def parseDeclareFunction(parent, size):
    yield CString(parent, "name")
    argCount = UInt16(parent, "arg_count")
    yield argCount
    for i in range(argCount.value):
        yield CString(parent, "arg[]")
    yield UInt16(parent, "function_length")
    def createFields(self):
        # Gzip header
        yield Bytes(self, "signature", 2, r"GZip file signature (\x1F\x8B)")
        yield Enum(UInt8(self, "compression", "Compression method"),

        # Flags
        yield Bit(self, "is_text", "File content is probably ASCII text")
        yield Bit(self, "has_crc16", "Header CRC16")
        yield Bit(self, "has_extra", "Extra informations (variable size)")
        yield Bit(self, "has_filename", "Contains filename?")
        yield Bit(self, "has_comment", "Contains comment?")
        yield NullBits(self, "reserved[]", 3)
        yield TimestampUnix32(self, "mtime", "Modification time")

        # Extra flags
        yield NullBits(self, "reserved[]", 1)
        yield Bit(self, "slowest",
                  "Compressor used maximum compression (slowest)")
        yield Bit(self, "fastest", "Compressor used the fastest compression")
        yield NullBits(self, "reserved[]", 5)
        yield Enum(UInt8(self, "os", "Operating system"), self.os_name)

        # Optional fields
        if self["has_extra"].value:
            yield UInt16(self, "extra_length", "Extra length")
            yield RawBytes(self, "extra", self["extra_length"].value, "Extra")
        if self["has_filename"].value:
            yield CString(self, "filename", "Filename", charset="ISO-8859-1")
        if self["has_comment"].value:
            yield CString(self, "comment", "Comment")
        if self["has_crc16"].value:
            yield textHandler(UInt16(self, "hdr_crc16", "CRC16 of the header"),

        if self._size is None:  # TODO: is it possible to handle piped input?
            raise NotImplementedError()

        # Read file
        size = (self._size - self.current_size) // 8 - 8  # -8: crc32+size
        if 0 < size:
            if self["has_filename"].value:
                filename = self["filename"].value
                for tag, filename in
                    if tag == "filename" and filename.endswith(".gz"):
                        filename = filename[:-3]
                    filename = None
            yield Deflate(SubFile(self, "file", size, filename=filename))

        # Footer
        yield textHandler(
            UInt32(self, "crc32", "Uncompressed data content CRC32"),
        yield filesizeHandler(UInt32(self, "size", "Uncompressed size"))
Exemplo n.º 3
 def createFields(self):
     yield Enum(UInt8(self, "charset"), ID3_StringCharset.charset_desc)
     charset = getCharset(self["charset"])
     yield CString(self, "mime", "MIME type", charset=charset)
     yield Enum(UInt8(self, "pict_type"), ID3_Picture23.pict_type_name)
     yield CString(self, "description", charset=charset)
     size = (self._size - self._current_size) / 8
     if size:
         yield RawBytes(self, "img_data", size)
Exemplo n.º 4
    def createFields(self):
        yield UInt16(self, "length", "Length of Item ID Entry")
        if not self["length"].value:

        yield Enum(UInt8(self, "type"),self.ITEM_TYPE)
        if entrytype in (0x1F, 0x2E, 0x70):
            # GUID
            yield RawBytes(self, "dummy", 1, "should be 0x50")
            yield GUID(self, "guid")

        elif entrytype in (0x23, 0x25, 0x29, 0x2F):
            # Drive
            yield String(self, "drive", self["length"].value-3, strip="\0")

        elif entrytype in (0x30, 0x31, 0x32):
            yield RawBytes(self, "dummy", 1, "should be 0x00")
            yield UInt32(self, "size", "size of file; 0 for folders")
            yield DateTimeMSDOS32(self, "date_time", "File/folder date and time")
            yield MSDOSFileAttr16(self, "attribs", "File/folder attributes")
            yield CString(self, "name", "File/folder name")
            if self.root.hasUnicodeNames():
                # Align to 2-bytes
                n = paddingSize(self.current_size//8, 2)
                if n:
                    yield PaddingBytes(self, "pad", n)

                yield UInt16(self, "length_w", "Length of wide struct member")
                yield RawBytes(self, "unknown[]", 6)
                yield DateTimeMSDOS32(self, "creation_date_time", "File/folder creation date and time")
                yield DateTimeMSDOS32(self, "access_date_time", "File/folder last access date and time")
                yield RawBytes(self, "unknown[]", 4)
                yield CString(self, "unicode_name", "File/folder name", charset="UTF-16-LE")
                yield RawBytes(self, "unknown[]", 2)
                yield CString(self, "name_short", "File/folder short name")

        elif entrytype in (0x41, 0x42, 0x46):
            yield RawBytes(self, "unknown[]", 2)
            yield CString(self, "name")
            yield CString(self, "protocol")
            yield RawBytes(self, "unknown[]", 2)

        elif entrytype == 0x47:
            # Whole Network
            yield RawBytes(self, "unknown[]", 2)
            yield CString(self, "name")

        elif entrytype == 0xC3:
            # Network Share
            yield RawBytes(self, "unknown[]", 2)
            yield CString(self, "name")
            yield CString(self, "protocol")
            yield CString(self, "description")
            yield RawBytes(self, "unknown[]", 2)

            yield RawBytes(self, "raw", self["length"].value-3)
Exemplo n.º 5
    def createFields(self):
        yield UInt32(self, "length", "Length of this structure")
        if not self["length"].value:

        yield UInt32(self, "first_offset_pos", "Position of first offset")
        has_unicode_paths = (self["first_offset_pos"].value == 0x24)
        yield Bit(self, "on_local_volume")
        yield Bit(self, "on_network_volume")
        yield PaddingBits(self, "reserved[]", 30)
        yield UInt32(self, "local_info_offset", "Offset to local volume table; only meaningful if on_local_volume = 1")
        yield UInt32(self, "local_pathname_offset", "Offset to local base pathname; only meaningful if on_local_volume = 1")
        yield UInt32(self, "remote_info_offset", "Offset to network volume table; only meaningful if on_network_volume = 1")
        yield UInt32(self, "pathname_offset", "Offset of remaining pathname")
        if has_unicode_paths:
            yield UInt32(self, "local_pathname_unicode_offset", "Offset to Unicode version of local base pathname; only meaningful if on_local_volume = 1")
            yield UInt32(self, "pathname_unicode_offset", "Offset to Unicode version of remaining pathname")
        if self["on_local_volume"].value:
            padding = self.seekByte(self["local_info_offset"].value)
            if padding:
                yield padding
            yield LocalVolumeTable(self, "local_volume_table", "Local Volume Table")

            padding = self.seekByte(self["local_pathname_offset"].value)
            if padding:
                yield padding
            yield CString(self, "local_base_pathname", "Local Base Pathname")
            if has_unicode_paths:
                padding = self.seekByte(self["local_pathname_unicode_offset"].value)
                if padding:
                    yield padding
                yield CString(self, "local_base_pathname_unicode", "Local Base Pathname in Unicode", charset="UTF-16-LE")

        if self["on_network_volume"].value:
            padding = self.seekByte(self["remote_info_offset"].value)
            if padding:
                yield padding
            yield NetworkVolumeTable(self, "network_volume_table")

        padding = self.seekByte(self["pathname_offset"].value)
        if padding:
            yield padding
        yield CString(self, "final_pathname", "Final component of the pathname")

        if has_unicode_paths:
            padding = self.seekByte(self["pathname_unicode_offset"].value)
            if padding:
                yield padding
            yield CString(self, "final_pathname_unicode", "Final component of the pathname in Unicode", charset="UTF-16-LE")

        if padding:
            yield padding
Exemplo n.º 6
 def createFields(self):
     yield Enum(UInt8(self, "charset"), self.charset_desc)
     charset = getCharset(self["charset"])
     yield CString(self, "mime", "MIME type", charset=charset)
     yield CString(self, "filename", "File name", charset=charset)
     yield CString(self,
                   "Content description",
     size = (self.size - self.current_size) // 8
     if not size:
     yield String(self, "text", size, "Text", charset=charset)
Exemplo n.º 7
 def createFields(self):
     yield filesizeHandler(UInt32(self, "filesize", "Uncompressed file size"))
     yield UInt32(self, "offset", "File offset after decompression")
     yield UInt16(self, "iFolder", "file control id")
     yield DateTimeMSDOS32(self, "timestamp")
     yield MSDOSFileAttr16(self, "attributes")
     yield CString(self, "filename", charset="ASCII")
Exemplo n.º 8
    def createFields(self):
        yield UInt16(self, "size", "Node size (in bytes)")
        yield UInt16(self, "data_size")
        yield Enum(UInt16(self, "type"), self.TYPE_NAME)
        yield CString(self, "name", charset="UTF-16-LE")

        size = paddingSize(self.current_size // 8, 4)
        if size:
            yield NullBytes(self, "padding[]", size)
        size = self["data_size"].value
        if size:
            if self["type"].value == self.TYPE_STRING:
                if self.is_32bit:
                    size *= 2
                yield String(self,
            elif self["name"].value == "VS_VERSION_INFO":
                yield VersionInfoBinary(self, "value", size=size * 8)
                if self["value/file_flags_mask"].value == 0:
                    self.is_32bit = False
                yield RawBytes(self, "value", size)
        while 12 <= (self.size - self.current_size) // 8:
            yield VersionInfoNode(self, "node[]", self.is_32bit)
        size = (self.size - self.current_size) // 8
        if size:
            yield NullBytes(self, "padding[]", size)
Exemplo n.º 9
 def createFields(self):
     yield CString(self, "signature", "Photoshop version")
     if self["signature"].value == "Photoshop 3.0":
         while not self.eof:
             yield Photoshop8BIM(self, "item[]")
         size = (self._size - self.current_size) / 8
         yield RawBytes(self, "rawdata", size)
Exemplo n.º 10
 def createFields(self):
     yield Enum(UInt8(self, "charset"), ID3_StringCharset.charset_desc)
     charset = getCharset(self["charset"])
     yield String(self, "img_fmt", 3, charset="ASCII")
     yield Enum(UInt8(self, "pict_type"), self.pict_type_name)
     yield CString(self, "text", "Text", charset=charset, strip=" \0")
     size = (self._size - self._current_size) / 8
     if size:
         yield RawBytes(self, "img_data", size)
Exemplo n.º 11
 def createFields(self):
     yield UInt32(self, "length", "Length of this structure")
     yield UInt32(self, "unknown[]")
     yield UInt32(self, "share_name_offset", "Offset to share name")
     yield UInt32(self, "unknown[]")
     yield UInt32(self, "unknown[]")
     padding = self.seekByte(self["share_name_offset"].value)
     if padding:
         yield padding
     yield CString(self, "share_name")
Exemplo n.º 12
    def createFields(self):
        yield UInt32(self, "length", "Length of this structure")
        yield Enum(UInt32(self, "volume_type", "Volume Type"),self.VOLUME_TYPE)
        yield textHandler(UInt32(self, "volume_serial", "Volume Serial Number"), formatVolumeSerial)

        yield UInt32(self, "label_offset", "Offset to volume label")
        padding = self.seekByte(self["label_offset"].value)
        if padding:
            yield padding
        yield CString(self, "drive")
def parseDeclareFunctionV7(parent, size):
    yield CString(parent, "name")
    argCount = UInt16(parent, "arg_count")
    yield argCount
    yield UInt8(parent, "reg_count")
    yield Bits(parent, "reserved", 7)
    yield Bit(parent, "preload_global")
    yield Bit(parent, "preload_parent")
    yield Bit(parent, "preload_root")
    yield Bit(parent, "suppress_super")
    yield Bit(parent, "preload_super")
    yield Bit(parent, "suppress_arguments")
    yield Bit(parent, "preload_arguments")
    yield Bit(parent, "suppress_this")
    yield Bit(parent, "preload_this")
    for i in range(argCount.value):
        yield UInt8(parent, "register[]")
        yield CString(parent, "arg[]")
    yield UInt16(parent, "function_length")
Exemplo n.º 14
 def createFields(self):
     yield textHandler(UInt8(self, "version"), hexadecimal)
     yield RawBytes(self, "flags", 3)
     yield String(self, "subtype", 8)
     yield String(self, "manufacturer", 4)
     yield UInt32(self, "res_flags")
     yield UInt32(self, "res_flags_mask")
     if self.root.is_mpeg4:
         yield CString(self, "name")
         yield PascalString8(self, "name")
Exemplo n.º 15
    def createFields(self):
        # Header
        yield UInt24(self, "size")
        yield Enum(UInt8(self, "type"), EFI_SECTION_TYPE)
        section_type = self["type"].value

        if section_type == EFI_SECTION_COMPRESSION:
            yield UInt32(self, "uncomp_len")
            yield Enum(UInt8(self, "comp_type"), self.COMPRESSION_TYPE)
        elif section_type == EFI_SECTION_FREEFORM_SUBTYPE_GUID:
            yield GUID(self, "sub_type_guid")
        elif section_type == EFI_SECTION_GUID_DEFINED:
            yield GUID(self, "section_definition_guid")
            yield UInt16(self, "data_offset")
            yield UInt16(self, "attributes")
        elif section_type == EFI_SECTION_USER_INTERFACE:
            yield CString(self, "file_name", charset="UTF-16-LE")
        elif section_type == EFI_SECTION_VERSION:
            yield UInt16(self, "build_number")
            yield CString(self, "version", charset="UTF-16-LE")

        # Content
        content_size = (self.size - self.current_size) // 8
        if content_size == 0:

        if section_type == EFI_SECTION_COMPRESSION:
            compression_type = self["comp_type"].value
            if compression_type == 1:
                while not self.eof:
                    yield RawBytes(self, "compressed_content", content_size)
                while not self.eof:
                    yield FileSection(self, "section[]")
        elif section_type == EFI_SECTION_FIRMWARE_VOLUME_IMAGE:
            yield FirmwareVolume(self, "firmware_volume")
            yield RawBytes(
                self, "content", content_size,
                                     "Unknown Section Type"))
def parseTry(parent, size):
    yield Bits(parent, "reserved", 5)
    catchInReg = Bit(parent, "catch_in_register")
    yield catchInReg
    yield Bit(parent, "finally")
    yield Bit(parent, "catch")
    yield UInt8(parent, "try_size")
    yield UInt8(parent, "catch_size")
    yield UInt8(parent, "finally_size")
    if catchInReg.value:
        yield CString(parent, "name")
        yield UInt8(parent, "register")
Exemplo n.º 17
 def createFields(self):
     yield PropertiesFormat(self, "format")
     yield UInt32(self, "nb_prop")
     properties = []
     for index in xrange(self["nb_prop"].value):
         property = Property(self, "property[]")
         yield property
     padding = paddingSize(self.current_size // 8, 4)
     if padding:
         yield NullBytes(self, "padding", padding)
     yield UInt32(self, "total_str_length")
     properties.sort(key=lambda entry: entry["name_offset"].value)
     offset0 = self.current_size // 8
     for property in properties:
         padding = self.seekByte(offset0 + property["name_offset"].value)
         if padding:
             yield padding
         yield CString(self, "name[]", "Name of %s" %
         if property["is_string"].value:
             yield CString(self, "value[]", "Value of %s" %
     padding = (self.size - self.current_size) // 8
     if padding:
         yield NullBytes(self, "end_padding", padding)
Exemplo n.º 18
 def createFields(self):
     yield Enum(UInt8(self, "charset"), self.charset_desc)
     yield String(self, "lang", 3, "Language", charset="ASCII")
     charset = getCharset(self["charset"])
     yield CString(self,
     size = (self.size - self.current_size) // 8
     if not size:
     yield String(self,
Exemplo n.º 19
    def createFields(self):
        yield UInt16(self, "size", "Node size (in bytes)")
        yield UInt16(self, "data_size")
        yield CString(self, "name", charset="ISO-8859-1")

        size = paddingSize(self.current_size // 8, 4)
        if size:
            yield NullBytes(self, "padding[]", size)
        size = self["data_size"].value
        if size:
            if self["name"].value == "VS_VERSION_INFO":
                yield VersionInfoBinary(self, "value", size=size * 8)
                yield String(self, "value", size, charset="ISO-8859-1")
        while 12 <= (self.size - self.current_size) // 8:
            yield NE_VersionInfoNode(self, "node[]")
        size = (self.size - self.current_size) // 8
        if size:
            yield NullBytes(self, "padding[]", size)
Exemplo n.º 20
 def createFields(self):
     yield PropertiesFormat(self, "format")
     yield UInt32(self, "count")
     offsets = []
     for index in xrange(self["count"].value):
         offset = UInt32(self, "offset[]")
         yield offset
     yield UInt32(self, "total_str_length")
     offset0 = self.current_size // 8
     for offset in offsets:
         padding = self.seekByte(offset0 + offset)
         if padding:
             yield padding
         yield CString(self, "name[]")
     padding = (self.size - self.current_size) // 8
     if padding:
         yield NullBytes(self, "end_padding", padding)
Exemplo n.º 21
    def createFields(self):
        yield UInt32(self, "length", "Length of this structure")
        if not self["length"].value:

        yield Enum(
                UInt32(self, "signature",
                       "Signature determining the function of this structure"),
                hexadecimal), self.INFO_TYPE)

        if self["signature"].value == 0xA0000003:
            # Hostname and Other Stuff
            yield UInt32(self, "remaining_length")
            yield UInt32(self, "unknown[]")
            yield String(
                "Computer hostname on which shortcut was last modified",
            yield RawBytes(self, "unknown[]", 32)
            yield RawBytes(self, "unknown[]", 32)

        elif self["signature"].value == 0xA0000005:
            # Special Folder Info
            yield Enum(
                UInt32(self, "special_folder_id", "ID of the special folder"),
            yield UInt32(self, "offset", "Offset to Item ID entry")

        elif self["signature"].value in (0xA0000001, 0xA0000006, 0xA0000007):
            if self["signature"].value == 0xA0000001:  # Link Target Information
                object_name = "target"
            elif self[
                    "signature"].value == 0xA0000006:  # DarwinID (Windows Installer ID) Information
                object_name = "darwinID"
            else:  # Custom Icon Details
                object_name = "icon_path"
            yield CString(self,
                          "Data (ASCII format)",
            remaining = self[
                "length"].value - self.current_size / 8 - 260 * 2  # 260*2 = size of next part
            if remaining:
                yield RawBytes(self, "slack_space[]", remaining,
                               "Data beyond end of string")
            yield CString(self,
                          object_name + '_unicode',
                          "Data (Unicode format)",
            remaining = self["length"].value - self.current_size / 8
            if remaining:
                yield RawBytes(self, "slack_space[]", remaining,
                               "Data beyond end of string")

        elif self["signature"].value == 0xA0000002:
            # Console Window Properties
            yield ColorTableIndex(self, "color_text", 4,
                                  "Screen text color index")
            yield ColorTableIndex(self, "color_bg", 4,
                                  "Screen background color index")
            yield NullBytes(self, "reserved[]", 1)
            yield ColorTableIndex(self, "color_popup_text", 4,
                                  "Pop-up text color index")
            yield ColorTableIndex(self, "color_popup_bg", 4,
                                  "Pop-up background color index")
            yield NullBytes(self, "reserved[]", 1)
            yield UInt16(self, "buffer_width",
                         "Screen buffer width (character cells)")
            yield UInt16(self, "buffer_height",
                         "Screen buffer height (character cells)")
            yield UInt16(self, "window_width",
                         "Window width (character cells)")
            yield UInt16(self, "window_height",
                         "Window height (character cells)")
            yield UInt16(self, "position_left",
                         "Window distance from left edge (screen coords)")
            yield UInt16(self, "position_top",
                         "Window distance from top edge (screen coords)")
            yield UInt32(self, "font_number")
            yield UInt32(self, "input_buffer_size")
            yield UInt16(self, "font_width",
                         "Font width in pixels; 0 for a non-raster font")
            yield UInt16(
                self, "font_height",
                "Font height in pixels; equal to the font size for non-raster fonts"
            yield UInt32(self, "font_family")
            yield UInt32(self, "font_weight")
            yield String(self,
                         "Font Name (Unicode format)",
            yield UInt32(self, "cursor_size",
                         "Relative size of cursor (% of character size)")
            yield Enum(
                UInt32(self, "full_screen", "Run console in full screen?"),
            yield Enum(
                    self, "quick_edit",
                    "Console uses quick-edit feature (using mouse to cut & paste)?"
                ), self.BOOL_ENUM)
            yield Enum(
                UInt32(self, "insert_mode", "Console uses insertion mode?"),
            yield Enum(
                UInt32(self, "auto_position",
                       "System automatically positions window?"),
            yield UInt32(self, "history_size",
                         "Size of the history buffer (in lines)")
            yield UInt32(
                self, "history_count",
                "Number of history buffers (each process gets one up to this limit)"
            yield Enum(
                    self, "history_no_dup",
                    "Automatically eliminate duplicate lines in the history buffer?"
                ), self.BOOL_ENUM)
            for index in xrange(16):
                yield ColorRef(self, "color[]")

        elif self["signature"].value == 0xA0000004:
            # Console Codepage Information
            yield UInt32(self, "codepage", "Console's code page")

            yield RawBytes(self, "raw",
                           self["length"].value - self.current_size / 8)
Exemplo n.º 22
def textParse(parent):
    yield CString(parent, "keyword", "Keyword", charset="ISO-8859-1")
    length = parent["size"].value - parent["keyword"].size/8
    if length:
        yield String(parent, "text", length, "Text", charset="ISO-8859-1")
Exemplo n.º 23
 def createFields(self):
     yield UInt16(self, "object_id")
     yield CString(self, "name")
def parseGotoLabel(parent, size):
    yield CString(parent, "label")
Exemplo n.º 25
def readMaterialName(parent):
    yield CString(parent, "name", "Material name")
Exemplo n.º 26
def readTextureFilename(parent):
    yield CString(parent, "filename", "Texture filename")
Exemplo n.º 27
def readObject(parent):
    yield CString(parent, "name", "Object name")
    size = parent["size"].value * 8
    while parent.current_size < size:
        yield Chunk(parent, "chunk[]")
def parseGetURL(parent, size):
    yield CString(parent, "url")
    yield CString(parent, "target")
def parseSetTarget(parent, size):
    yield CString(parent, "target")
def parseDeclareDictionnary(parent, size):
    count = UInt16(parent, "count")
    yield count
    for i in range(count.value):
        yield CString(parent, "dictionnary[]")