Example #1
0
 def __init__(self, s0='', s1='', s2='', s3=''):
     Struct.__init__(self)
     self['s0'] = SafeString(s=s0)
     self['s1'] = SafeString(s=s1)
     self['s2'] = SafeString(s=s2)
     self['s3'] = SafeString(s=s3)
     self.payload = None
Example #2
0
 def __init__(self, unicode_flag=1, computername=''):
     Struct.__init__(self)
     self['UnicodeFlag'] = 1
     self['CodePage'] = 0
     self['ComputerName'] = (computername + '\0').encode('utf-16le')
     self['ComputerNameLen'] = len(self['ComputerName'])
     self.payload = ''
Example #3
0
 def __init__(self, source, dest, flags=[]):
     Struct.__init__(self)
     self['source'] = SafeString(source)
     self['dest'] = SafeString(dest)
     self['flagsSize'] = len(flags)
     if self['flagsSize']: self['unknown_byte0'] = 1
     self['flags'] = flags
     self.payload = None
Example #4
0
 def __init__(self, timeout=0, flags=[]):
     Struct.__init__(self)
     self['waitForSize'] = len(flags)
     self['waitForFlags'] = flags
     self['timeoutMS'] = timeout
     if self['waitForSize']:
         self['unknown_byte0'] = 1
     self.payload = None
Example #5
0
 def __init__(self, device_list=None):
     Struct.__init__(self)
     if not device_list:
         self['DeviceList'] = []
         self['DeviceCount'] = 0
     else:
         self['DeviceList'] = device_list
         self['DeviceCount'] = len(device_list)
Example #6
0
    def __init__(self, data=None):
        Struct.__init__(self, data)
        if data is None:
            # TODO
            raise RuntimeError('Not implemented!')
        else:

            # A parsing against an invalid stream does not make sense
            if self['Signature'] != LWR_KEYSECURITY_SIGNATURE:
                raise ValueError('KeySecurity: Data provided is not a KeySecurity')

            offset = self.calcsize()
            if self['SecurityDescriptorSize']:
                self['SecurityDescriptor'] = data[offset:offset+self['SecurityDescriptorSize']]
Example #7
0
    def __init__(self, data=None):
        Struct.__init__(self, data)
        if data is None:
            # TODO
            raise RuntimeError('Not implemented!')
        else:

            # A parsing against an invalid stream does not make sense
            if self['Signature'] != LWR_KEYVALUE_SIGNATURE:
                raise ValueError('KeyValue: Data provided is not a KeyValue')

            offset = self.calcsize()
            if self['NameLength']:
                self['ValueNameString'] = data[offset:offset+self['NameLength']]
Example #8
0
 def __init__(self,
              command='',
              timeout=0,
              arguments=[],
              environment=[],
              flags=[]):
     Struct.__init__(self)
     self['command'] = SafeString(command)
     self['timeoutMS'] = timeout
     self['argumentsSize'] = len(arguments)
     self['environmentSize'] = len(environment)
     self['flagsSize'] = len(flags)
     if self['argumentsSize']: self['unknown_byte0'] = 1
     if self['environmentSize']: self['unknown_byte1'] = 1
     if self['flagsSize']: self['unknown_byte2'] = 1
     self['arguments'] = map(lambda x: SafeString(x), arguments)
     self['environment'] = map(lambda x: SafeString(x), environment)
     self['flags'] = flags
     self.payload = None
Example #9
0
    def __init__(self, data=None):
        Struct.__init__(self, data)
        if data is None:
            # TODO
            raise RuntimeError('Not implemented!')
        else:

            # A parsing against an invalid stream does not make sense
            if self['Signature'] != LWR_INDEXLEAF_SIGNATURE:
                raise ValueError('IndexLeaf: Data provided is not a IndexLeaf')

            offset = 4
            if self['NumberOfElements'] and len(data[offset:]) < 4*self['NumberOfElements']:
                raise ValueError('IndexLeaf: Does not provide enough data')

            self['ListElements'] = []
            for i in xrange(self['NumberOfElements']):
                self['ListElements'].append({'offset':data[offset:offset+4]})
                offset += 4
Example #10
0
    def __init__(self, data=None):
        Struct.__init__(self, data)
        if data is None:
            # TODO
            raise RuntimeError('Not implemented!')
        else:

            # A parsing against an invalid stream does not make sense
            if self['Signature'] != LWR_FASTLEAF_SIGNATURE:
                raise ValueError('FastLeaf: Data provided is not a FastLeaf')

            offset = 4
            if self['NumberOfElements'] and len(data[offset:]) < 8*self['NumberOfElements']:
                raise ValueError('FastLeaf: Does not provide enough data: %d vs %d' % (len(data[offset:]), 8*self['NumberOfElements']))

            self['ListElements'] = []
            for i in xrange(self['NumberOfElements']):
                key_node_offset = struct.unpack('<L', data[offset:offset+4])[0]
                name_hint = data[offset+4:offset+8].rstrip('\0')
                self['ListElements'].append({'offset':key_node_offset, 'hint':name_hint})
                offset += 8
Example #11
0
    def __init__(self, data=None, hdr=None, cells=[]):
        Struct.__init__(self, data)

        if data is None:
            self['Header'] = hdr
            self['Cells'] = cells
        else:
            self['Header'] = HiveBinHeader(data=data)
            # There is no point in continuing the parsing if the header is incorrect.
            if not self['Header'] or not self.is_valid():
                return
            hdr_size = self['Header'].calcsize()
            offset = hdr_size

            self['Cells'] = []
            while 1:
                cell = Cell(data=data[offset:])
                cell.set_offset(offset)
                self['Cells'].append(cell)
                offset += cell.calcsize()
                if offset >= self['Header'].get_size():
                    break
Example #12
0
    def __init__(self, data=None):
        Struct.__init__(self, data)
        self.offset = 0

        if data is None:
            # TODO
            raise RuntimeError('Not implemented!')
        else:
            if self['Size'] > 0x80000000:
                self['Size'] = (-self['Size']) & 0xffffffff
            d = data[4:self['Size']]
            if d:
                for cls in list_of_classes:
                    try:
                        c = cls(data=d)
                    except Exception as e:
                        continue
                    if c.is_valid():
                        self['Data'] = c
                        break

            if not self['Data']:
                self['Data'] = d
Example #13
0
 def __init__(self):
     Struct.__init__(self)
     self.payload = None
Example #14
0
 def __init__(self, d=0):
     Struct.__init__(self)
     self['dword0'] = d
     self.payload = None
Example #15
0
 def __init__(self, q0=0, q1=0):
     Struct.__init__(self)
     self['qword0'] = q0
     self['qword1'] = q1
     self.payload = None
Example #16
0
 def __init__(self, qwords=[]):
     Struct.__init__(self)
     self['qwords'] = qwords
     self['nr_qwords'] = len(qwords)
     self.payload = None
Example #17
0
 def __init__(self, d=0, s=''):
     Struct.__init__(self)
     self['d0'] = d
     self['string0'] = s.encode('utf-16le')
     self['length'] = len(self['string0'])
     self.payload = None
Example #18
0
 def __init__(self, major=0x0001, minor=0x000c, cliend_id=0):
     Struct.__init__(self)
     self['VersionMajor'] = major
     self['VersionMinor'] = minor
     self['ClientId'] = cliend_id
     self.payload = ''
Example #19
0
 def __init__(self, d0=0, d1=0, d2=0):
     Struct.__init__(self)
     self['dword0'] = d0
     self['dword1'] = d1
     self['dword2'] = d2
     self.payload = None
Example #20
0
 def __init__(self, message_type):
     Struct.__init__(self)
     self['messageType'] = message_type
Example #21
0
 def __init__(self, component=0, packet_id=0):
     Struct.__init__(self)
     self['Component'] = component
     self['PacketId'] = packet_id
     self.payload = ''
Example #22
0
 def __init__(self):
     Struct.__init__(self)
     self['Component'] = RDPDR_CTYP_CORE
     self['PacketId'] = PAKID_CORE_USER_LOGGEDON
Example #23
0
 def __init__(self, data=None):
     Struct.__init__(self, data)
Example #24
0
 def __init__(self, payload=''):
     Struct.__init__(self)
     self['payload'] = payload
Example #25
0
    def __init__(self, data=None):
        Struct.__init__(self, data)

        # A parsing against an invalid stream does not make sense
        if self['Signature'] != LWR_BASEBLOCK_SIGNATURE:
            raise ValueError('Data provided is not a BaseBlock')