def __init__(self, reader):
self.Flink = PKIWI_MSV1_0_LIST_51(reader)
self.Blink = PKIWI_MSV1_0_LIST_51(reader)
self.LocallyUniqueIdentifier = LUID(reader).value
self.UserName = LSA_UNICODE_STRING(reader)
self.Domaine = LSA_UNICODE_STRING(reader)
self.unk0 = PVOID(reader).value
self.unk1 = PVOID(reader).value
self.pSid = PSID(reader)
self.LogonType = ULONG(reader).value
self.Session = ULONG(reader).value
reader.align(8)
self.LogonTime = int.from_bytes(reader.read(8),
byteorder='little',
signed=False) #autoalign x86
reader.align()
self.LogonServer = LSA_UNICODE_STRING(reader)
self.Credentials_list_ptr = PKIWI_MSV1_0_CREDENTIAL_LIST(reader)
self.unk19 = ULONG(reader).value
reader.align()
self.unk20 = PVOID(reader).value
self.unk21 = PVOID(reader).value
self.unk22 = PVOID(reader).value
self.unk23 = ULONG(reader).value
reader.align()
self.CredentialManager = PVOID(reader)
def __init__(self, reader):
self.Flink = PKIWI_CLOUDAP_CACHE_LIST_ENTRY(reader)
self.Blink = PKIWI_CLOUDAP_CACHE_LIST_ENTRY(reader)
self.unk0 = DWORD(reader)
reader.align()
self.LockList = PVOID(reader)
self.unk1 = PVOID(reader)
self.unk2 = PVOID(reader)
self.unk3 = PVOID(reader)
self.unk4 = PVOID(reader)
self.unk5 = PVOID(reader)
self.unk6 = DWORD(reader)
self.unk7 = DWORD(reader)
self.unk8 = DWORD(reader)
self.unk9 = DWORD(reader)
self.unkLogin0 = PVOID(reader) #PCWSTR
self.unkLogin1 = PVOID(reader) #PCWSTR
self.toname = reader.read(130) #wchar_t [64 + 1];
reader.align()
self.Sid = PSID(reader).value
self.unk10 = DWORD(reader)
self.unk11 = DWORD(reader)
self.unk12 = DWORD(reader)
self.unk13 = DWORD(reader)
self.toDetermine = PKIWI_CLOUDAP_CACHE_UNK(reader)
self.unk14 = PVOID(reader)
self.cbPRT = DWORD(reader).value
reader.align()
self.PRT = PVOID(reader) #PBYTE(reader)
def __init__(self, reader):
self.Flink = PKIWI_MSV1_0_LIST_63(reader)
self.Blink = PKIWI_MSV1_0_LIST_63(reader)
self.unk0 = PVOID(reader).value
self.unk1 = ULONG(reader).value
reader.align()
self.unk2 = PVOID(reader).value
self.unk3 = ULONG(reader).value
self.unk4 = ULONG(reader).value
self.unk5 = ULONG(reader).value
reader.align()
self.hSemaphore6 = HANDLE(reader).value
self.unk7 = PVOID(reader).value
self.hSemaphore8 = HANDLE(reader).value
self.unk9 = PVOID(reader).value
self.unk10 = PVOID(reader).value
self.unk11 = ULONG(reader).value
self.unk12 = ULONG(reader).value
self.unk13 = PVOID(reader).value
reader.align()
self.LocallyUniqueIdentifier = LUID(reader).value
self.SecondaryLocallyUniqueIdentifier = LUID(reader).value
self.waza = reader.read(12)
reader.align()
#
#print(hexdump(reader.peek(0x100)))
#input()
#
self.UserName = LSA_UNICODE_STRING(reader)
self.Domaine = LSA_UNICODE_STRING(reader)
self.unk14 = PVOID(reader).value
self.unk15 = PVOID(reader).value
self.Type = LSA_UNICODE_STRING(reader)
self.pSid = PSID(reader)
self.LogonType = ULONG(reader).value
reader.align()
self.unk18 = PVOID(reader).value
self.Session = ULONG(reader).value
reader.align(8)
self.LogonTime = int.from_bytes(reader.read(8),
byteorder='little',
signed=False) #autoalign x86
self.LogonServer = LSA_UNICODE_STRING(reader)
self.Credentials_list_ptr = PKIWI_MSV1_0_CREDENTIAL_LIST(reader)
self.unk19 = PVOID(reader).value
self.unk20 = PVOID(reader).value
self.unk21 = PVOID(reader).value
self.unk22 = ULONG(reader).value
self.unk23 = ULONG(reader).value
self.unk24 = ULONG(reader).value
self.unk25 = ULONG(reader).value
self.unk26 = ULONG(reader).value
reader.align()
#input('CredentialManager\n' + hexdump(reader.peek(0x100)))
self.unk27 = PVOID(reader).value
self.unk28 = PVOID(reader).value
self.unk29 = PVOID(reader).value
self.CredentialManager = PVOID(reader)