RubyGems - ruby_smb - Versions diffs - 1.0.3 → 2.0.1 - Mend

ruby_smb 1.0.3 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (200) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.travis.yml +3 -2
data/Gemfile +6 -2
data/README.md +35 -47
data/examples/enum_registry_key.rb +28 -0
data/examples/enum_registry_values.rb +30 -0
data/examples/negotiate.rb +51 -8
data/examples/pipes.rb +2 -1
data/examples/read_file_encryption.rb +56 -0
data/examples/read_registry_key_value.rb +32 -0
data/lib/ruby_smb.rb +4 -1
data/lib/ruby_smb/client.rb +233 -22
data/lib/ruby_smb/client/authentication.rb +70 -33
data/lib/ruby_smb/client/echo.rb +20 -2
data/lib/ruby_smb/client/encryption.rb +62 -0
data/lib/ruby_smb/client/negotiation.rb +172 -24
data/lib/ruby_smb/client/signing.rb +19 -0
data/lib/ruby_smb/client/tree_connect.rb +24 -18
data/lib/ruby_smb/client/utils.rb +8 -7
data/lib/ruby_smb/client/winreg.rb +46 -0
data/lib/ruby_smb/crypto.rb +30 -0
data/lib/ruby_smb/dcerpc.rb +38 -0
data/lib/ruby_smb/dcerpc/bind.rb +2 -2
data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
data/lib/ruby_smb/dcerpc/error.rb +3 -0
data/lib/ruby_smb/dcerpc/ndr.rb +95 -16
data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
data/lib/ruby_smb/dcerpc/request.rb +28 -9
data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +35 -0
data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
data/lib/ruby_smb/dcerpc/winreg.rb +340 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
data/lib/ruby_smb/dispatcher/socket.rb +4 -3
data/lib/ruby_smb/error.rb +68 -2
data/lib/ruby_smb/generic_packet.rb +33 -4
data/lib/ruby_smb/smb1/commands.rb +1 -1
data/lib/ruby_smb/smb1/file.rb +66 -15
data/lib/ruby_smb/smb1/packet/close_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/close_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/echo_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/echo_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/empty_packet.rb +10 -1
data/lib/ruby_smb/smb1/packet/logoff_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/logoff_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/negotiate_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/negotiate_response.rb +3 -7
data/lib/ruby_smb/smb1/packet/negotiate_response_extended.rb +4 -4
data/lib/ruby_smb/smb1/packet/nt_create_andx_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/nt_create_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/create_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/create_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/nt_trans/request.rb +2 -4
data/lib/ruby_smb/smb1/packet/nt_trans/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/read_andx_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/read_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/session_setup_request.rb +2 -5
data/lib/ruby_smb/smb1/packet/session_setup_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/trans/peek_nmpipe_request.rb +0 -1
data/lib/ruby_smb/smb1/packet/trans/peek_nmpipe_response.rb +3 -2
data/lib/ruby_smb/smb1/packet/trans/request.rb +2 -5
data/lib/ruby_smb/smb1/packet/trans/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_response.rb +1 -1
data/lib/ruby_smb/smb1/packet/trans2/find_first2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/find_first2_response.rb +8 -2
data/lib/ruby_smb/smb1/packet/trans2/find_next2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/find_next2_response.rb +8 -2
data/lib/ruby_smb/smb1/packet/trans2/open2_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/open2_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/request.rb +2 -4
data/lib/ruby_smb/smb1/packet/trans2/request_secondary.rb +2 -4
data/lib/ruby_smb/smb1/packet/trans2/response.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/set_file_information_request.rb +2 -1
data/lib/ruby_smb/smb1/packet/trans2/set_file_information_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/tree_connect_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/tree_connect_response.rb +13 -3
data/lib/ruby_smb/smb1/packet/tree_disconnect_request.rb +2 -4
data/lib/ruby_smb/smb1/packet/tree_disconnect_response.rb +2 -1
data/lib/ruby_smb/smb1/packet/write_andx_request.rb +3 -6
data/lib/ruby_smb/smb1/packet/write_andx_response.rb +2 -1
data/lib/ruby_smb/smb1/pipe.rb +87 -6
data/lib/ruby_smb/smb1/tree.rb +50 -3
data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
data/lib/ruby_smb/smb2/file.rb +103 -25
data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
data/lib/ruby_smb/smb2/packet.rb +2 -0
data/lib/ruby_smb/smb2/packet/close_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/close_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
data/lib/ruby_smb/smb2/packet/create_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/create_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/echo_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/echo_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/error_packet.rb +15 -3
data/lib/ruby_smb/smb2/packet/ioctl_request.rb +2 -5
data/lib/ruby_smb/smb2/packet/ioctl_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/logoff_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/logoff_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -17
data/lib/ruby_smb/smb2/packet/negotiate_response.rb +52 -5
data/lib/ruby_smb/smb2/packet/query_directory_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/query_directory_response.rb +8 -2
data/lib/ruby_smb/smb2/packet/read_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/read_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/session_setup_request.rb +2 -5
data/lib/ruby_smb/smb2/packet/session_setup_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/set_info_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/set_info_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +93 -10
data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +10 -22
data/lib/ruby_smb/smb2/packet/tree_disconnect_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/tree_disconnect_response.rb +2 -1
data/lib/ruby_smb/smb2/packet/write_request.rb +2 -4
data/lib/ruby_smb/smb2/packet/write_response.rb +2 -1
data/lib/ruby_smb/smb2/pipe.rb +86 -12
data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
data/lib/ruby_smb/smb2/tree.rb +65 -21
data/lib/ruby_smb/version.rb +1 -1
data/ruby_smb.gemspec +5 -3
data/spec/lib/ruby_smb/client_spec.rb +1612 -108
data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +410 -0
data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +98 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +108 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +90 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +39 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +150 -0
data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +710 -0
data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +2 -2
data/spec/lib/ruby_smb/error_spec.rb +59 -0
data/spec/lib/ruby_smb/generic_packet_spec.rb +52 -4
data/spec/lib/ruby_smb/smb1/file_spec.rb +191 -2
data/spec/lib/ruby_smb/smb1/packet/empty_packet_spec.rb +68 -0
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
data/spec/lib/ruby_smb/smb1/packet/trans2/find_first2_response_spec.rb +11 -2
data/spec/lib/ruby_smb/smb1/packet/trans2/find_next2_response_spec.rb +11 -2
data/spec/lib/ruby_smb/smb1/packet/tree_connect_response_spec.rb +40 -0
data/spec/lib/ruby_smb/smb1/pipe_spec.rb +272 -149
data/spec/lib/ruby_smb/smb1/tree_spec.rb +44 -7
data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +323 -6
data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +78 -0
data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
data/spec/lib/ruby_smb/smb2/packet/query_directory_response_spec.rb +8 -0
data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -22
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +286 -149
data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
data/spec/lib/ruby_smb/smb2/tree_spec.rb +261 -2
metadata +191 -83
metadata.gz.sig +0 -0
data/lib/ruby_smb/smb1/dcerpc.rb +0 -67
data/lib/ruby_smb/smb2/dcerpc.rb +0 -70
data/spec/lib/ruby_smb/smb1/packet/error_packet_spec.rb +0 -37

data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb CHANGED

@@ -5,6 +5,10 @@ module RubySMB
       #https://msdn.microsoft.com/en-us/library/cc247293.aspx
       class NetShareEnumAll < BinData::Record
+        attr_reader :opnum
+        mandatory_parameter :host
         endian :little
         uint32    :referent_id,  initial_value: 0x00000001
@@ -27,6 +31,11 @@ module RubySMB
         uint32 :resume_referent_id, initial_value: 0x00000001
         uint32 :resume_handle,    initial_value: 0
+        def initialize_instance
+          super
+          @opnum = NET_SHARE_ENUM_ALL
+        end
         def pad_length
           offset = (server_unc.abs_offset + server_unc.to_binary_s.length) % 4
           (4 - offset) % 4

data/lib/ruby_smb/dcerpc/winreg.rb ADDED

@@ -0,0 +1,340 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      UUID = '338CD001-2244-31F1-AAAA-900038001003'
+      VER_MAJOR = 1
+      VER_MINOR = 0
+      # Operation numbers
+      OPEN_HKCR             = 0x00
+      OPEN_HKCU             = 0x01
+      OPEN_HKLM             = 0x02
+      OPEN_HKPD             = 0x03
+      OPEN_HKU              = 0x04
+      REG_CLOSE_KEY         = 0x05
+      REG_ENUM_KEY          = 0x09
+      REG_ENUM_VALUE        = 0x0a
+      REG_OPEN_KEY          = 0x0f
+      REG_QUERY_INFO_KEY    = 0x10
+      REG_QUERY_VALUE       = 0x11
+      OPEN_HKCC             = 0x1b
+      OPEN_HKPT             = 0x20
+      OPEN_HKPN             = 0x21
+      require 'ruby_smb/dcerpc/winreg/regsam'
+      require 'ruby_smb/dcerpc/winreg/open_root_key_request'
+      require 'ruby_smb/dcerpc/winreg/open_root_key_response'
+      require 'ruby_smb/dcerpc/winreg/close_key_request'
+      require 'ruby_smb/dcerpc/winreg/close_key_response'
+      require 'ruby_smb/dcerpc/winreg/enum_key_request'
+      require 'ruby_smb/dcerpc/winreg/enum_key_response'
+      require 'ruby_smb/dcerpc/winreg/enum_value_request'
+      require 'ruby_smb/dcerpc/winreg/enum_value_response'
+      require 'ruby_smb/dcerpc/winreg/open_key_request'
+      require 'ruby_smb/dcerpc/winreg/open_key_response'
+      require 'ruby_smb/dcerpc/winreg/query_info_key_request'
+      require 'ruby_smb/dcerpc/winreg/query_info_key_response'
+      require 'ruby_smb/dcerpc/winreg/query_value_request'
+      require 'ruby_smb/dcerpc/winreg/query_value_response'
+      ROOT_KEY_MAP = {
+        "HKEY_CLASSES_ROOT"         => OPEN_HKCR,
+        "HKCR"                      => OPEN_HKCR,
+        "HKEY_CURRENT_USER"         => OPEN_HKCU,
+        "HKCU"                      => OPEN_HKCU,
+        "HKEY_LOCAL_MACHINE"        => OPEN_HKLM,
+        "HKLM"                      => OPEN_HKLM,
+        "HKEY_PERFORMANCE_DATA"     => OPEN_HKPD,
+        "HKPD"                      => OPEN_HKPD,
+        "HKEY_USERS"                => OPEN_HKU,
+        "HKU"                       => OPEN_HKU,
+        "HKEY_CURRENT_CONFIG"       => OPEN_HKCC,
+        "HKCC"                      => OPEN_HKCC,
+        "HKEY_PERFORMANCE_TEXT"     => OPEN_HKPT,
+        "HKPT"                      => OPEN_HKPT,
+        "HKEY_PERFORMANCE_NLS_TEXT" => OPEN_HKPN,
+        "HKPN"                      => OPEN_HKPN
+      }
+      # Open the registry root key and return a handle for it. The key can be
+      # either a long format (e.g. HKEY_LOCAL_MACHINE) or a short format
+      # (e.g. HKLM)
+      #
+      # @param root_key [String] the root key to open
+      # @return [Ndr::NdrContextHandle] the RPC context handle for the root key
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a OpenRootKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def open_root_key(root_key)
+        root_key_opnum = RubySMB::Dcerpc::Winreg::ROOT_KEY_MAP[root_key]
+        raise ArgumentError, "Unknown Root Key: #{root_key}" unless root_key_opnum
+        root_key_request_packet = OpenRootKeyRequest.new(opnum: root_key_opnum)
+        response = dcerpc_request(root_key_request_packet)
+        begin
+          root_key_response_packet = OpenRootKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket,
+            "Error reading OpenRootKeyResponse (command = #{root_key_opnum})"
+        end
+        unless root_key_response_packet.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError,
+            "Error returned when opening root key #{root_key}: "\
+            "#{WindowsError::Win32.find_by_retval(root_key_response_packet.error_status.value).join(',')}"
+        end
+        root_key_response_packet.ph_key
+      end
+      # Open the registry key specified by a root key handle (previously open
+      # with #open_root_key) and a subkey. It returns a handle for the key.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the root key
+      # @param sub_key [String] the subkey to open
+      # @return [Ndr::NdrContextHandle] the RPC context handle for the key
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a OpenKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def open_key(handle, sub_key)
+        openkey_request_packet = RubySMB::Dcerpc::Winreg::OpenKeyRequest.new(hkey: handle, lp_sub_key: sub_key)
+        openkey_request_packet.sam_desired.read_control = 1
+        openkey_request_packet.sam_desired.key_query_value = 1
+        openkey_request_packet.sam_desired.key_enumerate_sub_keys = 1
+        openkey_request_packet.sam_desired.key_notify = 1
+        response = dcerpc_request(openkey_request_packet)
+        begin
+          open_key_response = RubySMB::Dcerpc::Winreg::OpenKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the OpenKey response"
+        end
+        unless open_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when opening subkey #{sub_key}: "\
+            "#{WindowsError::Win32.find_by_retval(open_key_response.error_status.value).join(',')}"
+        end
+        open_key_response.phk_result
+      end
+      # Retrieve the data associated with the named value of a specified
+      # registry open key.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @param value_name [String] the name of the value
+      # @return [String] the data of the value entry
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a QueryValueResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def query_value(handle, value_name)
+        query_value_request_packet = RubySMB::Dcerpc::Winreg::QueryValueRequest.new(hkey: handle, lp_value_name: value_name)
+        query_value_request_packet.lp_data.referent_identifier = 0
+        response = dcerpc_request(query_value_request_packet)
+        begin
+          query_value_response = RubySMB::Dcerpc::Winreg::QueryValueResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the QueryValue response"
+        end
+        unless query_value_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when reading value #{value_name}: "\
+            "#{WindowsError::Win32.find_by_retval(query_value_response.error_status.value).join(',')}"
+        end
+        query_value_request_packet = RubySMB::Dcerpc::Winreg::QueryValueRequest.new(hkey: handle, lp_value_name: value_name)
+        query_value_request_packet.lpcb_data = query_value_response.lpcb_data
+        query_value_request_packet.lp_data.max_count = query_value_response.lpcb_data.referent
+        response = dcerpc_request(query_value_request_packet)
+        begin
+          query_value_response = RubySMB::Dcerpc::Winreg::QueryValueResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the QueryValue response"
+        end
+        unless query_value_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when reading value #{value_name}: "\
+            "#{WindowsError::Win32.find_by_retval(query_value_response.error_status.value).join(',')}"
+        end
+        query_value_response.data
+      end
+      # Close the handle to the registry key.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @return [WindowsError::Win32] the response error status
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a CloseKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def close_key(handle)
+        close_key_request_packet = RubySMB::Dcerpc::Winreg::CloseKeyRequest.new(hkey: handle)
+        response = dcerpc_request(close_key_request_packet)
+        begin
+          close_key_response = RubySMB::Dcerpc::Winreg::CloseKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the CloseKey response"
+        end
+        unless close_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when closing the key: "\
+            "#{WindowsError::Win32.find_by_retval(close_key_response.error_status.value).join(',')}"
+        end
+        close_key_response.error_status
+      end
+      # Retrive relevant information on the key that corresponds to the
+      # specified key handle.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @return [RubySMB::Dcerpc::Winreg::QueryInfoKeyResponse] the QueryInfoKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a QueryInfoKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def query_info_key(handle)
+        query_info_key_request_packet = RubySMB::Dcerpc::Winreg::QueryInfoKeyRequest.new(hkey: handle)
+        response = dcerpc_request(query_info_key_request_packet)
+        begin
+          query_info_key_response = RubySMB::Dcerpc::Winreg::QueryInfoKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the query_infoKey response"
+        end
+        unless query_info_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when querying information: "\
+            "#{WindowsError::Win32.find_by_retval(query_info_key_response.error_status.value).join(',')}"
+        end
+        query_info_key_response
+      end
+      # Enumerate the subkey at the specified index.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @param index [Numeric] the index of the subkey
+      # @return [String] the subkey name
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a EnumKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def enum_key(handle, index)
+        enum_key_request_packet = RubySMB::Dcerpc::Winreg::EnumKeyRequest.new(hkey: handle, dw_index: index)
+        enum_key_request_packet.lpft_last_write_time = 0
+        enum_key_request_packet.lp_class.referent.buffer = 0
+        enum_key_request_packet.lp_name.buffer.referent.max_count = 256
+        response = dcerpc_request(enum_key_request_packet)
+        begin
+          enum_key_response = RubySMB::Dcerpc::Winreg::EnumKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the EnumKey response"
+        end
+        unless enum_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when enumerating the key: "\
+            "#{WindowsError::Win32.find_by_retval(enum_key_response.error_status.value).join(',')}"
+        end
+        enum_key_response.lp_name.to_s
+      end
+      # Enumerate the value at the specified index for the specified registry key.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @param index [Numeric] the index of the subkey
+      # @return [String] the data of the value entry
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a EnumValueResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def enum_value(handle, index)
+        enum_value_request_packet = RubySMB::Dcerpc::Winreg::EnumValueRequest.new(hkey: handle, dw_index: index)
+        enum_value_request_packet.lp_data.referent_identifier = 0
+        enum_value_request_packet.lp_value_name.buffer.referent.max_count = 256
+        response = dcerpc_request(enum_value_request_packet)
+        begin
+          enum_value_response = RubySMB::Dcerpc::Winreg::EnumValueResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the Enumvalue response"
+        end
+        unless enum_value_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when enumerating values: "\
+            "#{WindowsError::Win32.find_by_retval(enum_value_response.error_status.value).join(',')}"
+        end
+        enum_value_response.lp_value_name.to_s
+      end
+      # Checks if the specified registry key exists. It returns true if it
+      # exists, false otherwise.
+      #
+      # @param key [String] the registry key to check
+      # @return [Boolean]
+      def has_registry_key?(key)
+        bind(endpoint: RubySMB::Dcerpc::Winreg)
+        root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
+        begin
+          root_key_handle = open_root_key(root_key)
+          subkey_handle = open_key(root_key_handle, sub_key)
+        rescue RubySMB::Dcerpc::Error::WinregError
+          return false
+        end
+        close_key(subkey_handle)
+        return true
+      end
+      # Retrieve the data associated with the named value of a specified
+      # registry key.
+      #
+      # @param key [String] the registry key
+      # @param value_name [String] the name of the value to read
+      # @return [String] the data of the value entry
+      def read_registry_key_value(key, value_name)
+        bind(endpoint: RubySMB::Dcerpc::Winreg)
+        root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
+        root_key_handle = open_root_key(root_key)
+        subkey_handle = open_key(root_key_handle, sub_key)
+        value = query_value(subkey_handle, value_name)
+        close_key(subkey_handle)
+        value
+      end
+      # Enumerate the subkeys of a specified registry key. If only a root key
+      # is provided, it enumerates its subkeys.
+      #
+      # @param key [String] the registry key
+      # @return [Array<String>] the subkeys
+      def enum_registry_key(key)
+        bind(endpoint: RubySMB::Dcerpc::Winreg)
+        root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
+        root_key_handle = open_root_key(root_key)
+        subkey_handle = if sub_key.nil? || sub_key.empty?
+                          root_key_handle
+                        else
+                          open_key(root_key_handle, sub_key)
+                        end
+        query_info_key_response = query_info_key(subkey_handle)
+        key_count = query_info_key_response.lpc_sub_keys.to_i
+        enum_result = []
+        key_count.times do |i|
+          enum_result << enum_key(subkey_handle, i)
+        end
+        close_key(subkey_handle)
+        enum_result
+      end
+      # Enumerate the values for the specified registry key.
+      #
+      # @param key [String] the registry key
+      # @return [Array<String>] the values
+      def enum_registry_values(key)
+        bind(endpoint: RubySMB::Dcerpc::Winreg)
+        root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
+        root_key_handle = open_root_key(root_key)
+        subkey_handle = if sub_key.nil? || sub_key.empty?
+                          root_key_handle
+                        else
+                          open_key(root_key_handle, sub_key)
+                        end
+        query_info_key_response = query_info_key(subkey_handle)
+        value_count = query_info_key_response.lpc_values.to_i
+        enum_result = []
+        value_count.times do |i|
+          enum_result << enum_value(subkey_handle, i)
+        end
+        close_key(subkey_handle)
+        enum_result
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb ADDED

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class RpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegCloseKey Request Packet as defined in
+      # [3.1.5.6 BaseRegCloseKey (Opnum 5)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/bc7545ff-0a54-4465-a95a-396b5c2995df)
+      class CloseKeyRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rpc_hkey  :hkey
+        def initialize_instance
+          super
+          @opnum = REG_CLOSE_KEY
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb ADDED

@@ -0,0 +1,27 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class RpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegCloseKey Response Packet as defined in
+      # [3.1.5.6 BaseRegCloseKey (Opnum 5)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/bc7545ff-0a54-4465-a95a-396b5c2995df)
+      class CloseKeyResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rpc_hkey  :hkey
+        uint32    :error_status
+        def initialize_instance
+          super
+          @opnum = REG_CLOSE_KEY
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb ADDED

@@ -0,0 +1,45 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class RpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegEnumKey Request Packet as defined in
+      # [3.1.5.10 BaseRegEnumKey (Opnum 9)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/668627e9-e0eb-4ab1-911f-0af589beeac3)
+      class EnumKeyRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rpc_hkey            :hkey
+        uint32              :dw_index
+        rrp_unicode_string  :lp_name
+        string              :pad1,     length: -> { pad_length1 }
+        prrp_unicode_string :lp_class
+        string              :pad2,     length: -> { pad_length2 }
+        ndr_lp_file_time    :lpft_last_write_time
+        def initialize_instance
+          super
+          @opnum = REG_ENUM_KEY
+        end
+        # Determines the correct length for the padding in front of
+        # #lp_class. It should always force a 4-byte alignment.
+        def pad_length1
+          offset = (lp_name.abs_offset + lp_name.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+        # Determines the correct length for the padding in front of
+        # #lpft_last_write_time. It should always force a 4-byte alignment.
+        def pad_length2
+          offset = (lp_class.abs_offset + lp_class.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+      end
+    end
+  end
+end