def __init__(self):
VStruct.__init__(self)
self.a = v_uint8()
self.b = v_uint16()
self.c = v_uint32()
self.d = v_uint8()
self.e = VArray((v_uint32(), v_uint32(), v_uint32(), v_uint32()))
def __init__(self):
VStruct.__init__(self)
self.a = v_uint8()
self.b = v_uint16()
self.c = v_uint32()
self.d = v_uint8()
self.e = VArray(
(v_uint32(), v_uint32(), v_uint32(), v_uint32()))
def __init__(self, wordsize):
vstruct.VStruct.__init__(self)
if wordsize == 4:
v_word = v_uint32
elif wordsize == 8:
v_word = v_uint64
else:
raise ValueError('unexpected wordsize')
"""
v7.0:
nodeid: ff000002 tag: S index: 0x41b994
00000000: 69 64 61 00 BC 02 6D 65 74 61 70 63 00 00 00 00 ida...metapc....
00000010: 00 00 00 00 00 00 A3 00 0B 02 00 00 14 00 00 00 ................
00000020: 0B 00 00 00 00 00 00 00 F7 FF FF DF 03 00 00 00 ................
00000030: 00 00 00 00 FF FF FF FF 01 00 00 00 95 16 90 68 ...............h
00000040: 95 16 90 68 FF FF FF FF FF FF FF FF 00 10 90 68 ...h...........h
00000050: 30 E2 9D 68 00 10 90 68 30 E2 9D 68 00 10 90 68 0..h...h0..h...h
00000060: 00 70 9E 68 10 00 00 00 00 00 00 FF 00 00 10 FF .p.h............
00000070: 00 00 00 00 00 02 01 0F 0F 00 40 40 00 00 00 00 ..........@@....
00000080: 00 00 00 00 00 00 00 00 00 00 02 06 67 BE A3 0E ............g...
00000090: 07 00 40 06 00 07 00 18 28 00 50 00 54 03 00 00 ..@.....(.P.T...
000000A0: 01 00 00 00 01 1B 0A 00 00 00 00 00 61 00 00 00 ............a...
000000B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000C0: 07 00 00 00 00 01 33 04 01 04 00 02 04 08 08 00 ......3.........
000000D0: 00 00 00 00 00 00 00 00 ........
v6.95:
00000000: 49 44 41 B7 02 6D 65 74 61 70 63 00 00 23 00 0B IDA..metapc..#..
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF ................
00000020: FF FF FF 95 16 90 68 95 16 90 68 00 10 90 68 30 ......h...h...h0
00000030: E2 9D 68 00 10 90 68 30 E2 9D 68 00 10 90 68 00 ..h...h0..h...h.
00000040: 70 9E 68 10 00 00 00 0A 00 00 18 00 01 00 00 02 p.h.............
00000050: 01 01 00 01 02 01 01 00 00 00 00 00 0F 08 00 09 ................
00000060: 06 00 01 01 1B 07 61 00 00 00 00 00 00 00 00 00 ......a.........
00000070: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 ................
00000080: 01 01 FF FF FF FF 01 00 00 00 FF FF FF FF 67 BE ..............g.
00000090: A3 0E 07 00 40 06 07 00 00 00 00 00 00 00 FD BF ....@...........
000000A0: 0F 00 28 00 50 00 40 40 00 00 00 00 00 00 00 00 ..(.P.@@........
000000B0: 00 00 00 00 00 00 02 01 33 04 01 04 00 02 04 08 ........3.......
000000C0: 14 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 ................
000000D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ................
000000E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
"""
self.tag = v_str(size=0x3) # 'IDA' below 7.0, 'ida' in 7.0
self.zero = v_bytes(size=0x0)
self.version = v_uint16()
self.procname_size = v_bytes(size=0x0)
# 8 bytes for < 7.0
# 16 bytes for >= 7.0
self.procname = v_str(size=0x10)
self.lflags = v_uint8()
self.demnames = v_uint8()
self.filetype = v_uint16()
def __init__(self):
vstruct.VStruct.__init__(self)
self.sectname[16] = vs_prim.v_uint8() # name of this section
self.segname[16] = vs_prim.v_uint8() # segment this section goes in
self.addr = vs_prim.v_uint32() # memory address of this section
self.size = vs_prim.v_uint32() # size in bytes of this section
self.offset = vs_prim.v_uint32() # file offset of this section
self.align = vs_prim.v_uint32() # section alignment (power of 2)
self.reloff = vs_prim.v_uint32() # file offset of relocation entries
self.nreloc = vs_prim.v_uint32() # number of relocation entries
self.flags = vs_prim.v_uint32() # flags (section type and attributes)
self.reserved1 = vs_prim.v_uint32() # reserved (for offset or index)
self.reserved2 = vs_prim.v_uint32() # reserved (for count or sizeof)
def __init__(self):
vstruct.VStruct.__init__(self)
# sizeof() == 0xB (fixed)
self.type = v_uint8() # possible values: 0x0 - 0xC. top bit has some meaning.
self.unk01 = v_uint16() # this might be the segment index + 1?
self.offset = v_uint32()
self.unk07 = v_uint32()
def __init__(self, buf, wordsize):
vstruct.VStruct.__init__(self)
self.buf = memoryview(buf)
self.wordsize = wordsize
self.next_free_offset = v_uint32()
self.page_size = v_uint16()
self.root_page = v_uint32()
self.record_count = v_uint32()
self.page_count = v_uint32()
self.unk12 = v_uint8()
self.signature = v_bytes(size=0x09)
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_SEGMENT_64
self.cmdsize = vs_prim.v_uint32() # includes sizeof section_64 structs
self.segname[16] = vs_prim.v_uint8() # segment name
self.vmaddr = vs_prim.v_uint64() # memory address of this segment
self.vmsize = vs_prim.v_uint64() # memory size of this segment
self.fileoff = vs_prim.v_uint64() # file offset of this segment
self.filesize = vs_prim.v_uint64() # amount to map from the file
self.maxprot = vm_prot_t() # maximum VM protection
self.initprot = vm_prot_t() # initial VM protection
self.nsects = vs_prim.v_uint32() # number of sections in segment
self.flags = vs_prim.v_uint32() # flags
def __init__(self, wordsize):
vstruct.VStruct.__init__(self)
# sizeof() == 0xB (fixed)
# possible values: 0x0 - 0xC. top bit has some meaning.
self.type = v_uint8()
self.unk01 = v_uint16() # this might be the segment index + 1?
if wordsize == 4:
self.offset = v_uint32()
self.unk07 = v_uint32()
elif wordsize == 8:
self.unk03 = v_uint32()
self.unk07 = v_uint16()
self.offset = v_uint64()
else:
raise ValueError('unexpected wordsize')
def __init__(self):
vstruct.VStruct.__init__(self)
self.header = v_uint8()
self.length = v_uint8()
self.s = v_str()
def __init__(self, length_is_total=True):
vstruct.VStruct.__init__(self)
self.length = v_uint8()
self.s = v_str()
self.length_is_total = length_is_total
def __init__(self):
vstruct.VStruct.__init__(self)
self.is_compressed = v_uint8()
self.length = v_uint64()
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_UUID
self.cmdsize = vs_prim.v_uint32() # sizeof(struct uuid_command)
self.uuid[16] = vs_prim.v_uint8() # the 128-bit uuid
def __init__(self):
vstruct.VStruct.__init__(self)
self.compression_method = v_uint8()
self.length = v_uint64()
self.is_compressed = False
