def test_abc(): data = '\xbf\x14\xe5\x03\x00\x00\x01\x00\x00\x00\x00\x10\x00.\x00\x00\x00\x00"\x00\x04void\x07mx.core\nIFlexAsset\x0eByteArrayAsset\x0bflash.utils\tByteArray\x16mx.core:ByteArrayAsset\x08test_fla\x1aMainTimeline_Testinputsets#test_fla:MainTimeline_Testinputsets\x0cMainTimeline\rflash.display\tMovieClip\x15test_fla:MainTimeline\rTestinputsets\x05Class\x07loadres\x06frame1*http://www.adobe.com/2006/flex/mx/internal\x07VERSION\x06String\x073.0.0.0\x0bmx_internal\x06Object\tshareable\x0eaddFrameScript\x0cflash.events\x0fEventDispatcher\rDisplayObject\x11InteractiveObject\x16DisplayObjectContainer\x06Sprite\x0c\x16\x01\x16\x03\x16\x06\x18\x08\x16\t\x18\x0b\x16\r\x18\x0f\x17\t\x08\x14\x16\x1c\x03\x01\x02\x01\x05\x1a\x07\x01\x02\x07\x02\x04\x07\x02\x05\x07\x03\x07\t\x04\x01\x07\x05\n\x07\x05\x0c\x07\x07\x0e\x07\x01\x10\x07\x01\x11\x07\x01\x12\x07\t\x13\x07\n\x15\x07\x01\x16\x07\x02\x18\t\x05\x01\x07\x01\x19\t\n\x02\x07\x01\x1a\x07\x01\x1b\x07\x0b\x1d\x07\x07\x1e\x07\x07\x1f\x07\x07 \x07\x07!\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x02\x00\x05\x00\x02\x00\x03\x04\t\x04\x01\x05\x05\x00\x06\x03\t\x06\x00\x08\x00\x07\x08\x08\x08\x00\r\x03\t\x00\x00\n\x00\x0b\x01\x00\x0b\x0c\x01\x00\x0c\x01\x00\x04\x01\r\x06\x01\x0e\x17\x01\x07\x00\n\x00\x05\x00\x01\x0f\x06\x00\x00\n\x08\x03\x01\x02\x04\x00\x00\x06\x01\x03\x04\x00\x01\t\x01\x06\x04\x00\x02\x0e\x01\x07\x04\x01\x03\x0e\x00\x01\x01\x01\x02\x03\xd00G\x00\x00\x01\x00\x01\x03\x03\x01G\x00\x00\x03\x02\x01\x01\x02\n\xd00]\x05 X\x00h\x02G\x00\x00\x04\x02\x01\x04\x05\t\xd00^\r,\x17h\rG\x00\x00\x05\x01\x01\x05\x06\x06\xd00\xd0I\x00G\x00\x00\x06\x02\x01\x01\x04\x13\xd00]\x10`\x110`\x040`\x04X\x01\x1d\x1dh\x03G\x00\x00\x07\x01\x01\x05\x06\x03\xd00G\x00\x00\x08\x01\x01\x06\x07\x06\xd00\xd0I\x00G\x00\x00\t\x02\x01\x01\x05\x17\xd00]\x12`\x110`\x040`\x030`\x03X\x02\x1d\x1d\x1dh\x06G\x00\x00\n\x01\x01\t\n\x03\xd00G\x00\x00\x0b\x02\x02\n\x0b\x0e\xd00\xd0J\t\x00\x80\x04\xd5\xd1&a\x13G\x00\x00\x0c\x01\x01\n\x0b\x07\xd00\xd0O\x0b\x00G\x00\x00\r\x03\x01\n\x0b\x15\xd00\xd0`\x06h\t\xd0I\x00]\x14$\x00\xd0f\x0cO\x14\x02G\x00\x00\x0e\x02\x01\x01\t\'\xd00e\x00`\x110`\x150`\x160`\x170`\x180`\x190`\x080`\x08X\x03\x1d\x1d\x1d\x1d\x1d\x1d\x1dh\x07G\x00\x00' ptypes.setsource( prov.string(data) ) a = tags.Tag() a = a.l print a['data']['ABCData']
def test_DefineShape_load(): s = '\xbf\x00$\x00\x00\x00\x01\x00`\x002\x00\x00\r\xc0\x01\x00\xff\xff\xff\x01\x01\x00\x00\x00\x00\x115\x8c\x807\x1fD\xe0p\xc9\x1d\x0c\x81\xc2\xdc\x00' ptypes.setsource( prov.string(s) ) a = tags.Tag() a = a.l b = a['data'] print b print b['shapeid'] print b['shapebounds'] print b['shapes']
def test_SHAPEWITHSTYLE_load(): global a s = '\x01\x00\xff\xff\xff\x01\x01\x00\x00\x00\x00\x115\x8c\x807\x1fD\xe0p\xc9\x1d\x0c\x81\xc2\xdc\x00' print repr(s[0xc:]) ptypes.setsource( prov.string(s) ) a = stypes.SHAPEWITHSTYLE() a = a.l print a.v #print a['fillstyles']['fillstyles'][0] #print a['linestyles']['linestyles'][0] #print a['numbits'] print a['ShapeRecords'][0] print a['shaperecords'] print a['shaperecords'][0] print a['shaperecords'][0]['Shape']
_fields_ = [ (Signature, 'signature'), (Attributes, 'attributes'), (__extended, 'extended'), (__padding_header, 'padding'), ] class File(pstruct.type): def __data(self): res = self['header'].li return dyn.block(res['attributes']['compressed-size'].int()) _fields_ = [ (Header, 'header'), (__data, 'data'), ] if __name__ == '__main__': import ptypes, archive.lha reload(archive.lha) ptypes.setsource(ptypes.prov.file('c:/users/user/Downloads/fcgb2.lzh', mode='r')) z = archive.lha.File() z = z.l print z.source.size() print z['header']['signature'] print z['header']['attributes'] print z['header'] print z['header']['filename']
import sys, user import ptypes,pecoff ptypes.setsource(ptypes.prov.file(sys.argv[1], mode='r')) z=pecoff.Executable.File() print >>sys.stdout, 'Filename: {:s}\n'.format(z.source.file.name) z=z.l p = z['next']['header'] #lc = p['datadirectory']['loadconfig']['address'].d.li dn = p['datadirectory']['clr']['address'].d.li #dnv = dn['vtablefixups']['address'].d.li dnm = dn['metadata']['address'].d.li root = dnm['StreamHeaders'].Get('#~')['Offset'].d root = root.l print >>sys.stderr, 'Loading strings...' names = dnm['StreamHeaders'].Get('#Strings')['Offset'].d.l print >>sys.stderr, 'Loading blobs...' blobs = dnm['StreamHeaders'].Get('#Blob')['Offset'].d.l class pieces(ptypes.pbinary.struct): _fields_ = [ (8, 'table'), (24, 'index'), ] e = dn['EntryPoint'].cast(pieces) if e['table'] != pecoff.portable.clr.TMethodDef.type: print >>sys.stderr, 'No CLR entrypoint found!'
import ptypes,pecoff from ptypes import * ptypes.setsource(ptypes.prov.file('c:/windows/sysnative/ntdll.dll', 'r')) z = pecoff.Executable.File() z=z.l a = z['next']['header']['datadirectory'][4]['Address'].d.l a = z['next']['header']['certificate'] #print a['bCertificate'].hexdump() c = a[0]['bCertificate'] file('./ntdll.cert.pkcs7','wb').write(c.serialize()) print c.hexdump(lines=1) import ber; reload(ber) d = c.cast(ber.Record, recurse={'byteorder':ptypes.config.byteorder.bigendian}) print d['value'] print d['value'][0] print d['value'][1]['Value'] e = d['value'][1]['Value'].cast(ber.Record) print e['Value'][0] print e['Value'][1]['Value'][0] print e['Value'][2]['Value'][0] print e['Value'][2]['Value'][1]['Value'] f = e['Value'][2]['Value'][1]['Value'].cast(ber.Record) print f['Value'][0]['Value'][0] print f['Value'][0]['Value'][1]['Value'][0] print f['Value'][0]['Value'][1]['Value'][1]['Value'].cast(ber.Record)['Value'].cast(ber.Record)['Value'] print f['Value'][1]['Value'][0] print f['Value'][1]['Value'][0]['Value'][0]
if __name__ == '__main__': import ptypes,pecoff from ptypes import * ptypes.setsource(ptypes.file('./chewbacca.exe.infected')) a = pecoff.Executable.File() a=a.l b = a['next']['header'] #print b['header'] c = b['FileHeader']['pointertosymboltable'].d c = c.l print c['Symbols'][1] print c['Symbols'][1].details() print c['Symbols'] print c.names() print c.walk().next() print c.getSymbol('_main') print c.getAuxiliary('_main') print c.fetch('_main')
class streamfile(object): def __init__(self, file): self.file = file self.offset = 0 def read(self, amount): self.file.seek(self.offset) self.offset += amount return self.file.read(amount) def write(self, data): self.file.seek(self.offset) offset+=len(data) return self.file.write(data) def tell(self): return self.file.tell() # ptypes.setsource(ptypes.provider.stream(streamfile(file('./test.tar', 'rb+')))) # ptypes.setsource(ptypes.provider.stream(file('./test.tar', 'rb+'))) ptypes.setsource(ptypes.provider.file('./test.tar')) reload(tar) a = tar.ustar(offset=0) a=a.l print a # print a[0] # print a[1] # b = tar.old(offset=0) # # c = tar.gnu(offset=0)
class MainArchiveHeader(pstruct.type): _fields_ = [ (uint32, 'CRC32'), (vint, 'Header size'), (vint, 'Header type'), (vint, 'Header flags'), (vint, 'Extra area size'), (vint, 'Archive flags'), ] if __name__ == '__main__': import ptypes, archive.rar as rar ptypes.setsource(ptypes.prov.filecopy('test.rar')) a = rar.MainArchiveHeader(offset=8).l # x = a.v[1].object # y = x[1] # print(x) # print(list(x.object)[1].keys()) x = pbinary.new(rar.vint, offset=0xc) print(x) print(x.l) for k, v in x[0].iteritems(): print(k, v)
# hbyte,bread = read_number(tail[tptr:tptr+9]) # print "Hbyte : 0x%02x (%s)" % (hbyte,hdict[hbyte]) # tptr+=bread if __name__ == '__main__': # 0000000000: 37 7A BC AF 27 1C 00 04 5B 38 BE F9 59 0E 00 00 # 0000000010: 00 00 00 00 23 00 00 00 00 00 00 00 7A 63 68 FD # 0000000020: 00 21 16 89 6C 71 3D AB 7D 89 E6 3C 2E BE 60 24 res = ''' 37 7A BC AF 27 1C 00 04 5B 38 BE F9 59 0E 00 00 00 00 00 00 23 00 00 00 00 00 00 00 7A 63 68 FD 00 21 16 89 6C 71 3D AB 7D 89 E6 3C 2E BE 60 24 '''.strip().translate(None, ' \n') ptypes.setsource(ptypes.prov.string(res.decode('hex'))) # 002457e0 17 06 e0 20 4f 24 01 09 88 a0 00 07 0b 01 00 02 # 002457f0 24 06 f1 07 01 0a 53 07 1f 03 65 f5 9f 71 0b f1 # 00245800 23 03 01 01 05 5d 00 40 00 00 01 00 0c 88 98 b3 # 00245810 82 0a 01 5d 29 c8 39 00 00 res = ''' 17 06 e0 20 4f 24 01 09 88 a0 00 07 0b 01 00 02 24 06 f1 07 01 0a 53 07 1f 03 65 f5 9f 71 0b f1 23 03 01 01 05 5d 00 40 00 00 01 00 0c 88 98 b3 82 0a 01 5d 29 c8 39 00 00 '''.strip().translate(None, ' \n') ptypes.setsource(ptypes.prov.string(res.decode('hex')))
sig = header['Signature'].str() # if it's compressed then use the 'zlib' structure t = EncodedDataType.withdefault(sig, type=sig) length = min(header['FileLength'].int(), self.source.size()) - header.size() return dyn.clone(t, _value_=dyn.clone(t._value_, length=length)) _fields_ = [ (Header, 'header'), (__data, 'data') ] if __name__ == '__main__': import sys import ptypes,__init__ as swf ptypes.setsource(ptypes.file('./test.swf', mode='r')) z = File # z = ptypes.debugrecurse(z) z = z() z = z.l for x in z['data']['tags']: print '-'*32 print x a = z['data']['tags'][0] print a.hexdump() print a.li.hexdump() print repr(a.l['Header'].serialize()) correct='\x44\x11\x08\x00\x00\x00'
class ImageData_Chunk(pstruct.type): _fields_ = [ (pint.uint8_t, 'Block Size'), (lambda s: dyn.block(int(s['Block Size'].li)), 'Data Values') ] class ImageData( parray.type ): length = 1 _object_ = ImageData_Chunk def isTerminator(self, v): if int(v['Block Size']) == 0: return True return False class File(pstruct.type): _fields_ = [ (Header, 'header'), (LogicalScreenDescriptor, 'screen'), (ImageDescriptor, 'image'), (ImageData, 'data') ] if __name__ == '__main__': import ptypes,gif reload(gif) ptypes.setsource( ptypes.provider.file('./poc.gif') ) z = gif.File() print z.l
_fields_ = [ (dyn.block(4), 'SettingSig'), (uInt32Number, 'SettingSize'), (verify_bitsize(uInt32Number, 8), 'numSettings'), (lambda s: dyn.array(uInt32Number, int(s['numSettings'].li)), 'Setting') ] class TextDescStruct(pstruct.type, TagStruct): signature = 'desc' _fields_ = [ (pstr.szstring, 'IsoStr'), (uInt32Number, 'UniLangCode'), (pstr.szwstring, 'UniStr'), (uInt16Number, 'MacScriptCode'), (uInt8Number, 'MacCount'), (dyn.clone(pstr.string, length=67), 'MacStr') ] if __name__ == '__main__': import ptypes from ptypes import * ptypes.setsource( provider.file('./poc.pf') ) self = ProfileFile() # print self.l self.l z = ptype.debugrecurse(DevStruct)() z.setoffset(self['tags'][0]['offset'].__int__())
'SetArray')] class SetStruct(pstruct.type): _fields_ = [(dyn.block(4), 'SettingSig'), (uInt32Number, 'SettingSize'), (verify_bitsize(uInt32Number, 8), 'numSettings'), (lambda s: dyn.array(uInt32Number, int(s['numSettings'].li)), 'Setting')] class TextDescStruct(pstruct.type, TagStruct): signature = 'desc' _fields_ = [(pstr.szstring, 'IsoStr'), (uInt32Number, 'UniLangCode'), (pstr.szwstring, 'UniStr'), (uInt16Number, 'MacScriptCode'), (uInt8Number, 'MacCount'), (dyn.clone(pstr.string, length=67), 'MacStr')] if __name__ == '__main__': import ptypes from ptypes import * ptypes.setsource(provider.file('./poc.pf')) self = ProfileFile() # print(self.l) self.l z = ptype.debugrecurse(DevStruct)() z.setoffset(self['tags'][0]['offset'].__int__())
class USER(ptype.block): type = 0x0007 @Viewport.define class CAMERA(ptype.block): type = 0x0008 @Viewport.define class LIGHT(ptype.block): type = 0x0009 @Viewport.define class DISABLED(ptype.block): type = 0x0010 @Viewport.define class BOGUS(ptype.block): type = 0x0011 ## File chunk class File(Chunk): pass if __name__ == '__main__': import ptypes, max ptypes.setsource(ptypes.prov.file('./samples/3ds/boletus.3ds', mode='rb')) z = max.File() z=z.l print z['data'] print z['data'][1]['data'][0]['data'] print z['data'][1]['data'][1] print z['data'][1]['data'][2]['data'][0]['data'] print z['data'][1]['data'][3]['data']['chunk']['data'][0]['data'] # TRI_VERTEXL print z['data'][1]['data'][3]['data']['chunk']['data'][1]['data'] # TRI_LOCAL print z['data'][1]['data'][3]['data']['chunk']['data'][2]['data'] # TRI_MAPPINGCOORS print z['data'][1]['data'][3]['data']['chunk']['data'][3] print z['data'][1]['data'][3]['data']['chunk']['data'][3]['data'] print z['data'][1]['data'][3]['data']['chunk']['data'][3]['data']['face'] print z['data'][1]['data'][3]['data']['chunk']['data'][3]['data']['facedata'][0]['data']['face'] print z['data'][1]['data'][3]['data']['chunk']['data'][3]['data']['facedata'][1]['data']
@Record.define class demx(parray.block): type = 'XMED' class chunk(pstruct.type): _fields_ = [ (dyn.clone(HEX, length=4), 'type'), (dyn.clone(HEX, length=8), 'size'), (dyn.clone(HEX, length=8), 'count'), (lambda s: dyn.block(s['size'].li.int()), 'data' ) # FIXME: add a chunktype lookup for this too ] _object_ = chunk if __name__ == '__main__': import ptypes, vector.director as director ptypes.setsource(ptypes.provider.file('./sample.dir', mode='r')) z = director.File() z = z.load() print(z['Data'][1]['ckData']['header']['unknown']) print('Number of Records:', len(z['Data'])) a = z['Data']
(Signature, 'signature'), (Attributes, 'attributes'), (__extended, 'extended'), (__padding_header, 'padding'), ] class File(pstruct.type): def __data(self): res = self['header'].li return dyn.block(res['attributes']['compressed-size'].int()) _fields_ = [ (Header, 'header'), (__data, 'data'), ] if __name__ == '__main__': import ptypes, archive.lha ptypes.setsource( ptypes.prov.file('c:/users/user/Downloads/fcgb2.lzh', mode='r')) z = archive.lha.File() z = z.l print(z.source.size()) print(z['header']['signature']) print(z['header']['attributes']) print(z['header']) print(z['header']['filename'])
## some things people people might find useful #from ptype import debug, debugrecurse from .ptype import istype, iscontainer, isinstance, undefined from .provider import file, memory from .utils import hexdump if __name__ == '__main__': import builtins, ptypes class a(ptypes.ptype.type): length = 4 data = b'\x41\x41\x41\x41' import ctypes b = ctypes.cast(ctypes.pointer(ctypes.c_buffer(data,4)), ctypes.c_void_p) ptypes.setsource(ptypes.prov.memory()) print('ptype-static-memory', builtins.isinstance(ptypes.ptype.source, ptypes.prov.memory)) print('ptype-instance-memory', builtins.isinstance(ptypes.ptype.type().source, ptypes.prov.memory)) c = a(offset=b.value).l print('type-instance-memory', c.serialize() == data) ptypes.setsource(ptypes.prov.empty()) print('ptype-static-empty', builtins.isinstance(ptypes.ptype.source, ptypes.prov.empty)) print('ptype-instance-empty', builtins.isinstance(ptypes.ptype.type().source, ptypes.prov.empty)) c = a(offset=b.value).l print('type-instance-empty', c.serialize() == b'\x00\x00\x00\x00') ptypes.setsource(ptypes.prov.memory())
type = 61471 _fields_ = [ (dyn.block(16), 'rgbUid1'), # (dyn.block(16), 'rgbUid2'), # XXX: this is conditional? (pint.uint8_t, 'tag'), (dyn.block(0), 'BLIPFileData'), # FIXME: this isn't right.. ] @Record.define class FDG(pstruct.type): type = 0xf008 _fields_ = [(pint.uint32_t,'csp'),(MSOSPID, 'spidCur')] if False: import ptypes ptypes.setsource( ptypes.provider.file('poc.xls') ) x = SpContainer() # x.setoffset(66100) x.setoffset(66360) print x.l if __name__ == '__main__': from ptypes import * import art if False: s = '\x00\x00\x00\x00\x0c\x00\x00\x00' + 'A'*30 z = art.RecordGeneral() z.source = provider.string(s)
(26, 'offset'), ] class info(pstruct.type): _fields_ = [ (u32, 'crc'), (u32, 'edition'), (u32, 'blocks'), (u32, 'files'), ] class super(pstruct.type): _fields_ = [ (u32, 'magic'), # defaults to 0x28cd3d45 (u32, 'size'), (u32, 'flags'), (u32, 'future'), (dyn.array(u8,16), 'signature'), (info, 'fsid'), (dyn.array(u8,16), 'name'), (inode, 'root'), ] if __name__ == '__main__': import ptypes,cramfs ptypes.setsource('re1000.fw') a = cramfs.super() a.setoffset(0): a=a.l
(1, 'marker_bit'), (5, 'video_bound'), (8, 'reserved_byte'), (__streamarray, 'streamarray'), ] ### class packet(pbinary.struct): _fields_ = [ (32, 'code'), (lambda s: layer.lookup(s['code']), 'data'), ] class stream(pbinary.terminatedarray): _object_ = packet def isTerminator(self, value): return type(value) == end_code class stream(pbinary.array): _object_ = packet length = 20 if __name__ == '__main__': import ptypes,mpeg # ptypes.setsource( ptypes.file('./poc-mpeg.stream') ) ptypes.setsource( ptypes.file('./poc.mov') ) reload(mpeg) a = mpeg.stream(offset=0x3ba, length=20) print a.l
class section_entry_extension(pstruct.type): class __field(pbinary.struct): _fields_ = [(4, 'unused'), (1, 'record_follows'), (2, 'unused2'), (1, 'wtf')] _fields_ = [ (uchar, 'indicator'), (uchar, 'field'), (dyn.block(30), 'vendor_criteria'), ] if __name__ == '__main__': import ptypes, fs.iso9660 as iso9660 ptypes.setsource( ptypes.provider.WindowsFile('~/downloads/6euj41uc.iso', 'r')) z = iso9660.File() z = z.l boot_sector = z['desc'][1]['data']['boot_catalog'] if False: a = iso9660.sector(offset=boot_sector * 2048).l print(a.cast(iso9660.section_validation_entry)) # print(z['iso']) # print([x for x in z['unused'] if not x.is_empty()]) # date = z['primary']['root_directory_record']['date'] # print(date) # print(date['year'].summary()) a = z['desc'][1]['data']['boot_catalog'] print(a.cast(iso9660.sectorpointer))
_fields_ = [ (IMAGE_DOS_HEADER, 'Header'), (__Extra, 'Extra'), (__Stub, 'Stub'), (__Next, 'Next'), #(__NotLoaded, 'NotLoaded'), ] if __name__ == '__main__': import sys import ptypes, pecoff.Executable if len(sys.argv) == 2: filename = sys.argv[1] ptypes.setsource(ptypes.prov.file(filename, 'rb')) z = pecoff.Executable.File() z = z.l else: filename = 'obj/kernel32.dll' ptypes.setsource(ptypes.prov.file(filename, 'rb')) for x in range(10): print(filename) try: z = pecoff.Executable.File() z = z.l break except IOError: pass filename = '../' + filename
_fields_ = [ (pint.uint8_t, 'numid'), (pint.uint8_t, 'maptyp'), (DataType, 'imgtyp'), (ColorMapSpecification, 'mapspec'), (Dimensions, 'imgdim'), (pint.uint8_t, 'pixdepth'), (pint.uint8_t, 'imgdes'), ] class File(pstruct.type): _fields_ = [ (Header, 'Header'), (ptype.block, 'Data'), ] if __name__ == '__main__': import sys import ptypes, image.targa if len(sys.argv) != 2: print("Usage: {:s} file".format( sys.argv[0] if len(sys.argv) else __file__)) sys.exit(0) ptypes.setsource(ptypes.prov.file(sys.argv[1])) a = image.targa.File() a = a.l
yield i,res continue return def iterate(self, version=8): for _,n in self.enumerate(version): yield n def repr(self): return ', '.join('{:s}/{:d}'.format(res.zone_name(), res.version()) for res in self.iterate(None)) entry = dyn.pointer(malloc_zones) if __name__ == '__main__': ab = szone_t() ab.alloc() print ab exit() import lldb import ptypes,macheap ptypes.setsource(lldbprocess(lldb.process)) modules = lldb.target.get_modules_array() sym_malloc_zones, = (m.FindSymbol('malloc_zones') for m in lldb.target.get_modules_array() if m.FindSymbol('malloc_zones').name) z = macheap.entry(offset=int(sym_malloc_zones.addr)) if __name__ == '__main__': z = macheap.szone_t().a mag_get_thread_index = _os_cpu_number() & (TINY_MAX_MAGAZINES-1) szone_t.tiny_magazines[mag_thread_index]
if len(sys.argv) != 2: six.print_("Usage: {:s} file".format( sys.argv[0] if len(sys.argv) else 'test'), file=sys.stderr) sys.exit(1) filename = sys.argv[1] L = log(sys.stderr) next(L) if not os.path.exists(filename): raise OSError( "The specified file ({:s}) does not exist.".format(filename)) ptypes.setsource(ptypes.prov.file(filename, mode='r')) L.send("Loading executable for {:s}".format(os.path.basename(filename))) z = pecoff.Executable.File() z = z.l dd = z['next']['header']['datadirectory'][14] if dd['address'].int() == 0: L.send("No IMAGE_COR20_HEADER found in executable!".format( os.path.basename(filename))) sys.exit(2) comdd = dd['address'].d.l meta = comdd['MetaData']['Address'].d.l strings = meta['StreamHeaders'].Get('#Strings')['Offset'].d #userstrings = meta['StreamHeaders'].Get('#US')['Offset'].d
_fields_ = [ (pint.uint8_t, 'boot_indicator'), (chs, 'chs_start'), (pint.uint8_t, 'type'), (chs, 'chs_end'), (pint.uint32_t, 'relative_sector'), (pint.uint32_t, 'total_sectors'), ] class common_boot_record(pstruct.type): _fields_ = [ (dyn.block(446), 'bootstrap'), (dyn.array(partition_table_entry, 4), 'partition'), (pint.uint16_t, 'mbr_signature'), ] if __name__ == '__main__': import ptypes, fs.physical as disk ptypes.setsource( ptypes.provider.WindowsFile(r'\\.\PhysicalDrive%d' % (0), 'r')) a = disk.sector() print( a.l.cast( disk.common_boot_record)['partitions'][0]['chs_start'].hexdump()) b = a.l.cast(disk.common_boot_record) print(b)
class Body(parray.block): class _object_(pstruct.type): _fields_ = [ (UI32, 'PreviousTagSize'), (FLVTAG, 'Tag'), ] def __Body(self): ex = self['Header'].li['DataOffset'].int() return dyn.clone(self.Body, blocksize=lambda s: self.source.size() - ex) _fields_ = [ (Header, 'Header'), (__Body, 'Body'), ] if __name__ == '__main__': import ptypes, swf.flv as flv ptypes.setsource( ptypes.prov.file('c:/users/user/Documents/blah.flv', mode='rb')) reload(flv) a = flv.File() a = a.l print a['Header']['TypeFlags'] print a['Header'] print a['Header']['Padding'].hexdump() print a['Body'][0]['Tag'] print a['Body'][0]['Tag']['TagData']
('UniqueProcessId', ctypes.c_uint32), ('Reserved3', ctypes.c_uint32)] pbi = ProcessBasicInformation() res = nt.NtQueryInformationProcess(handle, 0, ctypes.byref(pbi), ctypes.sizeof(pbi), None) return pbi # grab process handle if len(sys.argv) > 1: pid = int(sys.argv[1]) print 'opening process %d'% pid handle = openprocess(pid) else: handle = getcurrentprocess() print 'using current process' ptypes.setsource(ptypes.provider.WindowsProcessHandle(handle)) # grab peb import ndk pebaddress = getPBIObj(handle).PebBaseAddress z = ndk.PEB(offset=pebaddress).l # grab heap if len(sys.argv) > 2: heaphandle = eval(sys.argv[2]) for x in z['ProcessHeaps'].d.l: print hex(x.int()),hex(heaphandle) if x.int() == heaphandle: b = x break continue
class File(pstruct.type): _fields_ = [ (CFHEADER, 'header'), (lambda s: dyn.array(CFFOLDER, s['header'].li['cFolders'].int()), 'folders'), # (lambda s: dyn.array(CFFILE, s['header']['cFiles'].int()), 'files'), # (lambda s: dyn.block(s['header']['cbCabinet'].int() - s['header'].size()-s['folders'].size()-s['files'].size()), 'data'), # (dyn.block(s['header']['cbCabinet'].int() - s['header'].size()-s['folders'].size()-s['files'].size()), 'data'), ] if __name__ == '__main__': import sys, ptypes, archive.cab as cab ptypes.setsource(ptypes.file('~/shit/test/Windows6.1-KB2705219-x86.cab')) a = cab.File() a = a.l print(a['header']['cbCabinet'].int()) print(a['header']['cbCabinet']) print(a['folders'][0]['typeCompress'].summary()) print(a['folders'][0]['coffCabStart'].d.l) b = a['header']['coffFiles'].d.l for x in b: print(x['uoffFolderStart']) print(b[1]) print(b[1]['uoffFolderStart'].d.l.hexdump())
(BYTE, 'skip'), (BYTE, 'count'), (lambda s: dyn.block( (s['count'].li.int() & 0x80) and 1 or s['count'].li.int() & 0x7f), 'data') #XXX ] class Line(pstruct.type): _fields_ = [(BYTE, 'numpackets'), (lambda s: dyn.array(LinePacket, s['numpackets'].li.int()), 'packets')] @ChunkType.define class DELTA_FLI(pstruct.type): type = 12 _fields_ = [(WORD, 'skip'), (WORD, 'numlines'), (lambda s: dyn.array(Line, s['numlines'].li.int()), 'lines')] if __name__ == '__main__': import ptypes, flic reload(flic) ptypes.setsource(ptypes.file('./test.fli')) # ptypes.setsource( ptypes.file('./janmar90.flc') ) z = ptypes.debugrecurse(flic.File)() z = z.l print z
(lambda s: dyn.array(s.Entry, int(s['count'].li)), 'entry'), (dyn.pointer(Directory,type=pint.uint32_t), 'next') ] class Header(pstruct.type): def __directory(self): signature = self['signature'].li.serialize() if signature == '\x4d\x4d\x00\x2a': # bigendian return dyn.pointer(Directory) if signature == '\x49\x49\x2a\x00': # little-endian pass # XXX: I haven't encountered this yet raise NotImplementedError(signature) _fields_ = [ # (pint.uint16_t, 'byteorder'), # (pint.uint16_t, 'id'), (pint.uint32_t, 'signature'), # ('\x49\x49\x2a\x00', '\x4d\x4d\x00\x2a') (dyn.pointer(Directory,type=pint.uint32_t), 'directory'), ] class File(Header): pass if __name__ == '__main__': import ptypes,tiff ptypes.setsource( ptypes.file('./0.tif') ) a = tiff.File() a = a.l
yield n def repr(self): return ', '.join('{:s}/{:d}'.format(res.zone_name(), res.version()) for res in self.iterate(None)) entry = dyn.pointer(malloc_zones) if __name__ == '__main__': ab = szone_t() ab.alloc() print ab exit() import lldb import ptypes, macheap ptypes.setsource(lldbprocess(lldb.process)) modules = lldb.target.get_modules_array() sym_malloc_zones, = (m.FindSymbol('malloc_zones') for m in lldb.target.get_modules_array() if m.FindSymbol('malloc_zones').name) z = macheap.entry(offset=int(sym_malloc_zones.addr)) if __name__ == '__main__': z = macheap.szone_t().a mag_get_thread_index = _os_cpu_number() & (TINY_MAX_MAGAZINES - 1) szone_t.tiny_magazines[mag_thread_index]
class ImageTableData_Chunk(pstruct.type): _fields_ = [(pint.uint8_t, 'CodeSize'), (ptype.type, 'something')] class ImageData_Chunk(pstruct.type): _fields_ = [(pint.uint8_t, 'Block Size'), (lambda s: dyn.block(int(s['Block Size'].li)), 'Data Values')] class ImageData(parray.type): length = 1 _object_ = ImageData_Chunk def isTerminator(self, v): if int(v['Block Size']) == 0: return True return False class File(pstruct.type): _fields_ = [(Header, 'header'), (LogicalScreenDescriptor, 'screen'), (ImageDescriptor, 'image'), (ImageData, 'data')] if __name__ == '__main__': import ptypes, image.gif as gif ptypes.setsource(ptypes.provider.file('./poc.gif')) z = gif.File() print(z.l)
if len(p) > 0: p, rest = unpack(*p) entry = res.Entry(p) if entry is None: raise LookupError(p, rest, res) return followresource(rest, entry.li) return res.li def unpack(first, *rest): return first, rest if __name__ == '__main__': import sys,logging import ptypes,pecoff _ = args() res = _.parse_args() if figureargs(res) is None: _.print_usage() sys.exit(1) infile = ptypes.prov.filebase(res.infile) ptypes.setsource(infile) z = pecoff.Executable.File(source=infile) z = z.l result = None figureargs(res)(z, format=res.format, output=res.output) globals().pop('res')
return dyn.clone(pointer, recurse=dict(byteorder=bo)) def __data(self): res = self['header'].li.size() + self['pointer'].li.size() if isinstance(self.source, ptypes.prov.bounded): return dyn.block(self.source.size() - res) return ptype.undefined _fields_ = [ (Header, 'header'), (__pointer, 'pointer'), (__data, 'data'), ] if __name__ == '__main__': import ptypes, image.tiff as tiff ptypes.setsource(ptypes.file('sample.tif')) a = tiff.File() a = a.l for n in a['pointer'].d.l.iterate(): print(n.l) if not isinstance(n['value'], ptypes.ptype.undefined): print(n['value']) continue assert not isinstance(n['pointer'], ptypes.ptype.undefined) for v in n['pointer'].d.l: print(v) continue
class Bin(pstruct.type): _fields_ = [ (BinHeader, 'header'), (lambda self: dyn.block(self['header'].li['size'].int() - self[ 'header'].size()), 'data'), ] class Cell(pstruct.type): _fields_ = [ (pint.uint32_t, 'size'), (lambda self: dyn.block(self['size'].li.int()), 'data'), ] if __name__ == '__main__': import ptypes source = ptypes.setsource(ptypes.prov.file('./Amcache.hve', mode='rb')) z = Header().l print(z['guidSignature'].hexdump()) print(z['lastReorganizedTimestamp']) print(z['reserved_a0'].hexdump()) print(z['reserved_b0'].hexdump()) a = Bin(offset=z.getoffset() + z.size()).l print(ptype.block(offset=a.getoffset() + a.size(), length=0x40).l) b = Bin(offset=a.getoffset() + a.size()).l print(ptype.block(offset=b.getoffset() + b.size(), length=0x40).l)
(uint32, 'length'), ] _fields_ = [ (Fixed, 'version'), (uint16, 'numTables'), (uint16, 'searchRange'), (uint16, 'entrySelector'), (uint16, 'rangeShift'), (lambda s: dyn.array(s.Entry, s['numTables'].li.int()), 'tables'), ] if __name__ == '__main__': import ptypes, vector.ttf as ttf ptypes.setsource(ptypes.file('./cour.ttf', 'rb')) #t = dyn.block(ptypes.ptype.type.source.size()) #a = t() #a = a.l b = ttf.File() b = b.l print('\n'.join( map(repr, ((i, x['tag'].summary()) for i, x in enumerate(b['tables']))))) if 'tables' and False: print(b['tables'][0]['offset'].d.l.hexdump()) print(b['tables'][1]['offset'].d.l.hexdump()) print(b['tables'][8]['offset'].d.l.hexdump())
return dyn.block(sz - h.size()) class Body(parray.block): class _object_(pstruct.type): _fields_ = [ (UI32, 'PreviousTagSize'), (FLVTAG, 'Tag'), ] def __Body(self): ex = self['Header'].li['DataOffset'].int() return dyn.clone(self.Body, blocksize=lambda s:self.source.size() - ex) _fields_ = [ (Header, 'Header'), (__Body, 'Body'), ] if __name__ == '__main__': import ptypes,swf.flv as flv ptypes.setsource(ptypes.prov.file('c:/users/user/Documents/blah.flv',mode='rb')) reload(flv) a = flv.File() a = a.l print a['Header']['TypeFlags'] print a['Header'] print a['Header']['Padding'].hexdump() print a['Body'][0]['Tag'] print a['Body'][0]['Tag']['TagData']
(UINT32, 'packet_count_for_this_packet'), ] ### class File(parray.terminated): _object_ = RealMedia_Header def isTerminator(self, value): l = len(self.value) if l > 0: return l > self.value[0]['object']['num_headers'].int() + 1 return False if __name__ == '__main__': import sys import ptypes,rmff ptypes.setsource( ptypes.file(sys.argv[1], mode='rb') ) self = rmff.File() z = self.l print len(self.value) # offset = 0x16f # print self.at(offset) # typespecific = self[3]['object']['type_specific_data'] mdpr = [x for x in self.traverse(filter=lambda x: type(x) == rmff.RealMedia_Header) if x['object_id'].serialize() == 'MDPR'] for x in mdpr: print x.__name__, x['object']['mime_type']
class info(pstruct.type): _fields_ = [ (u32, 'crc'), (u32, 'edition'), (u32, 'blocks'), (u32, 'files'), ] class super(pstruct.type): _fields_ = [ (u32, 'magic'), # defaults to 0x28cd3d45 (u32, 'size'), (u32, 'flags'), (u32, 'future'), (dyn.array(u8, 16), 'signature'), (info, 'fsid'), (dyn.array(u8, 16), 'name'), (inode, 'root'), ] if __name__ == '__main__': import ptypes, fs.cramfs as cramfs ptypes.setsource('re1000.fw') a = cramfs.super() a.setoffset(0) a = a.l
(_row(method_info, 'method_count'), 'method'), (u30, 'metadata_count'), (_row(metadata_info, 'metadata_count'), 'metadata'), (u30, 'class_count'), (_row(instance_info, 'class_count'), 'instance'), (_row(class_info, 'class_count'), 'class'), (u30, 'script_count'), (_row(script_info, 'script_count'), 'script'), (u30, 'method_body_count'), (_row(method_body_info, 'method_body_count'), 'method_body'), ] if __name__ == '__main__': import ptypes,as3,stypes from ptypes import * ptypes.setsource(prov.file('./tag-abcfile.bin','r')) #0000000: 0100 0000 0010 002e 00 #0000000 00 0000 2200 0476 ............"..v b = as3.abcFile(offset=5) b=b.l # print b['minor_version'].l # print b['major_version'].l # c = b['constant_pool'].l # print c.keys() # for k,v in c.items(): # print k # print v # print c
(BYTE, 'skip'), (BYTE, 'count'), (lambda s: dyn.block((int(s['count'].li)&0x80) and 1 or int(s['count'].li)&0x7f ), 'data') #XXX ] class Line(pstruct.type): _fields_ = [ (BYTE, 'numpackets'), (lambda s: dyn.array(LinePacket, int(s['numpackets'].li)), 'packets') ] class DELTA_FLI(Chunk): type = 12 _fields_ = [ (WORD, 'skip'), (WORD, 'numlines'), (lambda s: dyn.array(Line, int(s['numlines'].li)), 'lines') ] chunkLookup = dict([(cls.type, cls) for cls in globals().values() if type(cls) is type and cls is not Chunk and issubclass(cls, Chunk)]) if __name__ == '__main__': import ptypes,flic reload(flic) ptypes.setsource( ptypes.file('./test.fli') ) # ptypes.setsource( ptypes.file('./janmar90.flc') ) z = ptypes.debugrecurse(flic.File)() z = z.l print z
import ptypes, pecoff from ptypes import * ptypes.setsource(ptypes.prov.file('c:/windows/sysnative/ntdll.dll', 'r')) z = pecoff.Executable.File() z = z.l a = z['next']['header']['datadirectory'][4]['Address'].d.l a = z['next']['header']['certificate'] #print a['bCertificate'].hexdump() c = a[0]['bCertificate'] file('./ntdll.cert.pkcs7', 'wb').write(c.serialize()) print c.hexdump(lines=1) import ber reload(ber) d = c.cast(ber.Record, recurse={'byteorder': ptypes.config.byteorder.bigendian}) print d['value'] print d['value'][0] print d['value'][1]['Value'] e = d['value'][1]['Value'].cast(ber.Record) print e['Value'][0] print e['Value'][1]['Value'][0] print e['Value'][2]['Value'][0] print e['Value'][2]['Value'][1]['Value'] f = e['Value'][2]['Value'][1]['Value'].cast(ber.Record) print f['Value'][0]['Value'][0] print f['Value'][0]['Value'][1]['Value'][0] print f['Value'][0]['Value'][1]['Value'][1]['Value'].cast(
import pecoff,ptypes from ptypes import * ptypes.setsource( ptypes.prov.file('./kernel32.dll', mode='r') ) a = pecoff.Executable.File() a=a.l exp = a['Next']['Header']['DataDirectory'][0]['Address'].d.l imp = a['Next']['Header']['DataDirectory'][1]['Address'].d.l b = a['next']['header']['datadirectory'] print b[12] print b[13] print b[10]['address'].d.l # exports print exp.getNames() print exp.getNameOrdinals() print exp.getExportAddressTable() print '\n'.join(map(repr,exp.iterateExports())) # imports b = imp[5] print b['Name'].d.l.str() print '\n'.join(map(repr,b.iterateImports())) c = b['INT'].d.l[0] print c['Name'].deref() print c['Name'].getName() print c['Name'] print c['Name'].details() print c['Name'].summary()
(u30, 'metadata_count'), (_row(metadata_info, 'metadata_count'), 'metadata'), (u30, 'class_count'), (_row(instance_info, 'class_count'), 'instance'), (_row(class_info, 'class_count'), 'class'), (u30, 'script_count'), (_row(script_info, 'script_count'), 'script'), (u30, 'method_body_count'), (_row(method_body_info, 'method_body_count'), 'method_body'), ] if __name__ == '__main__': import ptypes, vector.swf.as3 as as3, vector.swf.stypes as stypes from ptypes import * ptypes.setsource(prov.file('./tag-abcfile.bin', 'r')) #0000000: 0100 0000 0010 002e 00 #0000000 00 0000 2200 0476 ............"..v b = as3.abcFile(offset=5) b = b.l # print(b['minor_version'].l) # print(b['major_version'].l) # c = b['constant_pool'].l # print(c.keys()) # for k,v in c.items(): # print(k) # print(v) # print(c)
class sector(dyn.block(512)): pass class partition_table_entry(pstruct.type): class chs(pbinary.struct): _fields_ = [(8,'head'),(6,'sector'),(10,'cylinder')] _fields_ = [ (pint.uint8_t, 'boot_indicator'), (chs, 'chs_start'), (pint.uint8_t, 'type'), (chs, 'chs_end'), (pint.uint32_t, 'relative_sector'), (pint.uint32_t, 'total_sectors'), ] class common_boot_record(pstruct.type): _fields_ = [ (dyn.block(446), 'bootstrap'), (dyn.array(partition_table_entry, 4), 'partition'), (pint.uint16_t, 'mbr_signature'), ] if __name__ == '__main__': import disk,ptypes ptypes.setsource(ptypes.provider.WindowsFile(r'\\.\PhysicalDrive%d'% (0), 'r')) a = disk.sector() print a.l.cast(disk.common_boot_record)['partitions'][0]['chs_start'].hexdump() b = a.l.cast(disk.common_boot_record) print b
header = self['Header'].li sig = header['Signature'].str() # if it's compressed then use the 'zlib' structure t = EncodedDataType.withdefault(sig, type=sig) length = min(header['FileLength'].int(), self.source.size()) - header.size() return dyn.clone(t, _value_=dyn.clone(t._value_, length=length)) _fields_ = [(Header, 'header'), (__data, 'data')] if __name__ == '__main__': import sys import ptypes, __init__ as swf ptypes.setsource(ptypes.file('./test.swf', mode='r')) z = File # z = ptypes.debugrecurse(z) z = z() z = z.l for x in z['data']['tags']: print '-' * 32 print x a = z['data']['tags'][0] print a.hexdump() print a.li.hexdump() print repr(a.l['Header'].serialize()) correct = '\x44\x11\x08\x00\x00\x00'
if len(p) > 0: p, rest = unpack(*p) entry = res.Entry(p) if entry is None: raise LookupError(p, rest, res) return followresource(rest, entry.li) return res.li def unpack(first, *rest): return first, rest if __name__ == '__main__': import sys,logging import ptypes,pecoff _ = args() res = _.parse_args() if figureargs(res) is None: _.print_usage() sys.exit(1) infile = ptypes.prov.fileobj(res.infile) ptypes.setsource(infile) z = pecoff.Executable.File(source=infile) z = z.l result = None figureargs(res)(z, format=res.format, output=res.output) globals().pop('res')
class section_entry_extension(pstruct.type): class __field(pbinary.struct): _fields_ = [(4,'unused'),(1,'record_follows'),(2,'unused2'),(1,'wtf')] _fields_ = [ (uchar, 'indicator'), (uchar, 'field'), (dyn.block(30), 'vendor_criteria'), ] if __name__ == '__main__': import ptypes,iso9660 reload(iso9660) reload(ptypes.provider) ptypes.setsource(ptypes.provider.WindowsFile('~/downloads/6euj41uc.iso', 'r')) z = iso9660.File() z = z.l boot_sector = z['desc'][1]['data']['boot_catalog'] if False: a = iso9660.sector(offset=boot_sector*2048).l print a.cast(iso9660.section_validation_entry) # print z['iso'] # print [x for x in z['unused'] if not x.is_empty()] # date = z['primary']['root_directory_record']['date'] # print date # print date['year'].summary() a = z['desc'][1]['data']['boot_catalog'] print a.cast(iso9660.sectorpointer)
(UI16, 'Top'), (UI16, 'Left'), (UI16, 'Bottom'), (UI16, 'Right'), ] @Boxes.define class blnk(pstruct.type): _fields_ = [ (UI16, 'StartChar'), (UI16, 'EndChar'), ] @Boxes.define class twrp(pstruct.type): _fields_ = [ (UI8, 'WrapFlag'), ] ### file types class File(BOX): pass if __name__ == '__main__': import ptypes, swf.f4v as f4v ptypes.setsource('c:/users/user/Documents/blah.flv', mode='rb')
(float, 'white_level'), (float, 'integration_times'), (dyn.block(76), 'reserved'), ] class DpxMainHeader(pstruct.type): _fields_ = [ (DpxFileHeader, 'fileHeader'), (DpxImageHeader, 'imageHeader'), (DpxOrientationHeader, 'orientationHeader'), (DpxFilmHeader, 'filmHeader'), (DpxTelevisionHeader, 'televisionHeader'), ] class File(pstruct.type): _fields_ = [ (DpxMainHeader, 'header'), ] if __name__ == '__main__': import sys import ptypes, image.dpx if len(sys.argv) != 2: print "Usage: {:s} file".format(sys.argv[0] if len(sys.argv) else __file__) sys.exit(0) ptypes.setsource(ptypes.prov.file(sys.argv[1])) a = image.dpx.File() a = a.l
def alloc(self, **fields): res = super(CRG, self).alloc(**fields) return res if operator.contains(fields, 'Lcrg') else res.set(Lcrg=res.size()) @Marker.define class COM(pstruct.type): def __content(self): length, fields = self['Lcom'].li, ['Lcom', 'Rcom'] return dyn.clone(pstr.string, length=length.int() - sum(self[fld].li.size() for fld in fields)) _fields_ = [ (u16, 'Lcom'), (u16, 'Rcom'), (__content, 'Ccom'), ] def alloc(self, **fields): res = super(COM, self).alloc(**fields) return res if operator.contains(fields, 'Lcom') else res.set(Lcom=res.size()) if __name__ == '__main__': import ptypes, image.jpeg.jp2 as jp2 ptypes.setsource(ptypes.prov.file('logo.jp2', mode='r')) z = jp2.File().l print(z[3]['data'].decode()) a = ptype.block(offset=z.getoffset()+z.size(), length=0x100).l print(a.hexdump())
return self['data']['length'].int() pdu = property(fget=lambda s: s['data']['data']) ### entry point class Stream(parray.infinite): _object_ = TPKT File=Stream if __name__ == '__main__': import ptypes,analyze reload(analyze) ptypes.setbyteorder(ptypes.config.byteorder.littleendian) # ptypes.setsource(ptypes.file('./termdd_1.dat')) ptypes.setsource(ptypes.file('./blah.dat')) from analyze import * z = analyze.Stream() z = z.l # for x in z: # print x if False: a = TPKT() a = a.l print a['data'] b = TPDU(offset=a.getoffset()+a.size()) b = b.l
# VolumeLabelOffset: (4 bytes, offset 0x0133), 0x00000010, indicates that Volume Label Offset Unicode is not specified and references offset 0x0137 where the Volume Label is stored. # Data: (1 byte, offset 0x0137), "" an empty character string. # LocalBasePath: (14 bytes, offset 0x0138), because VolumeIDAndLocalBasePath is set, the character string "c:\test\a.txt" is present. # CommonPathSuffix: (1 byte, offset 0x0146), "" an empty character string. # Because HasRelativePath is set, the RELATIVE_PATH StringData structure (section 2.4) follows: # CountCharacters: (2 bytes, offset 0x0147), 0x0007 Unicode characters. # String (14 bytes, offset 0x0149), the Unicode string: ".\a.txt". # Because HasWorkingDir is set, the WORKING_DIR StringData structure (section 2.4) follows: # CountCharacters: (2 bytes, offset 0x0157), 0x0007 Unicode characters. # String (14 bytes, offset 0x0159), the Unicode string: "c:\test". # Extra data section: (100 bytes, offset 0x0167), an ExtraData structure (section 2.5) follows: # ExtraDataBlock (96 bytes, offset 0x0167), the TrackerDataBlock structure (section 2.5.10) follows: # BlockSize: (4 bytes, offset 0x0167), 0x00000060 # BlockSignature: (4 bytes, offset 0x016B), 0xA000003, which identifies the TrackerDataBlock structure (section 2.5.10). # Length: (4 bytes, offset 0x016F), 0x00000058, the required minimum size of this extra data block. # Version: (4 bytes, offset 0x0173), 0x00000000, the required version. # MachineID: (16 bytes, offset 0x0177), the character string "chris-xps", with zero fill. # Droid: (32 bytes, offset 0x0187), 2 GUID values. # DroidBirth: (32 bytes, offset 0x01A7), 2 GUID values. # TerminalBlock: (4 bytes, offset 0x01C7), 0x00000000 indicates the end of the extra data section. import ptypes, lnkfile from lnkfile import * #importlib.reload(lnkfile) source = ptypes.setsource(ptypes.prov.bytes(data)) z = File() z = z.l print(z)
print '%s: %r'% (name,e) return True except Failure,e: print '%s: %r'% (name,e) except Exception,e: print '%s: %r : %r'% (name,Failure(), e) return False TestCaseList.append(harness) return fn if __name__ == '__main__': import ptypes,zlib from ptypes import * from ptypes import config ptypes.setsource(ptypes.provider.string('A'*50000)) string1='ABCD' # bigendian string2='DCBA' # littleendian s1 = 'the quick brown fox jumped over the lazy dog' s2 = s1.encode('zlib') @TestCase def test_dynamic_union_rootstatic(): import dynamic,pint,parray class test(dynamic.union): root = dynamic.array(pint.uint8_t,4) _fields_ = [ (dynamic.block(4), 'block'), (pint.uint32_t, 'int'),
### class packet(pbinary.struct): _fields_ = [ (32, 'code'), (lambda s: layer.lookup(s['code']), 'data'), ] class stream(pbinary.terminatedarray): _object_ = packet def isTerminator(self, value): return type(value) == end_code class stream(pbinary.array): _object_ = packet length = 20 if __name__ == '__main__': import ptypes, mpeg # ptypes.setsource( ptypes.file('./poc-mpeg.stream') ) ptypes.setsource(ptypes.file('./poc.mov')) reload(mpeg) a = mpeg.stream(offset=0x3ba, length=20) print a.l