RubyGems - ruby_smb - Versions diffs - 1.0.3 → 2.0.1 - Mend

ruby_smb 1.0.3 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (200) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.travis.yml +3 -2
data/Gemfile +6 -2
data/README.md +35 -47
data/examples/enum_registry_key.rb +28 -0
data/examples/enum_registry_values.rb +30 -0
data/examples/negotiate.rb +51 -8
data/examples/pipes.rb +2 -1
data/examples/read_file_encryption.rb +56 -0
data/examples/read_registry_key_value.rb +32 -0
data/lib/ruby_smb.rb +4 -1
data/lib/ruby_smb/client.rb +233 -22
data/lib/ruby_smb/client/authentication.rb +70 -33
data/lib/ruby_smb/client/echo.rb +20 -2
data/lib/ruby_smb/client/encryption.rb +62 -0
data/lib/ruby_smb/client/negotiation.rb +172 -24
data/lib/ruby_smb/client/signing.rb +19 -0
data/lib/ruby_smb/client/tree_connect.rb +24 -18
data/lib/ruby_smb/client/utils.rb +8 -7
data/lib/ruby_smb/client/winreg.rb +46 -0
data/lib/ruby_smb/crypto.rb +30 -0
data/lib/ruby_smb/dcerpc.rb +38 -0
data/lib/ruby_smb/dcerpc/bind.rb +2 -2
data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
data/lib/ruby_smb/dcerpc/error.rb +3 -0
data/lib/ruby_smb/dcerpc/ndr.rb +95 -16
data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
data/lib/ruby_smb/dcerpc/request.rb +28 -9
data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +35 -0
data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
data/lib/ruby_smb/dcerpc/winreg.rb +340 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
data/lib/ruby_smb/dispatcher/socket.rb +4 -3
data/lib/ruby_smb/error.rb +68 -2
data/lib/ruby_smb/generic_packet.rb +33 -4
data/lib/ruby_smb/smb1/commands.rb +1 -1
data/lib/ruby_smb/smb1/file.rb +66 -15
data/lib/ruby_smb/smb1/packet/close_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/close_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/echo_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/echo_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/empty_packet.rb +10 -1
data/lib/ruby_smb/smb1/packet/logoff_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/logoff_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/negotiate_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/negotiate_response.rb +3 -7
data/lib/ruby_smb/smb1/packet/negotiate_response_extended.rb +4 -4
data/lib/ruby_smb/smb1/packet/nt_create_andx_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/nt_create_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/create_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/create_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/request.rb +2 -4
data/lib/ruby_smb/smb1/packet/nt_trans/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/read_andx_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/read_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/session_setup_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/session_setup_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/trans/peek_nmpipe_request.rb +0 -1
data/lib/ruby_smb/smb1/packet/trans/peek_nmpipe_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/trans/request.rb +2 -5
data/lib/ruby_smb/smb1/packet/trans/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_response.rb +1 -1
data/lib/ruby_smb/smb1/packet/trans2/find_first2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/find_first2_response.rb +8 -2
data/lib/ruby_smb/smb1/packet/trans2/find_next2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/find_next2_response.rb +8 -2
data/lib/ruby_smb/smb1/packet/trans2/open2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/open2_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/request.rb +2 -4
data/lib/ruby_smb/smb1/packet/trans2/request_secondary.rb +2 -4
data/lib/ruby_smb/smb1/packet/trans2/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/set_file_information_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/set_file_information_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/tree_connect_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/tree_connect_response.rb +13 -3
data/lib/ruby_smb/smb1/packet/tree_disconnect_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/tree_disconnect_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/write_andx_request.rb +3 -6
data/lib/ruby_smb/smb1/packet/write_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/pipe.rb +87 -6
data/lib/ruby_smb/smb1/tree.rb +50 -3
data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
data/lib/ruby_smb/smb2/file.rb +103 -25
data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
data/lib/ruby_smb/smb2/packet.rb +2 -0
data/lib/ruby_smb/smb2/packet/close_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/close_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
data/lib/ruby_smb/smb2/packet/create_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/create_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/echo_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/echo_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/error_packet.rb +15 -3
data/lib/ruby_smb/smb2/packet/ioctl_request.rb +2 -5
data/lib/ruby_smb/smb2/packet/ioctl_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/logoff_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/logoff_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -17
data/lib/ruby_smb/smb2/packet/negotiate_response.rb +52 -5
data/lib/ruby_smb/smb2/packet/query_directory_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/query_directory_response.rb +8 -2
data/lib/ruby_smb/smb2/packet/read_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/read_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/session_setup_request.rb +2 -5
data/lib/ruby_smb/smb2/packet/session_setup_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/set_info_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/set_info_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +93 -10
data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +10 -22
data/lib/ruby_smb/smb2/packet/tree_disconnect_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/tree_disconnect_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/write_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/write_response.rb +2 -1
data/lib/ruby_smb/smb2/pipe.rb +86 -12
data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
data/lib/ruby_smb/smb2/tree.rb +65 -21
data/lib/ruby_smb/version.rb +1 -1
data/ruby_smb.gemspec +5 -3
data/spec/lib/ruby_smb/client_spec.rb +1612 -108
data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +410 -0
data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +98 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +108 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +90 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +39 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +150 -0
data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +710 -0
data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +2 -2
data/spec/lib/ruby_smb/error_spec.rb +59 -0
data/spec/lib/ruby_smb/generic_packet_spec.rb +52 -4
data/spec/lib/ruby_smb/smb1/file_spec.rb +191 -2
data/spec/lib/ruby_smb/smb1/packet/empty_packet_spec.rb +68 -0
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
data/spec/lib/ruby_smb/smb1/packet/trans2/find_first2_response_spec.rb +11 -2
data/spec/lib/ruby_smb/smb1/packet/trans2/find_next2_response_spec.rb +11 -2
data/spec/lib/ruby_smb/smb1/packet/tree_connect_response_spec.rb +40 -0
data/spec/lib/ruby_smb/smb1/pipe_spec.rb +272 -149
data/spec/lib/ruby_smb/smb1/tree_spec.rb +44 -7
data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +323 -6
data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +78 -0
data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
data/spec/lib/ruby_smb/smb2/packet/query_directory_response_spec.rb +8 -0
data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -22
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +286 -149
data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
data/spec/lib/ruby_smb/smb2/tree_spec.rb +261 -2
metadata +191 -83
metadata.gz.sig +0 -0
data/lib/ruby_smb/smb1/dcerpc.rb +0 -67
data/lib/ruby_smb/smb2/dcerpc.rb +0 -70
data/spec/lib/ruby_smb/smb1/packet/error_packet_spec.rb +0 -37

data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb ADDED

@@ -0,0 +1,113 @@
+RSpec.describe RubySMB::Dcerpc::Winreg::QueryInfoKeyResponse do
+  subject(:packet) { described_class.new }
+  it { is_expected.to respond_to :lp_class }
+  it { is_expected.to respond_to :pad }
+  it { is_expected.to respond_to :lpc_sub_keys }
+  it { is_expected.to respond_to :lpc_max_sub_key_len }
+  it { is_expected.to respond_to :lpc_max_class_len }
+  it { is_expected.to respond_to :lpc_values }
+  it { is_expected.to respond_to :lpcb_max_value_name_len }
+  it { is_expected.to respond_to :lpcb_max_value_len }
+  it { is_expected.to respond_to :lpcb_security_descriptor }
+  it { is_expected.to respond_to :lpft_last_write_time }
+  it { is_expected.to respond_to :error_status }
+  it { is_expected.to respond_to :opnum }
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  describe '#lp_class' do
+    it 'is a RrpUnicodeString structure' do
+      expect(packet.lp_class).to be_a RubySMB::Dcerpc::RrpUnicodeString
+    end
+    it 'has an initial value of 0' do
+      expect(packet.lp_class).to eq(0)
+    end
+  end
+  describe '#pad' do
+    it 'is a string' do
+      expect(packet.pad).to be_a BinData::String
+    end
+    it 'should keep #lpc_sub_keys 4-byte aligned' do
+      packet.lp_class = 'test'
+      expect(packet.lpc_sub_keys.abs_offset % 4).to eq 0
+    end
+  end
+  describe '#lpc_sub_keys' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.lpc_sub_keys).to be_a BinData::Uint32le
+    end
+  end
+  describe '#lpc_max_sub_key_len' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.lpc_max_sub_key_len).to be_a BinData::Uint32le
+    end
+  end
+  describe '#lpc_max_class_len' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.lpc_max_class_len).to be_a BinData::Uint32le
+    end
+  end
+  describe '#lpc_values' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.lpc_values).to be_a BinData::Uint32le
+    end
+  end
+  describe '#lpcb_max_value_name_len' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.lpcb_max_value_name_len).to be_a BinData::Uint32le
+    end
+  end
+  describe '#lpcb_max_value_len' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.lpcb_max_value_len).to be_a BinData::Uint32le
+    end
+  end
+  describe '#lpcb_security_descriptor' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.lpcb_security_descriptor).to be_a BinData::Uint32le
+    end
+  end
+  describe '#lpft_last_write_time' do
+    it 'is a FileTime structure' do
+      expect(packet.lpft_last_write_time).to be_a RubySMB::Field::FileTime
+    end
+  end
+  describe '#error_status' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.error_status).to be_a BinData::Uint32le
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to REG_QUERY_INFO_KEY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Winreg::REG_QUERY_INFO_KEY)
+    end
+  end
+  describe '#pad_length' do
+    it 'returns 0 when #lpc_sub_keys is already 4-byte aligned' do
+      packet.lp_class = 'align'
+      expect(packet.pad_length).to eq 0
+    end
+    it 'returns 2 when #lpc_sub_keys is only 2-byte aligned' do
+      packet.lp_class = 'align' + 'A'
+      expect(packet.pad_length).to eq 2
+    end
+  end
+end

data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb ADDED

@@ -0,0 +1,88 @@
+RSpec.describe RubySMB::Dcerpc::Winreg::RpcHkey do
+  it 'is NdrContextHandle subclass' do
+    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrContextHandle
+  end
+end
+RSpec.describe RubySMB::Dcerpc::Winreg::QueryValueRequest do
+  subject(:packet) { described_class.new }
+  it { is_expected.to respond_to :hkey }
+  it { is_expected.to respond_to :lp_value_name }
+  it { is_expected.to respond_to :pad }
+  it { is_expected.to respond_to :lp_type }
+  it { is_expected.to respond_to :lp_data }
+  it { is_expected.to respond_to :lpcb_data }
+  it { is_expected.to respond_to :lpcb_len }
+  it { is_expected.to respond_to :opnum }
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  describe '#hkey' do
+    it 'is a RpcHkey structure' do
+      expect(packet.hkey).to be_a RubySMB::Dcerpc::Winreg::RpcHkey
+    end
+  end
+  describe '#lp_value_name' do
+    it 'is a RrpUnicodeString structure' do
+      expect(packet.lp_value_name).to be_a RubySMB::Dcerpc::RrpUnicodeString
+    end
+  end
+  describe '#pad' do
+    it 'is a string' do
+      expect(packet.pad).to be_a BinData::String
+    end
+    it 'should keep #lp_type 4-byte aligned' do
+      packet.lp_value_name = 'test'
+      expect(packet.lp_type.abs_offset % 4).to eq 0
+    end
+  end
+  describe '#lp_type' do
+    it 'is a NdrLpDword structure' do
+      expect(packet.lp_type).to be_a RubySMB::Dcerpc::Ndr::NdrLpDword
+    end
+  end
+  describe '#lp_data' do
+    it 'is a NdrLpByte structure' do
+      expect(packet.lp_data).to be_a RubySMB::Dcerpc::Ndr::NdrLpByte
+    end
+  end
+  describe '#lpcb_data' do
+    it 'is a NdrLpDword structure' do
+      expect(packet.lpcb_data).to be_a RubySMB::Dcerpc::Ndr::NdrLpDword
+    end
+  end
+  describe '#lpcb_len' do
+    it 'is a NdrLpDword structure' do
+      expect(packet.lpcb_len).to be_a RubySMB::Dcerpc::Ndr::NdrLpDword
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to REG_QUERY_VALUE constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Winreg::REG_QUERY_VALUE)
+    end
+  end
+  describe '#pad_length' do
+    it 'returns 0 when #lp_type is already 4-byte aligned' do
+      packet.lp_value_name = 'align'
+      expect(packet.pad_length).to eq 0
+    end
+    it 'returns 2 when #lp_type is only 2-byte aligned' do
+      packet.lp_value_name = 'align' + 'A'
+      expect(packet.pad_length).to eq 2
+    end
+  end
+end

data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb ADDED

@@ -0,0 +1,150 @@
+RSpec.describe RubySMB::Dcerpc::Winreg::QueryValueResponse do
+  subject(:packet) { described_class.new }
+  it { is_expected.to respond_to :lp_type }
+  it { is_expected.to respond_to :lp_data }
+  it { is_expected.to respond_to :pad }
+  it { is_expected.to respond_to :lpcb_data }
+  it { is_expected.to respond_to :lpcb_len }
+  it { is_expected.to respond_to :error_status }
+  it { is_expected.to respond_to :opnum }
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  describe '#lp_type' do
+    it 'is a NdrLpDword structure' do
+      expect(packet.lp_type).to be_a RubySMB::Dcerpc::Ndr::NdrLpDword
+    end
+  end
+  describe '#lp_data' do
+    it 'is a NdrLpByte structure' do
+      expect(packet.lp_data).to be_a RubySMB::Dcerpc::Ndr::NdrLpByte
+    end
+  end
+  describe '#pad' do
+    it 'is a string' do
+      expect(packet.pad).to be_a BinData::String
+    end
+    it 'should keep #lpcb_data 4-byte aligned' do
+      packet.lp_data.bytes = 'spec_test'.bytes
+      expect(packet.lpcb_data.abs_offset % 4).to eq 0
+    end
+  end
+  describe '#lpcb_data' do
+    it 'is a NdrLpDword structure' do
+      expect(packet.lpcb_data).to be_a RubySMB::Dcerpc::Ndr::NdrLpDword
+    end
+  end
+  describe '#lpcb_len' do
+    it 'is a NdrLpDword structure' do
+      expect(packet.lpcb_len).to be_a RubySMB::Dcerpc::Ndr::NdrLpDword
+    end
+  end
+  describe '#error_status' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.error_status).to be_a BinData::Uint32le
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to REG_QUERY_VALUE constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Winreg::REG_QUERY_VALUE)
+    end
+  end
+  describe '#pad_length' do
+    it 'returns 0 when #lpcb_data is already 4-byte aligned' do
+      packet.lp_data.bytes = 'aligned.'.bytes
+      expect(packet.pad_length).to eq 0
+    end
+    it 'returns 2 when #lpcb_data is only 2-byte aligned' do
+      packet.lp_data.bytes = 'not aligned'.bytes
+      expect(packet.pad_length).to eq 1
+    end
+  end
+  describe '#data' do
+    context 'when #lp_type is 1 (unicode null-terminated string)' do
+      it 'returns the expected value' do
+        str = 'spec test string'.encode('utf-16le')
+        packet.lp_type = 1
+        packet.lp_data.bytes = str.bytes
+        expect(packet.data).to eq(str)
+      end
+    end
+    context 'when #lp_type is 2 (unicode null-terminated string with unexpanded references to environment variables)' do
+      it 'returns the expected value' do
+        str = '/%PATH%/foo'.encode('utf-16le')
+        packet.lp_type = 2
+        packet.lp_data.bytes = str.bytes
+        expect(packet.data).to eq(str)
+      end
+    end
+    context 'when #lp_type is 3 (binary data)' do
+      it 'returns the expected value' do
+        bytes = [0xFF, 0xEE, 0xDD, 0xCC].pack('C*')
+        packet.lp_type = 3
+        packet.lp_data.bytes = bytes.bytes
+        expect(packet.data).to eq(bytes)
+      end
+    end
+    context 'when #lp_type is 4 (a 32-bit number in little-endian format)' do
+      it 'returns the expected value' do
+        number = 12345
+        packet.lp_type = 4
+        packet.lp_data.bytes = [number].pack('V').bytes
+        expect(packet.data).to eq(number)
+      end
+    end
+    context 'when #lp_type is 5 (a 32-bit number in big-endian format)' do
+      it 'returns the expected value' do
+        number = 12345
+        packet.lp_type = 5
+        packet.lp_data.bytes = [number].pack('N').bytes
+        expect(packet.data).to eq(number)
+      end
+    end
+    context 'when #lp_type is 7 (a sequence of unicode null-terminated strings, terminated by an empty string)' do
+      it 'returns the expected value' do
+        str_array = ['String1', 'String2', 'String3', 'LastString'].map {|v| v.encode('utf-16le')}
+        null_byte = "\0".encode('utf-16le')
+        str = (str_array + [null_byte]).join(null_byte)
+        packet.lp_type = 7
+        packet.lp_data.bytes = str.bytes
+        expect(packet.data).to eq(str_array)
+      end
+    end
+    context 'when #lp_type is 11 (a 64-bit number in little-endian format)' do
+      it 'returns the expected value' do
+        number = 0x1234567812345678
+        packet.lp_type = 11
+        packet.lp_data.bytes = [number].pack('Q<').bytes
+        expect(packet.data).to eq(number)
+      end
+    end
+    context 'when #lp_type is an unknown value' do
+      it 'returns an empty string' do
+        str = 'test'
+        packet.lp_type = 6
+        packet.lp_data.bytes = str.bytes
+        expect(packet.data).to eq('')
+      end
+    end
+  end
+end

data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb ADDED

@@ -0,0 +1,32 @@
+RSpec.describe RubySMB::Dcerpc::Winreg::Regsam do
+  subject(:packet) { described_class.new }
+  it { is_expected.to respond_to :reserved }
+  it { is_expected.to respond_to :key_create_link }
+  it { is_expected.to respond_to :key_notify }
+  it { is_expected.to respond_to :key_enumerate_sub_keys }
+  it { is_expected.to respond_to :key_create_sub_key }
+  it { is_expected.to respond_to :key_set_value }
+  it { is_expected.to respond_to :key_query_value }
+  it { is_expected.to respond_to :reserved2 }
+  it { is_expected.to respond_to :key_wow64_32key }
+  it { is_expected.to respond_to :key_wow64_64key }
+  it { is_expected.to respond_to :reserved3 }
+  it { is_expected.to respond_to :synchronize }
+  it { is_expected.to respond_to :write_owner }
+  it { is_expected.to respond_to :write_dac }
+  it { is_expected.to respond_to :read_control }
+  it { is_expected.to respond_to :delete_access }
+  it { is_expected.to respond_to :generic_read }
+  it { is_expected.to respond_to :generic_write }
+  it { is_expected.to respond_to :generic_execute }
+  it { is_expected.to respond_to :generic_all }
+  it { is_expected.to respond_to :reserved4 }
+  it { is_expected.to respond_to :maximum }
+  it { is_expected.to respond_to :system_security }
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+end

data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb ADDED

@@ -0,0 +1,710 @@
+RSpec.describe RubySMB::Dcerpc::Winreg do
+  let(:winreg) do
+    RubySMB::SMB1::Pipe.new(
+      tree: double('Tree'),
+      response: RubySMB::SMB1::Packet::NtCreateAndxResponse.new,
+      name: 'winreg'
+    )
+  end
+  describe '#open_root_key' do
+    let(:root_key_request_packet)  { double('Root Key Request Packet') }
+    let(:response)                 { double('Response') }
+    let(:root_key_response_packet) { double('Root Key Response Packet') }
+    let(:ph_key)                   { double('PHKEY') }
+    before :example do
+      allow(described_class::OpenRootKeyRequest).to receive(:new).and_return(root_key_request_packet)
+      allow(winreg).to receive(:dcerpc_request).and_return(response)
+      allow(described_class::OpenRootKeyResponse).to receive(:read).and_return(root_key_response_packet)
+      allow(root_key_response_packet).to receive_messages(
+        :error_status => WindowsError::Win32::ERROR_SUCCESS,
+        :ph_key       => ph_key
+      )
+    end
+    context 'when the root key is unknown' do
+      it 'raises an ArgumentError exception' do
+        expect { winreg.open_root_key('UNKNOWN') }.to raise_error(ArgumentError)
+      end
+    end
+    it 'create the expected OpenRootKeyRequest packet' do
+      winreg.open_root_key('HKLM')
+      expect(described_class::OpenRootKeyRequest).to have_received(:new).with(opnum: described_class::OPEN_HKLM)
+    end
+    it 'sends the expected dcerpc request' do
+      winreg.open_root_key('HKLM')
+      expect(winreg).to have_received(:dcerpc_request).with(root_key_request_packet)
+    end
+    it 'creates a OpenRootKeyResponse structure from the expected dcerpc response' do
+      winreg.open_root_key('HKLM')
+      expect(described_class::OpenRootKeyResponse).to have_received(:read).with(response)
+    end
+    context 'when an IOError occurs while parsing the response' do
+      it 'raises a RubySMB::Dcerpc::Error::InvalidPacket' do
+        allow(described_class::OpenRootKeyResponse).to receive(:read).and_raise(IOError)
+        expect { winreg.open_root_key('HKLM') }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
+      end
+    end
+    context 'when the response error status is not WindowsError::Win32::ERROR_SUCCESS' do
+      it 'raises a RubySMB::Dcerpc::Error::WinregError' do
+        allow(root_key_response_packet).to receive(:error_status).and_return(WindowsError::Win32::ERROR_INVALID_DATA)
+        expect { winreg.open_root_key('HKLM') }.to raise_error(RubySMB::Dcerpc::Error::WinregError)
+      end
+    end
+    it 'returns the expected handler' do
+      expect(winreg.open_root_key('HKLM')).to eq(ph_key)
+    end
+  end
+  describe '#open_key' do
+    let(:handle)                 { double('Handle') }
+    let(:sub_key)                { double('Sub-key') }
+    let(:openkey_request_packet) { double('OpenKey Request Packet') }
+    let(:regsam)                 { double('Regsam') }
+    let(:response)               { double('Response') }
+    let(:open_key_response)      { double('OpenKey Response') }
+    let(:phk_result)             { double('Phk Result') }
+    before :example do
+      allow(described_class::OpenKeyRequest).to receive(:new).and_return(openkey_request_packet)
+      allow(openkey_request_packet).to receive(:sam_desired).and_return(regsam)
+      allow(regsam).to receive_messages(
+        :read_control=           => nil,
+        :key_query_value=        => nil,
+        :key_enumerate_sub_keys= => nil,
+        :key_notify=             => nil,
+      )
+      allow(winreg).to receive(:dcerpc_request).and_return(response)
+      allow(described_class::OpenKeyResponse).to receive(:read).and_return(open_key_response)
+      allow(open_key_response).to receive_messages(
+        :error_status => WindowsError::Win32::ERROR_SUCCESS,
+        :phk_result   => phk_result
+      )
+    end
+    it 'create the expected OpenKeyRequest packet' do
+      winreg.open_key(handle, sub_key)
+      expect(described_class::OpenKeyRequest).to have_received(:new).with(hkey: handle, lp_sub_key: sub_key)
+    end
+    it 'sets the expected user rights on the request packet' do
+      winreg.open_key(handle, sub_key)
+      expect(regsam).to have_received(:read_control=).with(1)
+      expect(regsam).to have_received(:key_query_value=).with(1)
+      expect(regsam).to have_received(:key_enumerate_sub_keys=).with(1)
+      expect(regsam).to have_received(:key_notify=).with(1)
+    end
+    it 'sends the expected dcerpc request' do
+      winreg.open_key(handle, sub_key)
+      expect(winreg).to have_received(:dcerpc_request).with(openkey_request_packet)
+    end
+    it 'creates a OpenKeyResponse structure from the expected dcerpc response' do
+      winreg.open_key(handle, sub_key)
+      expect(described_class::OpenKeyResponse).to have_received(:read).with(response)
+    end
+    context 'when an IOError occurs while parsing the response' do
+      it 'raises a RubySMB::Dcerpc::Error::InvalidPacket' do
+        allow(described_class::OpenKeyResponse).to receive(:read).and_raise(IOError)
+        expect { winreg.open_key(handle, sub_key) }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
+      end
+    end
+    context 'when the response error status is not WindowsError::Win32::ERROR_SUCCESS' do
+      it 'raises a RubySMB::Dcerpc::Error::WinregError' do
+        allow(open_key_response).to receive(:error_status).and_return(WindowsError::Win32::ERROR_INVALID_DATA)
+        expect { winreg.open_key(handle, sub_key) }.to raise_error(RubySMB::Dcerpc::Error::WinregError)
+      end
+    end
+    it 'returns the expected handler' do
+      expect(winreg.open_key(handle, sub_key)).to eq(phk_result)
+    end
+  end
+  describe '#query_value' do
+    let(:handle)                      { double('Handle') }
+    let(:value_name)                  { double('Value Name') }
+    let(:query_value_request_packet1) { double('Query Value Request Packet #1') }
+    let(:query_value_request_packet2) { double('Query Value Request Packet #2') }
+    let(:lp_data1)                    { double('LpData #1') }
+    let(:lp_data2)                    { double('LpData #2') }
+    let(:response1)                   { double('Response #1') }
+    let(:response2)                   { double('Response #2') }
+    let(:query_value_response1)       { double('Query Value Response #1') }
+    let(:query_value_response2)       { double('Query Value Response #2') }
+    let(:data)                        { double('Data') }
+    let(:lpcb_data)                   { double('LpcbData') }
+    let(:lpcb_data_referent)          { double('Lpcb Data Referent') }
+    before :example do
+      first_request = true
+      allow(described_class::QueryValueRequest).to receive(:new) do
+        if first_request
+          first_request = false
+          query_value_request_packet1
+        else
+          query_value_request_packet2
+        end
+      end
+      allow(query_value_request_packet1).to receive(:lp_data).and_return(lp_data1)
+      allow(query_value_request_packet2).to receive_messages(
+        :lp_data    => lp_data2,
+        :lpcb_data= => nil
+      )
+      allow(lp_data1).to receive(:referent_identifier=)
+      allow(lp_data2).to receive(:max_count=)
+      allow(winreg).to receive(:dcerpc_request).with(query_value_request_packet1).and_return(response1)
+      allow(winreg).to receive(:dcerpc_request).with(query_value_request_packet2).and_return(response2)
+      allow(described_class::QueryValueResponse).to receive(:read).with(response1).and_return(query_value_response1)
+      allow(described_class::QueryValueResponse).to receive(:read).with(response2).and_return(query_value_response2)
+      allow(query_value_response1).to receive(:error_status).and_return(WindowsError::Win32::ERROR_SUCCESS)
+      allow(query_value_response2).to receive_messages(
+        :error_status => WindowsError::Win32::ERROR_SUCCESS,
+        :data         => data
+      )
+      allow(query_value_response1).to receive(:lpcb_data).and_return(lpcb_data)
+      allow(lpcb_data).to receive(:referent).and_return(lpcb_data_referent)
+    end
+    it 'create the expected QueryValueRequest packets' do
+      winreg.query_value(handle, value_name)
+      expect(described_class::QueryValueRequest).to have_received(:new).with(hkey: handle, lp_value_name: value_name).twice
+    end
+    it 'sets the expected user rights on the first request packet' do
+      winreg.query_value(handle, value_name)
+      expect(lp_data1).to have_received(:referent_identifier=).with(0)
+    end
+    it 'sets the expected user rights on the second request packet' do
+      winreg.query_value(handle, value_name)
+      expect(lp_data2).to have_received(:max_count=).with(lpcb_data_referent)
+      expect(query_value_request_packet2).to have_received(:lpcb_data=).with(lpcb_data)
+    end
+    it 'sends the expected dcerpc requests' do
+      winreg.query_value(handle, value_name)
+      expect(winreg).to have_received(:dcerpc_request).with(query_value_request_packet1).once.ordered
+      expect(winreg).to have_received(:dcerpc_request).with(query_value_request_packet2).once.ordered
+    end
+    context 'when receiving the first response' do
+      it 'creates a QueryValueResponse structure from the expected dcerpc response' do
+        winreg.query_value(handle, value_name)
+        expect(described_class::QueryValueResponse).to have_received(:read).with(response1)
+      end
+      context 'when an IOError occurs while parsing the response' do
+        it 'raises a RubySMB::Dcerpc::Error::InvalidPacket' do
+          allow(described_class::QueryValueResponse).to receive(:read).with(response1).and_raise(IOError)
+          expect { winreg.query_value(handle, value_name) }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
+        end
+      end
+      context 'when the first response error status is not WindowsError::Win32::ERROR_SUCCESS' do
+        it 'raises a RubySMB::Dcerpc::Error::WinregError' do
+          allow(query_value_response1).to receive(:error_status).and_return(WindowsError::Win32::ERROR_INVALID_DATA)
+          expect { winreg.query_value(handle, value_name) }.to raise_error(RubySMB::Dcerpc::Error::WinregError)
+        end
+      end
+    end
+    context 'when receiving the second response' do
+      it 'creates a QueryValueResponse structure from the expected dcerpc response' do
+        winreg.query_value(handle, value_name)
+        expect(described_class::QueryValueResponse).to have_received(:read).with(response2)
+      end
+      context 'when an IOError occurs while parsing the response' do
+        it 'raises a RubySMB::Dcerpc::Error::InvalidPacket' do
+          allow(described_class::QueryValueResponse).to receive(:read).with(response2).and_raise(IOError)
+          expect { winreg.query_value(handle, value_name) }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
+        end
+      end
+      context 'when the first response error status is not WindowsError::Win32::ERROR_SUCCESS' do
+        it 'raises a RubySMB::Dcerpc::Error::WinregError' do
+          allow(query_value_response2).to receive(:error_status).and_return(WindowsError::Win32::ERROR_INVALID_DATA)
+          expect { winreg.query_value(handle, value_name) }.to raise_error(RubySMB::Dcerpc::Error::WinregError)
+        end
+      end
+    end
+    it 'returns the expected response data' do
+      expect(winreg.query_value(handle, value_name)).to eq(data)
+    end
+  end
+  describe '#close_key' do
+    let(:handle)                   { double('Handle') }
+    let(:close_key_request_packet) { double('CloseKey Request Packet') }
+    let(:response)                 { double('Response') }
+    let(:close_key_response)       { double('CloseKey Response') }
+    before :example do
+      allow(described_class::CloseKeyRequest).to receive(:new).and_return(close_key_request_packet)
+      allow(winreg).to receive(:dcerpc_request).and_return(response)
+      allow(described_class::CloseKeyResponse).to receive(:read).and_return(close_key_response)
+      allow(close_key_response).to receive(:error_status).and_return(WindowsError::Win32::ERROR_SUCCESS)
+    end
+    it 'create the expected CloseKeyRequest packet' do
+      winreg.close_key(handle)
+      expect(described_class::CloseKeyRequest).to have_received(:new).with(hkey: handle)
+    end
+    it 'sends the expected dcerpc request' do
+      winreg.close_key(handle)
+      expect(winreg).to have_received(:dcerpc_request).with(close_key_request_packet)
+    end
+    it 'creates a CloseKeyResponse structure from the expected dcerpc response' do
+      winreg.close_key(handle)
+      expect(described_class::CloseKeyResponse).to have_received(:read).with(response)
+    end
+    context 'when an IOError occurs while parsing the response' do
+      it 'raises a RubySMB::Dcerpc::Error::InvalidPacket' do
+        allow(described_class::CloseKeyResponse).to receive(:read).and_raise(IOError)
+        expect { winreg.close_key(handle) }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
+      end
+    end
+    context 'when the response error status is not WindowsError::Win32::ERROR_SUCCESS' do
+      it 'raises a RubySMB::Dcerpc::Error::WinregError' do
+        allow(close_key_response).to receive(:error_status).and_return(WindowsError::Win32::ERROR_INVALID_DATA)
+        expect { winreg.close_key(handle) }.to raise_error(RubySMB::Dcerpc::Error::WinregError)
+      end
+    end
+    it 'returns the expected error status' do
+      expect(winreg.close_key(handle)).to eq(WindowsError::Win32::ERROR_SUCCESS)
+    end
+  end
+  describe '#query_info_key' do
+    let(:handle)                        { double('Handle') }
+    let(:query_info_key_request_packet) { double('CloseKey Request Packet') }
+    let(:response)                      { double('Response') }
+    let(:query_info_key_response)       { double('CloseKey Response') }
+    before :example do
+      allow(described_class::QueryInfoKeyRequest).to receive(:new).and_return(query_info_key_request_packet)
+      allow(winreg).to receive(:dcerpc_request).and_return(response)
+      allow(described_class::QueryInfoKeyResponse).to receive(:read).and_return(query_info_key_response)
+      allow(query_info_key_response).to receive(:error_status).and_return(WindowsError::Win32::ERROR_SUCCESS)
+    end
+    it 'create the expected QueryInfoKeyRequest packet' do
+      winreg.query_info_key(handle)
+      expect(described_class::QueryInfoKeyRequest).to have_received(:new).with(hkey: handle)
+    end
+    it 'sends the expected dcerpc request' do
+      winreg.query_info_key(handle)
+      expect(winreg).to have_received(:dcerpc_request).with(query_info_key_request_packet)
+    end
+    it 'creates a QueryInfoKeyResponse structure from the expected dcerpc response' do
+      winreg.query_info_key(handle)
+      expect(described_class::QueryInfoKeyResponse).to have_received(:read).with(response)
+    end
+    context 'when an IOError occurs while parsing the response' do
+      it 'raises a RubySMB::Dcerpc::Error::InvalidPacket' do
+        allow(described_class::QueryInfoKeyResponse).to receive(:read).and_raise(IOError)
+        expect { winreg.query_info_key(handle) }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
+      end
+    end
+    context 'when the response error status is not WindowsError::Win32::ERROR_SUCCESS' do
+      it 'raises a RubySMB::Dcerpc::Error::WinregError' do
+        allow(query_info_key_response).to receive(:error_status).and_return(WindowsError::Win32::ERROR_INVALID_DATA)
+        expect { winreg.query_info_key(handle) }.to raise_error(RubySMB::Dcerpc::Error::WinregError)
+      end
+    end
+    it 'returns the expected response' do
+      expect(winreg.query_info_key(handle)).to eq(query_info_key_response)
+    end
+  end
+  describe '#enum_key' do
+    let(:handle)                   { double('Handle') }
+    let(:index)                    { double('Index') }
+    let(:enum_key_request_packet)  { double('enum_key Request Packet') }
+    let(:lp_class)                 { double('Lp Class') }
+    let(:lp_name)                  { double('Lp Name') }
+    let(:buffer)                   { double('Buffer') }
+    let(:lp_class_buffer_referent) { double('Lp Class buffer referent') }
+    let(:lp_name_buffer_referent)  { double('Lp Name buffer referent') }
+    let(:response)                 { double('Response') }
+    let(:enum_key_response)        { double('enum_key Response') }
+    let(:result_str)               { double('Result String') }
+    before :example do
+      allow(described_class::EnumKeyRequest).to receive(:new).and_return(enum_key_request_packet)
+      allow(enum_key_request_packet).to receive_messages(
+        :lpft_last_write_time= => nil,
+        :lp_class              => lp_class,
+        :lp_name               => lp_name
+      )
+      allow(lp_class).to receive(:referent).and_return(lp_class_buffer_referent)
+      allow(lp_name).to receive(:buffer).and_return(buffer)
+      allow(buffer).to receive(:referent).and_return(lp_name_buffer_referent)
+      allow(lp_class_buffer_referent).to receive(:buffer=)
+      allow(lp_name_buffer_referent).to receive(:max_count=)
+      allow(winreg).to receive(:dcerpc_request).and_return(response)
+      allow(described_class::EnumKeyResponse).to receive(:read).and_return(enum_key_response)
+      allow(enum_key_response).to receive(:error_status).and_return(WindowsError::Win32::ERROR_SUCCESS)
+      allow(enum_key_response).to receive_message_chain(:lp_name, :to_s => result_str)
+    end
+    it 'create the expected EnumKeyRequest packet' do
+      winreg.enum_key(handle, index)
+      expect(described_class::EnumKeyRequest).to have_received(:new).with(hkey: handle, dw_index: index)
+    end
+    it 'sets the expected user rights on the request packet' do
+      winreg.enum_key(handle, index)
+      expect(enum_key_request_packet).to have_received(:lpft_last_write_time=).with(0)
+      expect(lp_class_buffer_referent).to have_received(:buffer=).with(0)
+      expect(lp_name_buffer_referent).to have_received(:max_count=).with(256)
+    end
+    it 'sends the expected dcerpc request' do
+      winreg.enum_key(handle, index)
+      expect(winreg).to have_received(:dcerpc_request).with(enum_key_request_packet)
+    end
+    it 'creates a EnumKeyResponse structure from the expected dcerpc response' do
+      winreg.enum_key(handle, index)
+      expect(described_class::EnumKeyResponse).to have_received(:read).with(response)
+    end
+    context 'when an IOError occurs while parsing the response' do
+      it 'raises a RubySMB::Dcerpc::Error::InvalidPacket' do
+        allow(described_class::EnumKeyResponse).to receive(:read).and_raise(IOError)
+        expect { winreg.enum_key(handle, index) }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
+      end
+    end
+    context 'when the response error status is not WindowsError::Win32::ERROR_SUCCESS' do
+      it 'raises a RubySMB::Dcerpc::Error::WinregError' do
+        allow(enum_key_response).to receive(:error_status).and_return(WindowsError::Win32::ERROR_INVALID_DATA)
+        expect { winreg.enum_key(handle, index) }.to raise_error(RubySMB::Dcerpc::Error::WinregError)
+      end
+    end
+    it 'returns the expected key name' do
+      expect(winreg.enum_key(handle, index)).to eq(result_str)
+    end
+  end
+  describe '#enum_value' do
+    let(:handle)                    { double('Handle') }
+    let(:index)                     { double('Index') }
+    let(:enum_value_request_packet) { double('EnumValue Request Packet') }
+    let(:lp_value_name)             { double('Lp Value Name') }
+    let(:lp_data)                   { double('Lp Data') }
+    let(:buffer)                    { double('Buffer') }
+    let(:referent)                  { double('Referent') }
+    let(:response)                  { double('Response') }
+    let(:enum_value_response)       { double('EnumValue Response') }
+    let(:result_str)                { double('Result String') }
+    before :example do
+      allow(described_class::EnumValueRequest).to receive(:new).and_return(enum_value_request_packet)
+      allow(enum_value_request_packet).to receive_messages(
+        :lp_value_name => lp_value_name,
+        :lp_data       => lp_data
+      )
+      allow(lp_value_name).to receive(:buffer).and_return(buffer)
+      allow(buffer).to receive(:referent).and_return(referent)
+      allow(referent).to receive(:max_count=)
+      allow(lp_data).to receive(:referent_identifier=)
+      allow(winreg).to receive(:dcerpc_request).and_return(response)
+      allow(described_class::EnumValueResponse).to receive(:read).and_return(enum_value_response)
+      allow(enum_value_response).to receive(:error_status).and_return(WindowsError::Win32::ERROR_SUCCESS)
+      allow(enum_value_response).to receive_message_chain(:lp_value_name, :to_s => result_str)
+    end
+    it 'create the expected EnumValueRequest packet' do
+      winreg.enum_value(handle, index)
+      expect(described_class::EnumValueRequest).to have_received(:new).with(hkey: handle, dw_index: index)
+    end
+    it 'sets the expected user rights on the request packet' do
+      winreg.enum_value(handle, index)
+      expect(referent).to have_received(:max_count=).with(256)
+      expect(lp_data).to have_received(:referent_identifier=).with(0)
+    end
+    it 'sends the expected dcerpc request' do
+      winreg.enum_value(handle, index)
+      expect(winreg).to have_received(:dcerpc_request).with(enum_value_request_packet)
+    end
+    it 'creates a EnumValueResponse structure from the expected dcerpc response' do
+      winreg.enum_value(handle, index)
+      expect(described_class::EnumValueResponse).to have_received(:read).with(response)
+    end
+    context 'when an IOError occurs while parsing the response' do
+      it 'raises a RubySMB::Dcerpc::Error::InvalidPacket' do
+        allow(described_class::EnumValueResponse).to receive(:read).and_raise(IOError)
+        expect { winreg.enum_value(handle, index) }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
+      end
+    end
+    context 'when the response error status is not WindowsError::Win32::ERROR_SUCCESS' do
+      it 'raises a RubySMB::Dcerpc::Error::WinregError' do
+        allow(enum_value_response).to receive(:error_status).and_return(WindowsError::Win32::ERROR_INVALID_DATA)
+        expect { winreg.enum_value(handle, index) }.to raise_error(RubySMB::Dcerpc::Error::WinregError)
+      end
+    end
+    it 'returns the expected key name' do
+      expect(winreg.enum_value(handle, index)).to eq(result_str)
+    end
+  end
+  describe '#has_registry_key?' do
+    let(:root_key)        { 'HKLM' }
+    let(:sub_key)         { 'my\\sub\\key\\path' }
+    let(:key)             { "#{root_key}\\#{sub_key}" }
+    let(:root_key_handle) { double('Root Key Handle') }
+    let(:subkey_handle)   { double('Subkey Handle') }
+    before :example do
+      allow(winreg).to receive_messages(
+        :bind          => nil,
+        :open_root_key => root_key_handle,
+        :open_key      => subkey_handle,
+        :close_key     => nil
+      )
+    end
+    it 'binds a DCERPC connection to the expected remote endpoint' do
+      winreg.has_registry_key?(key)
+      expect(winreg).to have_received(:bind).with(endpoint: RubySMB::Dcerpc::Winreg)
+    end
+    it 'opens the expected root key' do
+      winreg.has_registry_key?(key)
+      expect(winreg).to have_received(:open_root_key).with(root_key)
+    end
+    it 'opens the expected registry key' do
+      winreg.has_registry_key?(key)
+      expect(winreg).to have_received(:open_key).with(root_key_handle, sub_key)
+    end
+    context 'when a WinregError occurs while opening the root key' do
+      it 'returns false' do
+        allow(winreg).to receive(:open_root_key).and_raise(RubySMB::Dcerpc::Error::WinregError)
+        expect(winreg.has_registry_key?(key)).to be false
+      end
+    end
+    context 'when a WinregError occurs while opening the registry key' do
+      it 'returns false' do
+        allow(winreg).to receive(:open_key).and_raise(RubySMB::Dcerpc::Error::WinregError)
+        expect(winreg.has_registry_key?(key)).to be false
+      end
+    end
+    it 'closes the key' do
+      winreg.has_registry_key?(key)
+      expect(winreg).to have_received(:close_key).with(subkey_handle)
+    end
+    it 'returns true when no error occurs' do
+      expect(winreg.has_registry_key?(key)).to be true
+    end
+  end
+  describe '#read_registry_key_value' do
+    let(:root_key)        { 'HKLM' }
+    let(:sub_key)         { 'my\\sub\\key\\path' }
+    let(:key)             { "#{root_key}\\#{sub_key}" }
+    let(:value_name)      { 'registry_value_name' }
+    let(:root_key_handle) { double('Root Key Handle') }
+    let(:subkey_handle)   { double('Subkey Handle') }
+    let(:value)           { double('Value') }
+    before :example do
+      allow(winreg).to receive_messages(
+        :bind          => nil,
+        :open_root_key => root_key_handle,
+        :open_key      => subkey_handle,
+        :query_value   => value,
+        :close_key     => nil
+      )
+    end
+    it 'binds a DCERPC connection to the expected remote endpoint' do
+      winreg.read_registry_key_value(key, value_name)
+      expect(winreg).to have_received(:bind).with(endpoint: RubySMB::Dcerpc::Winreg)
+    end
+    it 'opens the expected root key' do
+      winreg.read_registry_key_value(key, value_name)
+      expect(winreg).to have_received(:open_root_key).with(root_key)
+    end
+    it 'opens the expected registry key' do
+      winreg.read_registry_key_value(key, value_name)
+      expect(winreg).to have_received(:open_key).with(root_key_handle, sub_key)
+    end
+    it 'queries the expected registry key value' do
+      winreg.read_registry_key_value(key, value_name)
+      expect(winreg).to have_received(:query_value).with(subkey_handle, value_name)
+    end
+    it 'closes the key' do
+      winreg.read_registry_key_value(key, value_name)
+      expect(winreg).to have_received(:close_key).with(subkey_handle)
+    end
+    it 'returns expect registry key value' do
+      expect(winreg.read_registry_key_value(key, value_name)).to eq(value)
+    end
+  end
+  describe '#enum_registry_key' do
+    let(:root_key)                  { 'HKLM' }
+    let(:sub_key)                   { 'my\\sub\\key\\path' }
+    let(:key)                       { "#{root_key}\\#{sub_key}" }
+    let(:value_name)                { 'registry_value_name' }
+    let(:root_key_handle)           { double('Root Key Handle') }
+    let(:subkey_handle)             { double('Subkey Handle') }
+    let(:query_info_key_response)   { double('Query Info Key Response') }
+    let(:subkey_nb)                 { 2 }
+    before :example do
+      allow(winreg).to receive_messages(
+        :bind           => nil,
+        :open_root_key  => root_key_handle,
+        :open_key       => subkey_handle,
+        :query_info_key => query_info_key_response,
+        :enum_key       => nil,
+        :close_key      => nil
+      )
+      allow(query_info_key_response).to receive(:lpc_sub_keys).and_return(subkey_nb)
+    end
+    it 'binds a DCERPC connection to the expected remote endpoint' do
+      winreg.enum_registry_key(key)
+      expect(winreg).to have_received(:bind).with(endpoint: RubySMB::Dcerpc::Winreg)
+    end
+    it 'opens the expected root key' do
+      winreg.enum_registry_key(key)
+      expect(winreg).to have_received(:open_root_key).with(root_key)
+    end
+    context 'when the registry key only contains the root key' do
+      it 'queries information for the root key' do
+        winreg.enum_registry_key(root_key)
+        expect(winreg).to have_received(:query_info_key).with(root_key_handle)
+      end
+    end
+    it 'opens the expected registry key' do
+      winreg.enum_registry_key(key)
+      expect(winreg).to have_received(:open_key).with(root_key_handle, sub_key)
+    end
+    it 'queries information for the expected registry key' do
+      winreg.enum_registry_key(key)
+      expect(winreg).to have_received(:query_info_key).with(subkey_handle)
+    end
+    it 'calls #enum_key the expected number of times' do
+      winreg.enum_registry_key(key)
+      expect(winreg).to have_received(:enum_key).with(subkey_handle, instance_of(Fixnum)).twice
+    end
+    it 'closes the key' do
+      winreg.enum_registry_key(key)
+      expect(winreg).to have_received(:close_key).with(subkey_handle)
+    end
+    it 'returns the expected array of enumerated keys' do
+      key1 = 'key1'
+      key2 = 'key2'
+      allow(winreg).to receive(:enum_key).with(subkey_handle, 0).and_return(key1)
+      allow(winreg).to receive(:enum_key).with(subkey_handle, 1).and_return(key2)
+      expect(winreg.enum_registry_key(key)).to eq([key1, key2])
+    end
+  end
+  describe '#enum_registry_values' do
+    let(:root_key)                  { 'HKLM' }
+    let(:sub_key)                   { 'my\\sub\\key\\path' }
+    let(:key)                       { "#{root_key}\\#{sub_key}" }
+    let(:value_name)                { 'registry_value_name' }
+    let(:root_key_handle)           { double('Root Key Handle') }
+    let(:subkey_handle)             { double('Subkey Handle') }
+    let(:query_info_key_response)   { double('Query Info Key Response') }
+    let(:subkey_nb)                 { 2 }
+    before :example do
+      allow(winreg).to receive_messages(
+        :bind           => nil,
+        :open_root_key  => root_key_handle,
+        :open_key       => subkey_handle,
+        :query_info_key => query_info_key_response,
+        :enum_value     => nil,
+        :close_key      => nil
+      )
+      allow(query_info_key_response).to receive(:lpc_values).and_return(subkey_nb)
+    end
+    it 'binds a DCERPC connection to the expected remote endpoint' do
+      winreg.enum_registry_values(key)
+      expect(winreg).to have_received(:bind).with(endpoint: RubySMB::Dcerpc::Winreg)
+    end
+    it 'opens the expected root key' do
+      winreg.enum_registry_values(key)
+      expect(winreg).to have_received(:open_root_key).with(root_key)
+    end
+    context 'when the registry key only contains the root key' do
+      it 'queries information for the root key' do
+        winreg.enum_registry_values(root_key)
+        expect(winreg).to have_received(:query_info_key).with(root_key_handle)
+      end
+    end
+    it 'opens the expected registry key' do
+      winreg.enum_registry_values(key)
+      expect(winreg).to have_received(:open_key).with(root_key_handle, sub_key)
+    end
+    it 'queries information for the expected registry key' do
+      winreg.enum_registry_values(key)
+      expect(winreg).to have_received(:query_info_key).with(subkey_handle)
+    end
+    it 'calls #enum_key the expected number of times' do
+      winreg.enum_registry_values(key)
+      expect(winreg).to have_received(:enum_value).with(subkey_handle, instance_of(Fixnum)).twice
+    end
+    it 'closes the key' do
+      winreg.enum_registry_values(key)
+      expect(winreg).to have_received(:close_key).with(subkey_handle)
+    end
+    it 'returns the expected array of enumerated keys' do
+      value1 = 'value1'
+      value2 = 'value2'
+      allow(winreg).to receive(:enum_value).with(subkey_handle, 0).and_return(value1)
+      allow(winreg).to receive(:enum_value).with(subkey_handle, 1).and_return(value2)
+      expect(winreg.enum_registry_values(key)).to eq([value1, value2])
+    end
+  end
+end