def test_abc():
data = '\xbf\x14\xe5\x03\x00\x00\x01\x00\x00\x00\x00\x10\x00.\x00\x00\x00\x00"\x00\x04void\x07mx.core\nIFlexAsset\x0eByteArrayAsset\x0bflash.utils\tByteArray\x16mx.core:ByteArrayAsset\x08test_fla\x1aMainTimeline_Testinputsets#test_fla:MainTimeline_Testinputsets\x0cMainTimeline\rflash.display\tMovieClip\x15test_fla:MainTimeline\rTestinputsets\x05Class\x07loadres\x06frame1*http://www.adobe.com/2006/flex/mx/internal\x07VERSION\x06String\x073.0.0.0\x0bmx_internal\x06Object\tshareable\x0eaddFrameScript\x0cflash.events\x0fEventDispatcher\rDisplayObject\x11InteractiveObject\x16DisplayObjectContainer\x06Sprite\x0c\x16\x01\x16\x03\x16\x06\x18\x08\x16\t\x18\x0b\x16\r\x18\x0f\x17\t\x08\x14\x16\x1c\x03\x01\x02\x01\x05\x1a\x07\x01\x02\x07\x02\x04\x07\x02\x05\x07\x03\x07\t\x04\x01\x07\x05\n\x07\x05\x0c\x07\x07\x0e\x07\x01\x10\x07\x01\x11\x07\x01\x12\x07\t\x13\x07\n\x15\x07\x01\x16\x07\x02\x18\t\x05\x01\x07\x01\x19\t\n\x02\x07\x01\x1a\x07\x01\x1b\x07\x0b\x1d\x07\x07\x1e\x07\x07\x1f\x07\x07 \x07\x07!\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x02\x00\x05\x00\x02\x00\x03\x04\t\x04\x01\x05\x05\x00\x06\x03\t\x06\x00\x08\x00\x07\x08\x08\x08\x00\r\x03\t\x00\x00\n\x00\x0b\x01\x00\x0b\x0c\x01\x00\x0c\x01\x00\x04\x01\r\x06\x01\x0e\x17\x01\x07\x00\n\x00\x05\x00\x01\x0f\x06\x00\x00\n\x08\x03\x01\x02\x04\x00\x00\x06\x01\x03\x04\x00\x01\t\x01\x06\x04\x00\x02\x0e\x01\x07\x04\x01\x03\x0e\x00\x01\x01\x01\x02\x03\xd00G\x00\x00\x01\x00\x01\x03\x03\x01G\x00\x00\x03\x02\x01\x01\x02\n\xd00]\x05 X\x00h\x02G\x00\x00\x04\x02\x01\x04\x05\t\xd00^\r,\x17h\rG\x00\x00\x05\x01\x01\x05\x06\x06\xd00\xd0I\x00G\x00\x00\x06\x02\x01\x01\x04\x13\xd00]\x10`\x110`\x040`\x04X\x01\x1d\x1dh\x03G\x00\x00\x07\x01\x01\x05\x06\x03\xd00G\x00\x00\x08\x01\x01\x06\x07\x06\xd00\xd0I\x00G\x00\x00\t\x02\x01\x01\x05\x17\xd00]\x12`\x110`\x040`\x030`\x03X\x02\x1d\x1d\x1dh\x06G\x00\x00\n\x01\x01\t\n\x03\xd00G\x00\x00\x0b\x02\x02\n\x0b\x0e\xd00\xd0J\t\x00\x80\x04\xd5\xd1&a\x13G\x00\x00\x0c\x01\x01\n\x0b\x07\xd00\xd0O\x0b\x00G\x00\x00\r\x03\x01\n\x0b\x15\xd00\xd0`\x06h\t\xd0I\x00]\x14$\x00\xd0f\x0cO\x14\x02G\x00\x00\x0e\x02\x01\x01\t\'\xd00e\x00`\x110`\x150`\x160`\x170`\x180`\x190`\x080`\x08X\x03\x1d\x1d\x1d\x1d\x1d\x1d\x1dh\x07G\x00\x00'
ptypes.setsource( prov.string(data) )
a = tags.Tag()
a = a.l
print a['data']['ABCData']
def test_DefineShape_load():
s = '\xbf\x00$\x00\x00\x00\x01\x00`\x002\x00\x00\r\xc0\x01\x00\xff\xff\xff\x01\x01\x00\x00\x00\x00\x115\x8c\x807\x1fD\xe0p\xc9\x1d\x0c\x81\xc2\xdc\x00'
ptypes.setsource( prov.string(s) )
a = tags.Tag()
a = a.l
b = a['data']
print b
print b['shapeid']
print b['shapebounds']
print b['shapes']
def test_SHAPEWITHSTYLE_load():
global a
s = '\x01\x00\xff\xff\xff\x01\x01\x00\x00\x00\x00\x115\x8c\x807\x1fD\xe0p\xc9\x1d\x0c\x81\xc2\xdc\x00'
print repr(s[0xc:])
ptypes.setsource( prov.string(s) )
a = stypes.SHAPEWITHSTYLE()
a = a.l
print a.v
#print a['fillstyles']['fillstyles'][0]
#print a['linestyles']['linestyles'][0]
#print a['numbits']
print a['ShapeRecords'][0]
print a['shaperecords']
print a['shaperecords'][0]
print a['shaperecords'][0]['Shape']
_fields_ = [
(Signature, 'signature'),
(Attributes, 'attributes'),
(__extended, 'extended'),
(__padding_header, 'padding'),
]
class File(pstruct.type):
def __data(self):
res = self['header'].li
return dyn.block(res['attributes']['compressed-size'].int())
_fields_ = [
(Header, 'header'),
(__data, 'data'),
]
if __name__ == '__main__':
import ptypes, archive.lha
reload(archive.lha)
ptypes.setsource(ptypes.prov.file('c:/users/user/Downloads/fcgb2.lzh', mode='r'))
z = archive.lha.File()
z = z.l
print z.source.size()
print z['header']['signature']
print z['header']['attributes']
print z['header']
print z['header']['filename']
import sys, user
import ptypes,pecoff
ptypes.setsource(ptypes.prov.file(sys.argv[1], mode='r'))
z=pecoff.Executable.File()
print >>sys.stdout, 'Filename: {:s}\n'.format(z.source.file.name)
z=z.l
p = z['next']['header']
#lc = p['datadirectory']['loadconfig']['address'].d.li
dn = p['datadirectory']['clr']['address'].d.li
#dnv = dn['vtablefixups']['address'].d.li
dnm = dn['metadata']['address'].d.li
root = dnm['StreamHeaders'].Get('#~')['Offset'].d
root = root.l
print >>sys.stderr, 'Loading strings...'
names = dnm['StreamHeaders'].Get('#Strings')['Offset'].d.l
print >>sys.stderr, 'Loading blobs...'
blobs = dnm['StreamHeaders'].Get('#Blob')['Offset'].d.l
class pieces(ptypes.pbinary.struct):
_fields_ = [
(8, 'table'),
(24, 'index'),
]
e = dn['EntryPoint'].cast(pieces)
if e['table'] != pecoff.portable.clr.TMethodDef.type:
print >>sys.stderr, 'No CLR entrypoint found!'
import ptypes,pecoff
from ptypes import *
ptypes.setsource(ptypes.prov.file('c:/windows/sysnative/ntdll.dll', 'r'))
z = pecoff.Executable.File()
z=z.l
a = z['next']['header']['datadirectory'][4]['Address'].d.l
a = z['next']['header']['certificate']
#print a['bCertificate'].hexdump()
c = a[0]['bCertificate']
file('./ntdll.cert.pkcs7','wb').write(c.serialize())
print c.hexdump(lines=1)
import ber; reload(ber)
d = c.cast(ber.Record, recurse={'byteorder':ptypes.config.byteorder.bigendian})
print d['value']
print d['value'][0]
print d['value'][1]['Value']
e = d['value'][1]['Value'].cast(ber.Record)
print e['Value'][0]
print e['Value'][1]['Value'][0]
print e['Value'][2]['Value'][0]
print e['Value'][2]['Value'][1]['Value']
f = e['Value'][2]['Value'][1]['Value'].cast(ber.Record)
print f['Value'][0]['Value'][0]
print f['Value'][0]['Value'][1]['Value'][0]
print f['Value'][0]['Value'][1]['Value'][1]['Value'].cast(ber.Record)['Value'].cast(ber.Record)['Value']
print f['Value'][1]['Value'][0]
print f['Value'][1]['Value'][0]['Value'][0]
if __name__ == '__main__':
import ptypes,pecoff
from ptypes import *
ptypes.setsource(ptypes.file('./chewbacca.exe.infected'))
a = pecoff.Executable.File()
a=a.l
b = a['next']['header']
#print b['header']
c = b['FileHeader']['pointertosymboltable'].d
c = c.l
print c['Symbols'][1]
print c['Symbols'][1].details()
print c['Symbols']
print c.names()
print c.walk().next()
print c.getSymbol('_main')
print c.getAuxiliary('_main')
print c.fetch('_main')
class streamfile(object):
def __init__(self, file):
self.file = file
self.offset = 0
def read(self, amount):
self.file.seek(self.offset)
self.offset += amount
return self.file.read(amount)
def write(self, data):
self.file.seek(self.offset)
offset+=len(data)
return self.file.write(data)
def tell(self):
return self.file.tell()
# ptypes.setsource(ptypes.provider.stream(streamfile(file('./test.tar', 'rb+'))))
# ptypes.setsource(ptypes.provider.stream(file('./test.tar', 'rb+')))
ptypes.setsource(ptypes.provider.file('./test.tar'))
reload(tar)
a = tar.ustar(offset=0)
a=a.l
print a
# print a[0]
# print a[1]
# b = tar.old(offset=0)
#
# c = tar.gnu(offset=0)
class MainArchiveHeader(pstruct.type):
_fields_ = [
(uint32, 'CRC32'),
(vint, 'Header size'),
(vint, 'Header type'),
(vint, 'Header flags'),
(vint, 'Extra area size'),
(vint, 'Archive flags'),
]
if __name__ == '__main__':
import ptypes, archive.rar as rar
ptypes.setsource(ptypes.prov.filecopy('test.rar'))
a = rar.MainArchiveHeader(offset=8).l
# x = a.v[1].object
# y = x[1]
# print(x)
# print(list(x.object)[1].keys())
x = pbinary.new(rar.vint, offset=0xc)
print(x)
print(x.l)
for k, v in x[0].iteritems():
print(k, v)
# hbyte,bread = read_number(tail[tptr:tptr+9])
# print "Hbyte : 0x%02x (%s)" % (hbyte,hdict[hbyte])
# tptr+=bread
if __name__ == '__main__':
# 0000000000: 37 7A BC AF 27 1C 00 04 5B 38 BE F9 59 0E 00 00
# 0000000010: 00 00 00 00 23 00 00 00 00 00 00 00 7A 63 68 FD
# 0000000020: 00 21 16 89 6C 71 3D AB 7D 89 E6 3C 2E BE 60 24
res = '''
37 7A BC AF 27 1C 00 04 5B 38 BE F9 59 0E 00 00
00 00 00 00 23 00 00 00 00 00 00 00 7A 63 68 FD
00 21 16 89 6C 71 3D AB 7D 89 E6 3C 2E BE 60 24
'''.strip().translate(None, ' \n')
ptypes.setsource(ptypes.prov.string(res.decode('hex')))
# 002457e0 17 06 e0 20 4f 24 01 09 88 a0 00 07 0b 01 00 02
# 002457f0 24 06 f1 07 01 0a 53 07 1f 03 65 f5 9f 71 0b f1
# 00245800 23 03 01 01 05 5d 00 40 00 00 01 00 0c 88 98 b3
# 00245810 82 0a 01 5d 29 c8 39 00 00
res = '''
17 06 e0 20 4f 24 01 09 88 a0 00 07 0b 01 00 02
24 06 f1 07 01 0a 53 07 1f 03 65 f5 9f 71 0b f1
23 03 01 01 05 5d 00 40 00 00 01 00 0c 88 98 b3
82 0a 01 5d 29 c8 39 00 00
'''.strip().translate(None, ' \n')
ptypes.setsource(ptypes.prov.string(res.decode('hex')))
# hbyte,bread = read_number(tail[tptr:tptr+9])
# print "Hbyte : 0x%02x (%s)" % (hbyte,hdict[hbyte])
# tptr+=bread
if __name__ == '__main__':
# 0000000000: 37 7A BC AF 27 1C 00 04 5B 38 BE F9 59 0E 00 00
# 0000000010: 00 00 00 00 23 00 00 00 00 00 00 00 7A 63 68 FD
# 0000000020: 00 21 16 89 6C 71 3D AB 7D 89 E6 3C 2E BE 60 24
res = '''
37 7A BC AF 27 1C 00 04 5B 38 BE F9 59 0E 00 00
00 00 00 00 23 00 00 00 00 00 00 00 7A 63 68 FD
00 21 16 89 6C 71 3D AB 7D 89 E6 3C 2E BE 60 24
'''.strip().translate(None, ' \n')
ptypes.setsource(ptypes.prov.string(res.decode('hex')))
# 002457e0 17 06 e0 20 4f 24 01 09 88 a0 00 07 0b 01 00 02
# 002457f0 24 06 f1 07 01 0a 53 07 1f 03 65 f5 9f 71 0b f1
# 00245800 23 03 01 01 05 5d 00 40 00 00 01 00 0c 88 98 b3
# 00245810 82 0a 01 5d 29 c8 39 00 00
res = '''
17 06 e0 20 4f 24 01 09 88 a0 00 07 0b 01 00 02
24 06 f1 07 01 0a 53 07 1f 03 65 f5 9f 71 0b f1
23 03 01 01 05 5d 00 40 00 00 01 00 0c 88 98 b3
82 0a 01 5d 29 c8 39 00 00
'''.strip().translate(None, ' \n')
ptypes.setsource(ptypes.prov.string(res.decode('hex')))
sig = header['Signature'].str()
# if it's compressed then use the 'zlib' structure
t = EncodedDataType.withdefault(sig, type=sig)
length = min(header['FileLength'].int(), self.source.size()) - header.size()
return dyn.clone(t, _value_=dyn.clone(t._value_, length=length))
_fields_ = [
(Header, 'header'),
(__data, 'data')
]
if __name__ == '__main__':
import sys
import ptypes,__init__ as swf
ptypes.setsource(ptypes.file('./test.swf', mode='r'))
z = File
# z = ptypes.debugrecurse(z)
z = z()
z = z.l
for x in z['data']['tags']:
print '-'*32
print x
a = z['data']['tags'][0]
print a.hexdump()
print a.li.hexdump()
print repr(a.l['Header'].serialize())
correct='\x44\x11\x08\x00\x00\x00'
class ImageData_Chunk(pstruct.type):
_fields_ = [
(pint.uint8_t, 'Block Size'),
(lambda s: dyn.block(int(s['Block Size'].li)), 'Data Values')
]
class ImageData( parray.type ):
length = 1
_object_ = ImageData_Chunk
def isTerminator(self, v):
if int(v['Block Size']) == 0:
return True
return False
class File(pstruct.type):
_fields_ = [
(Header, 'header'),
(LogicalScreenDescriptor, 'screen'),
(ImageDescriptor, 'image'),
(ImageData, 'data')
]
if __name__ == '__main__':
import ptypes,gif
reload(gif)
ptypes.setsource( ptypes.provider.file('./poc.gif') )
z = gif.File()
print z.l
_fields_ = [
(dyn.block(4), 'SettingSig'),
(uInt32Number, 'SettingSize'),
(verify_bitsize(uInt32Number, 8), 'numSettings'),
(lambda s: dyn.array(uInt32Number, int(s['numSettings'].li)), 'Setting')
]
class TextDescStruct(pstruct.type, TagStruct):
signature = 'desc'
_fields_ = [
(pstr.szstring, 'IsoStr'),
(uInt32Number, 'UniLangCode'),
(pstr.szwstring, 'UniStr'),
(uInt16Number, 'MacScriptCode'),
(uInt8Number, 'MacCount'),
(dyn.clone(pstr.string, length=67), 'MacStr')
]
if __name__ == '__main__':
import ptypes
from ptypes import *
ptypes.setsource( provider.file('./poc.pf') )
self = ProfileFile()
# print self.l
self.l
z = ptype.debugrecurse(DevStruct)()
z.setoffset(self['tags'][0]['offset'].__int__())
'SetArray')]
class SetStruct(pstruct.type):
_fields_ = [(dyn.block(4), 'SettingSig'), (uInt32Number, 'SettingSize'),
(verify_bitsize(uInt32Number, 8), 'numSettings'),
(lambda s: dyn.array(uInt32Number, int(s['numSettings'].li)),
'Setting')]
class TextDescStruct(pstruct.type, TagStruct):
signature = 'desc'
_fields_ = [(pstr.szstring, 'IsoStr'), (uInt32Number, 'UniLangCode'),
(pstr.szwstring, 'UniStr'), (uInt16Number, 'MacScriptCode'),
(uInt8Number, 'MacCount'),
(dyn.clone(pstr.string, length=67), 'MacStr')]
if __name__ == '__main__':
import ptypes
from ptypes import *
ptypes.setsource(provider.file('./poc.pf'))
self = ProfileFile()
# print(self.l)
self.l
z = ptype.debugrecurse(DevStruct)()
z.setoffset(self['tags'][0]['offset'].__int__())
class USER(ptype.block): type = 0x0007
@Viewport.define
class CAMERA(ptype.block): type = 0x0008
@Viewport.define
class LIGHT(ptype.block): type = 0x0009
@Viewport.define
class DISABLED(ptype.block): type = 0x0010
@Viewport.define
class BOGUS(ptype.block): type = 0x0011
## File chunk
class File(Chunk): pass
if __name__ == '__main__':
import ptypes, max
ptypes.setsource(ptypes.prov.file('./samples/3ds/boletus.3ds', mode='rb'))
z = max.File()
z=z.l
print z['data']
print z['data'][1]['data'][0]['data']
print z['data'][1]['data'][1]
print z['data'][1]['data'][2]['data'][0]['data']
print z['data'][1]['data'][3]['data']['chunk']['data'][0]['data'] # TRI_VERTEXL
print z['data'][1]['data'][3]['data']['chunk']['data'][1]['data'] # TRI_LOCAL
print z['data'][1]['data'][3]['data']['chunk']['data'][2]['data'] # TRI_MAPPINGCOORS
print z['data'][1]['data'][3]['data']['chunk']['data'][3]
print z['data'][1]['data'][3]['data']['chunk']['data'][3]['data']
print z['data'][1]['data'][3]['data']['chunk']['data'][3]['data']['face']
print z['data'][1]['data'][3]['data']['chunk']['data'][3]['data']['facedata'][0]['data']['face']
print z['data'][1]['data'][3]['data']['chunk']['data'][3]['data']['facedata'][1]['data']
@Record.define
class demx(parray.block):
type = 'XMED'
class chunk(pstruct.type):
_fields_ = [
(dyn.clone(HEX, length=4), 'type'),
(dyn.clone(HEX, length=8), 'size'),
(dyn.clone(HEX, length=8), 'count'),
(lambda s: dyn.block(s['size'].li.int()), 'data'
) # FIXME: add a chunktype lookup for this too
]
_object_ = chunk
if __name__ == '__main__':
import ptypes, vector.director as director
ptypes.setsource(ptypes.provider.file('./sample.dir', mode='r'))
z = director.File()
z = z.load()
print(z['Data'][1]['ckData']['header']['unknown'])
print('Number of Records:', len(z['Data']))
a = z['Data']
(Signature, 'signature'),
(Attributes, 'attributes'),
(__extended, 'extended'),
(__padding_header, 'padding'),
]
class File(pstruct.type):
def __data(self):
res = self['header'].li
return dyn.block(res['attributes']['compressed-size'].int())
_fields_ = [
(Header, 'header'),
(__data, 'data'),
]
if __name__ == '__main__':
import ptypes, archive.lha
ptypes.setsource(
ptypes.prov.file('c:/users/user/Downloads/fcgb2.lzh', mode='r'))
z = archive.lha.File()
z = z.l
print(z.source.size())
print(z['header']['signature'])
print(z['header']['attributes'])
print(z['header'])
print(z['header']['filename'])
## some things people people might find useful
#from ptype import debug, debugrecurse
from .ptype import istype, iscontainer, isinstance, undefined
from .provider import file, memory
from .utils import hexdump
if __name__ == '__main__':
import builtins, ptypes
class a(ptypes.ptype.type):
length = 4
data = b'\x41\x41\x41\x41'
import ctypes
b = ctypes.cast(ctypes.pointer(ctypes.c_buffer(data,4)), ctypes.c_void_p)
ptypes.setsource(ptypes.prov.memory())
print('ptype-static-memory', builtins.isinstance(ptypes.ptype.source, ptypes.prov.memory))
print('ptype-instance-memory', builtins.isinstance(ptypes.ptype.type().source, ptypes.prov.memory))
c = a(offset=b.value).l
print('type-instance-memory', c.serialize() == data)
ptypes.setsource(ptypes.prov.empty())
print('ptype-static-empty', builtins.isinstance(ptypes.ptype.source, ptypes.prov.empty))
print('ptype-instance-empty', builtins.isinstance(ptypes.ptype.type().source, ptypes.prov.empty))
c = a(offset=b.value).l
print('type-instance-empty', c.serialize() == b'\x00\x00\x00\x00')
ptypes.setsource(ptypes.prov.memory())
type = 61471
_fields_ = [
(dyn.block(16), 'rgbUid1'),
# (dyn.block(16), 'rgbUid2'), # XXX: this is conditional?
(pint.uint8_t, 'tag'),
(dyn.block(0), 'BLIPFileData'), # FIXME: this isn't right..
]
@Record.define
class FDG(pstruct.type):
type = 0xf008
_fields_ = [(pint.uint32_t,'csp'),(MSOSPID, 'spidCur')]
if False:
import ptypes
ptypes.setsource( ptypes.provider.file('poc.xls') )
x = SpContainer()
# x.setoffset(66100)
x.setoffset(66360)
print x.l
if __name__ == '__main__':
from ptypes import *
import art
if False:
s = '\x00\x00\x00\x00\x0c\x00\x00\x00' + 'A'*30
z = art.RecordGeneral()
z.source = provider.string(s)
(26, 'offset'),
]
class info(pstruct.type):
_fields_ = [
(u32, 'crc'),
(u32, 'edition'),
(u32, 'blocks'),
(u32, 'files'),
]
class super(pstruct.type):
_fields_ = [
(u32, 'magic'), # defaults to 0x28cd3d45
(u32, 'size'),
(u32, 'flags'),
(u32, 'future'),
(dyn.array(u8,16), 'signature'),
(info, 'fsid'),
(dyn.array(u8,16), 'name'),
(inode, 'root'),
]
if __name__ == '__main__':
import ptypes,cramfs
ptypes.setsource('re1000.fw')
a = cramfs.super()
a.setoffset(0):
a=a.l
(1, 'marker_bit'),
(5, 'video_bound'),
(8, 'reserved_byte'),
(__streamarray, 'streamarray'),
]
###
class packet(pbinary.struct):
_fields_ = [
(32, 'code'),
(lambda s: layer.lookup(s['code']), 'data'),
]
class stream(pbinary.terminatedarray):
_object_ = packet
def isTerminator(self, value):
return type(value) == end_code
class stream(pbinary.array):
_object_ = packet
length = 20
if __name__ == '__main__':
import ptypes,mpeg
# ptypes.setsource( ptypes.file('./poc-mpeg.stream') )
ptypes.setsource( ptypes.file('./poc.mov') )
reload(mpeg)
a = mpeg.stream(offset=0x3ba, length=20)
print a.l
class section_entry_extension(pstruct.type):
class __field(pbinary.struct):
_fields_ = [(4, 'unused'), (1, 'record_follows'), (2, 'unused2'),
(1, 'wtf')]
_fields_ = [
(uchar, 'indicator'),
(uchar, 'field'),
(dyn.block(30), 'vendor_criteria'),
]
if __name__ == '__main__':
import ptypes, fs.iso9660 as iso9660
ptypes.setsource(
ptypes.provider.WindowsFile('~/downloads/6euj41uc.iso', 'r'))
z = iso9660.File()
z = z.l
boot_sector = z['desc'][1]['data']['boot_catalog']
if False:
a = iso9660.sector(offset=boot_sector * 2048).l
print(a.cast(iso9660.section_validation_entry))
# print(z['iso'])
# print([x for x in z['unused'] if not x.is_empty()])
# date = z['primary']['root_directory_record']['date']
# print(date)
# print(date['year'].summary())
a = z['desc'][1]['data']['boot_catalog']
print(a.cast(iso9660.sectorpointer))
_fields_ = [
(IMAGE_DOS_HEADER, 'Header'),
(__Extra, 'Extra'),
(__Stub, 'Stub'),
(__Next, 'Next'),
#(__NotLoaded, 'NotLoaded'),
]
if __name__ == '__main__':
import sys
import ptypes, pecoff.Executable
if len(sys.argv) == 2:
filename = sys.argv[1]
ptypes.setsource(ptypes.prov.file(filename, 'rb'))
z = pecoff.Executable.File()
z = z.l
else:
filename = 'obj/kernel32.dll'
ptypes.setsource(ptypes.prov.file(filename, 'rb'))
for x in range(10):
print(filename)
try:
z = pecoff.Executable.File()
z = z.l
break
except IOError:
pass
filename = '../' + filename
_fields_ = [
(pint.uint8_t, 'numid'),
(pint.uint8_t, 'maptyp'),
(DataType, 'imgtyp'),
(ColorMapSpecification, 'mapspec'),
(Dimensions, 'imgdim'),
(pint.uint8_t, 'pixdepth'),
(pint.uint8_t, 'imgdes'),
]
class File(pstruct.type):
_fields_ = [
(Header, 'Header'),
(ptype.block, 'Data'),
]
if __name__ == '__main__':
import sys
import ptypes, image.targa
if len(sys.argv) != 2:
print("Usage: {:s} file".format(
sys.argv[0] if len(sys.argv) else __file__))
sys.exit(0)
ptypes.setsource(ptypes.prov.file(sys.argv[1]))
a = image.targa.File()
a = a.l
yield i,res
continue
return
def iterate(self, version=8):
for _,n in self.enumerate(version): yield n
def repr(self):
return ', '.join('{:s}/{:d}'.format(res.zone_name(), res.version()) for res in self.iterate(None))
entry = dyn.pointer(malloc_zones)
if __name__ == '__main__':
ab = szone_t()
ab.alloc()
print ab
exit()
import lldb
import ptypes,macheap
ptypes.setsource(lldbprocess(lldb.process))
modules = lldb.target.get_modules_array()
sym_malloc_zones, = (m.FindSymbol('malloc_zones') for m in lldb.target.get_modules_array() if m.FindSymbol('malloc_zones').name)
z = macheap.entry(offset=int(sym_malloc_zones.addr))
if __name__ == '__main__':
z = macheap.szone_t().a
mag_get_thread_index = _os_cpu_number() & (TINY_MAX_MAGAZINES-1)
szone_t.tiny_magazines[mag_thread_index]
if len(sys.argv) != 2:
six.print_("Usage: {:s} file".format(
sys.argv[0] if len(sys.argv) else 'test'),
file=sys.stderr)
sys.exit(1)
filename = sys.argv[1]
L = log(sys.stderr)
next(L)
if not os.path.exists(filename):
raise OSError(
"The specified file ({:s}) does not exist.".format(filename))
ptypes.setsource(ptypes.prov.file(filename, mode='r'))
L.send("Loading executable for {:s}".format(os.path.basename(filename)))
z = pecoff.Executable.File()
z = z.l
dd = z['next']['header']['datadirectory'][14]
if dd['address'].int() == 0:
L.send("No IMAGE_COR20_HEADER found in executable!".format(
os.path.basename(filename)))
sys.exit(2)
comdd = dd['address'].d.l
meta = comdd['MetaData']['Address'].d.l
strings = meta['StreamHeaders'].Get('#Strings')['Offset'].d
#userstrings = meta['StreamHeaders'].Get('#US')['Offset'].d
_fields_ = [
(pint.uint8_t, 'boot_indicator'),
(chs, 'chs_start'),
(pint.uint8_t, 'type'),
(chs, 'chs_end'),
(pint.uint32_t, 'relative_sector'),
(pint.uint32_t, 'total_sectors'),
]
class common_boot_record(pstruct.type):
_fields_ = [
(dyn.block(446), 'bootstrap'),
(dyn.array(partition_table_entry, 4), 'partition'),
(pint.uint16_t, 'mbr_signature'),
]
if __name__ == '__main__':
import ptypes, fs.physical as disk
ptypes.setsource(
ptypes.provider.WindowsFile(r'\\.\PhysicalDrive%d' % (0), 'r'))
a = disk.sector()
print(
a.l.cast(
disk.common_boot_record)['partitions'][0]['chs_start'].hexdump())
b = a.l.cast(disk.common_boot_record)
print(b)
class Body(parray.block):
class _object_(pstruct.type):
_fields_ = [
(UI32, 'PreviousTagSize'),
(FLVTAG, 'Tag'),
]
def __Body(self):
ex = self['Header'].li['DataOffset'].int()
return dyn.clone(self.Body,
blocksize=lambda s: self.source.size() - ex)
_fields_ = [
(Header, 'Header'),
(__Body, 'Body'),
]
if __name__ == '__main__':
import ptypes, swf.flv as flv
ptypes.setsource(
ptypes.prov.file('c:/users/user/Documents/blah.flv', mode='rb'))
reload(flv)
a = flv.File()
a = a.l
print a['Header']['TypeFlags']
print a['Header']
print a['Header']['Padding'].hexdump()
print a['Body'][0]['Tag']
print a['Body'][0]['Tag']['TagData']
('UniqueProcessId', ctypes.c_uint32),
('Reserved3', ctypes.c_uint32)]
pbi = ProcessBasicInformation()
res = nt.NtQueryInformationProcess(handle, 0, ctypes.byref(pbi), ctypes.sizeof(pbi), None)
return pbi
# grab process handle
if len(sys.argv) > 1:
pid = int(sys.argv[1])
print 'opening process %d'% pid
handle = openprocess(pid)
else:
handle = getcurrentprocess()
print 'using current process'
ptypes.setsource(ptypes.provider.WindowsProcessHandle(handle))
# grab peb
import ndk
pebaddress = getPBIObj(handle).PebBaseAddress
z = ndk.PEB(offset=pebaddress).l
# grab heap
if len(sys.argv) > 2:
heaphandle = eval(sys.argv[2])
for x in z['ProcessHeaps'].d.l:
print hex(x.int()),hex(heaphandle)
if x.int() == heaphandle:
b = x
break
continue
class File(pstruct.type):
_fields_ = [
(CFHEADER, 'header'),
(lambda s: dyn.array(CFFOLDER, s['header'].li['cFolders'].int()),
'folders'),
# (lambda s: dyn.array(CFFILE, s['header']['cFiles'].int()), 'files'),
# (lambda s: dyn.block(s['header']['cbCabinet'].int() - s['header'].size()-s['folders'].size()-s['files'].size()), 'data'),
# (dyn.block(s['header']['cbCabinet'].int() - s['header'].size()-s['folders'].size()-s['files'].size()), 'data'),
]
if __name__ == '__main__':
import sys, ptypes, archive.cab as cab
ptypes.setsource(ptypes.file('~/shit/test/Windows6.1-KB2705219-x86.cab'))
a = cab.File()
a = a.l
print(a['header']['cbCabinet'].int())
print(a['header']['cbCabinet'])
print(a['folders'][0]['typeCompress'].summary())
print(a['folders'][0]['coffCabStart'].d.l)
b = a['header']['coffFiles'].d.l
for x in b:
print(x['uoffFolderStart'])
print(b[1])
print(b[1]['uoffFolderStart'].d.l.hexdump())
(BYTE, 'skip'),
(BYTE, 'count'),
(lambda s: dyn.block(
(s['count'].li.int() & 0x80) and 1 or s['count'].li.int() & 0x7f),
'data') #XXX
]
class Line(pstruct.type):
_fields_ = [(BYTE, 'numpackets'),
(lambda s: dyn.array(LinePacket, s['numpackets'].li.int()),
'packets')]
@ChunkType.define
class DELTA_FLI(pstruct.type):
type = 12
_fields_ = [(WORD, 'skip'), (WORD, 'numlines'),
(lambda s: dyn.array(Line, s['numlines'].li.int()), 'lines')]
if __name__ == '__main__':
import ptypes, flic
reload(flic)
ptypes.setsource(ptypes.file('./test.fli'))
# ptypes.setsource( ptypes.file('./janmar90.flc') )
z = ptypes.debugrecurse(flic.File)()
z = z.l
print z
(lambda s: dyn.array(s.Entry, int(s['count'].li)), 'entry'),
(dyn.pointer(Directory,type=pint.uint32_t), 'next')
]
class Header(pstruct.type):
def __directory(self):
signature = self['signature'].li.serialize()
if signature == '\x4d\x4d\x00\x2a': # bigendian
return dyn.pointer(Directory)
if signature == '\x49\x49\x2a\x00': # little-endian
pass
# XXX: I haven't encountered this yet
raise NotImplementedError(signature)
_fields_ = [
# (pint.uint16_t, 'byteorder'),
# (pint.uint16_t, 'id'),
(pint.uint32_t, 'signature'), # ('\x49\x49\x2a\x00', '\x4d\x4d\x00\x2a')
(dyn.pointer(Directory,type=pint.uint32_t), 'directory'),
]
class File(Header): pass
if __name__ == '__main__':
import ptypes,tiff
ptypes.setsource( ptypes.file('./0.tif') )
a = tiff.File()
a = a.l
yield n
def repr(self):
return ', '.join('{:s}/{:d}'.format(res.zone_name(), res.version())
for res in self.iterate(None))
entry = dyn.pointer(malloc_zones)
if __name__ == '__main__':
ab = szone_t()
ab.alloc()
print ab
exit()
import lldb
import ptypes, macheap
ptypes.setsource(lldbprocess(lldb.process))
modules = lldb.target.get_modules_array()
sym_malloc_zones, = (m.FindSymbol('malloc_zones')
for m in lldb.target.get_modules_array()
if m.FindSymbol('malloc_zones').name)
z = macheap.entry(offset=int(sym_malloc_zones.addr))
if __name__ == '__main__':
z = macheap.szone_t().a
mag_get_thread_index = _os_cpu_number() & (TINY_MAX_MAGAZINES - 1)
szone_t.tiny_magazines[mag_thread_index]
class ImageTableData_Chunk(pstruct.type):
_fields_ = [(pint.uint8_t, 'CodeSize'), (ptype.type, 'something')]
class ImageData_Chunk(pstruct.type):
_fields_ = [(pint.uint8_t, 'Block Size'),
(lambda s: dyn.block(int(s['Block Size'].li)), 'Data Values')]
class ImageData(parray.type):
length = 1
_object_ = ImageData_Chunk
def isTerminator(self, v):
if int(v['Block Size']) == 0:
return True
return False
class File(pstruct.type):
_fields_ = [(Header, 'header'), (LogicalScreenDescriptor, 'screen'),
(ImageDescriptor, 'image'), (ImageData, 'data')]
if __name__ == '__main__':
import ptypes, image.gif as gif
ptypes.setsource(ptypes.provider.file('./poc.gif'))
z = gif.File()
print(z.l)
if len(p) > 0:
p, rest = unpack(*p)
entry = res.Entry(p)
if entry is None:
raise LookupError(p, rest, res)
return followresource(rest, entry.li)
return res.li
def unpack(first, *rest):
return first, rest
if __name__ == '__main__':
import sys,logging
import ptypes,pecoff
_ = args()
res = _.parse_args()
if figureargs(res) is None:
_.print_usage()
sys.exit(1)
infile = ptypes.prov.filebase(res.infile)
ptypes.setsource(infile)
z = pecoff.Executable.File(source=infile)
z = z.l
result = None
figureargs(res)(z, format=res.format, output=res.output)
globals().pop('res')
return dyn.clone(pointer, recurse=dict(byteorder=bo))
def __data(self):
res = self['header'].li.size() + self['pointer'].li.size()
if isinstance(self.source, ptypes.prov.bounded):
return dyn.block(self.source.size() - res)
return ptype.undefined
_fields_ = [
(Header, 'header'),
(__pointer, 'pointer'),
(__data, 'data'),
]
if __name__ == '__main__':
import ptypes, image.tiff as tiff
ptypes.setsource(ptypes.file('sample.tif'))
a = tiff.File()
a = a.l
for n in a['pointer'].d.l.iterate():
print(n.l)
if not isinstance(n['value'], ptypes.ptype.undefined):
print(n['value'])
continue
assert not isinstance(n['pointer'], ptypes.ptype.undefined)
for v in n['pointer'].d.l:
print(v)
continue
class Bin(pstruct.type):
_fields_ = [
(BinHeader, 'header'),
(lambda self: dyn.block(self['header'].li['size'].int() - self[
'header'].size()), 'data'),
]
class Cell(pstruct.type):
_fields_ = [
(pint.uint32_t, 'size'),
(lambda self: dyn.block(self['size'].li.int()), 'data'),
]
if __name__ == '__main__':
import ptypes
source = ptypes.setsource(ptypes.prov.file('./Amcache.hve', mode='rb'))
z = Header().l
print(z['guidSignature'].hexdump())
print(z['lastReorganizedTimestamp'])
print(z['reserved_a0'].hexdump())
print(z['reserved_b0'].hexdump())
a = Bin(offset=z.getoffset() + z.size()).l
print(ptype.block(offset=a.getoffset() + a.size(), length=0x40).l)
b = Bin(offset=a.getoffset() + a.size()).l
print(ptype.block(offset=b.getoffset() + b.size(), length=0x40).l)
(uint32, 'length'),
]
_fields_ = [
(Fixed, 'version'),
(uint16, 'numTables'),
(uint16, 'searchRange'),
(uint16, 'entrySelector'),
(uint16, 'rangeShift'),
(lambda s: dyn.array(s.Entry, s['numTables'].li.int()), 'tables'),
]
if __name__ == '__main__':
import ptypes, vector.ttf as ttf
ptypes.setsource(ptypes.file('./cour.ttf', 'rb'))
#t = dyn.block(ptypes.ptype.type.source.size())
#a = t()
#a = a.l
b = ttf.File()
b = b.l
print('\n'.join(
map(repr,
((i, x['tag'].summary()) for i, x in enumerate(b['tables'])))))
if 'tables' and False:
print(b['tables'][0]['offset'].d.l.hexdump())
print(b['tables'][1]['offset'].d.l.hexdump())
print(b['tables'][8]['offset'].d.l.hexdump())
return dyn.block(sz - h.size())
class Body(parray.block):
class _object_(pstruct.type):
_fields_ = [
(UI32, 'PreviousTagSize'),
(FLVTAG, 'Tag'),
]
def __Body(self):
ex = self['Header'].li['DataOffset'].int()
return dyn.clone(self.Body, blocksize=lambda s:self.source.size() - ex)
_fields_ = [
(Header, 'Header'),
(__Body, 'Body'),
]
if __name__ == '__main__':
import ptypes,swf.flv as flv
ptypes.setsource(ptypes.prov.file('c:/users/user/Documents/blah.flv',mode='rb'))
reload(flv)
a = flv.File()
a = a.l
print a['Header']['TypeFlags']
print a['Header']
print a['Header']['Padding'].hexdump()
print a['Body'][0]['Tag']
print a['Body'][0]['Tag']['TagData']
(UINT32, 'packet_count_for_this_packet'),
]
###
class File(parray.terminated):
_object_ = RealMedia_Header
def isTerminator(self, value):
l = len(self.value)
if l > 0:
return l > self.value[0]['object']['num_headers'].int() + 1
return False
if __name__ == '__main__':
import sys
import ptypes,rmff
ptypes.setsource( ptypes.file(sys.argv[1], mode='rb') )
self = rmff.File()
z = self.l
print len(self.value)
# offset = 0x16f
# print self.at(offset)
# typespecific = self[3]['object']['type_specific_data']
mdpr = [x for x in self.traverse(filter=lambda x: type(x) == rmff.RealMedia_Header) if x['object_id'].serialize() == 'MDPR']
for x in mdpr:
print x.__name__, x['object']['mime_type']
class info(pstruct.type):
_fields_ = [
(u32, 'crc'),
(u32, 'edition'),
(u32, 'blocks'),
(u32, 'files'),
]
class super(pstruct.type):
_fields_ = [
(u32, 'magic'), # defaults to 0x28cd3d45
(u32, 'size'),
(u32, 'flags'),
(u32, 'future'),
(dyn.array(u8, 16), 'signature'),
(info, 'fsid'),
(dyn.array(u8, 16), 'name'),
(inode, 'root'),
]
if __name__ == '__main__':
import ptypes, fs.cramfs as cramfs
ptypes.setsource('re1000.fw')
a = cramfs.super()
a.setoffset(0)
a = a.l
(_row(method_info, 'method_count'), 'method'),
(u30, 'metadata_count'),
(_row(metadata_info, 'metadata_count'), 'metadata'),
(u30, 'class_count'),
(_row(instance_info, 'class_count'), 'instance'),
(_row(class_info, 'class_count'), 'class'),
(u30, 'script_count'),
(_row(script_info, 'script_count'), 'script'),
(u30, 'method_body_count'),
(_row(method_body_info, 'method_body_count'), 'method_body'),
]
if __name__ == '__main__':
import ptypes,as3,stypes
from ptypes import *
ptypes.setsource(prov.file('./tag-abcfile.bin','r'))
#0000000: 0100 0000 0010 002e 00
#0000000 00 0000 2200 0476 ............"..v
b = as3.abcFile(offset=5)
b=b.l
# print b['minor_version'].l
# print b['major_version'].l
# c = b['constant_pool'].l
# print c.keys()
# for k,v in c.items():
# print k
# print v
# print c
(BYTE, 'skip'),
(BYTE, 'count'),
(lambda s: dyn.block((int(s['count'].li)&0x80) and 1 or int(s['count'].li)&0x7f ), 'data') #XXX
]
class Line(pstruct.type):
_fields_ = [
(BYTE, 'numpackets'),
(lambda s: dyn.array(LinePacket, int(s['numpackets'].li)), 'packets')
]
class DELTA_FLI(Chunk):
type = 12
_fields_ = [
(WORD, 'skip'),
(WORD, 'numlines'),
(lambda s: dyn.array(Line, int(s['numlines'].li)), 'lines')
]
chunkLookup = dict([(cls.type, cls) for cls in globals().values() if type(cls) is type and cls is not Chunk and issubclass(cls, Chunk)])
if __name__ == '__main__':
import ptypes,flic
reload(flic)
ptypes.setsource( ptypes.file('./test.fli') )
# ptypes.setsource( ptypes.file('./janmar90.flc') )
z = ptypes.debugrecurse(flic.File)()
z = z.l
print z
import ptypes, pecoff
from ptypes import *
ptypes.setsource(ptypes.prov.file('c:/windows/sysnative/ntdll.dll', 'r'))
z = pecoff.Executable.File()
z = z.l
a = z['next']['header']['datadirectory'][4]['Address'].d.l
a = z['next']['header']['certificate']
#print a['bCertificate'].hexdump()
c = a[0]['bCertificate']
file('./ntdll.cert.pkcs7', 'wb').write(c.serialize())
print c.hexdump(lines=1)
import ber
reload(ber)
d = c.cast(ber.Record,
recurse={'byteorder': ptypes.config.byteorder.bigendian})
print d['value']
print d['value'][0]
print d['value'][1]['Value']
e = d['value'][1]['Value'].cast(ber.Record)
print e['Value'][0]
print e['Value'][1]['Value'][0]
print e['Value'][2]['Value'][0]
print e['Value'][2]['Value'][1]['Value']
f = e['Value'][2]['Value'][1]['Value'].cast(ber.Record)
print f['Value'][0]['Value'][0]
print f['Value'][0]['Value'][1]['Value'][0]
print f['Value'][0]['Value'][1]['Value'][1]['Value'].cast(
import pecoff,ptypes
from ptypes import *
ptypes.setsource( ptypes.prov.file('./kernel32.dll', mode='r') )
a = pecoff.Executable.File()
a=a.l
exp = a['Next']['Header']['DataDirectory'][0]['Address'].d.l
imp = a['Next']['Header']['DataDirectory'][1]['Address'].d.l
b = a['next']['header']['datadirectory']
print b[12]
print b[13]
print b[10]['address'].d.l
# exports
print exp.getNames()
print exp.getNameOrdinals()
print exp.getExportAddressTable()
print '\n'.join(map(repr,exp.iterateExports()))
# imports
b = imp[5]
print b['Name'].d.l.str()
print '\n'.join(map(repr,b.iterateImports()))
c = b['INT'].d.l[0]
print c['Name'].deref()
print c['Name'].getName()
print c['Name']
print c['Name'].details()
print c['Name'].summary()
(u30, 'metadata_count'),
(_row(metadata_info, 'metadata_count'), 'metadata'),
(u30, 'class_count'),
(_row(instance_info, 'class_count'), 'instance'),
(_row(class_info, 'class_count'), 'class'),
(u30, 'script_count'),
(_row(script_info, 'script_count'), 'script'),
(u30, 'method_body_count'),
(_row(method_body_info, 'method_body_count'), 'method_body'),
]
if __name__ == '__main__':
import ptypes, vector.swf.as3 as as3, vector.swf.stypes as stypes
from ptypes import *
ptypes.setsource(prov.file('./tag-abcfile.bin', 'r'))
#0000000: 0100 0000 0010 002e 00
#0000000 00 0000 2200 0476 ............"..v
b = as3.abcFile(offset=5)
b = b.l
# print(b['minor_version'].l)
# print(b['major_version'].l)
# c = b['constant_pool'].l
# print(c.keys())
# for k,v in c.items():
# print(k)
# print(v)
# print(c)
class sector(dyn.block(512)): pass
class partition_table_entry(pstruct.type):
class chs(pbinary.struct):
_fields_ = [(8,'head'),(6,'sector'),(10,'cylinder')]
_fields_ = [
(pint.uint8_t, 'boot_indicator'),
(chs, 'chs_start'),
(pint.uint8_t, 'type'),
(chs, 'chs_end'),
(pint.uint32_t, 'relative_sector'),
(pint.uint32_t, 'total_sectors'),
]
class common_boot_record(pstruct.type):
_fields_ = [
(dyn.block(446), 'bootstrap'),
(dyn.array(partition_table_entry, 4), 'partition'),
(pint.uint16_t, 'mbr_signature'),
]
if __name__ == '__main__':
import disk,ptypes
ptypes.setsource(ptypes.provider.WindowsFile(r'\\.\PhysicalDrive%d'% (0), 'r'))
a = disk.sector()
print a.l.cast(disk.common_boot_record)['partitions'][0]['chs_start'].hexdump()
b = a.l.cast(disk.common_boot_record)
print b
header = self['Header'].li
sig = header['Signature'].str()
# if it's compressed then use the 'zlib' structure
t = EncodedDataType.withdefault(sig, type=sig)
length = min(header['FileLength'].int(),
self.source.size()) - header.size()
return dyn.clone(t, _value_=dyn.clone(t._value_, length=length))
_fields_ = [(Header, 'header'), (__data, 'data')]
if __name__ == '__main__':
import sys
import ptypes, __init__ as swf
ptypes.setsource(ptypes.file('./test.swf', mode='r'))
z = File
# z = ptypes.debugrecurse(z)
z = z()
z = z.l
for x in z['data']['tags']:
print '-' * 32
print x
a = z['data']['tags'][0]
print a.hexdump()
print a.li.hexdump()
print repr(a.l['Header'].serialize())
correct = '\x44\x11\x08\x00\x00\x00'
if len(p) > 0:
p, rest = unpack(*p)
entry = res.Entry(p)
if entry is None:
raise LookupError(p, rest, res)
return followresource(rest, entry.li)
return res.li
def unpack(first, *rest):
return first, rest
if __name__ == '__main__':
import sys,logging
import ptypes,pecoff
_ = args()
res = _.parse_args()
if figureargs(res) is None:
_.print_usage()
sys.exit(1)
infile = ptypes.prov.fileobj(res.infile)
ptypes.setsource(infile)
z = pecoff.Executable.File(source=infile)
z = z.l
result = None
figureargs(res)(z, format=res.format, output=res.output)
globals().pop('res')
class section_entry_extension(pstruct.type):
class __field(pbinary.struct):
_fields_ = [(4,'unused'),(1,'record_follows'),(2,'unused2'),(1,'wtf')]
_fields_ = [
(uchar, 'indicator'),
(uchar, 'field'),
(dyn.block(30), 'vendor_criteria'),
]
if __name__ == '__main__':
import ptypes,iso9660
reload(iso9660)
reload(ptypes.provider)
ptypes.setsource(ptypes.provider.WindowsFile('~/downloads/6euj41uc.iso', 'r'))
z = iso9660.File()
z = z.l
boot_sector = z['desc'][1]['data']['boot_catalog']
if False:
a = iso9660.sector(offset=boot_sector*2048).l
print a.cast(iso9660.section_validation_entry)
# print z['iso']
# print [x for x in z['unused'] if not x.is_empty()]
# date = z['primary']['root_directory_record']['date']
# print date
# print date['year'].summary()
a = z['desc'][1]['data']['boot_catalog']
print a.cast(iso9660.sectorpointer)
(UI16, 'Top'),
(UI16, 'Left'),
(UI16, 'Bottom'),
(UI16, 'Right'),
]
@Boxes.define
class blnk(pstruct.type):
_fields_ = [
(UI16, 'StartChar'),
(UI16, 'EndChar'),
]
@Boxes.define
class twrp(pstruct.type):
_fields_ = [
(UI8, 'WrapFlag'),
]
### file types
class File(BOX):
pass
if __name__ == '__main__':
import ptypes, swf.f4v as f4v
ptypes.setsource('c:/users/user/Documents/blah.flv', mode='rb')
(float, 'white_level'),
(float, 'integration_times'),
(dyn.block(76), 'reserved'),
]
class DpxMainHeader(pstruct.type):
_fields_ = [
(DpxFileHeader, 'fileHeader'),
(DpxImageHeader, 'imageHeader'),
(DpxOrientationHeader, 'orientationHeader'),
(DpxFilmHeader, 'filmHeader'),
(DpxTelevisionHeader, 'televisionHeader'),
]
class File(pstruct.type):
_fields_ = [
(DpxMainHeader, 'header'),
]
if __name__ == '__main__':
import sys
import ptypes, image.dpx
if len(sys.argv) != 2:
print "Usage: {:s} file".format(sys.argv[0] if len(sys.argv) else __file__)
sys.exit(0)
ptypes.setsource(ptypes.prov.file(sys.argv[1]))
a = image.dpx.File()
a = a.l
def alloc(self, **fields):
res = super(CRG, self).alloc(**fields)
return res if operator.contains(fields, 'Lcrg') else res.set(Lcrg=res.size())
@Marker.define
class COM(pstruct.type):
def __content(self):
length, fields = self['Lcom'].li, ['Lcom', 'Rcom']
return dyn.clone(pstr.string, length=length.int() - sum(self[fld].li.size() for fld in fields))
_fields_ = [
(u16, 'Lcom'),
(u16, 'Rcom'),
(__content, 'Ccom'),
]
def alloc(self, **fields):
res = super(COM, self).alloc(**fields)
return res if operator.contains(fields, 'Lcom') else res.set(Lcom=res.size())
if __name__ == '__main__':
import ptypes, image.jpeg.jp2 as jp2
ptypes.setsource(ptypes.prov.file('logo.jp2', mode='r'))
z = jp2.File().l
print(z[3]['data'].decode())
a = ptype.block(offset=z.getoffset()+z.size(), length=0x100).l
print(a.hexdump())
return self['data']['length'].int()
pdu = property(fget=lambda s: s['data']['data'])
### entry point
class Stream(parray.infinite):
_object_ = TPKT
File=Stream
if __name__ == '__main__':
import ptypes,analyze
reload(analyze)
ptypes.setbyteorder(ptypes.config.byteorder.littleendian)
# ptypes.setsource(ptypes.file('./termdd_1.dat'))
ptypes.setsource(ptypes.file('./blah.dat'))
from analyze import *
z = analyze.Stream()
z = z.l
# for x in z:
# print x
if False:
a = TPKT()
a = a.l
print a['data']
b = TPDU(offset=a.getoffset()+a.size())
b = b.l
# VolumeLabelOffset: (4 bytes, offset 0x0133), 0x00000010, indicates that Volume Label Offset Unicode is not specified and references offset 0x0137 where the Volume Label is stored.
# Data: (1 byte, offset 0x0137), "" an empty character string.
# LocalBasePath: (14 bytes, offset 0x0138), because VolumeIDAndLocalBasePath is set, the character string "c:\test\a.txt" is present.
# CommonPathSuffix: (1 byte, offset 0x0146), "" an empty character string.
# Because HasRelativePath is set, the RELATIVE_PATH StringData structure (section 2.4) follows:
# CountCharacters: (2 bytes, offset 0x0147), 0x0007 Unicode characters.
# String (14 bytes, offset 0x0149), the Unicode string: ".\a.txt".
# Because HasWorkingDir is set, the WORKING_DIR StringData structure (section 2.4) follows:
# CountCharacters: (2 bytes, offset 0x0157), 0x0007 Unicode characters.
# String (14 bytes, offset 0x0159), the Unicode string: "c:\test".
# Extra data section: (100 bytes, offset 0x0167), an ExtraData structure (section 2.5) follows:
# ExtraDataBlock (96 bytes, offset 0x0167), the TrackerDataBlock structure (section 2.5.10) follows:
# BlockSize: (4 bytes, offset 0x0167), 0x00000060
# BlockSignature: (4 bytes, offset 0x016B), 0xA000003, which identifies the TrackerDataBlock structure (section 2.5.10).
# Length: (4 bytes, offset 0x016F), 0x00000058, the required minimum size of this extra data block.
# Version: (4 bytes, offset 0x0173), 0x00000000, the required version.
# MachineID: (16 bytes, offset 0x0177), the character string "chris-xps", with zero fill.
# Droid: (32 bytes, offset 0x0187), 2 GUID values.
# DroidBirth: (32 bytes, offset 0x01A7), 2 GUID values.
# TerminalBlock: (4 bytes, offset 0x01C7), 0x00000000 indicates the end of the extra data section.
import ptypes, lnkfile
from lnkfile import *
#importlib.reload(lnkfile)
source = ptypes.setsource(ptypes.prov.bytes(data))
z = File()
z = z.l
print(z)
print '%s: %r'% (name,e)
return True
except Failure,e:
print '%s: %r'% (name,e)
except Exception,e:
print '%s: %r : %r'% (name,Failure(), e)
return False
TestCaseList.append(harness)
return fn
if __name__ == '__main__':
import ptypes,zlib
from ptypes import *
from ptypes import config
ptypes.setsource(ptypes.provider.string('A'*50000))
string1='ABCD' # bigendian
string2='DCBA' # littleendian
s1 = 'the quick brown fox jumped over the lazy dog'
s2 = s1.encode('zlib')
@TestCase
def test_dynamic_union_rootstatic():
import dynamic,pint,parray
class test(dynamic.union):
root = dynamic.array(pint.uint8_t,4)
_fields_ = [
(dynamic.block(4), 'block'),
(pint.uint32_t, 'int'),
###
class packet(pbinary.struct):
_fields_ = [
(32, 'code'),
(lambda s: layer.lookup(s['code']), 'data'),
]
class stream(pbinary.terminatedarray):
_object_ = packet
def isTerminator(self, value):
return type(value) == end_code
class stream(pbinary.array):
_object_ = packet
length = 20
if __name__ == '__main__':
import ptypes, mpeg
# ptypes.setsource( ptypes.file('./poc-mpeg.stream') )
ptypes.setsource(ptypes.file('./poc.mov'))
reload(mpeg)
a = mpeg.stream(offset=0x3ba, length=20)
print a.l
