def createFields(self):
# Headers
yield String(self, "header", 6, "Header (Exif\\0\\0)", charset="ASCII")
if self["header"].value != "Exif\0\0":
raise ParserError("Invalid EXIF signature!")
yield String(self, "byte_order", 2, "Byte order", charset="ASCII")
if self["byte_order"].value not in ("II", "MM"):
raise ParserError("Invalid endian!")
if self["byte_order"].value == "II":
self.endian = LITTLE_ENDIAN
else:
self.endian = BIG_ENDIAN
yield UInt16(self, "version", "TIFF version number")
yield UInt32(self, "img_dir_ofs", "Next image directory offset")
while not self.eof:
addr = self.absolute_address + self.current_size
tag = self.stream.readBits(addr, 16, NETWORK_ENDIAN)
if tag == 0xFFD8:
size = (self._size - self.current_size) // 8
yield SubFile(self,
"thumbnail",
size,
"Thumbnail (JPEG file)",
mime_type="image/jpeg")
break
elif tag == 0xFFFF:
break
yield ExifIFD(self, "ifd[]", "IFD")
padding = self.seekBit(self._size)
if padding is not None:
yield padding
def createUnpaddedFields(self):
yield String(self, "title", 28, strip='\0')
yield textHandler(UInt8(self, "marker[]"), hexadecimal)
for field in self.getFileVersionField():
yield field
yield UInt16(self, "num_orders")
yield UInt16(self, "num_instruments")
yield UInt16(self, "num_patterns")
for field in self.getFirstProperties():
yield field
yield String(self, "marker[]", 4)
for field in self.getLastProperties():
yield field
yield GenericVector(self, "channel_settings", 32, ChannelSettings,
"channel")
# Orders
yield GenericVector(self, "orders", self.getNumOrders(), UInt8,
"order")
for field in self.getHeaderEndFields():
yield field
def createFields(self):
yield String(self, "name", 20, strip='\0')
yield GenericVector(self, "samples", 31, SampleInfo, "info")
yield UInt8(self, "length")
yield UInt8(self, "played_patterns_count")
yield GenericVector(self, "patterns", 128, UInt8, "position")
yield String(self, "type", 4)
def createFields(self):
yield Bytes(self, "jmp", 3, "Jump instruction (to skip over header on boot)")
yield Bytes(self, "oem_name", 8, "OEM Name (padded with spaces)")
yield UInt16(self, "sector_size", "Bytes per sector")
yield UInt8 (self, "cluster_size", "Sectors per cluster")
yield UInt16(self, "reserved_sectors", "Reserved sector count (including boot sector)")
yield UInt8 (self, "fat_nb", "Number of file allocation tables")
yield UInt16(self, "max_root", "Maximum number of root directory entries")
yield UInt16(self, "sectors1", "Total sectors (if zero, use 'sectors2')")
yield UInt8 (self, "media_desc", "Media descriptor")
yield UInt16(self, "fat_size", "Sectors per FAT")
yield UInt16(self, "track_size", "Sectors per track")
yield UInt16(self, "head_nb", "Number of heads")
yield UInt32(self, "hidden", "Hidden sectors")
yield UInt32(self, "sectors2", "Total sectors (if greater than 65535)")
if self.parent.version == 32:
yield UInt32(self, "fat32_size", "Sectors per FAT")
yield UInt16(self, "fat_flags", "FAT Flags")
yield UInt16(self, "version", "Version")
yield UInt32(self, "root_start", "Cluster number of root directory start")
yield UInt16(self, "inf_sector", "Sector number of FS Information Sector")
yield UInt16(self, "boot_copy", "Sector number of a copy of this boot sector")
yield NullBytes(self, "reserved[]", 12, "Reserved")
yield UInt8(self, "phys_drv", "Physical drive number")
yield NullBytes(self, "reserved[]", 1, 'Reserved ("current head")')
yield UInt8(self, "sign", "Signature")
yield textHandler(UInt32(self, "serial", "ID (serial number)"), hexadecimal)
yield String(self, "label", 11, "Volume Label", strip=' ', charset="ASCII")
yield String(self, "fs_type", 8, "FAT file system type", strip=' ', charset="ASCII")
yield Bytes(self, "code", 510-self.current_size/8, "Operating system boot code")
yield Bytes(self, "trail_sig", 2, "Signature (0x55 0xAA)")
def createFields(self):
yield String(self,
"signature",
4,
'Format signature (".snd")',
charset="ASCII")
yield UInt32(self, "data_ofs", "Data offset")
yield filesizeHandler(UInt32(self, "data_size", "Data size"))
yield Enum(UInt32(self, "codec", "Audio codec"), self.CODEC_NAME)
yield displayHandler(
UInt32(self, "sample_rate", "Number of samples/second"),
humanFrequency)
yield UInt32(self, "channels", "Number of interleaved channels")
size = self["data_ofs"].value - self.current_size // 8
if 0 < size:
yield String(self,
"info",
size,
"Information",
strip=" \0",
charset="ISO-8859-1")
size = min(self["data_size"].value,
(self.size - self.current_size) // 8)
yield RawBytes(self, "audio_data", size, "Audio data")
def createFields(self):
yield RawBytes(self, "marker", len(self.MAGIC))
yield LineEnd(self, "line_end[]")
yield String(self, "start_attribute_marker", 2)
addr = self.absolute_address + self.current_size
while self.stream.readBytes(addr, 2) != '>>':
t = PDFName(self, "type[]")
yield t
name = t.value
self.info("Parsing PDFName '%s'" % name)
if name == "Size":
yield PDFNumber(self, "size", "Entries in the file cross-reference section")
elif name == "Prev":
yield PDFNumber(self, "offset")
elif name == "Root":
yield Catalog(self, "object_catalog")
elif name == "Info":
yield Catalog(self, "info")
elif name == "ID":
yield PDFArray(self, "id")
elif name == "Encrypt":
yield PDFDictionary(self, "decrypt")
else:
raise ParserError("Don't know trailer type '%s'" % name)
addr = self.absolute_address + self.current_size
yield String(self, "end_attribute_marker", 2)
yield LineEnd(self, "line_end[]")
yield String(self, "start_xref", 9)
yield LineEnd(self, "line_end[]")
yield PDFNumber(self, "cross_ref_table_start_address")
yield LineEnd(self, "line_end[]")
yield String(self, "end_marker", len(ENDMAGIC))
yield LineEnd(self, "line_end[]")
def createFields(self):
addr = self.absolute_address
len = self.stream.searchBytesLength(':', False, addr,
addr + (MAX_STRING_LENGTH + 1) * 8)
if len is None:
raise ParserError("Torrent: unable to find string separator (':')")
if not len:
raise ParserError("Torrent: error: no string length!")
val = String(self, "length", len, "String length")
yield val
try:
len = int(val.value)
except ValueError:
len = -1
if len < 0:
raise ParserError(
"Invalid string length (%s)" %
makePrintable(val.value, "ASCII", to_unicode=True))
yield String(self, "separator", 1, "String length/value separator")
if not len:
self.info("Empty string: len=%i" % len)
return
if len < 512:
yield String(self,
"value",
len,
"String value",
charset="ISO-8859-1")
else:
# Probably raw data
yield RawBytes(self, "value", len, "Raw data")
def createFields(self):
# Header
yield String(self, "magic", 3, "File magic code", charset="ASCII")
yield String(self, "version", 3, "GIF version", charset="ASCII")
yield ScreenDescriptor(self, "screen")
if self["screen/global_map"].value:
bpp = (self["screen/bpp"].value + 1)
yield PaletteRGB(self, "color_map", 1 << bpp, "Color map")
self.color_map = self["color_map"]
else:
self.color_map = None
self.images = []
while True:
code = Enum(Character(self, "separator[]", "Separator code"),
self.separator_name)
yield code
code = code.value
if code == "!":
yield Extension(self, "extensions[]")
elif code == ",":
yield Image(self, "image[]")
elif code == ";":
# GIF Terminator
break
else:
raise ParserError("Wrong GIF image separator: 0x%02X" %
ord(code))
def createFields(self):
#TODO: This structure is normally divided in two parts:
# _reiserfs_super_block_v1
# _reiserfs_super_block
# It will be divided later to easily support older version of the first part
yield UInt32(self, "block_count", "Number of blocks")
yield UInt32(self, "free_blocks", "Number of free blocks")
yield UInt32(self, "root_block", "Root block number")
yield Journal_params(self, "Journal parameters")
yield UInt16(self, "blocksize", "Size of a block")
yield UInt16(self, "oid_maxsize", "Max size of object id array")
yield UInt16(self, "oid_cursize", "Current size of object id array")
yield Enum(UInt16(self, "umount_state", "Filesystem umounted or not"), self.UMOUNT_STATE)
yield String(self, "magic", 10, "Magic string", strip="\0")
#TODO: change the type of s_fs_state in Enum to have more details about this fsck state
yield UInt16(self, "fs_state", "Rebuilding phase of fsck ")
yield Enum(UInt32(self, "hash_function", "Hash function to sort names in a directory"), self.HASH_FUNCTIONS)
yield UInt16(self, "tree_height", "Height of disk tree")
yield UInt16(self, "bmap_nr", "Amount of bitmap blocks needed to address each block of file system")
#TODO: find a good description for this field
yield UInt16(self, "version", "Field only reliable on filesystem with non-standard journal")
yield UInt16(self, "reserved_for_journal", "Size in blocks of journal area on main device")
#TODO: same as above
yield UInt32(self, "inode_generation", "No description")
#TODO: same as above and should be an enum field
yield UInt32(self, "flags", "No description")
#TODO: Create a special Type to format this id
yield RawBytes(self, "uuid", 16, "Filesystem unique identifier")
yield String(self, "label", 16, "Filesystem volume label", strip="\0")
yield NullBytes(self, "unused", 88)
def createFields(self):
yield String(self,
"signature",
4,
"AVI header (RIFF)",
charset="ASCII")
yield filesizeHandler(UInt32(self, "filesize", "File size"))
yield String(self,
"type",
4,
"Content type (\"AVI \", \"WAVE\", ...)",
charset="ASCII")
# Choose chunk type depending on file type
try:
chunk_cls = self.VALID_TYPES[self["type"].value][0]
except KeyError:
chunk_cls = Chunk
# Parse all chunks up to filesize
while self.current_size < self["filesize"].value * 8 + 8:
yield chunk_cls(self, "chunk[]")
if not self.eof:
yield RawBytes(self, "padding[]",
(self.size - self.current_size) / 8)
def createFields(self):
size = self._size / 8
# TODO: Strings charset?
if self.stream.readBytes(self.absolute_address, 9) == "PeakValue":
yield String(self, "text", 9, "Text")
size -= 9
yield String(self, "content", size, "Content")
def createFields(self):
yield String(self, "signature", 17, "XM signature", charset="ASCII")
yield String(self, "title", 20, "XM title", charset="ASCII", strip=' ')
yield UInt8(self, "marker", "Marker (0x1A)")
yield String(self,
"tracker_name",
20,
"XM tracker name",
charset="ASCII",
strip=' ')
yield UInt8(self, "format_minor")
yield UInt8(self, "format_major")
yield filesizeHandler(UInt32(self, "header_size", "Header size (276)"))
yield UInt16(self, "song_length", "Length in patten order table")
yield UInt16(self, "restart", "Restart position")
yield UInt16(self, "channels",
"Number of channels (2,4,6,8,10,...,32)")
yield UInt16(self, "patterns", "Number of patterns (max 256)")
yield UInt16(self, "instruments", "Number of instruments (max 128)")
yield Bit(self, "amiga_ftable", "Amiga frequency table")
yield Bit(self, "linear_ftable", "Linear frequency table")
yield Bits(self, "unused", 14)
yield UInt16(self, "tempo", "Default tempo")
yield UInt16(self, "bpm", "Default BPM")
yield GenericVector(self, "pattern_order", 256, UInt8, "order")
def createFields(self):
yield ZipVersion(self, "version_made_by", "Version made by")
for field in ZipStartCommonFields(self):
yield field
# Check unicode status
charset = zipGetCharset(self)
yield UInt16(self, "comment_length", "Comment length")
yield UInt16(self, "disk_number_start", "Disk number start")
yield UInt16(self, "internal_attr", "Internal file attributes")
yield UInt32(self, "external_attr", "External file attributes")
yield UInt32(self, "offset_header", "Relative offset of local header")
yield String(self,
"filename",
self["filename_length"].value,
"Filename",
charset=charset)
if 0 < self["extra_length"].value:
yield RawBytes(self, "extra", self["extra_length"].value,
"Extra fields")
if 0 < self["comment_length"].value:
yield String(self,
"comment",
self["comment_length"].value,
"Comment",
charset=charset)
def createFields(self):
yield textHandler(UInt32(self, "plugin_id1"), hexadecimal)
yield textHandler(UInt32(self, "plugin_id2"), hexadecimal)
yield UInt32(self, "input_routing")
yield UInt32(self, "output_routing")
yield GenericVector(self, "routing_info", 4, UInt32, "reserved")
yield String(self, "name", 32, strip='\0')
yield String(self, "dll_name", 64, desc="Original DLL name", strip='\0')
def createFields(self):
yield UInt16(self, "length", "Length of this string")
if self.root.hasUnicodeNames():
yield String(self,
"data",
self["length"].value * 2,
charset="UTF-16-LE")
else:
yield String(self, "data", self["length"].value, charset="ASCII")
def createFields(self):
yield String(self, "marker", 5, MAGIC)
length = getLineEnd(self, 4)
if length != None:
#self.info("Found at position %08X" % len)
yield String(self, "version", length-1)
yield LineEnd(self, "line_end")
else:
self.warning("Can't determine version!")
def createFields(self):
yield self.getType()
yield String(self, "filename", 12, strip='\0')
for field in self.getInstrumentFields():
yield field
yield String(self, "name", 28, strip='\0')
yield String(self, "marker", 4, "Either 'SCRS' or '(empty)'", strip='\0')
def createFields(self):
yield UInt32(self, "inodes_count", "Inodes count")
yield UInt32(self, "blocks_count", "Blocks count")
yield UInt32(self, "r_blocks_count", "Reserved blocks count")
yield UInt32(self, "free_blocks_count", "Free blocks count")
yield UInt32(self, "free_inodes_count", "Free inodes count")
yield UInt32(self, "first_data_block", "First data block")
yield UInt32(self, "log_block_size", "Block size")
yield UInt32(self, "log_frag_size", "Fragment size")
yield UInt32(self, "blocks_per_group", "Blocks per group")
yield UInt32(self, "frags_per_group", "Fragments per group")
yield UInt32(self, "inodes_per_group", "Inodes per group")
yield TimestampUnix32(self, "mtime", "Mount time")
yield TimestampUnix32(self, "wtime", "Write time")
yield UInt16(self, "mnt_count", "Mount count")
yield UInt16(self, "max_mnt_count", "Max mount count")
yield String(self, "magic", 2, "Magic number (0x53EF)")
yield Enum(UInt16(self, "state", "File system state"), self.state_desc)
yield Enum(UInt16(self, "errors", "Behaviour when detecting errors"),
self.error_handling_desc)
yield UInt16(self, "minor_rev_level", "Minor revision level")
yield TimestampUnix32(self, "last_check", "Time of last check")
yield textHandler(
UInt32(self, "check_interval", "Maximum time between checks"),
self.postMaxTime)
yield Enum(UInt32(self, "creator_os", "Creator OS"), self.os_name)
yield UInt32(self, "rev_level", "Revision level")
yield UInt16(self, "def_resuid", "Default uid for reserved blocks")
yield UInt16(self, "def_resgid", "Default gid for reserved blocks")
yield UInt32(self, "first_ino", "First non-reserved inode")
yield UInt16(self, "inode_size", "Size of inode structure")
yield UInt16(self, "block_group_nr",
"Block group # of this superblock")
yield UInt32(self, "feature_compat", "Compatible feature set")
yield UInt32(self, "feature_incompat", "Incompatible feature set")
yield UInt32(self, "feature_ro_compat",
"Read-only compatible feature set")
yield RawBytes(self, "uuid", 16, "128-bit uuid for volume")
yield String(self, "volume_name", 16, "Volume name", strip="\0")
yield String(self,
"last_mounted",
64,
"Directory where last mounted",
strip="\0")
yield UInt32(self, "compression",
"For compression (algorithm usage bitmap)")
yield UInt8(self, "prealloc_blocks",
"Number of blocks to try to preallocate")
yield UInt8(self, "prealloc_dir_blocks",
"Number to preallocate for directories")
yield UInt16(self, "padding", "Padding")
yield String(self, "journal_uuid", 16, "uuid of journal superblock")
yield UInt32(self, "journal_inum", "inode number of journal file")
yield UInt32(self, "journal_dev", "device number of journal file")
yield UInt32(self, "last_orphan", "start of list of inodes to delete")
yield RawBytes(self, "reserved", 197, "Reserved")
def createFields(self):
yield String(self,
"start",
1,
"Dictionary start delimiter (d)",
charset="ASCII")
while self.stream.readBytes(self.absolute_address + self.current_size,
1) != "e":
yield DictionaryItem(self, "item[]")
yield String(self, "end", 1, "Dictionary end delimiter")
def createFields(self):
yield String(self, "dict_start", 2)
while not self.eof:
addr = self.absolute_address+self.current_size
if self.stream.readBytes(addr, 2) != '>>':
for field in parsePDFType(self):
yield field
else:
break
yield String(self, "dict_end", 2)
def createFields(self):
yield String(self, "signature", 4, "Signature (FORM)", charset="ASCII")
yield filesizeHandler(UInt32(self, "filesize"))
yield String(self,
"type",
4,
"Form type (AIFF or AIFC)",
charset="ASCII")
while not self.eof:
yield Chunk(self, "chunk[]")
def createFields(self):
yield Enum(UInt16(self, "type"), self.type_name)
yield UInt16(self, "name_len", "Name length in character (byte=len*2)")
if self["name_len"].value:
yield String(self, "name", self["name_len"].value*2, "Name", charset="UTF-16-LE", strip=" \0")
yield UInt16(self, "desc_len", "Description length in character (byte=len*2)")
if self["desc_len"].value:
yield String(self, "desc", self["desc_len"].value*2, "Description", charset="UTF-16-LE", strip=" \0")
yield UInt16(self, "info_len")
if self["info_len"].value:
yield RawBytes(self, "info", self["info_len"].value)
def createFields(self):
yield textHandler(UInt8(self, "version"), hexadecimal)
yield RawBytes(self, "flags", 3)
yield String(self, "subtype", 8)
yield String(self, "manufacturer", 4)
yield UInt32(self, "res_flags")
yield UInt32(self, "res_flags_mask")
if self.root.is_mpeg4:
yield CString(self, "name")
else:
yield PascalString8(self, "name")
def createFields(self):
yield String(self,
"header_id",
4,
"Data Object Header Markup (\"mhod\")",
charset="ISO-8859-1")
yield UInt32(self, "header_length", "Header Length")
yield UInt32(self, "entry_length", "Entry Length")
yield Enum(UInt32(self, "type", "type"), self.type_name)
if (self["type"].value < 15):
yield UInt32(self, "unknown[]")
yield UInt32(self, "unknown[]")
yield UInt32(self, "position", "Position")
yield UInt32(self, "length", "String Length in bytes")
yield UInt32(self, "unknown[]")
yield UInt32(self, "unknown[]")
yield String(self,
"string",
self["length"].value,
"String Data",
charset="UTF-16-LE")
elif (self["type"].value < 17):
yield UInt32(self, "unknown[]")
yield UInt32(self, "unknown[]")
yield String(self,
"string",
self._size / 8 - self["header_length"].value,
"String Data",
charset="UTF-8")
elif (self["type"].value == 52):
yield UInt32(self, "unknown[]", "unk1")
yield UInt32(self, "unknown[]", "unk2")
yield Enum(UInt32(self, "sort_index_type", "Sort Index Type"),
self.mhod52_sort_index_type_name)
yield UInt32(self, "entry_count", "Entry Count")
indexes_size = self["entry_count"].value * 4
padding_offset = self["entry_length"].value - indexes_size
padding = self.seekByte(padding_offset, "header padding")
if padding:
yield padding
for i in xrange(self["entry_count"].value):
yield UInt32(self, "index[" + str(i) + "]",
"Index of the " + str(i) + "nth mhit")
else:
padding = self.seekByte(self["header_length"].value,
"header padding")
if padding:
yield padding
padding = self.seekBit(self._size, "entry padding")
if padding:
yield padding
def createFields(self):
if not self.LFN:
yield String(self, "name", 8, "DOS file name (padded with spaces)",
strip=' ', charset="ASCII")
yield String(self, "ext", 3, "DOS file extension (padded with spaces)",
strip=' ', charset="ASCII")
yield Bit(self, "read_only")
yield Bit(self, "hidden")
yield Bit(self, "system")
yield Bit(self, "volume_label")
yield Bit(self, "directory")
yield Bit(self, "archive")
yield Bit(self, "device")
yield Bit(self, "unused")
yield RawBytes(self, "reserved", 1, "Something about the case")
yield Date(self, "create")
yield Date(self, "access")
if self.parent.parent.version > 16:
yield UInt16(self, "cluster_hi")
else:
yield UInt16(self, "ea_index")
yield Date(self, "modify")
yield UInt16(self, "cluster_lo")
size = UInt32(self, "size")
yield size
if self.process:
del self.process
target_size = size.value
if self["directory"].value:
if target_size:
size.error("(FAT) value must be zero")
target_size = 0
elif not target_size:
return
self.target_size = 8 * target_size
yield InodeLink(self, "data")
else:
yield UInt8(self, "seq_no", "Sequence Number")
yield String(self, "name[]", 10, "(5 UTF-16 characters)",
charset="UTF-16-LE")
yield UInt8(self, "magic", "Magic number (15)")
yield NullBytes(self, "reserved", 1, "(always 0)")
yield UInt8(self, "checksum", "Checksum of DOS file name")
yield String(self, "name[]", 12, "(6 UTF-16 characters)",
charset="UTF-16-LE")
yield UInt16(self, "first_cluster", "(always 0)")
yield String(self, "name[]", 4, "(2 UTF-16 characters)",
charset="UTF-16-LE")
def createFields(self):
# Signature + version
yield String(self, "header", 3, "Header (ID3)", charset="ASCII")
yield UInt8(self, "ver_major", "Version (major)")
yield UInt8(self, "ver_minor", "Version (minor)")
# Check format
if self["header"].value != "ID3":
raise MatchError("Signature error, should be \"ID3\".")
if self["ver_major"].value not in self.VALID_MAJOR_VERSIONS \
or self["ver_minor"].value != 0:
raise MatchError(
"Unknown ID3 metadata version (2.%u.%u)" %
(self["ver_major"].value, self["ver_minor"].value))
# Flags
yield Bit(self, "unsync", "Unsynchronisation is used?")
yield Bit(self, "ext", "Extended header is used?")
yield Bit(self, "exp", "Experimental indicator")
yield NullBits(self, "padding[]", 5)
# Size
yield ID3_Size(self, "size")
# All tags
while self.current_size < self._size:
field = ID3_Chunk(self, "field[]")
yield field
if field["size"].value == 0:
break
# Search first byte of the MPEG file
padding = self.seekBit(self._size)
if padding:
yield padding
def createFields(self):
yield String(self,
"text",
self._size / 8,
"Text",
charset="ISO-8859-1",
strip=self.STRIP)
def parseText(self):
yield String(self,
"text",
self["size"].value,
strip=" \0",
truncate="\0",
charset="ISO-8859-1")
def createFields(self):
yield String(self, "name", 22, strip='\0')
yield UInt16(self, "sample_count")
yield textHandler(UInt8(self, "fine_tune"), getFineTune)
yield textHandler(UInt8(self, "volume"), getVolume)
yield UInt16(self, "loop_start", "Loop start offset in samples")
yield UInt16(self, "loop_len", "Loop length in samples")
def createFields(self):
yield String(self,
"signature",
3,
"SWF format signature",
charset="ASCII")
yield UInt8(self, "version")
yield filesizeHandler(UInt32(self, "filesize"))
if self["signature"].value != "CWS":
yield RECT(self, "rect")
yield FixedFloat16(self, "frame_rate")
yield UInt16(self, "frame_count")
while not self.eof:
yield Tag(self, "tag[]")
else:
size = (self.size - self.current_size) // 8
if has_deflate:
data = Deflate(Bytes(self, "compressed_data", size), False)
def createInputStream(cis, source=None, **args):
stream = cis(source=source)
header = StringInputStream("FWS" +
self.stream.readBytes(3 * 8, 5))
args.setdefault("tags", []).append(("class", SwfFile))
return ConcatStream((header, stream),
source=stream.source,
**args)
data.setSubIStream(createInputStream)
yield data
else:
yield Bytes(self, "compressed_data", size)