nodes, bp: use six for binary indexing. py2 support.

Willi Ballenthin · Willi Ballenthin · commit d946da335234 · 2016-09-06T13:00:54.000-04:00
diff --git a/Evtx/BinaryParser.py b/Evtx/BinaryParser.py
@@ -23,6 +23,8 @@
 from datetime import datetime
 from functools import partial
 
+import six
+
 
 class memoize(object):
     """cache the return value of a method
@@ -557,7 +559,7 @@ def unpack_guid(self, offset):
             raise OverrunBufferException(o, len(self._buf))
 
         # Yeah, this is ugly
-        h = _bin 
+        h = [six.indexbytes(_bin, i) for i in range(len(_bin))]
         return """{:02x}{:02x}{:02x}{:02x}-{:02x}{:02x}-{:02x}{:02x}-{:02x}{:02x}-{:02x}{:02x}{:02x}{:02x}{:02x}{:02x}""".format(
             h[3], h[2], h[1], h[0],
             h[5], h[4],
diff --git a/Evtx/Nodes.py b/Evtx/Nodes.py
@@ -19,6 +19,7 @@
 import base64
 import itertools
 
+import six
 import hexdump
 
 from .BinaryParser import Block
@@ -1010,17 +1011,19 @@ def fast_substitutions(self):
                     val = self.unpack_dword(ofs + 8 + (4 * i))
                     value += "-{}".format(val)
                 sub_def.append(value)
-            #[20] = parse_hex32_type_node,  -- Hex32TypeNoe, 0x14
+            #[20] = parse_hex32_type_node,  -- Hex32TypeNode, 0x14
             elif type_ == 0x14:
                 value = "0x"
-                for c in self.unpack_binary(ofs, size)[::-1]:
-                    value += "{:02x}".format(c)
+                b = self.unpack_binary(ofs, size)[::-1]
+                for i in range(len(b) - 1):
+                    value += '{:02x}'.format(six.indexbytes(b, i))
                 sub_def.append(value)
             #[21] = parse_hex64_type_node,  -- Hex64TypeNode, 0x15
             elif type_ == 0x15:
                 value = "0x"
-                for c in bytes(self.unpack_binary(ofs, size)[::-1]):
-                    value += "{:02x}".format(c)
+                b = self.unpack_binary(ofs, size)[::-1]
+                for i in range(len(b) - 1):
+                    value += '{:02x}'.format(six.indexbytes(b, i))
                 sub_def.append(value)
             #[33] = parse_bxml_type_node,  -- BXmlTypeNode, 0x21
             elif type_ == 0x21:
