1.2. lf.dtypes — Data Types

This module converts information represented as binary data (Python bytes objects) into Python objects.

1.2.1. Overview

There are three components to the data typing system in LibForensics:

1. Describing the type and structure of information (i.e. a ctypes wrapper)
2. Translating a bytes object into Python objects (Data Access Layer or DAL)
3. A standard protocol for using the ctypes wrappers and the DAL.

1.2.2. Describing data types

The ctypes module is used to extract various data types (e.g. integers, floating point values, structures, etc.) from a stream of bytes. To facilitate this, LibForensics provides a (restricted) wrapper for the ctypes module.

LibForensics supports several primitive data types, including 8/16/32/64 bit signed and unsigned integers, 32/64 bit floating point values, records (a.k.a. structs, data structures), and arrays.

Records (structures) are a data type that is composed of one or more primitive data types. The description of a record is a class, where the class attributes represent the fields of the record. At runtime, a metaclass is used to translate a Record class into a ctypes object. The ctypes object is accessible as the _ctype_ attribute.

The following snippet shows how to create a record with three fields:

>>> from lf.dtypes import LERecord, uint8, int16, uint32
>>> class SomeStruct(LERecord):
...     field1 = uint8
...     field2 = uint32
...     field3 = int16
...
>>> ctypes_obj = SomeStruct._ctype_

1.2.2.1. Class Hierarchy

1.2.2.2. Primitive data types

Primitive data types are data types that can be used by themselves, or grouped together to create Composite data types.

LibForensics provides 2 types of Primitive data types:

1. Basic – Primitive data types that can not be decomposed
2. Composite – Primitive data types composed of other primtive data types.

1.2.2.3. Basic data types

Basic data types are “basic building blocks”. They can be used by themselves, or can be grouped together to create Composite data types. Basic data types however are not further decomposable.

LibForensics provides 3 types of Basic data types:

1. Native – Data types with native ctypes support.
2. BitType – Data types with access to individual bits.
3. raw – Data type for a raw stream of bytes.

1.2.2.4. Composite data types

Composite data types are data types composed of one or more Primitive data types. This includes Basic data types, as well as other Composite data types.

LibForensics provides 2 types of Composite data types:

1. Record (a.k.a. structs, data structures) – Composite data types where the elements do not need to be the same type.
2. Arrays – Composite data types where the elements are identical types.

1.2.3. The Data Access Layer (DAL)

One of the design goals of the ctypes wrapper provided by LibForensics is to have data types that are not data-dependent. This means that regardless of the value of the bytes used, extracting Python values with data types (created with the ctypes wrapper) should not fail.

The advantage of this type of design is that any pattern of 1s and 0s can be used. There are several places situations that this design is useful. Such as (blindly) looking for a particular data structure in unallocated space, slack space, or without much other structural information. Additionally, if a data structure has been partially overwritten (e.g. it was in a file that was deleted, and then part of the file was reallocated and overwritten) NULL bytes can be used to make up the missing part of the data structure.

The disadvantage of this approach means that the ctypes wrapper does not support any data type that requires using the value. A common example is a pointer data type. The value of the pointer is a location (address). An invalid value for the pointer can cause problems for automated solutions. For example:

>>> from ctypes import Structure, c_int8, POINTER
>>> class Struct(Structure):
...     _fields_ = [("field1", POINTER(c_int8))]
...
>>> values = Struct.from_buffer_copy(b"\x01\x00\x00\x00\x00\x00\x00\x00")
>>> values.field1.contents
Segmentation fault

Depending on the situation, there are several different options for dealing with invalid data.

1.2.3.1. Value Objects and Entities

The DAL is built around two concepts: Value objects and Entities (a.k.a. reference objects). The primary difference between a value object and an entity is how equality is determined. Value objects are considered equal if their value (or the values of their attributes) are equal. Entity objects are considered equal if thier identities (memory addresses, unique identifiers, etc.) are equal.

In LibForensics, value objects are subclasses of the Structuple class (usually ActiveStructuple). Entities however, are regular user-defined classes.

1.2.3.2. Converters

Some data types have equivalents in the Python standard library. For instance, a 64-bite FILETIME timestamp can be represented by a datetime.datetime class. Converter classes fill the role of converting from bytes to a standard Python object. Converter classes are subclasses of the Converter class.

1.2.4. Standard protocol for the ctypes wrappers and the DAL

In order to reduce the learning curve of the several data structures (Record data types) used throughout LibForensics, there is a standard approach to naming, locating, and using the ctypes wrappers, and the DAL. The rules are:

• The definitions of the data types are placed in a file called dtypes.py
• A convenience module called ctypes.py contains the _ctype_ attribute from each class defined in the dtypes.py file.
• Classes that represent value objects are descendants of the Structuple class.
• Classes that represent entities are regular user-defined classes (i.e. they are not descendents of Structuple.)
• Classes that are used to translate a bytes object to a standard Python object inherit from the Converter class.
• value objects, entities, and converters are placed in a file called objects.py

1.2.5. Base data types

class lf.dtypes.DataType

Base class for all data types.

_size_

The size of the data type. The units (e.g. bits or bytes) are dependent on the subclass.

class lf.dtypes.Primitive

Base class for data types that can be used to compose other data types.

_ctype_

A ctypes object that reflects the data type.

1.2.6. Basic data types

These are data types that are the “basic building blocks”. These data types can be used for composition, but are not composable.

class lf.dtypes.Basic

Base class for Basic data types.

class lf.dtypes.raw(size)

A data type for a raw array of bytes.

Parameter:size (int) – The number of bytes in the string.

Note

When using the raw data type, the corresponding ctypes object is an array of c_ubyte (i.e. c_ubyte * size). This means you will need to call bytes() to get a bytes object.

1.2.7. Native data types

These are data types that have native support in the ctypes module.

class lf.dtypes.Native

Base class for Native data types.

class lf.dtypes.int8

Signed 8-bit integer.

class lf.dtypes.uint8

Unsigned 8-bit integer.

class lf.dtypes.int16

Signed 16-bit integer.

class lf.dtypes.uint16

Unsigned 16-bit integer.

class lf.dtypes.int32

Signed 32-bit integer.

class lf.dtypes.uint32

Unsigned 32-bit integer.

class lf.dtypes.int64

Signed 64-bit integer.

class lf.dtypes.uint64

Unsigned 64-bit integer.

class lf.dtypes.float32

32-bit floating point number.

class lf.dtypes.float64

64-bit floating point number.

1.2.8. Bit-oriented data types

LibForensics provides support for bit-oriented data types using the BitType, bits, and bit classes.

bits(size=1):

Represents one or more bits.

Parameter:size (int) – The number of bits in the data type.

class lf.dtypes.bit

A convenience class to represent a single bit.

class lf.dtypes.BitType

A container class for bits. This class is used to allow bits to be used as a Primitive class.

_int_type_

The ctypes integer type that encapsulates the bits.

_fields_

A list of the fields in the BitType. If this is None (or not present) it is automatically generated by a metaclass.

The following BitType subclasses can be used as Primitive data types.

class lf.dtypes.BitType8

A bit type represented by a signed 8-bit integer.

class lf.dtypes.BitTypeU8

A bit type represented by an unsigned 8-bit integer.

class lf.dtypes.BitType16

A bit type represented by a signed 16-bit integer.

class lf.dtypes.BitTypeU16

A bit type represented by an unsigned 16-bit integer.

class lf.dtypes.BitType32

A bit type represented by a signed 32-bit integer.

class lf.dtypes.BitTypeU32

A bit type represented by an unsigned 32-bit integer.

class lf.dtypes.BitType64

A bit type represented by a signed 64-bit integer.

class lf.dtypes.BitTypeU64

A bit type represented by an unsigned 64-bit integer.

1.2.9. Composite data types

Composite data types are data types that are composed of one or more data types. LibForensics supports two types of composite data types, arrays and records (a.k.a. data structures, structs, tuples, etc.)

Arrays are an arrangement of multiple copies of a single data type. In the LibForensics data typing system, arrays are represented by lists. The first element of the list is the data type of the elements of the array. The size of the list denotes the number of elements in the array.

For example a data structure with a field that has 10 8-bit integers:

>>> from lf.dtypes import LERecord, uint8
>>> class SomeStruct(LERecord):
...             field1 = [uint8] * 10

Records are a data structure similar to arrays, except the elements (called fields) of the record do not have to all be the same data type. Records are represented by the Record class, usually a subclass.

lf.dtypes.LITTLE_ENDIAN

Constant to indicate a Composite data type fields are in little endian order.

lf.dtypes.BIG_ENDIAN

Constant to indicate a Composite data type fields are in big endian order.

class lf.dtypes.Composite

Base class for data types that can be composed of data types. Since this is a Primitive class, subclasses can be used to both compose data types, as well as be composed of other classes.

Fields are implemented as class attributes. For instance:

>>> from lf.dtypes import LERecord, int8, uint8
>>> class SomeStruct(LERecord):
...             field1 = int8
...             field2 = uint8
...
>>>

Will create a class called SomeStruct, with two fields called field1 and field2.

Composite objects can also inherit from each other, adding the new fields to the old ones. Continuing the previous example:

>>> class AnotherStruct(SomeStruct):
...             field3 = uint8
...
>>>

Will create a class called AnotherStruct, with three fields called field1, field2, and field 3.

_fields_

A list of (field name, ctype object) tuples. If this is None, it is created automatically by the metaclass.

_byte_order_

The byte ordering to use (LITTLE_ENDIAN or BIG_ENDIAN)

_pack_

The _pack_ attribute used when creating the _ctype_ attribute. The default is 1.

_anonymous_

The value of the _anonymous_ attribute used when creating the _ctype_ attribute.

_ctype_name_

The name to use for the _ctype_ attribute. If this is not specified, a name is autogenerated by a metaclass, based on the class name.

class lf.dtypes.Record

Base class for creating record data types.

class lf.dtypes.LERecord

Class for creating little endian record data types.

class lf.dtypes.BERecord

Class for creating big endian record data types.

1.2.10. Data Access Layer (DAL) Support

The DAL provides three types of functionality, Structuple, Converter, and Reader classes.

1.2.10.1. Structuple classes

lf.dtypes.structuple(name, fields, aliases=None, auto_slots=False, rename=False)

Factory function to create new Structuple classes.

Parameters:

• name (str) – The name for the new Structuple class.
• fields (iterable) – A string, dictionary, or iterable of the names of the attributes and their positions. If this is a string or iterable, the positions are determined by the order in which the names occur, starting with position 0 (first element). If this is a dictionary, the keys are the names of the attributes, and the positions are the values.
• aliases (dict) – A dictionary of aliases for attributes. The keys are the names of the aliases, and the values are the names of the attributes the aliases should point to.
• auto_slots (bool) – If true, the __slots__ attribute is automatically defined for the created class and all subclasses, until a subclass sets the _auto_slots_ attribute to False.
• rename (bool) – If True, duplicate attribute names are automatically renamed to field_name__XXX, where XXX is the position of the name.

Return type:

Structuple

Returns:

The newly created class.

class lf.dtypes.Structuple(iterable)

Base class for creating tuples with named attribute access.

Parameter:iterable – An optional iterator (or object that supports iteration) to provide initial values.

_fields_

A list of names of the attributes, in the same order as the corresponding elements of the tuple.

_aliases_

A dictionary to describe attributes that are aliases for other attributes. The keys are the alias names, and the values are the names of the attributes they should point to.

_auto_slots_

If True, then the __slots__ attribute is created automatically for all subclasses, until a subclass sets _auto_slots_ to False.

Note

When inheriting from this class (or a subclass) the _fields_ attribute in subclasses appends to the _fields_ attribute of the parent(s). This means that subclasses will have all of the fields of the parent(s).

The caveat is that if a subclass defines a field or alias that is already defined in the parent class, then the field is kept in the position specified by the subclass.

For example:

>>> from lf.dtypes import Structuple
>>> class ParentClass(Structuple):
...     _fields_ = ("field0", "field1", "field2")
...
>>> class SubClass1(ParentClass):
...     _fields_ = ("field3", "field4", "field5")
...
>>> class SubClass2(ParentClass):
...     _fields_ = ("field6", "field1", "field7")
...
>>> ParentClass._fields_
('field0', 'field1', 'field2')
>>> SubClass1._fields_
('field0', 'field1', 'field2', 'field3', 'field4', 'field5')
>>> SubClass2._fields_
('field0', 'field2', 'field6', 'field1', 'field7')

class lf.dtypes.ActiveStructuple(iterable)

Base class for value objects.

Parameter:iterable – An optional iterator (or object that supports iteration) to provide initial values.

_takes_stream

True if the from_stream() method is implemented.

_takes_ctype

True if the from_ctype() method is implemented.

classmethod from_bytes(bytes_)

Creates an ActiveStructuple from a bytes object.

Note

This method is available if _takes_stream is True.

Parameter:bytes (bytes) – A bytes object to read from. Return type:ActiveStructuple Returns:The corresponding ActiveStructuple

classmethod from_stream(stream, offset=None)

Creates an ActiveStructuple from an IStream object.

Note

This method is available if _takes_stream is True.

Parameters:

• stream (IStream) – A stream that contains the ActiveStructuple
• offset (int or None) – The start of the ActiveStructuple

Return type:

ActiveStructuple

Returns:

The corresponding ActiveStructuple

classmethod from_ctype(ctype)

Creates an ActiveStructuple from a ctypes object.

Note

This method is available if _takes_ctype is True.

Parameter:ctype (ctypes._CData) – A ctypes object that describes the values of the attributes. Return type:ActiveStructuple Returns:The corresponding ActiveStructuple.

class lf.dtypes.CtypesWrapper

An ActiveStructuple that is a wrapper around a ctypes object. This class provides from_stream(), from_bytes(), and from_ctype() methods.

The way this class is designed, from_stream() and from_bytes() depend on from_ctype(). Therefore, just overriding from_ctype() in a subclass will affect from_stream() and from_bytes().

_ctype_

The ctypes instance to wrap.

classmethod from_bytes(bytes_)

Creates a CtypesWrapper object from a bytes object.

Parameter:bytes (bytes) – A bytes object to read from. Return type:CtypesWrapper Returns:The corresponding CtypesWrapper class.

classmethod from_stream(stream, offset=None)

Creates a CtypesWrapper from a stream.

Parameters:

• stream (lf.dec.IStream) – A stream that contains the CtypesWrapper
• offset (int or None) – The start of the CtypesWrapper

Return type:

CtypesWrapper

Returns:

The corresponding CtypesWrapper object.

classmethod from_ctype(ctype)

Creates a CtypesWrapper from a ctype.

Parameter:ctype (ctypes._CData) – A ctypes object that describes the values of the attributes. Return type:CtypesWrapper Returns:The corresponding CtypesWrapper.

1.2.10.2. Converter classes

class lf.dtypes.Converter

Base class to convert data into a native Python object.

_takes_stream

True if the from_stream() method is implemented.

_takes_ctype

True if the from_ctype() method is implemented.

classmethod from_bytes(bytes_)

Creates a Python object from a bytes object.

Note

This method is available if _takes_stream is True.

Parameter:bytes (bytes) – A bytes object to read from. Return type:object Returns:The corresponding Python object.

from_stream(stream, offset=None):

Creates a Python object from an IStream object.

Note

This method is available if _takes_stream is True.

Parameters:

• stream (IStream) – A stream that contains the Python object.
• offset (int or None) – The start of the Python object.

Return type:

object

Returns:

The corresponding Python object.

classmethod from_ctype(ctype)

Creates a Python object from a ctypes object.

Note

This method is available if _takes_ctype is True.

Parameter:ctype (ctypes._CData) – A ctypes object that describes the values of the attributes. Return type:object Returns:The corresponding Python object.

class lf.dtypes.StdLibConverter

Base class for Converters to Python standard library objects.

1.2.10.3. Reader classes

Reader clsses and objects read BuiltIn data types from streams. This type of operation is occurs fairly often.

class lf.dtypes.Reader

Convenience class to read BuiltIn data types from a stream.

int8(stream, offset=None):

Reads a signed 8-bit integer from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the integer.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

int

Returns:

The corresponding value.

uint8(stream, offset=None):

Reads an unsigned 8-bit integer from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the integer.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

int

Returns:

The corresponding value.

int16_le(stream, offset=None):

Reads a signed 16-bit integer (little endian) from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the integer.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

int

Returns:

The corresponding value.

uint16_le(stream, offset=None):

Reads an unsigned 16-bit integer (little endian) from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the integer.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

int

Returns:

The corresponding value.

int16_be(stream, offset=None):

Reads a signed 16-bit integer (big endian) from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the integer.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

int

Returns:

The corresponding value.

uint16_be(stream, offset=None):

Reads an unsigned 16-bit integer (big endian) from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the integer.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

int

Returns:

The corresponding value.

int32_le(stream, offset=None):

Reads a signed 32-bit integer (little endian) from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the integer.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

int

Returns:

The corresponding value.

uint32_le(stream, offset=None):

Reads an unsigned 32-bit integer (little endian) from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the integer.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

int

Returns:

The corresponding value.

int32_be(stream, offset=None):

Reads a signed 32-bit integer (big endian) from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the integer.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

int

Returns:

The corresponding value.

uint32_be(stream, offset=None):

Reads an unsigned 32-bit integer (big endian) from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the integer.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

int

Returns:

The corresponding value.

int64_le(stream, offset=None):

Reads a signed 64-bit integer (little endian) from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the integer.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

int

Returns:

The corresponding value.

uint64_le(stream, offset=None):

Reads an unsigned 64-bit integer (little endian) from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the integer.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

int

Returns:

The corresponding value.

int64_be(stream, offset=None):

Reads a signed 64-bit integer (big endian) from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the integer.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

int

Returns:

The corresponding value.

uint64_be(stream, offset=None):

Reads an unsigned 64-bit integer (big endian) from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the integer.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

int

Returns:

The corresponding value.

float32_le(stream, offset=None):

Reads a 32-bit floating point number (little endian) from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the floating point number.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

float

Returns:

The corresponding value.

float32_be(stream, offset=None):

Reads a 32-bit floating point number (big endian) from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the floating point number.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

float

Returns:

The corresponding value.

float64_le(stream, offset=None):

Reads a 64-bit floating point number (little endian) from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the floating point number.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

float

Returns:

The corresponding value.

float64_be(stream, offset=None):

Reads a 64-bit floating point number (big endian) from a stream.

Parameters:

• stream (IStream) – The stream to read data from.
• offset (int or None) – The start of the floating point number.

Raises ValueError:  

if stream (starting at offset is too small.)

Return type:

float

Returns:

The corresponding value.

class lf.dtypes.BoundReader(stream)

A Reader that is bound to a IStream.

Parameter:stream (IStream) – A stream that contains the values to read.

int8(offset=None):

Reads a signed 8-bit integer.

Parameter:offset (int or None) – The start of the integer. Raises ValueError:  if stream (starting at offset is too small.) Return type:int Returns:The corresponding value.

uint8(offset=None):

Reads an unsigned 8-bit integer.

Parameter:offset (int or None) – The start of the integer. Raises ValueError:  if stream (starting at offset is too small.) Return type:int Returns:The corresponding value.

int16_le(offset=None):

Reads a signed 16-bit integer (little endian).

Parameter:offset (int or None) – The start of the integer. Raises ValueError:  if stream (starting at offset is too small.) Return type:int Returns:The corresponding value.

uint16_le(offset=None):

Reads an unsigned 16-bit integer (little endian).

Parameter:offset (int or None) – The start of the integer. Raises ValueError:  if stream (starting at offset is too small.) Return type:int Returns:The corresponding value.

int16_be(offset=None):

Reads a signed 16-bit integer (big endian).

Parameter:offset (int or None) – The start of the integer. Raises ValueError:  if stream (starting at offset is too small.) Return type:int Returns:The corresponding value.

uint16_be(offset=None):

Reads an unsigned 16-bit integer (big endian).

Parameter:offset (int or None) – The start of the integer. Raises ValueError:  if stream (starting at offset is too small.) Return type:int Returns:The corresponding value.

int32_le(offset=None):

Reads a signed 32-bit integer (little endian).

Parameter:offset (int or None) – The start of the integer. Raises ValueError:  if stream (starting at offset is too small.) Return type:int Returns:The corresponding value.

uint32_le(offset=None):

Reads an unsigned 32-bit integer (little endian).

Parameter:offset (int or None) – The start of the integer. Raises ValueError:  if stream (starting at offset is too small.) Return type:int Returns:The corresponding value.

int32_be(offset=None):

Reads a signed 32-bit integer (big endian).

Parameter:offset (int or None) – The start of the integer. Raises ValueError:  if stream (starting at offset is too small.) Return type:int Returns:The corresponding value.

uint32_be(offset=None):

Reads an unsigned 32-bit integer (big endian).

Parameter:offset (int or None) – The start of the integer. Raises ValueError:  if stream (starting at offset is too small.) Return type:int Returns:The corresponding value.

int64_le(offset=None):

Reads a signed 64-bit integer (little endian).

Parameter:offset (int or None) – The start of the integer. Raises ValueError:  if stream (starting at offset is too small.) Return type:int Returns:The corresponding value.

uint64_le(offset=None):

Reads an unsigned 64-bit integer (little endian).

Parameter:offset (int or None) – The start of the integer. Raises ValueError:  if stream (starting at offset is too small.) Return type:int Returns:The corresponding value.

int64_be(offset=None):

Reads a signed 64-bit integer (big endian).

Parameter:offset (int or None) – The start of the integer. Raises ValueError:  if stream (starting at offset is too small.) Return type:int Returns:The corresponding value.

uint64_be(offset=None):

Reads an unsigned 64-bit integer (big endian).

Parameter:offset (int or None) – The start of the integer. Raises ValueError:  if stream (starting at offset is too small.) Return type:int Returns:The corresponding value.

float32_le(offset=None):

Reads a 32-bit floating point number (little endian).

Parameter:offset (int or None) – The start of the floating point number. Raises ValueError:  if stream (starting at offset is too small.) Return type:float Returns:The corresponding value.

float32_be(offset=None):

Reads a 32-bit floating point number (big endian).

Parameter:offset (int or None) – The start of the floating point number. Raises ValueError:  if stream (starting at offset is too small.) Return type:float Returns:The corresponding value.

float64_le(offset=None):

Reads a 64-bit floating point number (little endian).

Parameter:offset (int or None) – The start of the floating point number. Raises ValueError:  if stream (starting at offset is too small.) Return type:float Returns:The corresponding value.

float64_be(offset=None):

Reads a 64-bit floating point number (big endian).

Parameter:offset (int or None) – The start of the floating point number. Raises ValueError:  if stream (starting at offset is too small.) Return type:float Returns:The corresponding value.