Small self-advertisement: as an alternative to dissect.cstruct, a fun side-project of mine (C parser + C interpreter in Python) can do a very similar thing:<a href="https:&#x2F;&#x2F;github.com&#x2F;albertz&#x2F;PyCParser&#x2F;blob&#x2F;master&#x2F;demos&#x2F;dissect_cstruct.py" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;albertz&#x2F;PyCParser&#x2F;blob&#x2F;master&#x2F;demos&#x2F;disse...</a>

More info on how ASIF differs from the decades-old sparseimage format: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=44259132">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=44259132</a>

Speaking of images (media file), I found out that iCloud double-counts storage space for rotated photos, so I need to subscribe to a higher tier just because the iPhone often can&#x27;t get orientation right, especially for food photos.Would be nice if they moved to storing diff sidecars.

Image as in “filesystem snapshot” not as in “media file”.

No I think Python&#x27;s struct module is also really bad. My point is if you are making a new DSL for laying out arbitrary formats why not do something better than what we have

I asked an LLM to rewrite it for me using the Python built-in struct module, and it gave me this:<pre><code> import sys
 import struct
 from collections import namedtuple
 
 # Bake the layout once into a reusable, precompiled object.
 HEADER = struct.Struct(&quot;&gt;4sIIIQQ16sQQIIII&quot;)
 
 # struct only knows positions, not names — pair it with a namedtuple
 # to recover the named-field access that cstruct gives you for free.
 Header = namedtuple(&quot;Header&quot;, [
 &quot;magic&quot;, &quot;field4&quot;, &quot;field8&quot;, &quot;fieldC&quot;,
 &quot;field10&quot;, &quot;field18&quot;, &quot;field20&quot;,
 &quot;field30&quot;, &quot;field38&quot;,
 &quot;field40&quot;, &quot;field44&quot;, &quot;field48&quot;, &quot;field4C&quot;,
 ])
 
 with open(sys.argv[1], &quot;rb&quot;) as fh:
 header = Header._make(HEADER.unpack(fh.read(HEADER.size)))
 
 print(header)
</code></pre>
To me, this seems significantly less readable... less Pythonic, even. The printed output is also less readable.

The article is about disk images though :)But yeah, while I think the `cstruct` helper function to describe a binary data layout in Python is more elegant than the builtin alternatives, it would have been much less painful to just go with a minimal C command line program (or any other programming language where a struct directly maps to memory). Python and most other scripting languages have been built for manipulating text data, but suck when working with binary data.

Sure, but it&#x27;s a greenfield Python script

in video&#x2F;image space most code we deal with day to day is still C, lots more rust plugins in gstreamer ecosystem, but 90%+ still C

I have to admit that using C syntax as a string to parse something from Python is definitely a choice. I&#x27;m not even sure I would use C structs to lay things out in C…

Additionally, while I don&#x27;t know much about APFS, I don&#x27;t think it would be beneficial to point the extracted app to blocks that are also part of the dmg file, i.e. some copying has to happen anyway.

&gt; what does ASIF do that Qcow2 doesn&#x27;tMount natively in macOS&gt; why does it take so long to copy [...] out of a dmgCompression mostly. DMG contents can optionally be compressed using zlib, lzfse, or slow as molasses bzip2.Also Gatekeeper.

I like a good jaunt with IDApro as much as the next RE, but my question is what does ASIF do that Qcow2 doesn&#x27;t?My other question is why does it take so long to copy an app out of a dmg and into &#x2F;Applications. Like, just change some pointers to pointers to data on disk and shit.

Worth noting ASIF&#x27;s compression tradeoff also affects Spotlight indexing —
since the content is opaque until mounted, you lose searchability on
unmounted disk images that you&#x27;d get with a regular folder structure.

Dissecting Apple's Sparse Image Format (ASIF)