def from_buffer(buff): sd = SECURITY_DESCRIPTOR() sd.Revision = int.from_bytes(buff.read(1), 'little', signed = False) sd.Sbz1 = int.from_bytes(buff.read(1), 'little', signed = False) sd.Control = SE_SACL(int.from_bytes(buff.read(2), 'little', signed = False)) OffsetOwner = int.from_bytes(buff.read(4), 'little', signed = False) OffsetGroup = int.from_bytes(buff.read(4), 'little', signed = False) OffsetSacl = int.from_bytes(buff.read(4), 'little', signed = False) OffsetDacl = int.from_bytes(buff.read(4), 'little', signed = False) if OffsetOwner > 0: buff.seek(OffsetOwner) sd.Owner = SID.from_buffer(buff) if OffsetGroup > 0: buff.seek(OffsetGroup) sd.Group = SID.from_buffer(buff) if OffsetSacl > 0: buff.seek(OffsetSacl) sd.Sacl = ACL.from_buffer(buff) if OffsetDacl > 0: buff.seek(OffsetDacl) sd.Dacl = ACL.from_buffer(buff) return sd
def from_buffer(buff): ace = SYSTEM_RESOURCE_ATTRIBUTE_ACE() ace.Header = ACEHeader.from_buffer(buff) ace.Mask = ADS_ACCESS_MASK(int.from_bytes(buff.read(4), 'little', signed = False)) ace.Sid = SID.from_buffer(buff) ace.AttributeData = buff.read() #not really sure, this will consume the whole buffer! (but we dont know the size at this point!) return ace
def from_buffer(buff): ace = SYSTEM_AUDIT_CALLBACK_ACE() ace.Header = ACEHeader.from_buffer(buff) ace.Mask = ADS_ACCESS_MASK(int.from_bytes(buff.read(4), 'little', signed = False)) ace.Sid = SID.from_buffer(buff) ace.ApplicationData = buff.read() #not really sure, this will consume the whole buffer! (but we dont know the size at this point!) return ace
def from_buffer(buff): ace = ACCESS_DENIED_OBJECT_ACE() ace.Header = ACEHeader.from_buffer(buff) ace.Mask = ADS_ACCESS_MASK(int.from_bytes(buff.read(4), 'little', signed = False)) ace.Flags = ACCESS_ALLOWED_OBJECT_Flags(int.from_bytes(buff.read(4), 'little', signed = False)) if ace.Flags & ACCESS_ALLOWED_OBJECT_Flags.ACE_OBJECT_TYPE_PRESENT: ace.ObjectType = GUID.from_buffer(buff) if ace.Flags & ACCESS_ALLOWED_OBJECT_Flags.ACE_INHERITED_OBJECT_TYPE_PRESENT: ace.InheritedObjectType = GUID.from_buffer(buff) ace.Sid = SID.from_buffer(buff) return ace
def from_buffer(buff): ace = SYSTEM_AUDIT_CALLBACK_OBJECT_ACE() ace.Header = ACEHeader.from_buffer(buff) ace.Mask = ADS_ACCESS_MASK(int.from_bytes(buff.read(4), 'little', signed = False)) ace.Flags = ACCESS_ALLOWED_OBJECT_Flags(int.from_bytes(buff.read(4), 'little', signed = False)) if ace.Flags & ACCESS_ALLOWED_OBJECT_Flags.ACE_OBJECT_TYPE_PRESENT: ace.ObjectType = GUID.from_buffer(buff) if ace.Flags & ACCESS_ALLOWED_OBJECT_Flags.ACE_INHERITED_OBJECT_TYPE_PRESENT: ace.InheritedObjectType = GUID.from_buffer(buff) ace.Sid = SID.from_buffer(buff) ace.ApplicationData = buff.read() #not really sure, this will consume the whole buffer! (but we dont know the size at this point!) return ace
def from_buffer(buff): ace = ACCESS_ALLOWED_ACE() ace.Header = ACEHeader.from_buffer(buff) ace.Mask = ADS_ACCESS_MASK(int.from_bytes(buff.read(4), 'little', signed = False)) ace.Sid = SID.from_buffer(buff) return ace
def from_buffer(buff): ace = SYSTEM_MANDATORY_LABEL_ACE() ace.Header = ACEHeader.from_buffer(buff) ace.Mask = ADS_ACCESS_MASK(int.from_bytes(buff.read(4), 'little', signed = False)) ace.Sid = SID.from_buffer(buff) return ace