RubyGems - ruby_smb - Versions diffs - 1.0.5 → 2.0.3 - Mend

ruby_smb 1.0.5 → 2.0.3

Files changed (191) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.travis.yml +3 -2
data/Gemfile +6 -2
data/README.md +35 -47
data/examples/anonymous_auth.rb +3 -3
data/examples/append_file.rb +10 -8
data/examples/authenticate.rb +9 -5
data/examples/delete_file.rb +8 -6
data/examples/enum_registry_key.rb +29 -0
data/examples/enum_registry_values.rb +31 -0
data/examples/list_directory.rb +8 -6
data/examples/negotiate.rb +51 -8
data/examples/negotiate_with_netbios_service.rb +9 -5
data/examples/net_share_enum_all.rb +6 -4
data/examples/pipes.rb +13 -13
data/examples/query_service_status.rb +64 -0
data/examples/read_file.rb +8 -6
data/examples/read_file_encryption.rb +56 -0
data/examples/read_registry_key_value.rb +33 -0
data/examples/rename_file.rb +9 -7
data/examples/tree_connect.rb +7 -5
data/examples/write_file.rb +9 -7
data/lib/ruby_smb.rb +4 -1
data/lib/ruby_smb/client.rb +239 -21
data/lib/ruby_smb/client/authentication.rb +27 -8
data/lib/ruby_smb/client/encryption.rb +62 -0
data/lib/ruby_smb/client/negotiation.rb +154 -12
data/lib/ruby_smb/client/signing.rb +19 -0
data/lib/ruby_smb/client/tree_connect.rb +4 -4
data/lib/ruby_smb/client/utils.rb +8 -7
data/lib/ruby_smb/client/winreg.rb +46 -0
data/lib/ruby_smb/crypto.rb +30 -0
data/lib/ruby_smb/dcerpc.rb +40 -0
data/lib/ruby_smb/dcerpc/bind.rb +2 -2
data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
data/lib/ruby_smb/dcerpc/error.rb +6 -0
data/lib/ruby_smb/dcerpc/ndr.rb +260 -16
data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
data/lib/ruby_smb/dcerpc/request.rb +41 -9
data/lib/ruby_smb/dcerpc/rpc_security_attributes.rb +34 -0
data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +38 -0
data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
data/lib/ruby_smb/dcerpc/svcctl.rb +479 -0
data/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_request.rb +48 -0
data/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/close_service_handle_request.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/close_service_handle_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/control_service_request.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/control_service_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_request.rb +35 -0
data/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_response.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/open_service_w_request.rb +31 -0
data/lib/ruby_smb/dcerpc/svcctl/open_service_w_response.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_request.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_response.rb +44 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_status_request.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_status_response.rb +27 -0
data/lib/ruby_smb/dcerpc/svcctl/service_status.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/start_service_w_request.rb +27 -0
data/lib/ruby_smb/dcerpc/svcctl/start_service_w_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg.rb +421 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/create_key_request.rb +73 -0
data/lib/ruby_smb/dcerpc/winreg/create_key_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/save_key_request.rb +37 -0
data/lib/ruby_smb/dcerpc/winreg/save_key_response.rb +23 -0
data/lib/ruby_smb/dispatcher/base.rb +1 -1
data/lib/ruby_smb/dispatcher/socket.rb +5 -4
data/lib/ruby_smb/error.rb +28 -1
data/lib/ruby_smb/field/stringz16.rb +17 -1
data/lib/ruby_smb/nbss/session_header.rb +4 -4
data/lib/ruby_smb/smb1/commands.rb +1 -1
data/lib/ruby_smb/smb1/file.rb +8 -14
data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/session_setup_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/write_andx_request.rb +1 -1
data/lib/ruby_smb/smb1/pipe.rb +81 -3
data/lib/ruby_smb/smb1/tree.rb +12 -3
data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
data/lib/ruby_smb/smb2/file.rb +51 -61
data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
data/lib/ruby_smb/smb2/packet.rb +2 -0
data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
data/lib/ruby_smb/smb2/packet/error_packet.rb +2 -4
data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -14
data/lib/ruby_smb/smb2/packet/negotiate_response.rb +50 -4
data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +92 -6
data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +8 -26
data/lib/ruby_smb/smb2/pipe.rb +80 -3
data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
data/lib/ruby_smb/smb2/tree.rb +32 -20
data/lib/ruby_smb/version.rb +1 -1
data/ruby_smb.gemspec +5 -3
data/spec/lib/ruby_smb/client_spec.rb +1583 -102
data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +1729 -0
data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
data/spec/lib/ruby_smb/dcerpc/rpc_security_attributes_spec.rb +161 -0
data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +135 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_request_spec.rb +191 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/close_service_handle_request_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/close_service_handle_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/control_service_request_spec.rb +39 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/control_service_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_request_spec.rb +78 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_service_w_request_spec.rb +59 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_service_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_request_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_response_spec.rb +152 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_status_request_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_status_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/service_status_spec.rb +72 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/start_service_w_request_spec.rb +46 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/start_service_w_response_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl_spec.rb +512 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
data/spec/lib/ruby_smb/dcerpc/winreg/create_key_request_spec.rb +110 -0
data/spec/lib/ruby_smb/dcerpc/winreg/create_key_response_spec.rb +44 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +104 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +95 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +138 -0
data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
data/spec/lib/ruby_smb/dcerpc/winreg/save_key_request_spec.rb +57 -0
data/spec/lib/ruby_smb/dcerpc/winreg/save_key_response_spec.rb +22 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +884 -0
data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +12 -12
data/spec/lib/ruby_smb/error_spec.rb +59 -0
data/spec/lib/ruby_smb/field/stringz16_spec.rb +12 -0
data/spec/lib/ruby_smb/nbss/session_header_spec.rb +4 -11
data/spec/lib/ruby_smb/smb1/file_spec.rb +9 -1
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
data/spec/lib/ruby_smb/smb1/pipe_spec.rb +216 -147
data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +146 -68
data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +3 -24
data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -30
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +226 -148
data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
data/spec/lib/ruby_smb/smb2/tree_spec.rb +88 -9
metadata +257 -81
metadata.gz.sig +0 -0
data/lib/ruby_smb/smb1/dcerpc.rb +0 -72
data/lib/ruby_smb/smb2/dcerpc.rb +0 -75

data/lib/ruby_smb/dcerpc/svcctl/start_service_w_request.rb ADDED

@@ -0,0 +1,27 @@
+require 'ruby_smb/dcerpc/ndr'
+module RubySMB
+  module Dcerpc
+    module Svcctl
+      # [3.1.4.19 RStartServiceW (Opnum 19)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-scmr/d9be95a2-cf01-4bdc-b30f-6fe4b37ada16)
+      class StartServiceWRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        sc_rpc_handle       :h_service
+        uint32              :argc
+        ndr_lp_string_ptrsw :argv
+        def initialize_instance
+          super
+          @opnum = START_SERVICE_W
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/svcctl/start_service_w_response.rb ADDED

@@ -0,0 +1,25 @@
+require 'ruby_smb/dcerpc/ndr'
+module RubySMB
+  module Dcerpc
+    module Svcctl
+      # [3.1.4.19 RStartServiceW (Opnum 19)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-scmr/d9be95a2-cf01-4bdc-b30f-6fe4b37ada16)
+      class StartServiceWResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        uint32 :error_status
+        def initialize_instance
+          super
+          @opnum = START_SERVICE_W
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg.rb ADDED

@@ -0,0 +1,421 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      UUID = '338CD001-2244-31F1-AAAA-900038001003'
+      VER_MAJOR = 1
+      VER_MINOR = 0
+      # Operation numbers
+      OPEN_HKCR             = 0x00
+      OPEN_HKCU             = 0x01
+      OPEN_HKLM             = 0x02
+      OPEN_HKPD             = 0x03
+      OPEN_HKU              = 0x04
+      REG_CLOSE_KEY         = 0x05
+      REG_CREATE_KEY        = 0x06
+      REG_ENUM_KEY          = 0x09
+      REG_ENUM_VALUE        = 0x0a
+      REG_OPEN_KEY          = 0x0f
+      REG_QUERY_INFO_KEY    = 0x10
+      REG_QUERY_VALUE       = 0x11
+      REG_SAVE_KEY          = 0x14
+      OPEN_HKCC             = 0x1b
+      OPEN_HKPT             = 0x20
+      OPEN_HKPN             = 0x21
+      require 'ruby_smb/dcerpc/winreg/regsam'
+      require 'ruby_smb/dcerpc/winreg/open_root_key_request'
+      require 'ruby_smb/dcerpc/winreg/open_root_key_response'
+      require 'ruby_smb/dcerpc/winreg/close_key_request'
+      require 'ruby_smb/dcerpc/winreg/close_key_response'
+      require 'ruby_smb/dcerpc/winreg/enum_key_request'
+      require 'ruby_smb/dcerpc/winreg/enum_key_response'
+      require 'ruby_smb/dcerpc/winreg/enum_value_request'
+      require 'ruby_smb/dcerpc/winreg/enum_value_response'
+      require 'ruby_smb/dcerpc/winreg/open_key_request'
+      require 'ruby_smb/dcerpc/winreg/open_key_response'
+      require 'ruby_smb/dcerpc/winreg/query_info_key_request'
+      require 'ruby_smb/dcerpc/winreg/query_info_key_response'
+      require 'ruby_smb/dcerpc/winreg/query_value_request'
+      require 'ruby_smb/dcerpc/winreg/query_value_response'
+      require 'ruby_smb/dcerpc/winreg/create_key_request'
+      require 'ruby_smb/dcerpc/winreg/create_key_response'
+      require 'ruby_smb/dcerpc/winreg/save_key_request'
+      require 'ruby_smb/dcerpc/winreg/save_key_response'
+      ROOT_KEY_MAP = {
+        "HKEY_CLASSES_ROOT"         => OPEN_HKCR,
+        "HKCR"                      => OPEN_HKCR,
+        "HKEY_CURRENT_USER"         => OPEN_HKCU,
+        "HKCU"                      => OPEN_HKCU,
+        "HKEY_LOCAL_MACHINE"        => OPEN_HKLM,
+        "HKLM"                      => OPEN_HKLM,
+        "HKEY_PERFORMANCE_DATA"     => OPEN_HKPD,
+        "HKPD"                      => OPEN_HKPD,
+        "HKEY_USERS"                => OPEN_HKU,
+        "HKU"                       => OPEN_HKU,
+        "HKEY_CURRENT_CONFIG"       => OPEN_HKCC,
+        "HKCC"                      => OPEN_HKCC,
+        "HKEY_PERFORMANCE_TEXT"     => OPEN_HKPT,
+        "HKPT"                      => OPEN_HKPT,
+        "HKEY_PERFORMANCE_NLS_TEXT" => OPEN_HKPN,
+        "HKPN"                      => OPEN_HKPN
+      }
+      # Open the registry root key and return a handle for it. The key can be
+      # either a long format (e.g. HKEY_LOCAL_MACHINE) or a short format
+      # (e.g. HKLM)
+      #
+      # @param root_key [String] the root key to open
+      # @return [Ndr::NdrContextHandle] the RPC context handle for the root key
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a OpenRootKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def open_root_key(root_key)
+        root_key_opnum = RubySMB::Dcerpc::Winreg::ROOT_KEY_MAP[root_key]
+        raise ArgumentError, "Unknown Root Key: #{root_key}" unless root_key_opnum
+        root_key_request_packet = OpenRootKeyRequest.new(opnum: root_key_opnum)
+        response = dcerpc_request(root_key_request_packet)
+        begin
+          root_key_response_packet = OpenRootKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket,
+            "Error reading OpenRootKeyResponse (command = #{root_key_opnum})"
+        end
+        unless root_key_response_packet.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError,
+            "Error returned when opening root key #{root_key}: "\
+            "#{WindowsError::Win32.find_by_retval(root_key_response_packet.error_status.value).join(',')}"
+        end
+        root_key_response_packet.ph_key
+      end
+      # Open the registry key specified by a root key handle (previously open
+      # with #open_root_key) and a subkey. It returns a handle for the key.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the root key
+      # @param sub_key [String] the subkey to open
+      # @return [Ndr::NdrContextHandle] the RPC context handle for the key
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a OpenKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def open_key(handle, sub_key)
+        openkey_request_packet = RubySMB::Dcerpc::Winreg::OpenKeyRequest.new(hkey: handle, lp_sub_key: sub_key)
+        openkey_request_packet.sam_desired.read_control = 1
+        openkey_request_packet.sam_desired.key_query_value = 1
+        openkey_request_packet.sam_desired.key_enumerate_sub_keys = 1
+        openkey_request_packet.sam_desired.key_notify = 1
+        response = dcerpc_request(openkey_request_packet)
+        begin
+          open_key_response = RubySMB::Dcerpc::Winreg::OpenKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the OpenKey response"
+        end
+        unless open_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when opening subkey #{sub_key}: "\
+            "#{WindowsError::Win32.find_by_retval(open_key_response.error_status.value).join(',')}"
+        end
+        open_key_response.phk_result
+      end
+      # Retrieve the data associated with the named value of a specified
+      # registry open key.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @param value_name [String] the name of the value
+      # @return [String] the data of the value entry
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a QueryValueResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def query_value(handle, value_name)
+        query_value_request_packet = RubySMB::Dcerpc::Winreg::QueryValueRequest.new(hkey: handle, lp_value_name: value_name)
+        query_value_request_packet.lp_type = 0
+        query_value_request_packet.lpcb_data = 0
+        query_value_request_packet.lpcb_len = 0
+        response = dcerpc_request(query_value_request_packet)
+        begin
+          query_value_response = RubySMB::Dcerpc::Winreg::QueryValueResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the QueryValue response"
+        end
+        unless query_value_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when reading value #{value_name}: "\
+            "#{WindowsError::Win32.find_by_retval(query_value_response.error_status.value).join(',')}"
+        end
+        query_value_request_packet.lpcb_data = query_value_response.lpcb_data
+        query_value_request_packet.lp_data = []
+        query_value_request_packet.lp_data.referent.max_count = query_value_response.lpcb_data.referent
+        response = dcerpc_request(query_value_request_packet)
+        begin
+          query_value_response = RubySMB::Dcerpc::Winreg::QueryValueResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the QueryValue response"
+        end
+        unless query_value_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when reading value #{value_name}: "\
+            "#{WindowsError::Win32.find_by_retval(query_value_response.error_status.value).join(',')}"
+        end
+        query_value_response.data
+      end
+      # Close the handle to the registry key.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @return [WindowsError::Win32] the response error status
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a CloseKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def close_key(handle)
+        close_key_request_packet = RubySMB::Dcerpc::Winreg::CloseKeyRequest.new(hkey: handle)
+        response = dcerpc_request(close_key_request_packet)
+        begin
+          close_key_response = RubySMB::Dcerpc::Winreg::CloseKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the CloseKey response"
+        end
+        unless close_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when closing the key: "\
+            "#{WindowsError::Win32.find_by_retval(close_key_response.error_status.value).join(',')}"
+        end
+        close_key_response.error_status
+      end
+      # Retrive relevant information on the key that corresponds to the
+      # specified key handle.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @return [RubySMB::Dcerpc::Winreg::QueryInfoKeyResponse] the QueryInfoKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a QueryInfoKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def query_info_key(handle)
+        query_info_key_request_packet = RubySMB::Dcerpc::Winreg::QueryInfoKeyRequest.new(hkey: handle)
+        query_info_key_request_packet.lp_class = ''
+        query_info_key_request_packet.lp_class.referent.actual_count = 0
+        query_info_key_request_packet.lp_class.maximum_length = 1024
+        query_info_key_request_packet.lp_class.buffer.referent.max_count = 1024 / 2
+        response = dcerpc_request(query_info_key_request_packet)
+        begin
+          query_info_key_response = RubySMB::Dcerpc::Winreg::QueryInfoKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the query_infoKey response"
+        end
+        unless query_info_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when querying information: "\
+            "#{WindowsError::Win32.find_by_retval(query_info_key_response.error_status.value).join(',')}"
+        end
+        query_info_key_response
+      end
+      # Enumerate the subkey at the specified index.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @param index [Numeric] the index of the subkey
+      # @return [String] the subkey name
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a EnumKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def enum_key(handle, index)
+        enum_key_request_packet = RubySMB::Dcerpc::Winreg::EnumKeyRequest.new(hkey: handle, dw_index: index)
+        enum_key_request_packet.lpft_last_write_time = 0
+        enum_key_request_packet.lp_class = ''
+        enum_key_request_packet.lp_class.referent.buffer = :null
+        enum_key_request_packet.lp_name.buffer = ''
+        enum_key_request_packet.lp_name.buffer.referent.max_count = 256
+        response = dcerpc_request(enum_key_request_packet)
+        begin
+          enum_key_response = RubySMB::Dcerpc::Winreg::EnumKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the EnumKey response"
+        end
+        unless enum_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when enumerating the key: "\
+            "#{WindowsError::Win32.find_by_retval(enum_key_response.error_status.value).join(',')}"
+        end
+        enum_key_response.lp_name.to_s
+      end
+      # Enumerate the value at the specified index for the specified registry key.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @param index [Numeric] the index of the subkey
+      # @return [String] the data of the value entry
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a EnumValueResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def enum_value(handle, index)
+        enum_value_request_packet = RubySMB::Dcerpc::Winreg::EnumValueRequest.new(hkey: handle, dw_index: index)
+        enum_value_request_packet.lp_value_name.buffer = ''
+        enum_value_request_packet.lp_value_name.buffer.referent.max_count = 256
+        response = dcerpc_request(enum_value_request_packet)
+        begin
+          enum_value_response = RubySMB::Dcerpc::Winreg::EnumValueResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the Enumvalue response"
+        end
+        unless enum_value_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when enumerating values: "\
+            "#{WindowsError::Win32.find_by_retval(enum_value_response.error_status.value).join(',')}"
+        end
+        enum_value_response.lp_value_name.to_s
+      end
+      # Creates the specified registry key and returns a handle to the newly created key
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @param sub_key [String] the name of the key
+      # @param opts [Hash] options for the CreateKeyRequest
+      # @return [RubySMB::Dcerpc::Winreg::PrpcHkey] the handle to the opened or created key
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a CreateKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def create_key(handle, sub_key, opts = {})
+        opts = {
+          hkey:                   handle,
+          lp_sub_key:             sub_key,
+          lp_class:               opts[:lp_class] || :null,
+          dw_options:             opts[:dw_options] || RubySMB::Dcerpc::Winreg::CreateKeyRequest::REG_KEY_TYPE_VOLATILE,
+          sam_desired:            opts[:sam_desired] || RubySMB::Dcerpc::Winreg::Regsam.new(maximum: 1),
+          lp_security_attributes: opts[:lp_security_attributes] || RubySMB::Dcerpc::RpcSecurityAttributes.new,
+          lpdw_disposition:       opts[:lpdw_disposition] || RubySMB::Dcerpc::Winreg::CreateKeyRequest::REG_CREATED_NEW_KEY,
+        }
+        create_key_request_packet = RubySMB::Dcerpc::Winreg::CreateKeyRequest.new(opts)
+        response = dcerpc_request(create_key_request_packet)
+        begin
+          create_key_response = RubySMB::Dcerpc::Winreg::CreateKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the CreateKey response"
+        end
+        unless create_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when creating key #{sub_key}: "\
+            "#{WindowsError::Win32.find_by_retval(create_key_response.error_status.value).join(',')}"
+        end
+        create_key_response.hkey
+      end
+      # Saves the specified key, subkeys, and values to a new file
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @param file_name [String] the name of the registry file in which the specified key and subkeys are to be saved
+      # @param opts [Hash] options for the SaveKeyRequest
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a SaveKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def save_key(handle, file_name, opts = {})
+        opts = {
+          hkey:                   handle,
+          lp_file:                file_name,
+          lp_security_attributes: opts[:lp_security_attributes] || :null,
+        }
+        save_key_request_packet = RubySMB::Dcerpc::Winreg::SaveKeyRequest.new(opts)
+        response = dcerpc_request(save_key_request_packet)
+        begin
+          save_key_response = RubySMB::Dcerpc::Winreg::SaveKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the SaveKeyResponse response"
+        end
+        unless save_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when saving key to #{file_name}: "\
+            "#{WindowsError::Win32.find_by_retval(save_key_response.error_status.value).join(',')}"
+        end
+      end
+      # Checks if the specified registry key exists. It returns true if it
+      # exists, false otherwise.
+      #
+      # @param key [String] the registry key to check
+      # @return [Boolean]
+      def has_registry_key?(key, bind: true)
+        bind(endpoint: RubySMB::Dcerpc::Winreg) if bind
+        root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
+        begin
+          root_key_handle = open_root_key(root_key)
+          subkey_handle = open_key(root_key_handle, sub_key)
+        rescue RubySMB::Dcerpc::Error::WinregError
+          return false
+        end
+        return true
+      ensure
+        close_key(subkey_handle) if subkey_handle
+        close_key(root_key_handle) if root_key_handle
+      end
+      # Retrieve the data associated with the named value of a specified
+      # registry key.
+      #
+      # @param key [String] the registry key
+      # @param value_name [String] the name of the value to read
+      # @return [String] the data of the value entry
+      def read_registry_key_value(key, value_name, bind: true)
+        bind(endpoint: RubySMB::Dcerpc::Winreg) if bind
+        root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
+        root_key_handle = open_root_key(root_key)
+        subkey_handle = open_key(root_key_handle, sub_key)
+        value = query_value(subkey_handle, value_name)
+        value
+      ensure
+        close_key(subkey_handle) if subkey_handle
+        close_key(root_key_handle) if root_key_handle
+      end
+      # Enumerate the subkeys of a specified registry key. If only a root key
+      # is provided, it enumerates its subkeys.
+      #
+      # @param key [String] the registry key
+      # @return [Array<String>] the subkeys
+      def enum_registry_key(key, bind: true)
+        bind(endpoint: RubySMB::Dcerpc::Winreg) if bind
+        root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
+        root_key_handle = open_root_key(root_key)
+        subkey_handle = if sub_key.nil? || sub_key.empty?
+                          root_key_handle
+                        else
+                          open_key(root_key_handle, sub_key)
+                        end
+        query_info_key_response = query_info_key(subkey_handle)
+        key_count = query_info_key_response.lpc_sub_keys.to_i
+        enum_result = []
+        key_count.times do |i|
+          enum_result << enum_key(subkey_handle, i)
+        end
+        enum_result
+      ensure
+        close_key(subkey_handle) if subkey_handle
+        close_key(root_key_handle) if root_key_handle
+      end
+      # Enumerate the values for the specified registry key.
+      #
+      # @param key [String] the registry key
+      # @return [Array<String>] the values
+      def enum_registry_values(key, bind: true)
+        bind(endpoint: RubySMB::Dcerpc::Winreg) if bind
+        root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
+        root_key_handle = open_root_key(root_key)
+        subkey_handle = if sub_key.nil? || sub_key.empty?
+                          root_key_handle
+                        else
+                          open_key(root_key_handle, sub_key)
+                        end
+        query_info_key_response = query_info_key(subkey_handle)
+        value_count = query_info_key_response.lpc_values.to_i
+        enum_result = []
+        value_count.times do |i|
+          enum_result << enum_value(subkey_handle, i)
+        end
+        enum_result
+      ensure
+        close_key(subkey_handle) if subkey_handle
+        close_key(root_key_handle) if root_key_handle
+      end
+    end
+  end
+end