def __init__(self, wordsize):
vstruct.VStruct.__init__(self)
if wordsize == 4:
v_word = v_uint32
elif wordsize == 8:
v_word = v_uint64
else:
raise ValueError('unexpected wordsize')
"""
v7.0:
nodeid: ff000002 tag: S index: 0x41b994
00000000: 69 64 61 00 BC 02 6D 65 74 61 70 63 00 00 00 00 ida...metapc....
00000010: 00 00 00 00 00 00 A3 00 0B 02 00 00 14 00 00 00 ................
00000020: 0B 00 00 00 00 00 00 00 F7 FF FF DF 03 00 00 00 ................
00000030: 00 00 00 00 FF FF FF FF 01 00 00 00 95 16 90 68 ...............h
00000040: 95 16 90 68 FF FF FF FF FF FF FF FF 00 10 90 68 ...h...........h
00000050: 30 E2 9D 68 00 10 90 68 30 E2 9D 68 00 10 90 68 0..h...h0..h...h
00000060: 00 70 9E 68 10 00 00 00 00 00 00 FF 00 00 10 FF .p.h............
00000070: 00 00 00 00 00 02 01 0F 0F 00 40 40 00 00 00 00 ..........@@....
00000080: 00 00 00 00 00 00 00 00 00 00 02 06 67 BE A3 0E ............g...
00000090: 07 00 40 06 00 07 00 18 28 00 50 00 54 03 00 00 ..@.....(.P.T...
000000A0: 01 00 00 00 01 1B 0A 00 00 00 00 00 61 00 00 00 ............a...
000000B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000C0: 07 00 00 00 00 01 33 04 01 04 00 02 04 08 08 00 ......3.........
000000D0: 00 00 00 00 00 00 00 00 ........
v6.95:
00000000: 49 44 41 B7 02 6D 65 74 61 70 63 00 00 23 00 0B IDA..metapc..#..
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF ................
00000020: FF FF FF 95 16 90 68 95 16 90 68 00 10 90 68 30 ......h...h...h0
00000030: E2 9D 68 00 10 90 68 30 E2 9D 68 00 10 90 68 00 ..h...h0..h...h.
00000040: 70 9E 68 10 00 00 00 0A 00 00 18 00 01 00 00 02 p.h.............
00000050: 01 01 00 01 02 01 01 00 00 00 00 00 0F 08 00 09 ................
00000060: 06 00 01 01 1B 07 61 00 00 00 00 00 00 00 00 00 ......a.........
00000070: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 ................
00000080: 01 01 FF FF FF FF 01 00 00 00 FF FF FF FF 67 BE ..............g.
00000090: A3 0E 07 00 40 06 07 00 00 00 00 00 00 00 FD BF ....@...........
000000A0: 0F 00 28 00 50 00 40 40 00 00 00 00 00 00 00 00 ..(.P.@@........
000000B0: 00 00 00 00 00 00 02 01 33 04 01 04 00 02 04 08 ........3.......
000000C0: 14 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 ................
000000D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ................
000000E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
"""
self.tag = v_str(size=0x3) # 'IDA' below 7.0, 'ida' in 7.0
self.zero = v_bytes(size=0x0)
self.version = v_uint16()
self.procname_size = v_bytes(size=0x0)
# 8 bytes for < 7.0
# 16 bytes for >= 7.0
self.procname = v_str(size=0x10)
self.lflags = v_uint8()
self.demnames = v_uint8()
self.filetype = v_uint16()
def c_getVsArray(self, ardecl):
cls, size = self._getVsChildElements(ardecl)
# Special case char arrays into v_bytes
if cls == vs_prim.v_int8:
return lambda: vs_prim.v_str(size=size)
return lambda: vstruct.VArray([cls() for i in xrange(size)])
def c_getVsArray(self, ardecl):
cls, size = self._getVsChildElements(ardecl)
# Special case char arrays into v_bytes
if cls == vs_prim.v_int8:
return lambda: vs_prim.v_str(size=size)
return lambda: vstruct.VArray( [ cls() for i in range(size) ] )
def vsParse(self, bytez, offset, fast=True):
super(DNetMetaDataHeader, self).vsParse(bytez, offset, fast)
here = 0x10 + offset
version_end_offset = here + self.nVersionLength
sVersion = bytez[here:version_end_offset]
self.sVersion = vp.v_str(len(sVersion))
self.sVersion = sVersion
sFlags = bytez[version_end_offset:version_end_offset + 2]
self.nFlags = vp.v_uint16(struct.unpack("<H", sFlags)[0])
sNumberOfStreams = bytez[version_end_offset + 2:version_end_offset + 4]
self.nNumberOfSteams = vp.v_uint16(
struct.unpack("<H", sNumberOfStreams)[0])
def vsParse(self, bytez, offset, fast=True):
super(DNetStreamInfo, self).vsParse(bytez, offset, fast)
here = offset + len(self)
_s = []
offset = here
while bytez[offset] != '\x00':
_s.append(bytez[offset])
offset += 1
_slen = len(_s)
nblocks = (_slen // DWORD_SIZE) + 1
slen = nblocks * DWORD_SIZE
self.sName = vp.v_str(slen)
sName = bytez[here:here + slen]
self.sName = sName
def __init__(self):
vstruct.VStruct.__init__(self)
self.header = v_uint8()
self.length = v_uint8()
self.s = v_str()
def __init__(self, length_is_total=True):
vstruct.VStruct.__init__(self)
self.length = v_uint8()
self.s = v_str()
self.length_is_total = length_is_total
