def __init__(self, wordsize): vstruct.VStruct.__init__(self) if wordsize == 4: v_word = v_uint32 elif wordsize == 8: v_word = v_uint64 else: raise ValueError('unexpected wordsize') """ v7.0: nodeid: ff000002 tag: S index: 0x41b994 00000000: 69 64 61 00 BC 02 6D 65 74 61 70 63 00 00 00 00 ida...metapc.... 00000010: 00 00 00 00 00 00 A3 00 0B 02 00 00 14 00 00 00 ................ 00000020: 0B 00 00 00 00 00 00 00 F7 FF FF DF 03 00 00 00 ................ 00000030: 00 00 00 00 FF FF FF FF 01 00 00 00 95 16 90 68 ...............h 00000040: 95 16 90 68 FF FF FF FF FF FF FF FF 00 10 90 68 ...h...........h 00000050: 30 E2 9D 68 00 10 90 68 30 E2 9D 68 00 10 90 68 0..h...h0..h...h 00000060: 00 70 9E 68 10 00 00 00 00 00 00 FF 00 00 10 FF .p.h............ 00000070: 00 00 00 00 00 02 01 0F 0F 00 40 40 00 00 00 00 ..........@@.... 00000080: 00 00 00 00 00 00 00 00 00 00 02 06 67 BE A3 0E ............g... 00000090: 07 00 40 06 00 07 00 18 28 00 50 00 54 03 00 00 ..@.....(.P.T... 000000A0: 01 00 00 00 01 1B 0A 00 00 00 00 00 61 00 00 00 ............a... 000000B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000000C0: 07 00 00 00 00 01 33 04 01 04 00 02 04 08 08 00 ......3......... 000000D0: 00 00 00 00 00 00 00 00 ........ v6.95: 00000000: 49 44 41 B7 02 6D 65 74 61 70 63 00 00 23 00 0B IDA..metapc..#.. 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF ................ 00000020: FF FF FF 95 16 90 68 95 16 90 68 00 10 90 68 30 ......h...h...h0 00000030: E2 9D 68 00 10 90 68 30 E2 9D 68 00 10 90 68 00 ..h...h0..h...h. 00000040: 70 9E 68 10 00 00 00 0A 00 00 18 00 01 00 00 02 p.h............. 00000050: 01 01 00 01 02 01 01 00 00 00 00 00 0F 08 00 09 ................ 00000060: 06 00 01 01 1B 07 61 00 00 00 00 00 00 00 00 00 ......a......... 00000070: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 ................ 00000080: 01 01 FF FF FF FF 01 00 00 00 FF FF FF FF 67 BE ..............g. 00000090: A3 0E 07 00 40 06 07 00 00 00 00 00 00 00 FD BF ....@........... 000000A0: 0F 00 28 00 50 00 40 40 00 00 00 00 00 00 00 00 ..(.P.@@........ 000000B0: 00 00 00 00 00 00 02 01 33 04 01 04 00 02 04 08 ........3....... 000000C0: 14 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 ................ 000000D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ................ 000000E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000000F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ """ self.tag = v_str(size=0x3) # 'IDA' below 7.0, 'ida' in 7.0 self.zero = v_bytes(size=0x0) self.version = v_uint16() self.procname_size = v_bytes(size=0x0) # 8 bytes for < 7.0 # 16 bytes for >= 7.0 self.procname = v_str(size=0x10) self.lflags = v_uint8() self.demnames = v_uint8() self.filetype = v_uint16()
def c_getVsArray(self, ardecl): cls, size = self._getVsChildElements(ardecl) # Special case char arrays into v_bytes if cls == vs_prim.v_int8: return lambda: vs_prim.v_str(size=size) return lambda: vstruct.VArray([cls() for i in xrange(size)])
def c_getVsArray(self, ardecl): cls, size = self._getVsChildElements(ardecl) # Special case char arrays into v_bytes if cls == vs_prim.v_int8: return lambda: vs_prim.v_str(size=size) return lambda: vstruct.VArray( [ cls() for i in range(size) ] )
def vsParse(self, bytez, offset, fast=True): super(DNetMetaDataHeader, self).vsParse(bytez, offset, fast) here = 0x10 + offset version_end_offset = here + self.nVersionLength sVersion = bytez[here:version_end_offset] self.sVersion = vp.v_str(len(sVersion)) self.sVersion = sVersion sFlags = bytez[version_end_offset:version_end_offset + 2] self.nFlags = vp.v_uint16(struct.unpack("<H", sFlags)[0]) sNumberOfStreams = bytez[version_end_offset + 2:version_end_offset + 4] self.nNumberOfSteams = vp.v_uint16( struct.unpack("<H", sNumberOfStreams)[0])
def vsParse(self, bytez, offset, fast=True): super(DNetStreamInfo, self).vsParse(bytez, offset, fast) here = offset + len(self) _s = [] offset = here while bytez[offset] != '\x00': _s.append(bytez[offset]) offset += 1 _slen = len(_s) nblocks = (_slen // DWORD_SIZE) + 1 slen = nblocks * DWORD_SIZE self.sName = vp.v_str(slen) sName = bytez[here:here + slen] self.sName = sName
def __init__(self): vstruct.VStruct.__init__(self) self.header = v_uint8() self.length = v_uint8() self.s = v_str()
def __init__(self, length_is_total=True): vstruct.VStruct.__init__(self) self.length = v_uint8() self.s = v_str() self.length_is_total = length_is_total