def __init__(self, reader): self.UsageCount = ULONG(reader).value self.unk0 = LIST_ENTRY(reader) self.unk1 = LIST_ENTRY(reader) self.unk2 = PVOID(reader).value self.unk3 = ULONG(reader).value # // filetime.1 ? self.unk4 = ULONG(reader).value #// filetime.2 ?(reader).value self.unk5 = PVOID(reader).value self.unk6 = PVOID(reader).value self.unk7 = PVOID(reader).value self.LocallyUniqueIdentifier = LUID(reader).value reader.align(8) #self.unkAlign = ULONG(reader).value #aliing on x86(reader).value self.unk8 = FILETIME(reader).value self.unk9 = PVOID(reader).value self.unk10 = ULONG(reader).value # // filetime.1 ?(reader).value self.unk11 = ULONG(reader).value # // filetime.2 ?(reader).value self.unk12 = PVOID(reader).value self.unk13 = PVOID(reader).value self.unk14 = PVOID(reader).value self.credentials = KIWI_GENERIC_PRIMARY_CREDENTIAL(reader) self.unk15 = ULONG(reader).value self.unk16 = ULONG(reader).value self.unk17 = ULONG(reader).value self.unk18 = ULONG(reader).value self.unk19 = PVOID(reader).value self.unk20 = PVOID(reader).value self.unk21 = PVOID(reader).value self.unk22 = PVOID(reader).value self.pKeyList = PVOID(reader) self.unk24 = PVOID(reader).value self.Tickets_1 = LIST_ENTRY(reader) self.Tickets_2 = LIST_ENTRY(reader) self.Tickets_3 = LIST_ENTRY(reader) self.SmartcardInfos = PVOID(reader)
def __init__(self, reader):
self.UsageCount = ULONG(reader).value
reader.align()
self.unk0 = LIST_ENTRY(reader)
self.unk1 = PVOID(reader).value
self.unk1b = ULONG(reader).value
reader.align()
self.unk2 = FILETIME(reader).value
self.unk4 = PVOID(reader).value
self.unk5 = PVOID(reader).value
self.unk6 = PVOID(reader).value
self.LocallyUniqueIdentifier = LUID(reader).value
#print(hex(self.LocallyUniqueIdentifier))
#input('unk7\n' + hexdump(reader.peek(0x100)))
reader.align()
self.unk7 = FILETIME(reader).value
self.unk8 = PVOID(reader).value
self.unk8b = ULONG(reader).value
reader.align()
self.unk9 = FILETIME(reader).value
self.unk11 = PVOID(reader).value
self.unk12 = PVOID(reader).value
self.unk13 = PVOID(reader).value
reader.align(8)
#input('credentials\n' + hexdump(reader.peek(0x100)))
self.credentials = KIWI_KERBEROS_10_PRIMARY_CREDENTIAL(reader)
self.unk14 = ULONG(reader).value
self.unk15 = ULONG(reader).value
self.unk16 = ULONG(reader).value
self.unk17 = ULONG(reader).value
#//PVOID unk18 = (reader).value
reader.align(8)
self.unk19 = PVOID(reader).value
self.unk20 = PVOID(reader).value
self.unk21 = PVOID(reader).value
self.unk22 = PVOID(reader).value
self.unk23 = PVOID(reader).value
self.unk24 = PVOID(reader).value
self.unk25 = PVOID(reader).value
self.pKeyList = PVOID(reader)
self.unk26 = PVOID(reader).value
#input('pKeyList\n' + hexdump(reader.peek(0x100)))
reader.align()
#input('Tickets_1\n' + hexdump(reader.peek(0x100)))
self.Tickets_1 = LIST_ENTRY(reader)
self.unk27 = FILETIME(reader).value
self.Tickets_2 = LIST_ENTRY(reader)
self.unk28 = FILETIME(reader).value
self.Tickets_3 = LIST_ENTRY(reader)
self.unk29 = FILETIME(reader).value
self.SmartcardInfos = PVOID(reader)
def __init__(self, reader):
#IMPORTANT NOTICE, THE STRUCTURE STARTS BEFORE THE FLINK/BLINK POINTER, SO WE NEED TO READ BACKWARDS
#
#input('KIWI_CREDMAN_LIST_ENTRY \n%s' % hexdump(reader.peek(0x50), start = reader.tell()))
reader.move(reader.tell() - 56)
reader.align() #not sure if it's needed here
#input('KIWI_CREDMAN_LIST_ENTRY \n%s' % hexdump(reader.peek(0x200), start = reader.tell()))
#
self.cbEncPassword = ULONG(reader).value
reader.align()
self.encPassword = PWSTR(reader)
self.unk0 = ULONG(reader).value
self.unk1 = ULONG(reader).value
self.unk2 = PVOID(reader)
self.unk3 = PVOID(reader)
self.UserName = PWSTR(reader)
self.cbUserName = ULONG(reader).value
reader.align()
self.Flink = PKIWI_CREDMAN_LIST_ENTRY(reader)
self.Blink = PKIWI_CREDMAN_LIST_ENTRY(reader)
self.unk4 = LIST_ENTRY(reader)
self.type = LSA_UNICODE_STRING(reader)
self.unk5 = PVOID(reader)
self.server1 = LSA_UNICODE_STRING(reader)
self.unk6 = PVOID(reader)
self.unk7 = PVOID(reader)
self.unk8 = PVOID(reader)
self.unk9 = PVOID(reader)
self.unk10 = PVOID(reader)
self.user = LSA_UNICODE_STRING(reader)
self.unk11 = ULONG(reader).value
reader.align()
self.server2 = LSA_UNICODE_STRING(reader)
def __init__(self, reader):
#input('aaaaaaaaa\n' + hexdump(reader.peek(0x300)))
self.UsageCount = ULONG(reader).value
reader.align()
self.unk0 = LIST_ENTRY(reader)
self.unk1 = PVOID(reader).value
self.unk1b = ULONG(reader).value
reader.align()
self.unk2 = FILETIME(reader).value
self.unk4 = PVOID(reader).value
self.unk5 = PVOID(reader).value
self.unk6 = PVOID(reader).value
self.LocallyUniqueIdentifier = LUID(reader).value
self.unk7 = FILETIME(reader).value
self.unk8 = PVOID(reader).value
self.unk8b = ULONG(reader).value
reader.align()
self.unk9 = FILETIME(reader).value
self.unk11 = PVOID(reader).value
self.unk12 = PVOID(reader).value
self.unk13 = PVOID(reader).value
reader.align(8)
self.credentials = KIWI_KERBEROS_10_PRIMARY_CREDENTIAL_1607(reader)
self.unk14 = ULONG(reader).value
self.unk15 = ULONG(reader).value
self.unk16 = ULONG(reader).value
self.unk17 = ULONG(reader).value
self.unk18 = PVOID(reader).value
self.unk19 = PVOID(reader).value
self.unk20 = PVOID(reader).value
self.unk21 = PVOID(reader).value
self.unk22 = PVOID(reader).value
self.unk23 = PVOID(reader).value
#self.unk24 = PVOID(reader).value
#self.unk25 = PVOID(reader).value
reader.align()
#reader.read(8+12)
#input('pkeylist \n' + hexdump(reader.peek(0x50)))
self.pKeyList = PVOID(reader)
self.unk26 = PVOID(reader).value
self.Tickets_1 = LIST_ENTRY(reader)
self.unk27 = FILETIME(reader).value
self.Tickets_2 = LIST_ENTRY(reader)
self.unk28 = FILETIME(reader).value
self.Tickets_3 = LIST_ENTRY(reader)
self.unk29 = FILETIME(reader).value
self.SmartcardInfos = PVOID(reader)
def __init__(self, reader): self.UsageCount = ULONG(reader).value reader.align() self.unk0 = LIST_ENTRY(reader) self.unk1 = PVOID(reader).value self.unk1b = ULONG(reader).value reader.align() self.unk2 = FILETIME(reader).value self.unk4 = PVOID(reader).value self.unk5 = PVOID(reader).value self.unk6 = PVOID(reader).value self.LocallyUniqueIdentifier = LUID(reader).value self.unk7 = FILETIME(reader).value self.unk8 = PVOID(reader).value self.unk8b = ULONG(reader).value reader.align() self.unk9 = FILETIME(reader).value self.unk11 = PVOID(reader).value self.unk12 = PVOID(reader).value self.unk13 = PVOID(reader).value self.credentials = KIWI_KERBEROS_10_PRIMARY_CREDENTIAL(reader) self.unk14 = ULONG(reader).value self.unk15 = ULONG(reader).value self.unk16 = ULONG(reader).value self.unk17 = ULONG(reader).value #self.unk18 = PVOID(reader).value self.unk19 = PVOID(reader).value self.unk20 = PVOID(reader).value self.unk21 = PVOID(reader).value self.unk22 = PVOID(reader).value self.unk23 = PVOID(reader).value self.unk24 = PVOID(reader).value self.unk25 = PVOID(reader).value self.pKeyList = PVOID(reader) self.unk26 = PVOID(reader).value self.Tickets_1 = LIST_ENTRY(reader) self.unk27 = FILETIME(reader).value self.Tickets_2 = LIST_ENTRY(reader) self.unk28 = FILETIME(reader).value self.Tickets_3 = LIST_ENTRY(reader) self.unk29 = FILETIME(reader).value self.SmartcardInfos = PVOID(reader)