dissect.cstruct.types

Submodules

• dissect.cstruct.types.base
• dissect.cstruct.types.bytesinteger
• dissect.cstruct.types.chartype
• dissect.cstruct.types.enum
• dissect.cstruct.types.flag
• dissect.cstruct.types.instance
• dissect.cstruct.types.leb128
• dissect.cstruct.types.packedtype
• dissect.cstruct.types.pointer
• dissect.cstruct.types.structure
• dissect.cstruct.types.voidtype
• dissect.cstruct.types.wchartype

Package Contents

Classes

Array	Implements a fixed or dynamically sized array type.
BaseType	Base class for cstruct type classes.
RawType	Base class for raw types that have a name and size.
BytesInteger	Implements an integer type that can span an arbitrary amount of bytes.
CharType	Implements a character type that can properly handle strings.
Enum	Implements an Enum type.
EnumInstance	Implements a value instance of an Enum
Flag	Implements a Flag type.
FlagInstance	Implements a value instance of a Flag
Instance	Holds parsed structure data.
LEB128	Variable-length code compression to store an arbitrarily large integer in a small number of bytes.
PackedType	Implements a packed type that uses Python struct packing characters.
Pointer	Implements a pointer to some other type.
PointerInstance	Like the Instance class, but for structures referenced by a pointer.
Field	Holds a structure field.
Structure	Type class for structures.
Union	Type class for unions
VoidType	Implements a void type.
WcharType	Implements a wide-character type.

class dissect.cstruct.types.Array(cstruct: Array.__init__.cstruct, type_: BaseType, count: int)

Bases: BaseType

Implements a fixed or dynamically sized array type.

Example

When using the default C-style parser, the following syntax is supported:

x[3] -> 3 -> static length. x[] -> None -> null-terminated. x[expr] -> expr -> dynamic length.

__repr__() → str

Return repr(self).

__len__() → int

default() → List[Any]

Return a default value of this type.

class dissect.cstruct.types.BaseType(cstruct: BaseType.__init__.cstruct)

Base class for cstruct type classes.

__getitem__(count: int) → Array

__call__(*args, **kwargs) → Any

reads(data: bytes) → Any

Parse the given data according to the type that implements this class.

Parameters:

data – Byte string to parse.

Returns:

The parsed value of this type.

dumps(data: Any) → bytes

Dump the given data according to the type that implements this class.

Parameters:

data – Data to dump.

Returns:

The resulting bytes.

Raises:

ArraySizeError – Raised when len(data) does not match the size of a statically sized array field.

read(obj: BinaryIO, *args, **kwargs) → Any

Parse the given data according to the type that implements this class.

Parameters:

obj – Data to parse. Can be a (byte) string or a file-like object.

Returns:

The parsed value of this type.

write(stream: BinaryIO, data: Any) → int

Write the given data to a writable file-like object according to the type that implements this class.

Parameters:

• stream – Writable file-like object to write to.

• data – Data to write.

Returns:

The amount of bytes written.

Raises:

ArraySizeError – Raised when len(data) does not match the size of a statically sized array field.

abstract default() → Any

Return a default value of this type.

default_array(count: int) → List[Any]

Return a default array of this type.

class dissect.cstruct.types.RawType(cstruct: RawType.__init__.cstruct, name: str = None, size: int = 0, alignment: int = None)

Bases: BaseType

Base class for raw types that have a name and size.

__len__() → int

__repr__() → str

Return repr(self).

abstract default() → Any

Return a default value of this type.

class dissect.cstruct.types.BytesInteger(cstruct: BytesInteger.__init__.cstruct, name: str, size: int, signed: bool, alignment: int = None)

Bases: dissect.cstruct.types.RawType

Implements an integer type that can span an arbitrary amount of bytes.

static parse(buf: BinaryIO, size: int, count: int, signed: bool, endian: str) → List[int]

static pack(data: List[int], size: int, endian: str, signed: bool) → bytes

default() → int

Return a default value of this type.

default_array(count: int) → List[int]

Return a default array of this type.

class dissect.cstruct.types.CharType(cstruct: CharType.__init__.cstruct)

Bases: dissect.cstruct.types.RawType

Implements a character type that can properly handle strings.

default() → bytes

Return a default value of this type.

default_array(count: int) → bytes

Return a default array of this type.

class dissect.cstruct.types.Enum(cstruct: Enum.__init__.cstruct, name: str, type_: dissect.cstruct.types.BaseType, values: Dict[str, int])

Bases: dissect.cstruct.types.RawType

Implements an Enum type.

Enums can be made using any type. The API for accessing enums and their values is very similar to Python 3 native enums.

Example

When using the default C-style parser, the following syntax is supported:

enum <name> [: <type>] {

<values>

};

For example, an enum that has A=1, B=5 and C=6 could be written like so:

enum Testuint16 {

A, B=5, C

};

__call__(value: int | BinaryIO) → EnumInstance

__getitem__(attr: str) → EnumInstance

__getattr__(attr: str) → EnumInstance

__contains__(attr: str) → bool

default() → EnumInstance

Return a default value of this type.

default_array(count: int) → List[EnumInstance]

Return a default array of this type.

class dissect.cstruct.types.EnumInstance(enum: Enum, value: int)

Implements a value instance of an Enum

property name: str

__eq__(value: int | EnumInstance) → bool

Return self==value.

__ne__(value: int | EnumInstance) → bool

Return self!=value.

__hash__() → int

Return hash(self).

__str__() → str

Return str(self).

__int__() → int

__repr__() → str

Return repr(self).

class dissect.cstruct.types.Flag(cstruct: Enum.__init__.cstruct, name: str, type_: dissect.cstruct.types.BaseType, values: Dict[str, int])

Bases: dissect.cstruct.types.Enum

Implements a Flag type.

Flags can be made using any type. The API for accessing flags and their values is very similar to Python 3 native flags.

Example

When using the default C-style parser, the following syntax is supported:

flag <name> [: <type>] {

<values>

};

For example, a flag that has A=1, B=4 and C=8 could be written like so:

flag Testuint16 {

A, B=4, C

};

__call__(value: int | BinaryIO) → FlagInstance

class dissect.cstruct.types.FlagInstance(enum: Enum, value: int)

Bases: dissect.cstruct.types.EnumInstance

Implements a value instance of a Flag

property name: str

__nonzero__

__ror__

__rand__

__rxor__

__bool__()

__or__(other: int | FlagInstance) → FlagInstance

__and__(other: int | FlagInstance) → FlagInstance

__xor__(other: int | FlagInstance) → FlagInstance

__invert__() → FlagInstance

__str__() → str

Return str(self).

__repr__() → str

Return repr(self).

decompose() → Tuple[List[str], int]

class dissect.cstruct.types.Instance(type_: dissect.cstruct.types.BaseType, values: Dict[str, Any], sizes: Dict[str, int] = None)

Holds parsed structure data.

__slots__ = ('_type', '_values', '_sizes')

__getattr__(attr: str) → Any

__setattr__(attr: str, value: Any) → None

Implement setattr(self, name, value).

__getitem__(item: str) → Any

__contains__(attr: str) → bool

__repr__() → str

Return repr(self).

__len__() → int

__bytes__() → bytes

write(stream: BinaryIO) → int

Write this structure to a writable file-like object.

Parameters:

fh – File-like objects that supports writing.

Returns:

The amount of bytes written.

dumps() → bytes

Dump this structure to a byte string.

Returns:

The raw bytes of this structure.

class dissect.cstruct.types.LEB128(cstruct: LEB128.__init__.cstruct, name: str, size: int, signed: bool, alignment: int = 1)

Bases: dissect.cstruct.types.base.RawType

Variable-length code compression to store an arbitrarily large integer in a small number of bytes.

See https://en.wikipedia.org/wiki/LEB128 for more information and an explanation of the algorithm.

signed: bool

default() → int

Return a default value of this type.

default_array(count: int) → list[int]

Return a default array of this type.

class dissect.cstruct.types.PackedType(cstruct: PackedType.__init__.cstruct, name: str, size: int, packchar: str, alignment: int = None)

Bases: dissect.cstruct.types.RawType

Implements a packed type that uses Python struct packing characters.

default() → int

Return a default value of this type.

default_array(count: int) → List[int]

Return a default array of this type.

class dissect.cstruct.types.Pointer(cstruct: Pointer.__init__.cstruct, target: dissect.cstruct.types.BaseType)

Bases: dissect.cstruct.types.RawType

Implements a pointer to some other type.

__repr__() → str

Return repr(self).

class dissect.cstruct.types.PointerInstance(type_: dissect.cstruct.types.BaseType, stream: BinaryIO, addr: int, ctx: Dict[str, Any])

Like the Instance class, but for structures referenced by a pointer.

__repr__() → str

Return repr(self).

__str__() → str

Return str(self).

__getattr__(attr: str) → Any

__int__() → int

__nonzero__() → bool

__add__(other: int | PointerInstance) → PointerInstance

__sub__(other: int | PointerInstance) → PointerInstance

__mul__(other: int | PointerInstance) → PointerInstance

__floordiv__(other: int | PointerInstance) → PointerInstance

__mod__(other: int | PointerInstance) → PointerInstance

__pow__(other: int | PointerInstance) → PointerInstance

__lshift__(other: int | PointerInstance) → PointerInstance

__rshift__(other: int | PointerInstance) → PointerInstance

__and__(other: int | PointerInstance) → PointerInstance

__xor__(other: int | PointerInstance) → PointerInstance

__or__(other: int | PointerInstance) → PointerInstance

__eq__(other: int | PointerInstance) → bool

Return self==value.

dereference() → Any

class dissect.cstruct.types.Field(name: str, type_: dissect.cstruct.types.BaseType, bits: int = None, offset: int = None)

Holds a structure field.

__repr__()

Return repr(self).

class dissect.cstruct.types.Structure(cstruct: Structure.__init__.cstruct, name: str, fields: List[Field] = None, align: bool = False, anonymous: bool = False)

Bases: dissect.cstruct.types.BaseType

Type class for structures.

__len__() → int

__repr__() → str

Return repr(self).

add_field(name: str, type_: dissect.cstruct.types.BaseType, bits: int = None, offset: int = None) → None

Add a field to this structure.

Parameters:

• name – The field name.

• type – The field type.

• bits – The bit of the field.

• offset – The field offset.

default() → dissect.cstruct.types.Instance

Create and return an empty Instance from this structure.

Returns:

An empty Instance from this structure.

show(indent: int = 0) → None

Pretty print this structure.

class dissect.cstruct.types.Union(cstruct: Structure.__init__.cstruct, name: str, fields: List[Field] = None, align: bool = False, anonymous: bool = False)

Bases: Structure

Type class for unions

__repr__() → str

Return repr(self).

abstract show(indent: int = 0) → None

Pretty print this structure.

class dissect.cstruct.types.VoidType

Bases: dissect.cstruct.types.RawType

Implements a void type.

class dissect.cstruct.types.WcharType(cstruct)

Bases: dissect.cstruct.types.RawType

Implements a wide-character type.

property encoding: str

default() → str

Return a default value of this type.

default_array(count: int) → str

Return a default array of this type.