def GetFormatSpecification(cls):
"""Retrieves the format specification.
Returns:
FormatSpecification: format specification.
"""
format_specification = specification.FormatSpecification(cls.NAME)
format_specification.AddNewSignature(b'BAAD', offset=0)
format_specification.AddNewSignature(b'FILE', offset=0)
return format_specification
def GetFormatSpecification(cls):
"""Retrieves the format specification.
Returns:
FormatSpecification: format specification.
"""
format_specification = specification.FormatSpecification(cls.NAME)
format_specification.AddNewSignature(b'SCCA', offset=4)
format_specification.AddNewSignature(b'MAM\x04', offset=0)
return format_specification
def GetFormatSpecification(cls):
"""Retrieves the format specification.
Returns:
FormatSpecification: format specification.
"""
format_specification = specification.FormatSpecification(cls.NAME)
format_specification.AddNewSignature(cls._DLS_V1_SIGNATURE, offset=0)
format_specification.AddNewSignature(cls._DLS_V2_SIGNATURE, offset=0)
return format_specification
def GetFormatSpecification(cls):
"""Retrieves the format specification.
Returns:
FormatSpecification: format specification.
"""
format_specification = specification.FormatSpecification(cls.NAME)
format_specification.AddNewSignature(
b'Client\x20UrlCache\x20MMF\x20Ver\x20', offset=0)
return format_specification
def GetFormatSpecification(cls):
"""Retrieves the format specification.
Returns:
FormatSpecification: format specification.
"""
format_specification = specification.FormatSpecification(cls.NAME)
format_specification.AddNewSignature(
b'\x02\xE9\xC7\x43\xEF\xCD\xAB\x89', offset=0)
return format_specification
def GetFormatSpecification(cls):
"""Retrieves the format specification.
Returns:
FormatSpecification: format specification.
"""
format_specification = specification.FormatSpecification(cls.NAME)
format_specification.AddNewSignature(
b'\x01\x14\x02\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x46',
offset=4)
return format_specification
def GetFormatSpecification(cls):
"""Retrieves the format specification."""
format_specification = specification.FormatSpecification(cls.NAME)
# OLECF
format_specification.AddNewSignature(
b'\xd0\xcf\x11\xe0\xa1\xb1\x1a\xe1', offset=0)
# OLECF beta
format_specification.AddNewSignature(
b'\x0e\x11\xfc\x0d\xd0\xcf\x11\x0e', offset=0)
return format_specification
def _ReadSpecificationFile(self, path):
"""Reads the format specification file.
Args:
path (str): path of the format specification file.
Returns:
FormatSpecificationStore: format specification store.
"""
specification_store = specification.FormatSpecificationStore()
with io.open(
path, 'rt',
encoding=self._SPECIFICATION_FILE_ENCODING) as file_object:
for line in file_object.readlines():
line = line.strip()
if not line or line.startswith('#'):
continue
try:
identifier, offset, pattern = line.split()
except ValueError:
logger.error('[skipping] invalid line: {0:s}'.format(line))
continue
try:
offset = int(offset, 10)
except ValueError:
logger.error(
'[skipping] invalid offset in line: {0:s}'.format(
line))
continue
try:
# TODO: find another way to do this that doesn't use an undocumented
# API.
pattern = codecs.escape_decode(pattern)[0]
# ValueError is raised when the patterns contains invalid escaped
# characters, such as "\xg1".
except ValueError:
logger.error(
'[skipping] invalid pattern in line: {0:s}'.format(
line))
continue
format_specification = specification.FormatSpecification(
identifier)
format_specification.AddNewSignature(pattern, offset=offset)
specification_store.AddSpecification(format_specification)
return specification_store
def ReadSpecificationFile(self, path):
"""Reads the format specification file.
Args:
path: the path of the format specification file.
Returns:
The format specification store (instance of FormatSpecificationStore).
"""
specification_store = specification.FormatSpecificationStore()
with open(path, 'rb') as file_object:
for line in file_object.readlines():
line = line.strip()
if not line or line.startswith(b'#'):
continue
try:
identifier, offset, pattern = line.split()
except ValueError:
logging.error(u'[skipping] invalid line: {0:s}'.format(
line.decode(u'utf-8')))
continue
try:
offset = int(offset, 10)
except ValueError:
logging.error(
u'[skipping] invalid offset in line: {0:s}'.format(
line.decode(u'utf-8')))
continue
try:
pattern = pattern.decode(u'string_escape')
# ValueError is raised e.g. when the patterns contains "\xg1".
except ValueError:
logging.error(
u'[skipping] invalid pattern in line: {0:s}'.format(
line.decode(u'utf-8')))
continue
format_specification = specification.FormatSpecification(
identifier)
format_specification.AddNewSignature(pattern, offset=offset)
specification_store.AddSpecification(format_specification)
return specification_store
def GetFormatSpecification(cls):
"""Retrieves the format specification."""
format_specification = specification.FormatSpecification(cls.NAME)
format_specification.AddNewSignature(b'SQLite format 3', offset=0)
return format_specification
def GetFormatSpecification(cls):
"""Retrieves the format specification."""
format_specification = specification.FormatSpecification(cls.NAME)
format_specification.AddNewSignature(b'\xef\xcd\xab\x89', offset=4)
return format_specification
def GetFormatSpecification(cls): """Retrieves the format specification.""" format_specification = specification.FormatSpecification(cls.NAME) format_specification.AddNewSignature(cls._FILE_SIGNATURE, offset=4) return format_specification
