def CreateServiceW(self, handle, serviceName, displayName, binaryPathName, serviceType = SERVICE_WIN32_OWN_PROCESS):
"""
creates a service
:param HANDLE handle: a valid HANDLE to the SCM database (see OpenSCManagerW)
:param UNICODE serviceName: the name of the service to create
:param UNICODE displayName: the display name of the service to create
:param UNICODE binaryPathName: the pathname for the binary to be executed when starting the service
:param INT serviceType: the type of service to be created. See service types within this file or [MS-SCMR] section 3.1.4.12.
:return: returns an SVCCTLRCreateServiceWResponse structure with the service handle. Call dump() method to see its contents. On error it raises an exception
"""
# We MUST receive Unicode data here
createService = SVCCTLRCreateServiceW()
createService['SCManager'] = handle
createService['ServiceName'] = ndrutils.NDRStringW()
createService['ServiceName']['Data'] = (serviceName+'\x00'.encode('utf-16le'))
createService['DisplayName'] = ndrutils.NDRUniqueStringW()
createService['DisplayName']['Data'] = (displayName+'\x00'.encode('utf-16le'))
createService['DesiredAccess'] = SERVICE_ALL_ACCESS
createService['ServiceType'] = serviceType
createService['StartType'] = SERVICE_AUTO_START
#createService['StartType'] = SERVICE_DEMAND_START
createService['ErrorControl'] = SERVICE_ERROR_IGNORE
createService['BinaryPathName'] = ndrutils.NDRStringW()
createService['BinaryPathName']['Data'] = (binaryPathName+'\x00'.encode('utf-16le'))
createService['TagID'] = 0
ans = self.doRequest(createService, checkReturn = 1)
return SVCCTLRCreateServiceWResponse(ans)
def StartServiceW(self, handle, arguments=''):
"""
starts a service
:param HANDLE handle: a valid HANDLE to the service (see OpenServiceW)
:param STRING arguments: arguments to be passed to the service
:return: On error it raises an exception. Otherwise it was successful
"""
# TODO: argv has to be a pointer to a buffer that contains an array
# of pointers to null-terminated UNICODE strings that are passed as
# arguments to the service
startService = SVCCTLRStartServiceW()
startService['ContextHandle'] = handle
startService['argc'] = len(arguments)
if len(arguments) == 0:
startService['argv'] = '\x00' * 4
else:
args_data = pack('<LL', id(arguments) & 0xffffffff, len(arguments))
for argument in arguments:
args_data += pack('<L', id(argument) & 0xffffffff)
for i in range(len(arguments)):
item = ndrutils.NDRStringW()
item['Data'] = arguments[i] + '\x00'.encode('utf-16le')
args_data += str(item)
startService['argv'] = args_data
ans = self.doRequest(startService, checkReturn=1)
return ans
def NetrShareGetInfo(self, serverName, netName):
"""
retrieves information about a particular shared resource on the server (info struct level 2 only supported)
:param UNICODE serverName: the NetBIOS name of the remote machine. '' would do the work as well
:param UNICODE netName: Unicode string that specifies the name of the share to return information for
:return: a SHARE_INFO_2 like structure (strings in UNICODE). For the meaning of each field see [MS-SRVS] Section 2.2.4.24
"""
shareGetInfo = SRVSVCShareGetInfo()
shareGetInfo['ServerName'] = ndrutils.NDRUniqueStringW()
shareGetInfo['ServerName']['Data'] = serverName + '\x00'.encode(
'utf-16le')
shareGetInfo['ServerName'].alignment = 4
shareGetInfo['NetName'] = ndrutils.NDRStringW()
shareGetInfo['NetName']['Data'] = netName + '\x00'.encode('utf-16le')
shareGetInfo['NetName'].alignment = 4
shareGetInfo['Level'] = 2
data = self.doRequest(shareGetInfo, checkReturn=1)
ans = SRVSVCShareGetInfoResponse(data)
entry = {}
entry['Type'] = ans['InfoStruct']['ShareInfo2']['shi2_type']
entry['NetName'] = ans['InfoStruct']['ShareInfo2']['netname']['Data']
entry['Remark'] = ans['InfoStruct']['ShareInfo2']['remark']['Data']
entry['Permissions'] = ans['InfoStruct']['ShareInfo2'][
'shi2_permissions']
entry['MaxUses'] = ans['InfoStruct']['ShareInfo2']['shi2_max_uses']
entry['CurrentUses'] = ans['InfoStruct']['ShareInfo2'][
'shi2_current_uses']
entry['Path'] = ans['InfoStruct']['ShareInfo2']['path']['Data']
return entry
def SchRpcEnumTasks(self, path, startIndex=0, flags=0):
enumTasks = ATSVCSchRpcEnumTasks()
enumTasks['Path'] = ndrutils.NDRStringW()
enumTasks['Path']['Data'] = (path + '\x00').encode('utf-16le')
enumTasks['StartIndex'] = startIndex
enumTasks['Flags'] = 0
packet = self.doRequest(enumTasks, checkReturn=0)
ans = ATSVCSchRpcEnumTasksResp(packet)
return ans
def set_key_name(self, name):
if not name.endswith('\0'):
name += '\0'
namelen = len(name)
ndrStr = ndrutils.NDRStringW()
ndrStr['Data'] = name.encode('utf-16le')
self.set_word(20, 2 * namelen, '<')
self.set_word(22, 2 * namelen, '<')
self.get_bytes()[28:-4] = array.array('B', str(ndrStr) + '\x00' * 4)
def OpenServiceW(self, handle, name):
# We MUST receive Unicode data here
openService = SVCCTLROpenServiceW()
openService['SCManager'] = handle
openService['ServiceName'] = ndrutils.NDRStringW()
openService['ServiceName']['Data'] = (name + '\x00'.encode('utf-16le'))
openService['DesiredAccess'] = SERVICE_ALL_ACCESS
ans = self.doRequest(openService, checkReturn=1)
return SVCCTLROpenServiceResponse(ans)
def CreateServiceW(self, handle, serviceName, displayName, binaryPathName):
# We MUST receive Unicode data here
createService = SVCCTLRCreateServiceW()
createService['SCManager'] = handle
createService['ServiceName'] = ndrutils.NDRStringW()
createService['ServiceName']['Data'] = (serviceName +
'\x00'.encode('utf-16le'))
createService['DisplayName'] = ndrutils.NDRUniqueStringW()
createService['DisplayName']['Data'] = (displayName +
'\x00'.encode('utf-16le'))
createService['DesiredAccess'] = SERVICE_ALL_ACCESS
createService[
'ServiceType'] = SERVICE_WIN32_OWN_PROCESS | SERVICE_INTERACTIVE_PROCESS
createService['StartType'] = SERVICE_AUTO_START
#createService['StartType'] = SERVICE_DEMAND_START
createService['ErrorControl'] = SERVICE_ERROR_IGNORE
createService['BinaryPathName'] = ndrutils.NDRStringW()
createService['BinaryPathName']['Data'] = (binaryPathName +
'\x00'.encode('utf-16le'))
createService['TagID'] = 0
ans = self.doRequest(createService, checkReturn=1)
return SVCCTLRCreateServiceWResponse(ans)
def NetrWkstaTransportEnum( self, serverName ):
transportEnum = WKSSVCNetrWkstaTransportEnum()
transportEnum['ServerName'] = ndrutils.NDRUniqueStringW()
transportEnum['ServerName']['Data'] = (serverName+'\x00').encode('utf-16le')
transportEnum['TransportInfo'] = '\x00'*8 + '\x04\x00\x04\x00' + '\x00'*8
data = self.doRequest(transportEnum, checkReturn = 1)
ans = WKSSVCNetrWkstaTransportEnumResponse(data)
data = ans['Array']
transportList = []
for i in range(ans['Count']):
ll = WKSTA_TRANSPORT_INFO_0(data)
transportList.append(ll)
data = data[len(ll):]
for i in range(ans['Count']):
transName = ndrutils.NDRStringW(data)
transportList[i]['TransportName'] = transName
data = data[len(transName):]
transAddress = ndrutils.NDRStringW(data)
transportList[i]['TransportAddress'] = transAddress
data = data[len(transAddress):]
ans['Array'] = transportList
return ans
def formatDict(self):
resp = {}
resp['name'] = None
resp['sid'] = None
data = self['Data']
if self['pName'] != 0:
name = ndrutils.NDRStringW(data)
data = data[name['ActualCount'] * 2 + 12:]
if name['ActualCount'] % 2 == 1:
data = data[2:]
resp['name'] = name['Data']
if self['pSid'] != 0:
resp['sid'] = SAMR_RPC_SID(data[4:])
return resp
def OpenServiceW(self, handle, name):
"""
opens a service
:param HANDLE handle: a valid HANDLE to the SCM database (see OpenSCManagerW)
:param UNICODE name: name of the service
:return: returns an SVCCTLROpenServiceResponse structure with the service handle. Call dump() method to see its contents. On error it raises an exception
"""
# We MUST receive Unicode data here
openService = SVCCTLROpenServiceW()
openService['SCManager'] = handle
openService['ServiceName'] = ndrutils.NDRStringW()
openService['ServiceName']['Data'] = (name + '\x00'.encode('utf-16le'))
openService['DesiredAccess'] = SERVICE_ALL_ACCESS
ans = self.doRequest(openService, checkReturn=1)
return SVCCTLROpenServiceResponse(ans)
def StartServiceW(self, handle, arguments=''):
# TODO: argv has to be a pointer to a buffer that contains an array
# of pointers to null-terminated UNICODE strings that are passed as
# arguments to the service
startService = SVCCTLRStartServiceW()
startService['ContextHandle'] = handle
startService['argc'] = len(arguments)
if len(arguments) == 0:
startService['argv'] = '\x00' * 4
else:
args_data = pack('<LL', id(arguments), len(arguments))
args_data += apply(pack, ['<' + 'L' * len(arguments)] +
map(id, arguments))
for i in range(len(arguments)):
item = ndrutils.NDRStringW()
item['Data'] = arguments[i] + '\x00'.encode('utf-16le')
args_data += str(item)
startService['argv'] = args_data
ans = self.doRequest(startService, checkReturn=1)
return ans
def SchRpcRun(self, path):
rpcRun = ATSVCSchRpcRun()
rpcRun['Path'] = ndrutils.NDRStringW()
rpcRun['Path']['Data'] = (path + '\x00').encode('utf-16le')
packet = self.doRequest(rpcRun, checkReturn=0)
return packet
