def __init__(self):
self.fields = OrderedDict([
('protocol_id', BytesField(
size=4,
default=b"\xfeSMB",
)),
('structure_size', IntField(
size=2,
default=64,
)),
('credit_charge', IntField(size=2)),
('channel_sequence', IntField(size=2)),
('reserved', IntField(size=2)),
('command', EnumField(
size=2,
enum_type=Commands
)),
('credit_request', IntField(size=2)),
('flags', FlagField(
size=4,
flag_type=Smb2Flags,
)),
('next_command', IntField(size=4)),
('message_id', IntField(size=8)),
('process_id', IntField(size=4)),
('tree_id', IntField(size=4)),
('session_id', IntField(size=8)),
('signature', BytesField(
size=16,
default=b"\x00" * 16,
)),
('data', BytesField())
])
super(SMB2HeaderRequest, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('structure_size', IntField(
size=2,
default=33
)),
('file_information_class', EnumField(
size=1,
enum_type=FileInformationClass
)),
('flags', FlagField(
size=1,
flag_type=QueryDirectoryFlags
)),
('file_index', IntField(size=4)),
('file_id', BytesField(size=16)),
('file_name_offset', IntField(
size=2,
default=lambda s: 0 if len(s['buffer']) == 0 else 96
)),
('file_name_length', IntField(
size=2,
default=lambda s: len(s['buffer'])
)),
('output_buffer_length', IntField(size=4)),
# UTF-16-LE encoded search pattern
('buffer', BytesField(
size=lambda s: s['file_name_length'].get_value()
))
])
super(SMB2QueryDirectoryRequest, self).__init__()
def __init__(self):
self.fields = OrderedDict([
# 0 if no more entries, otherwise offset after ea_value
('next_entry_offset', IntField(size=4)),
('flags', FlagField(
size=1,
flag_type=EAFlags
)),
('ea_name_length', IntField(
size=1,
default=lambda s: len(s['ea_name']) - 1 # minus \x00
)),
('ea_value_length', IntField(
size=2,
default=lambda s: len(s['ea_value'])
)),
# ea_name is ASCII byte encoded and needs a null terminator '\x00'
('ea_name', BytesField(
size=lambda s: s['ea_name_length'].get_value() + 1
)),
('ea_value', BytesField(
size=lambda s: s['ea_value_length'].get_value()
)),
# not actually a field but each list entry must start at the 4 byte
# alignment
('padding', BytesField(
size=lambda s: self._padding_size(s),
default=lambda s: b"\x00" * self._padding_size(s)
))
])
super(SMB2CreateEABuffer, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('structure_size', IntField(size=2, default=49)),
(
'data_offset',
IntField( # offset to the buffer field
size=2,
default=0x70 # seems to be hardcoded to this value
)),
('length', IntField(size=4, default=lambda s: len(s['buffer']))),
('offset', IntField(size=8)), # the offset in the file of the data
('file_id', BytesField(size=16)),
('channel', FlagField(size=4, flag_type=ReadWriteChannel)),
('remaining_bytes', IntField(size=4)),
('write_channel_info_offset',
IntField(
size=2,
default=lambda s: self._get_write_channel_info_offset(s))),
('write_channel_info_length',
IntField(size=2,
default=lambda s: len(s['buffer_channel_info']))),
('flags', FlagField(size=4, flag_type=WriteFlags)),
('buffer', BytesField(size=lambda s: s['length'].get_value())),
('buffer_channel_info',
BytesField(
size=lambda s: s['write_channel_info_length'].get_value()))
])
super(SMB2WriteRequest, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('version', IntField(
size=4,
default=2
)),
('has_initiator_id', BoolField(
size=1,
default=lambda s: len(s['initiator_host_name']) > 0
)),
('reserved', BytesField(
size=3,
default=b"\x00\x00\x00"
)),
('initiator_id', UuidField(size=16)),
('originator_flags', EnumField(
size=4,
enum_type=SVHDXOriginatorFlags
)),
('open_request_id', IntField(size=8)),
('initiator_host_name_length', IntField(
size=2,
default=lambda s: len(s['initiator_host_name'])
)),
# utf-16-le encoded string
('initiator_host_name', BytesField(
size=lambda s: s['initiator_host_name_length'].get_value()
)),
('virtual_disk_properties_initialized', IntField(size=4)),
('server_service_version', IntField(size=4)),
('virtual_sector_size', IntField(size=4)),
('physical_sector_size', IntField(size=4)),
('virtual_size', IntField(size=8))
])
super(SMB2SVHDXOpenDeviceContextV2Request, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('structure_size', IntField(size=2, default=57)),
('reserved', IntField(size=2, default=0)),
('ctl_code', EnumField(
size=4,
enum_type=CtlCode,
)), ('file_id', BytesField(size=16)),
('input_offset',
IntField(size=4, default=lambda s: self._buffer_offset_value(s))),
('input_count',
IntField(
size=4,
default=lambda s: len(s['buffer']),
)), ('max_input_response', IntField(size=4)),
('output_offset',
IntField(size=4, default=lambda s: self._buffer_offset_value(s))),
('output_count', IntField(size=4, default=0)),
('max_output_response', IntField(size=4)),
('flags', EnumField(
size=4,
enum_type=IOCTLFlags,
)), ('reserved2', IntField(size=4, default=0)),
('buffer', BytesField(size=lambda s: s['input_count'].get_value()))
])
super(SMB2IOCTLRequest, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('next_entry_offset', IntField(size=4)),
('file_index', IntField(size=4)),
('creation_time', DateTimeField(size=8)),
('last_access_time', DateTimeField(size=8)),
('last_write_time', DateTimeField(size=8)),
('change_time', DateTimeField(size=8)),
('end_of_file', IntField(size=8)),
('allocation_size', IntField(size=8)),
('file_attributes', FlagField(size=4, flag_type=FileAttributes)),
('file_name_length',
IntField(size=4, default=lambda s: len(s['file_name']))),
('ea_size', IntField(size=4)),
('short_name_length',
IntField(size=1, default=lambda s: len(s['short_name']))),
('reserved1', IntField(size=1)),
('short_name',
BytesField(size=lambda s: s['short_name_length'].get_value())),
('short_name_padding',
BytesField(size=lambda s: 24 - len(s['short_name']),
default=lambda s: b"\x00" *
(24 - len(s['short_name'])))),
('reserved2', IntField(size=2)), ('file_id', IntField(size=8)),
('file_name',
BytesField(size=lambda s: s['file_name_length'].get_value()))
])
super(FileIdBothDirectoryInformation, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('next', IntField(size=4)),
('name_offset', IntField(size=2, default=16)),
('name_length',
IntField(size=2, default=lambda s: len(s['buffer_name']))),
('reserved', IntField(size=2)),
('data_offset',
IntField(size=2, default=lambda s: self._buffer_data_offset(s))),
('data_length',
IntField(size=4, default=lambda s: len(s['buffer_data']))),
('buffer_name',
BytesField(size=lambda s: s['name_length'].get_value())),
('padding',
BytesField(size=lambda s: self._padding_size(s),
default=lambda s: b"\x00" * self._padding_size(s))),
('buffer_data',
BytesField(size=lambda s: s['data_length'].get_value())),
# not actually a field but each list entry must start at the 8 byte
# alignment
('padding2',
BytesField(size=lambda s: self._padding2_size(s),
default=lambda s: b"\x00" * self._padding2_size(s)))
])
super(SMB2CreateContextRequest, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('int_field', IntField(size=4)),
('bytes_field', BytesField(size=2)),
('var_field',
BytesField(size=lambda s: s['int_field'].get_value(), )),
('default_field', IntField(
size=2,
default=b"\x01a",
)),
('list_field',
ListField(
list_count=lambda s: s['int_field'].get_value(),
list_type=BytesField(size=8),
size=lambda s: s['int_field'].get_value() * 8,
)),
('structure_length',
IntField(
size=2,
little_endian=False,
default=lambda s: len(s['structure_field']),
)),
('structure_field',
StructureField(
size=lambda s: s['structure_length'].get_value(),
structure_type=Structure2,
)),
])
super(Structure1, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('symlink_length', IntField(size=4, default=lambda s: len(s) - 4)),
('symlink_error_tag',
BytesField(size=4, default=b"\x53\x59\x4d\x4c")),
('reparse_tag', BytesField(size=4, default=b"\x0c\x00\x00\xa0")),
('reparse_data_length',
IntField(size=2, default=lambda s: len(s['path_buffer']) + 12)),
# the len in utf-16-le bytes of the path beyond the substitute name
# of the original target, e.g. \\server\share\symlink\file.txt
# would be length of \file.txt in utf-16-le form, this is used by
# the client to find out what part of the original path to append
# to the substitute name returned by the server.
('unparsed_path_length', IntField(size=2)),
('substitute_name_offset', IntField(size=2)),
('substitute_name_length', IntField(size=2)),
('print_name_offset', IntField(size=2)),
('print_name_length', IntField(size=2)),
('flags', EnumField(
size=2,
enum_type=SymbolicLinkErrorFlags,
)),
# Not in the spec but Windows seems to add \x00\x80 to the end of flags which breaks our parsing. Cannot
# seem to figure out why but this just ignored that field.
('reserved', IntField(size=2)),
# use the get/set_name functions to get/set these values as they
# also (d)encode the text and set the length and offset accordingly
('path_buffer',
BytesField(size=lambda s: self._get_name_length(s, True)))
])
super(SMB2SymbolicLinkErrorResponse, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('lease_key', BytesField(size=16)),
('lease_state', FlagField(size=4, flag_type=LeaseState)),
('flags', FlagField(size=4, flag_type=LeaseResponseFlags)),
('lease_duration', IntField(size=8)),
('parent_lease_key', BytesField(size=16)),
('epoch', IntField(size=2)), ('reserved', IntField(size=2))
])
super(SMB2CreateResponseLeaseV2, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('type', EnumField(size=4, enum_type=IpAddrType)),
('reserved', IntField(size=4)),
('ip_address',
BytesField(size=lambda s: self._ip_address_size(s))),
('reserved2',
BytesField(size=lambda s: self._reserved2_size(s),
default=lambda s: b"\x00" * self._reserved2_size(s)))
])
super(SMB2MoveDstIpAddrStructure, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('resume_key', BytesField(size=24)),
('context_length',
IntField(
size=4,
default=lambda s: len(s['context']),
)),
('context',
BytesField(size=lambda s: s['context_length'].get_value(), )),
])
super(SMB2SrvRequestResumeKey, self).__init__()
def __init__(self):
# pep 80 char issues force me to define this here
create_con_req = smbprotocol.create_contexts.SMB2CreateContextRequest
self.fields = OrderedDict([
('structure_size', IntField(
size=2,
default=57,
)),
('security_flags', IntField(size=1)),
('requested_oplock_level',
EnumField(size=1, enum_type=RequestedOplockLevel)),
('impersonation_level',
EnumField(size=4, enum_type=ImpersonationLevel)),
('smb_create_flags', IntField(size=8)),
('reserved', IntField(size=8)),
('desired_access', IntField(size=4)),
('file_attributes', IntField(size=4)),
('share_access', FlagField(size=4, flag_type=ShareAccess)),
('create_disposition',
EnumField(size=4, enum_type=CreateDisposition)),
('create_options', FlagField(size=4, flag_type=CreateOptions)),
(
'name_offset',
IntField(
size=2,
default=120 # (header size 64) + (structure size 56)
)),
('name_length',
IntField(size=2, default=lambda s: self._name_length(s))),
('create_contexts_offset',
IntField(size=4,
default=lambda s: self._create_contexts_offset(s))),
('create_contexts_length',
IntField(size=4, default=lambda s: len(s['buffer_contexts']))),
# Technically these are all under buffer but we split it to make
# things easier
('buffer_path',
BytesField(size=lambda s: self._buffer_path_size(s), )),
('padding',
BytesField(size=lambda s: self._padding_size(s),
default=lambda s: b"\x00" * self._padding_size(s))),
('buffer_contexts',
ListField(
size=lambda s: s['create_contexts_length'].get_value(),
list_type=StructureField(structure_type=create_con_req),
unpack_func=lambda s, d: self._buffer_context_list(s, d)))
])
super(SMB2CreateRequest, self).__init__()
def __init__(self):
self.fields = OrderedDict([('lease_key', BytesField(size=16)),
('lease_state',
FlagField(size=4, flag_type=LeaseState)),
('lease_flags', IntField(size=4)),
('lease_duration', IntField(size=8))])
super(SMB2CreateRequestLease, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('structure_size', IntField(
size=2,
default=25,
)),
('flags', IntField(size=1)),
('security_mode', EnumField(
size=1,
enum_type=SecurityMode,
)),
('capabilities', FlagField(
size=4,
flag_type=Capabilities,
)),
('channel', IntField(size=4)),
(
'security_buffer_offset',
IntField(
size=2,
default=88, # (header size 64) + (response size 24)
)),
('security_buffer_length',
IntField(
size=2,
default=lambda s: len(s['buffer']),
)),
('previous_session_id', IntField(size=8)),
('buffer',
BytesField(
size=lambda s: s['security_buffer_length'].get_value(), )),
])
super(SMB2SessionSetupRequest, self).__init__()
def __init__(self):
self.fields = OrderedDict([('disk_file_id', IntField(size=8)),
('volume_id', IntField(size=8)),
('reserved',
BytesField(size=16,
default=b"\x00" * 16))])
super(SMB2CreateQueryOnDiskIDResponse, self).__init__()
def __init__(self):
self.fields = OrderedDict([('file_id', BytesField(size=16)),
('create_guid', UuidField(size=16)),
('flags',
FlagField(size=4,
flag_type=DurableHandleFlags))])
super(SMB2CreateDurableHandleReconnectV2, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('rpc_vers', IntField(size=1, default=5)),
('rpc_vers_minor', IntField(size=1, default=0)),
('ptype', EnumField(size=1, enum_type=PType, default=PType.BIND)),
('pfx_flags', FlagField(size=1, flag_type=PFlags)),
('packed_drep',
StructureField(size=4, structure_type=DataRepresentationFormat)),
('frag_length', IntField(size=2, default=lambda s: len(s))),
('auth_length',
IntField(size=2, default=lambda s: len(s['auth_verifier']))),
('call_id', IntField(size=4)),
('max_xmit_frag', IntField(size=2, default=4280)),
('max_recv_frag', IntField(size=2, default=4280)),
('assoc_group_id', IntField(size=4)),
# p_context_list_t
('n_context_elem',
IntField(size=1,
default=lambda s: len(s['context_elems'].get_value()))),
('reserved', IntField(size=1)),
('reserved2', IntField(size=2)),
('context_elems',
ListField(
list_count=lambda s: s['n_context_elem'].get_value(),
list_type=StructureField(structure_type=ContextElement),
unpack_func=lambda s, d: self._unpack_context_elems(s, d))),
('auth_verifier',
BytesField(size=lambda s: s['auth_length'].get_value()))
])
super(BindPDU, self).__init__()
def __init__(self):
create_con_req = smbprotocol.create_contexts.SMB2CreateContextRequest
self.fields = OrderedDict([
('structure_size', IntField(size=2, default=89)),
('oplock_level', EnumField(size=1,
enum_type=RequestedOplockLevel)),
('flag', FlagField(size=1, flag_type=FileFlags)),
('create_action', EnumField(size=4, enum_type=CreateAction)),
('creation_time', DateTimeField(size=8)),
('last_access_time', DateTimeField(size=8)),
('last_write_time', DateTimeField(size=8)),
('change_time', DateTimeField(size=8)),
('allocation_size', IntField(size=8)),
('end_of_file', IntField(size=8)),
('file_attributes', FlagField(size=4, flag_type=FileAttributes)),
('reserved2', IntField(size=4)), ('file_id', BytesField(size=16)),
('create_contexts_offset',
IntField(size=4,
default=lambda s: self._create_contexts_offset(s))),
('create_contexts_length',
IntField(size=4, default=lambda s: len(s['buffer']))),
('buffer',
ListField(
size=lambda s: s['create_contexts_length'].get_value(),
list_type=StructureField(structure_type=create_con_req),
unpack_func=lambda s, d: self._buffer_context_list(s, d)))
])
super(SMB2CreateResponse, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('structure_size', IntField(size=2, default=24)),
('flags', FlagField(size=2, flag_type=CloseFlags)),
('reserved', IntField(size=4)), ('file_id', BytesField(size=16))
])
super(SMB2CloseRequest, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('structure_size', IntField(
size=2,
default=9,
)),
('session_flags', FlagField(
size=2,
flag_type=SessionFlags,
)),
(
'security_buffer_offset',
IntField(
size=2,
default=72, # (header size 64) + (response size 8)
)),
('security_buffer_length',
IntField(
size=2,
default=lambda s: len(s['buffer']),
)),
('buffer',
BytesField(
size=lambda s: s['security_buffer_length'].get_value(), ))
])
super(SMB2SessionSetupResponse, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('version_number', IntField(size=2, default=3)),
('size', IntField(size=2)),
('server_type',
FlagField(size=2, flag_type=DFSServerTypes, flag_strict=False)),
('referral_entry_flags',
FlagField(size=2,
flag_type=DFSReferralEntryFlags,
flag_strict=False)),
('time_to_live', IntField(size=4)),
# The follow fields depend on the ReferralEntryFlags, the actual field names are when the entry is not a
# NameListReferral.
('dfs_path_offset', IntField(size=2)), # SpecialNameOffset
('dfs_alternate_path_offset',
IntField(size=2)), # NumberOfExpandedNames
('network_address_offset', IntField(size=2)), # ExpandedNameOffset
('service_site_guid',
BytesField(size=lambda s: s['size'].get_value() - 18)), # Padding
])
self.dfs_path = None
self.dfs_alternate_path = None
self.network_address = None
super(DFSReferralEntryV3, self).__init__()
def __init__(self):
self.fields = OrderedDict([('structure_size',
IntField(size=2, default=24)),
('reserved1', IntField(size=2)),
('reserved2', IntField(size=4)),
('file_id', BytesField(size=16))])
super(SMB2FlushRequest, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('structure_size', IntField(size=4, default=lambda s: len(s))),
('notification_type', IntField(size=4, default=3)),
('resource_name_offset',
IntField(size=4,
default=lambda s: self._resource_name_offset(s))),
('resource_name_length',
IntField(size=4, default=lambda s: len(s['resource_name']))),
('flags', IntField(size=2, default=0)),
('target_type', IntField(size=2, default=0)),
('ip_addr_count',
IntField(
size=4,
default=lambda s: len(s['ip_addr_move_list'].get_value()))),
('ip_addr_move_list',
ListField(size=lambda s: s['ip_addr_count'].get_value() * 24,
list_count=lambda s: s['ip_addr_count'].get_value(),
list_type=StructureField(
size=24,
structure_type=SMB2MoveDstIpAddrStructure))),
('resource_name',
BytesField(size=lambda s: s['resource_name_length'].get_value()))
])
super(SMB2ShareRedirectErrorContext, self).__init__()
def __init__(self):
# TODO: validate this further when working with actual snapshots
self.fields = OrderedDict([('number_of_snapshots', IntField(size=4)),
('number_of_snapshots_returned',
IntField(size=4)),
('snapshot_array_size', IntField(size=4)),
('snapshots', BytesField())])
super(SMB2SrvSnapshotArray, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('field',
ListField(size=4,
list_count=2,
list_type=BytesField(size=2),
default=[b"\x01\x02", b"\x03\x04"]))
])
super(TestListField.StructureTest, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('process_id', IntField(size=4)),
('comp_name_length',
IntField(size=4, default=lambda s: int(len(s['comp_name']) / 2))),
('comp_name',
BytesField(size=lambda s: s['comp_name_length'].get_value() * 2))
])
super(PAExecStartBuffer, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('object_id', UuidField()),
('extended_info', BytesField(
size=48,
default=b"\x00" * 48,
)),
])
super(FileFsObjectIdInformation, self).__init__()
def __init__(self):
self.fields = OrderedDict([
('msg_id', EnumField(size=2, enum_type=PAExecMsgId)),
('unique_id', IntField(size=4)),
('buffer_length',
IntField(size=4, default=lambda s: len(s['buffer']))),
('buffer',
BytesField(size=lambda s: s['buffer_length'].get_value()))
])
super(PAExecMsg, self).__init__()
