def __init__(self, reader): self.Flink = PKIWI_MSV1_0_LIST_51(reader) self.Blink = PKIWI_MSV1_0_LIST_51(reader) self.LocallyUniqueIdentifier = LUID(reader).value self.UserName = LSA_UNICODE_STRING(reader) self.Domaine = LSA_UNICODE_STRING(reader) self.unk0 = PVOID(reader).value self.unk1 = PVOID(reader).value self.pSid = PSID(reader) self.LogonType = ULONG(reader).value self.Session = ULONG(reader).value reader.align(8) self.LogonTime = int.from_bytes(reader.read(8), byteorder='little', signed=False) #autoalign x86 reader.align() self.LogonServer = LSA_UNICODE_STRING(reader) self.Credentials_list_ptr = PKIWI_MSV1_0_CREDENTIAL_LIST(reader) self.unk19 = ULONG(reader).value reader.align() self.unk20 = PVOID(reader).value self.unk21 = PVOID(reader).value self.unk22 = PVOID(reader).value self.unk23 = ULONG(reader).value reader.align() self.CredentialManager = PVOID(reader)
def __init__(self, reader): self.Flink = PKIWI_CLOUDAP_CACHE_LIST_ENTRY(reader) self.Blink = PKIWI_CLOUDAP_CACHE_LIST_ENTRY(reader) self.unk0 = DWORD(reader) reader.align() self.LockList = PVOID(reader) self.unk1 = PVOID(reader) self.unk2 = PVOID(reader) self.unk3 = PVOID(reader) self.unk4 = PVOID(reader) self.unk5 = PVOID(reader) self.unk6 = DWORD(reader) self.unk7 = DWORD(reader) self.unk8 = DWORD(reader) self.unk9 = DWORD(reader) self.unkLogin0 = PVOID(reader) #PCWSTR self.unkLogin1 = PVOID(reader) #PCWSTR self.toname = reader.read(130) #wchar_t [64 + 1]; reader.align() self.Sid = PSID(reader).value self.unk10 = DWORD(reader) self.unk11 = DWORD(reader) self.unk12 = DWORD(reader) self.unk13 = DWORD(reader) self.toDetermine = PKIWI_CLOUDAP_CACHE_UNK(reader) self.unk14 = PVOID(reader) self.cbPRT = DWORD(reader).value reader.align() self.PRT = PVOID(reader) #PBYTE(reader)
def __init__(self, reader): self.Flink = PKIWI_MSV1_0_LIST_63(reader) self.Blink = PKIWI_MSV1_0_LIST_63(reader) self.unk0 = PVOID(reader).value self.unk1 = ULONG(reader).value reader.align() self.unk2 = PVOID(reader).value self.unk3 = ULONG(reader).value self.unk4 = ULONG(reader).value self.unk5 = ULONG(reader).value reader.align() self.hSemaphore6 = HANDLE(reader).value self.unk7 = PVOID(reader).value self.hSemaphore8 = HANDLE(reader).value self.unk9 = PVOID(reader).value self.unk10 = PVOID(reader).value self.unk11 = ULONG(reader).value self.unk12 = ULONG(reader).value self.unk13 = PVOID(reader).value reader.align() self.LocallyUniqueIdentifier = LUID(reader).value self.SecondaryLocallyUniqueIdentifier = LUID(reader).value self.waza = reader.read(12) reader.align() # #print(hexdump(reader.peek(0x100))) #input() # self.UserName = LSA_UNICODE_STRING(reader) self.Domaine = LSA_UNICODE_STRING(reader) self.unk14 = PVOID(reader).value self.unk15 = PVOID(reader).value self.Type = LSA_UNICODE_STRING(reader) self.pSid = PSID(reader) self.LogonType = ULONG(reader).value reader.align() self.unk18 = PVOID(reader).value self.Session = ULONG(reader).value reader.align(8) self.LogonTime = int.from_bytes(reader.read(8), byteorder='little', signed=False) #autoalign x86 self.LogonServer = LSA_UNICODE_STRING(reader) self.Credentials_list_ptr = PKIWI_MSV1_0_CREDENTIAL_LIST(reader) self.unk19 = PVOID(reader).value self.unk20 = PVOID(reader).value self.unk21 = PVOID(reader).value self.unk22 = ULONG(reader).value self.unk23 = ULONG(reader).value self.unk24 = ULONG(reader).value self.unk25 = ULONG(reader).value self.unk26 = ULONG(reader).value reader.align() #input('CredentialManager\n' + hexdump(reader.peek(0x100))) self.unk27 = PVOID(reader).value self.unk28 = PVOID(reader).value self.unk29 = PVOID(reader).value self.CredentialManager = PVOID(reader)