RubyGems - ruby_smb - Versions diffs - 1.0.2 → 2.0.0 - Mend

ruby_smb 1.0.2 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (200) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.travis.yml +3 -2
data/Gemfile +6 -2
data/README.md +35 -47
data/examples/enum_registry_key.rb +28 -0
data/examples/enum_registry_values.rb +30 -0
data/examples/negotiate.rb +51 -8
data/examples/pipes.rb +2 -1
data/examples/read_file_encryption.rb +56 -0
data/examples/read_registry_key_value.rb +32 -0
data/lib/ruby_smb.rb +4 -1
data/lib/ruby_smb/client.rb +200 -20
data/lib/ruby_smb/client/authentication.rb +70 -33
data/lib/ruby_smb/client/echo.rb +20 -2
data/lib/ruby_smb/client/encryption.rb +62 -0
data/lib/ruby_smb/client/negotiation.rb +160 -24
data/lib/ruby_smb/client/signing.rb +19 -0
data/lib/ruby_smb/client/tree_connect.rb +24 -18
data/lib/ruby_smb/client/utils.rb +8 -7
data/lib/ruby_smb/client/winreg.rb +46 -0
data/lib/ruby_smb/crypto.rb +30 -0
data/lib/ruby_smb/dcerpc.rb +38 -0
data/lib/ruby_smb/dcerpc/bind.rb +2 -2
data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
data/lib/ruby_smb/dcerpc/error.rb +3 -0
data/lib/ruby_smb/dcerpc/ndr.rb +95 -16
data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
data/lib/ruby_smb/dcerpc/request.rb +28 -9
data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +35 -0
data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
data/lib/ruby_smb/dcerpc/winreg.rb +340 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
data/lib/ruby_smb/dispatcher/socket.rb +5 -3
data/lib/ruby_smb/error.rb +68 -2
data/lib/ruby_smb/generic_packet.rb +33 -4
data/lib/ruby_smb/smb1/commands.rb +1 -1
data/lib/ruby_smb/smb1/file.rb +66 -15
data/lib/ruby_smb/smb1/packet/close_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/close_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/echo_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/echo_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/empty_packet.rb +10 -1
data/lib/ruby_smb/smb1/packet/logoff_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/logoff_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/negotiate_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/negotiate_response.rb +3 -7
data/lib/ruby_smb/smb1/packet/negotiate_response_extended.rb +4 -4
data/lib/ruby_smb/smb1/packet/nt_create_andx_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/nt_create_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/create_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/create_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/request.rb +2 -4
data/lib/ruby_smb/smb1/packet/nt_trans/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/read_andx_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/read_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/session_setup_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/session_setup_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/trans/peek_nmpipe_request.rb +0 -1
data/lib/ruby_smb/smb1/packet/trans/peek_nmpipe_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/trans/request.rb +2 -5
data/lib/ruby_smb/smb1/packet/trans/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_response.rb +1 -1
data/lib/ruby_smb/smb1/packet/trans2/find_first2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/find_first2_response.rb +8 -2
data/lib/ruby_smb/smb1/packet/trans2/find_next2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/find_next2_response.rb +8 -2
data/lib/ruby_smb/smb1/packet/trans2/open2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/open2_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/request.rb +2 -4
data/lib/ruby_smb/smb1/packet/trans2/request_secondary.rb +2 -4
data/lib/ruby_smb/smb1/packet/trans2/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/set_file_information_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/set_file_information_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/tree_connect_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/tree_connect_response.rb +13 -3
data/lib/ruby_smb/smb1/packet/tree_disconnect_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/tree_disconnect_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/write_andx_request.rb +3 -6
data/lib/ruby_smb/smb1/packet/write_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/pipe.rb +87 -6
data/lib/ruby_smb/smb1/tree.rb +41 -3
data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
data/lib/ruby_smb/smb2/file.rb +103 -25
data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
data/lib/ruby_smb/smb2/packet.rb +2 -0
data/lib/ruby_smb/smb2/packet/close_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/close_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
data/lib/ruby_smb/smb2/packet/create_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/create_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/echo_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/echo_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/error_packet.rb +15 -3
data/lib/ruby_smb/smb2/packet/ioctl_request.rb +2 -5
data/lib/ruby_smb/smb2/packet/ioctl_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/logoff_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/logoff_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -17
data/lib/ruby_smb/smb2/packet/negotiate_response.rb +51 -4
data/lib/ruby_smb/smb2/packet/query_directory_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/query_directory_response.rb +8 -2
data/lib/ruby_smb/smb2/packet/read_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/read_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/session_setup_request.rb +2 -5
data/lib/ruby_smb/smb2/packet/session_setup_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/set_info_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/set_info_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +93 -10
data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +10 -22
data/lib/ruby_smb/smb2/packet/tree_disconnect_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/tree_disconnect_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/write_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/write_response.rb +2 -1
data/lib/ruby_smb/smb2/pipe.rb +86 -12
data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
data/lib/ruby_smb/smb2/tree.rb +65 -21
data/lib/ruby_smb/version.rb +1 -1
data/ruby_smb.gemspec +5 -3
data/spec/lib/ruby_smb/client_spec.rb +1563 -104
data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +410 -0
data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +98 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +108 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +90 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +39 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +150 -0
data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +710 -0
data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +3 -1
data/spec/lib/ruby_smb/error_spec.rb +59 -0
data/spec/lib/ruby_smb/generic_packet_spec.rb +52 -4
data/spec/lib/ruby_smb/smb1/file_spec.rb +191 -2
data/spec/lib/ruby_smb/smb1/packet/empty_packet_spec.rb +68 -0
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
data/spec/lib/ruby_smb/smb1/packet/trans2/find_first2_response_spec.rb +11 -2
data/spec/lib/ruby_smb/smb1/packet/trans2/find_next2_response_spec.rb +11 -2
data/spec/lib/ruby_smb/smb1/packet/tree_connect_response_spec.rb +40 -0
data/spec/lib/ruby_smb/smb1/pipe_spec.rb +272 -149
data/spec/lib/ruby_smb/smb1/tree_spec.rb +44 -7
data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +323 -6
data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +78 -0
data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
data/spec/lib/ruby_smb/smb2/packet/query_directory_response_spec.rb +8 -0
data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -22
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +286 -149
data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
data/spec/lib/ruby_smb/smb2/tree_spec.rb +261 -2
metadata +191 -83
metadata.gz.sig +0 -0
data/lib/ruby_smb/smb1/dcerpc.rb +0 -67
data/lib/ruby_smb/smb2/dcerpc.rb +0 -70
data/spec/lib/ruby_smb/smb1/packet/error_packet_spec.rb +0 -37

data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb ADDED

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class RpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegCloseKey Request Packet as defined in
+      # [3.1.5.6 BaseRegCloseKey (Opnum 5)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/bc7545ff-0a54-4465-a95a-396b5c2995df)
+      class CloseKeyRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rpc_hkey  :hkey
+        def initialize_instance
+          super
+          @opnum = REG_CLOSE_KEY
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb ADDED

@@ -0,0 +1,27 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class RpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegCloseKey Response Packet as defined in
+      # [3.1.5.6 BaseRegCloseKey (Opnum 5)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/bc7545ff-0a54-4465-a95a-396b5c2995df)
+      class CloseKeyResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rpc_hkey  :hkey
+        uint32    :error_status
+        def initialize_instance
+          super
+          @opnum = REG_CLOSE_KEY
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb ADDED

@@ -0,0 +1,45 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class RpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegEnumKey Request Packet as defined in
+      # [3.1.5.10 BaseRegEnumKey (Opnum 9)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/668627e9-e0eb-4ab1-911f-0af589beeac3)
+      class EnumKeyRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rpc_hkey            :hkey
+        uint32              :dw_index
+        rrp_unicode_string  :lp_name
+        string              :pad1,     length: -> { pad_length1 }
+        prrp_unicode_string :lp_class
+        string              :pad2,     length: -> { pad_length2 }
+        ndr_lp_file_time    :lpft_last_write_time
+        def initialize_instance
+          super
+          @opnum = REG_ENUM_KEY
+        end
+        # Determines the correct length for the padding in front of
+        # #lp_class. It should always force a 4-byte alignment.
+        def pad_length1
+          offset = (lp_name.abs_offset + lp_name.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+        # Determines the correct length for the padding in front of
+        # #lpft_last_write_time. It should always force a 4-byte alignment.
+        def pad_length2
+          offset = (lp_class.abs_offset + lp_class.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb ADDED

@@ -0,0 +1,42 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      # This class represents a BaseRegEnumKey Response Packet as defined in
+      # [3.1.5.10 BaseRegEnumKey (Opnum 9)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/668627e9-e0eb-4ab1-911f-0af589beeac3)
+      class EnumKeyResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rrp_unicode_string  :lp_name
+        string              :pad1,     length: -> { pad_length1 }
+        prrp_unicode_string :lp_class, initial_value: 0
+        string              :pad2,     length: -> { pad_length2 }
+        ndr_lp_file_time    :lpft_last_write_time
+        uint32              :error_status
+        def initialize_instance
+          super
+          @opnum = REG_ENUM_KEY
+        end
+        # Determines the correct length for the padding in front of
+        # #lp_class. It should always force a 4-byte alignment.
+        def pad_length1
+          offset = (lp_name.abs_offset + lp_name.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+        # Determines the correct length for the padding in front of
+        # #lpft_last_write_time. It should always force a 4-byte alignment.
+        def pad_length2
+          offset = (lp_class.abs_offset + lp_class.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb ADDED

@@ -0,0 +1,39 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class RpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegEnumValue Request Packet as defined in
+      # [3.1.5.11 BaseRegEnumValue (Opnum 10)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/56e99ef3-05dc-4f24-bcf5-9cff00412945)
+      class EnumValueRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rpc_hkey           :hkey
+        uint32             :dw_index
+        rrp_unicode_string :lp_value_name
+        string             :pad, length: -> { pad_length }
+        ndr_lp_dword       :lp_type
+        ndr_lp_byte        :lp_data
+        ndr_lp_dword       :lpcb_data
+        ndr_lp_dword       :lpcb_len
+        def initialize_instance
+          super
+          @opnum = REG_ENUM_VALUE
+        end
+        # Determines the correct length for the padding in front of
+        # #lp_type. It should always force a 4-byte alignment.
+        def pad_length
+          offset = (lp_value_name.abs_offset + lp_value_name.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb ADDED

@@ -0,0 +1,36 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      # This class represents a BaseRegEnumValue Response Packet as defined in
+      # [3.1.5.11 BaseRegEnumValue (Opnum 10)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/56e99ef3-05dc-4f24-bcf5-9cff00412945)
+      class EnumValueResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rrp_unicode_string :lp_value_name
+        string             :pad, length: -> { pad_length }
+        ndr_lp_dword       :lp_type
+        ndr_lp_byte        :lp_data
+        ndr_lp_dword       :lpcb_data
+        ndr_lp_dword       :lpcb_len
+        uint32             :error_status
+        def initialize_instance
+          super
+          @opnum = REG_ENUM_VALUE
+        end
+        # Determines the correct length for the padding in front of
+        # #lp_type. It should always force a 4-byte alignment.
+        def pad_length
+          offset = (lp_value_name.abs_offset + lp_value_name.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb ADDED

@@ -0,0 +1,34 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class RpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegOpenKey Request Packet as defined in
+      # [3.1.5.15 BaseRegOpenKey (Opnum 15)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8cb48f55-19e1-4ea2-8d76-dd0f6934f0d9)
+      class OpenKeyRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rpc_hkey           :hkey
+        rrp_unicode_string :lp_sub_key
+        string             :pad, length: -> { pad_length }
+        uint32             :dw_options
+        regsam             :sam_desired
+        def initialize_instance
+          super
+          @opnum = REG_OPEN_KEY
+        end
+        # Determines the correct length for the padding in front of
+        # #dw_options. It should always force a 4-byte alignment.
+        def pad_length
+          offset = (lp_sub_key.abs_offset + lp_sub_key.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb ADDED

@@ -0,0 +1,25 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class PrpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegOpenKey Response Packet as defined in
+      # [3.1.5.15 BaseRegOpenKey (Opnum 15)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8cb48f55-19e1-4ea2-8d76-dd0f6934f0d9)
+      class OpenKeyResponse < BinData::Record
+        attr_reader :opnum
+        endian    :little
+        prpc_hkey :phk_result
+        uint32    :error_status
+        def initialize_instance
+          super
+          @opnum = REG_OPEN_KEY
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb ADDED

@@ -0,0 +1,43 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      # This class represents a PREGISTRY_SERVER_NAME structure as defined in
+      # [2.2.2 PREGISTRY_SERVER_NAME](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8bcd15fd-1aa5-44e2-8662-112ec3e9817b)
+      class PRegistryServerName < Ndr::NdrTopLevelFullPointer
+        endian :little
+        string16 :referent, read_length: -> { 4 }
+      end
+      # This class is a generic class that represents OpenXXX Request packet,
+      # used to open one of the root keys, as defined in:
+      # [3.1.5.1 OpenClassesRoot (Opnum 0)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/956a3052-6580-43ee-91aa-aaf61726149b)
+      # [3.1.5.2 OpenCurrentUser (Opnum 1)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/ec140ed9-4d00-4c03-a15c-c7245a497ed5)
+      # [3.1.5.3 OpenLocalMachine (Opnum 2)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/6cef29ae-21ba-423f-9158-05145ac80a5b)
+      # [3.1.5.4 OpenPerformanceData (Opnum 3)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/7b514c63-6cad-4fe1-9780-743959e377e6)
+      # [3.1.5.5 OpenUsers (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/694e57f4-da3e-4285-8b71-3181d71d6cd1)
+      # [3.1.5.25 OpenCurrentConfig (Opnum 27)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/160767d7-83cf-4718-a4f3-d864faee3bb1)
+      # [3.1.5.28 OpenPerformanceText (Opnum 32)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/44954f6d-ef2c-4ec1-a27d-32b9b87e3c8a)
+      # [3.1.5.29 OpenPerformanceNlsText (Opnum 33)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/3626fa8a-b20f-4243-bf85-cdb615ed2ca0)
+      # The structure is define by the value of the #opnum parameter
+      # e.g. (OpenLocalMachine):
+      #   OpenRootKeyRequest.new(opnum: RubySMB::Dcerpc::Winreg::OPEN_HKLM)
+      class OpenRootKeyRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        p_registry_server_name :p_registry_server_name
+        regsam                 :sam_desired
+        def initialize_instance
+          super
+          @opnum = get_parameter(:opnum) if has_parameter?(:opnum)
+          p_registry_server_name.referent = "\0\0"
+          sam_desired.maximum = 1 unless [OPEN_HKPD, OPEN_HKPT, OPEN_HKPN].include?(@opnum)
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb ADDED

@@ -0,0 +1,35 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class PrpcHkey < Ndr::NdrContextHandle; end
+      # This class is a generic class that represents OpenXXX Response packet,
+      # used to open one of the root keys, as defined in:
+      # [3.1.5.1 OpenClassesRoot (Opnum 0)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/956a3052-6580-43ee-91aa-aaf61726149b)
+      # [3.1.5.2 OpenCurrentUser (Opnum 1)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/ec140ed9-4d00-4c03-a15c-c7245a497ed5)
+      # [3.1.5.3 OpenLocalMachine (Opnum 2)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/6cef29ae-21ba-423f-9158-05145ac80a5b)
+      # [3.1.5.4 OpenPerformanceData (Opnum 3)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/7b514c63-6cad-4fe1-9780-743959e377e6)
+      # [3.1.5.5 OpenUsers (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/694e57f4-da3e-4285-8b71-3181d71d6cd1)
+      # [3.1.5.25 OpenCurrentConfig (Opnum 27)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/160767d7-83cf-4718-a4f3-d864faee3bb1)
+      # [3.1.5.28 OpenPerformanceText (Opnum 32)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/44954f6d-ef2c-4ec1-a27d-32b9b87e3c8a)
+      # [3.1.5.29 OpenPerformanceNlsText (Opnum 33)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/3626fa8a-b20f-4243-bf85-cdb615ed2ca0)
+      # The structure is define by the value of the #opnum parameter
+      # e.g. (OpenLocalMachine):
+      #   OpenRootKeyResponse.new(opnum: RubySMB::Dcerpc::Winreg::OPEN_HKLM)
+      class OpenRootKeyResponse < BinData::Record
+        attr_reader :opnum
+        endian    :little
+        prpc_hkey :ph_key
+        uint32    :error_status
+        def initialize_instance
+          super
+          @opnum = get_parameter(:opnum) if has_parameter?(:opnum)
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb ADDED

@@ -0,0 +1,27 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class RpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegQueryInfoKey Request Packet as defined in
+      # [3.1.5.16 BaseRegQueryInfoKey (Opnum 16)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/a886ba66-5c7b-4331-bacd-7c77edc95d85)
+      class QueryInfoKeyRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rpc_hkey           :hkey
+        rrp_unicode_string :lp_class, initial_value: 0
+        def initialize_instance
+          super
+          @opnum = REG_QUERY_INFO_KEY
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb ADDED

@@ -0,0 +1,40 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      # This class represents a BaseRegQueryInfoKey Response Packet as defined in
+      # [3.1.5.16 BaseRegQueryInfoKey (Opnum 16)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/a886ba66-5c7b-4331-bacd-7c77edc95d85)
+      class QueryInfoKeyResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rrp_unicode_string :lp_class, initial_value: 0
+        string             :pad,      length: -> { pad_length }
+        uint32             :lpc_sub_keys
+        uint32             :lpc_max_sub_key_len
+        uint32             :lpc_max_class_len
+        uint32             :lpc_values
+        uint32             :lpcb_max_value_name_len
+        uint32             :lpcb_max_value_len
+        uint32             :lpcb_security_descriptor
+        file_time          :lpft_last_write_time
+        uint32             :error_status
+        def initialize_instance
+          super
+          @opnum = REG_QUERY_INFO_KEY
+        end
+        # Determines the correct length for the padding in front of
+        # #lpc_sub_keys. It should always force a 4-byte alignment.
+        def pad_length
+          offset = (lp_class.abs_offset + lp_class.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb ADDED

@@ -0,0 +1,39 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class RpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegQueryValue Request Packet as defined in
+      # [3.1.5.17 BaseRegQueryValue (Opnum 17)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8bc10aa3-2f91-44e8-aa33-b3263c49ab9d)
+      class QueryValueRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rpc_hkey           :hkey
+        rrp_unicode_string :lp_value_name
+        string             :pad, length: -> { pad_length }
+        ndr_lp_dword       :lp_type
+        ndr_lp_byte        :lp_data
+        ndr_lp_dword       :lpcb_data
+        ndr_lp_dword       :lpcb_len
+        def initialize_instance
+          super
+          @opnum = REG_QUERY_VALUE
+        end
+        # Determines the correct length for the padding in front of
+        # #lp_type. It should always force a 4-byte alignment.
+        def pad_length
+          offset = (lp_value_name.abs_offset + lp_value_name.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+      end
+    end
+  end
+end