Exemple #1
0
def read_trace(n, l, f=5):
    ret = []
    if PRINT == True:
        for i in range(n):
            buf = FH.read(l)
            #   IBM floats - 4 byte - Must be big endian
            if f == 1:
                ret.append(
                    construct.BFloat32("x").parse(ibmfloat.ibm2ieee32(buf)))
            #   INT - 4 byte or 2 byte
            elif f == 2:
                if ENDIAN == 'little':
                    #   Swap 4 byte
                    b = construct.SLInt32("x").parse(buf)
                else:
                    b = construct.SBInt32("x").parse(buf)

                ret.append(b)
            elif f == 3:
                if ENDIAN == 'little':
                    #   Swap 2 byte
                    b = construct.SLInt16("x").parse(buf)
                else:
                    b = construct.SBInt16("x").parse(buf)

                ret.append(b)
            #   IEEE floats - 4 byte
            elif f == 5:
                if ENDIAN == 'little':
                    #   Swap 4 byte
                    b = construct.LFloat32("x").parse(buf)
                else:
                    b = construct.BFloat32("x").parse(buf)

                ret.append(b)
            #   INT - 1 byte
            elif f == 8:
                ret.append(construct.SBInt8("x").parse(buf))

    else:
        FH.read(n * l)

    return ret
Exemple #2
0
class TestRegValue(interface.WinRegValue):
    """Implementation of the Registry value interface for testing."""

    _INT32_BIG_ENDIAN = construct.SBInt32('value')
    _INT32_LITTLE_ENDIAN = construct.SLInt32('value')
    _INT64_LITTLE_ENDIAN = construct.SLInt64('value')

    def __init__(self, name, data, data_type, offset=0):
        """Set up the test reg value object."""
        super(TestRegValue, self).__init__()
        self._name = name
        self._data = data
        self._data_type = data_type
        self._offset = offset
        self._type_str = ''

    @property
    def name(self):
        """The name of the value."""
        return self._name

    @property
    def offset(self):
        """The offset of the value within the Windows Registry file."""
        return self._offset

    @property
    def data_type(self):
        """Numeric value that contains the data type."""
        return self._data_type

    @property
    def raw_data(self):
        """The value data as a byte string."""
        return self._data

    @property
    def data(self):
        """The value data as a native Python object."""
        if not self._data:
            return None

        if self._data_type in [self.REG_SZ, self.REG_EXPAND_SZ, self.REG_LINK]:
            try:
                return unicode(self._data.decode('utf-16-le'))
            except UnicodeError:
                pass

        elif self._data_type == self.REG_DWORD and len(self._data) == 4:
            return self._INT32_LITTLE_ENDIAN.parse(self._data)

        elif self._data_type == self.REG_DWORD_BIG_ENDIAN and len(
                self._data) == 4:
            return self._INT32_BIG_ENDIAN.parse(self._data)

        elif self._data_type == self.REG_QWORD and len(self._data) == 8:
            return self._INT64_LITTLE_ENDIAN.parse(self._data)

        elif self._data_type == self.REG_MULTI_SZ:
            try:
                utf16_string = unicode(self._data.decode('utf-16-le'))
                return filter(None, utf16_string.split('\x00'))
            except UnicodeError:
                pass

        return self._data
Exemple #3
0
class FakeWinRegistryValue(interface.WinRegistryValue):
    """Fake implementation of a Windows Registry value."""

    _INT32_BIG_ENDIAN = construct.SBInt32(u'value')
    _INT32_LITTLE_ENDIAN = construct.SLInt32(u'value')
    _INT64_LITTLE_ENDIAN = construct.SLInt64(u'value')

    def __init__(self, name, data=b'', data_type=0, offset=0):
        """Initializes a Windows Registry value object.

    Args:
      name: the name of the Windows Registry value.
      data: optional binary string containing the value data.
      data_type: optional integer containing the value data type.
      offset: optional offset of the value within the Windows Registry file.
    """
        super(FakeWinRegistryValue, self).__init__()
        self._data = data
        self._data_type = data_type
        self._data_size = len(data)
        self._name = name
        self._offset = offset

    @property
    def data(self):
        """The value data as a native Python object.

    Raises:
      WinRegistryValueError: if the value data cannot be read.
    """
        if not self._data:
            return None

        if self._data_type in self._STRING_VALUE_TYPES:
            try:
                return self._data.decode(u'utf-16-le')

            except UnicodeError as exception:
                raise errors.WinRegistryValueError(
                    u'Unable to read data from value: {0:s} with error: {1:s}'.
                    format(self._name, exception))

        elif (self._data_type == definitions.REG_DWORD
              and self._data_size == 4):
            return self._INT32_LITTLE_ENDIAN.parse(self._data)

        elif (self._data_type == definitions.REG_DWORD_BIG_ENDIAN
              and self._data_size == 4):
            return self._INT32_BIG_ENDIAN.parse(self._data)

        elif (self._data_type == definitions.REG_QWORD
              and self._data_size == 8):
            return self._INT64_LITTLE_ENDIAN.parse(self._data)

        elif self._data_type == definitions.REG_MULTI_SZ:
            try:
                utf16_string = self._data.decode(u'utf-16-le')
                return filter(None, utf16_string.split(u'\x00'))

            except UnicodeError as exception:
                raise errors.WinRegistryValueError(
                    u'Unable to read data from value: {0:s} with error: {1:s}'.
                    format(self._name, exception))

        return self._data

    @property
    def data_type(self):
        """Numeric value that contains the data type."""
        return self._data_type

    @property
    def name(self):
        """The name of the value."""
        return self._name

    @property
    def offset(self):
        """The offset of the value within the Windows Registry file."""
        return self._pyregf_value.offset

    @property
    def raw_data(self):
        """The value data as a byte string."""
        return self._data
Exemple #4
0
    c.UBInt64('connection_id'),
)

announce_req = c.Struct('request',
    c.UBInt64('connection_id'),
    c.UBInt32('action'),
    c.UBInt32('transaction_id'),
    c.Bytes('info_hash', 20),
    c.Bytes('peer_id', 20),
    c.UBInt64('downloaded'),
    c.UBInt64('left'),
    c.UBInt64('uploaded'),
    c.UBInt32('event'),
    c.UBInt32('ip_addr'),
    c.UBInt32('key'),
    c.SBInt32('num_want'),
    c.UBInt16('port'),
)

announce_resp = c.Struct('response', 
    c.UBInt32('action'), 
    c.UBInt32('transaction_id'),
    c.UBInt32('interval'),
    c.UBInt32('leechers'),
    c.UBInt32('seeders'),
    c.GreedyRange(
        c.Struct('peer',
            c.Array(4, c.UBInt8('addr')),
            c.UBInt16('port')
        )
    )
Exemple #5
0
class FakeWinRegistryValue(interface.WinRegistryValue):
  """Fake implementation of a Windows Registry value."""

  _INT32_BIG_ENDIAN = construct.SBInt32(u'value')
  _INT32_LITTLE_ENDIAN = construct.SLInt32(u'value')
  _INT64_LITTLE_ENDIAN = construct.SLInt64(u'value')

  def __init__(self, name, data=b'', data_type=definitions.REG_NONE, offset=0):
    """Initializes a Windows Registry value.

    Args:
      name (str): name of the Windows Registry value.
      data (Optional[bytes]): value data.
      data_type (Optional[int]): value data type.
      offset (Optional[int]): offset of the value within the Windows Registry
          file.
    """
    super(FakeWinRegistryValue, self).__init__()
    self._data = data
    self._data_type = data_type
    self._data_size = len(data)
    self._name = name
    self._offset = offset

  @property
  def data(self):
    """bytes: value data as a byte string."""
    return self._data

  @property
  def data_type(self):
    """int: data type."""
    return self._data_type

  @property
  def name(self):
    """str: name of the value."""
    return self._name

  @property
  def offset(self):
    """int: offset of the value within the Windows Registry file."""
    return self._offset

  def GetDataAsObject(self):
    """Retrieves the data as an object.

    Returns:
      object: data as a Python type.

    Raises:
      WinRegistryValueError: if the value data cannot be read.
    """
    if not self._data:
      return

    if self._data_type in self._STRING_VALUE_TYPES:
      try:
        return self._data.decode(u'utf-16-le')

      # AttributeError is raised when self._data has no decode method.
      except AttributeError as exception:
        raise errors.WinRegistryValueError((
            u'Unsupported data type: {0!s} of value: {1!s} with error: '
            u'{2!s}').format(type(self._data), self._name, exception))

      except UnicodeError as exception:
        raise errors.WinRegistryValueError(
            u'Unable to decode data of value: {0!s} with error: {1!s}'.format(
                self._name, exception))

    elif (self._data_type == definitions.REG_DWORD and
          self._data_size == 4):
      return self._INT32_LITTLE_ENDIAN.parse(self._data)

    elif (self._data_type == definitions.REG_DWORD_BIG_ENDIAN and
          self._data_size == 4):
      return self._INT32_BIG_ENDIAN.parse(self._data)

    elif (self._data_type == definitions.REG_QWORD and
          self._data_size == 8):
      return self._INT64_LITTLE_ENDIAN.parse(self._data)

    elif self._data_type == definitions.REG_MULTI_SZ:
      try:
        utf16_string = self._data.decode(u'utf-16-le')
        # TODO: evaluate the use of filter here is appropriate behavior.
        return list(filter(None, utf16_string.split(u'\x00')))

      # AttributeError is raised when self._data has no decode method.
      except AttributeError as exception:
        raise errors.WinRegistryValueError((
            u'Unsupported data type: {0!s} of value: {1!s} with error: '
            u'{2!s}').format(type(self._data), self._name, exception))

      except UnicodeError as exception:
        raise errors.WinRegistryValueError(
            u'Unable to read data from value: {0!s} with error: {1!s}'.format(
                self._name, exception))

    return self._data
Exemple #6
0
def psint():
    PINT = construct.Struct("PINT", construct.SBInt32("x"))
    return PINT
Exemple #7
0
def bin_header_be_int():
    BIN = construct.Struct("BIN", construct.SBInt32("nzyear"),
                           construct.SBInt32("nzjday"),
                           construct.SBInt32("nzhour"),
                           construct.SBInt32("nzmin"),
                           construct.SBInt32("nzsec"),
                           construct.SBInt32("nzmsec"),
                           construct.SBInt32("nvhdr"),
                           construct.SBInt32("norid"),
                           construct.SBInt32("nevid"),
                           construct.SBInt32("npts"),
                           construct.SBInt32("nsnpts"),
                           construct.SBInt32("nwfid"),
                           construct.SBInt32("nxsize"),
                           construct.SBInt32("nysize"),
                           construct.SBInt32("unused15"),
                           construct.SBInt32("iftype"),
                           construct.SBInt32("idep"),
                           construct.SBInt32("iztype"),
                           construct.SBInt32("unused16"),
                           construct.SBInt32("iinst"),
                           construct.SBInt32("istreg"),
                           construct.SBInt32("ievreg"),
                           construct.SBInt32("ievtyp"),
                           construct.SBInt32("iqual"),
                           construct.SBInt32("isynth"),
                           construct.SBInt32("imagtyp"),
                           construct.SBInt32("imagsrc"),
                           construct.SBInt32("unused19"),
                           construct.SBInt32("unused20"),
                           construct.SBInt32("unused21"),
                           construct.SBInt32("unused22"),
                           construct.SBInt32("unused23"),
                           construct.SBInt32("unused24"),
                           construct.SBInt32("unused25"),
                           construct.SBInt32("unused26"),
                           construct.SBInt32("leven"),
                           construct.SBInt32("lpspol"),
                           construct.SBInt32("lovrok"),
                           construct.SBInt32("lcalda"),
                           construct.SBInt32("unused27"))
    return BIN