def parseDeclareFunction(parent, size): yield CString(parent, "name") argCount = UInt16(parent, "arg_count") yield argCount for i in range(argCount.value): yield CString(parent, "arg[]") yield UInt16(parent, "function_length")
def createFields(self): # Gzip header yield Bytes(self, "signature", 2, r"GZip file signature (\x1F\x8B)") yield Enum(UInt8(self, "compression", "Compression method"), self.COMPRESSION_NAME) # Flags yield Bit(self, "is_text", "File content is probably ASCII text") yield Bit(self, "has_crc16", "Header CRC16") yield Bit(self, "has_extra", "Extra informations (variable size)") yield Bit(self, "has_filename", "Contains filename?") yield Bit(self, "has_comment", "Contains comment?") yield NullBits(self, "reserved[]", 3) yield TimestampUnix32(self, "mtime", "Modification time") # Extra flags yield NullBits(self, "reserved[]", 1) yield Bit(self, "slowest", "Compressor used maximum compression (slowest)") yield Bit(self, "fastest", "Compressor used the fastest compression") yield NullBits(self, "reserved[]", 5) yield Enum(UInt8(self, "os", "Operating system"), self.os_name) # Optional fields if self["has_extra"].value: yield UInt16(self, "extra_length", "Extra length") yield RawBytes(self, "extra", self["extra_length"].value, "Extra") if self["has_filename"].value: yield CString(self, "filename", "Filename", charset="ISO-8859-1") if self["has_comment"].value: yield CString(self, "comment", "Comment") if self["has_crc16"].value: yield textHandler(UInt16(self, "hdr_crc16", "CRC16 of the header"), hexadecimal) if self._size is None: # TODO: is it possible to handle piped input? raise NotImplementedError() # Read file size = (self._size - self.current_size) // 8 - 8 # -8: crc32+size if 0 < size: if self["has_filename"].value: filename = self["filename"].value else: for tag, filename in self.stream.tags: if tag == "filename" and filename.endswith(".gz"): filename = filename[:-3] break else: filename = None yield Deflate(SubFile(self, "file", size, filename=filename)) # Footer yield textHandler( UInt32(self, "crc32", "Uncompressed data content CRC32"), hexadecimal) yield filesizeHandler(UInt32(self, "size", "Uncompressed size"))
def createFields(self): yield Enum(UInt8(self, "charset"), ID3_StringCharset.charset_desc) charset = getCharset(self["charset"]) yield CString(self, "mime", "MIME type", charset=charset) yield Enum(UInt8(self, "pict_type"), ID3_Picture23.pict_type_name) yield CString(self, "description", charset=charset) size = (self._size - self._current_size) / 8 if size: yield RawBytes(self, "img_data", size)
def createFields(self): yield UInt16(self, "length", "Length of Item ID Entry") if not self["length"].value: return yield Enum(UInt8(self, "type"),self.ITEM_TYPE) entrytype=self["type"].value if entrytype in (0x1F, 0x2E, 0x70): # GUID yield RawBytes(self, "dummy", 1, "should be 0x50") yield GUID(self, "guid") elif entrytype in (0x23, 0x25, 0x29, 0x2F): # Drive yield String(self, "drive", self["length"].value-3, strip="\0") elif entrytype in (0x30, 0x31, 0x32): yield RawBytes(self, "dummy", 1, "should be 0x00") yield UInt32(self, "size", "size of file; 0 for folders") yield DateTimeMSDOS32(self, "date_time", "File/folder date and time") yield MSDOSFileAttr16(self, "attribs", "File/folder attributes") yield CString(self, "name", "File/folder name") if self.root.hasUnicodeNames(): # Align to 2-bytes n = paddingSize(self.current_size//8, 2) if n: yield PaddingBytes(self, "pad", n) yield UInt16(self, "length_w", "Length of wide struct member") yield RawBytes(self, "unknown[]", 6) yield DateTimeMSDOS32(self, "creation_date_time", "File/folder creation date and time") yield DateTimeMSDOS32(self, "access_date_time", "File/folder last access date and time") yield RawBytes(self, "unknown[]", 4) yield CString(self, "unicode_name", "File/folder name", charset="UTF-16-LE") yield RawBytes(self, "unknown[]", 2) else: yield CString(self, "name_short", "File/folder short name") elif entrytype in (0x41, 0x42, 0x46): yield RawBytes(self, "unknown[]", 2) yield CString(self, "name") yield CString(self, "protocol") yield RawBytes(self, "unknown[]", 2) elif entrytype == 0x47: # Whole Network yield RawBytes(self, "unknown[]", 2) yield CString(self, "name") elif entrytype == 0xC3: # Network Share yield RawBytes(self, "unknown[]", 2) yield CString(self, "name") yield CString(self, "protocol") yield CString(self, "description") yield RawBytes(self, "unknown[]", 2) else: yield RawBytes(self, "raw", self["length"].value-3)
def createFields(self): yield UInt32(self, "length", "Length of this structure") if not self["length"].value: return yield UInt32(self, "first_offset_pos", "Position of first offset") has_unicode_paths = (self["first_offset_pos"].value == 0x24) yield Bit(self, "on_local_volume") yield Bit(self, "on_network_volume") yield PaddingBits(self, "reserved[]", 30) yield UInt32(self, "local_info_offset", "Offset to local volume table; only meaningful if on_local_volume = 1") yield UInt32(self, "local_pathname_offset", "Offset to local base pathname; only meaningful if on_local_volume = 1") yield UInt32(self, "remote_info_offset", "Offset to network volume table; only meaningful if on_network_volume = 1") yield UInt32(self, "pathname_offset", "Offset of remaining pathname") if has_unicode_paths: yield UInt32(self, "local_pathname_unicode_offset", "Offset to Unicode version of local base pathname; only meaningful if on_local_volume = 1") yield UInt32(self, "pathname_unicode_offset", "Offset to Unicode version of remaining pathname") if self["on_local_volume"].value: padding = self.seekByte(self["local_info_offset"].value) if padding: yield padding yield LocalVolumeTable(self, "local_volume_table", "Local Volume Table") padding = self.seekByte(self["local_pathname_offset"].value) if padding: yield padding yield CString(self, "local_base_pathname", "Local Base Pathname") if has_unicode_paths: padding = self.seekByte(self["local_pathname_unicode_offset"].value) if padding: yield padding yield CString(self, "local_base_pathname_unicode", "Local Base Pathname in Unicode", charset="UTF-16-LE") if self["on_network_volume"].value: padding = self.seekByte(self["remote_info_offset"].value) if padding: yield padding yield NetworkVolumeTable(self, "network_volume_table") padding = self.seekByte(self["pathname_offset"].value) if padding: yield padding yield CString(self, "final_pathname", "Final component of the pathname") if has_unicode_paths: padding = self.seekByte(self["pathname_unicode_offset"].value) if padding: yield padding yield CString(self, "final_pathname_unicode", "Final component of the pathname in Unicode", charset="UTF-16-LE") padding=self.seekByte(self["length"].value) if padding: yield padding
def createFields(self): yield Enum(UInt8(self, "charset"), self.charset_desc) charset = getCharset(self["charset"]) yield CString(self, "mime", "MIME type", charset=charset) yield CString(self, "filename", "File name", charset=charset) yield CString(self, "description", "Content description", charset=charset) size = (self.size - self.current_size) // 8 if not size: return yield String(self, "text", size, "Text", charset=charset)
def createFields(self): yield filesizeHandler(UInt32(self, "filesize", "Uncompressed file size")) yield UInt32(self, "offset", "File offset after decompression") yield UInt16(self, "iFolder", "file control id") yield DateTimeMSDOS32(self, "timestamp") yield MSDOSFileAttr16(self, "attributes") yield CString(self, "filename", charset="ASCII")
def createFields(self): yield UInt16(self, "size", "Node size (in bytes)") yield UInt16(self, "data_size") yield Enum(UInt16(self, "type"), self.TYPE_NAME) yield CString(self, "name", charset="UTF-16-LE") size = paddingSize(self.current_size // 8, 4) if size: yield NullBytes(self, "padding[]", size) size = self["data_size"].value if size: if self["type"].value == self.TYPE_STRING: if self.is_32bit: size *= 2 yield String(self, "value", size, charset="UTF-16-LE", truncate="\0") elif self["name"].value == "VS_VERSION_INFO": yield VersionInfoBinary(self, "value", size=size * 8) if self["value/file_flags_mask"].value == 0: self.is_32bit = False else: yield RawBytes(self, "value", size) while 12 <= (self.size - self.current_size) // 8: yield VersionInfoNode(self, "node[]", self.is_32bit) size = (self.size - self.current_size) // 8 if size: yield NullBytes(self, "padding[]", size)
def createFields(self): yield CString(self, "signature", "Photoshop version") if self["signature"].value == "Photoshop 3.0": while not self.eof: yield Photoshop8BIM(self, "item[]") else: size = (self._size - self.current_size) / 8 yield RawBytes(self, "rawdata", size)
def createFields(self): yield Enum(UInt8(self, "charset"), ID3_StringCharset.charset_desc) charset = getCharset(self["charset"]) yield String(self, "img_fmt", 3, charset="ASCII") yield Enum(UInt8(self, "pict_type"), self.pict_type_name) yield CString(self, "text", "Text", charset=charset, strip=" \0") size = (self._size - self._current_size) / 8 if size: yield RawBytes(self, "img_data", size)
def createFields(self): yield UInt32(self, "length", "Length of this structure") yield UInt32(self, "unknown[]") yield UInt32(self, "share_name_offset", "Offset to share name") yield UInt32(self, "unknown[]") yield UInt32(self, "unknown[]") padding = self.seekByte(self["share_name_offset"].value) if padding: yield padding yield CString(self, "share_name")
def createFields(self): yield UInt32(self, "length", "Length of this structure") yield Enum(UInt32(self, "volume_type", "Volume Type"),self.VOLUME_TYPE) yield textHandler(UInt32(self, "volume_serial", "Volume Serial Number"), formatVolumeSerial) yield UInt32(self, "label_offset", "Offset to volume label") padding = self.seekByte(self["label_offset"].value) if padding: yield padding yield CString(self, "drive")
def parseDeclareFunctionV7(parent, size): yield CString(parent, "name") argCount = UInt16(parent, "arg_count") yield argCount yield UInt8(parent, "reg_count") yield Bits(parent, "reserved", 7) yield Bit(parent, "preload_global") yield Bit(parent, "preload_parent") yield Bit(parent, "preload_root") yield Bit(parent, "suppress_super") yield Bit(parent, "preload_super") yield Bit(parent, "suppress_arguments") yield Bit(parent, "preload_arguments") yield Bit(parent, "suppress_this") yield Bit(parent, "preload_this") for i in range(argCount.value): yield UInt8(parent, "register[]") yield CString(parent, "arg[]") yield UInt16(parent, "function_length")
def createFields(self): yield textHandler(UInt8(self, "version"), hexadecimal) yield RawBytes(self, "flags", 3) yield String(self, "subtype", 8) yield String(self, "manufacturer", 4) yield UInt32(self, "res_flags") yield UInt32(self, "res_flags_mask") if self.root.is_mpeg4: yield CString(self, "name") else: yield PascalString8(self, "name")
def createFields(self): # Header yield UInt24(self, "size") yield Enum(UInt8(self, "type"), EFI_SECTION_TYPE) section_type = self["type"].value if section_type == EFI_SECTION_COMPRESSION: yield UInt32(self, "uncomp_len") yield Enum(UInt8(self, "comp_type"), self.COMPRESSION_TYPE) elif section_type == EFI_SECTION_FREEFORM_SUBTYPE_GUID: yield GUID(self, "sub_type_guid") elif section_type == EFI_SECTION_GUID_DEFINED: yield GUID(self, "section_definition_guid") yield UInt16(self, "data_offset") yield UInt16(self, "attributes") elif section_type == EFI_SECTION_USER_INTERFACE: yield CString(self, "file_name", charset="UTF-16-LE") elif section_type == EFI_SECTION_VERSION: yield UInt16(self, "build_number") yield CString(self, "version", charset="UTF-16-LE") # Content content_size = (self.size - self.current_size) // 8 if content_size == 0: return if section_type == EFI_SECTION_COMPRESSION: compression_type = self["comp_type"].value if compression_type == 1: while not self.eof: yield RawBytes(self, "compressed_content", content_size) else: while not self.eof: yield FileSection(self, "section[]") elif section_type == EFI_SECTION_FIRMWARE_VOLUME_IMAGE: yield FirmwareVolume(self, "firmware_volume") else: yield RawBytes( self, "content", content_size, EFI_SECTION_TYPE.get(self["type"].value, "Unknown Section Type"))
def parseTry(parent, size): yield Bits(parent, "reserved", 5) catchInReg = Bit(parent, "catch_in_register") yield catchInReg yield Bit(parent, "finally") yield Bit(parent, "catch") yield UInt8(parent, "try_size") yield UInt8(parent, "catch_size") yield UInt8(parent, "finally_size") if catchInReg.value: yield CString(parent, "name") else: yield UInt8(parent, "register")
def createFields(self): yield PropertiesFormat(self, "format") yield UInt32(self, "nb_prop") properties = [] for index in xrange(self["nb_prop"].value): property = Property(self, "property[]") yield property properties.append(property) padding = paddingSize(self.current_size // 8, 4) if padding: yield NullBytes(self, "padding", padding) yield UInt32(self, "total_str_length") properties.sort(key=lambda entry: entry["name_offset"].value) offset0 = self.current_size // 8 for property in properties: padding = self.seekByte(offset0 + property["name_offset"].value) if padding: yield padding yield CString(self, "name[]", "Name of %s" % property.name) if property["is_string"].value: yield CString(self, "value[]", "Value of %s" % property.name) padding = (self.size - self.current_size) // 8 if padding: yield NullBytes(self, "end_padding", padding)
def createFields(self): yield Enum(UInt8(self, "charset"), self.charset_desc) yield String(self, "lang", 3, "Language", charset="ASCII") charset = getCharset(self["charset"]) yield CString(self, "title", "Title", charset=charset, strip=self.STRIP) size = (self.size - self.current_size) // 8 if not size: return yield String(self, "text", size, "Text", charset=charset, strip=self.STRIP)
def createFields(self): yield UInt16(self, "size", "Node size (in bytes)") yield UInt16(self, "data_size") yield CString(self, "name", charset="ISO-8859-1") size = paddingSize(self.current_size // 8, 4) if size: yield NullBytes(self, "padding[]", size) size = self["data_size"].value if size: if self["name"].value == "VS_VERSION_INFO": yield VersionInfoBinary(self, "value", size=size * 8) else: yield String(self, "value", size, charset="ISO-8859-1") while 12 <= (self.size - self.current_size) // 8: yield NE_VersionInfoNode(self, "node[]") size = (self.size - self.current_size) // 8 if size: yield NullBytes(self, "padding[]", size)
def createFields(self): yield PropertiesFormat(self, "format") yield UInt32(self, "count") offsets = [] for index in xrange(self["count"].value): offset = UInt32(self, "offset[]") yield offset offsets.append(offset.value) yield UInt32(self, "total_str_length") offsets.sort() offset0 = self.current_size // 8 for offset in offsets: padding = self.seekByte(offset0 + offset) if padding: yield padding yield CString(self, "name[]") padding = (self.size - self.current_size) // 8 if padding: yield NullBytes(self, "end_padding", padding)
def createFields(self): yield UInt32(self, "length", "Length of this structure") if not self["length"].value: return yield Enum( textHandler( UInt32(self, "signature", "Signature determining the function of this structure"), hexadecimal), self.INFO_TYPE) if self["signature"].value == 0xA0000003: # Hostname and Other Stuff yield UInt32(self, "remaining_length") yield UInt32(self, "unknown[]") yield String( self, "hostname", 16, "Computer hostname on which shortcut was last modified", strip="\0") yield RawBytes(self, "unknown[]", 32) yield RawBytes(self, "unknown[]", 32) elif self["signature"].value == 0xA0000005: # Special Folder Info yield Enum( UInt32(self, "special_folder_id", "ID of the special folder"), self.SPECIAL_FOLDER) yield UInt32(self, "offset", "Offset to Item ID entry") elif self["signature"].value in (0xA0000001, 0xA0000006, 0xA0000007): if self["signature"].value == 0xA0000001: # Link Target Information object_name = "target" elif self[ "signature"].value == 0xA0000006: # DarwinID (Windows Installer ID) Information object_name = "darwinID" else: # Custom Icon Details object_name = "icon_path" yield CString(self, object_name, "Data (ASCII format)", charset="ASCII") remaining = self[ "length"].value - self.current_size / 8 - 260 * 2 # 260*2 = size of next part if remaining: yield RawBytes(self, "slack_space[]", remaining, "Data beyond end of string") yield CString(self, object_name + '_unicode', "Data (Unicode format)", charset="UTF-16-LE", truncate="\0") remaining = self["length"].value - self.current_size / 8 if remaining: yield RawBytes(self, "slack_space[]", remaining, "Data beyond end of string") elif self["signature"].value == 0xA0000002: # Console Window Properties yield ColorTableIndex(self, "color_text", 4, "Screen text color index") yield ColorTableIndex(self, "color_bg", 4, "Screen background color index") yield NullBytes(self, "reserved[]", 1) yield ColorTableIndex(self, "color_popup_text", 4, "Pop-up text color index") yield ColorTableIndex(self, "color_popup_bg", 4, "Pop-up background color index") yield NullBytes(self, "reserved[]", 1) yield UInt16(self, "buffer_width", "Screen buffer width (character cells)") yield UInt16(self, "buffer_height", "Screen buffer height (character cells)") yield UInt16(self, "window_width", "Window width (character cells)") yield UInt16(self, "window_height", "Window height (character cells)") yield UInt16(self, "position_left", "Window distance from left edge (screen coords)") yield UInt16(self, "position_top", "Window distance from top edge (screen coords)") yield UInt32(self, "font_number") yield UInt32(self, "input_buffer_size") yield UInt16(self, "font_width", "Font width in pixels; 0 for a non-raster font") yield UInt16( self, "font_height", "Font height in pixels; equal to the font size for non-raster fonts" ) yield UInt32(self, "font_family") yield UInt32(self, "font_weight") yield String(self, "font_name_unicode", 64, "Font Name (Unicode format)", charset="UTF-16-LE", truncate="\0") yield UInt32(self, "cursor_size", "Relative size of cursor (% of character size)") yield Enum( UInt32(self, "full_screen", "Run console in full screen?"), self.BOOL_ENUM) yield Enum( UInt32( self, "quick_edit", "Console uses quick-edit feature (using mouse to cut & paste)?" ), self.BOOL_ENUM) yield Enum( UInt32(self, "insert_mode", "Console uses insertion mode?"), self.BOOL_ENUM) yield Enum( UInt32(self, "auto_position", "System automatically positions window?"), self.BOOL_ENUM) yield UInt32(self, "history_size", "Size of the history buffer (in lines)") yield UInt32( self, "history_count", "Number of history buffers (each process gets one up to this limit)" ) yield Enum( UInt32( self, "history_no_dup", "Automatically eliminate duplicate lines in the history buffer?" ), self.BOOL_ENUM) for index in xrange(16): yield ColorRef(self, "color[]") elif self["signature"].value == 0xA0000004: # Console Codepage Information yield UInt32(self, "codepage", "Console's code page") else: yield RawBytes(self, "raw", self["length"].value - self.current_size / 8)
def textParse(parent): yield CString(parent, "keyword", "Keyword", charset="ISO-8859-1") length = parent["size"].value - parent["keyword"].size/8 if length: yield String(parent, "text", length, "Text", charset="ISO-8859-1")
def createFields(self): yield UInt16(self, "object_id") yield CString(self, "name")
def parseGotoLabel(parent, size): yield CString(parent, "label")
def readMaterialName(parent): yield CString(parent, "name", "Material name")
def readTextureFilename(parent): yield CString(parent, "filename", "Texture filename")
def readObject(parent): yield CString(parent, "name", "Object name") size = parent["size"].value * 8 while parent.current_size < size: yield Chunk(parent, "chunk[]")
def parseGetURL(parent, size): yield CString(parent, "url") yield CString(parent, "target")
def parseSetTarget(parent, size): yield CString(parent, "target")
def parseDeclareDictionnary(parent, size): count = UInt16(parent, "count") yield count for i in range(count.value): yield CString(parent, "dictionnary[]")