rawdisk.util package¶

Submodules¶

rawdisk.util.filesize module¶

class rawdisk.util.filesize.size[source]¶

Bases: long

define a size class to allow custom formatting format specifiers supported :

em : formats the size as bits in IEC format i.e. 1024 bits (128 bytes) = 1Kib eM : formats the size as Bytes in IEC format i.e. 1024 bytes = 1KiB sm : formats the size as bits in SI format i.e. 1000 bits = 1kb sM : formats the size as bytes in SI format i.e. 1000 bytes = 1KB cm : format the size as bit in the common format i.e. 1024 bits (128 bytes) = 1Kb cM : format the size as bytes in the common format i.e. 1024 bytes = 1KB

See Also:: http://code.activestate.com/recipes/578323-human-readable-filememory-sizes-v2/

rawdisk.util.filesize.size_str(size_int, format_str='{0:.2cM}')[source]¶

rawdisk.util.filetimes module¶

Tools to convert between Python datetime instances and Microsoft times.

Source: http://reliablybroken.com/b/2011/09/free-software-ftw-updated-filetimes-py/

class rawdisk.util.filetimes.UTC[source]¶

Bases: datetime.tzinfo

UTC

dst(dt)[source]¶

tzname(dt)[source]¶

utcoffset(dt)[source]¶

rawdisk.util.filetimes.dt_to_filetime(dt)[source]¶

Converts a datetime to Microsoft filetime format. If the object is time zone-naive, it is forced to UTC before conversion.

>>> "%.0f" % dt_to_filetime(datetime(2009, 7, 25, 23, 0))
'128930364000000000'

>>> "%.0f" % dt_to_filetime(datetime(1970, 1, 1, 0, 0, tzinfo=utc))
'116444736000000000'

>>> "%.0f" % dt_to_filetime(datetime(1970, 1, 1, 0, 0))
'116444736000000000'

>>> dt_to_filetime(datetime(2009, 7, 25, 23, 0, 0, 100))
128930364000001000

rawdisk.util.filetimes.filetime_to_dt(ft)[source]¶

Converts a Microsoft filetime number to a Python datetime. The new datetime object is time zone-naive but is equivalent to tzinfo=utc.

>>> filetime_to_dt(116444736000000000)
datetime.datetime(1970, 1, 1, 0, 0)

>>> filetime_to_dt(128930364000000000)
datetime.datetime(2009, 7, 25, 23, 0)

>>> filetime_to_dt(128930364000001000)
datetime.datetime(2009, 7, 25, 23, 0, 0, 100)

rawdisk.util.rawstruct module¶

class rawdisk.util.rawstruct.RawStruct(data=None, offset=None, length=None, filename=None)[source]¶

Bases: object

Helper class used as a parent class for most filesystem structures.

Args:: data (str): Byte array to initialize structure with. filename (str): A file to read the data from. offset (int): Offset into data or file (if specified). length (int): Number of bytes to read.

data[source]¶

Returns:: str: Byte array of the structure.

export(filename)[source]¶

Exports byte array to specified destination

Args:: filename (str): destination to output file

get_char(offset)[source]¶

Returns char (1 byte)

Args:: offset (char): signed char offset in byte array

get_chunk(offset, length)[source]¶

Args:: offset (int): byte array start [x:] length (int): number of bytes to return [:x]
Returns:: str: Custom length byte array of the structure.

get_field(offset, length, format)[source]¶

Returns unpacked Python struct array.

Args:: offset (int): offset to byte array within structure length (int): how many bytes to unpack format (str): Python struct format string for unpacking
See Also:: https://docs.python.org/2/library/struct.html#format-characters

get_int_le(offset)[source]¶

Returns int (4 bytes)

Args:: offset (int): int offset in little-endian byte array

get_string(offset, length)[source]¶

Returns string (length bytes)

Args:: offset (int): sring offset in byte array length (int): string length

get_uchar(offset)[source]¶

Returns unsigned char (1 byte)

Args:: offset (uchar): unsigned char offset in byte array

get_uint_be(offset)[source]¶

Returns unsigned int (4 bytes)

Args:: offset (int): unsigned int offset in big-endian byte array

get_uint_le(offset)[source]¶

Returns unsigned int (4 bytes)

Args:: offset (int): unsigned int offset in little-endian byte array

get_ulong_be(offset)[source]¶

Returns unsigned long (4 bytes)

Args:: offset (int): unsigned long offset in big-endian byte array

get_ulong_le(offset)[source]¶

Returns unsigned long (4 bytes)

Args:: offset (int): unsigned long offset in little-endian byte array

get_ulonglong_be(offset)[source]¶

Returns unsigned long long (8 bytes)

Args:: offset (int): unsigned long long offset in big-endian byte array

get_ulonglong_le(offset)[source]¶

Returns unsigned long long (8 bytes)

Args:: offset (int): unsigned long long offset in little-endian byte array

get_ushort_be(offset)[source]¶

Returns unsigned short (2 bytes), assuming source is big-endian.

Args:: offset (int): unsigned short offset in byte array.

get_ushort_le(offset)[source]¶

Returns unsigned short (2 bytes), assuming source is little-endian.

Args:: offset (int): unsigned short offset in byte array.

get_uuid_be(offset)[source]¶

Returns Python uuid object initialized with bytes at specified offset

Args:: offset (int): offset to 16-byte big-endian array

get_uuid_le(offset)[source]¶

Returns Python uuid object initialized with bytes at specified offset

Args:: offset (int): offset to 16-byte little-endian array

hexdump()[source]¶

Prints structure’s data in hex format.

>>> 00000000: 46 49 4C 45 30 00 03 00  EA 22 20 00 00 00 00 00          FILE0...." .....
>>> 00000010: 01 00 01 00 38 00 01 00  A0 01 00 00 00 04 00 00          ....8...........
>>> 00000020: 00 00 00 00 00 00 00 00  06 00 00 00 00 00 00 00          ................

See More:: https://bitbucket.org/techtonik/hexdump/

size[source]¶

Returns:: int: Size of structure’s byte array.

rawdisk.util.singleton module¶

class rawdisk.util.singleton.Singleton[source]¶: Bases: type