Compression algorithms¶
aPLib¶
-
malduck.
aplib
(buf: bytes, headerless: bool = False) → Optional[bytes]¶ aPLib decompression
from malduck import aplib # Headerless compressed buffer aplib(b'T\x00he quick\xecb\x0erown\xcef\xaex\x80jumps\xed\xe4veur`t?lazy\xead\xfeg\xc0\x00') # Header included aplib(b'AP32\x18\x00\x00\x00\r\x00\x00\x00\xbc\x9ab\x9b\x0b\x00\x00\x00\x85\x11J\rh8el\x8eo wnr\xecd\x00')
- Parameters
buf (bytes) – Buffer to decompress
headerless (bool (default: True)) – Force headerless decompression (don’t perform ‘AP32’ magic detection)
- Return type
bytes
gzip¶
-
malduck.
gzip
(buf: bytes) → bytes¶ gzip/zlib decompression
from malduck import gzip, unhex # zlib decompression gzip(unhex(b'789ccb48cdc9c95728cf2fca4901001a0b045d')) # gzip decompression (detected by 1f8b08 prefix) gzip(unhex(b'1f8b08082199b75a0403312d3100cb48cdc9c95728cf2fca49010085114a0d0b000000'))
- Parameters
buf (bytes) – Buffer to decompress
- Return type
bytes