`dissect.cstruct.cstruct`¶

Module Contents¶

Classes¶

cstruct

Main class of cstruct. All types are registered in here.

Functions¶

`ctypes`	Create ctypes structures from cstruct structures.
`ctypes_type`

class dissect.cstruct.cstruct.cstruct(endian: str = '<', pointer: str | None = None)¶

Main class of cstruct. All types are registered in here.

Parameters:

endian – The endianness to use when parsing.
pointer – The pointer type to use for Pointers.

DEF_CSTYLE = 1¶

DEF_LEGACY = 2¶

endian = '<'¶

consts¶

lookups¶

typedefs¶

pointer = 'uint64'¶

__getattr__(attr: str) → Any¶

add_type(name: str, type_: dissect.cstruct.types.MetaType | str, replace: bool = False) → None¶

Add a type or type reference.

Only use this method when creating type aliases or adding already bound types.

Parameters:

name – Name of the type to be added.
type – The type to be added. Can be a str reference to another type or a compatible type class.

Raises:

ValueError – If the type already exists.

addtype¶

add_custom_type(name: str, type_: dissect.cstruct.types.MetaType, size: int | None = None, alignment: int | None = None, **kwargs) → None¶

Add a custom type.

Use this method to add custom types to this cstruct instance. This is largely a convenience method for the internal _make_type() method, which binds a class to this cstruct instance.

Parameters:

name – Name of the type to be added.
type – The type to be added.
size – The size of the type.
alignment – The alignment of the type.
**kwargs – Additional attributes to add to the type.

load(definition: str, deftype: int | None = None, **kwargs) → cstruct¶

Parse structures from the given definitions using the given definition type.

Definitions can be parsed using different parsers. Currently, there’s only one supported parser - DEF_CSTYLE. Parsers can add types and modify this cstruct instance. Arguments can be passed to parsers using kwargs.

The CSTYLE parser was recently replaced with token based parser, instead of a strictly regex based one. The old parser is still available by using DEF_LEGACY.

Parameters:

definition – The definition to parse.
deftype – The definition type to parse the definitions with.
**kwargs – Keyword arguments for parsers.

loadfile(path: str, deftype: int | None = None, **kwargs) → None¶

Load structure definitions from a file.

The given path will be read and parsed using the .load() function.

Parameters:

path – The path to load definitions from.
deftype – The definition type to parse the definitions with.
**kwargs – Keyword arguments for parsers.

read(name: str, stream: BinaryIO) → Any¶

Parse data using a given type.

Parameters:

name – Type name to read.
stream – File-like object or byte string to parse.

Returns:

The parsed data.

resolve(name: str) → dissect.cstruct.types.MetaType¶

Resolve a type name to get the actual type object.

Types can be referenced using different names. When we want the actual type object, we need to resolve these references.

Parameters:: name – Type name to resolve.
Returns:: The resolved type object.
Raises:: ResolveError – If the type can’t be resolved.

dissect.cstruct.cstruct.ctypes(structure: dissect.cstruct.types.Structure) → ctypes.Structure¶: Create ctypes structures from cstruct structures.

dissect.cstruct.cstruct.ctypes_type(type_: dissect.cstruct.types.MetaType) → Any¶

dissect.cstruct.cstruct¶

Module Contents¶

Classes¶

Functions¶

`dissect.cstruct.cstruct`¶