def parseDirectoryControlResponse(self, deviceID: int, completionID: int,
ioStatus: int,
stream: BytesIO) -> DeviceIOResponsePDU:
minorFunction = self.minorFunctionsForParsingResponse.pop(
completionID, None)
if minorFunction is None:
return DeviceIOResponsePDU(None, deviceID, completionID, ioStatus,
stream.read())
elif minorFunction == MinorFunction.IRP_MN_NOTIFY_CHANGE_DIRECTORY:
return DeviceIOResponsePDU(None, deviceID, completionID, ioStatus,
stream.read())
informationClass = self.informationClassForParsingResponse.pop(
completionID)
length = Uint32LE.unpack(stream)
responseData = stream.read(length)
endByte = stream.read(1)
fileInformation = self.fileInformationParsers[informationClass](
responseData)
return DeviceQueryDirectoryResponsePDU(deviceID, completionID,
ioStatus, informationClass,
fileInformation, endByte)
def dealWithResponse(self, pdu: DeviceIOResponsePDU):
"""
Based on the type of request the response is meant for, handle open files, closed files and read data.
Also remove the associated request from the list of requests in progress.
"""
if pdu.completionId in self.completionIdInProgress.keys():
requestPDU = self.completionIdInProgress[pdu.completionId]
if pdu.ioStatus >> 30 == IOOperationSeverity.STATUS_SEVERITY_ERROR:
self.mitm_log.warning(
"Received an IO Response with an error IO status: %(responsePdu)s "
"For request %(requestPdu)s", {
"responsePdu": pdu.__repr__(),
"requestPdu": requestPDU.__repr__()
})
if isinstance(requestPDU, DeviceReadRequestPDU):
self.mitm_log.debug(f"Read response received.")
self.dealWithReadResponse(pdu, requestPDU)
elif isinstance(requestPDU, DeviceCreateRequestPDU):
self.dealWithCreateResponse(pdu, requestPDU)
elif isinstance(requestPDU, DeviceCloseRequestPDU):
self.dealWithCloseResponse(pdu, requestPDU)
else:
self.mitm_log.debug("Unknown response received: %(pdu)s",
{"pdu": pdu})
self.completionIdInProgress.pop(pdu.completionId)
else:
self.mitm_log.error(
"Completion id %(completionId)d not in the completionId in progress list. "
"This might mean that someone is sending corrupted data.",
{"completionId": pdu.completionId})
def parseDeviceIOResponse(self, stream: BytesIO) -> DeviceIOResponsePDU:
"""
Starts after the rdpdr header.
"""
deviceId = Uint32LE.unpack(stream)
completionId = Uint32LE.unpack(stream)
ioStatus = Uint32LE.unpack(stream)
payload = stream.read()
return DeviceIOResponsePDU(deviceId, completionId, ioStatus, payload=payload)
def parseDeviceIOResponse(self, stream: BytesIO) -> DeviceIOResponsePDU:
deviceID = Uint32LE.unpack(stream)
completionID = Uint32LE.unpack(stream)
ioStatus = Uint32LE.unpack(stream)
majorFunction = self.majorFunctionsForParsingResponse.pop(completionID, None)
if majorFunction in self.ioResponseParsers:
return self.ioResponseParsers[majorFunction](deviceID, completionID, ioStatus, stream)
else:
# If for some reason, we don't know this completionID, we also return a raw response PDU (because majorFunction is None).
payload = stream.read()
return DeviceIOResponsePDU(majorFunction, deviceID, completionID, ioStatus, payload)