class PNIOServiceResPDU(Packet): """PNIO PDU for RPC Response""" fields_desc = [ EndiannessField(IntEnumField("status", 0, ["OK"]), endianess_from=dce_rpc_endianess), NDRData, ] overload_fields = { DceRpc: { # random object_uuid in the appropriate range "object_uuid": RandUUID("dea00000-6c97-11d1-8271-******"), # interface uuid to send to a host "interface_uuid": RPC_INTERFACE_UUID[ "UUID_IO_ControllerInterface"], # Request DCE/RPC type "type": 2, }, } @classmethod def can_handle(cls, pkt, rpc): """heuristic guess_payload_class""" # type = 2 => response if rpc.getfieldval("type") == 2 and \ str(rpc.object_uuid).startswith("dea00000-6c97-11d1-8271-"): return True return False
class PNIOServiceReqPDU(Packet): """PNIO PDU for RPC Request""" fields_desc = [ EndiannessField( FieldLenField("args_max", None, fmt="I", length_of="blocks"), endianess_from=dce_rpc_endianess), NDRData, ] overload_fields = { DceRpc: { # random object_uuid in the appropriate range "object_uuid": RandUUID("dea00000-6c97-11d1-8271-******"), # interface uuid to send to a device "interface_uuid": RPC_INTERFACE_UUID["UUID_IO_DeviceInterface"], # Request DCE/RPC type "type": 0, }, } @classmethod def can_handle(cls, pkt, rpc): """heuristic guess_payload_class""" # type = 0 => request if rpc.getfieldval("type") == 0 and \ str(rpc.object_uuid).startswith("dea00000-6c97-11d1-8271-"): return True return False