binary parser: remove hex_dump, use hexdump package

Willi Ballenthin · Willi Ballenthin · commit 9df078e007f4 · 2016-09-06T11:29:59.000-04:00
diff --git a/Evtx/BinaryParser.py b/Evtx/BinaryParser.py
@@ -24,54 +24,6 @@
 from functools import partial
 
 
-def hex_dump(src, start_addr=0):
-    """
-    see:
-    http://code.activestate.com/recipes/142812-hex-dumper/
-    @param src A bytestring containing the data to dump.
-    @param start_addr An integer representing the start
-      address of the data in whatever context it comes from.
-    @return A string containing a classic hex dump with 16
-      bytes per line.  If start_addr is provided, then the
-      data is interpreted as starting at this offset, and
-      the offset column is updated accordingly.
-    """
-    FILTER = ''.join([(len(repr(chr(x))) == 3) and
-                        chr(x) or
-                        '.' for x in range(256)])
-    length = 16
-    result = []
-
-    remainder_start_addr = start_addr
-
-    if start_addr % length != 0:
-        base_addr = start_addr - (start_addr % length)
-        num_spaces = (start_addr % length)
-        num_chars = length - (start_addr % length)
-
-        spaces = " ".join(["  " for i in range(num_spaces)])
-        s = src[0:num_chars]
-        hexa = ' '.join(["{:02X}".format(ord(x)) for x in s])
-        printable = s.translate(FILTER)
-
-        result.append("{:04X}   {} {}   {}{}\n".format(
-                      (base_addr, spaces, hexa,
-                      " " * (num_spaces + 1), printable)))
-
-        src = src[num_chars:]
-        remainder_start_addr = base_addr + length
-
-    for i in range(0, len(src), length):
-        s = src[i:i + length]
-        hexa = ' '.join(["{:02X}".format(ord(x)) for x in s])
-        printable = s.translate(FILTER)
-        result.append("{:04X}   {:<}   {:{l}}\n".format(
-                         remainder_start_addr + i, 
-                         hexa, printable, l=length*3))
-
-    return ''.join(result)
-
-
 class memoize(object):
     """cache the return value of a method
 
diff --git a/Evtx/Nodes.py b/Evtx/Nodes.py
@@ -16,11 +16,12 @@
 #   See the License for the specific language governing permissions and
 #   limitations under the License.
 import re
-import itertools
 import base64
+import itertools
+
+import hexdump
 
 from .BinaryParser import Block
-from .BinaryParser import hex_dump
 from .BinaryParser import ParseException
 from .BinaryParser import memoize
 
@@ -88,8 +89,8 @@ def __str__(self):
         return "BXmlNode(offset={})".format(hex(self.offset()))
 
     def dump(self):
-        return hex_dump(self._buf[self.offset():self.offset() + self.length()],
-                        start_addr=self.offset())
+        b = self._buf[self.offset():self.offset() + self.length()]
+        return hexdump.hexdump(b, result='return')
 
     def tag_length(self):
         """
diff --git a/scripts/record_structure.py b/scripts/record_structure.py
@@ -1,9 +1,10 @@
+import hexdump
+
 from Evtx.Evtx import Evtx
 from Evtx.Nodes import RootNode
 from Evtx.Nodes import BXmlTypeNode
 from Evtx.Nodes import TemplateInstanceNode
 from Evtx.Nodes import VariantTypeNode
-from Evtx.BinaryParser import hex_dump
 from Evtx.Views import evtx_record_xml_view
 
 
@@ -81,7 +82,7 @@ def main():
     args = parser.parse_args()
 
     with Evtx(args.evtx) as evtx:
-        print(hex_dump(evtx.get_record(args.record).data()))
+        hexdump.hexdump(evtx.get_record(args.record).data())
 
         print(("record(absolute_offset=%s)" % \
                   (evtx.get_record(args.record).offset())))
diff --git a/setup.py b/setup.py
@@ -12,4 +12,6 @@
       author_email="willi.ballenthin@gmail.com",
       url="https://github.com/williballenthin/python-evtx",
       license="Apache 2.0 License",
-      packages=setuptools.find_packages())
+      packages=setuptools.find_packages(),
+      install_requires=['hexdump'],
+)
