def find(rawdata):
sections = []
base = 0
while base < len(rawdata) :
# align to 4 bytes
if base % 4:
base += 4 - (base % 4)
if base >= len(rawdata):
break
(length, efitype) = struct.unpack("<3sB", rawdata[base:base+4])
length = struct.unpack("<I", length + '\0')[0]
base += 4
length -= 4
section = EfiSection(efitype)
if efitype == EfiSection.EFI_SECTION_COMPRESSION:
(uncomp_length, comp_type) = struct.unpack("<IB", rawdata[base:base+4+1])
data = rawdata[base+5:base+length]
if comp_type == 0:
pass # uncompressed
elif comp_type == 1:
data = EfiDecompressor.Decompress(data)
else:
print "Warning: Unknown compression type %i" % comp_type
section.SubSections = find(data)
elif efitype == EfiSection.EFI_SECTION_GUID_DEFINED:
(guid, data_offset, attributes) = struct.unpack("<16sHH", rawdata[base:base+16+2+2])
data_offset -= 24
section.Guid = Guid.strguid(guid)
section.HeaderData = rawdata[base+20:base+20+data_offset]
section.Attributes = attributes
section.Data = rawdata[base+20+data_offset:base+length]
elif efitype == EfiSection.EFI_SECTION_VERSION:
(build_number, ) = struct.unpack("<H", rawdata[base:base+2])
section.BuildNumber = build_number
section.String = unicode(rawdata[base+2:base+length-2], "utf-16")
elif efitype == EfiSection.EFI_SECTION_USER_INTERFACE:
section.String = unicode(rawdata[base:base+length-2], "utf-16")
elif efitype == EfiSection.EFI_SECTION_FREEFORM_SUBTYPE_GUID:
section.Guid = Guid.strguid(rawdata[base:base+16])
section.Data = rawdata[base+16:]
else:
if length:
section.Data = rawdata[base:base+length]
sections.append(section)
base += length
return sections
def find(instream, streamlength):
volumes = []
base = instream.tell()
while base < streamlength:
# align to 8 bytes
if instream.tell() % 8:
tmp = 8 - (instream.tell() % 8)
instream.seek(tmp, 1)
base += tmp
# Scan for volume GUID
while base < streamlength and Guid.strguid(instream.read(16)) != "7a9354d9-0468-444a-81ce-0bf617d890df":
base += 16
continue
base -= 16
instream.seek(-32, 1)
(zero, guid, length, sig, attrib, headerlength, checksum, reserved, revision) = struct.unpack("<16s16sQ4sIHH3sB", instream.read(16 + 16 + 8 + 4 + 4 + 2 + 2 + 3 + 1))
volumes.append(EfiVolume(base, headerlength, length - headerlength, sig, attrib))
# Skip the blockmap - sample I have just has one big block in it
while True:
(numBlocks, blockLength) = struct.unpack("<II", instream.read(8))
if numBlocks == 0 and blockLength == 0:
break;
instream.seek(length - headerlength, 1)
base += length
return volumes
def find(instream, streamlength):
volumes = []
base = instream.tell()
while base < streamlength:
# align to 8 bytes
if instream.tell() % 8:
tmp = 8 - (instream.tell() % 8)
instream.seek(tmp, 1)
base += tmp
# Scan for volume GUID
while base < streamlength and Guid.strguid(
instream.read(16)) != "7a9354d9-0468-444a-81ce-0bf617d890df":
base += 16
continue
base -= 16
instream.seek(-32, 1)
(zero, guid, length, sig, attrib, headerlength, checksum, reserved,
revision) = struct.unpack(
"<16s16sQ4sIHH3sB",
instream.read(16 + 16 + 8 + 4 + 4 + 2 + 2 + 3 + 1))
volumes.append(
EfiVolume(base, headerlength, length - headerlength, sig, attrib))
# Skip the blockmap - sample I have just has one big block in it
while True:
(numBlocks, blockLength) = struct.unpack("<II", instream.read(8))
if numBlocks == 0 and blockLength == 0:
break
instream.seek(length - headerlength, 1)
base += length
return volumes
def find(instream, volume):
files = []
instream.seek(volume.Base + volume.HeaderLength, 0)
base = 0
while(base < volume.DataLength):
# align to 8 bytes
if instream.tell() % 8:
tmp = 8 - (instream.tell() % 8)
instream.seek(tmp, 1)
base += tmp
if base >= volume.DataLength:
break
(guid, checksum, type, attrib, length, state) = struct.unpack("<16sHBB3sB", instream.read(16 + 2 + 1 + 1 + 3 + 1))
length = struct.unpack("<I", length + '\0')[0]
files.append(EfiFile(base, length - 24, Guid.strguid(guid), type, attrib, state))
instream.seek(length - 24, 1)
base += length
return files
def find(rawdata):
sections = []
base = 0
while base < len(rawdata):
# align to 4 bytes
if base % 4:
base += 4 - (base % 4)
if base >= len(rawdata):
break
(length, efitype) = struct.unpack("<3sB", rawdata[base:base + 4])
length = struct.unpack("<I", length + '\0')[0]
base += 4
length -= 4
section = EfiSection(efitype)
if efitype == EfiSection.EFI_SECTION_COMPRESSION:
(uncomp_length,
comp_type) = struct.unpack("<IB", rawdata[base:base + 4 + 1])
data = rawdata[base + 5:base + length]
if comp_type == 0:
pass # uncompressed
elif comp_type == 1:
data = EfiDecompressor.Decompress(data)
else:
print "Warning: Unknown compression type %i" % comp_type
section.SubSections = find(data)
elif efitype == EfiSection.EFI_SECTION_GUID_DEFINED:
(guid, data_offset,
attributes) = struct.unpack("<16sHH",
rawdata[base:base + 16 + 2 + 2])
data_offset -= 24
section.Guid = Guid.strguid(guid)
section.HeaderData = rawdata[base + 20:base + 20 + data_offset]
section.Attributes = attributes
section.Data = rawdata[base + 20 + data_offset:base + length]
elif efitype == EfiSection.EFI_SECTION_VERSION:
(build_number, ) = struct.unpack("<H", rawdata[base:base + 2])
section.BuildNumber = build_number
section.String = unicode(rawdata[base + 2:base + length - 2],
"utf-16")
elif efitype == EfiSection.EFI_SECTION_USER_INTERFACE:
section.String = unicode(rawdata[base:base + length - 2], "utf-16")
elif efitype == EfiSection.EFI_SECTION_FREEFORM_SUBTYPE_GUID:
section.Guid = Guid.strguid(rawdata[base:base + 16])
section.Data = rawdata[base + 16:]
else:
if length:
section.Data = rawdata[base:base + length]
sections.append(section)
base += length
return sections
