICS_CONTROL; from GIF_EXTENSION_PLAIN_TEXT import GIF_EXTENSION_PLAIN_TEXT; Structure.__init__(self, stream, offset, max_size, parent, name); self._label = self.Member(C.BYTE, 'label'); if self._label.value == 0x01: self._label.notes.append('plain text extension'); self._data = self.Member( \ GIF_EXTENSION_PLAIN_TEXT, 'plain_text_extension'); elif self._label.value == 0xF9: self._label.notes.append('graphice control extension'); self._data = self.Member( \ GIF_EXTENSION_GRAPHICS_CONTROL, 'graphice_control_extension'); elif self._label.value == 0xFE: self._label.notes.append('comment extension'); self._data = self.Member( \ GIF_EXTENSION_COMMENT, 'comment_extension'); elif self._label.value == 0xFF: self._label.notes.append('application extension'); self._data = self.Member( \ GIF_EXTENSION_APPLICATION, 'application_extension'); else: self._label.warnings.append('unknown extension'); self._data = self.Member(GIF_BLOCK, 'data'); self._data.ContainUnused();
def __init__(self, stream, offset, max_size, parent, name): import math, time; import C; Structure.__init__(self, stream, offset, max_size, parent, name); self._year = self.Member(C.WORD, 'year', little_endian = False); if self._year.value > time.gmtime()[0] or self._year.value < 1900: self._year.notes.append('unlikely value'); self._month = self.Member(C.BYTE, 'month'); if self._month.value > 12 or self._month.value < 1: self._month.warnings.append('illegal value'); self._day = self.Member(C.BYTE, 'day'); if self._day.value > 31 or self._day.value < 1: self._day.warnings.append('illegal value'); self._hour = self.Member(C.BYTE, 'hour'); if self._hour.value > 23 or self._hour.value < 0: self._hour.warnings.append('illegal value'); self._minute = self.Member(C.BYTE, 'minute'); if self._minute.value > 59 or self._minute.value < 0: self._minute.warnings.append('illegal value'); self._second = self.Member(C.BYTE, 'second'); if self._second.value > 60 or self._second.value < 0: # Leap second = 60 :) self._second.warnings.append('illegal value'); self.Unused();
def __init__(self, stream, offset, max_size, parent, name, \ bit_offset, bit_size, value): Structure.__init__(self, stream, offset, max_size, parent, name); self.dump_simplified = True; self.value = value; self.bit_offset = bit_offset; self.bit_size = bit_size;
def __init__(self, stream, offset, max_size, parent, name, type_name, \ structure_class): self.type_name = type_name; Structure.__init__(self, stream, offset, max_size, parent, name); self._contents = self.Member(structure_class, 'used'); if hasattr(self._contents, 'format_details'): self.format_details = self._contents.format_details; self.Unused();
def __init__(self, stream, offset, max_size, parent, name): import C; Structure.__init__(self, stream, offset, max_size, parent, name); self._SampleLength = self.Member(C.DWORD, 'SampleLength'); self.format_details = 'fact'; self.Unused();
def __init__(self, stream, offset, max_size, parent, name): import C; Structure.__init__(self, stream, offset, max_size, parent, name); self._compressed_pixel_data = self.Member( \ C.STRING, 'compressed_pixel_data', max_size); self.Unused();
def __init__(self, stream, offset, max_size, parent, name): from ICON import ICON; Structure.__init__(self, stream, offset, max_size, parent, name); self._icon = self.Member(ICON, 'icon_data'); self.format_details = self._icon.format_details; self.Unused();
def __init__(self, stream, offset, max_size, parent, name): import C; from BITMAP import BITMAP; Structure.__init__(self, stream, offset, max_size, parent, name); self._Type = self.Member(C.DWORD, 'Type'); CLIPBOARD_FORMATS = { 0x0001: ('TEXT', None), 0x0002: ('BITMAP', None), 0x0003: ('METAFILEPICT', None), 0x0004: ('SYLK', 'Symbolic link'), 0x0005: ('DIF', 'Data Interchange Format'), 0x0006: ('TIFF', None), 0x0007: ('OEMTEXT', None), 0x0008: ('DIB', None), 0x0009: ('PALETTE', None), 0x000A: ('PENDATA', None), 0x000B: ('RIFF(audio)', None), 0x000C: ('WAVE', None), 0x000D: ('UNICODETEXT', None), 0x000E: ('ENHMETAFILE', None), 0x000F: ('HDROP', 'list of file handles'), 0x0010: ('LOCALE', None), 0x0011: ('DIBV5', 'struct BITMAPV5HEADER'), 0x0080: ('OWNERDISPLAY', None), 0x0081: ('DSPTEXT', 'private'), 0x0082: ('DSPBITMAP', 'private'), 0x0083: ('DSPMETAFILEPICT', 'private'), 0x008E: ('DSPENHMETAFILE', 'private'), 0xBF00: ('Link', None), }; t = self._Type.value; if t in CLIPBOARD_FORMATS: format, details = CLIPBOARD_FORMATS[t]; self.format_details = 'DISP(%s)' % format; if details != None: self._Type.notes.append('%s(%s)' % (format, details)); else: self._Type.notes.append(format); elif t >= 0x200 and t <= 0x2FF: t &= 0xFF; self.format_details = 'DISP(private %d|0x%02X)' % (t, t); self._Type.notes.append('private format %d|%08X' % (t, t)); elif t >= 0x300 and t <= 0x3FF: t &= 0xFF; self.format_details = 'DISP(private GDI %d|0x%02X)' % (t, t); self._Type.notes.append('private GDI object format %d|%08X' % (t, t)); else: self.format_details = 'DISP(unknown %d|0x%08X)' % (t, t); self._Type.warnings.append('unknown type'); if t == 8: self._bitmapinfo = self.Member(BITMAP, 'bitmapinfo'); else: self._data = self.Member(C.STRING, 'data', self.current_max_size); self.Unused();
def __init__(self, stream, offset, max_size, parent, name): import C; Structure.__init__(self, stream, offset, max_size, parent, name); self._CuePointName = self.Member(C.STRING, 'CuePointName', 4); self._Text = self.Member(C.STRING, 'Text', self.current_max_size); self.format_details = 'note'; self.Unused();
def __init__(self, stream, offset, max_size, parent, name): import C Structure.__init__(self, stream, offset, max_size, parent, name) self._CuePointName = self.Member(C.DWORD, 'CuePointName') self._Text = self.Member(C.STRING, 'Text') self.format_details = 'labl' self.Unused()
def __init__(self, *args, **kw): Structure.__init__(self, *args, **kw) if kw.has_key('size'): size = kw['size'] else: size = 64 if not size in self.sizes.keys(): raise ValueError("Only supported sizes are %r not %i" % (self.sizes.keys(),size)) self.size = size
def __init__(self, stream, offset, max_size, parent, name): import C; from GIF_BLOCK import GIF_BLOCK; Structure.__init__(self, stream, offset, max_size, parent, name); self._data = self.Member(GIF_BLOCK, 'data'); self._comment = self._data.ContainMember(C.STRING, \ 'comment', self._data.contained_current_max_size); self._data.ContainUnused(); # Should always be 0.
def __init__(self, stream, offset, max_size, parent, name): import math; import C; Structure.__init__(self, stream, offset, max_size, parent, name); self.dump_simplified = True; number_of_sequences = int(math.floor(max_size / 4.0)); self._sequences = self.Member(C.ARRAY, 'sequences', number_of_sequences, C.DWORD); self.format_details = 'seq(%d)' % number_of_sequences; self.Unused();
def __init__(self, stream, offset, max_size, parent, name): import math; import C; from struct_RGBAQUAD import struct_RGBAQUAD; Structure.__init__(self, stream, offset, max_size, parent, name); null_seperator_index = self.GetMaxStream().find('\0'); if null_seperator_index == -1: self._palette_name = None; self._null_seperator = None; self.warnings.append('no null found to seperate palette name from ' \ 'data, assuming data only'); else: self._palette_name = self.Member(C.STRING, 'palette_name', \ null_seperator_index); CheckName(self._palette_name); self._null_seperator = self.Member(C.BYTE, 'null_seperator'); self._sample_depth = self.Member(C.BYTE, 'sample_depth'); if self._sample_depth.value < 16: struct_size = 6; struct_definition = ( ('Red', C.BYTE), ('Green', C.BYTE), ('Blue', C.BYTE), ('Alpha', C.BYTE), ('Frequency', C.WORD), ); self._sample_depth.notes.append('color/alpha info size = 1 byte'); else: struct_size = 10; struct_definition = ( ('Red', C.WORD), ('Green', C.WORD), ('Blue', C.WORD), ('Alpha', C.WORD), ('Frequency', C.WORD), ); self._sample_depth.notes.append('color/alpha info size = 2 bytes'); self._number_of_palette_suggestions = \ math.floor(self.current_max_size / struct_size); self._palette_suggestions = self.Member(C.ARRAY, 'palette_suggestions', \ self._number_of_palette_suggestions, C.STRUCT, 'PALETTE_SUGGESTION', *struct_definition); if self.current_max_size % struct_size != 0: self._palette_suggestions.warnings.append( 'pallete size should be divisible by %d' % struct_size); self._palette_suggestions.dump_simplified = True; self.Unused();
def __init__(self, stream, offset, max_size, parent, name): import C; Structure.__init__(self, stream, offset, max_size, parent, name); self._PlaylistName = self.Member(C.STRING, 'PlaylistName', 4); self._Length = self.Member(C.DWORD, 'Length'); self._Loops = self.Member(C.DWORD, 'Loops'); self.format_details = 'plst'; if self._Length.value == 0: self._Length.warnings.append('expected value to be at least 1'); self.Unused();
def __init__(self, stream, offset, max_size, parent, name): from struct_BMPHEADER import struct_BMPHEADER; from BITMAP import BITMAP; Structure.__init__(self, stream, offset, max_size, parent, name); self._header = self.Member(struct_BMPHEADER, 'header'); if self._header._FileSize.value != max_size: self._header._FileSize.warnings.append( \ 'actual size = 0x%X|%d' % (max_size, max_size)); self._bitmap = self.Member(BITMAP, 'bitmap', self._header._Offset.value);
def __init__(self, stream, offset, max_size, parent, name, count, ordered): import C; from struct_RGBTRIPPLE import struct_RGBTRIPPLE; Structure.__init__(self, stream, offset, max_size, parent, name); if ordered: self.notes.append('ordered by decreasing importance'); else: self.notes.append('not ordered'); self._rgb_tripples = self.Member(C.ARRAY, 'rgb_tripples', \ count, struct_RGBTRIPPLE); self._rgb_tripples.dump_simplified = True;
def __init__(self, stream, offset, max_size, parent, name): import C; Structure.__init__(self, stream, offset, max_size, parent, name); self._size = self.Member(C.BYTE, 'size'); if self._size.value == 0: self._is_terminator = True; self.notes.append('block terminator'); self.ContainStream('data', None, '', 0); else: self._is_terminator = False; self._data = self.Member(C.STRING, 'data', self._size.value); self.ContainStream('data', 'data', self._data.value, self._data.size);
def __init__(self, stream, offset, max_size, parent, name): import math import C from struct_RGBTRIPPLE import struct_RGBTRIPPLE Structure.__init__(self, stream, offset, max_size, parent, name) if max_size % 3 != 0: self.warnings.append("pallete size should be divisible by 3") self._number_of_rgb_tripples = math.floor(max_size / 3.0) self._rgb_tripples = self.Member(C.ARRAY, "rgb_tripples", self._number_of_rgb_tripples, struct_RGBTRIPPLE) self._rgb_tripples.dump_simplified = True self.Unused()
def __init__(self): Structure.__init__(self) self.ImportLookupTableRVA = None self.TimeStamp = None self.ForwardChain = None self.NameRVA = None self.ImportAddressTableRVA = None self.majorAttributes = [ 'ImportLookupTableRVA', 'TimeStamp', 'ForwardChain', 'NameRVA', 'ImportAddressTableRVA' ] self.importLookupTable = [] self.importAddressTable = [] self.name = None
def __init__(self, *args, **kw): if kw.has_key('structures'): structures = kw['structures'] else: structures = [] if not isinstance(structures, (TupleType, ListType)): raise ValueError("Argument must be a list or tuple") for structure in structures: if not isinstance(structure, Structure): raise ValueError("All values in the list must be structures!") self.structures = structures Structure.__init__(self, *args, **kw)
def __init__(self, stream, offset, max_size, parent, name): import C from struct_SHELL_LINK_HEADER import struct_SHELL_LINK_HEADER from struct_ITEMIDLIST import struct_ITEMIDLIST from struct_LINK_INFO import struct_LINK_INFO Structure.__init__(self, stream, offset, max_size, parent, name) self._ShellLinkHeader = self.Member(struct_SHELL_LINK_HEADER, "Header") if self._ShellLinkHeader._LinkFlags._HasLinkTargetIDList.value == 0: self._ShellItemIdList = None else: self._ShellItemIdList = self.Member(struct_ITEMIDLIST, "ShellItemIdList") self._LinkInfo = self.Member(struct_LINK_INFO, "LinkInfo")
def __init__(self, *args, **kw): Structure.__init__(self, *args, **kw) if kw.has_key('size'): size = kw['size'] else: size = 32 if kw.has_key('type'): type = kw['type'] else: type = 'signed' if not size in self.sizes.keys(): raise ValueError("Only supported sizes are %r not %i" % (self.sizes.keys(), size)) self.size = size if not type in ("signed", "unsigned", "semisigned"): raise ValueError("Type can only be signed, unsigned or semisigned") self.type = type
def __init__(self): Structure.__init__(self) self.Name = None self.VirtualSize = None self.VirtualAddress = None self.SizeOfRawData = None self.PointerToRawData = None self.PointerToRelocations = None self.PointerToLinenumbers = None self.NumberOfRelocations = None self.NumberOfLinenumbers = None self.Characteristics = None self.SectionData = None self.majorAttributes = [ 'Name', 'VirtualSize', 'VirtualAddress', 'SizeOfRawData', 'PointerToRawData', 'PointerToRelocations', 'PointerToLinenumbers', 'NumberOfRelocations', 'NumberOfLinenumbers', 'Characteristics' ] self.dataDirectories = None self.loaderIrrelvantRange = None
def __init__(self): Structure.__init__(self) self.entry = None self.info = None
def __init__(self): Structure.__init__(self) self.Hint = None self.Name = None self.Pad = None self.majorAttributes = ['Hint', 'Name', 'Pad']
def __init__(self, data_directory): Structure.__init__(self) self.entrys = [] self.data_directory = data_directory
def __init__(self, filename): Structure.__init__(self) # COFF File Header self.Machine = None self.NumberOfSections = None self.TimeDateStamp = None self.PointerToSymbolTable = None self.NumberOfSymbols = None self.SizeOfOptionalHeader = None self.Characteristics = None # Optional Header self.Magic = None self.MajorLinkerVersion = None self.MinorLinkerVersion = None self.SizeOfCode = None self.SizeOfInitializedData = None self.SizeOfUninitializedData = None self.AddressOfEntryPoint = None self.BaseOfCode = None self.BaseOfData = None self.ImageBase = None self.SectionAlignment = None self.FileAlignment = None self.MajorOperatingSystemVersion = None self.MinorOperatingSystemVersion = None self.MajorImageVersion = None self.MinorImageVersion = None self.MajorSubsystemVersion = None self.MinorSubsystemVersion = None self.Reserved = None self.SizeOfImage = None self.SizeOfHeaders = None self.CheckSum = None self.Subsystem = None self.DLLCharacteristics = None self.SizeOfStackReserve = None self.SizeOfStackCommit = None self.SizeOfHeapReserve = None self.SizeOfHeapCommit = None self.LoaderFlags = None self.NumberOfRvaAndSizes = None self.majorAttributes = [ 'Machine', 'NumberOfSections', 'TimeDateStamp', 'PointerToSymbolTable', 'NumberOfSymbols', 'SizeOfOptionalHeader', 'Characteristics', 'Magic', 'MajorLinkerVersion', 'MinorLinkerVersion', 'SizeOfCode', 'SizeOfInitializedData', 'SizeOfUninitializedData', 'AddressOfEntryPoint', 'BaseOfCode', 'BaseOfData', 'ImageBase', 'SectionAlignment', 'FileAlignment', 'MajorOperatingSystemVersion', 'MinorOperatingSystemVersion', 'MajorImageVersion', 'MinorImageVersion', 'MajorSubsystemVersion', 'MinorSubsystemVersion', 'Reserved', 'SizeOfImage', 'SizeOfHeaders', 'CheckSum', 'Subsystem', 'DLLCharacteristics', 'SizeOfStackReserve', 'SizeOfStackCommit', 'SizeOfHeapReserve', 'SizeOfHeapCommit', 'LoaderFlags', 'NumberOfRvaAndSizes' ] # Data Directories self.DataDirectories = [] # SectionHeaders self.SectionHeaders = [] self.data = None self.fileName = filename self.fileno = None self.size = None self.parseMsgs = [] self.serializeMsgs = [] self.__load__(self.fileName) self.parse()
def __init__(self): Structure.__init__(self) self.PageRVA = None self.BlockSize = None self.majorAttributes = ['PageRVA', 'BlockSize'] self.items = None