def createFields(self):
if self._m2ts:
yield Bits(self, "c", 2)
yield Bits(self, "ats", 32 - 2)
yield textHandler(UInt8(self, "sync", 8), hexadecimal)
if self["sync"].value != 0x47:
raise ParserError("MPEG-2 TS: Invalid synchronization byte")
yield Bit(self, "has_error")
yield Bit(self, "payload_unit_start")
yield Bit(self, "priority")
yield Enum(
textHandler(Bits(self, "pid", 13, "Program identifier"),
hexadecimal), self.PID)
yield Bits(self, "scrambling_control", 2)
yield Bit(self, "has_adaptation")
yield Bit(self, "has_payload")
yield Bits(self, "counter", 4)
if self["has_adaptation"].value:
yield AdaptationField(self, "adaptation_field")
if self["has_payload"].value:
size = 188
if self._m2ts:
size += 4
size -= (self.current_size // 8)
yield RawBytes(self, "payload", size)
if self["has_error"].value:
yield RawBytes(self, "error_correction", 16)
def createFields(self):
yield String(self,
"header_id",
4,
"DataBase Header Markup (\"mhbd\")",
charset="ISO-8859-1")
yield UInt32(self, "header_length", "Header Length")
yield UInt32(self, "entry_length", "Entry Length")
yield UInt32(self, "unknown[]")
yield UInt32(self, "version_number", "Version Number")
yield UInt32(self, "child_number", "Number of Children")
yield UInt64(self, "id", "ID for this database")
yield UInt16(self, "unknown[]")
yield UInt32(self, "unknown[]")
yield UInt64(self, "unknown[]")
yield UInt16(self, "unknown[]")
yield UInt16(self, "hashing_scheme[]",
"Algorithm used to calculate the database hash")
yield NullBytes(self, "unknown[]", 20)
yield String(self, "language_id", 2, "Language ID")
yield UInt64(self, "persistent_id", "Library Persistent ID")
yield UInt32(self, "unknown[]")
yield UInt32(self, "unknown[]")
yield RawBytes(self, "hash[]", 20)
yield Int32(self, "timezone_offset[]", "Timezone offset in seconds")
yield UInt16(self, "unknown[]")
yield RawBytes(self, "iphone_hash[]", 45)
size = self["header_length"].value - self.current_size / 8
if size > 0:
yield NullBytes(self, "padding", size)
for i in range(self["child_number"].value):
yield DataSet(self, "dataset[]")
padding = self.seekByte(self["entry_length"].value, "entry padding")
if padding:
yield padding
def createFields(self):
yield RawBytes(self, "identifier", 4,
"some kind of marker (A0461DF0)")
yield UInt32(self, "size")
yield RawBytes(self, "unknown[]", 16)
yield RawBytes(self, "unknown[]", 1)
yield SubFile(self, "image", self["size"].value - 17, "Image Data")
def createFields(self):
yield UInt32(self, "size")
yield RawBytes(self, "tag", 4)
size = self["size"].value
if size == 1:
# 64-bit size
yield UInt64(self, "size64")
size = self["size64"].value - 16
elif size == 0:
# Unbounded atom
if self._size is None:
size = (self.parent.size - self.parent.current_size) // 8 - 8
else:
size = (self.size - self.current_size) // 8
else:
size = size - 8
if self['tag'].value == 'uuid':
yield GUID(self, "usertag")
tag = self["usertag"].value
size -= 16
else:
tag = self["tag"].value
if size > 0:
if tag in self.tag_info:
handler, name, desc = self.tag_info[tag]
yield handler(self, name, desc, size=size * 8)
else:
yield RawBytes(self, "data", size)
def createFields(self):
yield UInt8(self, "id_length", "Length of the image ID field")
yield UInt8(self, "palette_type", "Colormap present?")
yield Enum(UInt8(self, "codec", "Pixels encoding"), self.CODEC_NAME)
yield UInt16(self, "palette_ofs", "Palette absolute file offset")
yield UInt16(self, "nb_color", "Number of colors in the palette")
yield UInt8(self, "color_map_size", "Size of each palette entry")
yield UInt16(self, "x_min")
yield UInt16(self, "y_min")
yield UInt16(self, "width")
yield UInt16(self, "height")
yield UInt8(self, "bpp", "Bits per pixel")
yield Bits(self, "alpha_depth", 4, "Alpha channel depth")
yield Bit(
self, "x_flip",
"Flip across the X-axis? (If set, columns run right-to-left)")
yield Bit(self, "y_flip",
"Flip across the Y-axis? (If set, rows run top-to-bottom)")
yield RawBits(self, "reserved_flags", 2)
if self["id_length"].value:
yield RawBytes(self, "image_id", self["id_length"].value)
if self["palette_type"].value == 1:
yield PaletteRGB(self, "palette", 1 << self["bpp"].value)
if self["codec"] in (1, 2, 3):
yield Pixels(self, "pixels")
else:
size = (self.size - self.current_size) // 8
if size:
yield RawBytes(self, "raw_pixels", size)
def createFields(self):
yield Bytes(self, "magic", 8, "File magic (BOMStore)")
yield UInt32(self, "version") # ?
yield UInt32(self, "num_objects")
yield UInt32(self, "trailer_offset")
yield UInt32(self, "trailer_size")
yield UInt32(self, "header_offset")
yield UInt32(self, "header_size")
yield RawBytes(self, "object[]", 512 - 32, "Null object (size 0, offset 0)")
self.seekByte(self['trailer_offset'].value)
yield BomTrailer(self, "trailer")
self.seekByte(self['header_offset'].value)
yield RawBytes(self, "header", self['header_size'].value)
for entry in self['trailer'].array('entry'):
if entry['size'].value == 0:
continue
self.seekByte(entry['offset'].value)
yield RawBytes(self, "object[]", entry['size'].value)
for entry in self['trailer'].array('trail'):
self.seekByte(entry['offset'].value)
yield RawBytes(self, "trail[]", entry['size'].value)
def createFields(self):
yield UInt32(self, "size")
yield RawBytes(self, "format", 4, "Data Format (codec)")
yield NullBytes(self, "reserved[]", 6, "Reserved")
yield UInt16(self, "data_reference_index")
handler = findHandler(self)
if not handler:
raise ParserError("stsd couldn't find track handler")
if handler['subtype'].value == 'soun':
# yield from AudioSampleEntry(self) # PY3+
for field in AudioSampleEntry(self):
yield field
elif handler['subtype'].value == 'vide':
# yield from VisualSampleEntry(self) # PY3+
for field in VisualSampleEntry(self):
yield field
elif handler['subtype'].value == 'hint':
# Hint sample entry
pass
if self["format"].value in (b"enca", b"encv", b"mp4a", b"mp4v", b"mp4s", b"avc1"):
# MP4VisualSampleEntry, MP4AudioSampleEntry, MpegSampleEntry, EC3SampleEntry, AVCSampleEntry...
# all just have appended atoms
while not self.eof:
yield Atom(self, "atom[]")
else:
size = self['size'].value - self.current_size // 8
if size > 0:
yield RawBytes(self, "extra_data", size)
def createFields(self):
yield String(self,
"signature",
4,
"PSD signature (8BPS)",
charset="ASCII")
yield UInt16(self, "version")
yield NullBytes(self, "reserved[]", 6)
yield UInt16(self, "nb_channels")
yield UInt32(self, "width")
yield UInt32(self, "height")
yield UInt16(self, "depth")
yield Enum(UInt16(self, "color_mode"), self.COLOR_MODE)
# Mode data
yield UInt32(self, "mode_data_size")
size = self["mode_data_size"].value
if size:
yield RawBytes(self, "mode_data", size)
# Resources
yield Config(self, "config")
# Reserved
yield UInt32(self, "reserved_data_size")
size = self["reserved_data_size"].value
if size:
yield RawBytes(self, "reserved_data", size)
yield Enum(UInt16(self, "compression"), self.COMPRESSION_NAME)
size = (self.size - self.current_size) // 8
if size:
yield RawBytes(self, "end", size)
def createFields(self):
yield UInt32(self, "size")
self._size = (self['size'].value + 4) * 8
yield RawBytes(self, "unknown[]", 22)
yield UInt32(self, "count")
for i in xrange(self['count'].value):
yield RawBytes(self, "data[]", 12)
def createFields(self):
yield UInt32(self, "size")
self._size = (self['size'].value + 4) * 8
yield RawBytes(self, "unknown[]", 10)
yield AVCHDTimestamp(self, "last_modified")
yield RawBytes(self, "unknown[]", 2)
yield PascalString8(self, "date")
def createFields(self):
superblock = self["/superblock"]
# Compute number of block and inodes
block_count = superblock["blocks_per_group"].value
inode_count = superblock["inodes_per_group"].value
block_index = self.descriptor.uniq_id * block_count
inode_index = self.descriptor.uniq_id * inode_count
if (block_count % 8) != 0:
raise ParserError("Invalid block count")
if (inode_count % 8) != 0:
raise ParserError("Invalid inode count")
block_count = min(block_count, superblock[
"blocks_count"].value - block_index)
inode_count = min(inode_count, superblock[
"inodes_count"].value - inode_index)
bitmap_block_size = self.root.block_size * 8
block_bitmap_size = (block_count + bitmap_block_size -
1) // bitmap_block_size * bitmap_block_size
inode_bitmap_size = (inode_count + bitmap_block_size -
1) // bitmap_block_size * bitmap_block_size
self.seekBlock(self.descriptor["block_bitmap"].value)
yield BlockBitmap(self, "block_bitmap", block_index, block_count, block_bitmap_size, "Block bitmap")
self.seekBlock(self.descriptor["inode_bitmap"].value)
yield InodeBitmap(self, "inode_bitmap", inode_index, inode_count, inode_bitmap_size, "Inode bitmap")
self.seekBlock(self.descriptor["inode_table"].value)
yield InodeTable(self, "inode_table", inode_index, inode_count)
inode_bitmap = self['inode_bitmap']
for i, inode in enumerate(self['inode_table'].array('inode')):
if not inode_bitmap['item[%d]' % i].value:
continue
if inode['blocks'].value == 0:
continue
blocks = inode.array('block')
for b in range(12):
if not blocks[b].value:
continue
self.seekBlock(blocks[b].value)
yield RawBytes(self, "inode[%d]block[]" % i, self.root.block_size)
if blocks[12].value:
# indirect block
self.seekBlock(blocks[12].value)
indirect = IndirectBlock(self, "inode[%d]indirect" % i, self.root.block_size)
yield indirect
for b in indirect.array('block'):
if not b.value:
continue
self.seekBlock(b.value)
yield RawBytes(self, "inode[%d]block[]" % i, self.root.block_size)
if blocks[13].value:
# TODO: double-indirect block
pass
if blocks[14].value:
# TODO: triple-indirect block
pass
def createFields(self):
yield textHandler(UInt32(self, "crc32"), hexadecimal)
yield UInt16(self, "size")
yield UInt16(
self, "uncompressed_size",
"If this is 0, this block is continued in a subsequent cabinet")
if self["/flags/has_reserved"].value and self[
"/reserved_data_size"].value:
yield RawBytes(self, "reserved_data",
self["/reserved_data_size"].value,
"Per-datablock reserved area")
compr_method = self.parent.folder["compr_method"].value
if compr_method == 0: # Uncompressed
yield RawBytes(self, "data", self["size"].value, "Folder Data")
self.parent.uncompressed_data += self["data"].value
elif compr_method == 1: # MSZIP
yield String(self, "mszip_signature", 2, "MSZIP Signature (CK)")
yield DeflateBlock(self, "deflate_block",
self.parent.uncompressed_data)
padding = paddingSize(self.current_size, 8)
if padding:
yield PaddingBits(self, "padding[]", padding)
self.parent.uncompressed_data = self["deflate_block"].uncomp_data
elif compr_method == 2: # Quantum
yield RawBytes(self, "compr_data", self["size"].value,
"Compressed Folder Data")
elif compr_method == 3: # LZX
group = getattr(self.parent.folder, "lzx_group", None)
field = CustomFragment(self, "data", self["size"].value * 8,
LZXStream, "LZX data fragment", group)
if group is None:
field.group.args["compr_level"] = self.parent.folder[
"compr_level"].value
self.parent.folder.lzx_group = field.group
yield field
def createFields(self):
yield Enum(UInt16(self, "WindowsVersion"), self.PRODUCT_VERSION)
yield UInt16(self, "FileVersion")
yield GUID(self, "JobUUID")
yield UInt16(self, "AppNameOffset", "App Name Length Offset")
yield UInt16(self, "TriggerOffset", "Contains the offset in bytes within the .JOB file where the task triggers are located.")
yield UInt16(self, "ErrorRetryCount", "Contains the number of execute attempts that are attempted for the task if the task fails to start.")
yield UInt16(self, "ErrorRetryInterval", "Contains the interval, in minutes, between successive retries")
yield UInt16(self, "IdleDeadline", "Contains a maximum time in minutes to wait for the machine to become idle for Idle Wait minutes.")
yield UInt16(self, "IdleWait", "Contains a value in minutes. The machine remains idle for this many minutes before it runs the task")
yield UInt32(self, "Priority")
yield UInt32(self, "MaxRunTime", "Maximum run time in milliseconds")
yield UInt32(self, "ExitCode", "This contains the exit code of the executed task upon the completion of that task.")
yield Enum(UInt32(self, "Status"), self.TASK_STATUS)
yield Bit(self, "Interactive", "Can Task interact with user?")
yield Bit(self, "DeleteWhenDone", "Remove the task file when done?")
yield Bit(self, "Disabled", "Is Task disabled?")
yield Bit(self, "StartOnlyIfIdle", "Task begins only if computer is not in use at the scheduled time")
yield Bit(self, "KillOnIdleEnd", "Kill task if user input is detected, terminating idle state?")
yield Bit(self, "DontStartIfOnBatteries")
yield Bit(self, "KillIfGoingOnBatteries")
yield Bit(self, "RunOnlyIfDocked")
yield Bit(self, "HiddenTask")
yield Bit(self, "RunIfConnectedToInternet")
yield Bit(self, "RestartOnIdleResume")
yield Bit(self, "SystemRequired", "Can task cause system to resume or awaken if system is sleeping?")
yield Bit(self, "OnlyIfUserLoggedOn")
yield Bit(self, "ApplicationNameExists", "Does task have an application name defined?")
yield Bit(self, "Unused[]")
yield Bit(self, "Unused[]")
yield RawBytes(self, "flags", 2)
yield UInt16(self, "LastRunYear")
yield UInt16(self, "LastRunMonth")
yield UInt16(self, "LastRunWeekday", "Sunday=0,Saturday=6")
yield UInt16(self, "LastRunDay")
yield UInt16(self, "LastRunHour")
yield UInt16(self, "LastRunMinute")
yield UInt16(self, "LastRunSecond")
yield UInt16(self, "LastRunMillisecond")
yield UInt16(self, "RunningInstanceCount")
yield PascalStringWin16(self, "AppNameLength", strip='\0')
yield PascalStringWin16(self, "Parameters", strip='\0')
yield PascalStringWin16(self, "WorkingDirectory", strip='\0')
yield PascalStringWin16(self, "Author", strip='\0')
yield PascalStringWin16(self, "Comment", strip='\0')
yield UInt16(self, "UserDataSize")
# todo: read optional userdata
yield UInt16(self, "ReservedDataSize")
if self["ReservedDataSize"].value == 8:
yield Enum(UInt32(self, "StartError", "contains the HRESULT error from the most recent attempt to start the task"), self.TASK_STATUS)
yield UInt32(self, "TaskFlags")
elif self["ReservedDataSize"].value:
yield RawBytes(self, "Reserved", self["ReservedDataSize"].value)
yield UInt16(self, "TriggerCount", "size of the array of triggers")
for i in range(self["TriggerCount"].value):
yield TaskTrigger(self, "Trigger[]")
def createFields(self):
# Header
yield Header(self, "header")
# Secure Area
if self["header"]["arm9_source"].value >= 0x4000 and self["header"][
"arm9_source"].value < 0x8000:
secStart = self["header"]["arm9_source"].value & 0xfffff000
self.seekByte(secStart, relative=False)
yield SecureArea(self, "secure_area", size=0x8000 - secStart)
# ARM9 binary
self.seekByte(self["header"]["arm9_source"].value, relative=False)
yield RawBytes(self, "arm9_bin", self["header"]["arm9_bin_size"].value)
# ARM7 binary
self.seekByte(self["header"]["arm7_source"].value, relative=False)
yield RawBytes(self, "arm7_bin", self["header"]["arm7_bin_size"].value)
# File Name Table
if self["header"]["filename_table_size"].value > 0:
self.seekByte(self["header"]["filename_table_offset"].value,
relative=False)
yield FileNameTable(
self,
"filename_table",
size=self["header"]["filename_table_size"].value * 8)
# FAT
if self["header"]["fat_size"].value > 0:
self.seekByte(self["header"]["fat_offset"].value, relative=False)
yield FATContent(self,
"fat_content",
size=self["header"]["fat_size"].value * 8)
# banner
if self["header"]["banner_offset"].value > 0:
self.seekByte(self["header"]["banner_offset"].value,
relative=False)
yield Banner(self, "banner")
# ARM9 overlays
if self["header"]["arm9_overlay_src"].value > 0:
self.seekByte(self["header"]["arm9_overlay_src"].value,
relative=False)
numOvls = self["header"]["arm9_overlay_size"].value // (8 * 4)
for i in range(numOvls):
yield Overlay(self, "arm9_overlay[]")
# files
if self["header"]["fat_size"].value > 0:
for field in self["fat_content"]:
if field["end"].value > field["start"].value:
self.seekByte(field["start"].value, relative=False)
yield SubFile(self, "file[]",
field["end"].value - field["start"].value)
def createFields(self):
yield UInt32(self, "size")
yield UInt32(self, "index")
yield Bits(self, "flags", 8)
yield RawBytes(self, "unknown[]", 5)
yield UInt16(self, "unknown[]")
yield CString(self, "name", charset="UTF-16-LE")
if self.current_size // 8 != self['size'].value:
yield RawBytes(self, "padding",
self['size'].value - self.current_size // 8)
def parseEBML(self):
yield Unsigned(self, 'size')
for i in range(1, self.n_frames):
yield Signed(self, 'dsize[]')
size = self['size'].value
yield RawBytes(self, 'frame[]', size)
for i in range(self.n_frames - 1):
size += self['dsize[' + str(i) + ']'].value
yield RawBytes(self, 'frame[]', size)
yield RawBytes(self, 'frame[]', (self._size - self.current_size) // 8)
def createFields(self):
yield String(self, "magic", 4, "Signature (BLP1)")
yield Enum(UInt32(self, "compression"), {
0: "JPEG Compression",
1: "Uncompressed"
})
yield UInt32(self, "flags")
yield UInt32(self, "width")
yield UInt32(self, "height")
yield Enum(
UInt32(self, "type"), {
3: "Uncompressed Index List + Alpha List",
4: "Uncompressed Index List + Alpha List",
5: "Uncompressed Index List"
})
yield UInt32(self, "subtype")
for i in range(16):
yield UInt32(self, "mipmap_offset[]")
for i in range(16):
yield UInt32(self, "mipmap_size[]")
compression = self["compression"].value
image_type = self["type"].value
width = self["width"].value
height = self["height"].value
if compression == 0: # JPEG Compression
yield UInt32(self, "jpeg_header_len")
yield RawBytes(self, "jpeg_header", self["jpeg_header_len"].value,
"Shared JPEG Header")
else:
yield PaletteRGBA(self, "palette", 256)
offsets = self.array("mipmap_offset")
sizes = self.array("mipmap_size")
for i in range(16):
if not offsets[i].value or not sizes[i].value:
continue
padding = self.seekByte(offsets[i].value)
if padding:
yield padding
if compression == 0:
yield RawBytes(
self, "mipmap[%i]" % i, sizes[i].value,
"JPEG data, append to header to recover complete image")
elif compression == 1:
yield Generic2DArray(self, "mipmap_indexes[%i]" % i, width,
height, PaletteIndex, "row", "index",
"Indexes into the palette")
if image_type in (3, 4):
yield Generic2DArray(self, "mipmap_alphas[%i]" % i, width,
height, UInt8, "row", "alpha",
"Alpha values")
width /= 2
height /= 2
def createFields(self):
yield UInt32(self, "inodes_count", "Total inode count")
yield UInt32(self, "blocks_count", "Total block count")
yield UInt32(self, "r_blocks_count", "Reserved (superuser-only) block count")
yield UInt32(self, "free_blocks_count", "Free block count")
yield UInt32(self, "free_inodes_count", "Free inode count")
yield UInt32(self, "first_data_block", "First data block")
yield UInt32(self, "log_block_size", "Block size = 2**(10+log_block_size)")
yield UInt32(self, "log_frag_size", "Cluster size = 2**log_frag_size")
yield UInt32(self, "blocks_per_group", "Blocks per group")
yield UInt32(self, "frags_per_group", "Fragments per group")
yield UInt32(self, "inodes_per_group", "Inodes per group")
yield TimestampUnix32(self, "mtime", "Mount time")
yield TimestampUnix32(self, "wtime", "Write time")
yield UInt16(self, "mnt_count", "Mount count since the last fsck")
yield UInt16(self, "max_mnt_count", "Max mount count before fsck is needed")
yield UInt16(self, "magic", "Magic number (0xEF53)")
yield Enum(UInt16(self, "state", "File system state"), self.state_desc)
yield Enum(UInt16(self, "errors", "Behaviour when detecting errors"), self.error_handling_desc)
yield UInt16(self, "minor_rev_level", "Minor revision level")
yield TimestampUnix32(self, "last_check", "Time of last check")
yield textHandler(UInt32(self, "check_interval", "Maximum time between checks"), self.postMaxTime)
yield Enum(UInt32(self, "creator_os", "Creator OS"), self.os_name)
yield Enum(UInt32(self, "rev_level", "Revision level"), self.revision_levels)
yield UInt16(self, "def_resuid", "Default uid for reserved blocks")
yield UInt16(self, "def_resgid", "Default gid for reserved blocks")
yield UInt32(self, "first_ino", "First non-reserved inode")
yield UInt16(self, "inode_size", "Size of inode structure")
yield UInt16(self, "block_group_nr", "Block group # of this superblock")
yield FeatureCompatFlags(self, "feature_compat", "Compatible feature set (can mount even if these features are unsupported)")
yield FeatureIncompatFlags(self, "feature_incompat", "Incompatible feature set (must support all features to mount)")
yield FeatureROCompatFlags(self, "feature_ro_compat", "Read-only compatible feature set (can only mount r/o if a feature is unsupported)")
yield UUID(self, "uuid", "128-bit UUID for volume")
yield String(self, "volume_name", 16, "Volume name", strip="\0")
yield String(self, "last_mounted", 64, "Directory where last mounted", strip="\0")
yield UInt32(self, "compression", "For compression (algorithm usage bitmap)")
yield UInt8(self, "prealloc_blocks", "Number of blocks to try to preallocate")
yield UInt8(self, "prealloc_dir_blocks", "Number to preallocate for directories")
yield UInt16(self, "reserved_gdt_blocks", "Number of reserved GDT entries for future expansion")
yield RawBytes(self, "journal_uuid", 16, "UUID of journal superblock")
yield UInt32(self, "journal_inum", "Inode number of journal file")
yield UInt32(self, "journal_dev", "Device number of journal file (if ext_journal feature is set)")
yield UInt32(self, "last_orphan", "Start of list of orphaned inodes to delete")
# ext3 stuff
yield RawBytes(self, "hash_seed", 16, "Seeds used for the directory indexing hash algorithm")
yield Enum(UInt8(self, "def_hash_version", "Default hash version for directory indexing"),
self.htree_hash_algo_desc)
yield UInt8(self, "jnl_backup_type", "Does jnl_blocks contain a backup of i_block and i_size?")
yield UInt16(self, "desc_size", "Size of group descriptors (if 64bit feature is set)")
yield DefaultMountOptionFlags(self, "default_mount_opts", "Default mount options")
yield UInt32(self, "first_meta_bg", "First metablock block group (if meta_bg feature is set)")
yield TimestampUnix32(self, "mkfs_time", "When the filesystem was created")
yield RawBytes(self, "jnl_blocks", 17 * 4, "Backup of the journal inode's i_block and i_size")
yield PaddingBytes(self, "reserved[]", (1024 << self['log_block_size'].value) - self.current_size // 8)
def createFields(self):
yield UInt16(self, "size")
self._size = (self['size'].value + 2) * 8
yield Bytes(self, "clip_id", 5)
yield Bytes(self, "clip_type", 4)
yield RawBytes(self, "unknown[]", 3)
yield UInt32(self, "clip_start_time[]",
"clip start time (units unknown)")
yield UInt32(self, "clip_end_time[]", "clip end time (units unknown)")
yield RawBytes(self, "unknown[]", 10)
yield AVCHDMPLS_PlayItem(self, "playitem")
def createFields(self):
yield Enum(UInt8(self, "type", "Volume descriptor type"),
self.type_name)
yield RawBytes(self, "signature", 5, "ISO 9960 signature (CD001)")
if self["signature"].value != b"CD001":
raise ParserError("Invalid ISO 9960 volume signature")
yield UInt8(self, "version", "Volume descriptor version")
cls = self.content_handler.get(self["type"].value, None)
if cls:
yield cls(self, "content")
else:
yield RawBytes(self, "raw_content", 2048 - 7)
def createFields(self):
yield textHandler(UInt64(self, "id"), hexadecimal)
if self["id"].value == 0xe7ffdeffe7ffdeff: # indicates that secure area is decrypted
yield Bytes(self, "fixed[]", 6) # always \xff\xde\xff\xe7\xff\xde
yield Crc16(
self, "header_crc16",
self.stream.readBytes(self.absolute_address + (16 * 8),
2048 - 16))
yield RawBytes(self, "unknown[]", 2048 - 16 - 2)
yield Bytes(self, "fixed[]", 2) # always \0\0
else:
yield RawBytes(self, "encrypted[]", 2048 - 8)
def createFields(self):
yield UInt8(self, "version")
yield NullBits(self, "flags", 24)
yield RawBytes(self, "SystemID", 16)
if self["version"].value > 0:
yield UInt32(self, "KID_Count")
for i in range(self["KID_Count"].value):
yield RawBytes(self, "KID[]", 16)
yield UInt32(self, "DataSize")
yield RawBytes(self, "Data", self["DataSize"].value)
def createFields(self):
yield Bytes(self, "signature", 4, "Usually the magic is 'FILE'")
yield UInt16(self, "usa_offset", "Update Sequence Array offset")
yield UInt16(self, "usa_count", "Update Sequence Array count")
yield UInt64(self, "lsn", "$LogFile sequence number for this record")
yield UInt16(self, "sequence_number",
"Number of times this mft record has been reused")
yield UInt16(self, "link_count", "Number of hard links")
yield UInt16(self, "attrs_offset",
"Byte offset to the first attribute")
yield MFT_Flags(self, "flags")
yield UInt32(self, "bytes_in_use",
"Number of bytes used in this record")
yield UInt32(self, "bytes_allocated",
"Number of bytes allocated for this record")
yield UInt64(self, "base_mft_record")
yield UInt16(self, "next_attr_instance")
# The below fields are specific to NTFS 3.1+ (Windows XP and above)
yield NullBytes(self, "reserved", 2)
yield UInt32(self, "mft_record_number", "Number of this mft record")
if self["usa_offset"].value:
padding = self.seekByte(self["usa_offset"].value, relative=True)
if padding:
yield padding
yield UInt16(self, "usa_number")
for i in range(self["usa_count"].value):
yield UInt16(self, "usa_value[]")
padding = self.seekByte(self["attrs_offset"].value, relative=True)
if padding:
yield padding
while not self.eof:
addr = self.absolute_address + self.current_size
if self.stream.readBytes(addr, 4) == b"\xFF\xFF\xFF\xFF":
yield Bytes(self, "attr_end_marker", 8)
break
yield Attribute(self, "attr[]")
size = self["bytes_in_use"].value - self.current_size // 8
if size:
yield RawBytes(self, "end_rawdata", size)
size = (self.size - self.current_size) // 8
if size:
yield RawBytes(self, "end_padding", size,
"Unused but allocated bytes")
def createFields(self):
yield UInt8(self, "version")
yield NullBits(self, "flags", 24)
yield NullBits(self, "reserved", 8)
if self["version"].value == 0:
yield NullBits(self, "reserved2", 8)
else:
yield Bits(self, "default_crypt_byte_block", 4)
yield Bits(self, "default_skip_byte_block", 4)
yield UInt8(self, "default_isProtected")
yield UInt8(self, "default_Per_sample_IV_Size")
yield RawBytes(self, "default_KID", 16)
if self["default_isProtected"].value == 1 and self["default_Per_sample_IV_Size"].value == 0:
yield UInt8(self, "default_constant_IV_size")
yield RawBytes(self, "default_constant_IV", self["default_constant_IV_size"].value)
def createFields(self):
yield UInt8(self, "version")
yield UInt24(self, "flags")
yield RawBytes(self, "scheme_type", 4)
yield UInt32(self, "scheme_version")
if self["flags"].value & 0x1:
yield CString(self, "scheme_uri")
def fileBody(s):
# File compressed data
size = s["compressed_size"].value
if s["flags/is_large"].value:
size += s["large_size"].value
if size > 0:
yield RawBytes(s, "compressed_data", size, "File compressed data")
def createFields(self):
yield RawBytes(self, "IV", 8) # TODO: Per_Sample_IV_Size
if self["../flags"].value & 0x2:
yield UInt16(self, "subsample_count")
for i in range(self["subsample_count"].value):
yield UInt16(self, "BytesOfClearData[]")
yield UInt32(self, "ByteOfProtectedData[]")
def createFields(self):
yield UInt16(self, "size", "Node size (in bytes)")
yield UInt16(self, "data_size")
yield Enum(UInt16(self, "type"), self.TYPE_NAME)
yield CString(self, "name", charset="UTF-16-LE")
size = paddingSize(self.current_size // 8, 4)
if size:
yield NullBytes(self, "padding[]", size)
size = self["data_size"].value
if size:
if self["type"].value == self.TYPE_STRING:
if self.is_32bit:
size *= 2
yield String(self,
"value",
size,
charset="UTF-16-LE",
truncate="\0")
elif self["name"].value == "VS_VERSION_INFO":
yield VersionInfoBinary(self, "value", size=size * 8)
if self["value/file_flags_mask"].value == 0:
self.is_32bit = False
else:
yield RawBytes(self, "value", size)
while 12 <= (self.size - self.current_size) // 8:
yield VersionInfoNode(self, "node[]", self.is_32bit)
size = (self.size - self.current_size) // 8
if size:
yield NullBytes(self, "padding[]", size)
def createFields(self):
yield Unsigned(self, 'track')
yield Int16(self, 'timecode')
if self.parent._name == 'Block':
yield NullBits(self, 'reserved[]', 4)
yield Bit(self, 'invisible')
yield self.lacing()
yield NullBits(self, 'reserved[]', 1)
elif self.parent._name.startswith('SimpleBlock'):
yield Bit(self, 'keyframe')
yield NullBits(self, 'reserved', 3)
yield Bit(self, 'invisible')
yield self.lacing()
yield Bit(self, 'discardable')
else:
yield NullBits(self, 'reserved', 8)
return
size = (self._size - self.current_size) // 8
lacing = self['lacing'].value
if lacing:
yield textHandler(GenericInteger(self, 'n_frames', False, 8),
lambda chunk: str(chunk.value + 1))
yield Lace(self, lacing - 1, size - 1)
else:
yield RawBytes(self, 'frame', size)
def createFields(self):
yield UInt32(self, "size")
yield String(self, "name", 22, charset="ASCII", strip=" \0")
# Doc says type is always 0, but I've found values of 24 and 96 for
# the _same_ song here, just different download sources for the file
yield UInt8(self, "type")
yield UInt16(self, "samples")
num = self["samples"].value
self.info(self.createDescription())
if num:
yield InstrumentSecondHeader(self, "second_header")
for field in self.fixInstrumentHeader():
yield field
# This part probably wrong
sample_size = []
for index in xrange(num):
sample = SampleHeader(self, "sample_header[]")
yield sample
sample_size.append(sample["length"].value)
for size in sample_size:
if size:
yield RawBytes(self, "sample_data[]", size, "Deltas")
else:
for field in self.fixInstrumentHeader():
yield field
