コード例 #1
0
ファイル: mov.py プロジェクト: pedro2d10/SickRage-FR 
 def createFields(self):
     yield UInt8(self, "version", "Version")
     yield NullBits(self, "flags", 23)
     yield Bit(self, "is_same_file", "Is the reference to this file?")
     if not self['is_same_file'].value:
         yield CString(self, "name")
         yield CString(self, "location")
コード例 #2
0
def parseDeclareFunction(parent, size):
    yield CString(parent, "name")
    argCount = UInt16(parent, "arg_count")
    yield argCount
    for i in range(argCount.value):
        yield CString(parent, "arg[]")
    yield UInt16(parent, "function_length")
コード例 #3
0
    def createFields(self):
        # Gzip header
        yield Bytes(self, "signature", 2, r"GZip file signature (\x1F\x8B)")
        yield Enum(UInt8(self, "compression", "Compression method"),
                   self.COMPRESSION_NAME)

        # Flags
        yield Bit(self, "is_text", "File content is probably ASCII text")
        yield Bit(self, "has_crc16", "Header CRC16")
        yield Bit(self, "has_extra", "Extra informations (variable size)")
        yield Bit(self, "has_filename", "Contains filename?")
        yield Bit(self, "has_comment", "Contains comment?")
        yield NullBits(self, "reserved[]", 3)
        yield TimestampUnix32(self, "mtime", "Modification time")

        # Extra flags
        yield NullBits(self, "reserved[]", 1)
        yield Bit(self, "slowest",
                  "Compressor used maximum compression (slowest)")
        yield Bit(self, "fastest", "Compressor used the fastest compression")
        yield NullBits(self, "reserved[]", 5)
        yield Enum(UInt8(self, "os", "Operating system"), self.os_name)

        # Optional fields
        if self["has_extra"].value:
            yield UInt16(self, "extra_length", "Extra length")
            yield RawBytes(self, "extra", self["extra_length"].value, "Extra")
        if self["has_filename"].value:
            yield CString(self, "filename", "Filename", charset="ISO-8859-1")
        if self["has_comment"].value:
            yield CString(self, "comment", "Comment")
        if self["has_crc16"].value:
            yield textHandler(UInt16(self, "hdr_crc16", "CRC16 of the header"),
                              hexadecimal)

        if self._size is None:  # TODO: is it possible to handle piped input?
            raise NotImplementedError()

        # Read file
        size = (self._size - self.current_size) // 8 - 8  # -8: crc32+size
        if 0 < size:
            if self["has_filename"].value:
                filename = self["filename"].value
            else:
                for tag, filename in self.stream.tags:
                    if tag == "filename" and filename.endswith(".gz"):
                        filename = filename[:-3]
                        break
                else:
                    filename = None
            yield Deflate(SubFile(self, "file", size, filename=filename))

        # Footer
        yield textHandler(
            UInt32(self, "crc32", "Uncompressed data content CRC32"),
            hexadecimal)
        yield filesizeHandler(UInt32(self, "size", "Uncompressed size"))
コード例 #4
0
 def createFields(self):
     yield Enum(UInt8(self, "charset"), ID3_StringCharset.charset_desc)
     charset = getCharset(self["charset"])
     yield CString(self, "mime", "MIME type", charset=charset)
     yield Enum(UInt8(self, "pict_type"), ID3_Picture23.pict_type_name)
     yield CString(self, "description", charset=charset)
     size = (self._size - self._current_size) / 8
     if size:
         yield RawBytes(self, "img_data", size)
コード例 #5
0
 def createFields(self):
     yield Enum(UInt8(self, "charset"), self.charset_desc)
     charset = getCharset(self["charset"])
     yield CString(self, "mime", "MIME type", charset=charset)
     yield CString(self, "filename", "File name", charset=charset)
     yield CString(self, "description", "Content description", charset=charset)
     size = (self.size - self.current_size) // 8
     if not size:
         return
     yield String(self, "text", size, "Text", charset=charset)
コード例 #6
0
    def createFields(self):
        yield UInt16(self, "size", "Node size (in bytes)")
        yield UInt16(self, "data_size")
        yield Enum(UInt16(self, "type"), self.TYPE_NAME)
        yield CString(self, "name", charset="UTF-16-LE")

        size = paddingSize(self.current_size//8, 4)
        if size:
            yield NullBytes(self, "padding[]", size)
        size = self["data_size"].value
        if size:
            if self["type"].value == self.TYPE_STRING:
                if self.is_32bit:
                    size *= 2
                yield String(self, "value", size, charset="UTF-16-LE", truncate="\0")
            elif self["name"].value == "VS_VERSION_INFO":
                yield VersionInfoBinary(self, "value", size=size*8)
                if self["value/file_flags_mask"].value == 0:
                    self.is_32bit = False
            else:
                yield RawBytes(self, "value", size)
        while 12 <= (self.size - self.current_size) // 8:
            yield VersionInfoNode(self, "node[]", self.is_32bit)
        size = (self.size - self.current_size) // 8
        if size:
            yield NullBytes(self, "padding[]", size)
コード例 #7
0
 def createFields(self):
     yield CString(self, "signature", "Photoshop version")
     if self["signature"].value == "Photoshop 3.0":
         while not self.eof:
             yield Photoshop8BIM(self, "item[]")
     else:
         size = (self._size - self.current_size) / 8
         yield RawBytes(self, "rawdata", size)
コード例 #8
0
ファイル: cab.py プロジェクト: eduardoburgoa/hachoir_parser 
 def createFields(self):
     yield filesizeHandler(
         UInt32(self, "filesize", "Uncompressed file size"))
     yield UInt32(self, "offset", "File offset after decompression")
     yield UInt16(self, "iFolder", "file control id")
     yield DateTimeMSDOS32(self, "timestamp")
     yield MSDOSFileAttr16(self, "attributes")
     yield CString(self, "filename", charset="ASCII")
コード例 #9
0
 def createFields(self):
     yield UInt8(self, "size",
                 "Total length of this FFN in bytes, minus 1")
     self._size = self["size"].value * 8 + 8
     yield Bits(self, "prq", 2, "Pitch request")
     yield Bit(self, "fTrueType", "Is font a TrueType font?")
     yield Bits(self, "reserved[]", 1)
     yield Bits(self, "ff", 3, "Font Family ID")
     yield Bits(self, "reserved[]", 1)
     yield UInt16(self, "wWeight", "Base weight of font")
     yield UInt8(self, "chs", "Character set identifier")
     yield UInt8(self, "ixchSzAlt",
                 "Index into name to the name of the alternate font")
     yield RawBytes(self, "panose", 10)
     yield RawBytes(self, "fs", 24, "Font Signature")
     yield CString(self, "name", charset="UTF-16-LE")
     if self["ixchSzAlt"].value != 0:
         yield CString(self, "nameAlt", charset="UTF-16-LE")
コード例 #10
0
 def createFields(self):
     yield Enum(UInt8(self, "charset"), ID3_StringCharset.charset_desc)
     charset = getCharset(self["charset"])
     yield String(self, "img_fmt", 3, charset="ASCII")
     yield Enum(UInt8(self, "pict_type"), self.pict_type_name)
     yield CString(self, "text", "Text", charset=charset, strip=" \0")
     size = (self._size - self._current_size) / 8
     if size:
         yield RawBytes(self, "img_data", size)
コード例 #11
0
 def createFields(self):
     yield Enum(UInt8(self, "charset"), self.charset_desc)
     yield String(self, "lang", 3, "Language", charset="ASCII")
     charset = getCharset(self["charset"])
     yield CString(self, "title", "Title", charset=charset, strip=self.STRIP)
     size = (self.size - self.current_size) // 8
     if not size:
         return
     yield String(self, "text", size, "Text", charset=charset, strip=self.STRIP)
コード例 #12
0
 def createFields(self):
     yield UInt16(self, "magic number")
     yield CString(self,
                   "finnigan signature",
                   "Finnigan signature (wide ASCIIZ string)",
                   charset="UTF-16-LE")  #, strip="\0")
     yield UInt16(self, "unknown short")
     yield UInt32(self, "unknown long[1]")
     yield UInt32(self, "RunHeader addr", "skips over the following list")
     yield ListOfLong(self, "unknown list")
コード例 #13
0
 def createFields(self):
     yield UInt32(self, "length", "Length of this structure")
     yield UInt32(self, "unknown[]")
     yield UInt32(self, "share_name_offset", "Offset to share name")
     yield UInt32(self, "unknown[]")
     yield UInt32(self, "unknown[]")
     padding = self.seekByte(self["share_name_offset"].value)
     if padding:
         yield padding
     yield CString(self, "share_name")
コード例 #14
0
def parseDeclareFunctionV7(parent, size):
    yield CString(parent, "name")
    argCount = UInt16(parent, "arg_count")
    yield argCount
    yield UInt8(parent, "reg_count")
    yield Bits(parent, "reserved", 7)
    yield Bit(parent, "preload_global")
    yield Bit(parent, "preload_parent")
    yield Bit(parent, "preload_root")
    yield Bit(parent, "suppress_super")
    yield Bit(parent, "preload_super")
    yield Bit(parent, "suppress_arguments")
    yield Bit(parent, "preload_arguments")
    yield Bit(parent, "suppress_this")
    yield Bit(parent, "preload_this")
    for i in range(argCount.value):
        yield UInt8(parent, "register[]")
        yield CString(parent, "arg[]")
    yield UInt16(parent, "function_length")
コード例 #15
0
ファイル: sevenzip.py プロジェクト: rikbarker/watcher 
 def createFields(self):
     yield PropID(self, "id")
     yield SZUInt64(self, "size")
     yield UInt8(self, "is_external")
     if self['is_external'].value:
         yield SZUInt64(self, "folder_data_offset",
                        "Offset to folder data within data stream")
     else:
         for index in xrange(self['../num_files'].value):
             yield CString(self, "name[%d]" % index, charset="UTF-16-LE")
コード例 #16
0
ファイル: mov.py プロジェクト: richardsonlima/Raspberry-Pwn 
 def createFields(self):
     yield textHandler(UInt8(self, "version"), hexadecimal)
     yield RawBytes(self, "flags", 3)
     yield String(self, "subtype", 8)
     yield String(self, "manufacturer", 4)
     yield UInt32(self, "res_flags")
     yield UInt32(self, "res_flags_mask")
     if self.root.is_mpeg4:
         yield CString(self, "name")
     else:
         yield PascalString8(self, "name")
コード例 #17
0
ファイル: pifv.py プロジェクト: hacker4help/The-Auto-Pentest 
    def createFields(self):
        # Header
        yield UInt24(self, "size")
        yield Enum(UInt8(self, "type"), EFI_SECTION_TYPE)
        section_type = self["type"].value

        if section_type == EFI_SECTION_COMPRESSION:
            yield UInt32(self, "uncomp_len")
            yield Enum(UInt8(self, "comp_type"), self.COMPRESSION_TYPE)
        elif section_type == EFI_SECTION_FREEFORM_SUBTYPE_GUID:
            yield GUID(self, "sub_type_guid")
        elif section_type == EFI_SECTION_GUID_DEFINED:
            yield GUID(self, "section_definition_guid")
            yield UInt16(self, "data_offset")
            yield UInt16(self, "attributes")
        elif section_type == EFI_SECTION_USER_INTERFACE:
            yield CString(self, "file_name", charset="UTF-16-LE")
        elif section_type == EFI_SECTION_VERSION:
            yield UInt16(self, "build_number")
            yield CString(self, "version", charset="UTF-16-LE")

        # Content
        content_size = (self.size - self.current_size) // 8
        if content_size == 0:
            return

        if section_type == EFI_SECTION_COMPRESSION:
            compression_type = self["comp_type"].value
            if compression_type == 1:
                while not self.eof:
                    yield RawBytes(self, "compressed_content", content_size)
            else:
                while not self.eof:
                    yield FileSection(self, "section[]")
        elif section_type == EFI_SECTION_FIRMWARE_VOLUME_IMAGE:
            yield FirmwareVolume(self, "firmware_volume")
        else:
            yield RawBytes(
                self, "content", content_size,
                EFI_SECTION_TYPE.get(self["type"].value,
                                     "Unknown Section Type"))
コード例 #18
0
ファイル: cab.py プロジェクト: hacker4help/The-Auto-Pentest 
 def createFields(self):
     yield filesizeHandler(
         UInt32(self, "filesize", "Uncompressed file size"))
     yield UInt32(self, "folder_offset",
                  "File offset in uncompressed folder")
     yield Enum(
         UInt16(self, "folder_index", "Containing folder ID (index)"), {
             0xFFFD:
             "Folder continued from previous cabinet (real folder ID = 0)",
             0xFFFE:
             "Folder continued to next cabinet (real folder ID = %i)" %
             (self["../nb_folder"].value - 1),
             0xFFFF:
             "Folder spanning previous, current and next cabinets (real folder ID = 0)"
         })
     yield DateTimeMSDOS32(self, "timestamp")
     yield CabFileAttributes(self, "attributes")
     if self["attributes/name_is_utf"].value:
         yield CString(self, "filename", charset="UTF-8")
     else:
         yield CString(self, "filename", charset="ASCII")
コード例 #19
0
ファイル: mov.py プロジェクト: pedro2d10/SickRage-FR 
 def createFields(self):
     yield UInt8(self, "version", "Version")
     yield NullBits(self, "flags", 24)
     yield String(self, "creator", 4)
     yield String(self, "subtype", 4)
     yield String(self, "manufacturer", 4)
     yield UInt32(self, "res_flags")
     yield UInt32(self, "res_flags_mask")
     if self.root.is_mpeg4:
         yield CString(self, "name", charset="UTF-8")
     else:
         yield PascalString8(self, "name")
コード例 #20
0
    def createFields(self):
        yield UInt32(self, "length", "Length of this structure")
        yield Enum(UInt32(self, "volume_type", "Volume Type"),
                   self.VOLUME_TYPE)
        yield textHandler(
            UInt32(self, "volume_serial", "Volume Serial Number"),
            formatVolumeSerial)

        yield UInt32(self, "label_offset", "Offset to volume label")
        padding = self.seekByte(self["label_offset"].value)
        if padding:
            yield padding
        yield CString(self, "drive")
コード例 #21
0
def parseTry(parent, size):
    yield Bits(parent, "reserved", 5)
    catchInReg = Bit(parent, "catch_in_register")
    yield catchInReg
    yield Bit(parent, "finally")
    yield Bit(parent, "catch")
    yield UInt8(parent, "try_size")
    yield UInt8(parent, "catch_size")
    yield UInt8(parent, "finally_size")
    if catchInReg.value:
        yield CString(parent, "name")
    else:
        yield UInt8(parent, "register")
コード例 #22
0
ファイル: pcf.py プロジェクト: hacker4help/The-Auto-Pentest 
 def createFields(self):
     yield PropertiesFormat(self, "format")
     yield UInt32(self, "nb_prop")
     properties = []
     for index in xrange(self["nb_prop"].value):
         property = Property(self, "property[]")
         yield property
         properties.append(property)
     padding = paddingSize(self.current_size // 8, 4)
     if padding:
         yield NullBytes(self, "padding", padding)
     yield UInt32(self, "total_str_length")
     properties.sort(key=lambda entry: entry["name_offset"].value)
     offset0 = self.current_size // 8
     for property in properties:
         padding = self.seekByte(offset0 + property["name_offset"].value)
         if padding:
             yield padding
         yield CString(self, "name[]", "Name of %s" % property.name)
         if property["is_string"].value:
             yield CString(self, "value[]", "Value of %s" % property.name)
     padding = (self.size - self.current_size) // 8
     if padding:
         yield NullBytes(self, "end_padding", padding)
コード例 #23
0
ファイル: pcf.py プロジェクト: hacker4help/The-Auto-Pentest 
 def createFields(self):
     yield PropertiesFormat(self, "format")
     yield UInt32(self, "count")
     offsets = []
     for index in xrange(self["count"].value):
         offset = UInt32(self, "offset[]")
         yield offset
         offsets.append(offset.value)
     yield UInt32(self, "total_str_length")
     offsets.sort()
     offset0 = self.current_size // 8
     for offset in offsets:
         padding = self.seekByte(offset0 + offset)
         if padding:
             yield padding
         yield CString(self, "name[]")
     padding = (self.size - self.current_size) // 8
     if padding:
         yield NullBytes(self, "end_padding", padding)
コード例 #24
0
    def createFields(self):
        yield UInt16(self, "size", "Node size (in bytes)")
        yield UInt16(self, "data_size")
        yield CString(self, "name", charset="ISO-8859-1")

        size = paddingSize(self.current_size//8, 4)
        if size:
            yield NullBytes(self, "padding[]", size)
        size = self["data_size"].value
        if size:
            if self["name"].value == "VS_VERSION_INFO":
                yield VersionInfoBinary(self, "value", size=size*8)
            else:
                yield String(self, "value", size, charset="ISO-8859-1")
        while 12 <= (self.size - self.current_size) // 8:
            yield NE_VersionInfoNode(self, "node[]")
        size = (self.size - self.current_size) // 8
        if size:
            yield NullBytes(self, "padding[]", size)
コード例 #25
0
def parseABC(parent, size):
    code = parent["code"].value
    if code == parent.TAG_DO_ABC_DEFINE:
        yield UInt32(parent, "action_flags")
        yield CString(parent, "action_name")
    yield UInt16(parent, "minor_version")
    yield UInt16(parent, "major_version")
    parent.isABC = True

    yield ABCConstantPool(parent, "int", FlashS32)
    yield ABCConstantPool(parent, "uint", FlashU32)
    yield ABCConstantPool(parent, "double", Float64)
    yield ABCConstantPool(parent, "string", ABCConstantString)
    yield ABCConstantPool(parent, "namespace", ABCConstantNamespace)
    yield ABCConstantPool(parent, "namespace_set", ABCConstantNamespaceSet)
    yield ABCConstantPool(parent, "multiname", ABCConstantMultiname)

    yield ABCObjectArray(parent, "method", ABCMethodInfo)
    yield ABCObjectArray(parent, "metadata", ABCMetadataInfo)
    yield ABCClassArray(parent, "class")
    yield ABCObjectArray(parent, "script", ABCScriptInfo)
    yield ABCObjectArray(parent, "body", ABCMethodBody)
コード例 #26
0
    def createFields(self):
        yield ArrayOfShort18(self, "unknown array[2]", "some data similar to ArrayOfShort44")
        yield CString(self, "unknown string[1]", "", charset="UTF-16-LE") #, strip="\0")
        yield RawBytes(self, "zero[1]", 52, "padding")

        yield UInt16(self, "unknown short[1]")
        yield UInt32(self, "unknown long[1]")
        yield Float64(self, "unknown double[%s]" % 1)
        yield UInt32(self, "unknown long[2]")
        yield UInt32(self, "unknown long[3]")
        yield Float64(self, "unknown double[%s]" % 2)
        yield UInt16(self, "unknown short[2]")
        yield UInt16(self, "unknown short[3]")
        yield UInt32(self, "unknown long[4]")
        yield Float64(self, "unknown double[%s]" % 3)
        yield Float64(self, "unknown double[%s]" % 4)
        yield Float64(self, "unknown double[%s]" % 5)

        yield Struct1(self, "Struct1")

        yield ArrayOfShort512(self, "unknown array[1]", "Contains just a few numbers that can be relevant")

        yield Float64(self, "unknown double[%s]" % 6)
コード例 #27
0
def parseDeclareDictionary(parent, size):
    count = UInt16(parent, "count")
    yield count
    for i in range(count.value):
        yield CString(parent, "dictionnary[]")
コード例 #28
0
def parseGotoLabel(parent, size):
    yield CString(parent, "label")
コード例 #29
0
def parseGetURL(parent, size):
    yield CString(parent, "url")
    yield CString(parent, "target")
コード例 #30
0
def parseSetTarget(parent, size):
    yield CString(parent, "target")