RubyGems - ruby_smb - Versions diffs - 1.0.5 → 2.0.3 - Mend

ruby_smb 1.0.5 → 2.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (191) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.travis.yml +3 -2
data/Gemfile +6 -2
data/README.md +35 -47
data/examples/anonymous_auth.rb +3 -3
data/examples/append_file.rb +10 -8
data/examples/authenticate.rb +9 -5
data/examples/delete_file.rb +8 -6
data/examples/enum_registry_key.rb +29 -0
data/examples/enum_registry_values.rb +31 -0
data/examples/list_directory.rb +8 -6
data/examples/negotiate.rb +51 -8
data/examples/negotiate_with_netbios_service.rb +9 -5
data/examples/net_share_enum_all.rb +6 -4
data/examples/pipes.rb +13 -13
data/examples/query_service_status.rb +64 -0
data/examples/read_file.rb +8 -6
data/examples/read_file_encryption.rb +56 -0
data/examples/read_registry_key_value.rb +33 -0
data/examples/rename_file.rb +9 -7
data/examples/tree_connect.rb +7 -5
data/examples/write_file.rb +9 -7
data/lib/ruby_smb.rb +4 -1
data/lib/ruby_smb/client.rb +239 -21
data/lib/ruby_smb/client/authentication.rb +27 -8
data/lib/ruby_smb/client/encryption.rb +62 -0
data/lib/ruby_smb/client/negotiation.rb +154 -12
data/lib/ruby_smb/client/signing.rb +19 -0
data/lib/ruby_smb/client/tree_connect.rb +4 -4
data/lib/ruby_smb/client/utils.rb +8 -7
data/lib/ruby_smb/client/winreg.rb +46 -0
data/lib/ruby_smb/crypto.rb +30 -0
data/lib/ruby_smb/dcerpc.rb +40 -0
data/lib/ruby_smb/dcerpc/bind.rb +2 -2
data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
data/lib/ruby_smb/dcerpc/error.rb +6 -0
data/lib/ruby_smb/dcerpc/ndr.rb +260 -16
data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
data/lib/ruby_smb/dcerpc/request.rb +41 -9
data/lib/ruby_smb/dcerpc/rpc_security_attributes.rb +34 -0
data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +38 -0
data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
data/lib/ruby_smb/dcerpc/svcctl.rb +479 -0
data/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_request.rb +48 -0
data/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/close_service_handle_request.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/close_service_handle_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/control_service_request.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/control_service_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_request.rb +35 -0
data/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_response.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/open_service_w_request.rb +31 -0
data/lib/ruby_smb/dcerpc/svcctl/open_service_w_response.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_request.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_response.rb +44 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_status_request.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_status_response.rb +27 -0
data/lib/ruby_smb/dcerpc/svcctl/service_status.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/start_service_w_request.rb +27 -0
data/lib/ruby_smb/dcerpc/svcctl/start_service_w_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg.rb +421 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/create_key_request.rb +73 -0
data/lib/ruby_smb/dcerpc/winreg/create_key_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/save_key_request.rb +37 -0
data/lib/ruby_smb/dcerpc/winreg/save_key_response.rb +23 -0
data/lib/ruby_smb/dispatcher/base.rb +1 -1
data/lib/ruby_smb/dispatcher/socket.rb +5 -4
data/lib/ruby_smb/error.rb +28 -1
data/lib/ruby_smb/field/stringz16.rb +17 -1
data/lib/ruby_smb/nbss/session_header.rb +4 -4
data/lib/ruby_smb/smb1/commands.rb +1 -1
data/lib/ruby_smb/smb1/file.rb +8 -14
data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/session_setup_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/write_andx_request.rb +1 -1
data/lib/ruby_smb/smb1/pipe.rb +81 -3
data/lib/ruby_smb/smb1/tree.rb +12 -3
data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
data/lib/ruby_smb/smb2/file.rb +51 -61
data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
data/lib/ruby_smb/smb2/packet.rb +2 -0
data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
data/lib/ruby_smb/smb2/packet/error_packet.rb +2 -4
data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -14
data/lib/ruby_smb/smb2/packet/negotiate_response.rb +50 -4
data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +92 -6
data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +8 -26
data/lib/ruby_smb/smb2/pipe.rb +80 -3
data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
data/lib/ruby_smb/smb2/tree.rb +32 -20
data/lib/ruby_smb/version.rb +1 -1
data/ruby_smb.gemspec +5 -3
data/spec/lib/ruby_smb/client_spec.rb +1583 -102
data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +1729 -0
data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
data/spec/lib/ruby_smb/dcerpc/rpc_security_attributes_spec.rb +161 -0
data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +135 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_request_spec.rb +191 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/close_service_handle_request_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/close_service_handle_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/control_service_request_spec.rb +39 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/control_service_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_request_spec.rb +78 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_service_w_request_spec.rb +59 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_service_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_request_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_response_spec.rb +152 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_status_request_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_status_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/service_status_spec.rb +72 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/start_service_w_request_spec.rb +46 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/start_service_w_response_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl_spec.rb +512 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
data/spec/lib/ruby_smb/dcerpc/winreg/create_key_request_spec.rb +110 -0
data/spec/lib/ruby_smb/dcerpc/winreg/create_key_response_spec.rb +44 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +104 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +95 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +138 -0
data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
data/spec/lib/ruby_smb/dcerpc/winreg/save_key_request_spec.rb +57 -0
data/spec/lib/ruby_smb/dcerpc/winreg/save_key_response_spec.rb +22 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +884 -0
data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +12 -12
data/spec/lib/ruby_smb/error_spec.rb +59 -0
data/spec/lib/ruby_smb/field/stringz16_spec.rb +12 -0
data/spec/lib/ruby_smb/nbss/session_header_spec.rb +4 -11
data/spec/lib/ruby_smb/smb1/file_spec.rb +9 -1
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
data/spec/lib/ruby_smb/smb1/pipe_spec.rb +216 -147
data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +146 -68
data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +3 -24
data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -30
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +226 -148
data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
data/spec/lib/ruby_smb/smb2/tree_spec.rb +88 -9
metadata +257 -81
metadata.gz.sig +0 -0
data/lib/ruby_smb/smb1/dcerpc.rb +0 -72
data/lib/ruby_smb/smb2/dcerpc.rb +0 -75

data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb ADDED

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class RpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegCloseKey Request Packet as defined in
+      # [3.1.5.6 BaseRegCloseKey (Opnum 5)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/bc7545ff-0a54-4465-a95a-396b5c2995df)
+      class CloseKeyRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rpc_hkey  :hkey
+        def initialize_instance
+          super
+          @opnum = REG_CLOSE_KEY
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb ADDED

@@ -0,0 +1,27 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class RpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegCloseKey Response Packet as defined in
+      # [3.1.5.6 BaseRegCloseKey (Opnum 5)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/bc7545ff-0a54-4465-a95a-396b5c2995df)
+      class CloseKeyResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rpc_hkey  :hkey
+        uint32    :error_status
+        def initialize_instance
+          super
+          @opnum = REG_CLOSE_KEY
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/create_key_request.rb ADDED

@@ -0,0 +1,73 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class RpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegCreateKey Request Packet as defined in
+      # [3.1.5.7 BaseRegCreateKey (Opnum 6)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/c7186ae2-1c82-45e9-933b-97d9873657e8)
+      class CreateKeyRequest < BinData::Record
+        # Options:
+        # bitwise OR of one of the key types (REG_KEY_TYPE_*), and any or none
+        # of the other options:
+        #
+        # This key is not volatile. The key and all its values MUST be
+        # persisted to the backing store and is preserved when the registry
+        # server loses context due to a computer restart, reboot, or shut down
+        # process.
+        REG_KEY_TYPE_NON_VOLATILE  = 0x00000000
+        # This key is volatile. The key with all its subkeys and values MUST
+        # NOT be preserved when the registry server loses context due to a
+        # computer restart, reboot, or shut down process.
+        REG_KEY_TYPE_VOLATILE      = 0x00000001
+        # This key is a symbolic link to another key.
+        REG_KEY_TYPE_SYMLINK       = 0x00000002
+        # Indicates that the caller wishes to assert its backup and/or restore
+        # privileges.
+        REG_OPTION_BACKUP_RESTORE  = 0x00000004
+        # Indicates that the caller wishes to open the targeted symlink source
+        # rather than the symlink target.
+        REG_OPTION_OPEN_LINK       = 0x00000008
+        # Indicates that the caller wishes to disable limited user access
+        # virtualization for this operation.
+        REG_OPTION_DONT_VIRTUALIZE = 0x00000010
+        # Create disposition:
+        # The key did not exist and was created.
+        REG_CREATED_NEW_KEY     = 0x00000001
+        # The key already existed and was opened without being changed.
+        REG_OPENED_EXISTING_KEY = 0x00000002
+        attr_reader :opnum
+        endian :little
+        rpc_hkey                 :hkey
+        rrp_unicode_string       :lp_sub_key
+        string                   :pad1, length: -> { pad_length(self.lp_sub_key) }
+        rrp_unicode_string       :lp_class
+        string                   :pad2, length: -> { pad_length(self.lp_class) }
+        uint32                   :dw_options
+        regsam                   :sam_desired
+        prpc_security_attributes :lp_security_attributes
+        string                   :pad3, length: -> { pad_length(self.lp_security_attributes) }
+        ndr_lp_dword             :lpdw_disposition
+        def initialize_instance
+          super
+          @opnum = REG_CREATE_KEY
+        end
+        # Determines the correct length for the padding, so that the next
+        # field is 4-byte aligned.
+        def pad_length(prev_element)
+          offset = (prev_element.abs_offset + prev_element.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/create_key_response.rb ADDED

@@ -0,0 +1,36 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class PrpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegCreateKey Response Packet as defined in
+      # [3.1.5.7 BaseRegCreateKey (Opnum 6)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/c7186ae2-1c82-45e9-933b-97d9873657e8)
+      class CreateKeyResponse < BinData::Record
+        # Create disposition
+        # The key did not exist and was created.
+        REG_CREATED_NEW_KEY     = 0x00000001
+        # The key already existed and was opened without being changed.
+        REG_OPENED_EXISTING_KEY = 0x00000002
+        attr_reader :opnum
+        endian :little
+        prpc_hkey    :hkey
+        ndr_lp_dword :lpdw_disposition
+        uint32       :error_status
+        def initialize_instance
+          super
+          @opnum = REG_CREATE_KEY
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb ADDED

@@ -0,0 +1,45 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class RpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegEnumKey Request Packet as defined in
+      # [3.1.5.10 BaseRegEnumKey (Opnum 9)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/668627e9-e0eb-4ab1-911f-0af589beeac3)
+      class EnumKeyRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rpc_hkey            :hkey
+        uint32              :dw_index
+        rrp_unicode_string :lp_name
+        string              :pad1,     length: -> { pad_length1 }
+        prrp_unicode_string :lp_class
+        string              :pad2,     length: -> { pad_length2 }
+        ndr_lp_file_time    :lpft_last_write_time
+        def initialize_instance
+          super
+          @opnum = REG_ENUM_KEY
+        end
+        # Determines the correct length for the padding in front of
+        # #lp_class. It should always force a 4-byte alignment.
+        def pad_length1
+          offset = (lp_name.abs_offset + lp_name.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+        # Determines the correct length for the padding in front of
+        # #lpft_last_write_time. It should always force a 4-byte alignment.
+        def pad_length2
+          offset = (lp_class.abs_offset + lp_class.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb ADDED

@@ -0,0 +1,42 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      # This class represents a BaseRegEnumKey Response Packet as defined in
+      # [3.1.5.10 BaseRegEnumKey (Opnum 9)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/668627e9-e0eb-4ab1-911f-0af589beeac3)
+      class EnumKeyResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rrp_unicode_string  :lp_name
+        string              :pad1,     length: -> { pad_length1 }
+        prrp_unicode_string :lp_class, initial_value: 0
+        string              :pad2,     length: -> { pad_length2 }
+        ndr_lp_file_time    :lpft_last_write_time
+        uint32              :error_status
+        def initialize_instance
+          super
+          @opnum = REG_ENUM_KEY
+        end
+        # Determines the correct length for the padding in front of
+        # #lp_class. It should always force a 4-byte alignment.
+        def pad_length1
+          offset = (lp_name.abs_offset + lp_name.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+        # Determines the correct length for the padding in front of
+        # #lpft_last_write_time. It should always force a 4-byte alignment.
+        def pad_length2
+          offset = (lp_class.abs_offset + lp_class.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb ADDED

@@ -0,0 +1,39 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class RpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegEnumValue Request Packet as defined in
+      # [3.1.5.11 BaseRegEnumValue (Opnum 10)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/56e99ef3-05dc-4f24-bcf5-9cff00412945)
+      class EnumValueRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rpc_hkey           :hkey
+        uint32             :dw_index
+        rrp_unicode_string :lp_value_name
+        string             :pad, length: -> { pad_length }
+        ndr_lp_dword       :lp_type
+        ndr_lp_byte_array  :lp_data
+        ndr_lp_dword       :lpcb_data
+        ndr_lp_dword       :lpcb_len
+        def initialize_instance
+          super
+          @opnum = REG_ENUM_VALUE
+        end
+        # Determines the correct length for the padding in front of
+        # #lp_type. It should always force a 4-byte alignment.
+        def pad_length
+          offset = (lp_value_name.abs_offset + lp_value_name.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb ADDED

@@ -0,0 +1,36 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      # This class represents a BaseRegEnumValue Response Packet as defined in
+      # [3.1.5.11 BaseRegEnumValue (Opnum 10)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/56e99ef3-05dc-4f24-bcf5-9cff00412945)
+      class EnumValueResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rrp_unicode_string :lp_value_name
+        string             :pad, length: -> { pad_length }
+        ndr_lp_dword       :lp_type
+        ndr_lp_byte_array  :lp_data
+        ndr_lp_dword       :lpcb_data
+        ndr_lp_dword       :lpcb_len
+        uint32             :error_status
+        def initialize_instance
+          super
+          @opnum = REG_ENUM_VALUE
+        end
+        # Determines the correct length for the padding in front of
+        # #lp_type. It should always force a 4-byte alignment.
+        def pad_length
+          offset = (lp_value_name.abs_offset + lp_value_name.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb ADDED

@@ -0,0 +1,34 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class RpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegOpenKey Request Packet as defined in
+      # [3.1.5.15 BaseRegOpenKey (Opnum 15)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8cb48f55-19e1-4ea2-8d76-dd0f6934f0d9)
+      class OpenKeyRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        rpc_hkey           :hkey
+        rrp_unicode_string :lp_sub_key
+        string             :pad, length: -> { pad_length }
+        uint32             :dw_options
+        regsam             :sam_desired
+        def initialize_instance
+          super
+          @opnum = REG_OPEN_KEY
+        end
+        # Determines the correct length for the padding in front of
+        # #dw_options. It should always force a 4-byte alignment.
+        def pad_length
+          offset = (lp_sub_key.abs_offset + lp_sub_key.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb ADDED

@@ -0,0 +1,25 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class PrpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegOpenKey Response Packet as defined in
+      # [3.1.5.15 BaseRegOpenKey (Opnum 15)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8cb48f55-19e1-4ea2-8d76-dd0f6934f0d9)
+      class OpenKeyResponse < BinData::Record
+        attr_reader :opnum
+        endian    :little
+        prpc_hkey :phk_result
+        uint32    :error_status
+        def initialize_instance
+          super
+          @opnum = REG_OPEN_KEY
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb ADDED

@@ -0,0 +1,43 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      # This class represents a PREGISTRY_SERVER_NAME structure as defined in
+      # [2.2.2 PREGISTRY_SERVER_NAME](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8bcd15fd-1aa5-44e2-8662-112ec3e9817b)
+      class PRegistryServerName < Ndr::NdrPointer
+        endian :little
+        string16 :referent, onlyif: -> { self.referent_id != 0 }, read_length: -> { 4 }
+      end
+      # This class is a generic class that represents OpenXXX Request packet,
+      # used to open one of the root keys, as defined in:
+      # [3.1.5.1 OpenClassesRoot (Opnum 0)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/956a3052-6580-43ee-91aa-aaf61726149b)
+      # [3.1.5.2 OpenCurrentUser (Opnum 1)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/ec140ed9-4d00-4c03-a15c-c7245a497ed5)
+      # [3.1.5.3 OpenLocalMachine (Opnum 2)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/6cef29ae-21ba-423f-9158-05145ac80a5b)
+      # [3.1.5.4 OpenPerformanceData (Opnum 3)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/7b514c63-6cad-4fe1-9780-743959e377e6)
+      # [3.1.5.5 OpenUsers (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/694e57f4-da3e-4285-8b71-3181d71d6cd1)
+      # [3.1.5.25 OpenCurrentConfig (Opnum 27)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/160767d7-83cf-4718-a4f3-d864faee3bb1)
+      # [3.1.5.28 OpenPerformanceText (Opnum 32)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/44954f6d-ef2c-4ec1-a27d-32b9b87e3c8a)
+      # [3.1.5.29 OpenPerformanceNlsText (Opnum 33)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/3626fa8a-b20f-4243-bf85-cdb615ed2ca0)
+      # The structure is define by the value of the #opnum parameter
+      # e.g. (OpenLocalMachine):
+      #   OpenRootKeyRequest.new(opnum: RubySMB::Dcerpc::Winreg::OPEN_HKLM)
+      class OpenRootKeyRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        p_registry_server_name :p_registry_server_name
+        regsam                 :sam_desired
+        def initialize_instance
+          super
+          @opnum = get_parameter(:opnum) if has_parameter?(:opnum)
+          self.p_registry_server_name = :null
+          self.sam_desired.maximum = 1 unless [OPEN_HKPD, OPEN_HKPT, OPEN_HKPN].include?(@opnum)
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb ADDED

@@ -0,0 +1,35 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class PrpcHkey < Ndr::NdrContextHandle; end
+      # This class is a generic class that represents OpenXXX Response packet,
+      # used to open one of the root keys, as defined in:
+      # [3.1.5.1 OpenClassesRoot (Opnum 0)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/956a3052-6580-43ee-91aa-aaf61726149b)
+      # [3.1.5.2 OpenCurrentUser (Opnum 1)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/ec140ed9-4d00-4c03-a15c-c7245a497ed5)
+      # [3.1.5.3 OpenLocalMachine (Opnum 2)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/6cef29ae-21ba-423f-9158-05145ac80a5b)
+      # [3.1.5.4 OpenPerformanceData (Opnum 3)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/7b514c63-6cad-4fe1-9780-743959e377e6)
+      # [3.1.5.5 OpenUsers (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/694e57f4-da3e-4285-8b71-3181d71d6cd1)
+      # [3.1.5.25 OpenCurrentConfig (Opnum 27)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/160767d7-83cf-4718-a4f3-d864faee3bb1)
+      # [3.1.5.28 OpenPerformanceText (Opnum 32)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/44954f6d-ef2c-4ec1-a27d-32b9b87e3c8a)
+      # [3.1.5.29 OpenPerformanceNlsText (Opnum 33)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/3626fa8a-b20f-4243-bf85-cdb615ed2ca0)
+      # The structure is define by the value of the #opnum parameter
+      # e.g. (OpenLocalMachine):
+      #   OpenRootKeyResponse.new(opnum: RubySMB::Dcerpc::Winreg::OPEN_HKLM)
+      class OpenRootKeyResponse < BinData::Record
+        attr_reader :opnum
+        endian    :little
+        prpc_hkey :ph_key
+        uint32    :error_status
+        def initialize_instance
+          super
+          @opnum = get_parameter(:opnum) if has_parameter?(:opnum)
+        end
+      end
+    end
+  end
+end