def parseCode(parent): if 0x3000000 <= parent.root.getVersion(): yield UInt32(parent, "arg_count", "Argument count") yield UInt32(parent, "kwonlyargcount", "Keyword only argument count") yield UInt32(parent, "nb_locals", "Number of local variables") yield UInt32(parent, "stack_size", "Stack size") yield UInt32(parent, "flags") elif 0x2030000 <= parent.root.getVersion(): yield UInt32(parent, "arg_count", "Argument count") yield UInt32(parent, "nb_locals", "Number of local variables") yield UInt32(parent, "stack_size", "Stack size") yield UInt32(parent, "flags") else: yield UInt16(parent, "arg_count", "Argument count") yield UInt16(parent, "nb_locals", "Number of local variables") yield UInt16(parent, "stack_size", "Stack size") yield UInt16(parent, "flags") yield Object(parent, "compiled_code") yield Object(parent, "consts") yield Object(parent, "names") yield Object(parent, "varnames") if 0x2000000 <= parent.root.getVersion(): yield Object(parent, "freevars") yield Object(parent, "cellvars") yield Object(parent, "filename") yield Object(parent, "name") if 0x2030000 <= parent.root.getVersion(): yield UInt32(parent, "firstlineno", "First line number") else: yield UInt16(parent, "firstlineno", "First line number") yield Object(parent, "lnotab")
def createFields(self): yield ZipVersion(self, "version_made_by", "Version made by") # yield from ZipStartCommonFields(self) # PY3 for field in ZipStartCommonFields(self): yield field # Check unicode status charset = zipGetCharset(self) yield UInt16(self, "comment_length", "Comment length") yield UInt16(self, "disk_number_start", "Disk number start") yield UInt16(self, "internal_attr", "Internal file attributes") yield UInt32(self, "external_attr", "External file attributes") yield UInt32(self, "offset_header", "Relative offset of local header") yield String(self, "filename", self["filename_length"].value, "Filename", charset=charset) if 0 < self["extra_length"].value: yield ExtraFields(self, "extra", size=self["extra_length"].value * 8, description="Extra fields") if 0 < self["comment_length"].value: yield String(self, "comment", self["comment_length"].value, "Comment", charset=charset)
def createFields(self): yield textHandler(UInt32(self, "magic", "File information magic (0xFEEF04BD)"), hexadecimal) if self["magic"].value != 0xFEEF04BD: raise ParserError("EXE resource: invalid file info magic") yield Version(self, "struct_ver", "Structure version (1.0)") yield Version(self, "file_ver_ms", "File version MS") yield Version(self, "file_ver_ls", "File version LS") yield Version(self, "product_ver_ms", "Product version MS") yield Version(self, "product_ver_ls", "Product version LS") yield textHandler(UInt32(self, "file_flags_mask"), hexadecimal) yield Bit(self, "debug") yield Bit(self, "prerelease") yield Bit(self, "patched") yield Bit(self, "private_build") yield Bit(self, "info_inferred") yield Bit(self, "special_build") yield NullBits(self, "reserved", 26) yield Enum(textHandler(UInt16(self, "file_os_major"), hexadecimal), MAJOR_OS_NAME) yield Enum(textHandler(UInt16(self, "file_os_minor"), hexadecimal), MINOR_OS_NAME) yield Enum(textHandler(UInt32(self, "file_type"), hexadecimal), FILETYPE_NAME) field = textHandler(UInt32(self, "file_subfile"), hexadecimal) if field.value == FILETYPE_DRIVER: field = Enum(field, DRIVER_SUBTYPE_NAME) elif field.value == FILETYPE_FONT: field = Enum(field, FONT_SUBTYPE_NAME) yield field yield TimestampUnix32(self, "date_ms") yield TimestampUnix32(self, "date_ls")
def createFields(self): yield UInt32(self, "size") self._size = (self['size'].value + 4) * 8 yield UInt32(self, "count") yield UInt16(self, "unknown[]") for i in xrange(self['count'].value): yield AVCHDMPLS_0_Chunk(self, "chunk[]")
def createFields(self): yield String(self, "header", 2, "File header (MZ)", charset="ASCII") yield UInt16(self, "size_mod_512", "File size in bytes modulo 512") yield UInt16(self, "size_div_512", "File size in bytes divide by 512") yield UInt16(self, "reloc_entries", "Number of relocation entries") yield UInt16(self, "code_offset", "Offset to the code in the file (divided by 16)") yield UInt16(self, "needed_memory", "Memory needed to run (divided by 16)") yield UInt16(self, "max_memory", "Maximum memory needed to run (divided by 16)") yield textHandler( UInt32(self, "init_ss_sp", "Initial value of SP:SS registers"), hexadecimal) yield UInt16(self, "checksum", "Checksum") yield textHandler( UInt32(self, "init_cs_ip", "Initial value of CS:IP registers"), hexadecimal) yield UInt16(self, "reloc_offset", "Offset in file to relocation table") yield UInt16(self, "overlay_number", "Overlay number") yield PaddingBytes(self, "reserved[]", 8, "Reserved") yield UInt16(self, "oem_id", "OEM id") yield UInt16(self, "oem_info", "OEM info") yield PaddingBytes(self, "reserved[]", 20, "Reserved") yield UInt32(self, "next_offset", "Offset to next header (PE or NE)")
def createFields(self): yield String(self, "signature", 4, "PSD signature (8BPS)", charset="ASCII") yield UInt16(self, "version") yield NullBytes(self, "reserved[]", 6) yield UInt16(self, "nb_channels") yield UInt32(self, "width") yield UInt32(self, "height") yield UInt16(self, "depth") yield Enum(UInt16(self, "color_mode"), self.COLOR_MODE) # Mode data yield UInt32(self, "mode_data_size") size = self["mode_data_size"].value if size: yield RawBytes(self, "mode_data", size) # Resources yield Config(self, "config") # Reserved yield UInt32(self, "reserved_data_size") size = self["reserved_data_size"].value if size: yield RawBytes(self, "reserved_data", size) yield Enum(UInt16(self, "compression"), self.COMPRESSION_NAME) size = (self.size - self.current_size) // 8 if size: yield RawBytes(self, "end", size)
def createFields(self): yield Enum(Bits(self, "compression_method", 4), { 8: "deflate", 15: "reserved" }) # CM yield Bits(self, "compression_info", 4, "base-2 log of the window size") # CINFO yield Bits(self, "flag_check_bits", 5) # FCHECK yield Bit(self, "flag_dictionary_present") # FDICT yield Enum( Bits(self, "flag_compression_level", 2), # FLEVEL { 0: "Fastest", 1: "Fast", 2: "Default", 3: "Maximum, Slowest" }) if self["flag_dictionary_present"].value: yield textHandler( UInt32(self, "dict_checksum", "ADLER32 checksum of dictionary information"), hexadecimal) yield DeflateData(self, "data", self.stream, description="Compressed Data") yield textHandler( UInt32(self, "data_checksum", "ADLER32 checksum of compressed data"), hexadecimal)
def createFields(self): yield Bytes(self, "header", 4, r"PE header signature (PE\0\0)") if self["header"].value != "PE\0\0": raise ParserError("Invalid PE header signature") yield Enum(UInt16(self, "cpu", "CPU type"), self.cpu_name) yield UInt16(self, "nb_section", "Number of sections") yield TimestampUnix32(self, "creation_date", "Creation date") yield UInt32(self, "ptr_to_sym", "Pointer to symbol table") yield UInt32(self, "nb_symbols", "Number of symbols") yield UInt16(self, "opt_hdr_size", "Optional header size") yield Bit(self, "reloc_stripped", "If true, don't contain base relocations.") yield Bit(self, "exec_image", "Executable image?") yield Bit(self, "line_nb_stripped", "COFF line numbers stripped?") yield Bit(self, "local_sym_stripped", "COFF symbol table entries stripped?") yield Bit(self, "aggr_ws", "Aggressively trim working set") yield Bit(self, "large_addr", "Application can handle addresses greater than 2 GB") yield NullBits(self, "reserved", 1) yield Bit(self, "reverse_lo", "Little endian: LSB precedes MSB in memory") yield Bit(self, "32bit", "Machine based on 32-bit-word architecture") yield Bit(self, "is_stripped", "Debugging information removed?") yield Bit( self, "swap", "If image is on removable media, copy and run from swap file") yield PaddingBits(self, "reserved2", 1) yield Bit(self, "is_system", "It's a system file") yield Bit(self, "is_dll", "It's a dynamic-link library (DLL)") yield Bit(self, "up", "File should be run only on a UP machine") yield Bit(self, "reverse_hi", "Big endian: MSB precedes LSB in memory")
def createFields(self): # Read chunk header yield Bytes(self, "signature", 3, r"Property signature (\x8E\xAD\xE8)") if self["signature"].value != "\x8E\xAD\xE8": raise ParserError("Invalid property signature") yield UInt8(self, "version", "Signature version") yield NullBytes(self, "reserved", 4, "Reserved") yield UInt32(self, "count", "Count") yield UInt32(self, "size", "Size") # Read item header items = [] for i in range(0, self["count"].value): item = ItemHeader(self, "item[]") yield item items.append(item) # Sort items by their offset items.sort(key=lambda field: field["offset"].value) # Read item content start = self.current_size // 8 for item in items: offset = item["offset"].value diff = offset - (self.current_size // 8 - start) if 0 < diff: yield NullBytes(self, "padding[]", diff) yield ItemContent(self, "content[]", item) size = start + self["size"].value - self.current_size // 8 if 0 < size: yield NullBytes(self, "padding[]", size)
def createFields(self): yield String(self, "signature", 4, 'Format signature (".snd")', charset="ASCII") yield UInt32(self, "data_ofs", "Data offset") yield filesizeHandler(UInt32(self, "data_size", "Data size")) yield Enum(UInt32(self, "codec", "Audio codec"), self.CODEC_NAME) yield displayHandler( UInt32(self, "sample_rate", "Number of samples/second"), humanFrequency) yield UInt32(self, "channels", "Number of interleaved channels") size = self["data_ofs"].value - self.current_size // 8 if 0 < size: yield String(self, "info", size, "Information", strip=" \0", charset="ISO-8859-1") size = min(self["data_size"].value, (self.size - self.current_size) // 8) yield RawBytes(self, "audio_data", size, "Audio data")
def createFields(self): yield GUID(self, "file_id") yield TimedeltaWin64(self, "entry_interval") yield UInt32(self, "max_pckt_count") yield UInt32(self, "entry_count") for index in xrange(self["entry_count"].value): yield SimpleIndexEntry(self, "entry[]")
def createFields(self): yield Enum(UInt16(self, "src"), self.port_name) yield Enum(UInt16(self, "dst"), self.port_name) yield UInt32(self, "seq_num") yield UInt32(self, "ack_num") yield Bits(self, "hdrlen", 6, "Header lenght") yield NullBits(self, "reserved", 2, "Reserved") yield Bit(self, "cgst", "Congestion Window Reduced") yield Bit(self, "ecn-echo", "ECN-echo") yield Bit(self, "urg", "Urgent") yield Bit(self, "ack", "Acknowledge") yield Bit(self, "psh", "Push mmode") yield Bit(self, "rst", "Reset connection") yield Bit(self, "syn", "Synchronize") yield Bit(self, "fin", "Stop the connection") yield UInt16(self, "winsize", "Windows size") yield textHandler(UInt16(self, "checksum"), hexadecimal) yield UInt16(self, "urgent") size = self["hdrlen"].value * 8 - self.current_size while 0 < size: option = TCP_Option(self, "option[]") yield option size -= option.size
def createFields(self): yield UInt32(self, "size") self._size = (self['size'].value + 4) * 8 yield RawBytes(self, "unknown[]", 22) yield UInt32(self, "count") for i in xrange(self['count'].value): yield RawBytes(self, "data[]", 12)
def createFields(self): yield String(self, "magic", 4, "File signature (MARC)", charset="ASCII") yield UInt32(self, "version") yield UInt32(self, "nb_file") files = [] for index in xrange(self["nb_file"].value): item = FileIndex(self, "file[]") yield item if item["filesize"].value: files.append(item) files.sort(key=lambda item: item["offset"].value) for index in files: padding = self.seekByte(index["offset"].value) if padding: yield padding size = index["filesize"].value desc = "File %s" % index["filename"].value yield SubFile(self, "data[]", size, desc, filename=index["filename"].value)
def createFields(self): yield Bytes(self, "signature", 4, r'ELF signature ("\x7fELF")') yield Enum(UInt8(self, "class", "Class"), self.CLASS_NAME) if self["class"].value == 1: ElfLongWord = UInt32 else: ElfLongWord = UInt64 yield Enum(UInt8(self, "endian", "Endian"), self.ENDIAN_NAME) yield UInt8(self, "file_version", "File version") yield Enum(UInt8(self, "osabi_ident", "OS/syscall ABI identification"), self.OSABI_NAME) yield UInt8(self, "abi_version", "syscall ABI version") yield String(self, "pad", 7, "Pad") yield Enum(UInt16(self, "type", "File type"), self.TYPE_NAME) yield Enum(UInt16(self, "machine", "Machine type"), self.MACHINE_NAME) yield UInt32(self, "version", "ELF format version") yield textHandler(ElfLongWord(self, "entry", "Entry point"), hexadecimal) yield ElfLongWord(self, "phoff", "Program header file offset") yield ElfLongWord(self, "shoff", "Section header file offset") yield UInt32(self, "flags", "Architecture-specific flags") yield UInt16(self, "ehsize", "Elf header size (this header)") yield UInt16(self, "phentsize", "Program header entry size") yield UInt16(self, "phnum", "Program header entry count") yield UInt16(self, "shentsize", "Section header entry size") yield UInt16(self, "shnum", "Section header entry count") yield UInt16(self, "shstrndx", "Section header string table index")
def fileHeader(self): yield filesizeHandler( UInt32(self, "compressed_size", "Size of the compressed file")) yield filesizeHandler( UInt32(self, "uncompressed_size", "Uncompressed file size")) yield TimeDateMSDOS32(self, "ftime", "Date and time (MS DOS format)") if self["/header/host_os"].value in (OS_MSDOS, OS_WIN32): yield MSDOSFileAttr32(self, "file_attr", "File attributes") else: yield textHandler(UInt32(self, "file_attr", "File attributes"), hexadecimal) yield textHandler( UInt32(self, "file_crc32", "CRC32 checksum over the compressed file)"), hexadecimal) yield Enum(UInt8(self, "compression_type", "Type of compression"), COMPRESSION_TYPE) yield Enum(UInt8(self, "compression_mode", "Quality of compression"), COMPRESSION_MODE) yield textHandler(UInt16(self, "parameters", "Compression parameters"), hexadecimal) yield textHandler(UInt16(self, "reserved", "Reserved data"), hexadecimal) # Filename yield PascalString16(self, "filename", "Filename") # Comment if self["flags/has_comment"].value: yield filesizeHandler( UInt16(self, "comment_size", "Size of the compressed comment")) if self["comment_size"].value > 0: yield RawBytes(self, "comment_data", self["comment_size"].value, "Comment data")
def createFields(self): yield String(self, "signature", 2, "Header (\"BM\")", charset="ASCII") yield UInt32(self, "file_size", "File size (bytes)") yield PaddingBytes(self, "reserved", 4, "Reserved") yield UInt32(self, "data_start", "Data start position") yield BmpHeader(self, "header") # Compute number of color header = self["header"] bpp = header["bpp"].value if 0 < bpp <= 8: if "used_colors" in header and header["used_colors"].value: nb_color = header["used_colors"].value else: nb_color = (1 << bpp) else: nb_color = 0 # Color palette (if any) if nb_color: yield PaletteRGBA(self, "palette", nb_color) # Seek to data start field = self.seekByte(self["data_start"].value) if field: yield field # Image pixels size = min(self["file_size"].value - self["data_start"].value, (self.size - self.current_size) // 8) yield parseImageData(self, "pixels", size, header)
def createFields(self): yield IFDTag(self, "tag", "Tag") yield Enum(UInt16(self, "type", "Type"), self.TYPE_NAME) self.value_cls = self.ENTRY_FORMAT.get(self['type'].value, Bytes) if issubclass(self.value_cls, Bytes): self.value_size = 8 else: self.value_size = self.value_cls.static_size yield UInt32(self, "count", "Count") count = self['count'].value totalsize = self.value_size * count if count == 0: yield NullBytes(self, "padding", 4) elif totalsize <= 32: name = "value" if issubclass(self.value_cls, Bytes): yield self.value_cls(self, name, count) elif count == 1: yield self.value_cls(self, name) else: yield ValueArray(self, name, self.value_cls, count) if totalsize < 32: yield NullBits(self, "padding", 32 - totalsize) else: yield UInt32(self, "offset", "Value offset")
def createFields(self): yield textHandler(UInt32(self, "file_crc32", "Checksum (CRC32)"), hexadecimal) yield filesizeHandler( UInt32(self, "file_compressed_size", "Compressed size (bytes)")) yield filesizeHandler( UInt32(self, "file_uncompressed_size", "Uncompressed size (bytes)"))
def createFields(self): yield UInt32(self, "play_count", "Playcount since last sync") yield TimestampMac32(self, "last_played", "Time of the last play of the track") yield UInt32(self, "audio_bookmark", "Last position in milliseconds") yield UInt32(self, "rating", "Rating in steps of 20 up to 100") yield UInt32(self, "unknown", "unknown") yield UInt32(self, "skip_count", "Number of skips since last sync") yield TimestampMac32(self, "last_skipped", "Time of the last skip")
def createFields(self): # Gzip header yield Bytes(self, "signature", 2, r"GZip file signature (\x1F\x8B)") yield Enum(UInt8(self, "compression", "Compression method"), self.COMPRESSION_NAME) # Flags yield Bit(self, "is_text", "File content is probably ASCII text") yield Bit(self, "has_crc16", "Header CRC16") yield Bit(self, "has_extra", "Extra informations (variable size)") yield Bit(self, "has_filename", "Contains filename?") yield Bit(self, "has_comment", "Contains comment?") yield NullBits(self, "reserved[]", 3) yield TimestampUnix32(self, "mtime", "Modification time") # Extra flags yield NullBits(self, "reserved[]", 1) yield Bit(self, "slowest", "Compressor used maximum compression (slowest)") yield Bit(self, "fastest", "Compressor used the fastest compression") yield NullBits(self, "reserved[]", 5) yield Enum(UInt8(self, "os", "Operating system"), self.os_name) # Optional fields if self["has_extra"].value: yield UInt16(self, "extra_length", "Extra length") yield RawBytes(self, "extra", self["extra_length"].value, "Extra") if self["has_filename"].value: yield CString(self, "filename", "Filename", charset="ISO-8859-1") if self["has_comment"].value: yield CString(self, "comment", "Comment") if self["has_crc16"].value: yield textHandler(UInt16(self, "hdr_crc16", "CRC16 of the header"), hexadecimal) if self._size is None: # TODO: is it possible to handle piped input? raise NotImplementedError() # Read file size = (self._size - self.current_size) // 8 - 8 # -8: crc32+size if 0 < size: if self["has_filename"].value: filename = self["filename"].value else: for tag, filename in self.stream.tags: if tag == "filename" and filename.endswith(".gz"): filename = filename[:-3] break else: filename = None yield Deflate(SubFile(self, "file", size, filename=filename)) # Footer yield textHandler( UInt32(self, "crc32", "Uncompressed data content CRC32"), hexadecimal) yield filesizeHandler(UInt32(self, "size", "Uncompressed size"))
def createFields(self): yield UInt8(self, "width", "Width") yield UInt8(self, "height", "Height") yield UInt8(self, "nb_color", "Number of colors") yield UInt8(self, "reserved", "(reserved)") yield UInt16(self, "planes", "Color planes (=1)") yield UInt16(self, "bpp", "Bits per pixel") yield UInt32(self, "size", "Content size in bytes") yield UInt32(self, "offset", "Data offset")
def createFields(self): yield UInt32( self, "disk_number", "Number of the disk with the start of the zip64 end of central directory" ) yield UInt64( self, "relative_offset", "Relative offset of the zip64 end of central directory record") yield UInt32(self, "disk_total_number", "Total number of disks")
def createFields(self): yield UInt32(self, "version") yield UInt8(self, "has_realm") yield PascalStringWin32(self, "writer_name", charset="UTF-16-BE") yield PascalStringWin32(self, "reader_name", charset="UTF-16-BE") yield UInt32(self, "file_version") size = (self.size - self.current_size) // 8 if size: yield NullBytes(self, "padding", size)
def createFields(self): yield Bytes(self, "filetype", 4, "File type (INDX)") yield Bytes(self, "fileversion", 4, "File version (0?00)") yield UInt32(self, "offset[0]") yield UInt32(self, "offset[1]") self.seekByte(self['offset[0]'].value) yield AVCHDINDX_0(self, "chunk[]") self.seekByte(self['offset[1]'].value) yield AVCHDChunkWithHeader(self, "chunk[]")
def createFields(self): if self.res_type is None: # immediate subdirectory of the root yield Enum(UInt32(self, "type"), self.TYPE_DESC) else: # sub-subdirectory, "type" field is just an ID yield textHandler(UInt32(self, "type"), lambda field: "ID %d" % field.value) yield Bits(self, "offset", 31) yield Bit(self, "is_subdir")
def parseWAVFormat(self): size = self["size"].value if size not in (16, 18): self.warning("Format with size of %s bytes is not supported!" % size) yield Enum(UInt16(self, "codec", "Audio codec"), audio_codec_name) yield UInt16(self, "nb_channel", "Number of audio channel") yield UInt32(self, "sample_per_sec", "Sample per second") yield UInt32(self, "byte_per_sec", "Average byte per second") yield UInt16(self, "block_align", "Block align") yield UInt16(self, "bit_per_sample", "Bits per sample")
def parseVorbisHeader(parent): yield UInt32(parent, "vorbis_version") yield UInt8(parent, "audio_channels") yield UInt32(parent, "audio_sample_rate") yield UInt32(parent, "bitrate_maximum") yield UInt32(parent, "bitrate_nominal") yield UInt32(parent, "bitrate_minimum") yield Bits(parent, "blocksize_0", 4) yield Bits(parent, "blocksize_1", 4) yield UInt8(parent, "framing_flag")
def createFields(self): yield UInt32(self, "length", "Length of this structure") yield UInt32(self, "unknown[]") yield UInt32(self, "share_name_offset", "Offset to share name") yield UInt32(self, "unknown[]") yield UInt32(self, "unknown[]") padding = self.seekByte(self["share_name_offset"].value) if padding: yield padding yield CString(self, "share_name")
def createFields(self): yield UInt16(self, "number_disk", "Number of this disk") yield UInt16(self, "number_disk2", "Number in the central dir") yield UInt16(self, "total_number_disk", "Total number of entries in this disk") yield UInt16(self, "total_number_disk2", "Total number of entries in the central dir") yield UInt32(self, "size", "Size of the central directory") yield UInt32(self, "offset", "Offset of start of central directory") yield PascalString16(self, "comment", "ZIP comment")