def __init__(self): VStruct.__init__(self) self.a = v_uint8() self.b = v_uint16() self.c = v_uint32() self.d = v_uint8() self.e = VArray((v_uint32(), v_uint32(), v_uint32(), v_uint32()))
def __init__(self): VStruct.__init__(self) self.a = v_uint8() self.b = v_uint16() self.c = v_uint32() self.d = v_uint8() self.e = VArray( (v_uint32(), v_uint32(), v_uint32(), v_uint32()))
def __init__(self, wordsize): vstruct.VStruct.__init__(self) if wordsize == 4: v_word = v_uint32 elif wordsize == 8: v_word = v_uint64 else: raise ValueError('unexpected wordsize') """ v7.0: nodeid: ff000002 tag: S index: 0x41b994 00000000: 69 64 61 00 BC 02 6D 65 74 61 70 63 00 00 00 00 ida...metapc.... 00000010: 00 00 00 00 00 00 A3 00 0B 02 00 00 14 00 00 00 ................ 00000020: 0B 00 00 00 00 00 00 00 F7 FF FF DF 03 00 00 00 ................ 00000030: 00 00 00 00 FF FF FF FF 01 00 00 00 95 16 90 68 ...............h 00000040: 95 16 90 68 FF FF FF FF FF FF FF FF 00 10 90 68 ...h...........h 00000050: 30 E2 9D 68 00 10 90 68 30 E2 9D 68 00 10 90 68 0..h...h0..h...h 00000060: 00 70 9E 68 10 00 00 00 00 00 00 FF 00 00 10 FF .p.h............ 00000070: 00 00 00 00 00 02 01 0F 0F 00 40 40 00 00 00 00 ..........@@.... 00000080: 00 00 00 00 00 00 00 00 00 00 02 06 67 BE A3 0E ............g... 00000090: 07 00 40 06 00 07 00 18 28 00 50 00 54 03 00 00 ..@.....(.P.T... 000000A0: 01 00 00 00 01 1B 0A 00 00 00 00 00 61 00 00 00 ............a... 000000B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000000C0: 07 00 00 00 00 01 33 04 01 04 00 02 04 08 08 00 ......3......... 000000D0: 00 00 00 00 00 00 00 00 ........ v6.95: 00000000: 49 44 41 B7 02 6D 65 74 61 70 63 00 00 23 00 0B IDA..metapc..#.. 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF ................ 00000020: FF FF FF 95 16 90 68 95 16 90 68 00 10 90 68 30 ......h...h...h0 00000030: E2 9D 68 00 10 90 68 30 E2 9D 68 00 10 90 68 00 ..h...h0..h...h. 00000040: 70 9E 68 10 00 00 00 0A 00 00 18 00 01 00 00 02 p.h............. 00000050: 01 01 00 01 02 01 01 00 00 00 00 00 0F 08 00 09 ................ 00000060: 06 00 01 01 1B 07 61 00 00 00 00 00 00 00 00 00 ......a......... 00000070: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 ................ 00000080: 01 01 FF FF FF FF 01 00 00 00 FF FF FF FF 67 BE ..............g. 00000090: A3 0E 07 00 40 06 07 00 00 00 00 00 00 00 FD BF ....@........... 000000A0: 0F 00 28 00 50 00 40 40 00 00 00 00 00 00 00 00 ..(.P.@@........ 000000B0: 00 00 00 00 00 00 02 01 33 04 01 04 00 02 04 08 ........3....... 000000C0: 14 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 ................ 000000D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ................ 000000E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000000F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ """ self.tag = v_str(size=0x3) # 'IDA' below 7.0, 'ida' in 7.0 self.zero = v_bytes(size=0x0) self.version = v_uint16() self.procname_size = v_bytes(size=0x0) # 8 bytes for < 7.0 # 16 bytes for >= 7.0 self.procname = v_str(size=0x10) self.lflags = v_uint8() self.demnames = v_uint8() self.filetype = v_uint16()
def __init__(self): vstruct.VStruct.__init__(self) self.sectname[16] = vs_prim.v_uint8() # name of this section self.segname[16] = vs_prim.v_uint8() # segment this section goes in self.addr = vs_prim.v_uint32() # memory address of this section self.size = vs_prim.v_uint32() # size in bytes of this section self.offset = vs_prim.v_uint32() # file offset of this section self.align = vs_prim.v_uint32() # section alignment (power of 2) self.reloff = vs_prim.v_uint32() # file offset of relocation entries self.nreloc = vs_prim.v_uint32() # number of relocation entries self.flags = vs_prim.v_uint32() # flags (section type and attributes) self.reserved1 = vs_prim.v_uint32() # reserved (for offset or index) self.reserved2 = vs_prim.v_uint32() # reserved (for count or sizeof)
def __init__(self): vstruct.VStruct.__init__(self) # sizeof() == 0xB (fixed) self.type = v_uint8() # possible values: 0x0 - 0xC. top bit has some meaning. self.unk01 = v_uint16() # this might be the segment index + 1? self.offset = v_uint32() self.unk07 = v_uint32()
def __init__(self, buf, wordsize): vstruct.VStruct.__init__(self) self.buf = memoryview(buf) self.wordsize = wordsize self.next_free_offset = v_uint32() self.page_size = v_uint16() self.root_page = v_uint32() self.record_count = v_uint32() self.page_count = v_uint32() self.unk12 = v_uint8() self.signature = v_bytes(size=0x09)
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_SEGMENT_64 self.cmdsize = vs_prim.v_uint32() # includes sizeof section_64 structs self.segname[16] = vs_prim.v_uint8() # segment name self.vmaddr = vs_prim.v_uint64() # memory address of this segment self.vmsize = vs_prim.v_uint64() # memory size of this segment self.fileoff = vs_prim.v_uint64() # file offset of this segment self.filesize = vs_prim.v_uint64() # amount to map from the file self.maxprot = vm_prot_t() # maximum VM protection self.initprot = vm_prot_t() # initial VM protection self.nsects = vs_prim.v_uint32() # number of sections in segment self.flags = vs_prim.v_uint32() # flags
def __init__(self, wordsize): vstruct.VStruct.__init__(self) # sizeof() == 0xB (fixed) # possible values: 0x0 - 0xC. top bit has some meaning. self.type = v_uint8() self.unk01 = v_uint16() # this might be the segment index + 1? if wordsize == 4: self.offset = v_uint32() self.unk07 = v_uint32() elif wordsize == 8: self.unk03 = v_uint32() self.unk07 = v_uint16() self.offset = v_uint64() else: raise ValueError('unexpected wordsize')
def __init__(self): vstruct.VStruct.__init__(self) self.header = v_uint8() self.length = v_uint8() self.s = v_str()
def __init__(self, length_is_total=True): vstruct.VStruct.__init__(self) self.length = v_uint8() self.s = v_str() self.length_is_total = length_is_total
def __init__(self): vstruct.VStruct.__init__(self) self.is_compressed = v_uint8() self.length = v_uint64()
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_UUID self.cmdsize = vs_prim.v_uint32() # sizeof(struct uuid_command) self.uuid[16] = vs_prim.v_uint8() # the 128-bit uuid
def __init__(self): vstruct.VStruct.__init__(self) self.compression_method = v_uint8() self.length = v_uint64() self.is_compressed = False