def createFields(self):
# Access flags (16 bits)
yield NullBits(self, "reserved[]", 4)
yield Bit(self, "strict")
yield Bit(self, "abstract")
yield NullBits(self, "reserved[]", 1)
yield Bit(self, "native")
yield NullBits(self, "reserved[]", 2)
yield Bit(self, "synchronized")
yield Bit(self, "final")
yield Bit(self, "static")
yield Bit(self, "protected")
yield Bit(self, "private")
yield Bit(self, "public")
yield CPIndex(self, "name_index", "Method name", target_types="Utf8")
yield CPIndex(self,
"descriptor_index",
"Method descriptor",
target_types="Utf8",
target_text_handler=parse_method_descriptor)
yield UInt16(self, "attributes_count", "Number of method attributes")
if self["attributes_count"].value > 0:
yield FieldArray(self, "attributes", AttributeInfo,
self["attributes_count"].value)
def createFields(self):
if self.root.endian == BIG_ENDIAN:
if self.root.is64bit:
yield RawBits(self, "reserved[]", 32)
yield RawBits(self, "processor_specific", 4,
"Processor specific flags")
yield NullBits(self, "reserved[]", 17)
yield Bit(self, "is_tls", "Section contains TLS data?")
yield NullBits(self, "reserved[]", 7)
yield Bit(self, "is_exec",
"Section contains executable instructions?")
yield Bit(self, "is_alloc", "Section occupies memory?")
yield Bit(self, "is_writable", "Section contains writable data?")
else:
yield Bit(self, "is_writable", "Section contains writable data?")
yield Bit(self, "is_alloc", "Section occupies memory?")
yield Bit(self, "is_exec",
"Section contains executable instructions?")
yield NullBits(self, "reserved[]", 7)
yield Bit(self, "is_tls", "Section contains TLS data?")
yield RawBits(self, "processor_specific", 4,
"Processor specific flags")
yield NullBits(self, "reserved[]", 17)
if self.root.is64bit:
yield RawBits(self, "reserved[]", 32)
def createFields(self):
yield Unsigned(self, 'track')
yield Int16(self, 'timecode')
if self.parent._name == 'Block':
yield NullBits(self, 'reserved[]', 4)
yield Bit(self, 'invisible')
yield self.lacing()
yield NullBits(self, 'reserved[]', 1)
elif self.parent._name == 'SimpleBlock[]':
yield Bit(self, 'keyframe')
yield NullBits(self, 'reserved', 3)
yield Bit(self, 'invisible')
yield self.lacing()
yield Bit(self, 'discardable')
else:
yield NullBits(self, 'reserved', 8)
return
size = (self._size - self.current_size) / 8
lacing = self['lacing'].value
if lacing:
yield GenericInteger(self, 'n_frames', False, 8, \
text_handler = lambda chunk: str(chunk.value+1))
yield Lace(self, lacing - 1, size - 1)
else:
yield RawBytes(self, 'frame', size)
def createFields(self):
yield Bits(self, "version", 4, "Version")
yield Bits(self, "hdr_size", 4, "Header size divided by 5")
# Type of service
yield Enum(Bits(self, "precedence", 3, "Precedence"),
self.precedence_name)
yield Bit(self, "low_delay", "If set, low delay, else normal delay")
yield Bit(self, "high_throu",
"If set, high throughput, else normal throughput")
yield Bit(self, "high_rel", "If set, high relibility, else normal")
yield NullBits(self, "reserved[]", 2, "(reserved for future use)")
yield UInt16(self, "length")
yield UInt16(self, "id")
yield NullBits(self, "reserved[]", 1)
yield Bit(self, "df", "Don't fragment")
yield Bit(self, "more_frag",
"There are more fragments? if not set, it's the last one")
yield Bits(self, "frag_ofst_lo", 5)
yield UInt8(self, "frag_ofst_hi")
yield UInt8(self, "ttl", "Type to live")
yield Enum(UInt8(self, "protocol"), self.PROTOCOL_NAME)
yield textHandler(UInt16(self, "checksum"), hexadecimal)
yield IPv4_Address(self, "src")
yield IPv4_Address(self, "dst")
size = (self.size - self.current_size) // 8
if size:
yield RawBytes(self, "options", size)
def parseAviHeader(self):
yield UInt32(self, "microsec_per_frame", "Microsecond per frame")
yield UInt32(self, "max_byte_per_sec", "Maximum byte per second")
yield NullBytes(self, "reserved", 4)
# Flags
yield NullBits(self, "reserved[]", 4)
yield Bit(self, "has_index")
yield Bit(self, "must_use_index")
yield NullBits(self, "reserved[]", 2)
yield Bit(self, "is_interleaved")
yield NullBits(self, "reserved[]", 2)
yield Bit(self, "trust_cktype")
yield NullBits(self, "reserved[]", 4)
yield Bit(self, "was_capture_file")
yield Bit(self, "is_copyrighted")
yield NullBits(self, "reserved[]", 14)
yield UInt32(self, "total_frame", "Total number of frames in the video")
yield UInt32(self, "init_frame", "Initial frame (used in interleaved video)")
yield UInt32(self, "nb_stream", "Number of streams")
yield UInt32(self, "sug_buf_size", "Suggested buffer size")
yield UInt32(self, "width", "Width in pixel")
yield UInt32(self, "height", "Height in pixel")
yield UInt32(self, "scale")
yield UInt32(self, "rate")
yield UInt32(self, "start")
yield UInt32(self, "length")
def createFields(self):
# Gzip header
yield Bytes(self, "signature", 2, r"GZip file signature (\x1F\x8B)")
yield Enum(UInt8(self, "compression", "Compression method"),
self.COMPRESSION_NAME)
# Flags
yield Bit(self, "is_text", "File content is probably ASCII text")
yield Bit(self, "has_crc16", "Header CRC16")
yield Bit(self, "has_extra", "Extra informations (variable size)")
yield Bit(self, "has_filename", "Contains filename?")
yield Bit(self, "has_comment", "Contains comment?")
yield NullBits(self, "reserved[]", 3)
yield TimestampUnix32(self, "mtime", "Modification time")
# Extra flags
yield NullBits(self, "reserved[]", 1)
yield Bit(self, "slowest",
"Compressor used maximum compression (slowest)")
yield Bit(self, "fastest", "Compressor used the fastest compression")
yield NullBits(self, "reserved[]", 5)
yield Enum(UInt8(self, "os", "Operating system"), self.os_name)
# Optional fields
if self["has_extra"].value:
yield UInt16(self, "extra_length", "Extra length")
yield RawBytes(self, "extra", self["extra_length"].value, "Extra")
if self["has_filename"].value:
yield CString(self, "filename", "Filename", charset="ISO-8859-1")
if self["has_comment"].value:
yield CString(self, "comment", "Comment")
if self["has_crc16"].value:
yield textHandler(UInt16(self, "hdr_crc16", "CRC16 of the header"),
hexadecimal)
if self._size is None: # TODO: is it possible to handle piped input?
raise NotImplementedError()
# Read file
size = (self._size - self.current_size) // 8 - 8 # -8: crc32+size
if 0 < size:
if self["has_filename"].value:
filename = self["filename"].value
else:
for tag, filename in self.stream.tags:
if tag == "filename" and filename.endswith(".gz"):
filename = filename[:-3]
break
else:
filename = None
yield Deflate(SubFile(self, "file", size, filename=filename))
# Footer
yield textHandler(
UInt32(self, "crc32", "Uncompressed data content CRC32"),
hexadecimal)
yield filesizeHandler(UInt32(self, "size", "Uncompressed size"))
def createFields(self):
if self.root.endian == BIG_ENDIAN:
yield NullBits(self, "padding[]", 29)
for fld, desc in self.FLAGS:
yield Bit(self, fld, "Segment is " + desc)
else:
for fld, desc in reversed(self.FLAGS):
yield Bit(self, fld, "Segment is " + desc)
yield NullBits(self, "padding[]", 29)
def createFields(self):
yield textHandler(
UInt32(self, "magic", "Java compiled class signature"),
hexadecimal)
yield UInt16(self, "minor_version", "Class format minor version")
yield UInt16(self, "major_version", "Class format major version")
yield UInt16(self, "constant_pool_count", "Size of the constant pool")
if self["constant_pool_count"].value > 1:
#yield FieldArray(self, "constant_pool", CPInfo,
# (self["constant_pool_count"].value - 1), first_index=1)
# Mmmh... can't use FieldArray actually, because ConstantPool
# requires some specific hacks (skipping some indexes after Long
# and Double entries).
yield ConstantPool(self, "constant_pool",
(self["constant_pool_count"].value))
# Inner class access flags (16 bits)
yield NullBits(self, "reserved[]", 5)
yield Bit(self, "abstract")
yield Bit(self, "interface")
yield NullBits(self, "reserved[]", 3)
yield Bit(self, "super")
yield Bit(self, "final")
yield Bit(self, "static")
yield Bit(self, "protected")
yield Bit(self, "private")
yield Bit(self, "public")
yield CPIndex(self, "this_class", "Class name", target_types="Class")
yield CPIndex(self,
"super_class",
"Super class name",
target_types="Class")
yield UInt16(self, "interfaces_count",
"Number of implemented interfaces")
if self["interfaces_count"].value > 0:
yield FieldArray(self,
"interfaces",
CPIndex,
self["interfaces_count"].value,
target_types="Class")
yield UInt16(self, "fields_count", "Number of fields")
if self["fields_count"].value > 0:
yield FieldArray(self, "fields", FieldInfo,
self["fields_count"].value)
yield UInt16(self, "methods_count", "Number of methods")
if self["methods_count"].value > 0:
yield FieldArray(self, "methods", MethodInfo,
self["methods_count"].value)
yield UInt16(self, "attributes_count", "Number of attributes")
if self["attributes_count"].value > 0:
yield FieldArray(self, "attributes", AttributeInfo,
self["attributes_count"].value)
def createFields(self):
yield UInt8(self, "version")
yield NullBits(self, "flags", 24)
yield NullBits(self, "reserved[]", 24)
yield UInt8(self, "field_size",
"Size of each entry in this table, in bits")
yield UInt32(self, "count", description="Number of samples")
bitsize = self['field_size'].value
for i in xrange(self['count'].value):
yield Bits(self, "sample_size[]", bitsize)
if self.current_size % 8 != 0:
yield NullBits(self, "padding[]", 8 - (self.current_size % 8))
def createFields(self):
yield Bytes(self, "signature", 2, "New executable signature (NE)")
yield UInt8(self, "link_ver", "Linker version number")
yield UInt8(self, "link_rev", "Linker revision number")
yield UInt16(self, "entry_table_ofst", "Offset to the entry table")
yield UInt16(self, "entry_table_size", "Length (in bytes) of the entry table")
yield PaddingBytes(self, "reserved[]", 4)
yield Bit(self, "is_dll", "Is a dynamic-link library (DLL)?")
yield Bit(self, "is_win_app", "Is a Windows application?")
yield PaddingBits(self, "reserved[]", 9)
yield Bit(self, "first_seg_code", "First segment contains code that loads the application?")
yield NullBits(self, "reserved[]", 1)
yield Bit(self, "link_error", "Load even if linker detects errors?")
yield NullBits(self, "reserved[]", 1)
yield Bit(self, "is_lib", "Is a library module?")
yield UInt16(self, "auto_data_seg", "Automatic data segment number")
yield filesizeHandler(UInt16(self, "local_heap_size", "Initial size (in bytes) of the local heap"))
yield filesizeHandler(UInt16(self, "stack_size", "Initial size (in bytes) of the stack"))
yield textHandler(UInt32(self, "cs_ip", "Value of CS:IP"), hexadecimal)
yield textHandler(UInt32(self, "ss_sp", "Value of SS:SP"), hexadecimal)
yield UInt16(self, "nb_entry_seg_tab", "Number of entries in the segment table")
yield UInt16(self, "nb_entry_modref_tab", "Number of entries in the module-reference table")
yield filesizeHandler(UInt16(self, "size_nonres_name_tab", "Number of bytes in the nonresident-name table"))
yield UInt16(self, "seg_tab_ofs", "Segment table offset")
yield UInt16(self, "rsrc_ofs", "Resource offset")
yield UInt16(self, "res_name_tab_ofs", "Resident-name table offset")
yield UInt16(self, "mod_ref_tab_ofs", "Module-reference table offset")
yield UInt16(self, "import_tab_ofs", "Imported-name table offset")
yield UInt32(self, "non_res_name_tab_ofs", "Nonresident-name table offset")
yield UInt16(self, "nb_mov_ent_pt", "Number of movable entry points")
yield UInt16(self, "log2_sector_size", "Log2 of the segment sector size")
yield UInt16(self, "nb_rsrc_seg", "Number of resource segments")
yield Bit(self, "unknown_os_format", "Operating system format is unknown")
yield PaddingBits(self, "reserved[]", 1)
yield Bit(self, "os_windows", "Operating system is Microsoft Windows")
yield NullBits(self, "reserved[]", 6)
yield Bit(self, "is_win20_prot", "Is Windows 2.x application running in version 3.x protected mode")
yield Bit(self, "is_win20_font", "Is Windows 2.x application supporting proportional fonts")
yield Bit(self, "fast_load", "Contains a fast-load area?")
yield NullBits(self, "reserved[]", 4)
yield UInt16(self, "fastload_ofs", "Fast-load area offset (in sector)")
yield UInt16(self, "fastload_size", "Fast-load area length (in sector)")
yield NullBytes(self, "reserved[]", 2)
yield textHandler(UInt16(self, "win_version", "Expected Windows version number"), hexadecimal)
def createFields(self):
yield String(self,
"signature",
3,
"FLV format signature",
charset="ASCII")
yield UInt8(self, "version")
yield NullBits(self, "reserved[]", 5)
yield Bit(self, "type_flags_audio")
yield NullBits(self, "reserved[]", 1)
yield Bit(self, "type_flags_video")
yield UInt32(self, "data_offset")
def createFields(self):
yield UInt16(self, "left", "Left")
yield UInt16(self, "top", "Top")
yield UInt16(self, "width", "Width")
yield UInt16(self, "height", "Height")
yield Bits(self, "size_local_map", 3,
"log2(size of local map) minus one")
yield NullBits(self, "reserved", 2)
yield Bit(self, "sort_flag",
"Is the local map sorted by decreasing importance?")
yield Bit(self, "interlaced", "Interlaced?")
yield Bit(self, "has_local_map", "Use local color map?")
if self["has_local_map"].value:
nb_color = 1 << (1 + self["size_local_map"].value)
yield PaletteRGB(self, "local_map", nb_color, "Local color map")
yield UInt8(self, "lzw_min_code_size", "LZW Minimum Code Size")
group = None
while True:
size = UInt8(self, "block_size")
if size.value == 0:
break
block = CustomFragment(self, "image_block[]", None, GifImageBlock,
"GIF Image Block", group)
group = block.group
yield block
yield NullBytes(self, "terminator", 1, "Terminator (0)")
def createFields(self):
yield textHandler(UInt32(self, "magic", "File information magic (0xFEEF04BD)"), hexadecimal)
if self["magic"].value != 0xFEEF04BD:
raise ParserError("EXE resource: invalid file info magic")
yield Version(self, "struct_ver", "Structure version (1.0)")
yield Version(self, "file_ver_ms", "File version MS")
yield Version(self, "file_ver_ls", "File version LS")
yield Version(self, "product_ver_ms", "Product version MS")
yield Version(self, "product_ver_ls", "Product version LS")
yield textHandler(UInt32(self, "file_flags_mask"), hexadecimal)
yield Bit(self, "debug")
yield Bit(self, "prerelease")
yield Bit(self, "patched")
yield Bit(self, "private_build")
yield Bit(self, "info_inferred")
yield Bit(self, "special_build")
yield NullBits(self, "reserved", 26)
yield Enum(textHandler(UInt16(self, "file_os_major"), hexadecimal), MAJOR_OS_NAME)
yield Enum(textHandler(UInt16(self, "file_os_minor"), hexadecimal), MINOR_OS_NAME)
yield Enum(textHandler(UInt32(self, "file_type"), hexadecimal), FILETYPE_NAME)
field = textHandler(UInt32(self, "file_subfile"), hexadecimal)
if field.value == FILETYPE_DRIVER:
field = Enum(field, DRIVER_SUBTYPE_NAME)
elif field.value == FILETYPE_FONT:
field = Enum(field, FONT_SUBTYPE_NAME)
yield field
yield TimestampUnix32(self, "date_ms")
yield TimestampUnix32(self, "date_ls")
def createFields(self):
yield Enum(UInt16(self, "src"), self.port_name)
yield Enum(UInt16(self, "dst"), self.port_name)
yield UInt32(self, "seq_num")
yield UInt32(self, "ack_num")
yield Bits(self, "hdrlen", 6, "Header lenght")
yield NullBits(self, "reserved", 2, "Reserved")
yield Bit(self, "cgst", "Congestion Window Reduced")
yield Bit(self, "ecn-echo", "ECN-echo")
yield Bit(self, "urg", "Urgent")
yield Bit(self, "ack", "Acknowledge")
yield Bit(self, "psh", "Push mmode")
yield Bit(self, "rst", "Reset connection")
yield Bit(self, "syn", "Synchronize")
yield Bit(self, "fin", "Stop the connection")
yield UInt16(self, "winsize", "Windows size")
yield textHandler(UInt16(self, "checksum"), hexadecimal)
yield UInt16(self, "urgent")
size = self["hdrlen"].value * 8 - self.current_size
while 0 < size:
option = TCP_Option(self, "option[]")
yield option
size -= option.size
def createFields(self):
yield Bit(self, "sync[]") # =True
yield Bits(self, "ext_length", 7)
yield NullBits(self, "reserved[]", 8)
size = self["ext_length"].value
if size:
yield RawBytes(self, "ext_bytes", size)
def createFields(self):
yield String(self,
"magic",
len(self.MAGIC),
'Magic string (%r)' % self.MAGIC,
charset="ASCII")
yield UInt8(self, "major_version")
yield UInt8(self, "minor_version")
yield Enum(UInt8(self, "crypto"), self.CRYPTO_NAMES)
yield Enum(UInt8(self, "hash"), self.HASH_NAMES)
yield KeyringString(self, "keyring_name")
yield TimestampUnix64(self, "mtime")
yield TimestampUnix64(self, "ctime")
yield Bit(self, "lock_on_idle")
yield NullBits(self, "reserved[]", 31, "Reserved for future flags")
yield UInt32(self, "lock_timeout")
yield UInt32(self, "hash_iterations")
yield RawBytes(self, "salt", 8)
yield NullBytes(self, "reserved[]", 16)
yield Items(self, "items")
yield UInt32(self, "encrypted_size")
yield Deflate(
SubFile(self,
"encrypted",
self["encrypted_size"].value,
"AES128 CBC",
parser_class=EncryptedData))
def createNullField(parent, nbits, name="padding[]", description=None):
if nbits <= 0:
raise FieldError("Unable to create null padding of %s bits" % nbits)
if (nbits % 8) == 0:
return NullBytes(parent, name, nbits / 8, description)
else:
return NullBits(parent, name, nbits, description)
def createFields(self):
self.osconfig = self.parent.osconfig
if True:
yield Enum(Bits(self, "type", 12), self.TYPE_NAME)
yield Bit(self, "is_vector")
yield NullBits(self, "padding", 32 - 12 - 1)
else:
yield Enum(Bits(self, "type", 32), self.TYPE_NAME)
tag = self["type"].value
kw = {}
try:
handler = self.TYPE_INFO[tag][1]
if handler == PascalString32:
osconfig = self.osconfig
if tag == self.TYPE_LPSTR:
kw["charset"] = osconfig.charset
else:
kw["charset"] = osconfig.utf16
elif handler == TimestampWin64:
if self.description == "TotalEditingTime":
handler = TimedeltaWin64
except LookupError:
handler = None
if not handler:
raise ParserError("OLE2: Unable to parse property of type %s" \
% self["type"].display)
if self["is_vector"].value:
yield UInt32(self, "count")
for index in xrange(self["count"].value):
yield handler(self, "item[]", **kw)
else:
yield handler(self, "value", **kw)
self.createValue = lambda: self["value"].value
def createFields(self):
yield UInt8(self, "version", "Version")
yield NullBits(self, "flags", 23)
yield Bit(self, "is_same_file", "Is the reference to this file?")
if not self['is_same_file'].value:
yield CString(self, "name")
yield CString(self, "location")
def createFields(self):
# Signature + version
yield String(self, "header", 3, "Header (ID3)", charset="ASCII")
yield UInt8(self, "ver_major", "Version (major)")
yield UInt8(self, "ver_minor", "Version (minor)")
# Check format
if self["header"].value != "ID3":
raise MatchError("Signature error, should be \"ID3\".")
if self["ver_major"].value not in self.VALID_MAJOR_VERSIONS \
or self["ver_minor"].value != 0:
raise MatchError(
"Unknown ID3 metadata version (2.%u.%u)"
% (self["ver_major"].value, self["ver_minor"].value))
# Flags
yield Bit(self, "unsync", "Unsynchronisation is used?")
yield Bit(self, "ext", "Extended header is used?")
yield Bit(self, "exp", "Experimental indicator")
yield NullBits(self, "padding[]", 5)
# Size
yield ID3_Size(self, "size")
# All tags
while self.current_size < self._size:
field = ID3_Chunk(self, "field[]")
yield field
if field["size"].value == 0:
break
# Search first byte of the MPEG file
padding = self.seekBit(self._size)
if padding:
yield padding
def createFields(self):
yield IFDTag(self, "tag", "Tag")
yield Enum(UInt16(self, "type", "Type"), self.TYPE_NAME)
self.value_cls = self.ENTRY_FORMAT.get(self['type'].value, Bytes)
if issubclass(self.value_cls, Bytes):
self.value_size = 8
else:
self.value_size = self.value_cls.static_size
yield UInt32(self, "count", "Count")
if not issubclass(self.value_cls, Bytes) \
and self["count"].value > MAX_COUNT:
raise ParserError("EXIF: Invalid count value (%s)" % self["count"].value)
count = self['count'].value
totalsize = self.value_size * count
if count == 0:
yield NullBytes(self, "padding", 4)
elif totalsize <= 32:
name = "value"
if issubclass(self.value_cls, Bytes):
yield self.value_cls(self, name, count)
else:
if count > 1:
name += "[]"
for i in xrange(count):
yield self.value_cls(self, name)
if totalsize < 32:
yield NullBits(self, "padding", 32-totalsize)
else:
yield UInt32(self, "offset", "Value offset")
def createFields(self):
yield Bytes(self, "header", 4, r"PE header signature (PE\0\0)")
if self["header"].value != "PE\0\0":
raise ParserError("Invalid PE header signature")
yield Enum(UInt16(self, "cpu", "CPU type"), self.cpu_name)
yield UInt16(self, "nb_section", "Number of sections")
yield TimestampUnix32(self, "creation_date", "Creation date")
yield UInt32(self, "ptr_to_sym", "Pointer to symbol table")
yield UInt32(self, "nb_symbols", "Number of symbols")
yield UInt16(self, "opt_hdr_size", "Optional header size")
yield Bit(self, "reloc_stripped",
"If true, don't contain base relocations.")
yield Bit(self, "exec_image", "Executable image?")
yield Bit(self, "line_nb_stripped", "COFF line numbers stripped?")
yield Bit(self, "local_sym_stripped",
"COFF symbol table entries stripped?")
yield Bit(self, "aggr_ws", "Aggressively trim working set")
yield Bit(self, "large_addr",
"Application can handle addresses greater than 2 GB")
yield NullBits(self, "reserved", 1)
yield Bit(self, "reverse_lo",
"Little endian: LSB precedes MSB in memory")
yield Bit(self, "32bit", "Machine based on 32-bit-word architecture")
yield Bit(self, "is_stripped", "Debugging information removed?")
yield Bit(
self, "swap",
"If image is on removable media, copy and run from swap file")
yield PaddingBits(self, "reserved2", 1)
yield Bit(self, "is_system", "It's a system file")
yield Bit(self, "is_dll", "It's a dynamic-link library (DLL)")
yield Bit(self, "up", "File should be run only on a UP machine")
yield Bit(self, "reverse_hi", "Big endian: MSB precedes LSB in memory")
def createFields(self):
yield UInt8(self, "version", "Version")
yield NullBits(self, "flags", 24)
yield UInt16(self, "max_pdu_size")
yield UInt16(self, "avg_pdu_size")
yield UInt32(self, "max_bit_rate")
yield UInt32(self, "avg_bit_rate")
yield UInt32(self, "reserved[]")
def createFields(self):
yield UInt8(self, "version")
yield NullBits(self, "flags", 24)
yield UInt32(self, "count", description="Number of samples")
for i in xrange(self['count'].value):
yield UInt32(self, "first_chunk[]")
yield UInt32(self, "samples_per_chunk[]")
yield UInt32(self, "sample_description_index[]")
def createFields(self):
yield UInt8(self, "version")
yield NullBits(self, "flags", 24)
yield UInt32(self,
"count",
description="Total entries in offset table")
for i in xrange(self['count'].value):
yield UInt64(self, "chunk_offset[]")
def createFields(self):
yield UInt8(self, "version")
yield NullBits(self, "flags", 24)
yield UInt32(self, "unknown")
yield UInt8(self, "count", description="Number of chapters")
for i in xrange(self['count'].value):
yield UInt64(self, "chapter_start[]")
yield PascalString8(self, "chapter_name[]", charset='UTF-8')
def createFields(self):
value = self.stream.readBits(self.absolute_address, 16, self.endian)
if value < 1024:
yield Enum(UInt16(self, "lang"), self.MAC_LANG)
else:
yield NullBits(self, "padding[]", 1)
yield textHandler(Bits(self, "lang[0]", 5), self.fieldHandler)
yield textHandler(Bits(self, "lang[1]", 5), self.fieldHandler)
yield textHandler(Bits(self, "lang[2]", 5), self.fieldHandler)
def createFields(self):
dictionary = {}
self.nbits = self.startbits
CLEAR_CODE = 2**self.nbits
END_CODE = CLEAR_CODE + 1
compress_code = CLEAR_CODE + 2
obuf = []
output = []
while True:
if compress_code >= 2**self.nbits:
self.nbits += 1
code = Bits(self, "code[]", self.nbits)
if code.value == CLEAR_CODE:
if compress_code == 2**(self.nbits - 1):
# this fixes a bizarre edge case where the reset code could
# appear just after the bits incremented. Apparently, the
# correct behaviour is to express the reset code with the
# old number of bits, not the new...
code = Bits(self, "code[]", self.nbits - 1)
self.nbits = self.startbits + 1
dictionary = {}
compress_code = CLEAR_CODE + 2
obuf = []
code._description = "Reset Code (LZW code %i)" % code.value
yield code
continue
elif code.value == END_CODE:
code._description = "End of Information Code (LZW code %i)" % code.value
yield code
break
if code.value < CLEAR_CODE: # literal
if obuf:
chain = obuf + [code.value]
dictionary[compress_code] = chain
compress_code += 1
obuf = [code.value]
output.append(code.value)
code._description = "Literal Code %i" % code.value
elif code.value >= CLEAR_CODE + 2:
if code.value in dictionary:
chain = dictionary[code.value]
code._description = "Compression Code %i (found in dictionary as %s)" % (
code.value, rle_repr(chain))
else:
chain = obuf + [obuf[0]]
code._description = "Compression Code %i (not found in dictionary; guessed to be %s)" % (
code.value, rle_repr(chain))
dictionary[compress_code] = obuf + [chain[0]]
compress_code += 1
obuf = chain
output += chain
code._description += "; Current Decoded Length %i" % len(output)
yield code
padding = paddingSize(self.current_size, 8)
if padding:
yield NullBits(self, "padding[]", padding)
def createFields(self):
yield UInt8(self, "version", "Version (0 or 1)")
yield NullBits(self, "flags", 20)
yield Bit(self, "is_in_poster")
yield Bit(self, "is_in_preview",
"Is this track used when previewing the presentation?")
yield Bit(self, "is_in_movie",
"Is this track used in the presentation?")
yield Bit(self, "is_enabled", "Is this track enabled?")
if self['version'].value == 0:
# 32-bit version
yield TimestampMac32(self, "creation_date",
"Creation time of this track")
yield TimestampMac32(self, "lastmod_date",
"Last modification time of this track")
yield UInt32(
self, "track_id",
"Unique nonzero identifier of this track within the presentation"
)
yield NullBytes(self, "reserved[]", 4)
yield UInt32(self, "duration",
"Length of track, in movie time-units")
elif self['version'].value == 1:
# 64-bit version
yield TimestampMac64(self, "creation_date",
"Creation time of this track")
yield TimestampMac64(self, "lastmod_date",
"Last modification time of this track")
yield UInt32(
self, "track_id",
"Unique nonzero identifier of this track within the presentation"
)
yield NullBytes(self, "reserved[]", 4)
yield UInt64(self, "duration",
"Length of track, in movie time-units")
yield NullBytes(self, "reserved[]", 8)
yield Int16(
self, "video_layer",
"Middle layer is 0; lower numbers are closer to the viewer")
yield Int16(self, "alternate_group",
"Group ID that this track belongs to (0=no group)")
yield QTFloat16(self, "volume",
"Track relative audio volume (1.0 = full)")
yield NullBytes(self, "reserved[]", 2)
yield QTFloat32(self, "geom_a", "Width scale")
yield QTFloat32(self, "geom_b", "Width rotate")
yield QTFloat2_30(self, "geom_u", "Width angle")
yield QTFloat32(self, "geom_c", "Height rotate")
yield QTFloat32(self, "geom_d", "Height scale")
yield QTFloat2_30(self, "geom_v", "Height angle")
yield QTFloat32(self, "geom_x", "Position X")
yield QTFloat32(self, "geom_y", "Position Y")
yield QTFloat2_30(self, "geom_w", "Divider scale")
yield QTFloat32(self, "frame_size_width")
yield QTFloat32(self, "frame_size_height")
def createFields(self):
yield UInt8(self, "version", "Version")
yield NullBits(self, "flags", 24)
yield UInt32(self, "track_id")
yield NullBits(self, "reserved", 26)
yield Bits(self, "length_size_of_traf_num", 2)
yield Bits(self, "length_size_of_trun_num", 2)
yield Bits(self, "length_size_of_sample_num", 2)
yield UInt32(self, "number_of_entry")
for i in xrange(self['number_of_entry'].value):
if self['version'].value == 1:
yield UInt64(self, "time[%i]" % i)
yield UInt64(self, "moof_offset[%i]" % i)
else:
yield UInt32(self, "time[%i]" % i)
yield UInt32(self, "moof_offset[%i]" % i)
if self['length_size_of_traf_num'].value == 3:
yield UInt64(self, "traf_number[%i]" % i)
elif self['length_size_of_traf_num'].value == 2:
yield UInt32(self, "traf_number[%i]" % i)
elif self['length_size_of_traf_num'].value == 1:
yield UInt16(self, "traf_number[%i]" % i)
else:
yield UInt8(self, "traf_number[%i]" % i)
if self['length_size_of_trun_num'].value == 3:
yield UInt64(self, "trun_number[%i]" % i)
elif self['length_size_of_trun_num'].value == 2:
yield UInt32(self, "trun_number[%i]" % i)
elif self['length_size_of_trun_num'].value == 1:
yield UInt16(self, "trun_number[%i]" % i)
else:
yield UInt8(self, "trun_number[%i]" % i)
if self['length_size_of_sample_num'].value == 3:
yield UInt64(self, "sample_number[%i]" % i)
elif self['length_size_of_sample_num'].value == 2:
yield UInt32(self, "sample_number[%i]" % i)
elif self['length_size_of_sample_num'].value == 1:
yield UInt16(self, "sample_number[%i]" % i)
else:
yield UInt8(self, "sample_number[%i]" % i)
