def __init__(self): super(DNetTableRow_Module, self).__init__() self.Generation = vp.v_uint16() self.Name = vp.v_uint16() self.Mvid = vp.v_uint16() self.EncId = vp.v_uint16() self.EncBaseId = vp.v_uint16()
def __init__(self): super(DNetMetaDataHeader, self).__init__() self.Signature = vp.v_uint32() self.nMajor = vp.v_uint16() self.nMinor = vp.v_uint16() self.reserved = vp.v_uint32() self.nVersionLength = vp.v_uint32()
def __init__(self, page): vstruct.VStruct.__init__(self) self.page = page self.key_length = v_uint16() self.key = v_bytes() self.value_length = v_uint16() self.value = v_bytes()
def __init__(self): super(DNetDirectory, self).__init__() self.cb = vp.v_uint32() self.nMajor = vp.v_uint16() self.nMinor = vp.v_uint16() self.nMetaDataRVA = vp.v_uint32() self.nMetaDataSize = vp.v_uint32()
def __init__(self): vstruct.VStruct.__init__(self) # list of offsets to section headers. # order should line up with the SECTIONS definition (see below). self.offsets = [] # list of checksums of sections. # order should line up with the SECTIONS definition. self.checksums = [] self.signature = v_bytes(size=0x4) # IDA1 | IDA2 self.unk04 = v_uint16() self.offset1 = v_uint64() self.offset2 = v_uint64() self.unk16 = v_uint32() self.sig2 = v_uint32() # | DD CC BB AA | self.version = v_uint16() self.offset3 = v_uint64() self.offset4 = v_uint64() self.offset5 = v_uint64() self.checksum1 = v_uint32() self.checksum2 = v_uint32() self.checksum3 = v_uint32() self.checksum4 = v_uint32() self.checksum5 = v_uint32() self.offset6 = v_uint64() self.checksum6 = v_uint32()
def __init__(self): super(DNetTableRow_MethodDef, self).__init__() self.RVA = vp.v_uint32() self.ImplFlags = vp.v_uint16() self.Flags = vp.v_uint16() self.Name = vp.v_uint16() self.Signature = vp.v_uint16() self.ParamList = vp.v_uint16()
def __init__(self): super(DNetTableRow_TypeDef, self).__init__() self.Flags = vp.v_uint32() self.Name = vp.v_uint16() self.Namspace = vp.v_uint16() self.Extends = vp.v_uint16() self.FieldList = vp.v_uint16() self.MethodList = vp.v_uint16()
def __init__(self, wordsize): vstruct.VStruct.__init__(self) if wordsize == 4: v_word = v_uint32 elif wordsize == 8: v_word = v_uint64 else: raise ValueError('unexpected wordsize') """ v7.0: nodeid: ff000002 tag: S index: 0x41b994 00000000: 69 64 61 00 BC 02 6D 65 74 61 70 63 00 00 00 00 ida...metapc.... 00000010: 00 00 00 00 00 00 A3 00 0B 02 00 00 14 00 00 00 ................ 00000020: 0B 00 00 00 00 00 00 00 F7 FF FF DF 03 00 00 00 ................ 00000030: 00 00 00 00 FF FF FF FF 01 00 00 00 95 16 90 68 ...............h 00000040: 95 16 90 68 FF FF FF FF FF FF FF FF 00 10 90 68 ...h...........h 00000050: 30 E2 9D 68 00 10 90 68 30 E2 9D 68 00 10 90 68 0..h...h0..h...h 00000060: 00 70 9E 68 10 00 00 00 00 00 00 FF 00 00 10 FF .p.h............ 00000070: 00 00 00 00 00 02 01 0F 0F 00 40 40 00 00 00 00 ..........@@.... 00000080: 00 00 00 00 00 00 00 00 00 00 02 06 67 BE A3 0E ............g... 00000090: 07 00 40 06 00 07 00 18 28 00 50 00 54 03 00 00 ..@.....(.P.T... 000000A0: 01 00 00 00 01 1B 0A 00 00 00 00 00 61 00 00 00 ............a... 000000B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000000C0: 07 00 00 00 00 01 33 04 01 04 00 02 04 08 08 00 ......3......... 000000D0: 00 00 00 00 00 00 00 00 ........ v6.95: 00000000: 49 44 41 B7 02 6D 65 74 61 70 63 00 00 23 00 0B IDA..metapc..#.. 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF ................ 00000020: FF FF FF 95 16 90 68 95 16 90 68 00 10 90 68 30 ......h...h...h0 00000030: E2 9D 68 00 10 90 68 30 E2 9D 68 00 10 90 68 00 ..h...h0..h...h. 00000040: 70 9E 68 10 00 00 00 0A 00 00 18 00 01 00 00 02 p.h............. 00000050: 01 01 00 01 02 01 01 00 00 00 00 00 0F 08 00 09 ................ 00000060: 06 00 01 01 1B 07 61 00 00 00 00 00 00 00 00 00 ......a......... 00000070: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 ................ 00000080: 01 01 FF FF FF FF 01 00 00 00 FF FF FF FF 67 BE ..............g. 00000090: A3 0E 07 00 40 06 07 00 00 00 00 00 00 00 FD BF ....@........... 000000A0: 0F 00 28 00 50 00 40 40 00 00 00 00 00 00 00 00 ..(.P.@@........ 000000B0: 00 00 00 00 00 00 02 01 33 04 01 04 00 02 04 08 ........3....... 000000C0: 14 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 ................ 000000D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ................ 000000E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000000F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ """ self.tag = v_str(size=0x3) # 'IDA' below 7.0, 'ida' in 7.0 self.zero = v_bytes(size=0x0) self.version = v_uint16() self.procname_size = v_bytes(size=0x0) # 8 bytes for < 7.0 # 16 bytes for >= 7.0 self.procname = v_str(size=0x10) self.lflags = v_uint8() self.demnames = v_uint8() self.filetype = v_uint16()
def __init__(self, key, common_prefix): vstruct.VStruct.__init__(self) self.pkey = key self.common_prefix = common_prefix self.key_length = v_uint16() self._key = v_bytes() self.value_length = v_uint16() self.value = v_bytes() self.key = None
def vsParse(self, bytez, offset, fast=True): super(DNetMetaDataHeader, self).vsParse(bytez, offset, fast) here = 0x10 + offset version_end_offset = here + self.nVersionLength sVersion = bytez[here:version_end_offset] self.sVersion = vp.v_str(len(sVersion)) self.sVersion = sVersion sFlags = bytez[version_end_offset:version_end_offset + 2] self.nFlags = vp.v_uint16(struct.unpack("<H", sFlags)[0]) sNumberOfStreams = bytez[version_end_offset + 2:version_end_offset + 4] self.nNumberOfSteams = vp.v_uint16( struct.unpack("<H", sNumberOfStreams)[0])
def __init__(self, wordsize): vstruct.VStruct.__init__(self) # sizeof() == 0xB (fixed) # possible values: 0x0 - 0xC. top bit has some meaning. self.type = v_uint8() self.unk01 = v_uint16() # this might be the segment index + 1? if wordsize == 4: self.offset = v_uint32() self.unk07 = v_uint32() elif wordsize == 8: self.unk03 = v_uint32() self.unk07 = v_uint16() self.offset = v_uint64() else: raise ValueError('unexpected wordsize')
def __init__(self, page_size): vstruct.VStruct.__init__(self) self.ppointer = v_uint32() self.entry_count = v_uint16() self.contents = v_bytes(page_size) # ordered cache of entries, once loaded. self._entries = []
def __init__(self): VStruct.__init__(self) self.a = v_uint8() self.b = v_uint16() self.c = v_uint32() self.d = v_uint8() self.e = VArray((v_uint32(), v_uint32(), v_uint32(), v_uint32()))
def __init__(self): vstruct.VStruct.__init__(self) # sizeof() == 0xB (fixed) self.type = v_uint8() # possible values: 0x0 - 0xC. top bit has some meaning. self.unk01 = v_uint16() # this might be the segment index + 1? self.offset = v_uint32() self.unk07 = v_uint32()
def __init__(self): VStruct.__init__(self) self.a = v_uint8() self.b = v_uint16() self.c = v_uint32() self.d = v_uint8() self.e = VArray( (v_uint32(), v_uint32(), v_uint32(), v_uint32()))
def __init__(self, buf, wordsize): vstruct.VStruct.__init__(self) self.buf = memoryview(buf) self.wordsize = wordsize self.next_free_offset = v_uint32() self.page_size = v_uint16() self.root_page = v_uint32() self.record_count = v_uint32() self.page_count = v_uint32() self.unk12 = v_uint8() self.signature = v_bytes(size=0x09)
def __init__(self): vstruct.VStruct.__init__(self) self.common_prefix = v_uint16() self.unk02 = v_uint16() self.offset = v_uint16()
def __init__(self): vstruct.VStruct.__init__(self) self.page = v_uint32() self.offset = v_uint16()
def __init__(self): super(DNetTableRow_Field, self).__init__() self.Flags = vp.v_uint16() self.Name = vp.v_uint16() self.Signature = vp.v_uint16()
def __init__(self): super(DNetTableRow_TypeRef, self).__init__() self.ResolutionScope = vp.v_uint16() self.Name = vp.v_uint16() self.Namespace = vp.v_uint16()