packetgen-plugin-smb 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 0420b25c4cbb969cd7178373395736f61b5de2ac31710168305f1cb42281cef7
+  data.tar.gz: 7a6fc87b651548518e7b3fb9baa4b48619c4666ce9b33705a4990245999ed613
+SHA512:
+  metadata.gz: 36efbeb7817f790c660ff0d6ff71c6284ec7ec1235d99f4473ad34993942c0fe2e7c992a448d6e50640b5d009fc84abe4f0e25ed048cb4f202e320c11e936656
+  data.tar.gz: dd3f345d46ec5b59b31f72d34c3aa7bce2878211acafb796cf40b7c7e2c24eaff54056ce3c7a1b6bd85a35ff4861f257e7aadfb3dfd0a52e04de4c45d055bb44

data/.gitignore

@@ -0,0 +1,10 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/vendor/
+Gemfile.lock

data/.travis.yml

@@ -0,0 +1,12 @@
+language: ruby
+rvm:
+  - 2.3
+  - 2.4
+  - 2.5
+
+install:
+  - sudo apt-get update -qq
+  - sudo apt-get install libpcap-dev -qq
+  - bundle install --path vendor/bundle --jobs=3 --retry=3
+script:
+  - bundle exec rake

data/Gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in packetgen-plugin-smb.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2018 Sylvain Daubert
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+[![Build Status](https://travis-ci.com/sdaubert/packetgen-plugin-smb.svg?branch=master)](https://travis-ci.com/sdaubert/packetgen-plugin-smb)
+
+# Packetgen::Plugin::SMB
+
+This is a plugin for [PacketGen gem](https://github.com/sdaubert/packetgen). It adds some support for SMB protocol suite.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'packetgen-plugin-smb'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install packetgen-plugin-smb
+
+## Usage
+
+TODO
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/sdaubert/packetgen-plugin-smb.

data/Rakefile

@@ -0,0 +1,13 @@
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'yard'
+
+task default: :spec
+
+RSpec::Core::RakeTask.new
+
+YARD::Rake::YardocTask.new do |t|
+  t.options = ['--no-private']
+  t.files = ['lib/**/*.rb', '-', 'LICENSE']
+end

data/lib/packetgen-plugin-smb.rb

@@ -0,0 +1,3 @@
+require "packetgen"
+require_relative "packetgen/plugin/smb_version"
+require_relative "packetgen/plugin/smb"

data/lib/packetgen/plugin/smb.rb

@@ -0,0 +1,185 @@
+# This file is part of PacketGen
+# See https://github.com/sdaubert/packetgen for more informations
+# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen::Plugin
+  # Server Message Block (SMB) header.
+  # @author Sylvain Daubert
+  # @since 0.1.0
+  class SMB < PacketGen::Header::Base
+    # Known commands
+    COMMANDS = {
+      'delete_dir'     => 0x01,
+      'close'          => 0x04,
+      'delete'         => 0x06,
+      'query_info2'    => 0x23,
+      'trans'          => 0x25,
+      'echo'           => 0x2b,
+      'open_and_x'     => 0x2d,
+      'read_and_x'     => 0x2e,
+      'write_and_x'    => 0x2f,
+      'trans2'         => 0x32,
+      'tree_disconnect' => 0x71,
+      'negotiate' => 0x72,
+      'session_setup_and_x' => 0x73,
+      'tree_connect_and_x' => 0x75,
+      'nt_trans' => 0xa0,
+      'nt_create_and_x' => 0xa2
+    }.freeze
+    # SMB marker, on start of header
+    MARKER = PacketGen.force_binary("\xffSMB")
+
+    # @!attribute protocol
+    #  This field must contain {MARKER SMB marker}
+    #  @return [String]
+    define_field :protocol, PacketGen::Types::String, static_length: 4, default: MARKER
+    # @!attribute command
+    #  8-bit SMB command
+    #  @return [Integer]
+    define_field :command, PacketGen::Types::Int8Enum, enum: COMMANDS
+    # @!attribute status
+    #  32-bit status field. Used to communicate errors from server to client.
+    #  @return [Integer]
+    define_field :status, PacketGen::Types::Int32le
+    # @!attribute flags
+    #  8-bit flags field
+    #  @return [Integer]
+    define_field :flags, PacketGen::Types::Int8
+    # @!attribute flags2
+    #  16-bit flags field
+    #  @return [Integer]
+    define_field :flags2, PacketGen::Types::Int16le
+    # @!attribute pid_high
+    #  16 high order bits of a process identifier (PID)
+    #  @return [Integer]
+    define_field :pid_high, PacketGen::Types::Int16le
+    # @!attribute sec_features
+    #  64-bit field. May be:
+    #  * a 64-bit cryptographic message signature if signature was negotiated,
+    #  * a SecurityFeatures structure, only over connectionless transport,
+    #    composed of:
+    #    * a 16-bit sequence number,
+    #    * a 16-bit connection identifier (CID),
+    #    * a 32-bit key to validate message,
+    #  * a reserved field in all others cases.
+    #  @return [Integer]
+    define_field :sec_features, PacketGen::Types::Int64le
+    # @!attribute reserved
+    #  16-bit reserved field
+    #  @return [Integer]
+    define_field :reserved, PacketGen::Types::Int16le
+    # @!attribute tid
+    #  16-bit tree identifier (TID)
+    define_field :tid, PacketGen::Types::Int16le
+    # @!attribute pid
+    #  16 low order bits of a process identifier (PID)
+    #  @return [Integer]
+    define_field :pid, PacketGen::Types::Int16le
+    # @!attribute uid
+    #  16-bit user identifier (UID)
+    define_field :uid, PacketGen::Types::Int16le
+    # @!attribute mid
+    #  16-bit multiplex identifier (MID)
+    define_field :mid, PacketGen::Types::Int16le
+    # @!attribute body
+    #  @return [String]
+    define_field :body, PacketGen::Types::String
+    # @!attribute flags_reply
+    #  When set, the message is a reply from server to client.
+    #  @return [Boolean]
+    # @!attribute flags_opbatch
+    #  Obsolescent.
+    #  @return [Boolean]
+    # @!attribute flags_oplock
+    #  Obsolescent.
+    #  @return [Boolean]
+    # @!attribute flags_canon_paths
+    #  Obsolescent.
+    #  @return [Boolean]
+    # @!attribute flags_case_insensitive
+    #  Obsolete.
+    #  @return [Boolean]
+    # @!attribute flags_reserved
+    #  @return [Boolean]
+    # @!attribute flags_rbuf_avail
+    #  Obsolete.
+    #  @return [Boolean]
+    # @!attribute flags_locknread
+    #  When set in SMB_COM_NEGOTIATE response, the server supports
+    #  SMB_COM_LOCK_AND_READ and SNB_COM_WRITE_AND_UNLOCK commands.
+    #  @return [Boolean]
+    define_bit_fields_on :flags, :flags_reply, :flags_opbatch, :flags_oplock,
+                         :flags_canon_paths, :flags_case_insensitive,
+                         :flags_reserved, :flags_buf_avail, :flags_locknread
+    # @!attribute flags2_unicode
+    #  If set, each field that contains a string in this message is encoded
+    #  as UTF-16.
+    #  @return [Boolean]
+    # @!attribute flags2_ntstatus
+    #  If set in a client request, server must return errors as NTSTATUS, else
+    #  as SMBSTATUS.
+    #  @return [Boolean]
+    # @!attribute flags2_paging_io
+    #  Client may read a file if it does not have read permission but have
+    #  execute one.
+    #  @return [Boolean]
+    # @!attribute flags2_dfs
+    #  If set, any pathnames should be resolved in the Distributed File System
+    #  (DFS).
+    #  @return [Boolean]
+    # @!attribute flags2_extended_security
+    #  @return [Boolean]
+    # @!attribute flags2_reparse_path
+    #  @return [Boolean]
+    # @!attribute flags2_reserved
+    #  3-bit reserved field
+    #  @return [Integer]
+    # @!attribute flags2_is_long_name
+    #  @return [Boolean]
+    # @!attribute flags2_rsv
+    #  @return [Boolean]
+    # @!attribute flags2_security_signature_required
+    #  @return [Boolean]
+    # @!attribute flags2_compressed
+    #  @return [Boolean]
+    # @!attribute flags2_signature
+    #  @return [Boolean]
+    # @!attribute flags2_eas
+    #  @return [Boolean]
+    # @!attribute flags2_long_names
+    #  If unset, file names must adhere to the 8.3 naming convention.
+    #  @return [Boolean]
+    define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus,
+                         :flags2_paging_io, :flags2_dfs, :flags2_extended_security,
+                         :flags2_reparse_path, :flags2_reserved, 3,
+                         :flags2_is_long_name, :flags2_rsv,
+                         :flags2_security_signature_required, :flags2_compresses,
+                         :flags2_signature, :flags2_eas, :flags2_long_names
+
+    # Helper to bind a SMB command to {SMB} header.
+    # @param [String] command name
+    # @return [void]
+    def self.bind_command(command)
+      contantized = command.capitalize.gsub(/_(\w)/) { $1.upcase }
+      krequest = self.const_get("#{contantized}Request")
+      kresponse = self.const_get("#{contantized}Response")
+      PacketGen::Header.add_class krequest
+      self.bind krequest, command: SMB::COMMANDS[command], flags: ->(v) { v.nil? ? 0 : (v & 0x80).zero? }
+      PacketGen::Header.add_class kresponse
+      self.bind kresponse, command: SMB::COMMANDS[command], flags: ->(v) { v.nil? ? 0 : (v & 0x80 == 0x80) }
+    end
+  end
+  PacketGen::Header.add_class SMB
+  PacketGen::Header::NetBIOS::Session.bind SMB, body: ->(val) { val.nil? ? SMB::MARKER : val[0..3] == SMB::MARKER }
+  PacketGen::Header::NetBIOS::Datagram.bind SMB, body: ->(val) { val.nil? ? SMB::MARKER : val[0..3] == SMB::MARKER }
+end
+
+require_relative 'smb/string'
+require_relative 'smb/filetime'
+require_relative 'smb/close'
+require_relative 'smb/trans'
+require_relative 'smb/nt_create_and_x'
+require_relative 'smb/blocks'

data/lib/packetgen/plugin/smb/blocks.rb

@@ -0,0 +1,48 @@
+# This file is part of PacketGen
+# See https://github.com/sdaubert/packetgen for more informations
+# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen::Plugin
+  class SMB
+    # Common blocks used for unsupported SMB messages.
+    #
+    # {Blocks} handles parameter block and data block. Parameter block is
+    # composed of:
+    # * a 8-bit {#word_count} field,
+    # * a {#words} field, an array of +PacketGen::Types::Int16le+.
+    # Data block is composed of:
+    # * a little endian 16-bit {#byte_count} field,
+    # * a {#bytes} field, an array of +PacketGen::Types::Int8+.
+    # @author Sylvain Daubert
+    # @since 0.1.0
+    class Blocks < PacketGen::Header::Base
+      # @!attribute word_count
+      #  The size, in 2-byte words, of the {#words} field.
+      #  @return [Integer]
+      define_field :word_count, PacketGen::Types::Int8
+      # @!attribute words
+      #  The message-specific parameters structure.
+      #  @return [PacketGen::Types::ArrayOfInt16le]
+      define_field :words, PacketGen::Types::ArrayOfInt16le, builder: ->(h, t) { t.new(counter: h[:word_count]) }
+      # @!attribute byte_count
+      #  The size, in bytes, of the {#bytes} field.
+      #  @return [Integer]
+      define_field :byte_count, PacketGen::Types::Int16le
+      # @!attribute bytes
+      #  The message-specific data structure.
+      #  @return [PacketGen::Types::ArrayOfInt8]
+      define_field :bytes, PacketGen::Types::ArrayOfInt8, builder: ->(h, t) { t.new(counter: h[:byte_count]) }
+
+      # Give protocol name for this class
+      # @return [String]
+      def protocol_name
+        'SMB::Blocks'
+      end
+    end
+  end
+  PacketGen::Header.add_class SMB::Blocks
+  SMB.bind SMB::Blocks
+end

data/lib/packetgen/plugin/smb/close.rb

@@ -0,0 +1,57 @@
+# This file is part of PacketGen
+# See https://github.com/sdaubert/packetgen for more informations
+# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen::Plugin
+  class SMB
+    # Close Request.
+    # @author Sylvain Daubert
+    # @since 0.1.0
+    class CloseRequest < PacketGen::Header::Base
+      # @!attribute word_count
+      #  The size, in 2-byte words, of the SMB command parameters. It should
+      #  be +3+.
+      #  @return [Integer]
+      define_field :word_count, PacketGen::Types::Int8, default: 3
+      # @!attribute fid
+      #  16-bit FID of the object to close
+      #  @return [Integer]
+      define_field :fid, PacketGen::Types::Int16le, default: 3
+      # @!attribute last_modified
+      #  32-bit time value encoded as the number of seconds since January
+      #  1, 1970 00:00:00.0. The client can request that the last modification
+      #  time for the file be updated to this time value. A value of +0x00000000+
+      #  or +0xFFFFFFFF+ results in the server not updating the last modification
+      #  time.
+      #  @return [Integer]
+      define_field :last_modified, PacketGen::Types::Int32le
+      # @!attribute byte_count
+      #  Should be 0.
+      #  @return [Integer]
+      define_field :byte_count, PacketGen::Types::Int16le, default: 0
+    end
+
+    # Close Response.
+    #
+    # This is a void container. {#word_count} and {#byte_count} should be 0.
+    # @author Sylvain Daubert
+    # @since 0.1.0
+    class CloseResponse < PacketGen::Header::Base
+      # @!attribute word_count
+      #  The size, in 2-byte words, of the SMB command parameters. It should
+      #  be +0+.
+      #  @return [Integer]
+      define_field :word_count, PacketGen::Types::Int8, default: 3
+      define_field :last_modified, PacketGen::Types::Int32le
+      # @!attribute byte_count
+      #  Should be 0.
+      #  @return [Integer]
+      define_field :byte_count, PacketGen::Types::Int16le, default: 0
+    end
+
+    self.bind_command 'close'
+  end
+end

data/lib/packetgen/plugin/smb/filetime.rb

@@ -0,0 +1,114 @@
+# This file is part of PacketGen
+# See https://github.com/sdaubert/packetgen for more informations
+# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen::Plugin
+  class SMB
+    # 64-bit signed integer, little endian representation
+    # @author Sylvain Daubert
+    # @private
+    # @since 0.1.0
+    class SInt64le < PacketGen::Types::Int64le
+      def initialize(value=nil)
+        super
+        @packstr[:little] = 'q<'
+      end
+    end
+
+    # SMB FILETIME.
+    # @author Sylvain Daubert
+    # @since 0.1.0
+    class Filetime
+      # Base time for SMB FILETIME.
+      # This value also indicate no time.
+      NO_TIME = Time.utc(1601).freeze
+
+      # @param [Hash] options
+      # @option options [Integer] :filetime
+      # @option options [Time] :time
+      # @raise [ArgumentError] if +:time+ and +:filetime+ are both given.
+      def initialize(options={})
+        if (options.keys & %i[time filetime]).size == 2
+          raise ArgumentError, ':time and :filetime options are both given'
+        end
+
+        @int = SInt64le.new(options[:filetime])
+        if options[:time]
+          @time = options[:time]
+          @int.value = time2filetime
+        else
+          @time = filetime2time
+        end
+      end
+
+      # @param [::String] str
+      # @return [String] self
+      def read(str)
+        @int.read(str[0, 8])
+        @time = filetime2time
+        self
+      end
+
+      # Human readable filetime
+      # @return [String]
+      def to_human
+        if no_time?
+          'no time'
+        else
+          @time.to_s
+        end
+      end
+
+      # Get filetime integer value
+      # @return [Integer]
+      def to_i
+        @int.to_i
+      end
+
+      # Check if there is no time specified
+      # @return [Boolean]
+      def no_time?
+        to_i.zero?
+      end
+
+      # @return [Integer]
+      def sz
+        @int.sz
+      end
+
+      # @return [String]
+      def to_s
+        @int.to_s
+      end
+
+      # @return [Time]
+      def to_time
+        @time
+      end
+
+      private
+
+      def filetime2time
+        filetime = @int.to_i
+        secs = filetime / 10_000
+        nsecs = (filetime % 10_000) * 100
+        if filetime.zero?
+          NO_TIME
+        elsif filetime.positive?
+          Time.at(NO_TIME) + Rational("#{secs}.%09d" % nsecs)
+        else
+          Time.at(Time.now.utc) + Rational("#{secs}.%09d" % nsecs)
+        end
+      end
+
+      def time2filetime
+        # Time#to_f then #to_r is more precise than Time#to_r
+        # (ie Time#to_r sometimes does a rounding error).
+        (@time.to_i - NO_TIME.to_i) * 10_000 + ((@time.to_f.to_r * 10_000) % 10_000).to_i
+      end
+    end
+  end
+end

data/lib/packetgen/plugin/smb/nt_create_and_x.rb

@@ -0,0 +1,273 @@
+# This file is part of PacketGen
+# See https://github.com/sdaubert/packetgen for more informations
+# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen::Plugin
+  class SMB
+    # SMB Command NtCreateAndX request.
+
+    # A NtCreateAndXRequest contains:
+    # * a {#word_count} field (+Int8+), size, in 2-byte words of SMB
+    #   parameters:
+    #   * {#and_xcommand} (+Int8+), next command in packet,
+    #   * {#rsv1} (+Int8+),
+    #   * {#and_xoffset} (+Int16le+), offset of the next command from the
+    #     start of SMB header,
+    #   * {#rsv2} (+Int8+),
+    #   * {#filename_len} (+Int16le+), size of {#filename} in SMB data,
+    #   * {#flags} (+Int32le+),
+    #   * {#root_dir_fid} (+Int32le+),
+    #   * {#access_mask} (+Int32le+),
+    #   * {#alloc_size} (+Int64le+),
+    #   * {#attributes} (+Int32le+),
+    #   * {#share_access} (+Int32le+),
+    #   * {#disposition} (+Int32le+),
+    #   * {#options} (+Int32le+),
+    #   * {#impersonation} (+Int32le+),
+    #   * {#sec_flags} (+Int38+),
+    # * #{byte_count} (+Int16le+), size in bytes of SMB data:
+    #   * {#pad1} (+Int8),
+    #   * {#filename} ({SMB::String}),
+    #   * {#extra_bytes} (+String+).
+    #
+    # == Known limitations
+    # 1. Only the first command is properly handled. Chained commands are not.
+    # 2. {#filename} is mandatory handled as Windows Unicode string.
+    # @author Sylvain Daubert
+    # @since 0.1.0
+    class NtCreateAndXRequest < PacketGen::Header::Base
+      # Commands that may follow this one in a SMB packet
+      COMMANDS = {
+        'read' => 0x0a,
+        'read_andx' => 0x2e,
+        'ioctl' => 0x27,
+        'no further commands' => 0xff
+      }.freeze
+
+      # @!attribute word_count
+      #  The size, in 2-byte words, of the SMB parameters.
+      #  @return [Integer]
+      define_field :word_count, PacketGen::Types::Int8, default: 24
+      # @!attribute and_xcommand
+      #  8-bit command code for the next SMB command in the
+      #  packet.
+      #  @return [Integer]
+      define_field :and_xcommand, PacketGen::Types::Int8Enum, enum: COMMANDS
+      # @!attribute rsv1
+      #  8-bit reserved field.
+      #  @return [Integer]
+      define_field :rsv1, PacketGen::Types::Int8, default: 0
+      # @!attribute and_xoffset
+      #  16-bit offset from the start of SMB header to the start of
+      #  the  {#word_count} field in the next SMB command in this
+      #  packet.
+      #  @return [Integer]
+      define_field :and_xoffset, PacketGen::Types::Int16le, default: 0
+      # @!attribute rsv2
+      #  8-bit reserved field.
+      #  @return [Integer]
+      define_field :rsv2, PacketGen::Types::Int8, default: 0
+      # @!attribute filename_len
+      #  16-bit length of the {#filename} field.
+      #  @return [Integer]
+      define_field :filename_len, PacketGen::Types::Int16le
+      alias filename_length filename_len
+      alias filename_length= filename_len=
+      # @!attribute flags
+      #  32-bit flags word
+      #  @return [Integer]
+      define_field :flags, PacketGen::Types::Int32le
+      # @!attribute root_dir_fid
+      #  32-bit file ID of an opened root directory.
+      #  @return [Integer]
+      define_field :root_dir_fid, PacketGen::Types::Int32le
+      # @!attribute access_mask
+      #  32-bit flags that indicate access rights.
+      #  @return [Integer]
+      define_field :access_mask, PacketGen::Types::Int32le
+      # @!attribute alloc_size
+      #  64-bit initial allocation size.
+      #  @return [Integer]
+      define_field :alloc_size, PacketGen::Types::Int64le
+      # @!attribute attributes
+      #  32-bit extended file attributes.
+      #  @return [Integer]
+      define_field :attributes, PacketGen::Types::Int32le
+      # @!attribute share_access
+      #  32-bit field that specifies how the file should be shared.
+      #  @return [Integer]
+      define_field :share_access, PacketGen::Types::Int32le
+      # @!attribute disposition
+      #  32-bit value that represents the action to take if the file
+      #  already exists or if the file is a new file and does not already
+      #  exist.
+      #  @return [Integer]
+      define_field :disposition, PacketGen::Types::Int32le
+      # @!attribute options
+      #  32-bit field containing flag options to use if creating the file
+      #  or the directory.
+      #  @return [Integer]
+      define_field :options, PacketGen::Types::Int32le
+      # @!attribute impersonation
+      #  32-bit field specifying the impersonation level requested by
+      #  the application.
+      #  @return [Integer]
+      define_field :impersonation, PacketGen::Types::Int32le
+      # @!attribute sec_flags
+      #  8-bit security flags.
+      define_field :sec_flags, PacketGen::Types::Int8
+      # @!attribute byte_count
+      #  The size, in bytes, of the SMB data.
+      #  @return [Integer]
+      define_field :byte_count, PacketGen::Types::Int16le
+      # @!attribute pad1
+      #  Padding before {#filename} to align it on 16-bit boundary
+      #  @return [Integer]
+      define_field :pad1, PacketGen::Types::Int8
+      # @!attribute filename
+      #  A string that represents the fully qualified name of the file
+      #  relative to the supplied TID
+      # @return [String]
+      define_field :filename, SMB::String
+      # @!attribute extra_bytes
+      #  @return [Integer]
+      define_field :extra_bytes, PacketGen::Types::String,
+                   builder: ->(h, t) { t.new(length_from: -> { h.byte_count - 1 - h[:filename].sz }) }
+
+      # Give protocol name for this class
+      # @return [String]
+      def protocol_name
+        'SMB::NtCreateAndXRequest'
+      end
+
+      # Compute {#filename_len} and {#byte_count}
+      # @return [void]
+      def calc_length
+        self.filename_len = self[:filename].sz
+        bcount = 1 + filename_len + self[:extra_bytes].sz
+        self.byte_count = bcount
+      end
+    end
+
+    # SMB Command NtCreateAndX response
+    # @author Sylvain Daubert
+    # @since 0.1.0
+    class NtCreateAndXResponse < PacketGen::Header::Base
+      # OpLock levels
+      OP_LOCK_LEVELS = {
+        'none' => 0,
+        'exclusive' => 1,
+        'batch' => 2,
+        'level II' => 3,
+      }.freeze
+
+      # @!attribute word_count
+      #  The size, in 2-byte words, of the SMB parameters.
+      #  @return [Integer]
+      define_field :word_count, PacketGen::Types::Int8, default: 34
+      # @!attribute and_xcommand
+      #  8-bit command code for the next SMB command in the
+      #  packet.
+      #  @return [Integer]
+      define_field :and_xcommand, PacketGen::Types::Int8Enum, enum: NtCreateAndXRequest::COMMANDS
+      # @!attribute rsv1
+      #  8-bit reserved field.
+      #  @return [Integer]
+      define_field :rsv1, PacketGen::Types::Int8, default: 0
+      # @!attribute and_xoffset
+      #  16-bit offset from the start of SMB header to the start of
+      #  the  {#word_count} field in the next SMB command in this
+      #  packet.
+      #  @return [Integer]
+      define_field :and_xoffset, PacketGen::Types::Int16le, default: 0
+      # @!attribute oplock_level
+      #  8-bit OpLock level.
+      #  @return [Integer]
+      define_field :oplock_level, PacketGen::Types::Int8Enum, enum: OP_LOCK_LEVELS
+      # @!attribute fid
+      #  16-bit FID.
+      #  @return [Integer]
+      define_field :fid, PacketGen::Types::Int16le
+      # @!attribute disposition
+      #  32-bit value that represents the action to take if the file
+      #  already exists or if the file is a new file and does not already
+      #  exist.
+      #  @return [Integer]
+      define_field :disposition, PacketGen::Types::Int32le
+      # @!attribute create_time
+      #  64-bit integer representing the time that the file was created.
+      #  @return [Integer]
+      define_field :create_time, SMB::Filetime
+      # @!attribute access_time
+      #  64-bit integer representing the time that the file was last accessed.
+      #  @return [Integer]
+      define_field :access_time, SMB::Filetime
+      # @!attribute write_time
+      #  64-bit integer representing the time that the file was last writen.
+      #  @return [Integer]
+      define_field :write_time, SMB::Filetime
+      # @!attribute change_time
+      #  64-bit integer representing the time that the file was last changed.
+      #  @return [Integer]
+      define_field :change_time, SMB::Filetime
+      # @!attribute attributes
+      #  32-bit extended file attributes.
+      #  @return [Integer]
+      define_field :attributes, PacketGen::Types::Int32le
+      # @!attribute alloc_size
+      #  64-bit integer representing the number of bytes allocated to the file.
+      #  @return [Integer]
+      define_field :alloc_size, PacketGen::Types::Int64le
+      # @!attribute end_of_file
+      #  64-bit integer representing the end of file offset.
+      #  @return [Integer]
+      define_field :end_of_file, PacketGen::Types::Int64le
+      # @!attribute res_type
+      #  16-bit file type.
+      #  @return [Integer]
+      define_field :res_type, PacketGen::Types::Int16le
+      # @!attribute pipe_status
+      #  16-bit field that shows the status of the named pipe (if opened resource
+      #  is a named pipe).
+      #  @return [Integer]
+      define_field :pipe_status, PacketGen::Types::Int16le
+      # @!attribute directory
+      #  8-bit field indicating is the FID represents a directory.
+      #  @return [Integer]
+      define_field :directory, PacketGen::Types::Int8
+      # @!attribute byte_count
+      #  The size, in bytes, of the SMB data. Should be zero.
+      #  @return [Integer]
+      define_field :byte_count, PacketGen::Types::Int16le, default: 0
+
+      # Give protocol name for this class
+      # @return [String]
+      def protocol_name
+        'SMB::NtCreateAndXResponse'
+      end
+
+      # Say if FID is a directory
+      # @return [Boolean]
+      def directory?
+        self.directory > 0
+      end
+
+      # @!method human_create_time
+      #  @return [String]
+      # @!method human_access_time
+      #  @return [String]
+      # @!method human_write_time
+      #  @return [String]
+      # @!method human_change_time
+      #  @return [String]
+      %i[create access write change].each do |type|
+        class_eval "def human_#{type}_time; self[:#{type}_time].to_human; end"
+      end
+    end
+
+    self.bind_command 'nt_create_and_x'
+  end
+end

data/lib/packetgen/plugin/smb/string.rb

@@ -0,0 +1,52 @@
+# This file is part of PacketGen
+# See https://github.com/sdaubert/packetgen for more informations
+# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen::Plugin
+  class SMB
+    # SMB strings (UTF-16 little-endian).
+    # @author Sylvain Daubert
+    # @since 0.1.0
+    class String < PacketGen::Types::CString
+      # @param [Boolean, Proc] is string UTF-16 encoded?
+      # @param [Hash] options
+      # @option options [Integer] :static_length set a static length for this string
+      def initialize(options={})
+        super
+        self.encode!('UTF-16LE')
+      end
+
+      # @param [::String] str
+      # @return [String] self
+      def read(str)
+        return self if str.nil?
+
+        str2 = case str.encoding
+               when Encoding::BINARY
+                 binidx = nil
+                 0.step(to: str.size, by: 2) do |i|
+                   binidx = i if str[i, 2] == "\x00\x00"
+                 end
+                 s = if binidx.nil?
+                       str
+                     else
+                       str[0, binidx]
+                     end
+                 s.force_encoding('UTF-16LE')
+               when Encoding::UTF_16LE
+                 str
+               else
+                 str.encode('UTF-16LE')
+               end
+        str2 = str2[0, @static_length / 2] if @static_length.is_a? Integer
+        idx = str2.index(+"\x00".encode('UTF-16LE'))
+        str2 = str2[0, idx] unless idx.nil?
+        self.replace str2
+        self
+      end
+    end
+  end
+end

data/lib/packetgen/plugin/smb/trans.rb

@@ -0,0 +1,200 @@
+# This file is part of PacketGen
+# See https://github.com/sdaubert/packetgen for more informations
+# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen::Plugin
+  class SMB
+    # Transaction Request.
+    #
+    # See also {Blocks}, as {TransRequest} is a specialization of {Blocks#words}
+    # and {Blocks#bytes}.
+    # @author Sylvain Daubert
+    # @since 0.1.0
+    class TransRequest < PacketGen::Header::Base
+      # @!attribute word_count
+      #  The size, in 2-byte words, of the SMB command parameters. It should
+      #  be +14 + setup_count+.
+      #  @return [Integer]
+      define_field :word_count, PacketGen::Types::Int8, default: 14
+      # @!attribute total_param_count
+      #  The total number of transaction parameter bytes.
+      #  @return [Integer]
+      define_field :total_param_count, PacketGen::Types::Int16le
+      # @!attribute total_data_count
+      #  The total number of transaction data bytes.
+      #  @return [Integer]
+      define_field :total_data_count, PacketGen::Types::Int16le
+      # @!attribute max_param_count
+      #  The maximum number of parameter bytes that the client will accept
+      #  in transaction response.
+      #  @return [Integer]
+      define_field :max_param_count, PacketGen::Types::Int16le
+      # @!attribute max_data_count
+      #  The maximum number of data bytes that the client will accept
+      #  in transaction response.
+      #  @return [Integer]
+      define_field :max_data_count, PacketGen::Types::Int16le
+      # @!attribute max_setup_count
+      #  The maximum number of setup bytes that the client will accept
+      #  in transaction response.
+      #  @return [Integer]
+      define_field :max_setup_count, PacketGen::Types::Int8
+      # @!attribute rsv1
+      #  8-bit reserved field
+      #  @return [Integer]
+      define_field :rsv1, PacketGen::Types::Int8, default: 0
+      # @!attribute flags
+      #  16-bit flags
+      #  @return [Integer]
+      define_field :flags, PacketGen::Types::Int16le
+      # @!attribute timeout
+      #  32-bit timeout
+      #  @return [Integer]
+      define_field :timeout, PacketGen::Types::Int32le
+      # @!attribute rsv2
+      #  16-bit reserved field
+      #  @return [Integer]
+      define_field :rsv2, PacketGen::Types::Int16le, default: 0
+      # @!attribute param_count
+      #  16-bit number of transaction parameter bytes that the clients attempts to
+      #  send to the server in this request.
+      #  @return [Integer]
+      define_field :param_count, PacketGen::Types::Int16le
+      # @!attribute param_offset
+      #  16-bit offset (in bytes) from the start of the SMB header to the start of the
+      #  transaction parameters.
+      #  @return [Integer]
+      define_field :param_offset, PacketGen::Types::Int16le
+      # @!attribute data_count
+      #  16-bit number of transaction data bytes that the clients sends to
+      #  the server in this request.
+      #  @return [Integer]
+      define_field :data_count, PacketGen::Types::Int16le
+      # @!attribute data_offset
+      #  16-bit offset (in bytes) from the start of the SMB header to the start
+      #  of the data field.
+      #  @return [Integer]
+      define_field :data_offset, PacketGen::Types::Int16le
+      # @!attribute setup_count
+      #  8-bit number of setup words (ie 16-bit words) contained in {#setup} field.
+      define_field :setup_count, PacketGen::Types::Int8
+      # @!attribute rsv3
+      #  8-bit reserved field
+      #  @return [Integer]
+      define_field :rsv3, PacketGen::Types::Int8
+      # @!attribute setup
+      #  Array of 2-byte words.
+      #  @return [Array]
+      define_field :setup, PacketGen::Types::ArrayOfInt16le, builder: ->(h, t) { t.new(counter: h[:setup_count]) }
+      # @!attribute byte_count
+      #  @return [Integer]
+      define_field :byte_count, PacketGen::Types::Int16le
+      # @!attribute padname
+      #  8-bit optional padding to align {#name} on a 2-byte boundary.
+      #  @return [Integer]
+      define_field :padname, PacketGen::Types::Int8
+      # @!attribute name
+      #  Pathname of the mailslot or named pipe.
+      #  @return [String]
+      define_field :name, SMB::String
+      # @!attribute pad1
+      #  Padding to align {#body} on 4-byte boundary.
+      #  @return [String]
+      define_field :pad1, PacketGen::Types::String, default: "\0" * 4,
+                   builder: ->(h, t) { t.new(length_from: -> { h.data_offset - SMB.new.sz - (h.offset_of(:name) + h[:name].sz) }) }
+      define_field :body, PacketGen::Types::String
+
+      # Give protocol name for this class
+      # @return [String]
+      def protocol_name
+        'SMB::TransRequest'
+      end
+    end
+
+    # Transaction Response.
+    #
+    # See also {Blocks}, as {TransResponse} is a specialization of {Blocks#words}
+    # and {Blocks#bytes}.
+    # @author Sylvain Daubert
+    # @since 0.1.0
+    class TransResponse < PacketGen::Header::Base
+      # @!attribute word_count
+      #  The size, in 2-byte words, of the SMB command parameters. It should
+      #  be +14 + setup_count+.
+      #  @return [Integer]
+      define_field :word_count, PacketGen::Types::Int8, default: 10
+      # @!attribute total_param_count
+      #  The total number of transaction parameter bytes.
+      #  @return [Integer]
+      define_field :total_param_count, PacketGen::Types::Int16le
+      # @!attribute total_data_count
+      #  The total number of transaction data bytes.
+      #  @return [Integer]
+      define_field :total_data_count, PacketGen::Types::Int16le
+      # @!attribute rsv1
+      #  16-bit reserved field
+      #  @return [Integer]
+      define_field :rsv1, PacketGen::Types::Int16le, default: 0
+      # @!attribute param_count
+      #  16-bit number of transaction parameter bytes sent in this response.
+      #  @return [Integer]
+      define_field :param_count, PacketGen::Types::Int16le
+      # @!attribute param_offset
+      #  16-bit offset (in bytes) from the start of the SMB header to the start of the
+      #  transaction parameters.
+      #  @return [Integer]
+      define_field :param_offset, PacketGen::Types::Int16le
+      # @!attribute param_displacement
+      #  16-bit offset (in bytes) relative to all of the transaction
+      #  parameter bytes in this transaction response at which this block of
+      #  parameter bytes SHOULD be placed.
+      #  @return [Integer]
+      define_field :param_displacement, PacketGen::Types::Int16le
+      # @!attribute data_count
+      #  16-bit number of transaction data bytes sent in this response.
+      #  @return [Integer]
+      define_field :data_count, PacketGen::Types::Int16le
+      # @!attribute data_offset
+      #  16-bit offset (in bytes) from the start of the SMB header to the start
+      #  of the data field.
+      #  @return [Integer]
+      define_field :data_offset, PacketGen::Types::Int16le
+      # @!attribute data_displacement
+      #  16-bit offset (in bytes) relative to all of the transaction data bytes in
+      #  this transaction response at which this block of data bytes SHOULD be placed.
+      #  @return [Integer]
+      define_field :data_displacement, PacketGen::Types::Int16le
+      # @!attribute setup_count
+      #  8-bit number of setup words (ie 16-bit words) contained in {#setup} field.
+      define_field :setup_count, PacketGen::Types::Int8
+      # @!attribute rsv3
+      #  8-bit reserved field
+      #  @return [Integer]
+      define_field :rsv2, PacketGen::Types::Int8
+      # @!attribute setup
+      #  Array of 2-byte words.
+      #  @return [ArrayPacketGen::]
+      define_field :setup, PacketGen::Types::ArrayOfInt16le, builder: ->(h, t) { t.new(counter: h[:setup_count]) }
+      # @!attribute byte_count
+      #  @return [Integer]
+      define_field :byte_count, PacketGen::Types::Int16le
+      # @!attribute pad1
+      #  Padding before {#body} to align it on 32-bit boundary
+      #  @return [Integer]
+      define_field :pad1, PacketGen::Types::String, default: "\0" * 4,
+                   builder: ->(h, t) { t.new(length_from: -> { h.data_offset - SMB.new.sz - (h.offset_of(:byte_count) + h[:byte_count].sz) }) }
+      define_field :body, PacketGen::Types::String
+
+      # Give protocol name for this class
+      # @return [String]
+      def protocol_name
+        'SMB::TransResponse'
+      end
+    end
+
+    self.bind_command 'trans'
+  end
+end

data/lib/packetgen/plugin/smb_version.rb

@@ -0,0 +1,5 @@
+module PacketGen
+  module Plugin
+    SMB_VERSION = "0.1.0"
+  end
+end

data/packetgen-plugin-smb.gemspec

@@ -0,0 +1,29 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'packetgen/plugin/smb_version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'packetgen-plugin-smb'
+  spec.version       = PacketGen::Plugin::SMB_VERSION
+  spec.authors       = ['Sylvain Daubert']
+  spec.email         = ['sylvain.daubert@laposte.net']
+
+  spec.summary       = %q{SMB plugin for packetgen.}
+  #spec.description   = %q{TODO: Write a longer description or delete this line.}
+  spec.homepage      = 'https://github.com/sdaubert/packetgen-plugin-smb'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'packetgen', '~>2.8', '>= 2.8.1'
+
+  spec.add_development_dependency 'bundler', '~> 1.16'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.7'
+  spec.add_development_dependency 'simplecov', '~> 0.16'
+  spec.add_development_dependency 'yard', '~> 0.9'
+
+
+end

metadata

@@ -0,0 +1,149 @@
+--- !ruby/object:Gem::Specification
+name: packetgen-plugin-smb
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Sylvain Daubert
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-09-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: packetgen
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.8'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.8.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.8'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.8.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+description: 
+email:
+- sylvain.daubert@laposte.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/packetgen-plugin-smb.rb
+- lib/packetgen/plugin/smb.rb
+- lib/packetgen/plugin/smb/blocks.rb
+- lib/packetgen/plugin/smb/close.rb
+- lib/packetgen/plugin/smb/filetime.rb
+- lib/packetgen/plugin/smb/nt_create_and_x.rb
+- lib/packetgen/plugin/smb/string.rb
+- lib/packetgen/plugin/smb/trans.rb
+- lib/packetgen/plugin/smb_version.rb
+- packetgen-plugin-smb.gemspec
+homepage: https://github.com/sdaubert/packetgen-plugin-smb
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: SMB plugin for packetgen.
+test_files: []