Beispiel #1
0
            "AccountExpiration": [32, ["WinFileTime"]],
            "PasswordFailedTime": [40, ["WinFileTime"]],
            "LoginCount": [66, ["unsigned short int"]],
            "FailedLoginCount": [64, ["unsigned short int"]],
            "Rid": [48, ["unsigned int"]],
            "Flags": [
                56,
                [
                    "Flags",
                    dict(maskmap=utils.Invert({
                        0x0001: "Account Disabled",
                        0x0002: "Home directory required",
                        0x0004: "Password not required",
                        0x0008: "Temporary duplicate account",
                        0x0010: "Normal user account",
                        0x0020: "MNS logon user account",
                        0x0040: "Interdomain trust account",
                        0x0080: "Workstation trust account",
                        0x0100: "Server trust account",
                        0x0200: "Password does not expire",
                        0x0400: "Account auto locked"
                    }),
                         target="unsigned short int")
                ]
            ],
        }
    ],
}


class SAMProfile(basic.Profile32Bits, basic.BasicClasses):
Beispiel #2
0
                                            vm=x.obj_vm,
                                            parent=x)
        }
    ],
    '_OBJECT_HEADER': [
        None, {
            "InfoMask": [
                None,
                [
                    "Flags",
                    dict(
                        maskmap=utils.Invert({
                            0x1: "CreatorInfo",
                            0x2: "NameInfo",
                            0x4: "HandleInfo",
                            0x8: "QuotaInfo",
                            0x10: "ProcessInfo",
                            0x20: "AuditInfo",
                            0x40: "PaddingInfo",
                        }),
                        target="unsigned char",
                    )
                ]
            ],
            'GrantedAccess':
            lambda x: x.obj_parent.GrantedAccessBits
        }
    ],
}

win8_1_overlays = {
Beispiel #3
0
# USER objects on XP/2003/Vista/2008
HANDLE_TYPE_ENUM = utils.Invert(
    dict(
        # 8/17/2011
        # http:#www.reactos.org/wiki/Techwiki:Win32k/HANDLEENTRY
        # HANDLEENTRY.bType
        TYPE_FREE=0,  # 'must be zero!
        TYPE_WINDOW=1,  # 'in order of use for C code lookups
        TYPE_MENU=2,  #
        TYPE_CURSOR=3,  #
        TYPE_SETWINDOWPOS=4,  # HDWP
        TYPE_HOOK=5,  #
        TYPE_CLIPDATA=6,  # 'clipboard data
        TYPE_CALLPROC=7,  #
        TYPE_ACCELTABLE=8,  #
        TYPE_DDEACCESS=9,  #  tagSVR_INSTANCE_INFO
        TYPE_DDECONV=10,  #
        TYPE_DDEXACT=11,  # 'DDE transaction tracking info.
        TYPE_MONITOR=12,  #
        TYPE_KBDLAYOUT=13,  # 'Keyboard Layout handle (HKL) object.
        TYPE_KBDFILE=14,  # 'Keyboard Layout file object.
        TYPE_WINEVENTHOOK=15,  # 'WinEvent hook (EVENTHOOK)
        TYPE_TIMER=16,  #
        TYPE_INPUTCONTEXT=17,  # 'Input Context info structure
        TYPE_HIDDATA=18,  #
        TYPE_DEVICEINFO=19,  #
        TYPE_TOUCHINPUT=20,  # 'Ustz' W7U sym tagTOUCHINPUTINFO
        TYPE_GESTUREINFO=21,  # 'Usgi'
        TYPE_CTYPES=22,  # 'Count of TYPEs; Must be LAST  1
        TYPE_GENERIC=255  # 'used for generic handle validation
    ))