def __init__(self): self.fields = OrderedDict([ ('protocol_id', BytesField( size=4, default=b"\xfeSMB", )), ('structure_size', IntField( size=2, default=64, )), ('credit_charge', IntField(size=2)), ('channel_sequence', IntField(size=2)), ('reserved', IntField(size=2)), ('command', EnumField( size=2, enum_type=Commands )), ('credit_request', IntField(size=2)), ('flags', FlagField( size=4, flag_type=Smb2Flags, )), ('next_command', IntField(size=4)), ('message_id', IntField(size=8)), ('process_id', IntField(size=4)), ('tree_id', IntField(size=4)), ('session_id', IntField(size=8)), ('signature', BytesField( size=16, default=b"\x00" * 16, )), ('data', BytesField()) ]) super(SMB2HeaderRequest, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('structure_size', IntField( size=2, default=33 )), ('file_information_class', EnumField( size=1, enum_type=FileInformationClass )), ('flags', FlagField( size=1, flag_type=QueryDirectoryFlags )), ('file_index', IntField(size=4)), ('file_id', BytesField(size=16)), ('file_name_offset', IntField( size=2, default=lambda s: 0 if len(s['buffer']) == 0 else 96 )), ('file_name_length', IntField( size=2, default=lambda s: len(s['buffer']) )), ('output_buffer_length', IntField(size=4)), # UTF-16-LE encoded search pattern ('buffer', BytesField( size=lambda s: s['file_name_length'].get_value() )) ]) super(SMB2QueryDirectoryRequest, self).__init__()
def __init__(self): self.fields = OrderedDict([ # 0 if no more entries, otherwise offset after ea_value ('next_entry_offset', IntField(size=4)), ('flags', FlagField( size=1, flag_type=EAFlags )), ('ea_name_length', IntField( size=1, default=lambda s: len(s['ea_name']) - 1 # minus \x00 )), ('ea_value_length', IntField( size=2, default=lambda s: len(s['ea_value']) )), # ea_name is ASCII byte encoded and needs a null terminator '\x00' ('ea_name', BytesField( size=lambda s: s['ea_name_length'].get_value() + 1 )), ('ea_value', BytesField( size=lambda s: s['ea_value_length'].get_value() )), # not actually a field but each list entry must start at the 4 byte # alignment ('padding', BytesField( size=lambda s: self._padding_size(s), default=lambda s: b"\x00" * self._padding_size(s) )) ]) super(SMB2CreateEABuffer, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('structure_size', IntField(size=2, default=49)), ( 'data_offset', IntField( # offset to the buffer field size=2, default=0x70 # seems to be hardcoded to this value )), ('length', IntField(size=4, default=lambda s: len(s['buffer']))), ('offset', IntField(size=8)), # the offset in the file of the data ('file_id', BytesField(size=16)), ('channel', FlagField(size=4, flag_type=ReadWriteChannel)), ('remaining_bytes', IntField(size=4)), ('write_channel_info_offset', IntField( size=2, default=lambda s: self._get_write_channel_info_offset(s))), ('write_channel_info_length', IntField(size=2, default=lambda s: len(s['buffer_channel_info']))), ('flags', FlagField(size=4, flag_type=WriteFlags)), ('buffer', BytesField(size=lambda s: s['length'].get_value())), ('buffer_channel_info', BytesField( size=lambda s: s['write_channel_info_length'].get_value())) ]) super(SMB2WriteRequest, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('version', IntField( size=4, default=2 )), ('has_initiator_id', BoolField( size=1, default=lambda s: len(s['initiator_host_name']) > 0 )), ('reserved', BytesField( size=3, default=b"\x00\x00\x00" )), ('initiator_id', UuidField(size=16)), ('originator_flags', EnumField( size=4, enum_type=SVHDXOriginatorFlags )), ('open_request_id', IntField(size=8)), ('initiator_host_name_length', IntField( size=2, default=lambda s: len(s['initiator_host_name']) )), # utf-16-le encoded string ('initiator_host_name', BytesField( size=lambda s: s['initiator_host_name_length'].get_value() )), ('virtual_disk_properties_initialized', IntField(size=4)), ('server_service_version', IntField(size=4)), ('virtual_sector_size', IntField(size=4)), ('physical_sector_size', IntField(size=4)), ('virtual_size', IntField(size=8)) ]) super(SMB2SVHDXOpenDeviceContextV2Request, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('structure_size', IntField(size=2, default=57)), ('reserved', IntField(size=2, default=0)), ('ctl_code', EnumField( size=4, enum_type=CtlCode, )), ('file_id', BytesField(size=16)), ('input_offset', IntField(size=4, default=lambda s: self._buffer_offset_value(s))), ('input_count', IntField( size=4, default=lambda s: len(s['buffer']), )), ('max_input_response', IntField(size=4)), ('output_offset', IntField(size=4, default=lambda s: self._buffer_offset_value(s))), ('output_count', IntField(size=4, default=0)), ('max_output_response', IntField(size=4)), ('flags', EnumField( size=4, enum_type=IOCTLFlags, )), ('reserved2', IntField(size=4, default=0)), ('buffer', BytesField(size=lambda s: s['input_count'].get_value())) ]) super(SMB2IOCTLRequest, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('next_entry_offset', IntField(size=4)), ('file_index', IntField(size=4)), ('creation_time', DateTimeField(size=8)), ('last_access_time', DateTimeField(size=8)), ('last_write_time', DateTimeField(size=8)), ('change_time', DateTimeField(size=8)), ('end_of_file', IntField(size=8)), ('allocation_size', IntField(size=8)), ('file_attributes', FlagField(size=4, flag_type=FileAttributes)), ('file_name_length', IntField(size=4, default=lambda s: len(s['file_name']))), ('ea_size', IntField(size=4)), ('short_name_length', IntField(size=1, default=lambda s: len(s['short_name']))), ('reserved1', IntField(size=1)), ('short_name', BytesField(size=lambda s: s['short_name_length'].get_value())), ('short_name_padding', BytesField(size=lambda s: 24 - len(s['short_name']), default=lambda s: b"\x00" * (24 - len(s['short_name'])))), ('reserved2', IntField(size=2)), ('file_id', IntField(size=8)), ('file_name', BytesField(size=lambda s: s['file_name_length'].get_value())) ]) super(FileIdBothDirectoryInformation, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('next', IntField(size=4)), ('name_offset', IntField(size=2, default=16)), ('name_length', IntField(size=2, default=lambda s: len(s['buffer_name']))), ('reserved', IntField(size=2)), ('data_offset', IntField(size=2, default=lambda s: self._buffer_data_offset(s))), ('data_length', IntField(size=4, default=lambda s: len(s['buffer_data']))), ('buffer_name', BytesField(size=lambda s: s['name_length'].get_value())), ('padding', BytesField(size=lambda s: self._padding_size(s), default=lambda s: b"\x00" * self._padding_size(s))), ('buffer_data', BytesField(size=lambda s: s['data_length'].get_value())), # not actually a field but each list entry must start at the 8 byte # alignment ('padding2', BytesField(size=lambda s: self._padding2_size(s), default=lambda s: b"\x00" * self._padding2_size(s))) ]) super(SMB2CreateContextRequest, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('int_field', IntField(size=4)), ('bytes_field', BytesField(size=2)), ('var_field', BytesField(size=lambda s: s['int_field'].get_value(), )), ('default_field', IntField( size=2, default=b"\x01a", )), ('list_field', ListField( list_count=lambda s: s['int_field'].get_value(), list_type=BytesField(size=8), size=lambda s: s['int_field'].get_value() * 8, )), ('structure_length', IntField( size=2, little_endian=False, default=lambda s: len(s['structure_field']), )), ('structure_field', StructureField( size=lambda s: s['structure_length'].get_value(), structure_type=Structure2, )), ]) super(Structure1, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('symlink_length', IntField(size=4, default=lambda s: len(s) - 4)), ('symlink_error_tag', BytesField(size=4, default=b"\x53\x59\x4d\x4c")), ('reparse_tag', BytesField(size=4, default=b"\x0c\x00\x00\xa0")), ('reparse_data_length', IntField(size=2, default=lambda s: len(s['path_buffer']) + 12)), # the len in utf-16-le bytes of the path beyond the substitute name # of the original target, e.g. \\server\share\symlink\file.txt # would be length of \file.txt in utf-16-le form, this is used by # the client to find out what part of the original path to append # to the substitute name returned by the server. ('unparsed_path_length', IntField(size=2)), ('substitute_name_offset', IntField(size=2)), ('substitute_name_length', IntField(size=2)), ('print_name_offset', IntField(size=2)), ('print_name_length', IntField(size=2)), ('flags', EnumField( size=2, enum_type=SymbolicLinkErrorFlags, )), # Not in the spec but Windows seems to add \x00\x80 to the end of flags which breaks our parsing. Cannot # seem to figure out why but this just ignored that field. ('reserved', IntField(size=2)), # use the get/set_name functions to get/set these values as they # also (d)encode the text and set the length and offset accordingly ('path_buffer', BytesField(size=lambda s: self._get_name_length(s, True))) ]) super(SMB2SymbolicLinkErrorResponse, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('lease_key', BytesField(size=16)), ('lease_state', FlagField(size=4, flag_type=LeaseState)), ('flags', FlagField(size=4, flag_type=LeaseResponseFlags)), ('lease_duration', IntField(size=8)), ('parent_lease_key', BytesField(size=16)), ('epoch', IntField(size=2)), ('reserved', IntField(size=2)) ]) super(SMB2CreateResponseLeaseV2, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('type', EnumField(size=4, enum_type=IpAddrType)), ('reserved', IntField(size=4)), ('ip_address', BytesField(size=lambda s: self._ip_address_size(s))), ('reserved2', BytesField(size=lambda s: self._reserved2_size(s), default=lambda s: b"\x00" * self._reserved2_size(s))) ]) super(SMB2MoveDstIpAddrStructure, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('resume_key', BytesField(size=24)), ('context_length', IntField( size=4, default=lambda s: len(s['context']), )), ('context', BytesField(size=lambda s: s['context_length'].get_value(), )), ]) super(SMB2SrvRequestResumeKey, self).__init__()
def __init__(self): # pep 80 char issues force me to define this here create_con_req = smbprotocol.create_contexts.SMB2CreateContextRequest self.fields = OrderedDict([ ('structure_size', IntField( size=2, default=57, )), ('security_flags', IntField(size=1)), ('requested_oplock_level', EnumField(size=1, enum_type=RequestedOplockLevel)), ('impersonation_level', EnumField(size=4, enum_type=ImpersonationLevel)), ('smb_create_flags', IntField(size=8)), ('reserved', IntField(size=8)), ('desired_access', IntField(size=4)), ('file_attributes', IntField(size=4)), ('share_access', FlagField(size=4, flag_type=ShareAccess)), ('create_disposition', EnumField(size=4, enum_type=CreateDisposition)), ('create_options', FlagField(size=4, flag_type=CreateOptions)), ( 'name_offset', IntField( size=2, default=120 # (header size 64) + (structure size 56) )), ('name_length', IntField(size=2, default=lambda s: self._name_length(s))), ('create_contexts_offset', IntField(size=4, default=lambda s: self._create_contexts_offset(s))), ('create_contexts_length', IntField(size=4, default=lambda s: len(s['buffer_contexts']))), # Technically these are all under buffer but we split it to make # things easier ('buffer_path', BytesField(size=lambda s: self._buffer_path_size(s), )), ('padding', BytesField(size=lambda s: self._padding_size(s), default=lambda s: b"\x00" * self._padding_size(s))), ('buffer_contexts', ListField( size=lambda s: s['create_contexts_length'].get_value(), list_type=StructureField(structure_type=create_con_req), unpack_func=lambda s, d: self._buffer_context_list(s, d))) ]) super(SMB2CreateRequest, self).__init__()
def __init__(self): self.fields = OrderedDict([('lease_key', BytesField(size=16)), ('lease_state', FlagField(size=4, flag_type=LeaseState)), ('lease_flags', IntField(size=4)), ('lease_duration', IntField(size=8))]) super(SMB2CreateRequestLease, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('structure_size', IntField( size=2, default=25, )), ('flags', IntField(size=1)), ('security_mode', EnumField( size=1, enum_type=SecurityMode, )), ('capabilities', FlagField( size=4, flag_type=Capabilities, )), ('channel', IntField(size=4)), ( 'security_buffer_offset', IntField( size=2, default=88, # (header size 64) + (response size 24) )), ('security_buffer_length', IntField( size=2, default=lambda s: len(s['buffer']), )), ('previous_session_id', IntField(size=8)), ('buffer', BytesField( size=lambda s: s['security_buffer_length'].get_value(), )), ]) super(SMB2SessionSetupRequest, self).__init__()
def __init__(self): self.fields = OrderedDict([('disk_file_id', IntField(size=8)), ('volume_id', IntField(size=8)), ('reserved', BytesField(size=16, default=b"\x00" * 16))]) super(SMB2CreateQueryOnDiskIDResponse, self).__init__()
def __init__(self): self.fields = OrderedDict([('file_id', BytesField(size=16)), ('create_guid', UuidField(size=16)), ('flags', FlagField(size=4, flag_type=DurableHandleFlags))]) super(SMB2CreateDurableHandleReconnectV2, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('rpc_vers', IntField(size=1, default=5)), ('rpc_vers_minor', IntField(size=1, default=0)), ('ptype', EnumField(size=1, enum_type=PType, default=PType.BIND)), ('pfx_flags', FlagField(size=1, flag_type=PFlags)), ('packed_drep', StructureField(size=4, structure_type=DataRepresentationFormat)), ('frag_length', IntField(size=2, default=lambda s: len(s))), ('auth_length', IntField(size=2, default=lambda s: len(s['auth_verifier']))), ('call_id', IntField(size=4)), ('max_xmit_frag', IntField(size=2, default=4280)), ('max_recv_frag', IntField(size=2, default=4280)), ('assoc_group_id', IntField(size=4)), # p_context_list_t ('n_context_elem', IntField(size=1, default=lambda s: len(s['context_elems'].get_value()))), ('reserved', IntField(size=1)), ('reserved2', IntField(size=2)), ('context_elems', ListField( list_count=lambda s: s['n_context_elem'].get_value(), list_type=StructureField(structure_type=ContextElement), unpack_func=lambda s, d: self._unpack_context_elems(s, d))), ('auth_verifier', BytesField(size=lambda s: s['auth_length'].get_value())) ]) super(BindPDU, self).__init__()
def __init__(self): create_con_req = smbprotocol.create_contexts.SMB2CreateContextRequest self.fields = OrderedDict([ ('structure_size', IntField(size=2, default=89)), ('oplock_level', EnumField(size=1, enum_type=RequestedOplockLevel)), ('flag', FlagField(size=1, flag_type=FileFlags)), ('create_action', EnumField(size=4, enum_type=CreateAction)), ('creation_time', DateTimeField(size=8)), ('last_access_time', DateTimeField(size=8)), ('last_write_time', DateTimeField(size=8)), ('change_time', DateTimeField(size=8)), ('allocation_size', IntField(size=8)), ('end_of_file', IntField(size=8)), ('file_attributes', FlagField(size=4, flag_type=FileAttributes)), ('reserved2', IntField(size=4)), ('file_id', BytesField(size=16)), ('create_contexts_offset', IntField(size=4, default=lambda s: self._create_contexts_offset(s))), ('create_contexts_length', IntField(size=4, default=lambda s: len(s['buffer']))), ('buffer', ListField( size=lambda s: s['create_contexts_length'].get_value(), list_type=StructureField(structure_type=create_con_req), unpack_func=lambda s, d: self._buffer_context_list(s, d))) ]) super(SMB2CreateResponse, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('structure_size', IntField(size=2, default=24)), ('flags', FlagField(size=2, flag_type=CloseFlags)), ('reserved', IntField(size=4)), ('file_id', BytesField(size=16)) ]) super(SMB2CloseRequest, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('structure_size', IntField( size=2, default=9, )), ('session_flags', FlagField( size=2, flag_type=SessionFlags, )), ( 'security_buffer_offset', IntField( size=2, default=72, # (header size 64) + (response size 8) )), ('security_buffer_length', IntField( size=2, default=lambda s: len(s['buffer']), )), ('buffer', BytesField( size=lambda s: s['security_buffer_length'].get_value(), )) ]) super(SMB2SessionSetupResponse, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('version_number', IntField(size=2, default=3)), ('size', IntField(size=2)), ('server_type', FlagField(size=2, flag_type=DFSServerTypes, flag_strict=False)), ('referral_entry_flags', FlagField(size=2, flag_type=DFSReferralEntryFlags, flag_strict=False)), ('time_to_live', IntField(size=4)), # The follow fields depend on the ReferralEntryFlags, the actual field names are when the entry is not a # NameListReferral. ('dfs_path_offset', IntField(size=2)), # SpecialNameOffset ('dfs_alternate_path_offset', IntField(size=2)), # NumberOfExpandedNames ('network_address_offset', IntField(size=2)), # ExpandedNameOffset ('service_site_guid', BytesField(size=lambda s: s['size'].get_value() - 18)), # Padding ]) self.dfs_path = None self.dfs_alternate_path = None self.network_address = None super(DFSReferralEntryV3, self).__init__()
def __init__(self): self.fields = OrderedDict([('structure_size', IntField(size=2, default=24)), ('reserved1', IntField(size=2)), ('reserved2', IntField(size=4)), ('file_id', BytesField(size=16))]) super(SMB2FlushRequest, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('structure_size', IntField(size=4, default=lambda s: len(s))), ('notification_type', IntField(size=4, default=3)), ('resource_name_offset', IntField(size=4, default=lambda s: self._resource_name_offset(s))), ('resource_name_length', IntField(size=4, default=lambda s: len(s['resource_name']))), ('flags', IntField(size=2, default=0)), ('target_type', IntField(size=2, default=0)), ('ip_addr_count', IntField( size=4, default=lambda s: len(s['ip_addr_move_list'].get_value()))), ('ip_addr_move_list', ListField(size=lambda s: s['ip_addr_count'].get_value() * 24, list_count=lambda s: s['ip_addr_count'].get_value(), list_type=StructureField( size=24, structure_type=SMB2MoveDstIpAddrStructure))), ('resource_name', BytesField(size=lambda s: s['resource_name_length'].get_value())) ]) super(SMB2ShareRedirectErrorContext, self).__init__()
def __init__(self): # TODO: validate this further when working with actual snapshots self.fields = OrderedDict([('number_of_snapshots', IntField(size=4)), ('number_of_snapshots_returned', IntField(size=4)), ('snapshot_array_size', IntField(size=4)), ('snapshots', BytesField())]) super(SMB2SrvSnapshotArray, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('field', ListField(size=4, list_count=2, list_type=BytesField(size=2), default=[b"\x01\x02", b"\x03\x04"])) ]) super(TestListField.StructureTest, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('process_id', IntField(size=4)), ('comp_name_length', IntField(size=4, default=lambda s: int(len(s['comp_name']) / 2))), ('comp_name', BytesField(size=lambda s: s['comp_name_length'].get_value() * 2)) ]) super(PAExecStartBuffer, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('object_id', UuidField()), ('extended_info', BytesField( size=48, default=b"\x00" * 48, )), ]) super(FileFsObjectIdInformation, self).__init__()
def __init__(self): self.fields = OrderedDict([ ('msg_id', EnumField(size=2, enum_type=PAExecMsgId)), ('unique_id', IntField(size=4)), ('buffer_length', IntField(size=4, default=lambda s: len(s['buffer']))), ('buffer', BytesField(size=lambda s: s['buffer_length'].get_value())) ]) super(PAExecMsg, self).__init__()