How to use the construct.ULInt32 function in construct
To help you get started, we’ve selected a few construct examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
aboood40091 / drc-sim / drc-sim.py View on Github 
super(ServiceASTRM, s).__init__()
s.header_base = construct.BitStruct('ASTRMBaseHeader',
construct.BitField('fmt', 3),
construct.Bit('channel'),
construct.Flag('vibrate'),
construct.Bit('packet_type'),
construct.BitField('seq_id', 10),
construct.BitField('payload_size', 16)
)
s.header_aud = construct.Struct('ASTRMAudioHeader',
construct.ULInt32('timestamp'),
# construct.Array(lambda ctx: ctx.payload_size, construct.UBInt8("data"))
)
s.header_msg = construct.Struct('ASTRMMsgHeader',
# This is kind of a hack, (there are two timestamp fields, which one is used depends on packet_type
construct.ULInt32('timestamp_audio'),
construct.ULInt32('timestamp'),
construct.Array(2, construct.ULInt32('freq_0')), # -> mc_video
construct.Array(2, construct.ULInt32('freq_1')), # -> mc_sync
construct.ULInt8('vid_format'),
construct.Padding(3)
)
s.header = construct.Struct('ASTRMHeader',
construct.Embed(s.header_base),
construct.Switch('format_hdr', lambda ctx: ctx.packet_type,
{
0 : construct.Embed(s.header_aud),
1 : construct.Embed(s.header_msg),
},
default = construct.Pass
)
)SIGNATURE = 0xc104cac3
# TODO: update emtpy, hints, updating and user.
_FILE_HEADER = construct.Struct(
u'chrome_cache_data_file_header',
construct.ULInt32(u'signature'),
construct.ULInt16(u'minor_version'),
construct.ULInt16(u'major_version'),
construct.ULInt16(u'file_number'),
construct.ULInt16(u'next_file_number'),
construct.ULInt32(u'block_size'),
construct.ULInt32(u'number_of_entries'),
construct.ULInt32(u'maximum_number_of_entries'),
construct.Array(4, construct.ULInt32(u'emtpy')),
construct.Array(4, construct.ULInt32(u'hints')),
construct.ULInt32(u'updating'),
construct.Array(5, construct.ULInt32(u'user')),
construct.Array(2028, construct.ULInt32(u'allocation_bitmap')))
_CACHE_ENTRY = construct.Struct(
u'chrome_cache_entry',
construct.ULInt32(u'hash'),
construct.ULInt32(u'next_address'),
construct.ULInt32(u'rankings_node_address'),
construct.ULInt32(u'reuse_count'),
construct.ULInt32(u'refetch_count'),
construct.ULInt32(u'state'),
construct.ULInt64(u'creation_time'),
construct.ULInt32(u'key_size'),
construct.ULInt32(u'long_key_address'),
construct.Array(4, construct.ULInt32(u'data_stream_sizes')),
construct.Array(4, construct.ULInt32(u'data_stream_addresses')),class UTMPFile(object):
"""Class that defines an UTMP file."""
_UTMP_ENTRY = construct.Struct(
u'utmp_linux',
construct.ULInt32(u'type'),
construct.ULInt32(u'pid'),
construct.String(u'terminal', 32),
construct.ULInt32(u'terminal_id'),
construct.String(u'username', 32),
construct.String(u'hostname', 256),
construct.ULInt16(u'termination'),
construct.ULInt16(u'exit'),
construct.ULInt32(u'session'),
construct.ULInt32(u'timestamp'),
construct.ULInt32(u'micro_seconds'),
construct.ULInt32(u'address_a'),
construct.ULInt32(u'address_b'),
construct.ULInt32(u'address_c'),
construct.ULInt32(u'address_d'),
construct.Padding(20))
def __init__(self, debug=False):
"""Initializes an UTMP file.
Args:
debug (Optional[bool]): True if debug information should be printed.
"""
super(UTMPFile, self).__init__()
self._debug = debug
self._file_object = Noneimport struct
import construct as cons
class TableAdapter(cons.Adapter):
def _decode(self, obj, context):
return Table(context['_']['drs_file'],
obj['resource_type'],
obj['offset'],
obj['number_of_files'],
dict((f.resource_id, f) for f in obj['embedded_files']))
EMBEDDED_FILE = cons.Struct('embedded_files',
cons.ULInt32('resource_id'),
cons.ULInt32('offset'),
cons.ULInt32('size'),
# cons.OnDemand(
# cons.Pointer(lambda ctx: ctx['offset'],
# cons.MetaField('data', lambda ctx: ctx['size'])
# )
# )
# We're not parsing it on demand anymore cause we don't want
# construct to keep a reference to the file stream forever.
)
TABLE = cons.Struct('tables',
cons.ULInt32('resource_type'),
cons.ULInt32('offset'),
cons.ULInt32('number_of_files'),
cons.Pointer(lambda ctx: ctx['offset'],
cons.Array(lambda ctx: ctx['number_of_files'],import math
import struct
import construct as c
clim_header_struct = c.Struct(
'clim_header',
c.Magic(b'FLIM'), # TODO 'FLIM' in SUMO
c.Const(c.ULInt16('endianness'), 0xfeff),
c.Const(c.ULInt16('header_length'), 0x14),
c.ULInt32('version'),
c.ULInt32('file_size'),
c.ULInt32('blocks_ct'),
)
imag_header_struct = c.Struct(
'imag_header',
c.Magic(b'imag'),
c.Const(c.ULInt32('section_length'), 0x10),
c.ULInt16('width'),
c.ULInt16('height'),
c.ULInt32('format'),
# TODO this seems to have been expanded into several things in SUMO
#c.Enum(
# c.ULInt32('format'),
# L8=0,
# A8=1,
# LA4=2,def parse_files(drs, table):
drs.seek(table.offset)
embedded_file = cons.Struct('embedded_file',
cons.ULInt32('res_id'),
cons.ULInt32('offset'),
cons.ULInt32('size'),
)
files = []
for idx in xrange(table.number_of_files):
files.append(embedded_file.parse_stream(drs))
return files0x00000065: 0,
0x00000066: 2,
0x00000067: 2,
}
_INTERFACE_OBJECT_RECORD = construct.Struct(
u'interface_object_record',
construct.Bytes(u'string_digest_hash', 64),
construct.ULInt64(u'date_time1'),
construct.ULInt64(u'date_time2'),
construct.ULInt32(u'data_size'),
construct.Bytes(u'data', lambda ctx: ctx.data_size - 4))
_REGISTRATION_OBJECT_RECORD = construct.Struct(
u'registration_object_record',
construct.ULInt32(u'name_space_string_size'),
construct.Bytes(
u'name_space_string', lambda ctx: ctx.name_space_string_size * 2),
construct.ULInt32(u'class_name_string_size'),
construct.Bytes(
u'class_name_string', lambda ctx: ctx.class_name_string_size * 2),
construct.ULInt32(u'attribute_name_string_size'),
construct.Bytes(
u'attribute_name_string',
lambda ctx: ctx.attribute_name_string_size * 2),
construct.ULInt32(u'attribute_value_string_size'),
construct.Bytes(
u'attribute_value_string',
lambda ctx: ctx.attribute_value_string_size * 2),
construct.Bytes(u'unknown1', 8))
DATA_TYPE_CLASS_DEFINITION = u'CD'construct.Switch('ImageBase', lambda ctx: ctx.Magic, {
'IMAGE_NT_OPTIONAL_HDR32_MAGIC' : construct.ULInt32('ImageBase_'),
'IMAGE_NT_OPTIONAL_HDR64_MAGIC' : construct.ULInt64('ImageBase_')
}
),
construct.ULInt32('SectionAlignment'),
construct.ULInt32('FileAlignment'),
construct.ULInt16('MajorOperatingSystemVersion'),
construct.ULInt16('MinorOperatingSystemVersion'),
construct.ULInt16('MajorImageVersion'),
construct.ULInt16('MinorImageVersion'),
construct.ULInt16('MajorSubsystemVersion'),
construct.ULInt16('MinorSubsystemVersion'),
construct.ULInt32('Win32VersionValue'),
construct.ULInt32('SizeOfImage'),
construct.ULInt32('SizeOfHeaders'),
construct.ULInt32('CheckSum'),
construct.ULInt16('Subsystem'),
construct.ULInt16('DllCharacteristics'),
# The SizeOf fields should vary size based on Magic, but the PE header read
# from idautils.peutils_t().header() ALWAYS has them as 32bit. IDA bug?
construct.ULInt32('SizeOfStackReserve'),
construct.ULInt32('SizeOfStackCommit'),
construct.ULInt32('SizeOfHeapReserve'),
construct.ULInt32('SizeOfHeapCommit'),
construct.ULInt32('LoaderFlags'),
construct.ULInt32('NumberOfRvaAndSizes'),
construct.Array(IMAGE_NUMBEROF_DIRECTORY_ENTRIES, MakeImageDataDirectory('DataDirectory'))
)
ImageNtHeaders = construct.Struct('ImageNtHeaders',
construct.Magic(b'PE\0\0'), # Signature# to the start of the LNK data.
self.data_size = file_object.get_offset()
class AutomaticDestinationsFile(object):
"""Class that contains an .automaticDestinations-ms file.
Attributes:
entries (list[LNKFileEntry]): list of the LNK file entries.
recovered_entries (list[LNKFileEntry]): list of the recovered LNK file
entries.
"""
_DEST_LIST_STREAM_HEADER = construct.Struct(
u'dest_list_stream_header',
construct.ULInt32(u'format_version'),
construct.ULInt32(u'number_of_entries'),
construct.ULInt32(u'number_of_pinned_entries'),
construct.LFloat32(u'unknown1'),
construct.ULInt32(u'last_entry_number'),
construct.ULInt32(u'unknown2'),
construct.ULInt32(u'last_revision_number'),
construct.ULInt32(u'unknown3'))
_DEST_LIST_STREAM_ENTRY_V1 = construct.Struct(
u'dest_list_stream_entry_v1',
construct.ULInt64(u'unknown1'),
construct.Bytes(u'droid_volume_identifier', 16),
construct.Bytes(u'droid_file_identifier', 16),
construct.Bytes(u'birth_droid_volume_identifier', 16),
construct.Bytes(u'birth_droid_file_identifier', 16),
construct.String(u'hostname', 16),self.file_attribute_flags = 0
self.process_name = u''
self.sequence_number = 0
class RestorePointChangeLogFile(object):
"""Class that contains a Windows Restore Point change.log file."""
SIGNATURE = 0xabcdef12
_CHANGE_LOG_ENTRY = construct.Struct(
u'restore_point_change_log_entry',
construct.ULInt32(u'record_size'),
construct.ULInt32(u'record_type'),
construct.ULInt32(u'signature'),
construct.ULInt32(u'entry_type'),
construct.ULInt32(u'entry_flags'),
construct.ULInt32(u'file_attribute_flags'),
construct.ULInt64(u'sequence_number'),
construct.Padding(32),
construct.ULInt32(u'process_name_data_size'),
construct.ULInt32(u'unknown1'),
construct.RepeatUntil(
lambda obj, ctx: obj == b'\x00\x00',
construct.Field(u'process_name', 2)),
construct.Anchor(u'sub_record_data'))
_FILE_HEADER = construct.Struct(
u'restore_point_change_log_file_header',
construct.ULInt32(u'record_size'),
construct.ULInt32(u'record_type'),
construct.ULInt32(u'signature'),construct
A powerful declarative symmetric parser/builder for binary data
Package Health Score
81 / 100Popular construct functions
- construct.Array
- construct.BFloat32
- construct.BitField
- construct.Bytes
- construct.Const
- construct.Container
- construct.Enum
- construct.Flag
- construct.LFloat32
- construct.SBInt16
- construct.SBInt32
- construct.SLInt16
- construct.SLInt32
- construct.String
- construct.Struct
- construct.UBInt16
- construct.UBInt32
- construct.UBInt8
- construct.ULInt16
- construct.ULInt32