def tes_oaut(self):
dce, rpctransport = self.connect()
IID_IDispatch = string_to_bin('00020400-0000-0000-C000-000000000046')
IID_ITypeInfo = string_to_bin('00020401-0000-0000-C000-000000000046')
scm = dcomrt.IRemoteSCMActivator(dce)
iInterface = scm.RemoteCreateInstance(string_to_bin('4E14FBA2-2E22-11D1-9964-00C04FBBB345'), IID_IDispatch)
iDispatch = oaut.IDispatch(iInterface)
kk = iDispatch.GetTypeInfoCount()
kk.dump()
iTypeInfo = iDispatch.GetTypeInfo()
iTypeInfo.GetTypeAttr()
def tes_oaut(self):
dce, rpctransport = self.connect()
IID_IDispatch = string_to_bin('00020400-0000-0000-C000-000000000046')
IID_ITypeInfo = string_to_bin('00020401-0000-0000-C000-000000000046')
scm = dcomrt.IRemoteSCMActivator(dce)
iInterface = scm.RemoteCreateInstance(
string_to_bin('4E14FBA2-2E22-11D1-9964-00C04FBBB345'),
IID_IDispatch)
iDispatch = oaut.IDispatch(iInterface)
kk = iDispatch.GetTypeInfoCount()
kk.dump()
iTypeInfo = iDispatch.GetTypeInfo()
iTypeInfo.GetTypeAttr()
def tes_ie(self):
dce, rpctransport = self.connect()
scm = dcomrt.IRemoteSCMActivator(dce)
#iInterface = scm.RemoteCreateInstance(string_to_bin('0002DF01-0000-0000-C000-000000000046'),ie.IID_WebBrowser)
iInterface = scm.RemoteCreateInstance(
string_to_bin('72C24DD5-D70A-438B-8A42-98424B88AFB8'),
dcomrt.IID_IRemUnknown)
iDispatch = ie.IWebBrowser(iInterface)
resp = iDispatch.GetIDsOfNames(('Navigate', ))
print resp
#sys.exit(1)
iTypeInfo = iDispatch.GetTypeInfo()
resp = iTypeInfo.GetTypeAttr()
#resp.dump()
for i in range(0, resp['ppTypeAttr']['cFuncs']):
resp = iTypeInfo.GetFuncDesc(i)
#resp.dump()
#resp2 = iTypeInfo.GetNames(resp['ppFuncDesc']['memid'])
#print resp2['rgBstrNames'][0]['asData']
resp = iTypeInfo.GetDocumentation(resp['ppFuncDesc']['memid'])
print resp['pBstrName']['asData']
#iEventSystem.get_EventObjectChangeEventClassID()
print "ACA"
iTypeInfo.RemRelease()
iDispatch.RemRelease()
sys.exit(1)
def tes_ie(self):
dce, rpctransport = self.connect()
scm = dcomrt.IRemoteSCMActivator(dce)
#iInterface = scm.RemoteCreateInstance(string_to_bin('0002DF01-0000-0000-C000-000000000046'),ie.IID_WebBrowser)
iInterface = scm.RemoteCreateInstance(string_to_bin('72C24DD5-D70A-438B-8A42-98424B88AFB8'),dcomrt.IID_IRemUnknown)
iDispatch = ie.IWebBrowser(iInterface)
resp = iDispatch.GetIDsOfNames(('Navigate',))
print resp
#sys.exit(1)
iTypeInfo = iDispatch.GetTypeInfo()
resp = iTypeInfo.GetTypeAttr()
#resp.dump()
for i in range(0,resp['ppTypeAttr']['cFuncs']):
resp = iTypeInfo.GetFuncDesc(i)
#resp.dump()
#resp2 = iTypeInfo.GetNames(resp['ppFuncDesc']['memid'])
#print resp2['rgBstrNames'][0]['asData']
resp = iTypeInfo.GetDocumentation(resp['ppFuncDesc']['memid'])
print resp['pBstrName']['asData']
#iEventSystem.get_EventObjectChangeEventClassID()
print "ACA"
iTypeInfo.RemRelease()
iDispatch.RemRelease()
sys.exit(1)
def test_map(self):
dce, rpctransport = self.connect()
tower2 = '\x04\x00\x13\x00\r\xac\xbe\x00\xc1:\xd3KJ\xbf#\xbb\xefFc\xd0\x17\x01\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0c\x02\x00\x00\x00\x01\x00\x10\x18\x00LRPC-26b184043749be8892\x00'
tower = epm.EPMTower()
interface = epm.EPMRPCInterface()
interface['InterfaceUUID'] = string_to_bin('12345778-1234-ABCD-EF00-0123456789AC')
interface['MajorVersion'] = 1
interface['MinorVersion'] = 0
dataRep = epm.EPMRPCDataRepresentation()
dataRep['DataRepUuid'] = string_to_bin('8a885d04-1ceb-11c9-9fe8-08002b104860')
dataRep['MajorVersion'] = 2
dataRep['MinorVersion'] = 0
protId = epm.EPMProtocolIdentifier()
protId['ProtIdentifier'] = 0xb
pipeName = epm.EPMPipeName()
pipeName['PipeName'] = '\x00'
portAddr = epm.EPMPortAddr()
portAddr['IpPort'] = 0
hostAddr = epm.EPMHostAddr()
import socket
hostAddr['Ip4addr'] = socket.inet_aton('0.0.0.0')
hostName = epm.EPMHostName()
hostName['HostName'] = '\x00'
tower['NumberOfFloors'] = 5
tower['Floors'] = interface.getData() + dataRep.getData() + protId.getData() + portAddr.getData() + hostAddr.getData()
#tower['Floors'] = interface.getData() + dataRep.getData() + protId.getData() + pipeName.getData() + hostName.getData()
request = epm.ept_map()
request['max_towers'] = 4
request['map_tower']['tower_length'] = len(tower)
request['map_tower']['tower_octet_string'] = str(tower)
#request.dumpRaw()
resp = dce.request(request)
resp.dump()
def test_RChangeServiceConfig2W(self):
dce, rpctransport, scHandle = self.connect()
lpServiceName = 'TESTSVC\x00'
lpDisplayName = 'DisplayName\x00'
dwDesiredAccess = scmr.SERVICE_ALL_ACCESS
dwServiceType = scmr.SERVICE_WIN32_OWN_PROCESS
dwStartType = scmr.SERVICE_DEMAND_START
dwErrorControl = scmr.SERVICE_ERROR_NORMAL
lpBinaryPathName = 'binaryPath\x00'
lpLoadOrderGroup = NULL
lpdwTagId = NULL
lpDependencies = NULL
dwDependSize = 0
lpServiceStartName = NULL
lpPassword = NULL
dwPwSize = 0
resp = scmr.hRCreateServiceW(
dce, scHandle, lpServiceName, lpDisplayName, dwDesiredAccess,
dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName,
lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize,
lpServiceStartName, lpPassword, dwPwSize)
resp.dump()
newHandle = resp['lpServiceHandle']
error = False
try:
request = scmr.RChangeServiceConfig2W()
request['hService'] = newHandle
request['Info']['dwInfoLevel'] = 1
request['Info']['Union']['tag'] = 1
request['Info']['Union']['psd']['lpDescription'] = u'betobeto\x00'
resp = dce.request(request)
resp.dump()
self.changeServiceAndQuery2(
dce, request, request['Info']['Union']['psd']['lpDescription'])
request['Info']['dwInfoLevel'] = 2
request['Info']['Union']['tag'] = 2
request['Info']['Union']['psfa']['lpRebootMsg'] = u'rebootMsg\00'
request['Info']['Union']['psfa']['lpCommand'] = u'lpCommand\00'
resp = dce.request(request)
resp.dump()
self.changeServiceAndQuery2(
dce, request, request['Info']['Union']['psfa']['lpRebootMsg'])
request['Info']['dwInfoLevel'] = 3
request['Info']['Union']['tag'] = 3
request['Info']['Union']['psda']['fDelayedAutostart'] = 1
resp = dce.request(request)
self.changeServiceAndQuery2(
dce, request,
request['Info']['Union']['psda']['fDelayedAutostart'])
request['Info']['dwInfoLevel'] = 4
request['Info']['Union']['tag'] = 4
request['Info']['Union']['psfaf'][
'fFailureActionsOnNonCrashFailures'] = 1
resp = dce.request(request)
self.changeServiceAndQuery2(
dce, request, request['Info']['Union']['psfaf']
['fFailureActionsOnNonCrashFailures'])
request['Info']['dwInfoLevel'] = 5
request['Info']['Union']['tag'] = 5
request['Info']['Union']['pssid']['dwServiceSidType'] = 1
resp = dce.request(request)
self.changeServiceAndQuery2(
dce, request,
request['Info']['Union']['pssid']['dwServiceSidType'])
request['Info']['dwInfoLevel'] = 6
request['Info']['Union']['tag'] = 6
request['Info']['Union']['psrp']['pRequiredPrivileges'] = list(
u'SeAssignPrimaryTokenPrivilege\x00\x00'.encode('utf-16le'))
resp = dce.request(request)
self.changeServiceAndQuery2(
dce, request,
request['Info']['Union']['psrp']['pRequiredPrivileges'])
request['Info']['dwInfoLevel'] = 7
request['Info']['Union']['tag'] = 7
request['Info']['Union']['psps']['dwPreshutdownTimeout'] = 22
resp = dce.request(request)
self.changeServiceAndQuery2(
dce, request,
request['Info']['Union']['psps']['dwPreshutdownTimeout'])
request['Info']['dwInfoLevel'] = 8
request['Info']['Union']['tag'] = 8
#request.dump()
trigger = scmr.SERVICE_TRIGGER()
trigger['dwTriggerType'] = scmr.SERVICE_TRIGGER_TYPE_DOMAIN_JOIN
trigger['dwAction'] = scmr.SERVICE_TRIGGER_ACTION_SERVICE_START
trigger['pTriggerSubtype'] = string_to_bin(scmr.DOMAIN_JOIN_GUID)
item = scmr.SERVICE_TRIGGER_SPECIFIC_DATA_ITEM()
item['dwDataType'] = scmr.SERVICE_TRIGGER_DATA_TYPE_STRING
item['pData'] = list(u'FREEFLY\x00'.encode('utf-16le'))
#trigger['pDataItems'].append(item)
trigger['pDataItems'] = NULL
request['Info']['Union']['psti']['pTriggers'].append(trigger)
resp = dce.request(request)
#self.changeServiceAndQuery2(dce, request, '\x00')
request['Info']['dwInfoLevel'] = 9
request['Info']['Union']['tag'] = 9
request['Info']['Union']['pspn']['usPreferredNode'] = 22
# This one doesn't work
#resp = dce.request(request)
#self.changeServiceAndQuery2(dce, request, request['Info']['Union']['pspn']['usPreferredNode'])
request['Info']['dwInfoLevel'] = 10
request['Info']['Union']['tag'] = 10
request['Info']['Union']['psri']['eLowestRunLevel'] = 1
# This one doesn't work
#resp = dce.request(request)
#self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psri']['eLowestRunLevel'])
request['Info']['dwInfoLevel'] = 11
request['Info']['Union']['tag'] = 11
request['Info']['Union']['psma']['fIsManagedAccount'] = 1
# This one doesn't work
#resp = dce.request(request)
#self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psma']['fIsManagedAccount'])
except Exception, e:
import traceback
traceback.print_exc()
print e
error = True
pass
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__(self):
if hresult_errors.ERROR_MESSAGES.has_key(self.error_code):
error_msg_short = hresult_errors.ERROR_MESSAGES[self.error_code][0]
error_msg_verbose = hresult_errors.ERROR_MESSAGES[self.error_code][1]
return "OAUT SessionError: code: 0x%x - %s - %s" % (self.error_code, error_msg_short, error_msg_verbose)
else:
return "OAUT SessionError: unknown error code: 0x%x" % (self.error_code)
################################################################################
# CONSTANTS
################################################################################
# 1.9 Standards Assignments
IID_IDispatch = string_to_bin("00020400-0000-0000-C000-000000000046")
IID_ITypeInfo = string_to_bin("00020401-0000-0000-C000-000000000046")
IID_ITypeComp = string_to_bin("00020403-0000-0000-C000-000000000046")
IID_NULL = string_to_bin("00000000-0000-0000-0000-000000000000")
error_status_t = ULONG
LCID = DWORD
WORD = NDRUSHORT
# 2.2.2 IID
IID = GUID
# 2.2.3 LPOLESTR
LPOLESTR = LPWSTR
OLESTR = WSTR
if hresult_errors.ERROR_MESSAGES.has_key(self.error_code):
error_msg_short = hresult_errors.ERROR_MESSAGES[self.error_code][0]
error_msg_verbose = hresult_errors.ERROR_MESSAGES[
self.error_code][1]
return 'OAUT SessionError: code: 0x%x - %s - %s' % (
self.error_code, error_msg_short, error_msg_verbose)
else:
return 'OAUT SessionError: unknown error code: 0x%x' % (
self.error_code)
################################################################################
# CONSTANTS
################################################################################
# 1.9 Standards Assignments
IID_IDispatch = string_to_bin('00020400-0000-0000-C000-000000000046')
IID_ITypeInfo = string_to_bin('00020401-0000-0000-C000-000000000046')
IID_ITypeComp = string_to_bin('00020403-0000-0000-C000-000000000046')
IID_NULL = string_to_bin('00000000-0000-0000-0000-000000000000')
error_status_t = ULONG
LCID = DWORD
WORD = NDRUSHORT
# 2.2.2 IID
IID = GUID
# 2.2.3 LPOLESTR
LPOLESTR = LPWSTR
OLESTR = WSTR
def __str__(self):
if hresult_errors.ERROR_MESSAGES.has_key(self.error_code):
error_msg_short = hresult_errors.ERROR_MESSAGES[self.error_code][0]
error_msg_verbose = hresult_errors.ERROR_MESSAGES[
self.error_code][1]
return 'SCMP SessionError: code: 0x%x - %s - %s' % (
self.error_code, error_msg_short, error_msg_verbose)
else:
return 'SCMP SessionError: unknown error code: 0x%x' % self.error_code
################################################################################
# CONSTANTS
################################################################################
# 1.9 Standards Assignments
CLSID_ShadowCopyProvider = string_to_bin(
'0b5a2c52-3eb9-470a-96e2-6c6d4570e40f')
IID_IVssSnapshotMgmt = string_to_bin('FA7DF749-66E7-4986-A27F-E2F04AE53772')
IID_IVssEnumObject = string_to_bin('AE1C7110-2F60-11d3-8A39-00C04F72D8E3')
IID_IVssDifferentialSoftwareSnapshotMgmt = string_to_bin(
'214A0F28-B737-4026-B847-4F9E37D79529')
IID_IVssEnumMgmtObject = string_to_bin('01954E6B-9254-4e6e-808C-C9E05D007696')
IID_ShadowCopyProvider = string_to_bin('B5946137-7B9F-4925-AF80-51ABD60B20D5')
# 2.2.1.1 VSS_ID
class VSS_ID(NDRSTRUCT):
structure = (('Data', '16s=""'), )
def getAlignment(self):
return 2
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__( self ):
if hresult_errors.ERROR_MESSAGES.has_key(self.error_code):
error_msg_short = hresult_errors.ERROR_MESSAGES[self.error_code][0]
error_msg_verbose = hresult_errors.ERROR_MESSAGES[self.error_code][1]
return 'VDS SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
else:
return 'VDS SessionError: unknown error code: 0x%x' % (self.error_code)
################################################################################
# CONSTANTS
################################################################################
# 1.9 Standards Assignments
CLSID_VirtualDiskService = string_to_bin('7D1933CB-86F6-4A98-8628-01BE94C9A575')
IID_IEnumVdsObject = string_to_bin('118610B7-8D94-4030-B5B8-500889788E4E')
IID_IVdsAdviseSink = string_to_bin('8326CD1D-CF59-4936-B786-5EFC08798E25')
IID_IVdsAsync = string_to_bin('D5D23B6D-5A55-4492-9889-397A3C2D2DBC')
IID_IVdsServiceInitialization = string_to_bin('4AFC3636-DB01-4052-80C3-03BBCB8D3C69')
IID_IVdsService = string_to_bin('0818A8EF-9BA9-40D8-A6F9-E22833CC771E')
IID_IVdsSwProvider = string_to_bin('9AA58360-CE33-4F92-B658-ED24B14425B8')
IID_IVdsProvider = string_to_bin('10C5E575-7984-4E81-A56B-431F5F92AE42')
error_status_t = ULONG
# 2.2.1.1.3 VDS_OBJECT_ID
VDS_OBJECT_ID = GUID
################################################################################
# STRUCTURES
def test_RChangeServiceConfig2W(self):
dce, rpctransport, scHandle = self.connect()
lpServiceName = 'TESTSVC\x00'
lpDisplayName = 'DisplayName\x00'
dwDesiredAccess = scmr.SERVICE_ALL_ACCESS
dwServiceType = scmr.SERVICE_WIN32_OWN_PROCESS
dwStartType = scmr.SERVICE_DEMAND_START
dwErrorControl = scmr.SERVICE_ERROR_NORMAL
lpBinaryPathName = 'binaryPath\x00'
lpLoadOrderGroup = NULL
lpdwTagId = NULL
lpDependencies = NULL
dwDependSize = 0
lpServiceStartName = NULL
lpPassword = NULL
dwPwSize = 0
resp = scmr.hRCreateServiceW(dce, scHandle, lpServiceName, lpDisplayName, dwDesiredAccess, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize)
resp.dump()
newHandle = resp['lpServiceHandle']
error = False
try:
request = scmr.RChangeServiceConfig2W()
request['hService'] = newHandle
request['Info']['dwInfoLevel'] = 1
request['Info']['Union']['tag'] = 1
request['Info']['Union']['psd']['lpDescription'] = u'betobeto\x00'
resp = dce.request(request)
resp.dump()
self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psd']['lpDescription'])
request['Info']['dwInfoLevel'] = 2
request['Info']['Union']['tag'] = 2
request['Info']['Union']['psfa']['lpRebootMsg'] = u'rebootMsg\00'
request['Info']['Union']['psfa']['lpCommand'] = u'lpCommand\00'
resp = dce.request(request)
resp.dump()
self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psfa']['lpRebootMsg'])
request['Info']['dwInfoLevel'] = 3
request['Info']['Union']['tag'] = 3
request['Info']['Union']['psda']['fDelayedAutostart'] = 1
resp = dce.request(request)
self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psda']['fDelayedAutostart'])
request['Info']['dwInfoLevel'] = 4
request['Info']['Union']['tag'] = 4
request['Info']['Union']['psfaf']['fFailureActionsOnNonCrashFailures'] = 1
resp = dce.request(request)
self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psfaf']['fFailureActionsOnNonCrashFailures'])
request['Info']['dwInfoLevel'] = 5
request['Info']['Union']['tag'] = 5
request['Info']['Union']['pssid']['dwServiceSidType'] = 1
resp = dce.request(request)
self.changeServiceAndQuery2(dce, request, request['Info']['Union']['pssid']['dwServiceSidType'])
request['Info']['dwInfoLevel'] = 6
request['Info']['Union']['tag'] = 6
request['Info']['Union']['psrp']['pRequiredPrivileges'] = list(u'SeAssignPrimaryTokenPrivilege\x00\x00'.encode('utf-16le'))
resp = dce.request(request)
self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psrp']['pRequiredPrivileges'])
request['Info']['dwInfoLevel'] = 7
request['Info']['Union']['tag'] = 7
request['Info']['Union']['psps']['dwPreshutdownTimeout'] = 22
resp = dce.request(request)
self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psps']['dwPreshutdownTimeout'])
request['Info']['dwInfoLevel'] = 8
request['Info']['Union']['tag'] = 8
#request.dump()
trigger = scmr.SERVICE_TRIGGER()
trigger['dwTriggerType'] = scmr.SERVICE_TRIGGER_TYPE_DOMAIN_JOIN
trigger['dwAction'] = scmr.SERVICE_TRIGGER_ACTION_SERVICE_START
trigger['pTriggerSubtype'] = string_to_bin(scmr.DOMAIN_JOIN_GUID)
item = scmr.SERVICE_TRIGGER_SPECIFIC_DATA_ITEM()
item['dwDataType'] = scmr.SERVICE_TRIGGER_DATA_TYPE_STRING
item['pData'] = list(u'FREEFLY\x00'.encode('utf-16le'))
#trigger['pDataItems'].append(item)
trigger['pDataItems'] = NULL
request['Info']['Union']['psti']['pTriggers'].append(trigger)
resp = dce.request(request)
#self.changeServiceAndQuery2(dce, request, '\x00')
request['Info']['dwInfoLevel'] = 9
request['Info']['Union']['tag'] = 9
request['Info']['Union']['pspn']['usPreferredNode'] = 22
# This one doesn't work
#resp = dce.request(request)
#self.changeServiceAndQuery2(dce, request, request['Info']['Union']['pspn']['usPreferredNode'])
request['Info']['dwInfoLevel'] = 10
request['Info']['Union']['tag'] = 10
request['Info']['Union']['psri']['eLowestRunLevel'] = 1
# This one doesn't work
#resp = dce.request(request)
#self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psri']['eLowestRunLevel'])
request['Info']['dwInfoLevel'] = 11
request['Info']['Union']['tag'] = 11
request['Info']['Union']['psma']['fIsManagedAccount'] = 1
# This one doesn't work
#resp = dce.request(request)
#self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psma']['fIsManagedAccount'])
except Exception, e:
import traceback
traceback.print_exc()
print e
error = True
pass
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__( self ):
if hresult_errors.ERROR_MESSAGES.has_key(self.error_code):
error_msg_short = hresult_errors.ERROR_MESSAGES[self.error_code][0]
error_msg_verbose = hresult_errors.ERROR_MESSAGES[self.error_code][1]
return 'SCMP SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
else:
return 'SCMP SessionError: unknown error code: 0x%x' % self.error_code
################################################################################
# CONSTANTS
################################################################################
# 1.9 Standards Assignments
CLSID_ShadowCopyProvider = string_to_bin('0b5a2c52-3eb9-470a-96e2-6c6d4570e40f')
IID_IVssSnapshotMgmt = string_to_bin('FA7DF749-66E7-4986-A27F-E2F04AE53772')
IID_IVssEnumObject = string_to_bin('AE1C7110-2F60-11d3-8A39-00C04F72D8E3')
IID_IVssDifferentialSoftwareSnapshotMgmt = string_to_bin('214A0F28-B737-4026-B847-4F9E37D79529')
IID_IVssEnumMgmtObject = string_to_bin('01954E6B-9254-4e6e-808C-C9E05D007696')
IID_ShadowCopyProvider = string_to_bin('B5946137-7B9F-4925-AF80-51ABD60B20D5')
# 2.2.1.1 VSS_ID
class VSS_ID(NDRSTRUCT):
structure = (
('Data','16s=""'),
)
def getAlignment(self):
return 2
