1# Copyright (c) 2017, The MITRE Corporation. All rights reserved. 2# See LICENSE.txt for complete terms. 3 4import sys 5 6from mixbox.binding_utils import * 7from . import cybox_common 8from . import win_file_object 9 10 11class PEChecksumType(GeneratedsSuper): 12 """The PECheckSumType records the checksum of the PE file, both as 13 found in the file and computed.""" 14 15 subclass = None 16 superclass = None 17 def __init__(self, PE_Computed_API=None, PE_File_API=None, PE_File_Raw=None): 18 self.PE_Computed_API = PE_Computed_API 19 self.PE_File_API = PE_File_API 20 self.PE_File_Raw = PE_File_Raw 21 def factory(*args_, **kwargs_): 22 if PEChecksumType.subclass: 23 return PEChecksumType.subclass(*args_, **kwargs_) 24 else: 25 return PEChecksumType(*args_, **kwargs_) 26 factory = staticmethod(factory) 27 def get_PE_Computed_API(self): return self.PE_Computed_API 28 def set_PE_Computed_API(self, PE_Computed_API): self.PE_Computed_API = PE_Computed_API 29 def validate_LongObjectPropertyType(self, value): 30 # Validate type cybox_common.LongObjectPropertyType, a restriction on None. 31 pass 32 def get_PE_File_API(self): return self.PE_File_API 33 def set_PE_File_API(self, PE_File_API): self.PE_File_API = PE_File_API 34 def get_PE_File_Raw(self): return self.PE_File_Raw 35 def set_PE_File_Raw(self, PE_File_Raw): self.PE_File_Raw = PE_File_Raw 36 def hasContent_(self): 37 if ( 38 self.PE_Computed_API is not None or 39 self.PE_File_API is not None or 40 self.PE_File_Raw is not None 41 ): 42 return True 43 else: 44 return False 45 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEChecksumType', namespacedef_='', pretty_print=True): 46 if pretty_print: 47 eol_ = '\n' 48 else: 49 eol_ = '' 50 showIndent(lwrite, level, pretty_print) 51 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 52 already_processed = set() 53 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEChecksumType') 54 if self.hasContent_(): 55 lwrite('>%s' % (eol_, )) 56 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 57 showIndent(lwrite, level, pretty_print) 58 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 59 else: 60 lwrite('/>%s' % (eol_, )) 61 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEChecksumType'): 62 pass 63 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEChecksumType', fromsubclass_=False, pretty_print=True): 64 if pretty_print: 65 eol_ = '\n' 66 else: 67 eol_ = '' 68 if self.PE_Computed_API is not None: 69 self.PE_Computed_API.export(lwrite, level, 'WinExecutableFileObj:', name_='PE_Computed_API', pretty_print=pretty_print) 70 if self.PE_File_API is not None: 71 self.PE_File_API.export(lwrite, level, 'WinExecutableFileObj:', name_='PE_File_API', pretty_print=pretty_print) 72 if self.PE_File_Raw is not None: 73 self.PE_File_Raw.export(lwrite, level, 'WinExecutableFileObj:', name_='PE_File_Raw', pretty_print=pretty_print) 74 def build(self, node): 75 self.__sourcenode__ = node 76 already_processed = set() 77 self.buildAttributes(node, node.attrib, already_processed) 78 for child in node: 79 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 80 self.buildChildren(child, node, nodeName_) 81 def buildAttributes(self, node, attrs, already_processed): 82 pass 83 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 84 if nodeName_ == 'PE_Computed_API': 85 obj_ = cybox_common.LongObjectPropertyType.factory() 86 obj_.build(child_) 87 self.set_PE_Computed_API(obj_) 88 elif nodeName_ == 'PE_File_API': 89 obj_ = cybox_common.LongObjectPropertyType.factory() 90 obj_.build(child_) 91 self.set_PE_File_API(obj_) 92 elif nodeName_ == 'PE_File_Raw': 93 obj_ = cybox_common.LongObjectPropertyType.factory() 94 obj_.build(child_) 95 self.set_PE_File_Raw(obj_) 96# end class PEChecksumType 97 98class PEExportsType(GeneratedsSuper): 99 """PEExportsType specifies the PE File exports data section. The 100 exports data section contains information about symbols exported 101 by the PE File (a DLL) which can be dynamically loaded by other 102 executables. This type abstracts, and its components, abstract 103 the Windows structures.""" 104 105 subclass = None 106 superclass = None 107 def __init__(self, Name=None, Exported_Functions=None, Number_Of_Functions=None, Exports_Time_Stamp=None, Number_Of_Addresses=None, Number_Of_Names=None): 108 self.Name = Name 109 self.Exported_Functions = Exported_Functions 110 self.Number_Of_Functions = Number_Of_Functions 111 self.Exports_Time_Stamp = Exports_Time_Stamp 112 self.Number_Of_Addresses = Number_Of_Addresses 113 self.Number_Of_Names = Number_Of_Names 114 def factory(*args_, **kwargs_): 115 if PEExportsType.subclass: 116 return PEExportsType.subclass(*args_, **kwargs_) 117 else: 118 return PEExportsType(*args_, **kwargs_) 119 factory = staticmethod(factory) 120 def get_Name(self): return self.Name 121 def set_Name(self, Name): self.Name = Name 122 def get_Exported_Functions(self): return self.Exported_Functions 123 def set_Exported_Functions(self, Exported_Functions): self.Exported_Functions = Exported_Functions 124 def get_Number_Of_Functions(self): return self.Number_Of_Functions 125 def set_Number_Of_Functions(self, Number_Of_Functions): self.Number_Of_Functions = Number_Of_Functions 126 def get_Exports_Time_Stamp(self): return self.Exports_Time_Stamp 127 def set_Exports_Time_Stamp(self, Exports_Time_Stamp): self.Exports_Time_Stamp = Exports_Time_Stamp 128 def validate_DateTimeObjectPropertyType(self, value): 129 # Validate type cybox_common.DateTimeObjectPropertyType, a restriction on None. 130 pass 131 def get_Number_Of_Addresses(self): return self.Number_Of_Addresses 132 def set_Number_Of_Addresses(self, Number_Of_Addresses): self.Number_Of_Addresses = Number_Of_Addresses 133 def validate_LongObjectPropertyType(self, value): 134 # Validate type cybox_common.LongObjectPropertyType, a restriction on None. 135 pass 136 def get_Number_Of_Names(self): return self.Number_Of_Names 137 def set_Number_Of_Names(self, Number_Of_Names): self.Number_Of_Names = Number_Of_Names 138 def hasContent_(self): 139 if ( 140 self. Name is not None or 141 self.Exported_Functions is not None or 142 self.Number_Of_Functions is not None or 143 self.Exports_Time_Stamp is not None or 144 self.Number_Of_Addresses is not None or 145 self.Number_Of_Names is not None 146 ): 147 return True 148 else: 149 return False 150 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEExportsType', namespacedef_='', pretty_print=True): 151 if pretty_print: 152 eol_ = '\n' 153 else: 154 eol_ = '' 155 showIndent(lwrite, level, pretty_print) 156 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 157 already_processed = set() 158 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEExportsType') 159 if self.hasContent_(): 160 lwrite('>%s' % (eol_, )) 161 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 162 showIndent(lwrite, level, pretty_print) 163 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 164 else: 165 lwrite('/>%s' % (eol_, )) 166 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEExportsType'): 167 pass 168 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEExportsType', fromsubclass_=False, pretty_print=True): 169 if pretty_print: 170 eol_ = '\n' 171 else: 172 eol_ = '' 173 if self.Name is not None: 174 self.Name.export(lwrite, level, 'WinExecutableFileObj:', name_='Name', pretty_print=pretty_print) 175 if self.Exported_Functions is not None: 176 self.Exported_Functions.export(lwrite, level, 'WinExecutableFileObj:', name_='Exported_Functions', pretty_print=pretty_print) 177 if self.Exports_Time_Stamp is not None: 178 self.Exports_Time_Stamp.export(lwrite, level, 'WinExecutableFileObj:', name_='Exports_Time_Stamp', pretty_print=pretty_print) 179 if self.Number_Of_Addresses is not None: 180 self.Number_Of_Addresses.export(lwrite, level, 'WinExecutableFileObj:', name_='Number_Of_Addresses', pretty_print=pretty_print) 181 if self.Number_Of_Names is not None: 182 self.Number_Of_Names.export(lwrite, level, 'WinExecutableFileObj:', name_='Number_Of_Names', pretty_print=pretty_print) 183 if self.Number_Of_Functions is not None: 184 self.Number_Of_Functions.export(lwrite, level, 'WinExecutableFileObj:', name_='Number_Of_Functions', pretty_print=pretty_print) 185 def build(self, node): 186 self.__sourcenode__ = node 187 already_processed = set() 188 self.buildAttributes(node, node.attrib, already_processed) 189 for child in node: 190 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 191 self.buildChildren(child, node, nodeName_) 192 def buildAttributes(self, node, attrs, already_processed): 193 pass 194 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 195 if nodeName_ == 'Name': 196 obj_ = cybox_common.StringObjectPropertyType.factory() 197 obj_.build(child_) 198 self.set_Name(obj_) 199 elif nodeName_ == 'Exported_Functions': 200 obj_ = PEExportedFunctionsType.factory() 201 obj_.build(child_) 202 self.set_Exported_Functions(obj_) 203 elif nodeName_ == 'Number_Of_Functions': 204 obj_ = cybox_common.IntegerObjectPropertyType.factory() 205 obj_.build(child_) 206 self.set_Number_Of_Functions(obj_) 207 elif nodeName_ == 'Exports_Time_Stamp': 208 obj_ = cybox_common.DateTimeObjectPropertyType.factory() 209 obj_.build(child_) 210 self.set_Exports_Time_Stamp(obj_) 211 elif nodeName_ == 'Number_Of_Addresses': 212 obj_ = cybox_common.LongObjectPropertyType.factory() 213 obj_.build(child_) 214 self.set_Number_Of_Addresses(obj_) 215 elif nodeName_ == 'Number_Of_Names': 216 obj_ = cybox_common.LongObjectPropertyType.factory() 217 obj_.build(child_) 218 self.set_Number_Of_Names(obj_) 219# end class PEExportsType 220 221class PEExportedFunctionsType(GeneratedsSuper): 222 """PEExportedFunctionsType specifies a list of PE exported functions""" 223 224 subclass = None 225 superclass = None 226 def __init__(self, Exported_Function=None): 227 if Exported_Function is None: 228 self.Exported_Function = [] 229 else: 230 self.Exported_Function = Exported_Function 231 def factory(*args_, **kwargs_): 232 if PEExportedFunctionsType.subclass: 233 return PEExportedFunctionsType.subclass(*args_, **kwargs_) 234 else: 235 return PEExportedFunctionsType(*args_, **kwargs_) 236 factory = staticmethod(factory) 237 def get_Exported_Function(self): return self.Exported_Function 238 def set_Exported_Function(self, Exported_Function): self.Exported_Function = Exported_Function 239 def add_Exported_Function(self, value): self.Exported_Function.append(value) 240 def insert_Exported_Function(self, index, value): self.Exported_Function[index] = value 241 def hasContent_(self): 242 if ( 243 self.Exported_Function 244 ): 245 return True 246 else: 247 return False 248 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEExportedFunctionsType', namespacedef_='', pretty_print=True): 249 if pretty_print: 250 eol_ = '\n' 251 else: 252 eol_ = '' 253 showIndent(lwrite, level, pretty_print) 254 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 255 already_processed = set() 256 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEExportedFunctionsType') 257 if self.hasContent_(): 258 lwrite('>%s' % (eol_, )) 259 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 260 showIndent(lwrite, level, pretty_print) 261 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 262 else: 263 lwrite('/>%s' % (eol_, )) 264 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEExportedFunctionsType'): 265 pass 266 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEExportedFunctionsType', fromsubclass_=False, pretty_print=True): 267 if pretty_print: 268 eol_ = '\n' 269 else: 270 eol_ = '' 271 for Exported_Function_ in self.Exported_Function: 272 Exported_Function_.export(lwrite, level, 'WinExecutableFileObj:', name_='Exported_Function', pretty_print=pretty_print) 273 def build(self, node): 274 self.__sourcenode__ = node 275 already_processed = set() 276 self.buildAttributes(node, node.attrib, already_processed) 277 for child in node: 278 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 279 self.buildChildren(child, node, nodeName_) 280 def buildAttributes(self, node, attrs, already_processed): 281 pass 282 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 283 if nodeName_ == 'Exported_Function': 284 obj_ = PEExportedFunctionType.factory() 285 obj_.build(child_) 286 self.Exported_Function.append(obj_) 287# end class PEExportedFunctionsType 288 289class PESectionListType(GeneratedsSuper): 290 """Specifies a list of sections that appear in the PE file.""" 291 292 subclass = None 293 superclass = None 294 def __init__(self, Section=None): 295 if Section is None: 296 self.Section = [] 297 else: 298 self.Section = Section 299 def factory(*args_, **kwargs_): 300 if PESectionListType.subclass: 301 return PESectionListType.subclass(*args_, **kwargs_) 302 else: 303 return PESectionListType(*args_, **kwargs_) 304 factory = staticmethod(factory) 305 def get_Section(self): return self.Section 306 def set_Section(self, Section): self.Section = Section 307 def add_Section(self, value): self.Section.append(value) 308 def insert_Section(self, index, value): self.Section[index] = value 309 def hasContent_(self): 310 if ( 311 self.Section 312 ): 313 return True 314 else: 315 return False 316 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PESectionListType', namespacedef_='', pretty_print=True): 317 if pretty_print: 318 eol_ = '\n' 319 else: 320 eol_ = '' 321 showIndent(lwrite, level, pretty_print) 322 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 323 already_processed = set() 324 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PESectionListType') 325 if self.hasContent_(): 326 lwrite('>%s' % (eol_, )) 327 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 328 showIndent(lwrite, level, pretty_print) 329 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 330 else: 331 lwrite('/>%s' % (eol_, )) 332 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PESectionListType'): 333 pass 334 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PESectionListType', fromsubclass_=False, pretty_print=True): 335 if pretty_print: 336 eol_ = '\n' 337 else: 338 eol_ = '' 339 for Section_ in self.Section: 340 Section_.export(lwrite, level, 'WinExecutableFileObj:', name_='Section', pretty_print=pretty_print) 341 def build(self, node): 342 self.__sourcenode__ = node 343 already_processed = set() 344 self.buildAttributes(node, node.attrib, already_processed) 345 for child in node: 346 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 347 self.buildChildren(child, node, nodeName_) 348 def buildAttributes(self, node, attrs, already_processed): 349 pass 350 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 351 if nodeName_ == 'Section': 352 obj_ = PESectionType.factory() 353 obj_.build(child_) 354 self.Section.append(obj_) 355# end class PESectionListType 356 357class EntropyType(GeneratedsSuper): 358 """Specifies the result of an entropy computation.""" 359 360 subclass = None 361 superclass = None 362 def __init__(self, Value=None, Min=None, Max=None): 363 self.Value = Value 364 self.Min = Min 365 self.Max = Max 366 def factory(*args_, **kwargs_): 367 if EntropyType.subclass: 368 return EntropyType.subclass(*args_, **kwargs_) 369 else: 370 return EntropyType(*args_, **kwargs_) 371 factory = staticmethod(factory) 372 def get_Value(self): return self.Value 373 def set_Value(self, Value): self.Value = Value 374 def validate_FloatObjectPropertyType(self, value): 375 # Validate type cybox_common.FloatObjectPropertyType, a restriction on None. 376 pass 377 def get_Min(self): return self.Min 378 def set_Min(self, Min): self.Min = Min 379 def get_Max(self): return self.Max 380 def set_Max(self, Max): self.Max = Max 381 def hasContent_(self): 382 if ( 383 self.Value is not None or 384 self.Min is not None or 385 self.Max is not None 386 ): 387 return True 388 else: 389 return False 390 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='EntropyType', namespacedef_='', pretty_print=True): 391 if pretty_print: 392 eol_ = '\n' 393 else: 394 eol_ = '' 395 showIndent(lwrite, level, pretty_print) 396 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 397 already_processed = set() 398 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='EntropyType') 399 if self.hasContent_(): 400 lwrite('>%s' % (eol_, )) 401 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 402 showIndent(lwrite, level, pretty_print) 403 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 404 else: 405 lwrite('/>%s' % (eol_, )) 406 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='EntropyType'): 407 pass 408 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='EntropyType', fromsubclass_=False, pretty_print=True): 409 if pretty_print: 410 eol_ = '\n' 411 else: 412 eol_ = '' 413 if self.Value is not None: 414 self.Value.export(lwrite, level, 'WinExecutableFileObj:', name_='Value', pretty_print=pretty_print) 415 if self.Min is not None: 416 self.Min.export(lwrite, level, 'WinExecutableFileObj:', name_='Min', pretty_print=pretty_print) 417 if self.Max is not None: 418 self.Max.export(lwrite, level, 'WinExecutableFileObj:', name_='Max', pretty_print=pretty_print) 419 def build(self, node): 420 self.__sourcenode__ = node 421 already_processed = set() 422 self.buildAttributes(node, node.attrib, already_processed) 423 for child in node: 424 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 425 self.buildChildren(child, node, nodeName_) 426 def buildAttributes(self, node, attrs, already_processed): 427 pass 428 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 429 if nodeName_ == 'Value': 430 obj_ = cybox_common.FloatObjectPropertyType.factory() 431 obj_.build(child_) 432 self.set_Value(obj_) 433 elif nodeName_ == 'Min': 434 obj_ = cybox_common.FloatObjectPropertyType.factory() 435 obj_.build(child_) 436 self.set_Min(obj_) 437 elif nodeName_ == 'Max': 438 obj_ = cybox_common.FloatObjectPropertyType.factory() 439 obj_.build(child_) 440 self.set_Max(obj_) 441# end class EntropyType 442 443class PEImportType(GeneratedsSuper): 444 """The PEImportType type is intended as container for the properties 445 relevant to PE binary imports.The delay_load field is a boolean 446 value that is intended to describe whether a PE binary import is 447 delay-load or not.The initially_visible field refers to whether 448 the import is initially visible, with regards to being initially 449 visible or hidden in relation to PE binary packing. A packed 450 binary will typically have few initially visible imports, and 451 thus it is necessary to make the distinction between those that 452 are visible initially or only after the binary is unpacked.""" 453 454 subclass = None 455 superclass = None 456 def __init__(self, initially_visible=None, delay_load=None, File_Name=None, Imported_Functions=None, Virtual_Address=None): 457 self.initially_visible = _cast(bool, initially_visible) 458 self.delay_load = _cast(bool, delay_load) 459 self.File_Name = File_Name 460 self.Imported_Functions = Imported_Functions 461 self.Virtual_Address = Virtual_Address 462 def factory(*args_, **kwargs_): 463 if PEImportType.subclass: 464 return PEImportType.subclass(*args_, **kwargs_) 465 else: 466 return PEImportType(*args_, **kwargs_) 467 factory = staticmethod(factory) 468 def get_File_Name(self): return self.File_Name 469 def set_File_Name(self, File_Name): self.File_Name = File_Name 470 def validate_StringObjectPropertyType(self, value): 471 # Validate type cybox_common.StringObjectPropertyType, a restriction on None. 472 pass 473 def get_Imported_Functions(self): return self.Imported_Functions 474 def set_Imported_Functions(self, Imported_Functions): self.Imported_Functions = Imported_Functions 475 def get_Virtual_Address(self): return self.Virtual_Address 476 def set_Virtual_Address(self, Virtual_Address): self.Virtual_Address = Virtual_Address 477 def validate_HexBinaryObjectPropertyType(self, value): 478 # Validate type cybox_common.HexBinaryObjectPropertyType, a restriction on None. 479 pass 480 def get_initially_visible(self): return self.initially_visible 481 def set_initially_visible(self, initially_visible): self.initially_visible = initially_visible 482 def get_delay_load(self): return self.delay_load 483 def set_delay_load(self, delay_load): self.delay_load = delay_load 484 def hasContent_(self): 485 if ( 486 self.File_Name is not None or 487 self.Imported_Functions is not None or 488 self.Virtual_Address is not None 489 ): 490 return True 491 else: 492 return False 493 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEImportType', namespacedef_='', pretty_print=True): 494 if pretty_print: 495 eol_ = '\n' 496 else: 497 eol_ = '' 498 showIndent(lwrite, level, pretty_print) 499 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 500 already_processed = set() 501 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEImportType') 502 if self.hasContent_(): 503 lwrite('>%s' % (eol_, )) 504 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 505 showIndent(lwrite, level, pretty_print) 506 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 507 else: 508 lwrite('/>%s' % (eol_, )) 509 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEImportType'): 510 if self.initially_visible is not None: 511 512 lwrite(' initially_visible="%s"' % self.gds_format_boolean(self.initially_visible, input_name='initially_visible')) 513 if self.delay_load is not None: 514 515 lwrite(' delay_load="%s"' % self.gds_format_boolean(self.delay_load, input_name='delay_load')) 516 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEImportType', fromsubclass_=False, pretty_print=True): 517 if pretty_print: 518 eol_ = '\n' 519 else: 520 eol_ = '' 521 if self.File_Name is not None: 522 self.File_Name.export(lwrite, level, 'WinExecutableFileObj:', name_='File_Name', pretty_print=pretty_print) 523 if self.Imported_Functions is not None: 524 self.Imported_Functions.export(lwrite, level, 'WinExecutableFileObj:', name_='Imported_Functions', pretty_print=pretty_print) 525 if self.Virtual_Address is not None: 526 self.Virtual_Address.export(lwrite, level, 'WinExecutableFileObj:', name_='Virtual_Address', pretty_print=pretty_print) 527 def build(self, node): 528 self.__sourcenode__ = node 529 already_processed = set() 530 self.buildAttributes(node, node.attrib, already_processed) 531 for child in node: 532 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 533 self.buildChildren(child, node, nodeName_) 534 def buildAttributes(self, node, attrs, already_processed): 535 value = find_attr_value_('initially_visible', node) 536 if value is not None: 537 538 if value in ('true', '1'): 539 self.initially_visible = True 540 elif value in ('false', '0'): 541 self.initially_visible = False 542 else: 543 raise_parse_error(node, 'Bad boolean attribute') 544 value = find_attr_value_('delay_load', node) 545 if value is not None: 546 547 if value in ('true', '1'): 548 self.delay_load = True 549 elif value in ('false', '0'): 550 self.delay_load = False 551 else: 552 raise_parse_error(node, 'Bad boolean attribute') 553 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 554 if nodeName_ == 'File_Name': 555 obj_ = cybox_common.StringObjectPropertyType.factory() 556 obj_.build(child_) 557 self.set_File_Name(obj_) 558 elif nodeName_ == 'Imported_Functions': 559 obj_ = PEImportedFunctionsType.factory() 560 obj_.build(child_) 561 self.set_Imported_Functions(obj_) 562 elif nodeName_ == 'Virtual_Address': 563 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 564 obj_.build(child_) 565 self.set_Virtual_Address(obj_) 566# end class PEImportType 567 568class PEImportedFunctionsType(GeneratedsSuper): 569 """A list of PE imported functions""" 570 571 subclass = None 572 superclass = None 573 def __init__(self, Imported_Function=None): 574 if Imported_Function is None: 575 self.Imported_Function = [] 576 else: 577 self.Imported_Function = Imported_Function 578 def factory(*args_, **kwargs_): 579 if PEImportedFunctionsType.subclass: 580 return PEImportedFunctionsType.subclass(*args_, **kwargs_) 581 else: 582 return PEImportedFunctionsType(*args_, **kwargs_) 583 factory = staticmethod(factory) 584 def get_Imported_Function(self): return self.Imported_Function 585 def set_Imported_Function(self, Imported_Function): self.Imported_Function = Imported_Function 586 def add_Imported_Function(self, value): self.Imported_Function.append(value) 587 def insert_Imported_Function(self, index, value): self.Imported_Function[index] = value 588 def hasContent_(self): 589 if ( 590 self.Imported_Function 591 ): 592 return True 593 else: 594 return False 595 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEImportedFunctionsType', namespacedef_='', pretty_print=True): 596 if pretty_print: 597 eol_ = '\n' 598 else: 599 eol_ = '' 600 showIndent(lwrite, level, pretty_print) 601 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 602 already_processed = set() 603 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEImportedFunctionsType') 604 if self.hasContent_(): 605 lwrite('>%s' % (eol_, )) 606 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 607 showIndent(lwrite, level, pretty_print) 608 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 609 else: 610 lwrite('/>%s' % (eol_, )) 611 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEImportedFunctionsType'): 612 pass 613 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEImportedFunctionsType', fromsubclass_=False, pretty_print=True): 614 if pretty_print: 615 eol_ = '\n' 616 else: 617 eol_ = '' 618 for Imported_Function_ in self.Imported_Function: 619 Imported_Function_.export(lwrite, level, 'WinExecutableFileObj:', name_='Imported_Function', pretty_print=pretty_print) 620 def build(self, node): 621 self.__sourcenode__ = node 622 already_processed = set() 623 self.buildAttributes(node, node.attrib, already_processed) 624 for child in node: 625 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 626 self.buildChildren(child, node, nodeName_) 627 def buildAttributes(self, node, attrs, already_processed): 628 pass 629 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 630 if nodeName_ == 'Imported_Function': 631 obj_ = PEImportedFunctionType.factory() 632 obj_.build(child_) 633 self.Imported_Function.append(obj_) 634# end class PEImportedFunctionsType 635 636class PEResourceContentType(cybox_common.BaseObjectPropertyType): 637 """The PEResourceContentType specifies PE resource types via a union of 638 the PEResourceTypeEnum type and the atomic xs:string type. Its 639 base type is the CybOX Core cybox_common.BaseObjectPropertyType, for 640 permitting complex (i.e. regular-expression based) 641 specifications.This attribute is optional and specifies the 642 expected type for the value of the specified property.""" 643 subclass = None 644 superclass = cybox_common.BaseObjectPropertyType 645 def __init__(self, obfuscation_algorithm_ref=None, refanging_transform_type=None, has_changed=None, delimiter='##comma##', pattern_type=None, datatype='string', refanging_transform=None, is_case_sensitive=True, bit_mask=None, appears_random=None, observed_encoding=None, defanging_algorithm_ref=None, is_obfuscated=None, regex_syntax=None, apply_condition='ANY', trend=None, idref=None, is_defanged=None, id=None, condition=None, valueOf_=None): 646 super(PEResourceContentType, self).__init__(obfuscation_algorithm_ref, refanging_transform_type, has_changed, delimiter, pattern_type, datatype, refanging_transform, is_case_sensitive, bit_mask, appears_random, observed_encoding, defanging_algorithm_ref, is_obfuscated, regex_syntax, apply_condition, trend, idref, is_defanged, id, condition, valueOf_) 647 self.datatype = _cast(None, datatype) 648 self.valueOf_ = valueOf_ 649 def factory(*args_, **kwargs_): 650 if PEResourceContentType.subclass: 651 return PEResourceContentType.subclass(*args_, **kwargs_) 652 else: 653 return PEResourceContentType(*args_, **kwargs_) 654 factory = staticmethod(factory) 655 def get_datatype(self): return self.datatype 656 def set_datatype(self, datatype): self.datatype = datatype 657 def get_valueOf_(self): return self.valueOf_ 658 def set_valueOf_(self, valueOf_): self.valueOf_ = valueOf_ 659 def hasContent_(self): 660 if ( 661 self.valueOf_ or 662 super(PEResourceContentType, self).hasContent_() 663 ): 664 return True 665 else: 666 return False 667 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEResourceContentType', namespacedef_='', pretty_print=True): 668 if pretty_print: 669 eol_ = '\n' 670 else: 671 eol_ = '' 672 showIndent(lwrite, level, pretty_print) 673 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 674 already_processed = set() 675 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEResourceContentType') 676 if self.hasContent_(): 677 lwrite('>') 678 lwrite(quote_xml(self.valueOf_)) 679 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 680 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 681 else: 682 lwrite('/>%s' % (eol_, )) 683 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEResourceContentType'): 684 super(PEResourceContentType, self).exportAttributes(lwrite, level, already_processed, namespace_, name_='PEResourceContentType') 685 if self.datatype is not None: 686 687 lwrite(' datatype=%s' % (quote_attrib(self.datatype), )) 688 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEResourceContentType', fromsubclass_=False, pretty_print=True): 689 super(PEResourceContentType, self).exportChildren(lwrite, level, 'WinExecutableFileObj:', name_, True, pretty_print=pretty_print) 690 pass 691 def build(self, node): 692 self.__sourcenode__ = node 693 already_processed = set() 694 self.buildAttributes(node, node.attrib, already_processed) 695 self.valueOf_ = get_all_text_(node) 696 for child in node: 697 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 698 self.buildChildren(child, node, nodeName_) 699 def buildAttributes(self, node, attrs, already_processed): 700 value = find_attr_value_('datatype', node) 701 if value is not None: 702 703 self.datatype = value 704 super(PEResourceContentType, self).buildAttributes(node, attrs, already_processed) 705 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 706 pass 707# end class PEResourceContentType 708 709class PEResourceType(GeneratedsSuper): 710 """The PEResourceType type is intended as container for the properties 711 relevant to PE binary resources.""" 712 713 subclass = None 714 superclass = None 715 def __init__(self, Type=None, Name=None, Size=None, Virtual_Address=None, Language=None, Sub_Language=None, Hashes=None, Data=None, extensiontype_=None): 716 self.Type = Type 717 self.Name = Name 718 self.Size = Size 719 self.Virtual_Address = Virtual_Address 720 self.Language = Language 721 self.Sub_Language = Sub_Language 722 self.Hashes = Hashes 723 self.Data = Data 724 self.extensiontype_ = extensiontype_ 725 def factory(*args_, **kwargs_): 726 if PEResourceType.subclass: 727 return PEResourceType.subclass(*args_, **kwargs_) 728 else: 729 return PEResourceType(*args_, **kwargs_) 730 factory = staticmethod(factory) 731 def get_Type(self): return self.Type 732 def set_Type(self, Type): self.Type = Type 733 def validate_PEResourceTypeEnum(self, value): 734 # Validate type PEResourceTypeEnum, a restriction on xs:string. 735 pass 736 def get_Name(self): return self.Name 737 def set_Name(self, Name): self.Name = Name 738 def get_Size(self): return self.Size 739 def set_Size(self, Size): self.Size = Size 740 def get_Virtual_Address(self): return self.Virtual_Address 741 def set_Virtual_Address(self, Virtual_Address): self.Virtual_Address = Virtual_Address 742 def get_Language(self): return self.Language 743 def set_Language(self, Language): self.Language = Language 744 def get_Sub_Language(self): return self.Sub_Language 745 def set_Sub_Language(self, Sub_Language): self.Sub_Language = Sub_Language 746 def validate_StringObjectPropertyType(self, value): 747 # Validate type cybox_common.StringObjectPropertyType, a restriction on None. 748 pass 749 def get_Hashes(self): return self.Hashes 750 def set_Hashes(self, Hashes): self.Hashes = Hashes 751 def get_Data(self): return self.Data 752 def set_Data(self, Data): self.Data = Data 753 def get_extensiontype_(self): return self.extensiontype_ 754 def set_extensiontype_(self, extensiontype_): self.extensiontype_ = extensiontype_ 755 def hasContent_(self): 756 if ( 757 self.Type is not None or 758 self.Name is not None or 759 self.Size is not None or 760 self.Virtual_Address is not None or 761 self.Language is not None or 762 self.Sub_Language is not None or 763 self.Hashes is not None or 764 self.Data is not None 765 ): 766 return True 767 else: 768 return False 769 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEResourceType', namespacedef_='', pretty_print=True): 770 if pretty_print: 771 eol_ = '\n' 772 else: 773 eol_ = '' 774 showIndent(lwrite, level, pretty_print) 775 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 776 already_processed = set() 777 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEResourceType') 778 if self.hasContent_(): 779 lwrite('>%s' % (eol_, )) 780 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 781 showIndent(lwrite, level, pretty_print) 782 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 783 else: 784 lwrite('/>%s' % (eol_, )) 785 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEResourceType'): 786 pass 787 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEResourceType', fromsubclass_=False, pretty_print=True): 788 if pretty_print: 789 eol_ = '\n' 790 else: 791 eol_ = '' 792 if self.Type is not None: 793 self.Type.export(lwrite, level, 'WinExecutableFileObj:', name_='Type', pretty_print=pretty_print) 794 if self.Name is not None: 795 self.Name.export(lwrite, level, 'WinExecutableFileObj:', name_='Name', pretty_print=pretty_print) 796 if self.Size is not None: 797 self.Size.export(lwrite, level, 'WinExecutableFileObj:', name_='Size', pretty_print=pretty_print) 798 if self.Virtual_Address is not None: 799 self.Virtual_Address.export(lwrite, level, 'WinExecutableFileObj:', name_='Virtual_Address', pretty_print=pretty_print) 800 if self.Language is not None: 801 self.Language.export(lwrite, level, 'WinExecutableFileObj:', name_='Language', pretty_print=pretty_print) 802 if self.Sub_Language is not None: 803 self.Sub_Language.export(lwrite, level, 'WinExecutableFileObj:', name_='Sub_Language', pretty_print=pretty_print) 804 if self.Hashes is not None: 805 self.Hashes.export(lwrite, level, 'WinExecutableFileObj:', name_='Hashes', pretty_print=pretty_print) 806 if self.Data is not None: 807 self.Data.export(lwrite, level, 'WinExecutableFileObj:', name_='Data', pretty_print=pretty_print) 808 def build(self, node): 809 self.__sourcenode__ = node 810 already_processed = set() 811 self.buildAttributes(node, node.attrib, already_processed) 812 for child in node: 813 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 814 self.buildChildren(child, node, nodeName_) 815 def buildAttributes(self, node, attrs, already_processed): 816 value = find_attr_value_('xsi:type', node) 817 if value is not None: 818 819 self.extensiontype_ = value 820 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 821 if nodeName_ == 'Type': 822 obj_ = PEResourceContentType.factory() 823 obj_.build(child_) 824 self.set_Type(obj_) 825 elif nodeName_ == 'Name': 826 obj_ = cybox_common.StringObjectPropertyType.factory() 827 obj_.build(child_) 828 self.set_Name(obj_) 829 elif nodeName_ == 'Size': 830 obj_ = cybox_common.PositiveIntegerObjectPropertyType.factory() 831 obj_.build(child_) 832 self.set_Size(obj_) 833 elif nodeName_ == 'Virtual_Address': 834 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 835 obj_.build(child_) 836 self.set_Virtual_Address(obj_) 837 elif nodeName_ == 'Language': 838 obj_ = cybox_common.StringObjectPropertyType.factory() 839 obj_.build(child_) 840 self.set_Language(obj_) 841 elif nodeName_ == 'Sub_Language': 842 obj_ = cybox_common.StringObjectPropertyType.factory() 843 obj_.build(child_) 844 self.set_Sub_Language(obj_) 845 elif nodeName_ == 'Hashes': 846 obj_ = cybox_common.HashListType.factory() 847 obj_.build(child_) 848 self.set_Hashes(obj_) 849 elif nodeName_ == 'Data': 850 obj_ = cybox_common.StringObjectPropertyType.factory() 851 obj_.build(child_) 852 self.set_Data(obj_) 853# end class PEResourceType 854 855class PEVersionInfoResourceType(PEResourceType): 856 """The PEVersionInfoResourceType characterizes the special VERSIONINFO 857 resource type. For more information please see: 858 http://msdn.microsoft.com/en- 859 us/library/windows/desktop/aa381058(v=vs.85).aspx""" 860 861 subclass = None 862 superclass = PEResourceType 863 864 xmlns = "http://cybox.mitre.org/objects#WinExecutableFileObject-2" 865 xmlns_prefix = "WinExecutableFileObj" 866 xml_type = "PEVersionInfoResourceType" 867 xsi_type = "%s:%s" % (xmlns_prefix, xml_type) 868 869 def __init__(self, Type=None, Name=None, Hashes=None, Comments=None, CompanyName=None, FileDescription=None, FileVersion=None, InternalName=None, LangID=None, LegalCopyright=None, LegalTrademarks=None, OriginalFilename=None, PrivateBuild=None, ProductName=None, ProductVersion=None, SpecialBuild=None): 870 super(PEVersionInfoResourceType, self).__init__(Type, Name, Hashes, ) 871 self.Comments = Comments 872 self.CompanyName = CompanyName 873 self.FileDescription = FileDescription 874 self.FileVersion = FileVersion 875 self.InternalName = InternalName 876 self.LangID = LangID 877 self.LegalCopyright = LegalCopyright 878 self.LegalTrademarks = LegalTrademarks 879 self.OriginalFilename = OriginalFilename 880 self.PrivateBuild = PrivateBuild 881 self.ProductName = ProductName 882 self.ProductVersion = ProductVersion 883 self.SpecialBuild = SpecialBuild 884 def factory(*args_, **kwargs_): 885 if PEVersionInfoResourceType.subclass: 886 return PEVersionInfoResourceType.subclass(*args_, **kwargs_) 887 else: 888 return PEVersionInfoResourceType(*args_, **kwargs_) 889 factory = staticmethod(factory) 890 def get_Comments(self): return self.Comments 891 def set_Comments(self, Comments): self.Comments = Comments 892 def validate_StringObjectPropertyType(self, value): 893 # Validate type cybox_common.StringObjectPropertyType, a restriction on None. 894 pass 895 def get_CompanyName(self): return self.CompanyName 896 def set_CompanyName(self, CompanyName): self.CompanyName = CompanyName 897 def get_FileDescription(self): return self.FileDescription 898 def set_FileDescription(self, FileDescription): self.FileDescription = FileDescription 899 def get_FileVersion(self): return self.FileVersion 900 def set_FileVersion(self, FileVersion): self.FileVersion = FileVersion 901 def get_InternalName(self): return self.InternalName 902 def set_InternalName(self, InternalName): self.InternalName = InternalName 903 def get_LangID(self): return self.LangID 904 def set_LangID(self, LangID): self.LangID = LangID 905 def get_LegalCopyright(self): return self.LegalCopyright 906 def set_LegalCopyright(self, LegalCopyright): self.LegalCopyright = LegalCopyright 907 def get_LegalTrademarks(self): return self.LegalTrademarks 908 def set_LegalTrademarks(self, LegalTrademarks): self.LegalTrademarks = LegalTrademarks 909 def get_OriginalFilename(self): return self.OriginalFilename 910 def set_OriginalFilename(self, OriginalFilename): self.OriginalFilename = OriginalFilename 911 def get_PrivateBuild(self): return self.PrivateBuild 912 def set_PrivateBuild(self, PrivateBuild): self.PrivateBuild = PrivateBuild 913 def get_ProductName(self): return self.ProductName 914 def set_ProductName(self, ProductName): self.ProductName = ProductName 915 def get_ProductVersion(self): return self.ProductVersion 916 def set_ProductVersion(self, ProductVersion): self.ProductVersion = ProductVersion 917 def get_SpecialBuild(self): return self.SpecialBuild 918 def set_SpecialBuild(self, SpecialBuild): self.SpecialBuild = SpecialBuild 919 def hasContent_(self): 920 if ( 921 self.Comments is not None or 922 self.CompanyName is not None or 923 self.FileDescription is not None or 924 self.FileVersion is not None or 925 self.InternalName is not None or 926 self.LangID is not None or 927 self.LegalCopyright is not None or 928 self.LegalTrademarks is not None or 929 self.OriginalFilename is not None or 930 self.PrivateBuild is not None or 931 self.ProductName is not None or 932 self.ProductVersion is not None or 933 self.SpecialBuild is not None or 934 super(PEVersionInfoResourceType, self).hasContent_() 935 ): 936 return True 937 else: 938 return False 939 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEVersionInfoResourceType', namespacedef_='', pretty_print=True): 940 if pretty_print: 941 eol_ = '\n' 942 else: 943 eol_ = '' 944 showIndent(lwrite, level, pretty_print) 945 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 946 already_processed = set() 947 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEVersionInfoResourceType') 948 if self.hasContent_(): 949 lwrite('>%s' % (eol_, )) 950 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 951 showIndent(lwrite, level, pretty_print) 952 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 953 else: 954 lwrite('/>%s' % (eol_, )) 955 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEVersionInfoResourceType'): 956 super(PEVersionInfoResourceType, self).exportAttributes(lwrite, level, already_processed, namespace_, name_='PEVersionInfoResourceType') 957 if 'xsi:type' not in already_processed: 958 already_processed.add('xsi:type') 959 lwrite(" xsi:type='%s'" % self.xsi_type) 960 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEVersionInfoResourceType', fromsubclass_=False, pretty_print=True): 961 super(PEVersionInfoResourceType, self).exportChildren(lwrite, level, 'WinExecutableFileObj:', name_, True, pretty_print=pretty_print) 962 if pretty_print: 963 eol_ = '\n' 964 else: 965 eol_ = '' 966 if self.Comments is not None: 967 self.Comments.export(lwrite, level, 'WinExecutableFileObj:', name_='Comments', pretty_print=pretty_print) 968 if self.CompanyName is not None: 969 self.CompanyName.export(lwrite, level, 'WinExecutableFileObj:', name_='CompanyName', pretty_print=pretty_print) 970 if self.FileDescription is not None: 971 self.FileDescription.export(lwrite, level, 'WinExecutableFileObj:', name_='FileDescription', pretty_print=pretty_print) 972 if self.FileVersion is not None: 973 self.FileVersion.export(lwrite, level, 'WinExecutableFileObj:', name_='FileVersion', pretty_print=pretty_print) 974 if self.InternalName is not None: 975 self.InternalName.export(lwrite, level, 'WinExecutableFileObj:', name_='InternalName', pretty_print=pretty_print) 976 if self.LangID is not None: 977 self.LangID.export(lwrite, level, 'WinExecutableFileObj:', name_='LangID', pretty_print=pretty_print) 978 if self.LegalCopyright is not None: 979 self.LegalCopyright.export(lwrite, level, 'WinExecutableFileObj:', name_='LegalCopyright', pretty_print=pretty_print) 980 if self.LegalTrademarks is not None: 981 self.LegalTrademarks.export(lwrite, level, 'WinExecutableFileObj:', name_='LegalTrademarks', pretty_print=pretty_print) 982 if self.OriginalFilename is not None: 983 self.OriginalFilename.export(lwrite, level, 'WinExecutableFileObj:', name_='OriginalFilename', pretty_print=pretty_print) 984 if self.PrivateBuild is not None: 985 self.PrivateBuild.export(lwrite, level, 'WinExecutableFileObj:', name_='PrivateBuild', pretty_print=pretty_print) 986 if self.ProductName is not None: 987 self.ProductName.export(lwrite, level, 'WinExecutableFileObj:', name_='ProductName', pretty_print=pretty_print) 988 if self.ProductVersion is not None: 989 self.ProductVersion.export(lwrite, level, 'WinExecutableFileObj:', name_='ProductVersion', pretty_print=pretty_print) 990 if self.SpecialBuild is not None: 991 self.SpecialBuild.export(lwrite, level, 'WinExecutableFileObj:', name_='SpecialBuild', pretty_print=pretty_print) 992 def build(self, node): 993 self.__sourcenode__ = node 994 already_processed = set() 995 self.buildAttributes(node, node.attrib, already_processed) 996 for child in node: 997 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 998 self.buildChildren(child, node, nodeName_) 999 def buildAttributes(self, node, attrs, already_processed): 1000 super(PEVersionInfoResourceType, self).buildAttributes(node, attrs, already_processed) 1001 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1002 if nodeName_ == 'Comments': 1003 obj_ = cybox_common.StringObjectPropertyType.factory() 1004 obj_.build(child_) 1005 self.set_Comments(obj_) 1006 elif nodeName_ == 'CompanyName': 1007 obj_ = cybox_common.StringObjectPropertyType.factory() 1008 obj_.build(child_) 1009 self.set_CompanyName(obj_) 1010 elif nodeName_ == 'FileDescription': 1011 obj_ = cybox_common.StringObjectPropertyType.factory() 1012 obj_.build(child_) 1013 self.set_FileDescription(obj_) 1014 elif nodeName_ == 'FileVersion': 1015 obj_ = cybox_common.StringObjectPropertyType.factory() 1016 obj_.build(child_) 1017 self.set_FileVersion(obj_) 1018 elif nodeName_ == 'InternalName': 1019 obj_ = cybox_common.StringObjectPropertyType.factory() 1020 obj_.build(child_) 1021 self.set_InternalName(obj_) 1022 elif nodeName_ == 'LangID': 1023 obj_ = cybox_common.StringObjectPropertyType.factory() 1024 obj_.build(child_) 1025 self.set_LangID(obj_) 1026 elif nodeName_ == 'LegalCopyright': 1027 obj_ = cybox_common.StringObjectPropertyType.factory() 1028 obj_.build(child_) 1029 self.set_LegalCopyright(obj_) 1030 elif nodeName_ == 'LegalTrademarks': 1031 obj_ = cybox_common.StringObjectPropertyType.factory() 1032 obj_.build(child_) 1033 self.set_LegalTrademarks(obj_) 1034 elif nodeName_ == 'OriginalFilename': 1035 obj_ = cybox_common.StringObjectPropertyType.factory() 1036 obj_.build(child_) 1037 self.set_OriginalFilename(obj_) 1038 elif nodeName_ == 'PrivateBuild': 1039 obj_ = cybox_common.StringObjectPropertyType.factory() 1040 obj_.build(child_) 1041 self.set_PrivateBuild(obj_) 1042 elif nodeName_ == 'ProductName': 1043 obj_ = cybox_common.StringObjectPropertyType.factory() 1044 obj_.build(child_) 1045 self.set_ProductName(obj_) 1046 elif nodeName_ == 'ProductVersion': 1047 obj_ = cybox_common.StringObjectPropertyType.factory() 1048 obj_.build(child_) 1049 self.set_ProductVersion(obj_) 1050 elif nodeName_ == 'SpecialBuild': 1051 obj_ = cybox_common.StringObjectPropertyType.factory() 1052 obj_.build(child_) 1053 self.set_SpecialBuild(obj_) 1054 super(PEVersionInfoResourceType, self).buildChildren(child_, node, nodeName_, True) 1055# end class PEVersionInfoResourceType 1056 1057class PEExportedFunctionType(GeneratedsSuper): 1058 """PEExportType sepcifies the type describing exported functions.""" 1059 1060 subclass = None 1061 superclass = None 1062 def __init__(self, Function_Name=None, Entry_Point=None, Ordinal=None): 1063 self.Function_Name = Function_Name 1064 self.Entry_Point = Entry_Point 1065 self.Ordinal = Ordinal 1066 def factory(*args_, **kwargs_): 1067 if PEExportedFunctionType.subclass: 1068 return PEExportedFunctionType.subclass(*args_, **kwargs_) 1069 else: 1070 return PEExportedFunctionType(*args_, **kwargs_) 1071 factory = staticmethod(factory) 1072 def get_Function_Name(self): return self.Function_Name 1073 def set_Function_Name(self, Function_Name): self.Function_Name = Function_Name 1074 def validate_StringObjectPropertyType(self, value): 1075 # Validate type cybox_common.StringObjectPropertyType, a restriction on None. 1076 pass 1077 def get_Entry_Point(self): return self.Entry_Point 1078 def set_Entry_Point(self, Entry_Point): self.Entry_Point = Entry_Point 1079 def validate_HexBinaryObjectPropertyType(self, value): 1080 # Validate type cybox_common.HexBinaryObjectPropertyType, a restriction on None. 1081 pass 1082 def get_Ordinal(self): return self.Ordinal 1083 def set_Ordinal(self, Ordinal): self.Ordinal = Ordinal 1084 def validate_NonNegativeIntegerObjectPropertyType(self, value): 1085 # Validate type cybox_common.NonNegativeIntegerObjectPropertyType, a restriction on None. 1086 pass 1087 def hasContent_(self): 1088 if ( 1089 self.Function_Name is not None or 1090 self.Entry_Point is not None or 1091 self.Ordinal is not None 1092 ): 1093 return True 1094 else: 1095 return False 1096 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEExportedFunctionType', namespacedef_='', pretty_print=True): 1097 if pretty_print: 1098 eol_ = '\n' 1099 else: 1100 eol_ = '' 1101 showIndent(lwrite, level, pretty_print) 1102 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1103 already_processed = set() 1104 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEExportedFunctionType') 1105 if self.hasContent_(): 1106 lwrite('>%s' % (eol_, )) 1107 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 1108 showIndent(lwrite, level, pretty_print) 1109 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 1110 else: 1111 lwrite('/>%s' % (eol_, )) 1112 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEExportedFunctionType'): 1113 pass 1114 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEExportedFunctionType', fromsubclass_=False, pretty_print=True): 1115 if pretty_print: 1116 eol_ = '\n' 1117 else: 1118 eol_ = '' 1119 if self.Function_Name is not None: 1120 self.Function_Name.export(lwrite, level, 'WinExecutableFileObj:', name_='Function_Name', pretty_print=pretty_print) 1121 if self.Entry_Point is not None: 1122 self.Entry_Point.export(lwrite, level, 'WinExecutableFileObj:', name_='Entry_Point', pretty_print=pretty_print) 1123 if self.Ordinal is not None: 1124 self.Ordinal.export(lwrite, level, 'WinExecutableFileObj:', name_='Ordinal', pretty_print=pretty_print) 1125 def build(self, node): 1126 self.__sourcenode__ = node 1127 already_processed = set() 1128 self.buildAttributes(node, node.attrib, already_processed) 1129 for child in node: 1130 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1131 self.buildChildren(child, node, nodeName_) 1132 def buildAttributes(self, node, attrs, already_processed): 1133 pass 1134 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1135 if nodeName_ == 'Function_Name': 1136 obj_ = cybox_common.StringObjectPropertyType.factory() 1137 obj_.build(child_) 1138 self.set_Function_Name(obj_) 1139 elif nodeName_ == 'Entry_Point': 1140 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1141 obj_.build(child_) 1142 self.set_Entry_Point(obj_) 1143 elif nodeName_ == 'Ordinal': 1144 obj_ = cybox_common.NonNegativeIntegerObjectPropertyType.factory() 1145 obj_.build(child_) 1146 self.set_Ordinal(obj_) 1147# end class PEExportedFunctionType 1148 1149class PEResourceListType(GeneratedsSuper): 1150 """PEResourceListType specifies a list of resources found in the PE 1151 file.""" 1152 1153 subclass = None 1154 superclass = None 1155 def __init__(self, Resource=None): 1156 if Resource is None: 1157 self.Resource = [] 1158 else: 1159 self.Resource = Resource 1160 def factory(*args_, **kwargs_): 1161 if PEResourceListType.subclass: 1162 return PEResourceListType.subclass(*args_, **kwargs_) 1163 else: 1164 return PEResourceListType(*args_, **kwargs_) 1165 factory = staticmethod(factory) 1166 def get_Resource(self): return self.Resource 1167 def set_Resource(self, Resource): self.Resource = Resource 1168 def add_Resource(self, value): self.Resource.append(value) 1169 def insert_Resource(self, index, value): self.Resource[index] = value 1170 def hasContent_(self): 1171 if ( 1172 self.Resource 1173 ): 1174 return True 1175 else: 1176 return False 1177 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEResourceListType', namespacedef_='', pretty_print=True): 1178 if pretty_print: 1179 eol_ = '\n' 1180 else: 1181 eol_ = '' 1182 showIndent(lwrite, level, pretty_print) 1183 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1184 already_processed = set() 1185 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEResourceListType') 1186 if self.hasContent_(): 1187 lwrite('>%s' % (eol_, )) 1188 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 1189 showIndent(lwrite, level, pretty_print) 1190 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 1191 else: 1192 lwrite('/>%s' % (eol_, )) 1193 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEResourceListType'): 1194 pass 1195 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEResourceListType', fromsubclass_=False, pretty_print=True): 1196 if pretty_print: 1197 eol_ = '\n' 1198 else: 1199 eol_ = '' 1200 for Resource_ in self.Resource: 1201 if isinstance(Resource_, PEVersionInfoResourceType): 1202 Resource_.export(lwrite, level, 'WinExecutableFileObj:', name_='VersionInfoResource', pretty_print=pretty_print) 1203 elif isinstance(Resource_, PEResourceType): 1204 Resource_.export(lwrite, level, 'WinExecutableFileObj:', name_='Resource', pretty_print=pretty_print) 1205 def build(self, node): 1206 self.__sourcenode__ = node 1207 already_processed = set() 1208 self.buildAttributes(node, node.attrib, already_processed) 1209 for child in node: 1210 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1211 self.buildChildren(child, node, nodeName_) 1212 def buildAttributes(self, node, attrs, already_processed): 1213 pass 1214 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1215 if nodeName_ == 'Resource': 1216 obj_ = PEResourceType.factory() 1217 obj_.build(child_) 1218 self.add_Resource(obj_) 1219 elif nodeName_ == 'VersionInfoResource': 1220 obj_ = PEVersionInfoResourceType.factory() 1221 obj_.build(child_) 1222 self.add_Resource(obj_) 1223# end class PEResourceListType 1224 1225class PEImportedFunctionType(GeneratedsSuper): 1226 """PEImportedFunctionType specifies the type describing imported 1227 functions.""" 1228 1229 subclass = None 1230 superclass = None 1231 def __init__(self, Function_Name=None, Hint=None, Ordinal=None, Bound=None, Virtual_Address=None): 1232 self.Function_Name = Function_Name 1233 self.Hint = Hint 1234 self.Ordinal = Ordinal 1235 self.Bound = Bound 1236 self.Virtual_Address = Virtual_Address 1237 def factory(*args_, **kwargs_): 1238 if PEImportedFunctionType.subclass: 1239 return PEImportedFunctionType.subclass(*args_, **kwargs_) 1240 else: 1241 return PEImportedFunctionType(*args_, **kwargs_) 1242 factory = staticmethod(factory) 1243 def get_Function_Name(self): return self.Function_Name 1244 def set_Function_Name(self, Function_Name): self.Function_Name = Function_Name 1245 def validate_StringObjectPropertyType(self, value): 1246 # Validate type cybox_common.StringObjectPropertyType, a restriction on None. 1247 pass 1248 def get_Hint(self): return self.Hint 1249 def set_Hint(self, Hint): self.Hint = Hint 1250 def validate_HexBinaryObjectPropertyType(self, value): 1251 # Validate type cybox_common.HexBinaryObjectPropertyType, a restriction on None. 1252 pass 1253 def get_Ordinal(self): return self.Ordinal 1254 def set_Ordinal(self, Ordinal): self.Ordinal = Ordinal 1255 def validate_NonNegativeIntegerObjectPropertyType(self, value): 1256 # Validate type cybox_common.NonNegativeIntegerObjectPropertyType, a restriction on None. 1257 pass 1258 def get_Bound(self): return self.Bound 1259 def set_Bound(self, Bound): self.Bound = Bound 1260 def get_Virtual_Address(self): return self.Virtual_Address 1261 def set_Virtual_Address(self, Virtual_Address): self.Virtual_Address = Virtual_Address 1262 def hasContent_(self): 1263 if ( 1264 self.Function_Name is not None or 1265 self.Hint is not None or 1266 self.Ordinal is not None or 1267 self.Bound is not None or 1268 self.Virtual_Address is not None 1269 ): 1270 return True 1271 else: 1272 return False 1273 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEImportedFunctionType', namespacedef_='', pretty_print=True): 1274 if pretty_print: 1275 eol_ = '\n' 1276 else: 1277 eol_ = '' 1278 showIndent(lwrite, level, pretty_print) 1279 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1280 already_processed = set() 1281 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEImportedFunctionType') 1282 if self.hasContent_(): 1283 lwrite('>%s' % (eol_, )) 1284 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 1285 showIndent(lwrite, level, pretty_print) 1286 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 1287 else: 1288 lwrite('/>%s' % (eol_, )) 1289 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEImportedFunctionType'): 1290 pass 1291 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEImportedFunctionType', fromsubclass_=False, pretty_print=True): 1292 if pretty_print: 1293 eol_ = '\n' 1294 else: 1295 eol_ = '' 1296 if self.Function_Name is not None: 1297 self.Function_Name.export(lwrite, level, 'WinExecutableFileObj:', name_='Function_Name', pretty_print=pretty_print) 1298 if self.Hint is not None: 1299 self.Hint.export(lwrite, level, 'WinExecutableFileObj:', name_='Hint', pretty_print=pretty_print) 1300 if self.Ordinal is not None: 1301 self.Ordinal.export(lwrite, level, 'WinExecutableFileObj:', name_='Ordinal', pretty_print=pretty_print) 1302 if self.Bound is not None: 1303 self.Bound.export(lwrite, level, 'WinExecutableFileObj:', name_='Bound', pretty_print=pretty_print) 1304 if self.Virtual_Address is not None: 1305 self.Virtual_Address.export(lwrite, level, 'WinExecutableFileObj:', name_='Virtual_Address', pretty_print=pretty_print) 1306 def build(self, node): 1307 self.__sourcenode__ = node 1308 already_processed = set() 1309 self.buildAttributes(node, node.attrib, already_processed) 1310 for child in node: 1311 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1312 self.buildChildren(child, node, nodeName_) 1313 def buildAttributes(self, node, attrs, already_processed): 1314 pass 1315 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1316 if nodeName_ == 'Function_Name': 1317 obj_ = cybox_common.StringObjectPropertyType.factory() 1318 obj_.build(child_) 1319 self.set_Function_Name(obj_) 1320 elif nodeName_ == 'Hint': 1321 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1322 obj_.build(child_) 1323 self.set_Hint(obj_) 1324 elif nodeName_ == 'Ordinal': 1325 obj_ = cybox_common.NonNegativeIntegerObjectPropertyType.factory() 1326 obj_.build(child_) 1327 self.set_Ordinal(obj_) 1328 elif nodeName_ == 'Bound': 1329 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1330 obj_.build(child_) 1331 self.set_Bound(obj_) 1332 elif nodeName_ == 'Virtual_Address': 1333 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1334 obj_.build(child_) 1335 self.set_Virtual_Address(obj_) 1336# end class PEImportedFunctionType 1337 1338class PEImportListType(GeneratedsSuper): 1339 """PEImportListType specifies a list of functions in an import data 1340 section.""" 1341 1342 subclass = None 1343 superclass = None 1344 def __init__(self, Import=None): 1345 if Import is None: 1346 self.Import = [] 1347 else: 1348 self.Import = Import 1349 def factory(*args_, **kwargs_): 1350 if PEImportListType.subclass: 1351 return PEImportListType.subclass(*args_, **kwargs_) 1352 else: 1353 return PEImportListType(*args_, **kwargs_) 1354 factory = staticmethod(factory) 1355 def get_Import(self): return self.Import 1356 def set_Import(self, Import): self.Import = Import 1357 def add_Import(self, value): self.Import.append(value) 1358 def insert_Import(self, index, value): self.Import[index] = value 1359 def hasContent_(self): 1360 if ( 1361 self.Import 1362 ): 1363 return True 1364 else: 1365 return False 1366 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEImportListType', namespacedef_='', pretty_print=True): 1367 if pretty_print: 1368 eol_ = '\n' 1369 else: 1370 eol_ = '' 1371 showIndent(lwrite, level, pretty_print) 1372 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1373 already_processed = set() 1374 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEImportListType') 1375 if self.hasContent_(): 1376 lwrite('>%s' % (eol_, )) 1377 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 1378 showIndent(lwrite, level, pretty_print) 1379 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 1380 else: 1381 lwrite('/>%s' % (eol_, )) 1382 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEImportListType'): 1383 pass 1384 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEImportListType', fromsubclass_=False, pretty_print=True): 1385 if pretty_print: 1386 eol_ = '\n' 1387 else: 1388 eol_ = '' 1389 for Import_ in self.Import: 1390 Import_.export(lwrite, level, 'WinExecutableFileObj:', name_='Import', pretty_print=pretty_print) 1391 def build(self, node): 1392 self.__sourcenode__ = node 1393 already_processed = set() 1394 self.buildAttributes(node, node.attrib, already_processed) 1395 for child in node: 1396 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1397 self.buildChildren(child, node, nodeName_) 1398 def buildAttributes(self, node, attrs, already_processed): 1399 pass 1400 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1401 if nodeName_ == 'Import': 1402 obj_ = PEImportType.factory() 1403 obj_.build(child_) 1404 self.Import.append(obj_) 1405# end class PEImportListType 1406 1407class PESectionType(GeneratedsSuper): 1408 """The PESectionType type is intended as container for the properties 1409 relevant to PE binary sections. A PE Section consists of a 1410 header and data. The PESectionType contains properties that 1411 describe the Section Header and metadata computed about the 1412 section (e.g., hashes, entropy).""" 1413 1414 subclass = None 1415 superclass = None 1416 def __init__(self, Section_Header=None, Data_Hashes=None, Entropy=None, Header_Hashes=None): 1417 self.Section_Header = Section_Header 1418 self.Data_Hashes = Data_Hashes 1419 self.Entropy = Entropy 1420 self.Header_Hashes = Header_Hashes 1421 def factory(*args_, **kwargs_): 1422 if PESectionType.subclass: 1423 return PESectionType.subclass(*args_, **kwargs_) 1424 else: 1425 return PESectionType(*args_, **kwargs_) 1426 factory = staticmethod(factory) 1427 def get_Section_Header(self): return self.Section_Header 1428 def set_Section_Header(self, Section_Header): self.Section_Header = Section_Header 1429 def get_Data_Hashes(self): return self.Data_Hashes 1430 def set_Data_Hashes(self, Data_Hashes): self.Data_Hashes = Data_Hashes 1431 def get_Entropy(self): return self.Entropy 1432 def set_Entropy(self, Entropy): self.Entropy = Entropy 1433 def get_Header_Hashes(self): return self.Header_Hashes 1434 def set_Header_Hashes(self, Header_Hashes): self.Header_Hashes = Header_Hashes 1435 def validate_SectionType(self, value): 1436 # Validate type SectionType, a restriction on None. 1437 pass 1438 def hasContent_(self): 1439 if ( 1440 self.Section_Header is not None or 1441 self.Data_Hashes is not None or 1442 self.Entropy is not None or 1443 self.Header_Hashes is not None 1444 ): 1445 return True 1446 else: 1447 return False 1448 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PESectionType', namespacedef_='', pretty_print=True): 1449 if pretty_print: 1450 eol_ = '\n' 1451 else: 1452 eol_ = '' 1453 showIndent(lwrite, level, pretty_print) 1454 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1455 already_processed = set() 1456 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PESectionType') 1457 if self.hasContent_(): 1458 lwrite('>%s' % (eol_, )) 1459 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 1460 showIndent(lwrite, level, pretty_print) 1461 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 1462 else: 1463 lwrite('/>%s' % (eol_, )) 1464 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PESectionType'): 1465 pass 1466 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PESectionType', fromsubclass_=False, pretty_print=True): 1467 if pretty_print: 1468 eol_ = '\n' 1469 else: 1470 eol_ = '' 1471 if self.Section_Header is not None: 1472 self.Section_Header.export(lwrite, level, 'WinExecutableFileObj:', name_='Section_Header', pretty_print=pretty_print) 1473 if self.Data_Hashes is not None: 1474 self.Data_Hashes.export(lwrite, level, 'WinExecutableFileObj:', name_='Data_Hashes', pretty_print=pretty_print) 1475 if self.Entropy is not None: 1476 self.Entropy.export(lwrite, level, 'WinExecutableFileObj:', name_='Entropy', pretty_print=pretty_print) 1477 if self.Header_Hashes is not None: 1478 self.Header_Hashes.export(lwrite, level, 'WinExecutableFileObj:', name_='Header_Hashes', pretty_print=pretty_print) 1479 def build(self, node): 1480 self.__sourcenode__ = node 1481 already_processed = set() 1482 self.buildAttributes(node, node.attrib, already_processed) 1483 for child in node: 1484 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1485 self.buildChildren(child, node, nodeName_) 1486 def buildAttributes(self, node, attrs, already_processed): 1487 pass 1488 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1489 if nodeName_ == 'Section_Header': 1490 obj_ = PESectionHeaderStructType.factory() 1491 obj_.build(child_) 1492 self.set_Section_Header(obj_) 1493 elif nodeName_ == 'Data_Hashes': 1494 obj_ = cybox_common.HashListType.factory() 1495 obj_.build(child_) 1496 self.set_Data_Hashes(obj_) 1497 elif nodeName_ == 'Entropy': 1498 obj_ = EntropyType.factory() 1499 obj_.build(child_) 1500 self.set_Entropy(obj_) 1501 elif nodeName_ == 'Header_Hashes': 1502 obj_ = cybox_common.HashListType.factory() 1503 obj_.build(child_) 1504 self.set_Header_Hashes(obj_) 1505# end class PESectionType 1506 1507class PEDataDirectoryStructType(GeneratedsSuper): 1508 """The PEDataDirectoryStruct type is intended as container for the 1509 properties relevant to a PE binary's data directory structure.""" 1510 1511 subclass = None 1512 superclass = None 1513 def __init__(self, Virtual_Address=None, Size=None): 1514 self.Virtual_Address = Virtual_Address 1515 self.Size = Size 1516 def factory(*args_, **kwargs_): 1517 if PEDataDirectoryStructType.subclass: 1518 return PEDataDirectoryStructType.subclass(*args_, **kwargs_) 1519 else: 1520 return PEDataDirectoryStructType(*args_, **kwargs_) 1521 factory = staticmethod(factory) 1522 def get_Virtual_Address(self): return self.Virtual_Address 1523 def set_Virtual_Address(self, Virtual_Address): self.Virtual_Address = Virtual_Address 1524 def validate_HexBinaryObjectPropertyType(self, value): 1525 # Validate type cybox_common.HexBinaryObjectPropertyType, a restriction on None. 1526 pass 1527 def get_Size(self): return self.Size 1528 def set_Size(self, Size): self.Size = Size 1529 def validate_NonNegativeIntegerObjectPropertyType(self, value): 1530 # Validate type cybox_common.NonNegativeIntegerObjectPropertyType, a restriction on None. 1531 pass 1532 def hasContent_(self): 1533 if ( 1534 self.Virtual_Address is not None or 1535 self.Size is not None 1536 ): 1537 return True 1538 else: 1539 return False 1540 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEDataDirectoryStructType', namespacedef_='', pretty_print=True): 1541 if pretty_print: 1542 eol_ = '\n' 1543 else: 1544 eol_ = '' 1545 showIndent(lwrite, level, pretty_print) 1546 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1547 already_processed = set() 1548 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEDataDirectoryStructType') 1549 if self.hasContent_(): 1550 lwrite('>%s' % (eol_, )) 1551 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 1552 showIndent(lwrite, level, pretty_print) 1553 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 1554 else: 1555 lwrite('/>%s' % (eol_, )) 1556 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEDataDirectoryStructType'): 1557 pass 1558 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEDataDirectoryStructType', fromsubclass_=False, pretty_print=True): 1559 if pretty_print: 1560 eol_ = '\n' 1561 else: 1562 eol_ = '' 1563 if self.Virtual_Address is not None: 1564 self.Virtual_Address.export(lwrite, level, 'WinExecutableFileObj:', name_='Virtual_Address', pretty_print=pretty_print) 1565 if self.Size is not None: 1566 self.Size.export(lwrite, level, 'WinExecutableFileObj:', name_='Size', pretty_print=pretty_print) 1567 def build(self, node): 1568 self.__sourcenode__ = node 1569 already_processed = set() 1570 self.buildAttributes(node, node.attrib, already_processed) 1571 for child in node: 1572 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1573 self.buildChildren(child, node, nodeName_) 1574 def buildAttributes(self, node, attrs, already_processed): 1575 pass 1576 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1577 if nodeName_ == 'Virtual_Address': 1578 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1579 obj_.build(child_) 1580 self.set_Virtual_Address(obj_) 1581 elif nodeName_ == 'Size': 1582 obj_ = cybox_common.NonNegativeIntegerObjectPropertyType.factory() 1583 obj_.build(child_) 1584 self.set_Size(obj_) 1585# end class PEDataDirectoryStructType 1586 1587class PESectionHeaderStructType(GeneratedsSuper): 1588 """The PESectionHeaderStruct type is intended as container for the 1589 properties relevant to a PE binary's section header structure.""" 1590 1591 subclass = None 1592 superclass = None 1593 def __init__(self, Name=None, Virtual_Size=None, Virtual_Address=None, Size_Of_Raw_Data=None, Pointer_To_Raw_Data=None, Pointer_To_Relocations=None, Pointer_To_Linenumbers=None, Number_Of_Relocations=None, Number_Of_Linenumbers=None, Characteristics=None): 1594 self.Name = Name 1595 self.Virtual_Size = Virtual_Size 1596 self.Virtual_Address = Virtual_Address 1597 self.Size_Of_Raw_Data = Size_Of_Raw_Data 1598 self.Pointer_To_Raw_Data = Pointer_To_Raw_Data 1599 self.Pointer_To_Relocations = Pointer_To_Relocations 1600 self.Pointer_To_Linenumbers = Pointer_To_Linenumbers 1601 self.Number_Of_Relocations = Number_Of_Relocations 1602 self.Number_Of_Linenumbers = Number_Of_Linenumbers 1603 self.Characteristics = Characteristics 1604 def factory(*args_, **kwargs_): 1605 if PESectionHeaderStructType.subclass: 1606 return PESectionHeaderStructType.subclass(*args_, **kwargs_) 1607 else: 1608 return PESectionHeaderStructType(*args_, **kwargs_) 1609 factory = staticmethod(factory) 1610 def get_Name(self): return self.Name 1611 def set_Name(self, Name): self.Name = Name 1612 def validate_StringObjectPropertyType(self, value): 1613 # Validate type cybox_common.StringObjectPropertyType, a restriction on None. 1614 pass 1615 def get_Virtual_Size(self): return self.Virtual_Size 1616 def set_Virtual_Size(self, Virtual_Size): self.Virtual_Size = Virtual_Size 1617 def validate_HexBinaryObjectPropertyType(self, value): 1618 # Validate type cybox_common.HexBinaryObjectPropertyType, a restriction on None. 1619 pass 1620 def get_Virtual_Address(self): return self.Virtual_Address 1621 def set_Virtual_Address(self, Virtual_Address): self.Virtual_Address = Virtual_Address 1622 def get_Size_Of_Raw_Data(self): return self.Size_Of_Raw_Data 1623 def set_Size_Of_Raw_Data(self, Size_Of_Raw_Data): self.Size_Of_Raw_Data = Size_Of_Raw_Data 1624 def get_Pointer_To_Raw_Data(self): return self.Pointer_To_Raw_Data 1625 def set_Pointer_To_Raw_Data(self, Pointer_To_Raw_Data): self.Pointer_To_Raw_Data = Pointer_To_Raw_Data 1626 def get_Pointer_To_Relocations(self): return self.Pointer_To_Relocations 1627 def set_Pointer_To_Relocations(self, Pointer_To_Relocations): self.Pointer_To_Relocations = Pointer_To_Relocations 1628 def get_Pointer_To_Linenumbers(self): return self.Pointer_To_Linenumbers 1629 def set_Pointer_To_Linenumbers(self, Pointer_To_Linenumbers): self.Pointer_To_Linenumbers = Pointer_To_Linenumbers 1630 def get_Number_Of_Relocations(self): return self.Number_Of_Relocations 1631 def set_Number_Of_Relocations(self, Number_Of_Relocations): self.Number_Of_Relocations = Number_Of_Relocations 1632 def validate_NonNegativeIntegerObjectPropertyType(self, value): 1633 # Validate type cybox_common.NonNegativeIntegerObjectPropertyType, a restriction on None. 1634 pass 1635 def get_Number_Of_Linenumbers(self): return self.Number_Of_Linenumbers 1636 def set_Number_Of_Linenumbers(self, Number_Of_Linenumbers): self.Number_Of_Linenumbers = Number_Of_Linenumbers 1637 def get_Characteristics(self): return self.Characteristics 1638 def set_Characteristics(self, Characteristics): self.Characteristics = Characteristics 1639 def hasContent_(self): 1640 if ( 1641 self.Name is not None or 1642 self.Virtual_Size is not None or 1643 self.Virtual_Address is not None or 1644 self.Size_Of_Raw_Data is not None or 1645 self.Pointer_To_Raw_Data is not None or 1646 self.Pointer_To_Relocations is not None or 1647 self.Pointer_To_Linenumbers is not None or 1648 self.Number_Of_Relocations is not None or 1649 self.Number_Of_Linenumbers is not None or 1650 self.Characteristics is not None 1651 ): 1652 return True 1653 else: 1654 return False 1655 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PESectionHeaderStructType', namespacedef_='', pretty_print=True): 1656 if pretty_print: 1657 eol_ = '\n' 1658 else: 1659 eol_ = '' 1660 showIndent(lwrite, level, pretty_print) 1661 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1662 already_processed = set() 1663 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PESectionHeaderStructType') 1664 if self.hasContent_(): 1665 lwrite('>%s' % (eol_, )) 1666 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 1667 showIndent(lwrite, level, pretty_print) 1668 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 1669 else: 1670 lwrite('/>%s' % (eol_, )) 1671 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PESectionHeaderStructType'): 1672 pass 1673 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PESectionHeaderStructType', fromsubclass_=False, pretty_print=True): 1674 if pretty_print: 1675 eol_ = '\n' 1676 else: 1677 eol_ = '' 1678 if self.Name is not None: 1679 self.Name.export(lwrite, level, 'WinExecutableFileObj:', name_='Name', pretty_print=pretty_print) 1680 if self.Virtual_Size is not None: 1681 self.Virtual_Size.export(lwrite, level, 'WinExecutableFileObj:', name_='Virtual_Size', pretty_print=pretty_print) 1682 if self.Virtual_Address is not None: 1683 self.Virtual_Address.export(lwrite, level, 'WinExecutableFileObj:', name_='Virtual_Address', pretty_print=pretty_print) 1684 if self.Size_Of_Raw_Data is not None: 1685 self.Size_Of_Raw_Data.export(lwrite, level, 'WinExecutableFileObj:', name_='Size_Of_Raw_Data', pretty_print=pretty_print) 1686 if self.Pointer_To_Raw_Data is not None: 1687 self.Pointer_To_Raw_Data.export(lwrite, level, 'WinExecutableFileObj:', name_='Pointer_To_Raw_Data', pretty_print=pretty_print) 1688 if self.Pointer_To_Relocations is not None: 1689 self.Pointer_To_Relocations.export(lwrite, level, 'WinExecutableFileObj:', name_='Pointer_To_Relocations', pretty_print=pretty_print) 1690 if self.Pointer_To_Linenumbers is not None: 1691 self.Pointer_To_Linenumbers.export(lwrite, level, 'WinExecutableFileObj:', name_='Pointer_To_Linenumbers', pretty_print=pretty_print) 1692 if self.Number_Of_Relocations is not None: 1693 self.Number_Of_Relocations.export(lwrite, level, 'WinExecutableFileObj:', name_='Number_Of_Relocations', pretty_print=pretty_print) 1694 if self.Number_Of_Linenumbers is not None: 1695 self.Number_Of_Linenumbers.export(lwrite, level, 'WinExecutableFileObj:', name_='Number_Of_Linenumbers', pretty_print=pretty_print) 1696 if self.Characteristics is not None: 1697 self.Characteristics.export(lwrite, level, 'WinExecutableFileObj:', name_='Characteristics', pretty_print=pretty_print) 1698 def build(self, node): 1699 self.__sourcenode__ = node 1700 already_processed = set() 1701 self.buildAttributes(node, node.attrib, already_processed) 1702 for child in node: 1703 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1704 self.buildChildren(child, node, nodeName_) 1705 def buildAttributes(self, node, attrs, already_processed): 1706 pass 1707 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1708 if nodeName_ == 'Name': 1709 obj_ = cybox_common.StringObjectPropertyType.factory() 1710 obj_.build(child_) 1711 self.set_Name(obj_) 1712 elif nodeName_ == 'Virtual_Size': 1713 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1714 obj_.build(child_) 1715 self.set_Virtual_Size(obj_) 1716 elif nodeName_ == 'Virtual_Address': 1717 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1718 obj_.build(child_) 1719 self.set_Virtual_Address(obj_) 1720 elif nodeName_ == 'Size_Of_Raw_Data': 1721 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1722 obj_.build(child_) 1723 self.set_Size_Of_Raw_Data(obj_) 1724 elif nodeName_ == 'Pointer_To_Raw_Data': 1725 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1726 obj_.build(child_) 1727 self.set_Pointer_To_Raw_Data(obj_) 1728 elif nodeName_ == 'Pointer_To_Relocations': 1729 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1730 obj_.build(child_) 1731 self.set_Pointer_To_Relocations(obj_) 1732 elif nodeName_ == 'Pointer_To_Linenumbers': 1733 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1734 obj_.build(child_) 1735 self.set_Pointer_To_Linenumbers(obj_) 1736 elif nodeName_ == 'Number_Of_Relocations': 1737 obj_ = cybox_common.NonNegativeIntegerObjectPropertyType.factory() 1738 obj_.build(child_) 1739 self.set_Number_Of_Relocations(obj_) 1740 elif nodeName_ == 'Number_Of_Linenumbers': 1741 obj_ = cybox_common.NonNegativeIntegerObjectPropertyType.factory() 1742 obj_.build(child_) 1743 self.set_Number_Of_Linenumbers(obj_) 1744 elif nodeName_ == 'Characteristics': 1745 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1746 obj_.build(child_) 1747 self.set_Characteristics(obj_) 1748# end class PESectionHeaderStructType 1749 1750class DOSHeaderType(GeneratedsSuper): 1751 """The DOSHeaderType type is a container for the characteristics of the 1752 _IMAGE_DOS_HEADER structure, which can be found in Winnt.h and 1753 pe.h. See http://www.csn.ul.ie/~caolan/pub/winresdump/winresdump 1754 /doc/pefile.html for more information about the winnt.h file, 1755 and http://www.tavi.co.uk/phobos/exeformat.html for even more 1756 clarification.""" 1757 1758 subclass = None 1759 superclass = None 1760 def __init__(self, e_magic=None, e_cblp=None, e_cp=None, e_crlc=None, e_cparhdr=None, e_minalloc=None, e_maxalloc=None, e_ss=None, e_sp=None, e_csum=None, e_ip=None, e_cs=None, e_lfarlc=None, e_ovro=None, reserved1=None, e_oemid=None, e_oeminfo=None, reserved2=None, e_lfanew=None, Hashes=None): 1761 self.e_magic = e_magic 1762 self.e_cblp = e_cblp 1763 self.e_cp = e_cp 1764 self.e_crlc = e_crlc 1765 self.e_cparhdr = e_cparhdr 1766 self.e_minalloc = e_minalloc 1767 self.e_maxalloc = e_maxalloc 1768 self.e_ss = e_ss 1769 self.e_sp = e_sp 1770 self.e_csum = e_csum 1771 self.e_ip = e_ip 1772 self.e_cs = e_cs 1773 self.e_lfarlc = e_lfarlc 1774 self.e_ovro = e_ovro 1775 if reserved1 is None: 1776 self.reserved1 = [] 1777 else: 1778 self.reserved1 = reserved1 1779 self.e_oemid = e_oemid 1780 self.e_oeminfo = e_oeminfo 1781 self.reserved2 = reserved2 1782 self.e_lfanew = e_lfanew 1783 self.Hashes = Hashes 1784 def factory(*args_, **kwargs_): 1785 if DOSHeaderType.subclass: 1786 return DOSHeaderType.subclass(*args_, **kwargs_) 1787 else: 1788 return DOSHeaderType(*args_, **kwargs_) 1789 factory = staticmethod(factory) 1790 def get_e_magic(self): return self.e_magic 1791 def set_e_magic(self, e_magic): self.e_magic = e_magic 1792 def validate_HexBinaryObjectPropertyType(self, value): 1793 # Validate type cybox_common.HexBinaryObjectPropertyType, a restriction on None. 1794 pass 1795 def get_e_cblp(self): return self.e_cblp 1796 def set_e_cblp(self, e_cblp): self.e_cblp = e_cblp 1797 def get_e_cp(self): return self.e_cp 1798 def set_e_cp(self, e_cp): self.e_cp = e_cp 1799 def get_e_crlc(self): return self.e_crlc 1800 def set_e_crlc(self, e_crlc): self.e_crlc = e_crlc 1801 def get_e_cparhdr(self): return self.e_cparhdr 1802 def set_e_cparhdr(self, e_cparhdr): self.e_cparhdr = e_cparhdr 1803 def get_e_minalloc(self): return self.e_minalloc 1804 def set_e_minalloc(self, e_minalloc): self.e_minalloc = e_minalloc 1805 def get_e_maxalloc(self): return self.e_maxalloc 1806 def set_e_maxalloc(self, e_maxalloc): self.e_maxalloc = e_maxalloc 1807 def get_e_ss(self): return self.e_ss 1808 def set_e_ss(self, e_ss): self.e_ss = e_ss 1809 def get_e_sp(self): return self.e_sp 1810 def set_e_sp(self, e_sp): self.e_sp = e_sp 1811 def get_e_csum(self): return self.e_csum 1812 def set_e_csum(self, e_csum): self.e_csum = e_csum 1813 def get_e_ip(self): return self.e_ip 1814 def set_e_ip(self, e_ip): self.e_ip = e_ip 1815 def get_e_cs(self): return self.e_cs 1816 def set_e_cs(self, e_cs): self.e_cs = e_cs 1817 def get_e_lfarlc(self): return self.e_lfarlc 1818 def set_e_lfarlc(self, e_lfarlc): self.e_lfarlc = e_lfarlc 1819 def get_e_ovro(self): return self.e_ovro 1820 def set_e_ovro(self, e_ovro): self.e_ovro = e_ovro 1821 def get_reserved1(self): return self.reserved1 1822 def set_reserved1(self, reserved1): self.reserved1 = reserved1 1823 def add_reserved1(self, value): self.reserved1.append(value) 1824 def insert_reserved1(self, index, value): self.reserved1[index] = value 1825 def get_e_oemid(self): return self.e_oemid 1826 def set_e_oemid(self, e_oemid): self.e_oemid = e_oemid 1827 def get_e_oeminfo(self): return self.e_oeminfo 1828 def set_e_oeminfo(self, e_oeminfo): self.e_oeminfo = e_oeminfo 1829 def get_reserved2(self): return self.reserved2 1830 def set_reserved2(self, reserved2): self.reserved2 = reserved2 1831 def get_e_lfanew(self): return self.e_lfanew 1832 def set_e_lfanew(self, e_lfanew): self.e_lfanew = e_lfanew 1833 def get_Hashes(self): return self.Hashes 1834 def set_Hashes(self, Hashes): self.Hashes = Hashes 1835 def hasContent_(self): 1836 if ( 1837 self.e_magic is not None or 1838 self.e_cblp is not None or 1839 self.e_cp is not None or 1840 self.e_crlc is not None or 1841 self.e_cparhdr is not None or 1842 self.e_minalloc is not None or 1843 self.e_maxalloc is not None or 1844 self.e_ss is not None or 1845 self.e_sp is not None or 1846 self.e_csum is not None or 1847 self.e_ip is not None or 1848 self.e_cs is not None or 1849 self.e_lfarlc is not None or 1850 self.e_ovro is not None or 1851 self.reserved1 or 1852 self.e_oemid is not None or 1853 self.e_oeminfo is not None or 1854 self.reserved2 is not None or 1855 self.e_lfanew is not None or 1856 self.Hashes is not None 1857 ): 1858 return True 1859 else: 1860 return False 1861 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='DOSHeaderType', namespacedef_='', pretty_print=True): 1862 if pretty_print: 1863 eol_ = '\n' 1864 else: 1865 eol_ = '' 1866 showIndent(lwrite, level, pretty_print) 1867 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1868 already_processed = set() 1869 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='DOSHeaderType') 1870 if self.hasContent_(): 1871 lwrite('>%s' % (eol_, )) 1872 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 1873 showIndent(lwrite, level, pretty_print) 1874 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 1875 else: 1876 lwrite('/>%s' % (eol_, )) 1877 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='DOSHeaderType'): 1878 pass 1879 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='DOSHeaderType', fromsubclass_=False, pretty_print=True): 1880 if pretty_print: 1881 eol_ = '\n' 1882 else: 1883 eol_ = '' 1884 if self.e_magic is not None: 1885 self.e_magic.export(lwrite, level, 'WinExecutableFileObj:', name_='e_magic', pretty_print=pretty_print) 1886 if self.e_cblp is not None: 1887 self.e_cblp.export(lwrite, level, 'WinExecutableFileObj:', name_='e_cblp', pretty_print=pretty_print) 1888 if self.e_cp is not None: 1889 self.e_cp.export(lwrite, level, 'WinExecutableFileObj:', name_='e_cp', pretty_print=pretty_print) 1890 if self.e_crlc is not None: 1891 self.e_crlc.export(lwrite, level, 'WinExecutableFileObj:', name_='e_crlc', pretty_print=pretty_print) 1892 if self.e_cparhdr is not None: 1893 self.e_cparhdr.export(lwrite, level, 'WinExecutableFileObj:', name_='e_cparhdr', pretty_print=pretty_print) 1894 if self.e_minalloc is not None: 1895 self.e_minalloc.export(lwrite, level, 'WinExecutableFileObj:', name_='e_minalloc', pretty_print=pretty_print) 1896 if self.e_maxalloc is not None: 1897 self.e_maxalloc.export(lwrite, level, 'WinExecutableFileObj:', name_='e_maxalloc', pretty_print=pretty_print) 1898 if self.e_ss is not None: 1899 self.e_ss.export(lwrite, level, 'WinExecutableFileObj:', name_='e_ss', pretty_print=pretty_print) 1900 if self.e_sp is not None: 1901 self.e_sp.export(lwrite, level, 'WinExecutableFileObj:', name_='e_sp', pretty_print=pretty_print) 1902 if self.e_csum is not None: 1903 self.e_csum.export(lwrite, level, 'WinExecutableFileObj:', name_='e_csum', pretty_print=pretty_print) 1904 if self.e_ip is not None: 1905 self.e_ip.export(lwrite, level, 'WinExecutableFileObj:', name_='e_ip', pretty_print=pretty_print) 1906 if self.e_cs is not None: 1907 self.e_cs.export(lwrite, level, 'WinExecutableFileObj:', name_='e_cs', pretty_print=pretty_print) 1908 if self.e_lfarlc is not None: 1909 self.e_lfarlc.export(lwrite, level, 'WinExecutableFileObj:', name_='e_lfarlc', pretty_print=pretty_print) 1910 if self.e_ovro is not None: 1911 self.e_ovro.export(lwrite, level, 'WinExecutableFileObj:', name_='e_ovro', pretty_print=pretty_print) 1912 for reserved1_ in self.reserved1: 1913 reserved1_.export(lwrite, level, 'WinExecutableFileObj:', name_='reserved1', pretty_print=pretty_print) 1914 if self.e_oemid is not None: 1915 self.e_oemid.export(lwrite, level, 'WinExecutableFileObj:', name_='e_oemid', pretty_print=pretty_print) 1916 if self.e_oeminfo is not None: 1917 self.e_oeminfo.export(lwrite, level, 'WinExecutableFileObj:', name_='e_oeminfo', pretty_print=pretty_print) 1918 if self.reserved2 is not None: 1919 self.reserved2.export(lwrite, level, 'WinExecutableFileObj:', name_='reserved2', pretty_print=pretty_print) 1920 if self.e_lfanew is not None: 1921 self.e_lfanew.export(lwrite, level, 'WinExecutableFileObj:', name_='e_lfanew', pretty_print=pretty_print) 1922 if self.Hashes is not None: 1923 self.Hashes.export(lwrite, level, 'WinExecutableFileObj:', name_='Hashes', pretty_print=pretty_print) 1924 def build(self, node): 1925 self.__sourcenode__ = node 1926 already_processed = set() 1927 self.buildAttributes(node, node.attrib, already_processed) 1928 for child in node: 1929 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1930 self.buildChildren(child, node, nodeName_) 1931 def buildAttributes(self, node, attrs, already_processed): 1932 pass 1933 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1934 if nodeName_ == 'e_magic': 1935 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1936 obj_.build(child_) 1937 self.set_e_magic(obj_) 1938 elif nodeName_ == 'e_cblp': 1939 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1940 obj_.build(child_) 1941 self.set_e_cblp(obj_) 1942 elif nodeName_ == 'e_cp': 1943 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1944 obj_.build(child_) 1945 self.set_e_cp(obj_) 1946 elif nodeName_ == 'e_crlc': 1947 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1948 obj_.build(child_) 1949 self.set_e_crlc(obj_) 1950 elif nodeName_ == 'e_cparhdr': 1951 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1952 obj_.build(child_) 1953 self.set_e_cparhdr(obj_) 1954 elif nodeName_ == 'e_minalloc': 1955 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1956 obj_.build(child_) 1957 self.set_e_minalloc(obj_) 1958 elif nodeName_ == 'e_maxalloc': 1959 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1960 obj_.build(child_) 1961 self.set_e_maxalloc(obj_) 1962 elif nodeName_ == 'e_ss': 1963 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1964 obj_.build(child_) 1965 self.set_e_ss(obj_) 1966 elif nodeName_ == 'e_sp': 1967 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1968 obj_.build(child_) 1969 self.set_e_sp(obj_) 1970 elif nodeName_ == 'e_csum': 1971 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1972 obj_.build(child_) 1973 self.set_e_csum(obj_) 1974 elif nodeName_ == 'e_ip': 1975 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1976 obj_.build(child_) 1977 self.set_e_ip(obj_) 1978 elif nodeName_ == 'e_cs': 1979 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1980 obj_.build(child_) 1981 self.set_e_cs(obj_) 1982 elif nodeName_ == 'e_lfarlc': 1983 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1984 obj_.build(child_) 1985 self.set_e_lfarlc(obj_) 1986 elif nodeName_ == 'e_ovro': 1987 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1988 obj_.build(child_) 1989 self.set_e_ovro(obj_) 1990 elif nodeName_ == 'reserved1': 1991 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1992 obj_.build(child_) 1993 self.reserved1.append(obj_) 1994 elif nodeName_ == 'e_oemid': 1995 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 1996 obj_.build(child_) 1997 self.set_e_oemid(obj_) 1998 elif nodeName_ == 'e_oeminfo': 1999 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2000 obj_.build(child_) 2001 self.set_e_oeminfo(obj_) 2002 elif nodeName_ == 'reserved2': 2003 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2004 obj_.build(child_) 2005 self.set_reserved2(obj_) 2006 elif nodeName_ == 'e_lfanew': 2007 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2008 obj_.build(child_) 2009 self.set_e_lfanew(obj_) 2010 elif nodeName_ == 'Hashes': 2011 obj_ = cybox_common.HashListType.factory() 2012 obj_.build(child_) 2013 self.set_Hashes(obj_) 2014# end class DOSHeaderType 2015 2016class PEHeadersType(GeneratedsSuper): 2017 """PEHeaderType specifies the headers found in PE and COFF files.""" 2018 2019 subclass = None 2020 superclass = None 2021 def __init__(self, DOS_Header=None, Signature=None, File_Header=None, Optional_Header=None, Entropy=None, Hashes=None): 2022 self.DOS_Header = DOS_Header 2023 self.Signature = Signature 2024 self.File_Header = File_Header 2025 self.Optional_Header = Optional_Header 2026 self.Entropy = Entropy 2027 self.Hashes = Hashes 2028 def factory(*args_, **kwargs_): 2029 if PEHeadersType.subclass: 2030 return PEHeadersType.subclass(*args_, **kwargs_) 2031 else: 2032 return PEHeadersType(*args_, **kwargs_) 2033 factory = staticmethod(factory) 2034 def get_DOS_Header(self): return self.DOS_Header 2035 def set_DOS_Header(self, DOS_Header): self.DOS_Header = DOS_Header 2036 def get_Signature(self): return self.Signature 2037 def set_Signature(self, Signature): self.Signature = Signature 2038 def validate_HexBinaryObjectPropertyType(self, value): 2039 # Validate type cybox_common.HexBinaryObjectPropertyType, a restriction on None. 2040 pass 2041 def get_File_Header(self): return self.File_Header 2042 def set_File_Header(self, File_Header): self.File_Header = File_Header 2043 def get_Optional_Header(self): return self.Optional_Header 2044 def set_Optional_Header(self, Optional_Header): self.Optional_Header = Optional_Header 2045 def get_Entropy(self): return self.Entropy 2046 def set_Entropy(self, Entropy): self.Entropy = Entropy 2047 def get_Hashes(self): return self.Hashes 2048 def set_Hashes(self, Hashes): self.Hashes = Hashes 2049 def hasContent_(self): 2050 if ( 2051 self.DOS_Header is not None or 2052 self.Signature is not None or 2053 self.File_Header is not None or 2054 self.Optional_Header is not None or 2055 self.Entropy is not None or 2056 self.Hashes is not None 2057 ): 2058 return True 2059 else: 2060 return False 2061 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEHeadersType', namespacedef_='', pretty_print=True): 2062 if pretty_print: 2063 eol_ = '\n' 2064 else: 2065 eol_ = '' 2066 showIndent(lwrite, level, pretty_print) 2067 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2068 already_processed = set() 2069 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEHeadersType') 2070 if self.hasContent_(): 2071 lwrite('>%s' % (eol_, )) 2072 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 2073 showIndent(lwrite, level, pretty_print) 2074 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 2075 else: 2076 lwrite('/>%s' % (eol_, )) 2077 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEHeadersType'): 2078 pass 2079 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEHeadersType', fromsubclass_=False, pretty_print=True): 2080 if pretty_print: 2081 eol_ = '\n' 2082 else: 2083 eol_ = '' 2084 if self.DOS_Header is not None: 2085 self.DOS_Header.export(lwrite, level, 'WinExecutableFileObj:', name_='DOS_Header', pretty_print=pretty_print) 2086 if self.Signature is not None: 2087 self.Signature.export(lwrite, level, 'WinExecutableFileObj:', name_='Signature', pretty_print=pretty_print) 2088 if self.File_Header is not None: 2089 self.File_Header.export(lwrite, level, 'WinExecutableFileObj:', name_='File_Header', pretty_print=pretty_print) 2090 if self.Optional_Header is not None: 2091 self.Optional_Header.export(lwrite, level, 'WinExecutableFileObj:', name_='Optional_Header', pretty_print=pretty_print) 2092 if self.Entropy is not None: 2093 self.Entropy.export(lwrite, level, 'WinExecutableFileObj:', name_='Entropy', pretty_print=pretty_print) 2094 if self.Hashes is not None: 2095 self.Hashes.export(lwrite, level, 'WinExecutableFileObj:', name_='Hashes', pretty_print=pretty_print) 2096 def build(self, node): 2097 self.__sourcenode__ = node 2098 already_processed = set() 2099 self.buildAttributes(node, node.attrib, already_processed) 2100 for child in node: 2101 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2102 self.buildChildren(child, node, nodeName_) 2103 def buildAttributes(self, node, attrs, already_processed): 2104 pass 2105 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2106 if nodeName_ == 'DOS_Header': 2107 obj_ = DOSHeaderType.factory() 2108 obj_.build(child_) 2109 self.set_DOS_Header(obj_) 2110 elif nodeName_ == 'Signature': 2111 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2112 obj_.build(child_) 2113 self.set_Signature(obj_) 2114 elif nodeName_ == 'File_Header': 2115 obj_ = PEFileHeaderType.factory() 2116 obj_.build(child_) 2117 self.set_File_Header(obj_) 2118 elif nodeName_ == 'Optional_Header': 2119 obj_ = PEOptionalHeaderType.factory() 2120 obj_.build(child_) 2121 self.set_Optional_Header(obj_) 2122 elif nodeName_ == 'Entropy': 2123 obj_ = EntropyType.factory() 2124 obj_.build(child_) 2125 self.set_Entropy(obj_) 2126 elif nodeName_ == 'Hashes': 2127 obj_ = cybox_common.HashListType.factory() 2128 obj_.build(child_) 2129 self.set_Hashes(obj_) 2130# end class PEHeadersType 2131 2132class PEFileHeaderType(GeneratedsSuper): 2133 """The PEFileHeaderType type refers to the PE file header (somtimes 2134 referred to as the COFF header) and its associated 2135 characteristics.""" 2136 2137 subclass = None 2138 superclass = None 2139 def __init__(self, Machine=None, Number_Of_Sections=None, Time_Date_Stamp=None, Pointer_To_Symbol_Table=None, Number_Of_Symbols=None, Size_Of_Optional_Header=None, Characteristics=None, Hashes=None): 2140 self.Machine = Machine 2141 self.Number_Of_Sections = Number_Of_Sections 2142 self.Time_Date_Stamp = Time_Date_Stamp 2143 self.Pointer_To_Symbol_Table = Pointer_To_Symbol_Table 2144 self.Number_Of_Symbols = Number_Of_Symbols 2145 self.Size_Of_Optional_Header = Size_Of_Optional_Header 2146 self.Characteristics = Characteristics 2147 self.Hashes = Hashes 2148 def factory(*args_, **kwargs_): 2149 if PEFileHeaderType.subclass: 2150 return PEFileHeaderType.subclass(*args_, **kwargs_) 2151 else: 2152 return PEFileHeaderType(*args_, **kwargs_) 2153 factory = staticmethod(factory) 2154 def get_Machine(self): return self.Machine 2155 def set_Machine(self, Machine): self.Machine = Machine 2156 def validate_HexBinaryObjectPropertyType(self, value): 2157 # Validate type cybox_common.HexBinaryObjectPropertyType, a restriction on None. 2158 pass 2159 def get_Number_Of_Sections(self): return self.Number_Of_Sections 2160 def set_Number_Of_Sections(self, Number_Of_Sections): self.Number_Of_Sections = Number_Of_Sections 2161 def validate_NonNegativeIntegerObjectPropertyType(self, value): 2162 # Validate type cybox_common.NonNegativeIntegerObjectPropertyType, a restriction on None. 2163 pass 2164 def get_Time_Date_Stamp(self): return self.Time_Date_Stamp 2165 def set_Time_Date_Stamp(self, Time_Date_Stamp): self.Time_Date_Stamp = Time_Date_Stamp 2166 def get_Pointer_To_Symbol_Table(self): return self.Pointer_To_Symbol_Table 2167 def set_Pointer_To_Symbol_Table(self, Pointer_To_Symbol_Table): self.Pointer_To_Symbol_Table = Pointer_To_Symbol_Table 2168 def get_Number_Of_Symbols(self): return self.Number_Of_Symbols 2169 def set_Number_Of_Symbols(self, Number_Of_Symbols): self.Number_Of_Symbols = Number_Of_Symbols 2170 def get_Size_Of_Optional_Header(self): return self.Size_Of_Optional_Header 2171 def set_Size_Of_Optional_Header(self, Size_Of_Optional_Header): self.Size_Of_Optional_Header = Size_Of_Optional_Header 2172 def get_Characteristics(self): return self.Characteristics 2173 def set_Characteristics(self, Characteristics): self.Characteristics = Characteristics 2174 def get_Hashes(self): return self.Hashes 2175 def set_Hashes(self, Hashes): self.Hashes = Hashes 2176 def hasContent_(self): 2177 if ( 2178 self.Machine is not None or 2179 self.Number_Of_Sections is not None or 2180 self.Time_Date_Stamp is not None or 2181 self.Pointer_To_Symbol_Table is not None or 2182 self.Number_Of_Symbols is not None or 2183 self.Size_Of_Optional_Header is not None or 2184 self.Characteristics is not None or 2185 self.Hashes is not None 2186 ): 2187 return True 2188 else: 2189 return False 2190 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEFileHeaderType', namespacedef_='', pretty_print=True): 2191 if pretty_print: 2192 eol_ = '\n' 2193 else: 2194 eol_ = '' 2195 showIndent(lwrite, level, pretty_print) 2196 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2197 already_processed = set() 2198 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEFileHeaderType') 2199 if self.hasContent_(): 2200 lwrite('>%s' % (eol_, )) 2201 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 2202 showIndent(lwrite, level, pretty_print) 2203 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 2204 else: 2205 lwrite('/>%s' % (eol_, )) 2206 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEFileHeaderType'): 2207 pass 2208 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEFileHeaderType', fromsubclass_=False, pretty_print=True): 2209 if pretty_print: 2210 eol_ = '\n' 2211 else: 2212 eol_ = '' 2213 if self.Machine is not None: 2214 self.Machine.export(lwrite, level, 'WinExecutableFileObj:', name_='Machine', pretty_print=pretty_print) 2215 if self.Number_Of_Sections is not None: 2216 self.Number_Of_Sections.export(lwrite, level, 'WinExecutableFileObj:', name_='Number_Of_Sections', pretty_print=pretty_print) 2217 if self.Time_Date_Stamp is not None: 2218 self.Time_Date_Stamp.export(lwrite, level, 'WinExecutableFileObj:', name_='Time_Date_Stamp', pretty_print=pretty_print) 2219 if self.Pointer_To_Symbol_Table is not None: 2220 self.Pointer_To_Symbol_Table.export(lwrite, level, 'WinExecutableFileObj:', name_='Pointer_To_Symbol_Table', pretty_print=pretty_print) 2221 if self.Number_Of_Symbols is not None: 2222 self.Number_Of_Symbols.export(lwrite, level, 'WinExecutableFileObj:', name_='Number_Of_Symbols', pretty_print=pretty_print) 2223 if self.Size_Of_Optional_Header is not None: 2224 self.Size_Of_Optional_Header.export(lwrite, level, 'WinExecutableFileObj:', name_='Size_Of_Optional_Header', pretty_print=pretty_print) 2225 if self.Characteristics is not None: 2226 self.Characteristics.export(lwrite, level, 'WinExecutableFileObj:', name_='Characteristics', pretty_print=pretty_print) 2227 if self.Hashes is not None: 2228 self.Hashes.export(lwrite, level, 'WinExecutableFileObj:', name_='Hashes', pretty_print=pretty_print) 2229 def build(self, node): 2230 self.__sourcenode__ = node 2231 already_processed = set() 2232 self.buildAttributes(node, node.attrib, already_processed) 2233 for child in node: 2234 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2235 self.buildChildren(child, node, nodeName_) 2236 def buildAttributes(self, node, attrs, already_processed): 2237 pass 2238 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2239 if nodeName_ == 'Machine': 2240 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2241 obj_.build(child_) 2242 self.set_Machine(obj_) 2243 elif nodeName_ == 'Number_Of_Sections': 2244 obj_ = cybox_common.NonNegativeIntegerObjectPropertyType.factory() 2245 obj_.build(child_) 2246 self.set_Number_Of_Sections(obj_) 2247 elif nodeName_ == 'Time_Date_Stamp': 2248 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2249 obj_.build(child_) 2250 self.set_Time_Date_Stamp(obj_) 2251 elif nodeName_ == 'Pointer_To_Symbol_Table': 2252 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2253 obj_.build(child_) 2254 self.set_Pointer_To_Symbol_Table(obj_) 2255 elif nodeName_ == 'Number_Of_Symbols': 2256 obj_ = cybox_common.NonNegativeIntegerObjectPropertyType.factory() 2257 obj_.build(child_) 2258 self.set_Number_Of_Symbols(obj_) 2259 elif nodeName_ == 'Size_Of_Optional_Header': 2260 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2261 obj_.build(child_) 2262 self.set_Size_Of_Optional_Header(obj_) 2263 elif nodeName_ == 'Characteristics': 2264 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2265 obj_.build(child_) 2266 self.set_Characteristics(obj_) 2267 elif nodeName_ == 'Hashes': 2268 obj_ = cybox_common.HashListType.factory() 2269 obj_.build(child_) 2270 self.set_Hashes(obj_) 2271# end class PEFileHeaderType 2272 2273class PEOptionalHeaderType(GeneratedsSuper): 2274 """The PEOptionalHeaderType type describes the PE Optional Header 2275 structure. Additional computed metadata, e.g., hashes of the 2276 header, are also included.""" 2277 2278 subclass = None 2279 superclass = None 2280 def __init__(self, Magic=None, Major_Linker_Version=None, Minor_Linker_Version=None, Size_Of_Code=None, Size_Of_Initialized_Data=None, Size_Of_Uninitialized_Data=None, Address_Of_Entry_Point=None, Base_Of_Code=None, Base_Of_Data=None, Image_Base=None, Section_Alignment=None, File_Alignment=None, Major_OS_Version=None, Minor_OS_Version=None, Major_Image_Version=None, Minor_Image_Version=None, Major_Subsystem_Version=None, Minor_Subsystem_Version=None, Win32_Version_Value=None, Size_Of_Image=None, Size_Of_Headers=None, Checksum=None, Subsystem=None, DLL_Characteristics=None, Size_Of_Stack_Reserve=None, Size_Of_Stack_Commit=None, Size_Of_Heap_Reserve=None, Size_Of_Heap_Commit=None, Loader_Flags=None, Number_Of_Rva_And_Sizes=None, Data_Directory=None, Hashes=None): 2281 self.Magic = Magic 2282 self.Major_Linker_Version = Major_Linker_Version 2283 self.Minor_Linker_Version = Minor_Linker_Version 2284 self.Size_Of_Code = Size_Of_Code 2285 self.Size_Of_Initialized_Data = Size_Of_Initialized_Data 2286 self.Size_Of_Uninitialized_Data = Size_Of_Uninitialized_Data 2287 self.Address_Of_Entry_Point = Address_Of_Entry_Point 2288 self.Base_Of_Code = Base_Of_Code 2289 self.Base_Of_Data = Base_Of_Data 2290 self.Image_Base = Image_Base 2291 self.Section_Alignment = Section_Alignment 2292 self.File_Alignment = File_Alignment 2293 self.Major_OS_Version = Major_OS_Version 2294 self.Minor_OS_Version = Minor_OS_Version 2295 self.Major_Image_Version = Major_Image_Version 2296 self.Minor_Image_Version = Minor_Image_Version 2297 self.Major_Subsystem_Version = Major_Subsystem_Version 2298 self.Minor_Subsystem_Version = Minor_Subsystem_Version 2299 self.Win32_Version_Value = Win32_Version_Value 2300 self.Size_Of_Image = Size_Of_Image 2301 self.Size_Of_Headers = Size_Of_Headers 2302 self.Checksum = Checksum 2303 self.Subsystem = Subsystem 2304 self.DLL_Characteristics = DLL_Characteristics 2305 self.Size_Of_Stack_Reserve = Size_Of_Stack_Reserve 2306 self.Size_Of_Stack_Commit = Size_Of_Stack_Commit 2307 self.Size_Of_Heap_Reserve = Size_Of_Heap_Reserve 2308 self.Size_Of_Heap_Commit = Size_Of_Heap_Commit 2309 self.Loader_Flags = Loader_Flags 2310 self.Number_Of_Rva_And_Sizes = Number_Of_Rva_And_Sizes 2311 self.Data_Directory = Data_Directory 2312 self.Hashes = Hashes 2313 def factory(*args_, **kwargs_): 2314 if PEOptionalHeaderType.subclass: 2315 return PEOptionalHeaderType.subclass(*args_, **kwargs_) 2316 else: 2317 return PEOptionalHeaderType(*args_, **kwargs_) 2318 factory = staticmethod(factory) 2319 def get_Magic(self): return self.Magic 2320 def set_Magic(self, Magic): self.Magic = Magic 2321 def validate_HexBinaryObjectPropertyType(self, value): 2322 # Validate type cybox_common.HexBinaryObjectPropertyType, a restriction on None. 2323 pass 2324 def get_Major_Linker_Version(self): return self.Major_Linker_Version 2325 def set_Major_Linker_Version(self, Major_Linker_Version): self.Major_Linker_Version = Major_Linker_Version 2326 def get_Minor_Linker_Version(self): return self.Minor_Linker_Version 2327 def set_Minor_Linker_Version(self, Minor_Linker_Version): self.Minor_Linker_Version = Minor_Linker_Version 2328 def get_Size_Of_Code(self): return self.Size_Of_Code 2329 def set_Size_Of_Code(self, Size_Of_Code): self.Size_Of_Code = Size_Of_Code 2330 def get_Size_Of_Initialized_Data(self): return self.Size_Of_Initialized_Data 2331 def set_Size_Of_Initialized_Data(self, Size_Of_Initialized_Data): self.Size_Of_Initialized_Data = Size_Of_Initialized_Data 2332 def get_Size_Of_Uninitialized_Data(self): return self.Size_Of_Uninitialized_Data 2333 def set_Size_Of_Uninitialized_Data(self, Size_Of_Uninitialized_Data): self.Size_Of_Uninitialized_Data = Size_Of_Uninitialized_Data 2334 def get_Address_Of_Entry_Point(self): return self.Address_Of_Entry_Point 2335 def set_Address_Of_Entry_Point(self, Address_Of_Entry_Point): self.Address_Of_Entry_Point = Address_Of_Entry_Point 2336 def get_Base_Of_Code(self): return self.Base_Of_Code 2337 def set_Base_Of_Code(self, Base_Of_Code): self.Base_Of_Code = Base_Of_Code 2338 def get_Base_Of_Data(self): return self.Base_Of_Data 2339 def set_Base_Of_Data(self, Base_Of_Data): self.Base_Of_Data = Base_Of_Data 2340 def get_Image_Base(self): return self.Image_Base 2341 def set_Image_Base(self, Image_Base): self.Image_Base = Image_Base 2342 def get_Section_Alignment(self): return self.Section_Alignment 2343 def set_Section_Alignment(self, Section_Alignment): self.Section_Alignment = Section_Alignment 2344 def get_File_Alignment(self): return self.File_Alignment 2345 def set_File_Alignment(self, File_Alignment): self.File_Alignment = File_Alignment 2346 def get_Major_OS_Version(self): return self.Major_OS_Version 2347 def set_Major_OS_Version(self, Major_OS_Version): self.Major_OS_Version = Major_OS_Version 2348 def get_Minor_OS_Version(self): return self.Minor_OS_Version 2349 def set_Minor_OS_Version(self, Minor_OS_Version): self.Minor_OS_Version = Minor_OS_Version 2350 def get_Major_Image_Version(self): return self.Major_Image_Version 2351 def set_Major_Image_Version(self, Major_Image_Version): self.Major_Image_Version = Major_Image_Version 2352 def get_Minor_Image_Version(self): return self.Minor_Image_Version 2353 def set_Minor_Image_Version(self, Minor_Image_Version): self.Minor_Image_Version = Minor_Image_Version 2354 def get_Major_Subsystem_Version(self): return self.Major_Subsystem_Version 2355 def set_Major_Subsystem_Version(self, Major_Subsystem_Version): self.Major_Subsystem_Version = Major_Subsystem_Version 2356 def get_Minor_Subsystem_Version(self): return self.Minor_Subsystem_Version 2357 def set_Minor_Subsystem_Version(self, Minor_Subsystem_Version): self.Minor_Subsystem_Version = Minor_Subsystem_Version 2358 def get_Win32_Version_Value(self): return self.Win32_Version_Value 2359 def set_Win32_Version_Value(self, Win32_Version_Value): self.Win32_Version_Value = Win32_Version_Value 2360 def get_Size_Of_Image(self): return self.Size_Of_Image 2361 def set_Size_Of_Image(self, Size_Of_Image): self.Size_Of_Image = Size_Of_Image 2362 def get_Size_Of_Headers(self): return self.Size_Of_Headers 2363 def set_Size_Of_Headers(self, Size_Of_Headers): self.Size_Of_Headers = Size_Of_Headers 2364 def get_Checksum(self): return self.Checksum 2365 def set_Checksum(self, Checksum): self.Checksum = Checksum 2366 def get_Subsystem(self): return self.Subsystem 2367 def set_Subsystem(self, Subsystem): self.Subsystem = Subsystem 2368 def get_DLL_Characteristics(self): return self.DLL_Characteristics 2369 def set_DLL_Characteristics(self, DLL_Characteristics): self.DLL_Characteristics = DLL_Characteristics 2370 def get_Size_Of_Stack_Reserve(self): return self.Size_Of_Stack_Reserve 2371 def set_Size_Of_Stack_Reserve(self, Size_Of_Stack_Reserve): self.Size_Of_Stack_Reserve = Size_Of_Stack_Reserve 2372 def get_Size_Of_Stack_Commit(self): return self.Size_Of_Stack_Commit 2373 def set_Size_Of_Stack_Commit(self, Size_Of_Stack_Commit): self.Size_Of_Stack_Commit = Size_Of_Stack_Commit 2374 def get_Size_Of_Heap_Reserve(self): return self.Size_Of_Heap_Reserve 2375 def set_Size_Of_Heap_Reserve(self, Size_Of_Heap_Reserve): self.Size_Of_Heap_Reserve = Size_Of_Heap_Reserve 2376 def get_Size_Of_Heap_Commit(self): return self.Size_Of_Heap_Commit 2377 def set_Size_Of_Heap_Commit(self, Size_Of_Heap_Commit): self.Size_Of_Heap_Commit = Size_Of_Heap_Commit 2378 def get_Loader_Flags(self): return self.Loader_Flags 2379 def set_Loader_Flags(self, Loader_Flags): self.Loader_Flags = Loader_Flags 2380 def get_Number_Of_Rva_And_Sizes(self): return self.Number_Of_Rva_And_Sizes 2381 def set_Number_Of_Rva_And_Sizes(self, Number_Of_Rva_And_Sizes): self.Number_Of_Rva_And_Sizes = Number_Of_Rva_And_Sizes 2382 def get_Data_Directory(self): return self.Data_Directory 2383 def set_Data_Directory(self, Data_Directory): self.Data_Directory = Data_Directory 2384 def get_Hashes(self): return self.Hashes 2385 def set_Hashes(self, Hashes): self.Hashes = Hashes 2386 def hasContent_(self): 2387 if ( 2388 self.Magic is not None or 2389 self.Major_Linker_Version is not None or 2390 self.Minor_Linker_Version is not None or 2391 self.Size_Of_Code is not None or 2392 self.Size_Of_Initialized_Data is not None or 2393 self.Size_Of_Uninitialized_Data is not None or 2394 self.Address_Of_Entry_Point is not None or 2395 self.Base_Of_Code is not None or 2396 self.Base_Of_Data is not None or 2397 self.Image_Base is not None or 2398 self.Section_Alignment is not None or 2399 self.File_Alignment is not None or 2400 self.Major_OS_Version is not None or 2401 self.Minor_OS_Version is not None or 2402 self.Major_Image_Version is not None or 2403 self.Minor_Image_Version is not None or 2404 self.Major_Subsystem_Version is not None or 2405 self.Minor_Subsystem_Version is not None or 2406 self.Win32_Version_Value is not None or 2407 self.Size_Of_Image is not None or 2408 self.Size_Of_Headers is not None or 2409 self.Checksum is not None or 2410 self.Subsystem is not None or 2411 self.DLL_Characteristics is not None or 2412 self.Size_Of_Stack_Reserve is not None or 2413 self.Size_Of_Stack_Commit is not None or 2414 self.Size_Of_Heap_Reserve is not None or 2415 self.Size_Of_Heap_Commit is not None or 2416 self.Loader_Flags is not None or 2417 self.Number_Of_Rva_And_Sizes is not None or 2418 self.Data_Directory is not None or 2419 self.Hashes is not None 2420 ): 2421 return True 2422 else: 2423 return False 2424 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEOptionalHeaderType', namespacedef_='', pretty_print=True): 2425 if pretty_print: 2426 eol_ = '\n' 2427 else: 2428 eol_ = '' 2429 showIndent(lwrite, level, pretty_print) 2430 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2431 already_processed = set() 2432 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEOptionalHeaderType') 2433 if self.hasContent_(): 2434 lwrite('>%s' % (eol_, )) 2435 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 2436 showIndent(lwrite, level, pretty_print) 2437 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 2438 else: 2439 lwrite('/>%s' % (eol_, )) 2440 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEOptionalHeaderType'): 2441 pass 2442 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEOptionalHeaderType', fromsubclass_=False, pretty_print=True): 2443 if pretty_print: 2444 eol_ = '\n' 2445 else: 2446 eol_ = '' 2447 if self.Magic is not None: 2448 self.Magic.export(lwrite, level, 'WinExecutableFileObj:', name_='Magic', pretty_print=pretty_print) 2449 if self.Major_Linker_Version is not None: 2450 self.Major_Linker_Version.export(lwrite, level, 'WinExecutableFileObj:', name_='Major_Linker_Version', pretty_print=pretty_print) 2451 if self.Minor_Linker_Version is not None: 2452 self.Minor_Linker_Version.export(lwrite, level, 'WinExecutableFileObj:', name_='Minor_Linker_Version', pretty_print=pretty_print) 2453 if self.Size_Of_Code is not None: 2454 self.Size_Of_Code.export(lwrite, level, 'WinExecutableFileObj:', name_='Size_Of_Code', pretty_print=pretty_print) 2455 if self.Size_Of_Initialized_Data is not None: 2456 self.Size_Of_Initialized_Data.export(lwrite, level, 'WinExecutableFileObj:', name_='Size_Of_Initialized_Data', pretty_print=pretty_print) 2457 if self.Size_Of_Uninitialized_Data is not None: 2458 self.Size_Of_Uninitialized_Data.export(lwrite, level, 'WinExecutableFileObj:', name_='Size_Of_Uninitialized_Data', pretty_print=pretty_print) 2459 if self.Address_Of_Entry_Point is not None: 2460 self.Address_Of_Entry_Point.export(lwrite, level, 'WinExecutableFileObj:', name_='Address_Of_Entry_Point', pretty_print=pretty_print) 2461 if self.Base_Of_Code is not None: 2462 self.Base_Of_Code.export(lwrite, level, 'WinExecutableFileObj:', name_='Base_Of_Code', pretty_print=pretty_print) 2463 if self.Base_Of_Data is not None: 2464 self.Base_Of_Data.export(lwrite, level, 'WinExecutableFileObj:', name_='Base_Of_Data', pretty_print=pretty_print) 2465 if self.Image_Base is not None: 2466 self.Image_Base.export(lwrite, level, 'WinExecutableFileObj:', name_='Image_Base', pretty_print=pretty_print) 2467 if self.Section_Alignment is not None: 2468 self.Section_Alignment.export(lwrite, level, 'WinExecutableFileObj:', name_='Section_Alignment', pretty_print=pretty_print) 2469 if self.File_Alignment is not None: 2470 self.File_Alignment.export(lwrite, level, 'WinExecutableFileObj:', name_='File_Alignment', pretty_print=pretty_print) 2471 if self.Major_OS_Version is not None: 2472 self.Major_OS_Version.export(lwrite, level, 'WinExecutableFileObj:', name_='Major_OS_Version', pretty_print=pretty_print) 2473 if self.Minor_OS_Version is not None: 2474 self.Minor_OS_Version.export(lwrite, level, 'WinExecutableFileObj:', name_='Minor_OS_Version', pretty_print=pretty_print) 2475 if self.Major_Image_Version is not None: 2476 self.Major_Image_Version.export(lwrite, level, 'WinExecutableFileObj:', name_='Major_Image_Version', pretty_print=pretty_print) 2477 if self.Minor_Image_Version is not None: 2478 self.Minor_Image_Version.export(lwrite, level, 'WinExecutableFileObj:', name_='Minor_Image_Version', pretty_print=pretty_print) 2479 if self.Major_Subsystem_Version is not None: 2480 self.Major_Subsystem_Version.export(lwrite, level, 'WinExecutableFileObj:', name_='Major_Subsystem_Version', pretty_print=pretty_print) 2481 if self.Minor_Subsystem_Version is not None: 2482 self.Minor_Subsystem_Version.export(lwrite, level, 'WinExecutableFileObj:', name_='Minor_Subsystem_Version', pretty_print=pretty_print) 2483 if self.Win32_Version_Value is not None: 2484 self.Win32_Version_Value.export(lwrite, level, 'WinExecutableFileObj:', name_='Win32_Version_Value', pretty_print=pretty_print) 2485 if self.Size_Of_Image is not None: 2486 self.Size_Of_Image.export(lwrite, level, 'WinExecutableFileObj:', name_='Size_Of_Image', pretty_print=pretty_print) 2487 if self.Size_Of_Headers is not None: 2488 self.Size_Of_Headers.export(lwrite, level, 'WinExecutableFileObj:', name_='Size_Of_Headers', pretty_print=pretty_print) 2489 if self.Checksum is not None: 2490 self.Checksum.export(lwrite, level, 'WinExecutableFileObj:', name_='Checksum', pretty_print=pretty_print) 2491 if self.Subsystem is not None: 2492 self.Subsystem.export(lwrite, level, 'WinExecutableFileObj:', name_='Subsystem', pretty_print=pretty_print) 2493 if self.DLL_Characteristics is not None: 2494 self.DLL_Characteristics.export(lwrite, level, 'WinExecutableFileObj:', name_='DLL_Characteristics', pretty_print=pretty_print) 2495 if self.Size_Of_Stack_Reserve is not None: 2496 self.Size_Of_Stack_Reserve.export(lwrite, level, 'WinExecutableFileObj:', name_='Size_Of_Stack_Reserve', pretty_print=pretty_print) 2497 if self.Size_Of_Stack_Commit is not None: 2498 self.Size_Of_Stack_Commit.export(lwrite, level, 'WinExecutableFileObj:', name_='Size_Of_Stack_Commit', pretty_print=pretty_print) 2499 if self.Size_Of_Heap_Reserve is not None: 2500 self.Size_Of_Heap_Reserve.export(lwrite, level, 'WinExecutableFileObj:', name_='Size_Of_Heap_Reserve', pretty_print=pretty_print) 2501 if self.Size_Of_Heap_Commit is not None: 2502 self.Size_Of_Heap_Commit.export(lwrite, level, 'WinExecutableFileObj:', name_='Size_Of_Heap_Commit', pretty_print=pretty_print) 2503 if self.Loader_Flags is not None: 2504 self.Loader_Flags.export(lwrite, level, 'WinExecutableFileObj:', name_='Loader_Flags', pretty_print=pretty_print) 2505 if self.Number_Of_Rva_And_Sizes is not None: 2506 self.Number_Of_Rva_And_Sizes.export(lwrite, level, 'WinExecutableFileObj:', name_='Number_Of_Rva_And_Sizes', pretty_print=pretty_print) 2507 if self.Data_Directory is not None: 2508 self.Data_Directory.export(lwrite, level, 'WinExecutableFileObj:', name_='Data_Directory', pretty_print=pretty_print) 2509 if self.Hashes is not None: 2510 self.Hashes.export(lwrite, level, 'WinExecutableFileObj:', name_='Hashes', pretty_print=pretty_print) 2511 def build(self, node): 2512 self.__sourcenode__ = node 2513 already_processed = set() 2514 self.buildAttributes(node, node.attrib, already_processed) 2515 for child in node: 2516 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2517 self.buildChildren(child, node, nodeName_) 2518 def buildAttributes(self, node, attrs, already_processed): 2519 pass 2520 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2521 if nodeName_ == 'Magic': 2522 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2523 obj_.build(child_) 2524 self.set_Magic(obj_) 2525 elif nodeName_ == 'Major_Linker_Version': 2526 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2527 obj_.build(child_) 2528 self.set_Major_Linker_Version(obj_) 2529 elif nodeName_ == 'Minor_Linker_Version': 2530 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2531 obj_.build(child_) 2532 self.set_Minor_Linker_Version(obj_) 2533 elif nodeName_ == 'Size_Of_Code': 2534 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2535 obj_.build(child_) 2536 self.set_Size_Of_Code(obj_) 2537 elif nodeName_ == 'Size_Of_Initialized_Data': 2538 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2539 obj_.build(child_) 2540 self.set_Size_Of_Initialized_Data(obj_) 2541 elif nodeName_ == 'Size_Of_Uninitialized_Data': 2542 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2543 obj_.build(child_) 2544 self.set_Size_Of_Uninitialized_Data(obj_) 2545 elif nodeName_ == 'Address_Of_Entry_Point': 2546 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2547 obj_.build(child_) 2548 self.set_Address_Of_Entry_Point(obj_) 2549 elif nodeName_ == 'Base_Of_Code': 2550 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2551 obj_.build(child_) 2552 self.set_Base_Of_Code(obj_) 2553 elif nodeName_ == 'Base_Of_Data': 2554 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2555 obj_.build(child_) 2556 self.set_Base_Of_Data(obj_) 2557 elif nodeName_ == 'Image_Base': 2558 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2559 obj_.build(child_) 2560 self.set_Image_Base(obj_) 2561 elif nodeName_ == 'Section_Alignment': 2562 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2563 obj_.build(child_) 2564 self.set_Section_Alignment(obj_) 2565 elif nodeName_ == 'File_Alignment': 2566 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2567 obj_.build(child_) 2568 self.set_File_Alignment(obj_) 2569 elif nodeName_ == 'Major_OS_Version': 2570 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2571 obj_.build(child_) 2572 self.set_Major_OS_Version(obj_) 2573 elif nodeName_ == 'Minor_OS_Version': 2574 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2575 obj_.build(child_) 2576 self.set_Minor_OS_Version(obj_) 2577 elif nodeName_ == 'Major_Image_Version': 2578 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2579 obj_.build(child_) 2580 self.set_Major_Image_Version(obj_) 2581 elif nodeName_ == 'Minor_Image_Version': 2582 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2583 obj_.build(child_) 2584 self.set_Minor_Image_Version(obj_) 2585 elif nodeName_ == 'Major_Subsystem_Version': 2586 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2587 obj_.build(child_) 2588 self.set_Major_Subsystem_Version(obj_) 2589 elif nodeName_ == 'Minor_Subsystem_Version': 2590 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2591 obj_.build(child_) 2592 self.set_Minor_Subsystem_Version(obj_) 2593 elif nodeName_ == 'Win32_Version_Value': 2594 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2595 obj_.build(child_) 2596 self.set_Win32_Version_Value(obj_) 2597 elif nodeName_ == 'Size_Of_Image': 2598 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2599 obj_.build(child_) 2600 self.set_Size_Of_Image(obj_) 2601 elif nodeName_ == 'Size_Of_Headers': 2602 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2603 obj_.build(child_) 2604 self.set_Size_Of_Headers(obj_) 2605 elif nodeName_ == 'Checksum': 2606 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2607 obj_.build(child_) 2608 self.set_Checksum(obj_) 2609 elif nodeName_ == 'Subsystem': 2610 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2611 obj_.build(child_) 2612 self.set_Subsystem(obj_) 2613 elif nodeName_ == 'DLL_Characteristics': 2614 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2615 obj_.build(child_) 2616 self.set_DLL_Characteristics(obj_) 2617 elif nodeName_ == 'Size_Of_Stack_Reserve': 2618 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2619 obj_.build(child_) 2620 self.set_Size_Of_Stack_Reserve(obj_) 2621 elif nodeName_ == 'Size_Of_Stack_Commit': 2622 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2623 obj_.build(child_) 2624 self.set_Size_Of_Stack_Commit(obj_) 2625 elif nodeName_ == 'Size_Of_Heap_Reserve': 2626 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2627 obj_.build(child_) 2628 self.set_Size_Of_Heap_Reserve(obj_) 2629 elif nodeName_ == 'Size_Of_Heap_Commit': 2630 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2631 obj_.build(child_) 2632 self.set_Size_Of_Heap_Commit(obj_) 2633 elif nodeName_ == 'Loader_Flags': 2634 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2635 obj_.build(child_) 2636 self.set_Loader_Flags(obj_) 2637 elif nodeName_ == 'Number_Of_Rva_And_Sizes': 2638 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 2639 obj_.build(child_) 2640 self.set_Number_Of_Rva_And_Sizes(obj_) 2641 elif nodeName_ == 'Data_Directory': 2642 obj_ = DataDirectoryType.factory() 2643 obj_.build(child_) 2644 self.set_Data_Directory(obj_) 2645 elif nodeName_ == 'Hashes': 2646 obj_ = cybox_common.HashListType.factory() 2647 obj_.build(child_) 2648 self.set_Hashes(obj_) 2649# end class PEOptionalHeaderType 2650 2651class DataDirectoryType(GeneratedsSuper): 2652 """The DataDirectoryType specifies the data directories that can appear 2653 in the PE file's optional header. The data directories, except 2654 the Certificate Table, are loaded into memory so they can be 2655 used at runtime.""" 2656 2657 subclass = None 2658 superclass = None 2659 def __init__(self, Export_Table=None, Import_Table=None, Resource_Table=None, Exception_Table=None, Certificate_Table=None, Base_Relocation_Table=None, Debug=None, Architecture=None, Global_Ptr=None, TLS_Table=None, Load_Config_Table=None, Bound_Import=None, Import_Address_Table=None, Delay_Import_Descriptor=None, CLR_Runtime_Header=None, Reserved=None): 2660 self.Export_Table = Export_Table 2661 self.Import_Table = Import_Table 2662 self.Resource_Table = Resource_Table 2663 self.Exception_Table = Exception_Table 2664 self.Certificate_Table = Certificate_Table 2665 self.Base_Relocation_Table = Base_Relocation_Table 2666 self.Debug = Debug 2667 self.Architecture = Architecture 2668 self.Global_Ptr = Global_Ptr 2669 self.TLS_Table = TLS_Table 2670 self.Load_Config_Table = Load_Config_Table 2671 self.Bound_Import = Bound_Import 2672 self.Import_Address_Table = Import_Address_Table 2673 self.Delay_Import_Descriptor = Delay_Import_Descriptor 2674 self.CLR_Runtime_Header = CLR_Runtime_Header 2675 self.Reserved = Reserved 2676 def factory(*args_, **kwargs_): 2677 if DataDirectoryType.subclass: 2678 return DataDirectoryType.subclass(*args_, **kwargs_) 2679 else: 2680 return DataDirectoryType(*args_, **kwargs_) 2681 factory = staticmethod(factory) 2682 def get_Export_Table(self): return self.Export_Table 2683 def set_Export_Table(self, Export_Table): self.Export_Table = Export_Table 2684 def get_Import_Table(self): return self.Import_Table 2685 def set_Import_Table(self, Import_Table): self.Import_Table = Import_Table 2686 def get_Resource_Table(self): return self.Resource_Table 2687 def set_Resource_Table(self, Resource_Table): self.Resource_Table = Resource_Table 2688 def get_Exception_Table(self): return self.Exception_Table 2689 def set_Exception_Table(self, Exception_Table): self.Exception_Table = Exception_Table 2690 def get_Certificate_Table(self): return self.Certificate_Table 2691 def set_Certificate_Table(self, Certificate_Table): self.Certificate_Table = Certificate_Table 2692 def get_Base_Relocation_Table(self): return self.Base_Relocation_Table 2693 def set_Base_Relocation_Table(self, Base_Relocation_Table): self.Base_Relocation_Table = Base_Relocation_Table 2694 def get_Debug(self): return self.Debug 2695 def set_Debug(self, Debug): self.Debug = Debug 2696 def get_Architecture(self): return self.Architecture 2697 def set_Architecture(self, Architecture): self.Architecture = Architecture 2698 def get_Global_Ptr(self): return self.Global_Ptr 2699 def set_Global_Ptr(self, Global_Ptr): self.Global_Ptr = Global_Ptr 2700 def get_TLS_Table(self): return self.TLS_Table 2701 def set_TLS_Table(self, TLS_Table): self.TLS_Table = TLS_Table 2702 def get_Load_Config_Table(self): return self.Load_Config_Table 2703 def set_Load_Config_Table(self, Load_Config_Table): self.Load_Config_Table = Load_Config_Table 2704 def get_Bound_Import(self): return self.Bound_Import 2705 def set_Bound_Import(self, Bound_Import): self.Bound_Import = Bound_Import 2706 def get_Import_Address_Table(self): return self.Import_Address_Table 2707 def set_Import_Address_Table(self, Import_Address_Table): self.Import_Address_Table = Import_Address_Table 2708 def get_Delay_Import_Descriptor(self): return self.Delay_Import_Descriptor 2709 def set_Delay_Import_Descriptor(self, Delay_Import_Descriptor): self.Delay_Import_Descriptor = Delay_Import_Descriptor 2710 def get_CLR_Runtime_Header(self): return self.CLR_Runtime_Header 2711 def set_CLR_Runtime_Header(self, CLR_Runtime_Header): self.CLR_Runtime_Header = CLR_Runtime_Header 2712 def get_Reserved(self): return self.Reserved 2713 def set_Reserved(self, Reserved): self.Reserved = Reserved 2714 def hasContent_(self): 2715 if ( 2716 self.Export_Table is not None or 2717 self.Import_Table is not None or 2718 self.Resource_Table is not None or 2719 self.Exception_Table is not None or 2720 self.Certificate_Table is not None or 2721 self.Base_Relocation_Table is not None or 2722 self.Debug is not None or 2723 self.Architecture is not None or 2724 self.Global_Ptr is not None or 2725 self.TLS_Table is not None or 2726 self.Load_Config_Table is not None or 2727 self.Bound_Import is not None or 2728 self.Import_Address_Table is not None or 2729 self.Delay_Import_Descriptor is not None or 2730 self.CLR_Runtime_Header is not None or 2731 self.Reserved is not None 2732 ): 2733 return True 2734 else: 2735 return False 2736 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='DataDirectoryType', namespacedef_='', pretty_print=True): 2737 if pretty_print: 2738 eol_ = '\n' 2739 else: 2740 eol_ = '' 2741 showIndent(lwrite, level, pretty_print) 2742 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2743 already_processed = set() 2744 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='DataDirectoryType') 2745 if self.hasContent_(): 2746 lwrite('>%s' % (eol_, )) 2747 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 2748 showIndent(lwrite, level, pretty_print) 2749 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 2750 else: 2751 lwrite('/>%s' % (eol_, )) 2752 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='DataDirectoryType'): 2753 pass 2754 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='DataDirectoryType', fromsubclass_=False, pretty_print=True): 2755 if pretty_print: 2756 eol_ = '\n' 2757 else: 2758 eol_ = '' 2759 if self.Export_Table is not None: 2760 self.Export_Table.export(lwrite, level, 'WinExecutableFileObj:', name_='Export_Table', pretty_print=pretty_print) 2761 if self.Import_Table is not None: 2762 self.Import_Table.export(lwrite, level, 'WinExecutableFileObj:', name_='Import_Table', pretty_print=pretty_print) 2763 if self.Resource_Table is not None: 2764 self.Resource_Table.export(lwrite, level, 'WinExecutableFileObj:', name_='Resource_Table', pretty_print=pretty_print) 2765 if self.Exception_Table is not None: 2766 self.Exception_Table.export(lwrite, level, 'WinExecutableFileObj:', name_='Exception_Table', pretty_print=pretty_print) 2767 if self.Certificate_Table is not None: 2768 self.Certificate_Table.export(lwrite, level, 'WinExecutableFileObj:', name_='Certificate_Table', pretty_print=pretty_print) 2769 if self.Base_Relocation_Table is not None: 2770 self.Base_Relocation_Table.export(lwrite, level, 'WinExecutableFileObj:', name_='Base_Relocation_Table', pretty_print=pretty_print) 2771 if self.Debug is not None: 2772 self.Debug.export(lwrite, level, 'WinExecutableFileObj:', name_='Debug', pretty_print=pretty_print) 2773 if self.Architecture is not None: 2774 self.Architecture.export(lwrite, level, 'WinExecutableFileObj:', name_='Architecture', pretty_print=pretty_print) 2775 if self.Global_Ptr is not None: 2776 self.Global_Ptr.export(lwrite, level, 'WinExecutableFileObj:', name_='Global_Ptr', pretty_print=pretty_print) 2777 if self.TLS_Table is not None: 2778 self.TLS_Table.export(lwrite, level, 'WinExecutableFileObj:', name_='TLS_Table', pretty_print=pretty_print) 2779 if self.Load_Config_Table is not None: 2780 self.Load_Config_Table.export(lwrite, level, 'WinExecutableFileObj:', name_='Load_Config_Table', pretty_print=pretty_print) 2781 if self.Bound_Import is not None: 2782 self.Bound_Import.export(lwrite, level, 'WinExecutableFileObj:', name_='Bound_Import', pretty_print=pretty_print) 2783 if self.Import_Address_Table is not None: 2784 self.Import_Address_Table.export(lwrite, level, 'WinExecutableFileObj:', name_='Import_Address_Table', pretty_print=pretty_print) 2785 if self.Delay_Import_Descriptor is not None: 2786 self.Delay_Import_Descriptor.export(lwrite, level, 'WinExecutableFileObj:', name_='Delay_Import_Descriptor', pretty_print=pretty_print) 2787 if self.CLR_Runtime_Header is not None: 2788 self.CLR_Runtime_Header.export(lwrite, level, 'WinExecutableFileObj:', name_='CLR_Runtime_Header', pretty_print=pretty_print) 2789 if self.Reserved is not None: 2790 self.Reserved.export(lwrite, level, 'WinExecutableFileObj:', name_='Reserved', pretty_print=pretty_print) 2791 def build(self, node): 2792 self.__sourcenode__ = node 2793 already_processed = set() 2794 self.buildAttributes(node, node.attrib, already_processed) 2795 for child in node: 2796 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2797 self.buildChildren(child, node, nodeName_) 2798 def buildAttributes(self, node, attrs, already_processed): 2799 pass 2800 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2801 if nodeName_ == 'Export_Table': 2802 obj_ = PEDataDirectoryStructType.factory() 2803 obj_.build(child_) 2804 self.set_Export_Table(obj_) 2805 elif nodeName_ == 'Import_Table': 2806 obj_ = PEDataDirectoryStructType.factory() 2807 obj_.build(child_) 2808 self.set_Import_Table(obj_) 2809 elif nodeName_ == 'Resource_Table': 2810 obj_ = PEDataDirectoryStructType.factory() 2811 obj_.build(child_) 2812 self.set_Resource_Table(obj_) 2813 elif nodeName_ == 'Exception_Table': 2814 obj_ = PEDataDirectoryStructType.factory() 2815 obj_.build(child_) 2816 self.set_Exception_Table(obj_) 2817 elif nodeName_ == 'Certificate_Table': 2818 obj_ = PEDataDirectoryStructType.factory() 2819 obj_.build(child_) 2820 self.set_Certificate_Table(obj_) 2821 elif nodeName_ == 'Base_Relocation_Table': 2822 obj_ = PEDataDirectoryStructType.factory() 2823 obj_.build(child_) 2824 self.set_Base_Relocation_Table(obj_) 2825 elif nodeName_ == 'Debug': 2826 obj_ = PEDataDirectoryStructType.factory() 2827 obj_.build(child_) 2828 self.set_Debug(obj_) 2829 elif nodeName_ == 'Architecture': 2830 obj_ = PEDataDirectoryStructType.factory() 2831 obj_.build(child_) 2832 self.set_Architecture(obj_) 2833 elif nodeName_ == 'Global_Ptr': 2834 obj_ = PEDataDirectoryStructType.factory() 2835 obj_.build(child_) 2836 self.set_Global_Ptr(obj_) 2837 elif nodeName_ == 'TLS_Table': 2838 obj_ = PEDataDirectoryStructType.factory() 2839 obj_.build(child_) 2840 self.set_TLS_Table(obj_) 2841 elif nodeName_ == 'Load_Config_Table': 2842 obj_ = PEDataDirectoryStructType.factory() 2843 obj_.build(child_) 2844 self.set_Load_Config_Table(obj_) 2845 elif nodeName_ == 'Bound_Import': 2846 obj_ = PEDataDirectoryStructType.factory() 2847 obj_.build(child_) 2848 self.set_Bound_Import(obj_) 2849 elif nodeName_ == 'Import_Address_Table': 2850 obj_ = PEDataDirectoryStructType.factory() 2851 obj_.build(child_) 2852 self.set_Import_Address_Table(obj_) 2853 elif nodeName_ == 'Delay_Import_Descriptor': 2854 obj_ = PEDataDirectoryStructType.factory() 2855 obj_.build(child_) 2856 self.set_Delay_Import_Descriptor(obj_) 2857 elif nodeName_ == 'CLR_Runtime_Header': 2858 obj_ = PEDataDirectoryStructType.factory() 2859 obj_.build(child_) 2860 self.set_CLR_Runtime_Header(obj_) 2861 elif nodeName_ == 'Reserved': 2862 obj_ = PEDataDirectoryStructType.factory() 2863 obj_.build(child_) 2864 self.set_Reserved(obj_) 2865# end class DataDirectoryType 2866 2867class PEBuildInformationType(GeneratedsSuper): 2868 """The PEBuildInformationType captures information about the tools used 2869 to build the PE binary, including the compiler and linker.""" 2870 2871 subclass = None 2872 superclass = None 2873 def __init__(self, Linker_Name=None, Linker_Version=None, Compiler_Name=None, Compiler_Version=None): 2874 self.Linker_Name = Linker_Name 2875 self.Linker_Version = Linker_Version 2876 self.Compiler_Name = Compiler_Name 2877 self.Compiler_Version = Compiler_Version 2878 def factory(*args_, **kwargs_): 2879 if PEBuildInformationType.subclass: 2880 return PEBuildInformationType.subclass(*args_, **kwargs_) 2881 else: 2882 return PEBuildInformationType(*args_, **kwargs_) 2883 factory = staticmethod(factory) 2884 def get_Linker_Name(self): return self.Linker_Name 2885 def set_Linker_Name(self, Linker_Name): self.Linker_Name = Linker_Name 2886 def validate_StringObjectPropertyType(self, value): 2887 # Validate type cybox_common.StringObjectPropertyType, a restriction on None. 2888 pass 2889 def get_Linker_Version(self): return self.Linker_Version 2890 def set_Linker_Version(self, Linker_Version): self.Linker_Version = Linker_Version 2891 def get_Compiler_Name(self): return self.Compiler_Name 2892 def set_Compiler_Name(self, Compiler_Name): self.Compiler_Name = Compiler_Name 2893 def get_Compiler_Version(self): return self.Compiler_Version 2894 def set_Compiler_Version(self, Compiler_Version): self.Compiler_Version = Compiler_Version 2895 def hasContent_(self): 2896 if ( 2897 self.Linker_Name is not None or 2898 self.Linker_Version is not None or 2899 self.Compiler_Name is not None or 2900 self.Compiler_Version is not None 2901 ): 2902 return True 2903 else: 2904 return False 2905 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEBuildInformationType', namespacedef_='', pretty_print=True): 2906 if pretty_print: 2907 eol_ = '\n' 2908 else: 2909 eol_ = '' 2910 showIndent(lwrite, level, pretty_print) 2911 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2912 already_processed = set() 2913 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEBuildInformationType') 2914 if self.hasContent_(): 2915 lwrite('>%s' % (eol_, )) 2916 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 2917 showIndent(lwrite, level, pretty_print) 2918 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 2919 else: 2920 lwrite('/>%s' % (eol_, )) 2921 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEBuildInformationType'): 2922 pass 2923 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEBuildInformationType', fromsubclass_=False, pretty_print=True): 2924 if pretty_print: 2925 eol_ = '\n' 2926 else: 2927 eol_ = '' 2928 if self.Linker_Name is not None: 2929 self.Linker_Name.export(lwrite, level, 'WinExecutableFileObj:', name_='Linker_Name', pretty_print=pretty_print) 2930 if self.Linker_Version is not None: 2931 self.Linker_Version.export(lwrite, level, 'WinExecutableFileObj:', name_='Linker_Version', pretty_print=pretty_print) 2932 if self.Compiler_Name is not None: 2933 self.Compiler_Name.export(lwrite, level, 'WinExecutableFileObj:', name_='Compiler_Name', pretty_print=pretty_print) 2934 if self.Compiler_Version is not None: 2935 self.Compiler_Version.export(lwrite, level, 'WinExecutableFileObj:', name_='Compiler_Version', pretty_print=pretty_print) 2936 def build(self, node): 2937 self.__sourcenode__ = node 2938 already_processed = set() 2939 self.buildAttributes(node, node.attrib, already_processed) 2940 for child in node: 2941 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2942 self.buildChildren(child, node, nodeName_) 2943 def buildAttributes(self, node, attrs, already_processed): 2944 pass 2945 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2946 if nodeName_ == 'Linker_Name': 2947 obj_ = cybox_common.StringObjectPropertyType.factory() 2948 obj_.build(child_) 2949 self.set_Linker_Name(obj_) 2950 elif nodeName_ == 'Linker_Version': 2951 obj_ = cybox_common.StringObjectPropertyType.factory() 2952 obj_.build(child_) 2953 self.set_Linker_Version(obj_) 2954 elif nodeName_ == 'Compiler_Name': 2955 obj_ = cybox_common.StringObjectPropertyType.factory() 2956 obj_.build(child_) 2957 self.set_Compiler_Name(obj_) 2958 elif nodeName_ == 'Compiler_Version': 2959 obj_ = cybox_common.StringObjectPropertyType.factory() 2960 obj_.build(child_) 2961 self.set_Compiler_Version(obj_) 2962# end class PEBuildInformationType 2963 2964 2965 2966class PEType(cybox_common.BaseObjectPropertyType): 2967 """PEType specifies PE file types via a union of the PETypeEnum type 2968 and the atomic xs:string type. Its base type is the CybOX Core 2969 cybox_common.BaseObjectPropertyType, for permitting complex (i.e. regular- 2970 expression based) specifications.This attribute is optional and 2971 specifies the expected type for the value of the specified 2972 property.""" 2973 2974 subclass = None 2975 superclass = cybox_common.BaseObjectPropertyType 2976 def __init__(self, obfuscation_algorithm_ref=None, refanging_transform_type=None, has_changed=None, delimiter='##comma##', pattern_type=None, datatype='string', refanging_transform=None, is_case_sensitive=True, bit_mask=None, appears_random=None, observed_encoding=None, defanging_algorithm_ref=None, is_obfuscated=None, regex_syntax=None, apply_condition='ANY', trend=None, idref=None, is_defanged=None, id=None, condition=None, valueOf_=None): 2977 super(PEType, self).__init__(obfuscation_algorithm_ref, refanging_transform_type, has_changed, delimiter, pattern_type, datatype, refanging_transform, is_case_sensitive, bit_mask, appears_random, observed_encoding, defanging_algorithm_ref, is_obfuscated, regex_syntax, apply_condition, trend, idref, is_defanged, id, condition, valueOf_) 2978 self.datatype = _cast(None, datatype) 2979 self.valueOf_ = valueOf_ 2980 def factory(*args_, **kwargs_): 2981 if PEType.subclass: 2982 return PEType.subclass(*args_, **kwargs_) 2983 else: 2984 return PEType(*args_, **kwargs_) 2985 factory = staticmethod(factory) 2986 def get_datatype(self): return self.datatype 2987 def set_datatype(self, datatype): self.datatype = datatype 2988 def get_valueOf_(self): return self.valueOf_ 2989 def set_valueOf_(self, valueOf_): self.valueOf_ = valueOf_ 2990 def hasContent_(self): 2991 if ( 2992 self.valueOf_ or 2993 super(PEType, self).hasContent_() 2994 ): 2995 return True 2996 else: 2997 return False 2998 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEType', namespacedef_='', pretty_print=True): 2999 if pretty_print: 3000 eol_ = '\n' 3001 else: 3002 eol_ = '' 3003 showIndent(lwrite, level, pretty_print) 3004 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3005 already_processed = set() 3006 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='PEType') 3007 if self.hasContent_(): 3008 lwrite('>') 3009 lwrite(quote_xml(self.valueOf_)) 3010 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 3011 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 3012 else: 3013 lwrite('/>%s' % (eol_, )) 3014 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='PEType'): 3015 super(PEType, self).exportAttributes(lwrite, level, already_processed, namespace_, name_='PEType') 3016 if self.datatype is not None: 3017 3018 lwrite(' datatype=%s' % (quote_attrib(self.datatype), )) 3019 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='PEType', fromsubclass_=False, pretty_print=True): 3020 super(PEType, self).exportChildren(lwrite, level, 'WinExecutableFileObj:', name_, True, pretty_print=pretty_print) 3021 pass 3022 def build(self, node): 3023 self.__sourcenode__ = node 3024 already_processed = set() 3025 self.buildAttributes(node, node.attrib, already_processed) 3026 self.valueOf_ = get_all_text_(node) 3027 for child in node: 3028 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3029 self.buildChildren(child, node, nodeName_) 3030 def buildAttributes(self, node, attrs, already_processed): 3031 value = find_attr_value_('datatype', node) 3032 if value is not None: 3033 3034 self.datatype = value 3035 super(PEType, self).buildAttributes(node, attrs, already_processed) 3036 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3037 pass 3038# end class PEType 3039 3040class SubsystemType(cybox_common.BaseObjectPropertyType): 3041 """SubsystemTypes specifies subsystem types via a union of the 3042 SubsystemTypeEnum type and the atomic xs:string type. Its base 3043 type is the CybOX Core cybox_common.BaseObjectPropertyType, for permitting 3044 complex (i.e. regular-expression based) specifications.This 3045 attribute is optional and specifies the expected type for the 3046 value of the specified property.""" 3047 3048 subclass = None 3049 superclass = cybox_common.BaseObjectPropertyType 3050 def __init__(self, obfuscation_algorithm_ref=None, refanging_transform_type=None, has_changed=None, delimiter='##comma##', pattern_type=None, datatype='string', refanging_transform=None, is_case_sensitive=True, bit_mask=None, appears_random=None, observed_encoding=None, defanging_algorithm_ref=None, is_obfuscated=None, regex_syntax=None, apply_condition='ANY', trend=None, idref=None, is_defanged=None, id=None, condition=None, valueOf_=None): 3051 super(SubsystemType, self).__init__(obfuscation_algorithm_ref, refanging_transform_type, has_changed, delimiter, pattern_type, datatype, refanging_transform, is_case_sensitive, bit_mask, appears_random, observed_encoding, defanging_algorithm_ref, is_obfuscated, regex_syntax, apply_condition, trend, idref, is_defanged, id, condition, valueOf_) 3052 self.datatype = _cast(None, datatype) 3053 self.valueOf_ = valueOf_ 3054 def factory(*args_, **kwargs_): 3055 if SubsystemType.subclass: 3056 return SubsystemType.subclass(*args_, **kwargs_) 3057 else: 3058 return SubsystemType(*args_, **kwargs_) 3059 factory = staticmethod(factory) 3060 def get_datatype(self): return self.datatype 3061 def set_datatype(self, datatype): self.datatype = datatype 3062 def get_valueOf_(self): return self.valueOf_ 3063 def set_valueOf_(self, valueOf_): self.valueOf_ = valueOf_ 3064 def hasContent_(self): 3065 if ( 3066 self.valueOf_ or 3067 super(SubsystemType, self).hasContent_() 3068 ): 3069 return True 3070 else: 3071 return False 3072 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='SubsystemType', namespacedef_='', pretty_print=True): 3073 if pretty_print: 3074 eol_ = '\n' 3075 else: 3076 eol_ = '' 3077 showIndent(lwrite, level, pretty_print) 3078 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3079 already_processed = set() 3080 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='SubsystemType') 3081 if self.hasContent_(): 3082 lwrite('>') 3083 lwrite(quote_xml(self.valueOf_)) 3084 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 3085 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 3086 else: 3087 lwrite('/>%s' % (eol_, )) 3088 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='SubsystemType'): 3089 super(SubsystemType, self).exportAttributes(lwrite, level, already_processed, namespace_, name_='SubsystemType') 3090 if self.datatype is not None: 3091 3092 lwrite(' datatype=%s' % (quote_attrib(self.datatype), )) 3093 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='SubsystemType', fromsubclass_=False, pretty_print=True): 3094 super(SubsystemType, self).exportChildren(lwrite, level, 'WinExecutableFileObj:', name_, True, pretty_print=pretty_print) 3095 pass 3096 def build(self, node): 3097 self.__sourcenode__ = node 3098 already_processed = set() 3099 self.buildAttributes(node, node.attrib, already_processed) 3100 self.valueOf_ = get_all_text_(node) 3101 for child in node: 3102 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3103 self.buildChildren(child, node, nodeName_) 3104 def buildAttributes(self, node, attrs, already_processed): 3105 value = find_attr_value_('datatype', node) 3106 if value is not None: 3107 3108 self.datatype = value 3109 super(SubsystemType, self).buildAttributes(node, attrs, already_processed) 3110 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3111 pass 3112# end class SubsystemType 3113 3114class WindowsExecutableFileObjectType(win_file_object.WindowsFileObjectType): 3115 """The WindowsExecutableFileObjectType type is intended to characterize 3116 Windows PE (Portable Executable) files.""" 3117 3118 subclass = None 3119 superclass = win_file_object.WindowsFileObjectType 3120 def __init__(self, object_reference=None, Custom_Properties=None, xsi_type=None, is_packed=None, File_Name=None, File_Path=None, Device_Path=None, Full_Path=None, File_Extension=None, Size_In_Bytes=None, Magic_Number=None, File_Format=None, Hashes=None, Digital_Signatures=None, Modified_Time=None, Accessed_Time=None, Created_Time=None, File_Attributes_List=None, Permissions=None, User_Owner=None, Packer_List=None, Peak_Entropy=None, Sym_Links=None, Byte_Runs=None, Extracted_Features=None, Filename_Accessed_Time=None, Filename_Created_Time=None, Filename_Modified_Time=None, Drive=None, Security_ID=None, Security_Type=None, Stream_List=None, Build_Information=None, Digital_Signature=None, Exports=None, Extraneous_Bytes=None, Headers=None, Imports=None, PE_Checksum=None, Resources=None, Sections=None, Type=None): 3121 super(WindowsExecutableFileObjectType, self).__init__(object_reference, Custom_Properties, is_packed, File_Name, File_Path, Device_Path, Full_Path, File_Extension, Size_In_Bytes, Magic_Number, File_Format, Hashes, Digital_Signatures, Modified_Time, Accessed_Time, Created_Time, File_Attributes_List, Permissions, User_Owner, Packer_List, Peak_Entropy, Sym_Links, Byte_Runs, Extracted_Features, Filename_Accessed_Time, Filename_Created_Time, Filename_Modified_Time, Drive, Security_ID, Security_Type, Stream_List, ) 3122 self.Build_Information = Build_Information 3123 self.Digital_Signature = Digital_Signature 3124 self.Exports = Exports 3125 self.Extraneous_Bytes = Extraneous_Bytes 3126 self.Headers = Headers 3127 self.Imports = Imports 3128 self.PE_Checksum = PE_Checksum 3129 self.Resources = Resources 3130 self.Sections = Sections 3131 self.Type = Type 3132 def factory(*args_, **kwargs_): 3133 if WindowsExecutableFileObjectType.subclass: 3134 return WindowsExecutableFileObjectType.subclass(*args_, **kwargs_) 3135 else: 3136 return WindowsExecutableFileObjectType(*args_, **kwargs_) 3137 factory = staticmethod(factory) 3138 def get_Build_Information(self): return self.Build_Information 3139 def set_Build_Information(self, Build_Information): self.Build_Information = Build_Information 3140 def get_Digital_Signature(self): return self.Digital_Signature 3141 def set_Digital_Signature(self, Digital_Signature): self.Digital_Signature = Digital_Signature 3142 def get_Exports(self): return self.Exports 3143 def set_Exports(self, Exports): self.Exports = Exports 3144 def get_Extraneous_Bytes(self): return self.Extraneous_Bytes 3145 def set_Extraneous_Bytes(self, Extraneous_Bytes): self.Extraneous_Bytes = Extraneous_Bytes 3146 def validate_IntegerObjectPropertyType(self, value): 3147 # Validate type cybox_common.IntegerObjectPropertyType, a restriction on None. 3148 pass 3149 def get_Headers(self): return self.Headers 3150 def set_Headers(self, Headers): self.Headers = Headers 3151 def get_Imports(self): return self.Imports 3152 def set_Imports(self, Imports): self.Imports = Imports 3153 def get_PE_Checksum(self): return self.PE_Checksum 3154 def set_PE_Checksum(self, PE_Checksum): self.PE_Checksum = PE_Checksum 3155 def get_Resources(self): return self.Resources 3156 def set_Resources(self, Resources): self.Resources = Resources 3157 def get_Sections(self): return self.Sections 3158 def set_Sections(self, Sections): self.Sections = Sections 3159 def get_Type(self): return self.Type 3160 def set_Type(self, Type): self.Type = Type 3161 def validate_PEType(self, value): 3162 # Validate type PEType, a restriction on None. 3163 pass 3164 def hasContent_(self): 3165 if ( 3166 self.Build_Information is not None or 3167 self.Digital_Signature is not None or 3168 self.Exports is not None or 3169 self.Extraneous_Bytes is not None or 3170 self.Headers is not None or 3171 self.Imports is not None or 3172 self.PE_Checksum is not None or 3173 self.Resources is not None or 3174 self.Sections is not None or 3175 self.Type is not None or 3176 super(WindowsExecutableFileObjectType, self).hasContent_() 3177 ): 3178 return True 3179 else: 3180 return False 3181 def export(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='WindowsExecutableFileObjectType', namespacedef_='', pretty_print=True): 3182 if pretty_print: 3183 eol_ = '\n' 3184 else: 3185 eol_ = '' 3186 showIndent(lwrite, level, pretty_print) 3187 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3188 already_processed = set() 3189 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='WindowsExecutableFileObjectType') 3190 if self.hasContent_(): 3191 lwrite('>%s' % (eol_, )) 3192 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 3193 showIndent(lwrite, level, pretty_print) 3194 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 3195 else: 3196 lwrite('/>%s' % (eol_, )) 3197 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinExecutableFileObj:', name_='WindowsExecutableFileObjectType'): 3198 super(WindowsExecutableFileObjectType, self).exportAttributes(lwrite, level, already_processed, namespace_, name_='WindowsExecutableFileObjectType') 3199 def exportChildren(self, lwrite, level, namespace_='WinExecutableFileObj:', name_='WindowsExecutableFileObjectType', fromsubclass_=False, pretty_print=True): 3200 super(WindowsExecutableFileObjectType, self).exportChildren(lwrite, level, 'WinExecutableFileObj:', name_, True, pretty_print=pretty_print) 3201 if pretty_print: 3202 eol_ = '\n' 3203 else: 3204 eol_ = '' 3205 if self.Build_Information is not None: 3206 self.Build_Information.export(lwrite, level, 'WinExecutableFileObj:', name_='Build_Information', pretty_print=pretty_print) 3207 if self.Digital_Signature is not None: 3208 self.Digital_Signature.export(lwrite, level, 'WinExecutableFileObj:', name_='Digital_Signature', pretty_print=pretty_print) 3209 if self.Exports is not None: 3210 self.Exports.export(lwrite, level, 'WinExecutableFileObj:', name_='Exports', pretty_print=pretty_print) 3211 if self.Extraneous_Bytes is not None: 3212 self.Extraneous_Bytes.export(lwrite, level, 'WinExecutableFileObj:', name_='Extraneous_Bytes', pretty_print=pretty_print) 3213 if self.Headers is not None: 3214 self.Headers.export(lwrite, level, 'WinExecutableFileObj:', name_='Headers', pretty_print=pretty_print) 3215 if self.Imports is not None: 3216 self.Imports.export(lwrite, level, 'WinExecutableFileObj:', name_='Imports', pretty_print=pretty_print) 3217 if self.PE_Checksum is not None: 3218 self.PE_Checksum.export(lwrite, level, 'WinExecutableFileObj:', name_='PE_Checksum', pretty_print=pretty_print) 3219 if self.Resources is not None: 3220 self.Resources.export(lwrite, level, 'WinExecutableFileObj:', name_='Resources', pretty_print=pretty_print) 3221 if self.Sections is not None: 3222 self.Sections.export(lwrite, level, 'WinExecutableFileObj:', name_='Sections', pretty_print=pretty_print) 3223 if self.Type is not None: 3224 self.Type.export(lwrite, level, 'WinExecutableFileObj:', name_='Type', pretty_print=pretty_print) 3225 def build(self, node): 3226 self.__sourcenode__ = node 3227 already_processed = set() 3228 self.buildAttributes(node, node.attrib, already_processed) 3229 for child in node: 3230 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3231 self.buildChildren(child, node, nodeName_) 3232 def buildAttributes(self, node, attrs, already_processed): 3233 super(WindowsExecutableFileObjectType, self).buildAttributes(node, attrs, already_processed) 3234 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3235 if nodeName_ == 'Build_Information': 3236 obj_ = PEBuildInformationType.factory() 3237 obj_.build(child_) 3238 self.set_Build_Information(obj_) 3239 elif nodeName_ == 'Digital_Signature': 3240 obj_ = cybox_common.DigitalSignatureInfoType.factory() 3241 obj_.build(child_) 3242 self.set_Digital_Signature(obj_) 3243 elif nodeName_ == 'Exports': 3244 obj_ = PEExportsType.factory() 3245 obj_.build(child_) 3246 self.set_Exports(obj_) 3247 elif nodeName_ == 'Extraneous_Bytes': 3248 obj_ = cybox_common.IntegerObjectPropertyType.factory() 3249 obj_.build(child_) 3250 self.set_Extraneous_Bytes(obj_) 3251 elif nodeName_ == 'Headers': 3252 obj_ = PEHeadersType.factory() 3253 obj_.build(child_) 3254 self.set_Headers(obj_) 3255 elif nodeName_ == 'Imports': 3256 obj_ = PEImportListType.factory() 3257 obj_.build(child_) 3258 self.set_Imports(obj_) 3259 elif nodeName_ == 'PE_Checksum': 3260 obj_ = PEChecksumType.factory() 3261 obj_.build(child_) 3262 self.set_PE_Checksum(obj_) 3263 elif nodeName_ == 'Resources': 3264 obj_ = PEResourceListType.factory() 3265 obj_.build(child_) 3266 self.set_Resources(obj_) 3267 elif nodeName_ == 'Sections': 3268 obj_ = PESectionListType.factory() 3269 obj_.build(child_) 3270 self.set_Sections(obj_) 3271 elif nodeName_ == 'Type': 3272 obj_ = PEType.factory() 3273 obj_.build(child_) 3274 self.set_Type(obj_) 3275 super(WindowsExecutableFileObjectType, self).buildChildren(child_, node, nodeName_, True) 3276# end class WindowsExecutableFileObjectType 3277 3278GDSClassesMapping = { 3279 'Extraneous_Bytes': cybox_common.IntegerObjectPropertyType, 3280 'Dependency_Description': cybox_common.StructuredTextType, 3281 'Linker_Version': cybox_common.StringObjectPropertyType, 3282 'Errors': cybox_common.ErrorsType, 3283 'Major_Linker_Version': cybox_common.HexBinaryObjectPropertyType, 3284 'Size_Of_Stack_Commit': cybox_common.HexBinaryObjectPropertyType, 3285 'Filename_Accessed_Time': cybox_common.DateTimeObjectPropertyType, 3286 'Opcodes': cybox_common.StringObjectPropertyType, 3287 'Comments': cybox_common.StringObjectPropertyType, 3288 'Contributors': cybox_common.PersonnelType, 3289 'e_lfanew': cybox_common.HexBinaryObjectPropertyType, 3290 'Loader_Flags': cybox_common.HexBinaryObjectPropertyType, 3291 'Size_Of_Code': cybox_common.HexBinaryObjectPropertyType, 3292 'Metadata': cybox_common.MetadataType, 3293 'e_cblp': cybox_common.HexBinaryObjectPropertyType, 3294 'Image_Base': cybox_common.HexBinaryObjectPropertyType, 3295 'Base_Of_Data': cybox_common.HexBinaryObjectPropertyType, 3296 'Fuzzy_Hash_Structure': cybox_common.FuzzyHashStructureType, 3297 'Size_In_Bytes': cybox_common.UnsignedLongObjectPropertyType, 3298 'e_lfarlc': cybox_common.HexBinaryObjectPropertyType, 3299 'Pointer_To_Linenumbers': cybox_common.HexBinaryObjectPropertyType, 3300 'SpecialBuild': cybox_common.StringObjectPropertyType, 3301 'Information_Source_Type': cybox_common.ControlledVocabularyStringType, 3302 'File_Extension': cybox_common.StringObjectPropertyType, 3303 'Size_Of_Uninitialized_Data': cybox_common.HexBinaryObjectPropertyType, 3304 'Segment_Hash': cybox_common.HashValueType, 3305 'Internal_Strings': cybox_common.InternalStringsType, 3306 'Address_Of_Entry_Point': cybox_common.HexBinaryObjectPropertyType, 3307 'Byte_Runs': cybox_common.ByteRunsType, 3308 'SubDatum': cybox_common.MetadataType, 3309 'Magic': cybox_common.HexBinaryObjectPropertyType, 3310 'Digital_Signature': cybox_common.DigitalSignatureInfoType, 3311 'Checksum': cybox_common.HexBinaryObjectPropertyType, 3312 'e_csum': cybox_common.HexBinaryObjectPropertyType, 3313 'Address': cybox_common.HexBinaryObjectPropertyType, 3314 'Value': cybox_common.StringObjectPropertyType, 3315 'Number_Of_Rva_And_Sizes': cybox_common.HexBinaryObjectPropertyType, 3316 'e_oeminfo': cybox_common.HexBinaryObjectPropertyType, 3317 'Length': cybox_common.IntegerObjectPropertyType, 3318 'Hint': cybox_common.HexBinaryObjectPropertyType, 3319 'Pointer_To_Symbol_Table': cybox_common.HexBinaryObjectPropertyType, 3320 'LegalCopyright': cybox_common.StringObjectPropertyType, 3321 'e_minalloc': cybox_common.HexBinaryObjectPropertyType, 3322 'Encoding': cybox_common.ControlledVocabularyStringType, 3323 'Characteristics': cybox_common.HexBinaryObjectPropertyType, 3324 'PE_Computed_API': cybox_common.LongObjectPropertyType, 3325 'e_cp': cybox_common.HexBinaryObjectPropertyType, 3326 'e_cs': cybox_common.HexBinaryObjectPropertyType, 3327 'File_System_Offset': cybox_common.IntegerObjectPropertyType, 3328 'File_Alignment': cybox_common.HexBinaryObjectPropertyType, 3329 'Certificate_Issuer': cybox_common.StringObjectPropertyType, 3330 'Full_Path': cybox_common.StringObjectPropertyType, 3331 'Attribute': win_file_object.WindowsFileAttributeType, 3332 'Code_Snippet': cybox_common.ObjectPropertiesType, 3333 'Base_Of_Code': cybox_common.HexBinaryObjectPropertyType, 3334 'Number_Of_Linenumbers': cybox_common.NonNegativeIntegerObjectPropertyType, 3335 'Segments': cybox_common.HashSegmentsType, 3336 'Filename_Created_Time': cybox_common.DateTimeObjectPropertyType, 3337 'Functions': cybox_common.FunctionsType, 3338 'Virtual_Address': cybox_common.HexBinaryObjectPropertyType, 3339 'String_Value': cybox_common.StringObjectPropertyType, 3340 'Build_Utility_Platform_Specification': cybox_common.PlatformSpecificationType, 3341 'Number_Of_Relocations': cybox_common.NonNegativeIntegerObjectPropertyType, 3342 'LangID': cybox_common.StringObjectPropertyType, 3343 'e_maxalloc': cybox_common.HexBinaryObjectPropertyType, 3344 'Platform': cybox_common.PlatformSpecificationType, 3345 'Version': cybox_common.StringObjectPropertyType, 3346 'Size_Of_Raw_Data': cybox_common.HexBinaryObjectPropertyType, 3347 'Created_Time': cybox_common.DateTimeObjectPropertyType, 3348 'Name': cybox_common.StringObjectPropertyType, 3349 'Ordinal': cybox_common.NonNegativeIntegerObjectPropertyType, 3350 'Tool_Configuration': cybox_common.ToolConfigurationType, 3351 'Tool_Type': cybox_common.ControlledVocabularyStringType, 3352 'String': cybox_common.ExtractedStringType, 3353 'Size_Of_Heap_Reserve': cybox_common.HexBinaryObjectPropertyType, 3354 'Tool': cybox_common.ToolInformationType, 3355 'Size_Of_Initialized_Data': cybox_common.HexBinaryObjectPropertyType, 3356 'Build_Information': cybox_common.BuildInformationType, 3357 'Size_Of_Stack_Reserve': cybox_common.HexBinaryObjectPropertyType, 3358 'Tool_Hashes': cybox_common.HashListType, 3359 'Subsystem': cybox_common.HexBinaryObjectPropertyType, 3360 'Major_Image_Version': cybox_common.HexBinaryObjectPropertyType, 3361 'Size_Of_Optional_Header': cybox_common.HexBinaryObjectPropertyType, 3362 'Device_Path': cybox_common.StringObjectPropertyType, 3363 'Number_Of_Names': cybox_common.LongObjectPropertyType, 3364 'Error_Instances': cybox_common.ErrorInstancesType, 3365 'Digital_Signatures': cybox_common.DigitalSignaturesType, 3366 'Filename_Modified_Time': cybox_common.DateTimeObjectPropertyType, 3367 'InternalName': cybox_common.StringObjectPropertyType, 3368 'Data_Segment': cybox_common.StringObjectPropertyType, 3369 'Sym_Link': cybox_common.StringObjectPropertyType, 3370 'Compiler_Name': cybox_common.StringObjectPropertyType, 3371 'Win32_Version_Value': cybox_common.HexBinaryObjectPropertyType, 3372 'Signature': cybox_common.StringObjectPropertyType, 3373 'Time_Date_Stamp': cybox_common.HexBinaryObjectPropertyType, 3374 'Property': cybox_common.PropertyType, 3375 'Windows_File': win_file_object.WindowsFileObjectType, 3376 'Strings': cybox_common.ExtractedStringsType, 3377 'e_crlc': cybox_common.HexBinaryObjectPropertyType, 3378 'User_Owner': cybox_common.StringObjectPropertyType, 3379 'Tool_Specific_Data': cybox_common.ToolSpecificDataType, 3380 'Minor_OS_Version': cybox_common.HexBinaryObjectPropertyType, 3381 'Number_Of_Sections': cybox_common.NonNegativeIntegerObjectPropertyType, 3382 'LegalTrademarks': cybox_common.StringObjectPropertyType, 3383 'Reference_Description': cybox_common.StructuredTextType, 3384 'ProductName': cybox_common.StringObjectPropertyType, 3385 'DLL_Characteristics': cybox_common.HexBinaryObjectPropertyType, 3386 'Image_Offset': cybox_common.IntegerObjectPropertyType, 3387 'Size_Of_Headers': cybox_common.HexBinaryObjectPropertyType, 3388 'Configuration_Settings': cybox_common.ConfigurationSettingsType, 3389 'Data_Hashes': cybox_common.HashListType, 3390 'Compiler_Platform_Specification': cybox_common.PlatformSpecificationType, 3391 'Byte_String_Value': cybox_common.HexBinaryObjectPropertyType, 3392 'e_cparhdr': cybox_common.HexBinaryObjectPropertyType, 3393 'Security_Type': cybox_common.SIDType, 3394 'Instance': cybox_common.ObjectPropertiesType, 3395 'PE_File_API': cybox_common.LongObjectPropertyType, 3396 'Import': cybox_common.StringObjectPropertyType, 3397 'Accessed_Time': cybox_common.StringObjectPropertyType, 3398 'Usage_Context_Assumptions': cybox_common.UsageContextAssumptionsType, 3399 'Identifier': cybox_common.PlatformIdentifierType, 3400 'Compiler_Version': cybox_common.StringObjectPropertyType, 3401 'Extracted_Features': cybox_common.ExtractedFeaturesType, 3402 'Execution_Environment': cybox_common.ExecutionEnvironmentType, 3403 'Header_Hashes': cybox_common.HashListType, 3404 'Search_Distance': cybox_common.IntegerObjectPropertyType, 3405 'Block_Hash': cybox_common.FuzzyHashBlockType, 3406 'Compiler_Informal_Description': cybox_common.CompilerInformalDescriptionType, 3407 'Dependencies': cybox_common.DependenciesType, 3408 'Segment_Count': cybox_common.IntegerObjectPropertyType, 3409 'Size_Of_Image': cybox_common.HexBinaryObjectPropertyType, 3410 'PrivateBuild': cybox_common.StringObjectPropertyType, 3411 'Date': cybox_common.DateRangeType, 3412 'Hashes': cybox_common.HashListType, 3413 'Minor_Subsystem_Version': cybox_common.HexBinaryObjectPropertyType, 3414 'Language': cybox_common.StringObjectPropertyType, 3415 'Certificate_Subject': cybox_common.StringObjectPropertyType, 3416 'Offset': cybox_common.IntegerObjectPropertyType, 3417 'System': cybox_common.ObjectPropertiesType, 3418 'e_ovro': cybox_common.HexBinaryObjectPropertyType, 3419 'Dependency': cybox_common.DependencyType, 3420 'PE_File_Raw': cybox_common.LongObjectPropertyType, 3421 'Build_Utility': cybox_common.BuildUtilityType, 3422 'Minor_Image_Version': cybox_common.HexBinaryObjectPropertyType, 3423 'Virtual_Size': cybox_common.HexBinaryObjectPropertyType, 3424 'Trigger_Point': cybox_common.HexBinaryObjectPropertyType, 3425 'Environment_Variable': cybox_common.EnvironmentVariableType, 3426 'Byte_Run': cybox_common.ByteRunType, 3427 'Libraries': cybox_common.LibrariesType, 3428 'Stream': win_file_object.StreamObjectType, 3429 'CompanyName': cybox_common.StringObjectPropertyType, 3430 'Stream_List': win_file_object.StreamListType, 3431 'Imports': cybox_common.ImportsType, 3432 'Number_Of_Symbols': cybox_common.NonNegativeIntegerObjectPropertyType, 3433 'Search_Within': cybox_common.IntegerObjectPropertyType, 3434 'Library': cybox_common.LibraryType, 3435 'Size_Of_Heap_Commit': cybox_common.HexBinaryObjectPropertyType, 3436 'English_Translation': cybox_common.StringObjectPropertyType, 3437 'References': cybox_common.ToolReferencesType, 3438 'Pointer_To_Relocations': cybox_common.HexBinaryObjectPropertyType, 3439 'Size': cybox_common.NonNegativeIntegerObjectPropertyType, 3440 'Block_Hash_Value': cybox_common.HashValueType, 3441 'Time': cybox_common.TimeType, 3442 'Min': cybox_common.FloatObjectPropertyType, 3443 'File_Name': cybox_common.StringObjectPropertyType, 3444 'Configuration_Setting': cybox_common.ConfigurationSettingType, 3445 'Modified_Time': cybox_common.StringObjectPropertyType, 3446 'Fuzzy_Hash_Value': cybox_common.FuzzyHashValueType, 3447 'Machine': cybox_common.HexBinaryObjectPropertyType, 3448 'Security_ID': cybox_common.StringObjectPropertyType, 3449 'Internationalization_Settings': cybox_common.InternationalizationSettingsType, 3450 'reserved1': cybox_common.HexBinaryObjectPropertyType, 3451 'e_sp': cybox_common.HexBinaryObjectPropertyType, 3452 'e_ss': cybox_common.HexBinaryObjectPropertyType, 3453 'reserved2': cybox_common.HexBinaryObjectPropertyType, 3454 'Function': cybox_common.StringObjectPropertyType, 3455 'Usage_Context_Assumption': cybox_common.StructuredTextType, 3456 'Build_Configuration': cybox_common.BuildConfigurationType, 3457 'Magic_Number': cybox_common.HexBinaryObjectPropertyType, 3458 'Linker_Name': cybox_common.StringObjectPropertyType, 3459 'Error': cybox_common.ErrorType, 3460 'Compilers': cybox_common.CompilersType, 3461 'Segment': cybox_common.HashSegmentType, 3462 'Depth': cybox_common.IntegerObjectPropertyType, 3463 'Section_Alignment': cybox_common.HexBinaryObjectPropertyType, 3464 'Compiler': cybox_common.CompilerType, 3465 'FileVersion': cybox_common.StringObjectPropertyType, 3466 'Data_Size': cybox_common.DataSizeType, 3467 'Number_Of_Addresses': cybox_common.LongObjectPropertyType, 3468 'Drive': cybox_common.StringObjectPropertyType, 3469 'Hash': cybox_common.HashType, 3470 'Exports_Time_Stamp': cybox_common.DateTimeObjectPropertyType, 3471 'Minor_Linker_Version': cybox_common.HexBinaryObjectPropertyType, 3472 'Entry_Point': cybox_common.HexBinaryObjectPropertyType, 3473 'ProductVersion': cybox_common.StringObjectPropertyType, 3474 'Code_Snippets': cybox_common.CodeSnippetsType, 3475 'FileDescription': cybox_common.StringObjectPropertyType, 3476 'Signature_Description': cybox_common.StringObjectPropertyType, 3477 'Block_Size': cybox_common.IntegerObjectPropertyType, 3478 'Simple_Hash_Value': cybox_common.SimpleHashValueType, 3479 'OriginalFilename': cybox_common.StringObjectPropertyType, 3480 'e_ip': cybox_common.HexBinaryObjectPropertyType, 3481 'Peak_Entropy': cybox_common.DoubleObjectPropertyType, 3482 'Major_Subsystem_Version': cybox_common.HexBinaryObjectPropertyType, 3483 'File_Format': cybox_common.StringObjectPropertyType, 3484 'Bound': cybox_common.HexBinaryObjectPropertyType, 3485 'Description': cybox_common.StructuredTextType, 3486 'e_oemid': cybox_common.HexBinaryObjectPropertyType, 3487 'Pointer_To_Raw_Data': cybox_common.HexBinaryObjectPropertyType, 3488 'e_magic': cybox_common.HexBinaryObjectPropertyType, 3489 'Max': cybox_common.FloatObjectPropertyType, 3490 'Contributor': cybox_common.ContributorType, 3491 'User_Account_Info': cybox_common.ObjectPropertiesType, 3492 'Tools': cybox_common.ToolsInformationType, 3493 'Custom_Properties': cybox_common.CustomPropertiesType, 3494 'Major_OS_Version': cybox_common.HexBinaryObjectPropertyType, 3495 'Function_Name': cybox_common.StringObjectPropertyType, 3496} 3497 3498USAGE_TEXT = """ 3499Usage: python <Parser>.py [ -s ] <in_xml_file> 3500""" 3501 3502def usage(): 3503 print(USAGE_TEXT) 3504 sys.exit(1) 3505 3506def get_root_tag(node): 3507 tag = Tag_pattern_.match(node.tag).groups()[-1] 3508 rootClass = GDSClassesMapping.get(tag) 3509 if rootClass is None: 3510 rootClass = globals().get(tag) 3511 return tag, rootClass 3512 3513def parse(inFileName): 3514 doc = parsexml_(inFileName) 3515 rootNode = doc.getroot() 3516 rootTag, rootClass = get_root_tag(rootNode) 3517 if rootClass is None: 3518 rootTag = 'Windows_Executable_File' 3519 rootClass = WindowsExecutableFileObjectType 3520 rootObj = rootClass.factory() 3521 rootObj.build(rootNode) 3522 # Enable Python to collect the space used by the DOM. 3523 doc = None 3524# sys.stdout.write('<?xml version="1.0" ?>\n') 3525# rootObj.export(sys.stdout.write, 0, name_=rootTag, 3526# namespacedef_='', 3527# pretty_print=True) 3528 return rootObj 3529 3530def parseEtree(inFileName): 3531 doc = parsexml_(inFileName) 3532 rootNode = doc.getroot() 3533 rootTag, rootClass = get_root_tag(rootNode) 3534 if rootClass is None: 3535 rootTag = 'Windows_Executable_File' 3536 rootClass = WindowsExecutableFileObjectType 3537 rootObj = rootClass.factory() 3538 rootObj.build(rootNode) 3539 # Enable Python to collect the space used by the DOM. 3540 doc = None 3541 rootElement = rootObj.to_etree(None, name_=rootTag) 3542 content = etree_.tostring(rootElement, pretty_print=True, 3543 xml_declaration=True, encoding="utf-8") 3544 sys.stdout.write(content) 3545 sys.stdout.write('\n') 3546 return rootObj, rootElement 3547 3548def parseString(inString): 3549 from mixbox.vendor.six import StringIO 3550 doc = parsexml_(StringIO(inString)) 3551 rootNode = doc.getroot() 3552 rootTag, rootClass = get_root_tag(rootNode) 3553 if rootClass is None: 3554 rootTag = 'Windows_Executable_File' 3555 rootClass = WindowsExecutableFileObjectType 3556 rootObj = rootClass.factory() 3557 rootObj.build(rootNode) 3558 # Enable Python to collect the space used by the DOM. 3559 doc = None 3560# sys.stdout.write('<?xml version="1.0" ?>\n') 3561# rootObj.export(sys.stdout.write, 0, name_="Windows_Executable_File", 3562# namespacedef_='') 3563 return rootObj 3564 3565def main(): 3566 args = sys.argv[1:] 3567 if len(args) == 1: 3568 parse(args[0]) 3569 else: 3570 usage() 3571 3572if __name__ == '__main__': 3573 #import pdb; pdb.set_trace() 3574 main() 3575 3576__all__ = [ 3577 "WindowsExecutableFileObjectType", 3578 "PEChecksumType", 3579 "PEExportsType", 3580 "PEExportedFunctionsType", 3581 "PESectionListType", 3582 "EntropyType", 3583 "PEImportType", 3584 "PEImportedFunctionsType", 3585 "PEResourceType", 3586 "PEVersionInfoResourceType", 3587 "PEExportedFunctionType", 3588 "PEResourceListType", 3589 "PEImportedFunctionType", 3590 "PEImportListType", 3591 "PESectionType", 3592 "PEDataDirectoryStructType", 3593 "PESectionHeaderStructType", 3594 "DOSHeaderType", 3595 "PEHeadersType", 3596 "PEFileHeaderType", 3597 "SubsystemType", 3598 "PEType", 3599 "PEOptionalHeaderType", 3600 "DataDirectoryType", 3601 "PEBuildInformationType" 3602 ] 3603